ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Signed Label (was RE: 'Signature Purpose' attribute?)

1998-03-27 12:54:18
from [John Ross] [Permanent Link] 
What happens if a recipient receives a forwarded message that include a
security policy in the eSSSecurityLabel  that he/she in does not understand,
is that still an error?

I think the proposed text will mislead implementations to always discarding
the message if a security policy is unknown.  I do not think that is right.

All I think needs to be done is to leave such decisions to local policy;
Thus reword your text as..

"Receiving agents SHOULD have a local policy which specifies
what action is taken when an eSSSecurityLabel is received which
includes a security-policy-identifier that the processing software
does not recognize."


If think there is a need to specify default handling, then It should be to
ignore
security labels when the policy is not understood.

Also, I still think that the security policy should not be optional.



-----Original Message-----
From: John Pawling <jsp(_at_)jgvandyke(_dot_)com>
To: John Ross <ross(_at_)jgross(_dot_)demon(_dot_)co(_dot_)uk>; Bonatti, Chris 
<bonattic(_at_)ieca(_dot_)com>;
ietf-smime(_at_)imc(_dot_)org <ietf-smime(_at_)imc(_dot_)org>
Date: Friday, March 27, 1998 5:56 AM
Subject: Re: Signed Label (was RE: 'Signature Purpose' attribute?)



John,

I included the following text in my comments to ESS-04 (which was

originally

submitted by Jim Schaad).  I stand by this comment :

9) Sec 3.1.2, Please add as 3rd para:  (This text was included in ESS-03,
but was mistakenly deleted from ESS-04.)

"Receiving agents SHOULD have a local policy regarding whether or not to
show the inner content of a signedData object that includes an
eSSSecurityLabel security-policy-identifier that the processing software
does not recognize.  If the receiving agent does not recognize the
eSSSecurityLabel security-policy-identifier value, then it SHOULD stop
processing the message and indicate an error."

Please note that this says SHOULD, not MUST.

================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================


At 09:08 AM 3/27/98 -0800, John Ross wrote:

John Pawling wrote:
...........an important point to note is that the recipient software makes

a separate access control decision for each signedData object..........


Question:
In your view, does this mean that if the recipinet does not understand the
policy id in the eSSSecuriltylabel that he may ignore the label in the
access control decision, even though he has verified the signature of the
signedData object to which it relateds?
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: protected content, John Ross
Next by Date:  Re: Comment on ESS and Privacy Marks, John Ross
Previous by Thread:  Re: Signed Label (was RE: 'Signature Purpose' attribute?), John Pawling
Next by Thread:  Re: Signed Label (was RE: 'Signature Purpose' attribute?), Bonatti, Chris
Indexes:  [Date] [Thread] [Top] [All Lists]