ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

security label

1998-03-29 03:08:41
from [John Ross] [Permanent Link] 
As per pevious comments on compatiblity between X.411 security label and the
eSSScecurityLable, I think the following would offer more compatibility and
allow for the extended character set:

eSSSecurityLable::= Choice{
    x411-security-label  Security label,
    version2-security-label Version2Securitylabel}

SecurityLabel ::= SET {
 security-policy-identifier SecurityPolicyIdentifier OPTIONAL,
 security-classification SecurityClassification OPTIONAL,
 privacy-mark PrivacyMark OPTIONAL,
 security-categories SecurityCategories OPTIONAL }

Version2SecurityLabel ::= SET {
 security-policy-identifier SecurityPolicyIdentifier,
 security-classification SecurityClassification OPTIONAL,
 privacy-mark  ExtendedPrivacyMark OPTIONAL,
 security-categories SecurityCategories OPTIONAL }

ExtendedPrivacyMark ::= UTC-8 STRING.


Then rules can be specified, that mandate the X.411 label is generated
unless the extended character set is required, then version 2 security label
shall be generated.

The above should mean that any signature that signs over the x.411 label
will operate end to end even if it has to cross a gateway between  a domian
that only suppports the X.411 securty label and a domain that supportes both
the X.411 and version2 labels.

I also think that maintains structual compatibility between the X.411 and
version2 signatures.

Any comments?

John Ross
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • security label, John Ross <=
Previous by Date:  Questions about PKCS #10 and cert extensions, Peter Gutmann
Next by Date:  Triple-DES Key Wrapping, Russ Housley
Previous by Thread:  Questions about PKCS #10 and cert extensions, Peter Gutmann
Next by Thread:  Triple-DES Key Wrapping, Russ Housley
Indexes:  [Date] [Thread] [Top] [All Lists]