[Top] [All Lists]

RE: Replay of CMS SignedData

1998-08-11 00:54:26
I very much agree with Eric on this issue.  This type of thing must be done
in a way which makes sense to the application.  This is especially true
since one can't rely on signing time as a correct value, it does not even
have the quality of a timestamp yet.


-----Original Message-----
From: EKR [mailto:ekr(_at_)terisa(_dot_)com]
Sent: Monday, August 10, 1998 10:09 PM
To: Russ Housley
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Replay of CMS SignedData

Russ Housley <housley(_at_)spyrus(_dot_)com> writes:
Unless an application making use of SignedData includes a specifically
formatted field that includes replay prevention, any application protocol
using SignedData will be open to replay.

The CMS specification can reamin silent on this issue, or we can recommend
a simple patch.  Why not recommend that the signing time attribute always
be used?

When no authenticated atributes are included, this solution will not help.
In this case, the best we can do is a paragraph in the security
considerations section.


I'd rather the spec remain silent on this issue.

Timestamps aren't a very good fix for replay prevention.
Applications which desire replay prevention should carefully
consider what it is they are trying to accomplish and 
design accordingly. 


[Eric Rescorla                             Terisa Systems, Inc.]
                "Put it in the top slot."

<Prev in Thread] Current Thread [Next in Thread>