ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00

2013-05-17 12:49:19
from [Jim Schaad] [Permanent Link] 



-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Friday, May 17, 2013 2:37 PM
To: Jim Schaad
Cc: 'IETF SMIME'
Subject: Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00

Jim:


8.  Is there a requirement that systems should accept
KeyPkgIdentifier.attribute values that they do not understand as it
can be reflected in the receipt without having to decode it?


As with all CMS processing, unrecognized attributes are ignored.  I'm
not

sure

this needs to be repeated further.  It comes up here:

      * badUnsignedAttrs is used to indicate that the unsignedAttrs
        within SignerInfo contains one or more attributes.  Since
        unrecognized attributes are ignored, this error code is used
        when the object identifier for the attribute is recognized, but
        the value is malformed or internally inconsistent.



I don't think that this is an acceptable solution ore response at this
point.

If I send you

Key package id and receipt request ::= {
  pkgID = { random OID you never heard of, binary value }  receiptReq
= {
  encryptReceipt FALSE,
  receiptsFrom - absent
  receiptsTo = {Me}
}}

You have three options:

1 - say that the signed attribute is bad because you do not understand
a piece if it and neither process nor receipt the package
2 - say that you don't care that the signed attribute is bad and
process it and return a receipt because you do not need to understand
the key package identifier
3 - say that you ignore things you do not understand and process the
package but do not return a receipt.


Does this text resolve you concern?

      * badUnsignedAttrs is used to indicate that the unsignedAttrs
        within SignerInfo contains one or more attributes.  Since
        unrecognized attributes are ignored, this error code is used
        when the object identifier for the attribute is recognized, but
        the value is malformed or internally inconsistent.  In
        addition, this error code can be used when policy prohibits an
        implementation from supporting unsigned attributes.



No.  I think this is going to need a F2F conversation to resolve.


Russ=


_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00, Jim Schaad
Previous by Thread:  Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00, Russ Housley
Next by Thread:  [smime] draft-housley-ct-keypackage-receipt-n-error-01.txt, Russ Housley
Indexes:  [Date] [Thread] [Top] [All Lists]