Russ,
thank you for your answer.
Isn't it dangerous to ignore a _signed_ attribute ?
In the case of an attribute such as ESSCertID or ESSCertIDV2 (RFC 2634
ou RFC 5035), an implementation ignoring the attribute can give
inconsistent results versus a implementation not ignoring the result
(e.g. the signature is valid vs the signature has been forged).
Also, when you are writing the these attributes are ignored, do you mean
that they MUST be ignored or that they MAY be ignored? E.g. if my
implementation fails upon receiving a signature with an unknown signed
attribute, would you consider this non-standard? Or is this behavior up
to the implementor?
Regards,
--
Julien
Russ Housley a écrit :
Unrecognized attributes are ignored. RFC 3852 requires support for
the content type and message digest attributes, but all others can be
ignored if they are not recognized.
Russ
At 01:40 PM 3/18/2009, Julien Stern wrote:
Hi list,
We have a question related to CMS that was raised during an ETSI
session around the CAdES standard:
we were wondering whether the behavior of an implementation
encountering an unknown attribute was defined. One line of thinking
is that an _unsigned_ attribute can be ignored by an implementation,
but that the signature validation should fail if an unknown _signed_
attribute is encountered.
Is this behavior somehow defined in CMS (I did not see it, but I
might have missed it)?
Otherwise, what do you think? What does your implementation do when
it encounters an unknown signed attribute?
Regards,
--
Julien