ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SignerInfo Change

1998-12-18 04:04:34
from [Darren Harter] [Permanent Link] 
Russ,

Thanks for the clarification on the reason why it was added.  I believe we 
still have scope for extending this to a more useable form and bundling the 
changes together.

My developers complained like hell when they first encountered 
IssuerAndSerialNumber as it's a complete nightmare when working with 
subjectName based repositories.  Using SubjectAndKeyIdentifier would allow very 
easy location of certs whether they were in the received SignedData or not.

Regards,

Darren

-------------------------------------------------------------
Darren Harter BSc Hons MBCS CEng
CASM Technical Architect
CASM Programme Office
CESG
Work: dharter(_at_)cesg(_dot_)gov(_dot_)uk
Home: Darren(_dot_)Harter(_at_)bcs(_dot_)org(_dot_)uk


Russ Housley <housley(_at_)spyrus(_dot_)com> 12/16/98 06:50pm >>>

Darren:

The reasonf or the chane is CMC support.  In this case, the signer does not
have a certificate yet.  The point of the message is a certificate request.
 So, the signer does not have a issuer/serial number pair.  This change
lets CMC use the SignerInfo.

The reason for the MSG document change is to mangate the use of a
issuer/serial number pair with S/MIME v3.

Russ


At 04:35 PM 12/10/98 +0000, Darren Harter wrote:

Russ,

Sorry if this is a no brainer.  I couldn't make the meeting this time, so 
what I'm about to ask may have come up in discussion in the WG session.  As 
we've taken this opportunity to modify SignerInfo, would it not be a good 
time to add a field that may  simplify the identification of the signer's 
certificate even more.

First of all let me confirm that I think it is good that the 
subjectKeyIdentifier has been added.  My concern is that I'm going to have 
to do a lot of work to find such a certificate in a simple repository that 
doesn't have good matching rule support.

I propose that we instead have the following structure:

SignerIdentifier ::= CHOICE {
  issuerAndSerialNumber IssuerAndSerialNumber,
  subjectKeyIdentifier [0] SubjectKeyIdentifier,
  subjectAndKeyIdentifier [1] SubjectAndKeyIdentifier }

where,

SubjectAndKeyIdentifer ::= SEQUENCE {
  subjectName Name,
  subjectKeyIdentifier [0] SubjectKeyIdentifier OPTIONAL }

This will allow simple subject name look-up should an application wish to do 
that.  Your proposed words for the MSG spec would still stand unaltered.

Regards,

Darren

-------------------------------------------------------------
Darren Harter BSc Hons MBCS CEng
CASM Technical Architect
CASM Programme Office
CESG
Work: dharter(_at_)cesg(_dot_)gov(_dot_)uk 
Home: Darren(_dot_)Harter(_at_)bcs(_dot_)org(_dot_)uk
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Comment on CERTDIST-02, Francois Rousseau
Next by Date:  Signed Receipts, Darren Harter
Previous by Thread:  Re: SignerInfo Change, Russ Housley
Next by Thread:  Re: SignerInfo Change, Russ Housley
Indexes:  [Date] [Thread] [Top] [All Lists]