ietf-smime
[Top] [All Lists]

Re: Comment on ESS and Privacy Marks

1998-03-27 21:15:43
John Ross wrote:

But I disagree when you imply that a signed security label can be changed
when passes through a gateway,  the aim is for as much interoperability as
possible, so the signatures of data objects which are not translated by
gateways can be applied end to end.  In that case the security label cannot
be translated.

    I agree with this observation.  John Pawling's comments (too many John's 
:-) seem to assume that any outside system would necessarily strip off the CMS 
signature.  At least one design that I know of preserves the CMS signature 
value, and embeds it in their native protocols.  Since the CMS signature is 
used later, modifying the security label at the gateway is not an option.  
However, components that are not CMS-aware will still be looking for the legacy 
label.

    If we expect that S/MIME will be a common exchange standard for digital 
signatures, we have to expect that our structures are going to be pulled into 
other systems.

Chris





<Prev in Thread] Current Thread [Next in Thread>