ietf-smime
[Top] [All Lists]

Proposed new attribute for CMS: AdditionalRevInfo

1998-08-29 14:27:22
Greetings. Those of you at the IETF meeting this week may remember my
two-minute blurt near the end of the meeting about a new attribute I am
proposing to the CMS draft. In discussions after the meeting, I've gotten
some clarity, and the following is my proposal.

Note that we're waiting for the next rev of the draft for the next few
weeks anyway while Russ works on the Diffie-Hellman patent hell. If we
agree on this proposal before then, the section can go in before the WG
last call on CMS.

11.6 Additional Revocation Information

The AdditionalRevInfo attribute carries revocation status information from
the message creator to the recipient. This attribute augments the crls
field of the SignedData type. The purpose of this attribute is to let the
message creator include non-CRL revocation status information in a message
in case the recipient of the message cannot (or does not want to) get the
status information when validating the signature, such as if the recipient
is not online and no usable CRLs were included in the SignedData.

The following object identifier identifies the AdditionalRevInfo attribute:

   id-addlrevinfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
          us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 12 }

AdditionalRevInfo attributes have ASN.1 type AdditionalRevInfo:

   AdditionalRevInfo ::= SET OF AdditionalRevInfos

   AdditionalRevInfos ::= SEQUENCE {
      AddlRevType    OBJECT IDENTIFIER,
      AddlRevValue   OCTET STRING }

Currently, the only type of additional revocation information defined is an
OCSP response message [OCSP]. Its object identifier is:

   id-ocsp-resp OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
      dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-ad(48)
      id-ad-ocsp(1) }

As other revocation information systems are designed, they may be used
in the AdditionalRevInfo attribute.

[OCSP] Housley, R. et. al., Internet X.509 Public Key Infrastructure
Certificate and CRL Profile, draft-ietf-pkix-ipki-part1.



--Paul Hoffman, Director
--Internet Mail Consortium

<Prev in Thread] Current Thread [Next in Thread>
  • Proposed new attribute for CMS: AdditionalRevInfo, Paul Hoffman / IMC <=