ietf-smime
[Top] [All Lists]

RE: cert-03 - signature validation failure

1998-04-09 16:09:54
On Tuesday, April 07, 1998 9:47 AM, Elliott Ginsburg
[SMTP:ginsburg(_at_)mitre(_dot_)org] wrote:

I want to propose a change to how signature validation failure is
handled. In
the current draft, it essentially says that the user agent must do
something
when signature validation fails, but what it does is up to the
implementation.
I don't think it is acceptable to leave this decision unspecified;
here
is
some
of my rationale:

This is an interesting point, and I think that the validation failures
can be summarized as follows:

1. Processing the signature requires that the signing certificate be
used to unprotect a protected hash.  If the hash cannot be unprotected
with that certificate, or the unprotected hash does not match the
received message hash, these are unique error conditions.

2. Creating the certificate chain for the purpose of determining the
suitability of a certificate to validate a signature can fail at a
number of points.  These are unique error conditions.

3. If the certificate violates some other rules of the -cert draft,
these are unique error conditions.

However, I don't know how specific we can get as to what these error
conditions are, and whether they will evolve as PKIX evolves.  It seems
that the errors that relate to the certificate chaining would belong in
PKIX.  The remaining errors (regarding failure to unprotect the hash or
failure on hash comparison) should be in -msg.  As you point out, most
of these need to be identified and listed.

I think that the listing of these errors is useful, but I think that the
PKIX ones (dealing with certificate chaining, CRL checking, etc.) should
be in PKIX, and the ones specific to S/MIME should be in S/MIME.  Even
having a list without actions to be taken could be useful.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060