[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CMS attributes question
Paul Hoffman a écrit :
At 9:31 AM +0100 3/19/09, Julien Stern wrote:
Isn't it dangerous to ignore a _signed_ attribute ?
No. The fact that the signer wanted the data to be protected in transport doesn't mean that it is inherently important to the recipient. The decision to sign an attribute is usually made by the software developer (and could come down to "well, why not?"), not the sender.
The problem is that for some specific attributes (such as some in RFC
2634, RFC 5035 or CAdES) begin capable of processing the attribute or
not will influence the actual result of signature validation.
Also, when you are writing the these attributes are ignored, do you mean that they MUST be ignored or that they MAY be ignored? E.g. if my implementation fails upon receiving a signature with an unknown signed attribute, would you consider this non-standard? Or is this behavior up to the implementor?
The latter. Remember, we can't say what it really means to "understand" an attribute.
OK. Thanks. One (hopefully) last question:
if in CAdES (which extends CMS as you surely know), we mandated
signature validation to stop if a signed attribute is not supported by
the verifying implementation, would you consider this inconsistent with
CMS or not?