ietf-smime
[Top] [All Lists]

Re: I-D ACTION:draft-ietf-smime-ess-09.txt

1998-10-21 13:11:44
In a previous message I have suggested the addition of a
"counterSignatureScope" attribute in ESS to explicitly indicate whether or
not the countersigning process has validated the original content. This new
attribute could address concerns raised by various people under this
mailing list. Dr. Steve Henson has even proposed some minor
modifications/expansions to this counterSignatureScope attribute to make it
more precise.

Further to my original message and to address another non-repudiation
concern, I would also like to see if there is an interest in generalizing
such an attribute in order to also effectively define the scope of a
standard digital signature. 

It is my understanding that under the German digital signature law, before
a private key can be used to digitally sign something, every usage of the
key requires a new card holder verification. To accommodate this
requirement there is currently a plan for extending PKCS#11 with new
functions and a new attribute. The intention is that a PIN would be needed
each time the private key is being used. However, for reliable
non-repudiation, there are no means to indicate that such a verification of
the PIN was performed under the current signed data syntax of CMS. The
counterSignatureScope attribute could be generalized/expanded in a
"signatureScope" attribute to also address this scenario and possibly others.

Any thoughts?

Francois Rousseau
AEPOS Technologies

<Prev in Thread] Current Thread [Next in Thread>