| -----Original Message-----
| From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
| [mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Blake
Ramsdell
| Sent: May 6, 2004 1:45 AM
| To: 'Sean P. Turner'
| Cc: ietf-smime(_at_)imc(_dot_)org
| Subject: RE: WG LAST CALL: draft-ietf-smime-rfc2632bis-05.txt
cut .....|
|
| Para 5: I'd like to add a security consideration about why it
| might not be good to send CRLs: "CRLs sent with the message
| impose concern when the signer's certificate is revoked, but
| the signer purposely includes a valid CRL but not the most
| recent CRL without the signer's serialNumber thereby
| providing a false verification". (or something like that)
|
| [bcr] I took a hack at this. If there's any concerns, we'll
| address them in IETF-wide last call.
I would argue that it is not the presence of the CRL which is the concern,
rather it is the use of the signing time provided by the signer to verify CRL
validity which is the base concern. In fact this same concern applies if the
signing time is used to judge whether the certificate is expired or not (CRL's
may not include cert serialNumber for revoked expired certs).
Please see:
http://www.imc.org/ietf-smime/mail-archive/msg01855.html
and possibly the security caution following would suffice?:
"The signing time in the message cannot be trusted if the signing key
has been compromised. Thus the signing time should not be used as
the "current time" when performing certificate expiry or revocation
checking as per KEYM."
Tony