ietf-smime
[Top] [All Lists]

Re: Countersignature within CMS

1998-06-25 01:25:04
At 18:58 24/06/98 +0100, you wrote:
William Ottaway wrote:


If a signer verifies the signature it is countersigning then everything is
fine and dandy. However, when I receive a countersignature I have no way of
knowing if the signature being signed has been checked first. Infact I
would expect that the entity applying the countersignature is more likely
not to check the signature over the original content because it doesn't
need to and may not be able to.


This is correct but there are cases where this is unncecessary: an
example is a time stamping authority. All a time stamping authority is
saying is that "at this time I produced this signature".

Fair enough.


There are several circumstances where this is important for example
archived messages signed with revoked certificates or copyright
disputes. I'll expand on this if it isn't clear.

A receiving agent would presumably regard the countersignature as
valueless is the original signature is either invalid or could not be
validated.

Utopia is where there is a global PKI where all signatures can be
validated. However, this will be unlikely due to the huge amount of public
keys which would need to be stored and maintained. A more likely scenario
is where a global PKI stores keys for countersigners. The counter signers
have the ability to validate originators signatures which fall in their
area. For example you could have a PKI for the IETF. People outside of the
IETF may not be able to validate signatures from IETF originators because
they don't have access to the appropriate information. However, their is a
countersigner (release authority) for the IETF who can and does validate
the signatures of IETF members and then countersigns the data. The
receipient can validate the countersigners signature because the
countersigner is in the global PKI. Since the countersigner MUST validate
the originators signature before countersigning the recipient can accept
the validity of the data when there is a valid countersigner signature.


Excerpt from last paragraph of section 11.4 in draft-ietf-smime-cms-05.txt

"The fact that a countersignature is computed on a signature value means
that the countersigning process need not know the original content input to
the signing process."

If the original content is not available then the signature being
countersigned can not be validated.


Not by the signer at least but as I said there are times when this
doesn't matter.

In this case the signature value being countersigned compactly
represents: some signed content, the signed attributes of that content
and the signers public key. Asking the relevant countersigning agent to
validate possibly huge quanties of data and signatures would not be
practicable in all circumstances.

True. But would have to if acting as a release authority.


There could, of course, be circumstances where the countersigning agent
would check the original content if it wanted to place some other value
on the counter signature. As in the case with signed messages in general
the value of the counter signature is dependent on the CA doing the
signing.

Steve.
-- 
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: via homepage.


Bill
_____________________________________________________________________
William Ottaway,             Tel: +44 (0)1684 894079
DERA Malvern,                Fax: +44 (0)1684 896113
St. Andrews Road,            email: 
w(_dot_)ottaway(_at_)eris(_dot_)dera(_dot_)gov(_dot_)uk
Malvern,
Worcs, WR14 3PS
UK


<Prev in Thread] Current Thread [Next in Thread>