Jim:
As part of the last call comments I propose to add the following text to
Section 2. Wordsmithing welcome.
Jim Schaad
Four cases exist which need to be taken into account when using this
attribute for correct processing:
1. Signature Validates and the hashes match: This is the success case.
2. Signature Validates and the hashes do not match: In this case the
certificate contained the correct public key, the certificate containing the
public key is not the one that the signer intended to be used. In this case
the application should attempt a search for a different certificate with the
same public key and for which the hashes match. If no such certificate can
be found, this is a failure case.
3. Signature Fails Validation and the hashes match: In this case it can be
assumed that the signature has been modified in some fashion. This is a
failure case.
4. Signature Fails Validation and the Hashes do not match: In this case it
can be either that the signature has been modified, or that the wrong
certificate has been used. Applications should attempt a search for a
different certificate which matches the hash value and the new certificate
used to retry the signature validation.
In Case 4, the application should look for a different certificate
that contains a different public key. Thus, the hash value should be
different, not match.
Russ