This has lead to very little discussion. I am pleased to propose the
text for CMS if that is the direction that the S/MIME WG wants to
pursue. Please pick a direction. We need to get moving.
Russ
At 05:09 PM 12/4/2005, Jim Schaad wrote:
After having read the document by Bellovin and Rescorla, I agree with its
conclusion that the working group needs to provide guidence on how
evaluation of signatures needs to be done in the cases of 1) multiple
signatures at a single layer and 2) multiple signature layers.
I can think of four different documents that this can go into:
1) CMS Base specification
Pro:
- This is core functionality and it would be seen by all
implementers of CMS
- It would deal with ALL CMS objects
Con:
- The document is not currently open for changes
- Depending on how it is written, it might be more open to
changes in the future
2) New CMS document on multiple layers
Pro:
- Does not change any current documents
- Could be written as a BCP and thus have the ablity to make
additional statements
- Would deal with all CMS objects
- Allows for discussion of different policies for
evalutation
Con:
- It's a new document and would need to be referenced
everywhere
3) S/MIME Message Specification
Pro:
- This is the draft that S/MIME implementers use and this is
currently the main place that needs help
Con:
- It does not currently discuss any type of wrapping
- It would not deal with AuthenticatedData wrapping
4) ESS
Pro:
- It already discusses the concepts of multiple layer
wrapping
- The document needs to be openned for dealing with
ESSCertID
Con:
- It usings Mime layers in the current wrapping text
- It would not deal with AuthenticatedData wrapping
My personal preference is to not tie the new evaluation logic to S/MIME but
to CMS.
Jim