Re: [plasma] Verifying the signature of the LockBox.

"Jim Schaad" <> Wed, 13 March 2013 12:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 93E6121F8941 for <>; Wed, 13 Mar 2013 05:44:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NJu0PrXmen1L for <>; Wed, 13 Mar 2013 05:44:41 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id AC40821F88F7 for <>; Wed, 13 Mar 2013 05:44:41 -0700 (PDT)
Received: from Philemon ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 0F75738EFC; Wed, 13 Mar 2013 05:44:40 -0700 (PDT)
From: "Jim Schaad" <>
To: "'Alan Borland'" <>, <>
References: <>
In-Reply-To: <>
Date: Wed, 13 Mar 2013 08:44:07 -0400
Message-ID: <05bb01ce1fe8$749d1b50$5dd751f0$>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_05BC_01CE1FC6.ED8DC540"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHVAr/odME5PYMQgzzHL9U11NMvp5iVywMA
Content-Language: en-us
Subject: Re: [plasma] Verifying the signature of the LockBox.
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 13 Mar 2013 12:44:43 -0000

It is my believe you should perform the full path verification.  If you
don't then you have no confidence in any of the signed attributes associated
with the signature such as the URL for the plasma server and thus go
someplace you don't want to and start the plasma protocol.





From: [] On Behalf Of
Alan Borland
Sent: Wednesday, March 13, 2013 6:21 AM
To: ''
Subject: [plasma] Verifying the signature of the LockBox.


[Boldon James classification: UNMARKED EXTERNAL]


When we open a message we have to determine if the message is a traditional
S/MIME message or a Plasma message.  This is done by inspecting the CMS
envelopedData layer looking for a Plasma LockBox. If the lockbox is found we
verify the SignedData signature, but this got me thinking.  Should we verify
just the integrity of the signature itself or should we also perform a full
certificate path validation as well?   This would mean every user needs to
trust a certificate from the Plasma Server (additional overhead - is this an
issue?), but then if the Plasma Server is somehow compromised this would be
a way of returning the error to the client.


I couldn't decide either way, at the moment we're doing a full certificate
path validation.




Alan Borland

Boldon James Limited, a QinetiQ company 

Mobile:        +44 (0)7810 556709
Direct:         +44 (0)1270 507841
Switch:        +44 (0)1270 507800
Email (R):