Re: MLA Processing Questions
"Sean P. Turner" <turners@ieca.com> Mon, 23 June 2003 20:08 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08466 for <smime-archive@lists.ietf.org>; Mon, 23 Jun 2003 16:08:21 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5NJjirb077208 for <ietf-smime-bks@above.proper.com>; Mon, 23 Jun 2003 12:45:44 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h5NJjirZ077207 for ietf-smime-bks; Mon, 23 Jun 2003 12:45:44 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from smtp002.bizmail.yahoo.com (smtp002.bizmail.yahoo.com [216.136.172.126]) by above.proper.com (8.12.9/8.12.8) with SMTP id h5NJjgrb077201 for <ietf-smime@imc.org>; Mon, 23 Jun 2003 12:45:42 -0700 (PDT) (envelope-from turners@ieca.com)
Received: from 1cust140.tnt1.manassas.va.da.uu.net (HELO ieca.com) (turners@ieca.com@67.201.101.140 with plain) by smtp2.bm.vip.sc5.yahoo.com with SMTP; 23 Jun 2003 19:45:43 -0000
Message-ID: <3EF755C0.20606@ieca.com>
Date: Mon, 23 Jun 2003 15:32:16 -0400
From: "Sean P. Turner" <turners@ieca.com>
Organization: IECA, Inc.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: jimsch@exmsft.com
CC: Ietf-Smime <ietf-smime@imc.org>
Subject: Re: MLA Processing Questions
References: <003e01c32d43$70732940$1700a8c0@augustcellars.local>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit
Jim, Comments in line. Jim Schaad wrote: >A couple of additional questions for consideration. > >1. Consider the message S1(S2(S3(M))) where S2 has an >MLExpansionHistory attribute and S1 has a ESSSecurityLabel attribute. >Under the current processing rules the security label would not be on >the output message of an MLA. Attributes on S2 are preserved, but not >those on S1. Does this need to be changed? > > I went back and forth on this one. I can see why you want to keep a label, but I think you ought to only retain it if you actually track who applied it. But, that's going to get really complicated so I'd say that you should not preserve the label in s1. >2. Are there any other attributes for which this needs to be changed as >well? > > Not sure off the top of my head. >3. If you have the message S1(S2(E1(S3(M)))), if S1 or S2 contains an >ESSSecurityLabel attribute it would be preserved only if there was an >MLExpansionHistory attribute in the same signature layer. > > Yes I think that's right. >4. Are there any other attributes that need to be preserved here as >well. > >5. There is a rule that states all attributes need to be kept unless >replaced. This needs to be modified to exclude the >id-aa-SigningCertificate attribute. If this element is not replaced but >copied then the signature of the MLA SHOULD fail validation. Can >anybody else think of attributes for which this is also true. > >Jim > > >
- MLA Processing Questions Jim Schaad
- Re: MLA Processing Questions Sean P. Turner