Tim,
I agree with your most recent message. I didn't agree with the implication
of your earlier messages that differing ESSSecurityLabels attributes could
be included in a single signedData object.
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================
At 12:56 PM 3/25/98 -0000, Tim Dean wrote:
John,
Your requirements can be met by nesting signedData layers. The original
signer can include her eSSSecurityLabel in the original, inner signedData
layer. The intermediate entity can include its eSSSecurityLabel in an outer
signedData layer that encapsulates the original, inner signedData layer.
What you describe here is exactly what we need. Some intermediate entity
adds a signed label to an
originator's message by encapsulating it in a signedData. (The label could
be derived from reviewing the
text, or based on some parameter in my current environment, or whatever.
It could even encrypt the
original and slap an 'unclassified' label on it.) However, that
intermediate entity doesn't want the recipient
or anyone else to be confused into thinking she originated the message. So
she uses sig purpose
'contentReviewer' to indicate this. Nothing I've read in ESS or in Dave
K's original text seems to conflict
with this model. Where are we not 'synching' here?
Tim
-----------------------------------------------
Tim Dean
Defence Evaluation & Research Agency
Malvern
United Kingdom
telephone: +44-1684-894239
facsimile: +44-1684-896113
e-mail: t(_dot_)dean(_at_)eris(_dot_)dera(_dot_)gov(_dot_)uk
----------------------------------------------------