Sean Turner wrote:
There is an attribute (supportAlgorithms) defined in the ASN.1 module, but
it's not referenced in the specification in anyway. The attribute was
include, I believe, so that it could be put in a directory not carried in a
certificate (somebody tell me if I'm wrong), presumably in the
subjectDirectoryAttributes extension.
I think that's part of the problem here. If such a thing is well
defined, authenticated (i.e. signed by the user) and can be updated
unambiguously (possibly in the face of conflicting SMIMECapabilities)
then yes it would be OK.
It is tempting though to just adopt something identical (or nearly so)
to the concept of retrieving S/MIME supported algorithms via
SMIMECapabilities in a signed message (which is well defined). This
could be fairly painlessly supported: as opposed to essentially
representing the same thing in two different ways.
Maybe I'm not on the same wavelength, but I thought the user would >need to
know in advance of sending a message what algorithms the >recipient supports
for signature verification and encryption purposes.
Yes: other than the "must" algorithms but since v2 and v3 are mutually
exclusive in some senses even this is no guarantee.
Or is the query directed at the directory? If the query is aimed at >the
directory, I think it's already supported, the only thing left to >determine
is what information should be in the directory to retrieve >the right
certificate.
Can someone give some info on where this is defined? I can see mention
of certificates but no mention of supported algorithms or specifically
S/MIME supported algorithms (which may well differ from supported
algorithms for other purposes).
As mentioned in my previous message "directory" should ideally not just
mean LDAP but also a method of including S/MIME certificates and
algorithms via ftp or http. The "dummy message" painlessly supports
this, only requiring a MIME type or extension (or minor additions to an
existing type).
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: via homepage.