[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rfc2534 and multiple signing certificate attributes

To: Peter.Sylvester@xxxxxxxxxx, rhousley@xxxxxxxxxxxxxxx
Subject: Re: rfc2534 and multiple signing certificate attributes
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Wed, 15 Aug 2001 15:29:11 +0200 (MET DST)
Cc: ietf-smime@xxxxxxx
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

> 
> Peter:
> 
> You are referring to ESS, RFC 2634, right?
ooops, yes.
 
> 
> In some cases, signatures are serial.  In this case, a countersignature 
> that contains the current Signing Certificate Attribute is sufficient.

In this case, too, the first signer or the document policy might want to
indicate: 'my signature is only valid if there is a countersignature from
"the boss"'. 

> 
> In other cases, signatures are parallel.  I think that your comments apply 
> to this situation.  Here, multiple signer info structures are present, each 
> with it's own Signing Certificate Attribute.  You are looking for a way to 
> bind two or more signer info structures together.  Am I understanding your 
> concern correctly?

Yes, binding together and making the signature validation fail if not all 
necessary signatures are present.

Prev by Date: I-D ACTION:draft-ietf-smime-cmsalg-02.txt
Next by Date: RE: Comments on draft-ietf-smime-x400wrap-03
Previous by thread: Re: rfc2534 and multiple signing certificate attributes
Next by thread: RE: Comments on draft-ietf-smime-x400wrap-03.txt/draft-ietf-smime -x40 0transport-03.txt
Index(es):
- Date
- Thread