[Top] [All Lists]

Re: The big picture in eSSSecurityLabels

1998-04-15 00:31:48

As long as the text makes it clear that  the wrapped label may be different
form the inner label and that access control is a local issue, I think this
end the dabate on matching security lables.

There is a seperate debate about  applying counter signatures at the same
signeddata level and applying wrapping signatures. but that is a seperate
-----Original Message-----
From: John Pawling <jsp(_at_)jgvandyke(_dot_)com>
To: John Ross <ross(_at_)jgross(_dot_)demon(_dot_)co(_dot_)uk>; 
<ietf-smime(_at_)imc(_dot_)org>; Paul Hoffman / IMC 
Date: Tuesday, April 14, 1998 1:20 PM
Subject: Re: The big picture in eSSSecurityLabels


The ESS I-D eSSSecurityLabels can be different in the inner and outer
signedData layers.

Also, as the ESS text is now, my understanding is that the originators
security label
is mandated

The inclusion of an eSSSecurityLabel is optional.

and must be part of the recipients access control
rules even it the label has no semantics in the receiving domain.

ESS does not mandate what action is taken when an access control error
occurs.  That is a matter of local policy.

Those are the two issue I am arguing against.