[Top] [All Lists]

Re: Signed Label (was RE: 'Signature Purpose' attribute?)

1998-04-25 19:46:59
    This seems to have wound down, but not truly concluded.  While I agree with 
David that further discussion of the "multiple labels" question seems 
fruitless, I raised a slightly different point in my earlier posting which has 
gotten lost amongst the many salvos exchanged.

    In one of my earlier postings, I noted the scenario in which the originator 
includes either or both of an "information" or "system" security label.  If 
both labels are present, the information label will convey the "true" label of 
the content from the originator to the recipient.  The system label will convey 
the label of the content to be used for access control purposes.  In this case, 
both labels are provided simultaneously by the same signer, but convey a 
deliberately different semantic.

    I would like to come to a conclusion that has ESS describe how to provide 
this dual-marking.

    In my mind, it would be unnecessarily inefficient to convey each of these 
in a separate signerInfo elements since they are both generated by the same 
signer.  However, it would be reasonable to use a different attribute ID for 
the information label and simply exempt it from ACDF processing (which is 
semantically consistent anyway).  What I proposed in my original post was 
somewhat more efficient, but separate attributes would keep us off any slippery 



 |  International Electronic Communication Analysts, Inc.      |
 |  Christopher D. Bonatti                 9010 Edgepark Road  |
 |  Principal Engineer                 Vienna, Virginia 22182  |
 |  bonattic(_at_)ieca(_dot_)com   Tel: 301-212-9428   Fax: 703-506-8377  |