I'm curious to know whether anyone tried the test case, either with S/MIME v2
or v3 code.
Any takers?
Bob
<BJUENEMAN(_at_)novell(_dot_)com> 08/20/99 05:45PM >>>
This is an interesting S/MIME test case. Since our GroupWise S/MIME beta
software had some difficulty handling it, I'll describe it.
The attachment (yes, there is an attachment to this signed message, just in
case there doesn't appear to be), is a result of a signed message in cleartext
form that I originally sent to the PKIX list. Tom Gundin replied, but his
reply included my entire original message, including my .vcf file, my
certificates, and the associated signature, and hence it appears that the
message was signed by me. However, since he had modified it when replying, the
signature doesn't verify.
If signature checking gets carried away, it may reject this outer message as
invalid, when in fact it should be valid (I think). The fact that the
apparently signed attachment is invalid should not cause the outer signed
message to be invalidated -- only the attachment.
I'd be curious to know how different software packages handle this case, both
S/MIME V2 and V3.
Bob
Robert R. Jueneman
Security Architect
Network Security Development
Novell, Inc.
122 East 1700 South
Provo, UT 84606
bjueneman(_at_)novell(_dot_)com
1-801-861-7387