Russ,
I was trying to say that the hash of the cert should match the hash in the
attribute. I will re-word appropriately.
Jim
-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Thursday, December 07, 2006 6:26 AM
To: jimsch(_at_)exmsft(_dot_)com
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Last Call Comments on esscertid
Jim:
As part of the last call comments I propose to add the
following text to
Section 2. Wordsmithing welcome.
Jim Schaad
Four cases exist which need to be taken into account when using this
attribute for correct processing:
1. Signature Validates and the hashes match: This is the
success case.
2. Signature Validates and the hashes do not match: In
this case the
certificate contained the correct public key, the certificate
containing the public key is not the one that the signer
intended to be
used. In this case the application should attempt a search for a
different certificate with the same public key and for which
the hashes
match. If no such certificate can be found, this is a failure case.
3. Signature Fails Validation and the hashes match: In
this case it
can be assumed that the signature has been modified in some
fashion.
This is a failure case.
4. Signature Fails Validation and the Hashes do not match: In this
case it can be either that the signature has been modified,
or that the
wrong certificate has been used. Applications should
attempt a search
for a different certificate which matches the hash value and the new
certificate used to retry the signature validation.
In Case 4, the application should look for a different
certificate that contains a different public key. Thus, the
hash value should be different, not match.
Russ