ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Consistence question of CMS

2008-11-05 12:57:10
from [Turner, Sean P.] [Permanent Link] 
Russ,

Yes - I agree. RFC 2630 also supports this:

If originatorInfo is absent, all of the RecipientInfo structures are version
0, and unprotectedAttrs is absent, then version shall be 0. 

Also originatorInfo and unprotectedAttributes aren't defined in RFC 2315 so
to be version 0 these fields can't be present. To be version 0,
RecipientInfos must also have a version = -0, according to RFC 3215.

spt


  _____  

From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]
On Behalf Of Russ Housley
Sent: Monday, November 03, 2008 6:21 PM
To: zhaohui cheng
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Consistence question of CMS


I think this is an error.  I think the end of the RFC 3852 algorithm should
be:

               IF (originatorInfo is absent) AND
                  (unprotectedAttrs is absent) AND
                  (all RecipientInfo structures are version 0)
               THEN version is 0
               ELSE version is 2

Do others agree?

Russ


At 01:04 AM 11/3/2008, zhaohui cheng wrote:



Hi Russell,

I have a question regarding the consistence between RFC 3852 and RFC 3369. 

For the version of EnvelopedData, the rules in RFC 3369 and  RFC 3852  are
defined as follows

 ---RFC 3369

         IF ((originatorInfo is present) AND
             (any version 2 attribute certificates are present)) OR
            (any RecipientInfo structures include pwri) OR
            (any RecipientInfo structures include ori)
         THEN version is 3
         ELSE
            IF (originatorInfo is present) OR
               (unprotectedAttrs is present) OR
               (any RecipientInfo structures are a version other than 0)
            THEN version is 2
            ELSE version is 0

 

--RFC 3852  
         IF (originatorInfo is present) AND
            ((any certificates with a type of other are present) OR
            (any crls with a type of other are present))
         THEN version is 4
         ELSE
            IF ((originatorInfo is present) AND
               (any version 2 attribute certificates are present)) OR
               (any RecipientInfo structures include pwri) OR
               (any RecipientInfo structures include ori)
            THEN version is 3
            ELSE
               IF (originatorInfo is absent) OR
                  (unprotectedAttrs is absent) OR
                  (all RecipientInfo structures are version 0)
               THEN version is 0
               ELSE version is 2

It appears the two sets of rules are not consistent.  In particular, if
originatorInfo is absent but one 

RecipientInfo structure has version other than 0, then according to RFC
3369, the version should be 2, but 0 in 3852. Is this rule deliberately
changed in 3852 or just typos?

Kind regards,

Michael Cheng
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-smime] Consistence question of CMS, Alfred Hönes
Next by Date:  RE: WG Last Call: draft-ietf-smime-3278bis-03, Turner, Sean P.
Previous by Thread:  Re: Consistence question of CMS, Russ Housley
Next by Thread:  Re: [ietf-smime] Consistence question of CMS, Alfred Hönes
Indexes:  [Date] [Thread] [Top] [All Lists]