[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Multiple signers and changing receipt requests

To: "'Elanor Foley'" <efoley@xxxxxxxxxxxxx>, <ietf-smime@xxxxxxx>
Subject: RE: Multiple signers and changing receipt requests
From: "Jim Schaad" <jimsch@xxxxxxxxxx>
Date: Tue, 21 Jan 2003 23:44:38 -0800
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Reply-to: <jimsch@xxxxxxxxxx>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Title: Message

Elanor,

Congratulations, I believe you have uncovered a flow in ESS that requires an update to be made to the document.

If you have two people signing at the same time, then it would be possible to construct the ReceiptRequest so that it goes to both signers. This means that it could be copied by the second signing operation and the same data would be in both signatures.

If you have a mail list agent adding a signing layer, it can use the mlReciptPolicy and modify the requested receipt from the inside.

We do not however have an adequate response for the workflow case. That is a person at a later date wants to sign the object and modify the RecieptRequest. This person cannot use a ReceiptRequest attribute since the first person would not know who to include in the receiptRequest (and indeed should not until that person processes the item in the workflow). If the secondary person were to use an mlReceiptPolicy, the receipt would be re-directed properly, however any MLAs or equivalent items would strip the secondary person's signature as the rules state you strip all signature layers with the mlReceiptPolicy attribute. This means that the secondary persons signature would be lost.

Is there anyone other than myself that feels this issue needs to be addressed properly?

jim

-----Original Message-----
From: owner-ietf-smime@xxxxxxxxxxxx [mailto:owner-ietf-smime@xxxxxxxxxxxx] On Behalf Of Elanor Foley
Sent: Tuesday, January 07, 2003 8:39 AM
To: 'ietf-smime@xxxxxxx'
Subject: Multiple signers and changing receipt requests

Hello,

As I understand CMS rfc2630 and ESS rfc2634, it is possible to create a SignedData with multiple signers (one signedData with multiple signerInfos). Say one of these signers has included a ReceiptRequest in his signedAttributes. How would another (subsequent) signer also add a ReceiptRequest or modify the existing one? It looks like there is no provision for this. The first signer to request a receipt pre-empts any other signer who may wish a different receipt request. The receipt request itself cannot be modified because it is a signed attribute. Can subsequent signers pretend to be an MLAgent and add a mlReceiptPolicy?

Also, I find myself confused by statements in sections 2.2.1 and 2.3 from the ESS rfc. These are highlighted by asterisks below

ESS 2.1 Signed Receipt Concepts    The originator of a message may request a signed receipt from the    message's recipients.

ESS 2.2 Receipt Request Creation    <snip>

Only one receiptRequest attribute can be included in the    signedAttributes of a SignerInfo.

ESS 2.2.1 Multiple Receipt Requests    There can be multiple SignerInfos within a SignedData object, and    each SignerInfo may include signedAttributes. Therefore, a single    SignedData object may include multiple SignerInfos, each SignerInfo    having a receiptRequest attribute. For example, an originator can    send a signed message with two SignerInfos, one containing a DSS    signature, the other containing an RSA signature.    Each recipient SHOULD return only one signed receipt.    /***Not all of the SignerInfos need to include receipt requests, but in    all of the SignerInfos that do contain receipt requests, the receipt    requests MUST be identical.***/

But ESS 2.3 Receipt Request Processing    A receiptRequest is associated only with the SignerInfo object to    which the receipt request attribute is directly attached. Receiving    software SHOULD examine the signedAttributes field of each of the    SignerInfos for which it verifies a signature in the innermost    signedData object to determine if a receipt is requested. /***This may    result in the receiving agent processing multiple receiptRequest    attributes included in a single SignedData object, such as requests    made from different people who signed the object in parallel.***/
The "different people" are not making different requests? They're just copying the first person's receipt request?

Thanks for your help, -    Lnr ____________________________________________ Lnr Foley Baltimore Technologies Web: http://www.baltimore.com _____________________________________________

References:
- Multiple signers and changing receipt requests
  - From: Elanor Foley

Prev by Date: RE: Multiple symmetric algo-encrypted data in single S/MIME message
Next by Date: Error in RFC 3369
Previous by thread: Multiple signers and changing receipt requests
Next by thread: Multiple signers and changing receipt requests
Index(es):
- Date
- Thread