ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ESS changes from the WG Meeting

1998-12-14 12:45:55
from [Jim Schaad (Exchange)] [Permanent Link] 
You are correct, my typo.

jim



-----Original Message-----
From: Francois Rousseau [mailto:f(_dot_)rousseau(_at_)adga(_dot_)ca]
Sent: Monday, December 14, 1998 11:45 AM
To: Jim Schaad (Exchange)
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: ESS changes from the WG Meeting


Jim,

I agree that it should read differently, however see minor 
change below:


Given the addition of SKI to SignerInfo, the following 

change should be made

in section 5.4 of ESS.

First pargraph after ASN is:

The first certificate identified in the sequence of 

certificate identifiers

MUST be the certificate used to verify the signature. The 

encoding of the

ESSCertID for this certificate SHOULD NOT include the 

issuerSerial because

the issuerAndSerialNumber is already present in the SignerInfo. The
certificate identified is used during the signature 

verification process. If

the hash of the certificate does not match the certificate 

used to verify

the signature, the signature MUST be considered invalid.

Paragraph should be:

The first certificate identified in the sequence of 

certificate identifiers

MUST be the certificate used to verify the signature.  The 

encoding of the

ESSCertID for this certificate SHOULD include the 

issuerSerial field.  If

other constraints ensure that issuerAndSerialNumber will be 

present in the

SignerInfo, ESSCertID MAY be omitted. The certificate 

identified is used

during the signature verification process. If the hash of 

the certificate

does not match the certificate used to verify the signature, 

the signature

MUST be considered invalid.


Should it not read as follow instead:

The first certificate identified in the sequence of 
certificate identifiers
MUST be the certificate used to verify the signature.  The 
encoding of the
ESSCertID for this certificate SHOULD include the 
issuerSerial field.  If
other constraints ensure that issuerAndSerialNumber will be 
present in the
SignerInfo, the issuerSerial field MAY be omitted. The certificate
identified is used during the signature verification process. 
If the hash
of the certificate does not match the certificate used to verify the
signature, the signature MUST be considered invalid.

Francois Rousseau
AEPOS Technologies
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ESS changes from the WG Meeting, Francois Rousseau
Next by Date:  RE: Comment on ESS-09, Jim Schaad (Exchange)
Previous by Thread:  Re: ESS changes from the WG Meeting, Francois Rousseau
Next by Thread:  DSS reference, Blake Ramsdell
Indexes:  [Date] [Thread] [Top] [All Lists]