Sure, and that's why the warning is in there. Just because a public key is
present and happens to verify doesn't mean that the particular public key in
question is good for anything at all. You may require that it be a
particular
key to be valid. Or that it validate along a particular certificate path. Or
whatever. This is equally true under classic PEM.
Instead, why not require the key/name form to be transmitted separately
and
validated before use. Please don't say this is an implementation issue.
Sure, but how many of your users are going to read that document and
understand this point? They're going to assume that MIME-PEM is acting
reasonably on theirbehalf. Allowing INCORRECT name/key associations to be
treansmitted is not reasonablhavior (IMHO).
Dunno how you intend to prevent their transmission -- the whole point of this
stuff is that it has to behave reasonably even when under deliberate attack.
The binding of specific keys to specific functions is quite outside the
range of all these specifications. This isn't to say that such bindings are
unimportant -- they are extremely important -- but they just aren't part
of current proposals.
OK. It's an option in Classic PEM. How will that option be exposed in
MIME-PEM?
Same way as in classic PEM -- assuming you don't have a directory service or
some such to provide access to the cert chaings, you embed them in some message
you send. This could be done with a specific message containing this
information sent prior to the signed message or it could be just another part
of the signed message.
A good way to address this might be to take the example PEM messages
on pages 21 and 23 (in my copy) of rfc1421 and map them to MIME-PEM and post
THOSE examples. That would help translate the functionality offered by
rfc1421 to that offered by MIME-PEM. Anyone else agree?
This sounds fine to me, and I have no problem with adding such descriptive
examples and prose to the documents at some point in the future. However, since
I'm not the editor of these documents right now, I cannot commit to getting
such an example in place in this iteration of the specifications. Moreover, if
there's a timing problem, I don't think the benefits of adding such an example
merit any more delay in the advancement of these documents.
Ned