[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple signers and changing receipt requests

To: Elanor Foley <efoley@xxxxxxxxxxxxx>, ietf-smime@xxxxxxx
Subject: Re: Multiple signers and changing receipt requests
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Fri, 10 Jan 2003 14:11:40 -0500
In-reply-to: <B15225F53DF1D411B80B0002A5097D9F88C9FD@irlms02.ie.baltimor e.com>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Elanor:

First, I want to point out that RFC 2630 has been superceded by RFC 3369.

As I understand CMS rfc2630 and ESS rfc2634, it is possible to create a
SignedData with multiple signers (one signedData with multiple signerInfos).
Say one of these signers has included a ReceiptRequest in his
signedAttributes. How would another (subsequent) signer also add a
ReceiptRequest or modify the existing one? It looks like there is no
provision for this. The first signer to request a receipt pre-empts any
other signer who may wish a different receipt request. The receipt request
itself cannot be modified because it is a signed attribute. Can subsequent
signers pretend to be an MLAgent and add a mlReceiptPolicy?

A subsequent signer cannot (and should not be able to) make any change to the information covered by the first signer. So, more information is needed to understand the context of your question. By reading between the lines, it appears that all of the signatures are not equal in your application. That being the case, you might consider countersignatures or further nesting (SignedData encapsulating another SignedData).

Also, I find myself confused by statements in sections 2.2.1 and 2.3 from
the ESS rfc. These are highlighted by asterisks below
ESS 2.1 Signed Receipt Concepts

The originator of a message may request a signed receipt from the
message's recipients.
ESS 2.2 Receipt Request Creation

<snip>
Only one receiptRequest attribute can be included in the
signedAttributes of a SignerInfo.
ESS 2.2.1 Multiple Receipt Requests

There can be multiple SignerInfos within a SignedData object, and
each SignerInfo may include signedAttributes. Therefore, a single
SignedData object may include multiple SignerInfos, each SignerInfo
having a receiptRequest attribute. For example, an originator can
send a signed message with two SignerInfos, one containing a DSS
signature, the other containing an RSA signature.

Each recipient SHOULD return only one signed receipt.

/***Not all of the SignerInfos need to include receipt requests, but in
all of the SignerInfos that do contain receipt requests, the receipt
requests MUST be identical.***/

This is because clients are expected to process one signerInfo, not all of them.

But
ESS 2.3 Receipt Request Processing

A receiptRequest is associated only with the SignerInfo object to
which the receipt request attribute is directly attached. Receiving
software SHOULD examine the signedAttributes field of each of the
SignerInfos for which it verifies a signature in the innermost
signedData object to determine if a receipt is requested. /***This may
result in the receiving agent processing multiple receiptRequest
attributes included in a single SignedData object, such as requests
made from different people who signed the object in parallel.***/
The "different people" are not making different requests? They're just
copying the first person's receipt request?

You are right this should not happen. The receipt requests MUST be identical.

Russ

Prev by Date: Multiple signers and changing receipt requests
Next by Date: I-D ACTION:draft-ietf-smime-symkeydist-09.txt
Previous by thread: Multiple signers and changing receipt requests
Next by thread: Recall: Multiple signers and changing receipt requests
Index(es):
- Date
- Thread