ietf-smime
[Top] [All Lists]

Re: Multi-level CMS Signature evaluation Rules: Document Location

2006-01-13 10:24:05

This has lead to very little discussion. I am pleased to propose the text for CMS if that is the direction that the S/MIME WG wants to pursue. Please pick a direction. We need to get moving.

Russ

At 05:09 PM 12/4/2005, Jim Schaad wrote:

After having read the document by Bellovin and Rescorla, I agree with its
conclusion that the working group needs to provide guidence on how
evaluation of signatures needs to be done in the cases of 1) multiple
signatures at a single layer and 2) multiple signature layers.

I can think of four different documents that this can go into:

1) CMS Base specification
        Pro:
                - This is core functionality and it would be seen by all
implementers of CMS
                - It would deal with ALL CMS objects

        Con:
                - The document is not currently open for changes
                - Depending on how it is written, it might be more open to
changes in the future


2) New CMS document on multiple layers
        Pro:
                - Does not change any current documents
                - Could be written as a BCP and thus have the ablity to make
additional statements
                - Would deal with all CMS objects
                - Allows for discussion of different policies for
evalutation

        Con:
                - It's a new document and would need to be referenced
everywhere


3) S/MIME Message Specification
        Pro:
                - This is the draft that S/MIME implementers use and this is
currently the main place that needs help

        Con:
                - It does not currently discuss any type of wrapping
                - It would not deal with AuthenticatedData wrapping


4) ESS
        Pro:
                - It already discusses the concepts of multiple layer
wrapping
                - The document needs to be openned for dealing with
ESSCertID

        Con:
                - It usings Mime layers in the current wrapping text
                - It would not deal with AuthenticatedData wrapping



My personal preference is to not tie the new evaluation logic to S/MIME but
to CMS.

Jim

<Prev in Thread] Current Thread [Next in Thread>
  • Re: Multi-level CMS Signature evaluation Rules: Document Location, Russ Housley <=