ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Countersignature Attribute

1998-09-14 15:01:59
from [John Pawling] [Permanent Link] 
All,

I agree with Russ that there are multiple interpretations of the original
PKCS#7 v1.5 text regarding Countersignature attributes:

1) There can be multiple Countersignature attributes present in a
signerInfo, but each Countersignature attribute can only contain a single
instance of the signerInfo syntax. 

2) There can only be one Countersignature attribute present in a signerInfo,
but that single Countersignature attribute can contain multiple instances of
the signerInfo syntax. 

3) There can be multiple Countersignature attributes present in a signerInfo
and each Countersignature attribute can contain multiple instances of the
signerInfo syntax. 

CMS definitely needs to be clarified regarding this issue.  It needs to
specify one of the above.  I will re-iterate Russ' request for input from
the S/MIME v2 vendors.  Did anybody implement countersignatures??  If so,
were there any implementors' agreements regarding this issue??  Will any of
these options break existing implementations??

================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com                             
J.G. Van Dyke & Associates, Inc.   
www.jgvandyke.com         
================================


Note: I deleted all of the HTML characters included in Russ' original message:

At 10:37 AM 8/28/98 -0400, Russ Housley wrote:

S/MIME Implementors:

See the comment from John Pawling below.

I agree that the text is not clear.  Looking back at the
original PKCS#7 v1.5 text, there is no insight to be found. So, I
would like to hear from implementors, especially S/MIME v2
implementors. How is this handled?
<
Another interpreation of the PKCS#7 v1.5 text is:

A countersignature attribute can have multiple attribute
values. The syntax is defined as a SET OF AttributeValue, and there
must be one or more instances of AttributeValue present.


The UnsignedAttributes syntax is defined as a SET OF
Attributes. The UnsignedAttributes in a signerInfo may include
multiple instances of the countersignature attribute.


Russ

At 10:39 AM 8/4/98 -0400, John Pawling wrote:

5) Sec 11.4, Countersignature: Please change as follows:

OLD: "A countersignature attribute can have multiple attribute values."

NEW: "The UnsignedAttributes syntax is defined as a SET OF Attributes.  
The UnsignedAttributes in a signerInfo MAY include multiple instances 
of the countersignature attribute.  The Attribute syntax defines 
attrValues as a SET OF AttributeValue.  A countersignature attribute 
MUST only include a single instance of AttributeValue. There MUST NOT 
be zero or multiple instances of AttributeValue present in the 
attrValues SET OF AttributeValue."
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ASN.1-SIZE floating, John Pawling
Next by Date:  Re: Countersignature Attribute, Peter Gutmann
Previous by Thread:  Countersignature Attribute, Russ Housley
Next by Thread:  Re: Countersignature Attribute, Peter Gutmann
Indexes:  [Date] [Thread] [Top] [All Lists]