[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt

To: "'Peter Sylvester'" <Peter.Sylvester@xxxxxxxxxx>
Subject: RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
From: "Jim Schaad" <ietf@xxxxxxxxxxxxxxxxx>
Date: Mon, 30 Apr 2007 10:15:46 -0700
Cc: "'pgut001'" <pgut001@xxxxxxxxxxxxxxxxx>, <housley@xxxxxxxxxxxx>, <ietf-smime@xxxxxxx>
In-reply-to: <463622C1.90503@xxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
References: <> <E1HgoVU-0006Wx-00@xxxxxxxxxxxxxxxxxxxxxxxxxx> <> <46306CF0.6040906@xxxxxxxxxx> <> <463622C1.90503@xxxxxxxxxx>
Sender: owner-ietf-smime@xxxxxxxxxxxx
Thread-index: AceLSp63nDA+GJxjSUyQ3Vo3jawOjgAADJgw

Peter,


> -----Original Message-----
> From: Peter Sylvester [mailto:Peter.Sylvester@xxxxxxxxxx]
> Sent: Monday, April 30, 2007 10:09 AM
> To: Jim Schaad
> Cc: 'pgut001'; housley@xxxxxxxxxxxx; ietf-smime@xxxxxxx
> Subject: Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
> 
> Jim Schaad wrote:
> > Peters,
> >
> > I think that you are off base on this.  If you are going to make an
> > attribute that is dependent on the body you WANT the attributes to
> come
> > before the body.  If this is not the case, the authenticator does not
> know
> > that the attribute validation needs to be setup until the body has
> been
> > completely processed and it cannot be placed in stream anymore.  This
> does
> > make things harder for the encoder, but the authentication operation
> can be
> > assumed to occur more often than the encoding operation.
> >
> The messageDigest is an authenticated attribute that cannot be set
> before the data. You
> may need some information in order to start the compution, that's why
> there are the
> hash algorithms indicated before.

If you look at the structure, there are no hash indicators before-hand.  In
fact the document explicitly says don't put in a messageDigest attribute.

> 
> But the global application context or document context knows what you
> have to do,
> at least the creator cannot place such an attribute before the data.
> > If this swap is done for reasons of consistency I can agree with
> this.  If
> > this is done to satisfy the need for the argument based on the
> content of
> > the body I oppose swapping the body and the authenticated attributes.
> >
> How would you then insert such the attribute on the fly?

You don't.  What I said was that it is more important to make sure that
things are good for the validator and not for the encoder.  The encoder
knows what is going to be happening and can live with not streaming.  The
validator MUST know in advance what is going to happen in order to be able
to set things up correctly.

Jim

> 
> regards
> Peter

Follow-Ups:
- Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Peter Sylvester

References:
- RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Jim Schaad
- RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Peter Gutmann
- RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Jim Schaad
- Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Peter Sylvester
- RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Jim Schaad
- Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Peter Sylvester

Prev by Date: Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Next by Date: RE: draft-ietf-smime-cms-auth and not streaming for decode
Previous by thread: Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Next by thread: Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Index(es):
- Date
- Thread