You are correct, my typo.
jim
-----Original Message-----
From: Francois Rousseau [mailto:f(_dot_)rousseau(_at_)adga(_dot_)ca]
Sent: Monday, December 14, 1998 11:45 AM
To: Jim Schaad (Exchange)
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: ESS changes from the WG Meeting
Jim,
I agree that it should read differently, however see minor
change below:
Given the addition of SKI to SignerInfo, the following
change should be made
in section 5.4 of ESS.
First pargraph after ASN is:
The first certificate identified in the sequence of
certificate identifiers
MUST be the certificate used to verify the signature. The
encoding of the
ESSCertID for this certificate SHOULD NOT include the
issuerSerial because
the issuerAndSerialNumber is already present in the SignerInfo. The
certificate identified is used during the signature
verification process. If
the hash of the certificate does not match the certificate
used to verify
the signature, the signature MUST be considered invalid.
Paragraph should be:
The first certificate identified in the sequence of
certificate identifiers
MUST be the certificate used to verify the signature. The
encoding of the
ESSCertID for this certificate SHOULD include the
issuerSerial field. If
other constraints ensure that issuerAndSerialNumber will be
present in the
SignerInfo, ESSCertID MAY be omitted. The certificate
identified is used
during the signature verification process. If the hash of
the certificate
does not match the certificate used to verify the signature,
the signature
MUST be considered invalid.
Should it not read as follow instead:
The first certificate identified in the sequence of
certificate identifiers
MUST be the certificate used to verify the signature. The
encoding of the
ESSCertID for this certificate SHOULD include the
issuerSerial field. If
other constraints ensure that issuerAndSerialNumber will be
present in the
SignerInfo, the issuerSerial field MAY be omitted. The certificate
identified is used during the signature verification process.
If the hash
of the certificate does not match the certificate used to verify the
signature, the signature MUST be considered invalid.
Francois Rousseau
AEPOS Technologies