ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Countersignature Attribute

1998-09-18 07:51:27
from [Tim Dean] [Permanent Link] 
Steve et al,


Maybe something more explicit could be included? For example an
additional signed attribute in the countersignature to indicate that the
original content had been examined?


You are right: the decision of whether or not to check signatures on 
countersigning obviously depends on the reason for adding the countersignature. 
 Therefore, I support your suggestion.  One possibility would be to move the 
signature type attribute definition from draft-ietf-smime-domsec-00.txt into 
CMS.  Some additional text would be needed in CMS which says that for each 
value of this attribute, it must be stated whether or not the original 
signature was checked.

Thoughts?

____________________________________
Tim Dean
DERA
E-mail: t(_dot_)dean(_at_)eris(_dot_)dera(_dot_)gov(_dot_)uk
Web: http://www.dera.gov.uk/
____________________________________


----------
From:   Russ Housley[SMTP:housley(_at_)spyrus(_dot_)com]
Sent:   Friday, September 18, 1998 1:32 AM
To:     Dr Stephen Henson
Cc:     ietf-smime(_at_)imc(_dot_)org
Subject:        Re: Countersignature Attribute

Steve:

How do you know that the signature value being counter-signed has anything
to do with the content if you skip this step?

I agree that the signer cert path does not need to be validated to ensure
that the appropraite binding...

Russ

At 10:55 PM 9/15/98 +0100, Dr Stephen Henson wrote:

Russ Housley wrote:


     The fact that a countersignature is computed on a signature value
     means that the countersigning process need not know the original
     content input to the signing process.  This might have efficiency
     advantages, but it also has security disadvantages.  Therefore,
     countersigners must validate the signature value prior to signing
     it.  This validation requires processing of the original content.



I respectfully disagree that it should be made mandatory for a
countersigner to process the original content. IMHO it should depend on
the purpose of the countersignature which is itself related to the
policy of the signing authority.

In particular take the example of a trusted timestamp. The purpose of
such a countersignature is simply to state that a a given signature
existed at a given time. It says absolutely nothing about the content
being signed. It has a definite and valuable purpose for nonrepudiation.

It can for example show that a document was signed during the validity
period of the signer's certificate and is thus useful fot archiving
purposes and others related to software publishing.

In for example a large and confidential document a client would simply
pass its digital signature to the timestamper. If the content needs to
be analysed then large amounts of possibly confidential data would need
to be passed to the timestamper. This is undesirable both in terms of
security and increased load on the countersigner.

Of course if the countersignature is to have some additional value then
having access to the content does become important.

Steve.
--
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)drh-consultancy(_dot_)demon(_dot_)co(_dot_)uk
PGP key: via homepage.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Proposed CMS security considerations re PKCS #1, Linn, John
Next by Date:  Re: Encrypting RFC822 headers in S/MIME or PGP/MIME messages, Steve Hole
Previous by Thread:  RE: Countersignature Attribute, Jim Schaad (Exchange)
Next by Thread:  AuthenticatedData in CMS, Trevor Sosebee
Indexes:  [Date] [Thread] [Top] [All Lists]