ietf-smime
[Top] [All Lists]

Re: Countersignature Attribute

1998-09-15 20:14:03
Russ Housley <housley(_at_)spyrus(_dot_)com> writes:
 
A countersignature attribute can have multiple attribute values.  The syntax 
is defined as a SET OF AttributeValue, and there must be one or more 
instances of AttributeValue present.

The UnsignedAttributes syntax is defined as a SET OF Attributes.  The 
UnsignedAttributes in a signerInfo may include multiple instances of the 
countersignature attribute.
 
The problem with this is that it leads to ambiguous interpretations of how to 
encode the countersignature (one attribute, one or more values; multiple 
attributes, single value; multiple attributes, multiple values).  The nice 
thing about John's proposal (one attribute, one or more values) is that it's a 
canonical encoding - there's no way individual implementors can misinterpret 
it to produce something different from what everyone else is doing.  Given 
that countersignatures seem to be unused by anyone (or at least anyone who's 
replied so far), using John's more rigorous definition wouldn't seem to cause 
any problems.
 
Peter.
 


<Prev in Thread] Current Thread [Next in Thread>