pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

structures of enhancements

1994-12-14 12:32:00
from [Sandy Murphy] [Permanent Link] 
About multiple signatures, encapsulation, nestings, etc.

There has been some discussion of multiple signatures of messages.  I
can't really tell from the discussion if people realize that RFC
1421 allows for multiple signatures of the same enhanced content (see
section 4.1.2, section 4.6.2 (particularly 4.6.2.3), and the grammar
in section 9).  In the MIME-PEM spec, that functionality was retained.
As many have noted, the semantics implied by the existence of multiple
signatures is not clear.  The MIME-PEM spec adds nothing to the
discussion in RFC 1421 of the semantics of multiple signatures (:-)).

Encapsulation is used in RFC 1421 to discuss carrying PEM messages
inside (encapsulated in) RFC 822 messages.  When people talk here of
encapsulating messages, I don't think that's quite what they mean.

The term "nested" is used a few times in RFC 1421, but I was never
really sure what it meant.  My interpretation of the discussion of
encapsulation boundaries in section 4.4 and the grammar in section 9
is that when two PEM messages are in the same RFC 822 message, they
are *concatenated*, not nested.  So in
       -----BEGIN PRIVACY-ENHANCED MESSAGE-----
       PEM headers1

       text1
       -----BEGIN PRIVACY-ENHANCED MESSAGE-----
       PEM headers2

       text2
       -----END PRIVACY-ENHANCED MESSAGE-----
headers1-text1 are one PEM message and headers2-text2 are a second PEM
message and the MIC-Info in headers1 does not cover the headers2-text2
part (contrary to what one would expect).

In the MIME-PEM spec, you can concatenate or hierarchical-ize (yes, an
awful term, but I did not want to use "nest" or "encapsulate") different
privacy enhanced body parts to your heart's content, by using the
features of MIME.  You could have two independent signed body parts (both
multipart/signed content types) concatenated in a multipart body part
(probably a multipart/mixed content type), which would provide the same
service as provided by RFC 1421.  Or you could have one signed body part
(multipart/signed content type) which signed another signed body part
(the signed body part would be another multipart/signed content type).
Go wild.  Be free.  Express yourself.

So in *both* RFC 1421 and the MIME-PEM spec, you can have multiple
signatures in one header set of one enhanced content.  In the MIME-PEM
spec, you can establish an arbitrary hierarchy of enhancements, simply
because it functions within MIME.

--Sandy Murphy
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • structures of enhancements, Sandy Murphy <=
Previous by Date:  Re: (PGP vs. (PEM vs. PEM-MIME)) vs. WEB, Theodore Ts'o
Next by Date:  Re: future pem working group tasks (was: voting), Derek Atkins
Previous by Thread:  Key distribution and trust models (Was: Re: voting), Jueneman
Next by Thread:  closure and restart, Peter Williams
Indexes:  [Date] [Thread] [Top] [All Lists]