Graeme,
I have given an explanation below for why we removed some of the
ContentInfo wrappers in the steps for tripple wrapping of an X.400 content.
-----Original Message-----
From: Graeme Lunt
To: ietf-smime(_at_)imc(_dot_)org
Cc: 'julianonions(_at_)yahoo(_dot_)co(_dot_)uk'; Tim Freestone
Sent: 08.08.01 10:03
Subject: Comments on draft-ietf-smime-x400wrap-03.txt/draft-ietf-smime->x40
0transport-03.txt
Paul,
A couple of comments on the two drafts:
x400wrap-03:
I note that section 3.4.1 "Creating a Triple Wrapped Message With
An X.400" has been changed so that a ContentInfo
wrapping is no longer applied to the inner signed-data and
enveloped-data (end of step 3, end of step 4).
I can see that it saves me some bytes/redundancy in the encoding,
but maybe you could give me some background to this change?
I have a preference for keeping the contentInfo wrapping as:
a) it to some extent aligns with S/MIME ESS, where at each similar
stage a MIME construct is added (with a smime-type), and a generic
object (id-data) is passed to the next level of wrapping. In the
previous version the ContentInfo was the "generic" form that was
subject to the next protection operation.
b) it is simple to produce a "signed-only" version of a triple wrapped
message e.g. for forwarding, as removing outer two wrappers should give
me the appropriate form I require for a forwarded content bodypart.
c) it just appears to me to be a more generic, simpler solution.
ContentInfo encodings are what I am mostly likely to deal with e.g. in
files
(although having a slightly larger encoding).
Comments?
Graeme
In the ESS tripple wrapping decription, all of the nested "contents" are
MIME wrapped and the ContentInfo wrappings are needed to identify the
content (or content type) under the MIME wrappings. The MIME wrappings are
neccesary in SMTP systems for backwards compatibility with S/MIME version 2.
In section 1.4 we explain why we don't need bacwards compatibility with
S/MIME v.2. and for that reason we did not see the need to have the MIME
wrappings (for a tripple wrapped message they add over 300% overhead).
Since we don't have the MIME wrappings, we don't need the ContentInfo
wrappings either. The ContentType OIDs in SignedData and EnvelopedData will
identify the encapsulatet content (or content type). ContentInfo needs only
to be used around the outer most SignedData because this is required by PKCS
#7 and CMS.
The ContentInfo wrappings will only introduce an unnecessary level of
indirection, and you will have to modify your ESS code for SMTP anyway
because the MIME wrappers are gone. Thus, a triple wrapped message will
have the following form:
X.400 Envelope -> id-ct-contentInfo
ContentInfo -> id-signedData
SignedData -> id-envelopedData
EnvelopedData -> id-signedData
SignedData -> <OID for content type>
If you want to produce a "signed-only" version of a triple wrapped
message, all you need to do is to wrap the inner most SignedData in a
ContentInfo and forward it which should be a pretty easy operation.
Best Regards
Anders