[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt

To: Jim Schaad <ietf@xxxxxxxxxxxxxxxxx>
Subject: Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Thu, 26 Apr 2007 11:12:16 +0200
Cc: "'pgut001'" <pgut001@xxxxxxxxxxxxxxxxx>, housley@xxxxxxxxxxxx, ietf-smime@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
References: <> <E1HgoVU-0006Wx-00@xxxxxxxxxxxxxxxxxxxxxxxxxx> <>
Sender: owner-ietf-smime@xxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.9 (X11/20061206)

Jim Schaad wrote:

Yes I agree that would be a problem,  can you suggest an attribute which
might need to be placed there that would have this attribute?  Currently the
only one I could think of is a digest which is not needed as this is dealt
with by the encryption algorithm.

A time stamp, or something like a the 3 level wrapper of ESS to beextracted from

some data that are structured, i.e. you would have an appliance that streams
end encrypts and adds a resume.

I don't need a real one, but I want to have some inkling that this MIGHT be
a real problem before trying to solve it.

See above. I am not sure but I always had the impression that thepossibility of streamingis one of the fundamental features. If now we have an algorithm thatdoes allow thisin a reasonable, i.e. for example by splitting the message into chainedchunks thatcan be authenticated (almost) on the fly and do not require anundeterminablesize limit. requiring several mega of storage is not acceptable forprocessing smime

message is not acceptable IMO.

Jim

-----Original Message-----
From: pgut001 [mailto:pgut001@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, April 25, 2007 1:55 PM
To: housley@xxxxxxxxxxxx; ietf@xxxxxxxxxxxxxxxxx;
pgut001@xxxxxxxxxxxxxxxxx
Cc: ietf-smime@xxxxxxx
Subject: RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt

"Jim Schaad" <ietf@xxxxxxxxxxxxxxxxx> writes:

I am having a problem seeing why having the attributes first causes a
problem for algorithms that want them second.  All that is needed is

that

the encryption wrapper for the code understand that the attributes are

going

to come in first and hold onto them until later.  This is assuming

that the

encryption wrapper understands the difference between the body and the
attributes.

What if the attributes depend on the data being processed (as Peter
Sylvester
pointed out)?  By putting them first, you can't emit the first byte of
data
until you've processed every other byte of data.  This is why current
CMS
practice puts the attributes last.

Peter.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Jim Schaad

References:
- RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Jim Schaad
- RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Peter Gutmann
- RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Jim Schaad

Prev by Date: Thanks for nothing
Next by Date: Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Previous by thread: RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Next by thread: RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Index(es):
- Date
- Thread