ietf-smime
[Top] [All Lists]

Re: Signed Label (was RE: 'Signature Purpose' attribute?)

1998-03-27 06:56:33
John,

I included the following text in my comments to ESS-04 (which was originally
submitted by Jim Schaad).  I stand by this comment : 

9) Sec 3.1.2, Please add as 3rd para:  (This text was included in ESS-03,
but was mistakenly deleted from ESS-04.)

"Receiving agents SHOULD have a local policy regarding whether or not to
show the inner content of a signedData object that includes an
eSSSecurityLabel security-policy-identifier that the processing software
does not recognize.  If the receiving agent does not recognize the
eSSSecurityLabel security-policy-identifier value, then it SHOULD stop
processing the message and indicate an error."

Please note that this says SHOULD, not MUST.

================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com                             
J.G. Van Dyke & Associates, Inc.   
www.jgvandyke.com         
================================


At 09:08 AM 3/27/98 -0800, John Ross wrote:
John Pawling wrote:
...........an important point to note is that the recipient software makes
a separate access control decision for each signedData object..........

Question:
In your view, does this mean that if the recipinet does not understand the
policy id in the eSSSecuriltylabel that he may ignore the label in the
access control decision, even though he has verified the signature of the
signedData object to which it relateds?