Re: CMS attributes question

[Julien Stern <julien.stern@xxxxxxxxxxxxx>]

Paul Hoffman a écrit :
> At 9:31 AM +0100 3/19/09, Julien Stern wrote:
>   
> > Isn't it dangerous to ignore a _signed_ attribute ?
> >     
>
> No. The fact that the signer wanted the data to be protected in transport doesn't mean that it is inherently important to the recipient. The decision to sign an attribute is usually made by the software developer (and could come down to "well, why not?"), not the sender.
>   
Paul,

The problem is that for some specific attributes (such as some in RFC 
2634, RFC 5035 or CAdES) begin capable of processing the attribute or 
not will influence the actual result of signature validation.
> > Also, when you are writing the these attributes are ignored, do you mean that they MUST be ignored or that they MAY be ignored? E.g. if my implementation fails upon receiving a signature with an unknown signed attribute, would you consider this non-standard? Or is this behavior up to the implementor?
> >     
>
> The latter. Remember, we can't say what it really means to "understand" an attribute.
>   
OK. Thanks. One (hopefully) last question:
if in CAdES (which extends CMS as you surely know), we mandated 
signature validation to stop if a signed attribute is not supported by 
the verifying implementation, would you consider this inconsistent with 
CMS or not?

Best regards,

--
Julien