ietf-smime
[Top] [All Lists]

ESS-05 Comments

1998-04-27 15:38:12
All,

I believe that Paul has done a masterful job of incorporating the comments
into ESS-05 (11 April 98) upon which the group has reached concurrence.  I
have a few comments:

1) Sec 1.3.4: The table indicates that the signingCertificate attribute will
be defined in CMS.  Is this still true??  

2) Sec 1.3.4: Please add the following text after the table:

"CMS defines authenticatedAttributes as a SET OF AuthAttribute and defines
unAuthenticatedAttributes as a SET OF UnauthAttribute.  ESS defines the
contentHints, contentIdentifier, eSSecurityLabel, msgSigDigest,
mlExpansionHistory and receiptRequest attribute types.  A signerInfo MUST
NOT include multiple instances of any of the attribute types defined in ESS.
Later sections of ESS specify further restrictions that apply to the
receiptRequest, mlExpansionHistory and eSSecurityLabel attribute types.

CMS defines the ASN.1 syntax for the authenticated and unauthenticated
attributes to include attrValues SET OF AttributeValue.  For all of the
attribute types defined in ESS, if the attribute type is present in a
signerInfo, then it MUST only include a single instance of AttributeValue.
In other words, there MUST NOT be zero or multiple instances of
AttributeValue present in the attrValues SET OF AttributeValue."


3) Sec 4.1, last para, 2nd and 3rd sentences:  Please make the following
minor wordsmithing changes to clarify the intent of the statements:

OLD: "If a SignedData object has more than one SignerInfo that has an
mlExpansionHistory attribute, the recipient MUST compare the
mlExpansionHistory attributes in all the SignerInfos, and MUST NOT process
the mlExpansionHistory attribute unless every mlExpansionHistory attribute
in the SignedData block is identical. If the mlExpansionHistory attributes
in the signerInfos are not all identical, then the receiving agent MUST stop
processing the message and SHOULD notify the user or MLA administrator of
this error condition."


NEW: "If a SignedData object has more than one SignerInfo that has an
mlExpansionHistory attribute, the recipient MUST compare the
mlExpansionHistory attributes in all the SignerInfos that it has verified,
and MUST NOT process the mlExpansionHistory attribute unless every verified
mlExpansionHistory attribute in the SignedData block is identical. If the
mlExpansionHistory attributes in the verified signerInfos are not all
identical, then the receiving agent MUST stop processing the message and
SHOULD notify the user or MLA administrator of this error condition."


4) ASN.1 Module: The UTF8String definition needs to be moved so that it
follows the IMPORTS section. 

================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com                             
J.G. Van Dyke & Associates, Inc.   
www.jgvandyke.com         
================================


<Prev in Thread] Current Thread [Next in Thread>
  • ESS-05 Comments, John Pawling <=