SignerInfo Change

Blake:

At the face-to-face S/MIME working group session, the group decided to make a chane to SignerInfo. Since you were not at the meeting, I am sending it to you to make a corresponging change in the MSG document.

Below is the updates section 5.3. The old issuerAndSerialNumber is replaced with sid. The MSG document must be updated to say: S/MIME v3 requires the use of SignerInfo version 1, that is the issuerAndSerialNumber CHOICE must be used for SignerIdentifier.

Please post the updated MSG document ASAP. I would like to progress to IETF Last Call before Christmas.

Russ

= = = = = = = = = =

5.3 SignerInfo Type

Per-signer information is represented in the type SignerInfo:

SignerInfo ::= SEQUENCE {

version CMSVersion,

sid SignerIdentifier,

digestAlgorithm DigestAlgorithmIdentifier,

signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,

signatureAlgorithm SignatureAlgorithmIdentifier,

signature SignatureValue,

unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }

SignerIdentifier ::= CHOICE {

issuerAndSerialNumber IssuerAndSerialNumber,

subjectKeyIdentifier [0] SubjectKeyIdentifier }

SignedAttributes ::= SET SIZE (1..MAX) OF Attribute

UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute

Attribute ::= SEQUENCE {

attrType OBJECT IDENTIFIER,

attrValues SET OF AttributeValue }

AttributeValue ::= ANY

SignatureValue ::= OCTET STRING

The fields of type SignerInfo have the following meanings:

version is the syntax version number. If the SignerIdentifier is the CHOICE issuerAndSerialNumber, then the version shall be 1. If the SignerIdentifier is subjectKeyIdentifier, then the version shall be 3.

sid specifies the signer's certificate (and thereby the signer's public key). The signer's public key is needed by the recipient to validate the signature. SignerIdentifier provides two alternatives for specifying the signer's public key. The issuerAndSerialNumber alternative identifies the signer's certificate by the issuer's distinguished name and the certificate serial number; the subjectKeyIdentifier identifies the signer's certificate by the X.509 subjectKeyIdentifier extension value.

digestAlgorithm identifies the message digest algorithm, and any associated parameters, used by the signer. The message digest is computed on either the content being signed or the content together with the signed attributes using the process described in section 5.4. The message digest algorithm should be among those listed in the digestAlgorithms field of the associated SignerData.

signedAttributes is a collection of attributes that are signed. The field is optional, but it must be present if the content type of the EncapsulatedContentInfo value being signed is not id-data. Each SignedAttribute in the SET must be DER encoded. Useful attribute types, such as signing time, are defined in Section 11. If the field is present, it must contain, at a minimum, the following two attributes:

A content-type attribute having as its value the content type of the EncapsulatedContentInfo value being signed. Section 11.1 defines the content-type attribute. The content-type attribute is not required when used as part of a countersignature unsigned attribute as defined in section 11.4.

A message-digest attribute, having as its value the message digest of the content. Section 11.2 defines the message-digest attribute.

signatureAlgorithm identifies the signature algorithm, and any associated parameters, used by the signer to generate the digital signature.

signature is the result of digital signature generation, using the message digest and the signer's private key.

unsignedAttributes is a collection of attributes that are not signed. The field is optional. Useful attribute types, such as countersignatures, are defined in Section 11.

The fields of type SignedAttribute and UnsignedAttribute have the following meanings:

attrType indicates the type of attribute. It is an object identifier.

attrValues is a set of values that comprise the attribute. The type of each value in the set can be determined uniquely by attrType.