Russ Housley <housley(_at_)spyrus(_dot_)com> writes:
Unless an application making use of SignedData includes a specifically
formatted field that includes replay prevention, any application protocol
using SignedData will be open to replay.
The CMS specification can reamin silent on this issue, or we can recommend
a simple patch. Why not recommend that the signing time attribute always
be used?
When no authenticated atributes are included, this solution will not help.
In this case, the best we can do is a paragraph in the security
considerations section.
Thoughts?
I'd rather the spec remain silent on this issue.
Timestamps aren't a very good fix for replay prevention.
Applications which desire replay prevention should carefully
consider what it is they are trying to accomplish and
design accordingly.
-Ekr
--
[Eric Rescorla Terisa Systems, Inc.]
"Put it in the top slot."