ietf-smime
[Top] [All Lists]

Re: The big picture in eSSSecurityLabels

1998-04-15 00:46:44
John,

As long as the text makes it clear that  the wrapped label may be different
from the inner label and that access control is a local issue, I think this
end the debate on not mandating that security labels at the various wrapping
levels need to be the same.

There is a separate debate about  applying counter signatures at the same
signeddata level and applying wrapping signatures. but that is a separate
issue.
-----Original Message-----
From: John Pawling <jsp(_at_)jgvandyke(_dot_)com>
To: John Ross <ross(_at_)jgross(_dot_)demon(_dot_)co(_dot_)uk>; 
ietf-smime(_at_)imc(_dot_)org
<ietf-smime(_at_)imc(_dot_)org>; Paul Hoffman / IMC 
<phoffman(_at_)imc(_dot_)org>
Date: Tuesday, April 14, 1998 1:20 PM
Subject: Re: The big picture in eSSSecurityLabels


John,

The ESS I-D eSSSecurityLabels can be different in the inner and outer
signedData layers.


Also, as the ESS text is now, my understanding is that the originators
security label
is mandated

The inclusion of an eSSSecurityLabel is optional.


and must be part of the recipients access control
rules even it the label has no semantics in the receiving domain.

ESS does not mandate what action is taken when an access control error
occurs.  That is a matter of local policy.

Those are the two issue I am arguing against.

JR





<Prev in Thread] Current Thread [Next in Thread>