Re 2.6.1:
- If the receiving agent has not yet created a list of capabilities
for the sender's public key, then, after verifying the signature
on the incoming message and checking the timestamp, the receiving
agent SHOULD create a new list containing at least the signing
time and the symmetric capabilities.
- If such a list already exists, the receiving agent SHOULD verify
that the signing time in the incoming message is greater than
the signing time stored in the list and that the signature is
valid. If so, the receiving agent SHOULD update both the signing
time and capabilities in the list. Values of the signing time that
lie far in the future (that is, a greater discrepancy than any
reasonable clock skew), or a capabilities list in messages whose
signature could not be verified, MUST NOT be accepted.
Does the MUST NOT comment apply to both cases or just the last? It
appears to just refer to the latter in which case the action to be taken
when no list of capabilities exists and bad timestamp or signature is
not covered.
Secondly the "signature". Does this (if signed attributes are present)
refer to the whole message signature? That is, messageDigest matches
digest of message and signature on signed attributes valid. The
condition could be weakened to just signature of signed attributes valid
(messageDigest could differ due to message corruption). This would not
involve loss of security since the attribute signature is still valid.
As an alternative I would suggest that the list of capabilites MUST NOT
be updated if either the timestamp or signed attribute signature is
invalid but if just the messageDigest is invalid the list MAY (or even
SHOULD) be updated.
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: via homepage.