Jim Schaad (Exchange) wrote:
Steve,
I put the wording in on the matching so that I could do something along the
lines of I use this certificate for signing and it contains my email name.
The certificate I want to use for encrytion does not have my email address.
Since I had done a "match" and it was signed by the matching certificate
then it seems to me that I should be able to accept the lack of match on the
encryption certificate.
I can understand what you are saying about always wanting to check this,
however I don't think this should be disallowed. Do you really think this
is a big problem?
What I meant was that the encryption certificate should be verified in
the sense of checking its signature chain to a trusted root. I don't see
any reason why the email address on the encryption certificate should
match the intended recipient.
My primary concern is avoiding a possible substitution attack because
SMimeEncryptionKeyPreference contains potentially forgeable information.
If the encryption certificate is not verified, a bogus version could be
substituted and a "man in the middle" attack performed.
If SMIMEEncryptionKeyPreference had a "hash of certificate" alternative
no verification would be needed at all. Indeed under those circumstances
the encryption certificate need not be from a trusted authority or
indeed any authority at all. Alas not possible at present...
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: via homepage.