[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RFC 2634 Questions

To: "'suchet singh khalsa'" <suchetsinghkhalsa@xxxxxxxxx>
Subject: RE: RFC 2634 Questions
From: "Jim Schaad" <jimsch@xxxxxxxxxx>
Date: Mon, 1 Sep 2003 11:17:39 -0700
Cc: <ietf-smime@xxxxxxx>
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Reply-to: <jimsch@xxxxxxxxxx>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Suchet,

The match of names only applies to the innermost layer on a triple
wrapped message.

I am not sure what you mean by a mail merge functionality.  It could be
one of two things:
1) merging a mail message with a database - in this case the correct
person to sign the message is the MLA since that is the entity that
actually sees the final message.
2) merging of multiple messages together in a summary.  This could be
done in a method that perserves the original signatures, but I would
expect that they would actually be stripped.  The types of MLAs that we
are working with would not provide this type of feature.

jim

> -----Original Message-----
> From: owner-ietf-smime@xxxxxxxxxxxx 
> [mailto:owner-ietf-smime@xxxxxxxxxxxx] On Behalf Of suchet 
> singh khalsa
> Sent: Wednesday, August 27, 2003 9:55 AM
> To: phoffman@xxxxxxx
> Cc: ietf-smime@xxxxxxx
> Subject: RFC 2634 Questions
> 
> 
> 
> Hi Paul,
>   Can you please answer the following questions w.r.t
> MLA processing of S/MIME messages :
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> According to RFC 2632, while verifying signatures it
> should confirmed that the sender (RFC822 From or
> Sender headers) of the message is the same as the
> signed entity. Does this apply to ONLY the innermost
> signature in a triple wrapped message ?
> If no, this will impact MLA processing as documented
> in RFC 2634 in the following manner :
> 
> 1.  The MLA creates an outermost SignedData layer
> using the private key of the list. The final recipient
> will not be able to verify this signature since the
> From header is not the list email address. Is the
> solution here to set the list email address as the RFC
> 822 Sender header ?
> 
> 2.  Most MLA's support mail merge functionality. Is
> the intent of RFC 2634 to mandate that S/MIME and mail
> merge do not go hand in hand ? The reason for this
> question is : When MLA does mail merge, the innermost
> signature in a triple wrapped message will become
> invalid -  so the MLA will have to sign with the
> private key of the list. So, the end recipient will
> not be able to verify this signature since the From
> header of the mail is not the list email address.
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> RFC 2634 does not talk about this case :
> An application/pkcs7-mime bodypart is enclosed in
> another multipart, so that it is not the level 1
> bodypart. What should the MLA do in this case ?
> Possibilities are :
> 1.  Create the outermost signature (according to
> RFC2634 page 34) for the whole mail.
> 
> 2.  Create the outermost signature (according to
> RFC2634 page 34) only for the application/pkcs7-mime
> content.
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Thanks,
> Suchet
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design 
> software http://sitebuilder.yahoo.com
>

Follow-Ups:
- RE: RFC 2634 Questions
  - From: Russ Housley

References:
- RFC 2634 Questions
  - From: suchet singh khalsa

Prev by Date: Re: RFC 2634 Questions
Next by Date: Standards for Web-signing
Previous by thread: RFC 2634 Questions
Next by thread: RE: RFC 2634 Questions
Index(es):
- Date
- Thread