Denis Pinkas wrote:
I have two major problems.
A first series, related whether the document deals with multiple signatures
from the same signer or several signatures from different signers.
I believe that the document tries to address the former goal, but since
this is not clearly stated, readers might be confused.
This appears first in the abstract:
This document clarifies the proper handling of the SignedData protected
content type when more than one digital signature is present.
which should be changed into:
This document clarifies the proper handling of the SignedData protected
content type when more than one digital signature from the same signer is present.
I think that this is one interpretation that makes sense. Otherwise it
would change possible
usages of CMS where you would allow k out of n signatures for example.
Does it make sense to review other specifications that only use one
signature to be
modified, TSP, SCVP?
If that change is agreed in general, then the following sentence
that appears on page 1, section 1 is incorrect:
"This document
provides replacement text for a few paragraphs, making it clear that
the protected content is valid if any of the digital signatures is
valid".
As stated, this seems indeed wrong to me.
Other changes would need to be made through all the document.
A second series related to how to pick the right public key:
picking up the right public key is not the issue. If a key validates, it is
ok, in particular since the issuer and serial are unprotected parts of the
structure.
What is missing is how one can detect that two certificates are for the
same signer, i.e. they have the same subject DN or altname (at least)
and a security section that talks about the potential problems of
determining
this.
Issue 1: Section 3, page 3.
| The signer's public key is referenced either by an issuer
| distinguished name along with an issuer-specific serial number or by
| a subject key identifier that uniquely identifies the certificate
| containing the public key.
An issuer distinguished name along with an issuer-specific serial number
is not necessarilly sufficient to identify the right signer's public key
(see ESSCertId).
Issue 2: Section 3, page 3.
| The signer's certificate can be included
| in the SignedData certificates field.
Yes, it can, but it is unprotected, so no guarantee that it is the right one.
The text should be clearer about the various ways to pick the right public key.
No. picking up a key is not an issue at all here IMO.
Denis
--
To verify the signature, see http://edelpki.edelweb.fr/
Cela vous permet de charger le certificat de l'autorité;
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
smime.p7s
Description: S/MIME Cryptographic Signature