ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: WG LAST CALL for ESS, MSG and CERT

1998-06-15 08:08:09
from [David P. Kemp] [Permanent Link] 
From: Paul Hoffman / IMC <phoffman(_at_)imc(_dot_)org>



 From: dpk

In cases where no other means of identifying the protection content
type is available (as is the case with S/MIME), ContentInfo is used to
identify the type of outer content.  However, when CMS is used inside a
layered protocol (such as X.411), the enclosing protocol will include a
content type identifier as part of it's own syntax, and the
encapsulated content would be a SignedData, EnvelopedData, ... item,
not a ContentInfo item.


That could be true, but doing so would certainly hurt interchangability of
data with S/MIME. If the WG wants to go with this change, I would still
like to see a sentence or two in the CMS draft saying that S/MIME requires
a ContentInfo and other specs that want to not use ContentInfo should think
twice.


Actually, these changes were motivated by a specific messaging
environment which has a requirement for signature interoperability with
S/MIME, and the lack of an enclosing ContentInfo has no effect on
interoperability.

It is important to remember that if a message is not in S/MIME format,
then it must be passed through a translation step before being usable
by S/MIME software - there's no way around that.   The data in an X.411
(for example) message must be twiddled around in order to make it
compliant with the S/MIME MSG specification and usable by S/MIME
software.  That twiddling must of course include stuffing a protection
type such as SignedData into a ContentInfo structure as one small step
- other necessary steps include moving certificates into the proper
location, MIME C-T-E processing, etc.

However, there is no more reason to require the X.411 message itself to
include a ContentInfo structure than there is to require the X.411
message to have a application/pkcs7-mime MIME header.  The requirement
doesn't make architectural sense.  The only real requirement applicable
to X.411 User Agents is for signatures to be computed in accordance with
CMS procedures, and placed in some location where they can be found by the
X.411-to-S/MIME translator.  CMS must mandate how data is signed
and enciphered, but it should not mandate that the results be encoded
in any specific format.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: WG LAST CALL for ESS, MSG and CERT, Paul Hoffman / IMC
Next by Date:  Do CMS implementations allows Parallel Signer Infos from more than one signer?, Tim Dean
Previous by Thread:  Re: WG LAST CALL for ESS, MSG and CERT, Russ Housley
Next by Thread:  Comments on certificate handling draft, Curtin, William
Indexes:  [Date] [Thread] [Top] [All Lists]