Input to content-encryption process in CMS
luciano.medina@safelayer.com Wed, 21 May 2003 17:33 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA29250 for <smime-archive@lists.ietf.org>; Wed, 21 May 2003 13:33:59 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h4LGxYAF041397 for <ietf-smime-bks@above.proper.com>; Wed, 21 May 2003 09:59:34 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h4LGxYEL041396 for ietf-smime-bks; Wed, 21 May 2003 09:59:34 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from yuha.menta.net (yuha.menta.net [212.78.128.42]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h4LGxWAF041391 for <ietf-smime@imc.org>; Wed, 21 May 2003 09:59:33 -0700 (PDT) (envelope-from luciano.medina@safelayer.com)
Received: from gibson.menta.net ([212.78.128.22]) by yuha.menta.net (Netscape Messaging Server 4.15) with ESMTP id HF8XX401.BH6 for <ietf-smime@imc.org>; Wed, 21 May 2003 19:00:40 +0200
Received: from bcn.safelayer.com ([212.78.132.129]) by gibson.menta.net (Netscape Messaging Server 4.15 gibson Mar 14 2002 21:29:48) with ESMTP id HF8Y1201.CHC for <ietf-smime@imc.org>; Wed, 21 May 2003 19:03:02 +0200
Subject: Input to content-encryption process in CMS
To: ietf-smime@imc.org
X-Mailer: Lotus Notes Release 5.0.4 June 8, 2000
Message-ID: <OF05CB5048.BA32C3EC-ONC1256D2D.00557D54@safelayer.com>
From: luciano.medina@safelayer.com
Date: Wed, 21 May 2003 19:00:49 +0200
X-MIMETrack: Serialize by Router on Bcn/SFLY(Release 5.0.12 |February 13, 2003) at 21/05/2003 19:00:50
MIME-Version: 1.0
Content-type: text/plain; charset="us-ascii"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
In section 6.3 "Content-encryption Process" of obsolete RFC 2630 "Cryptographic Message Syntax (CMS)", the second paragraph describes the input to the content-encryption process. It is resumed in the sentence: The input to the content-encryption process is the "value" of the content being enveloped There was some discussion on this topic between Russ Housley and John Pawling on the mailing list. The latter wrote: 29) Section 6.3, para 2: You want to preserve the following sentence: "The input to the content-encryption process is the "value" of the content being enveloped." In my opinion, this sentence is not needed and is confusing. For example, when encrypting an ASN.1 encoded content, an implementer might interpret this statement to mean that the tag and length octets of the ASN.1 encoded content should not be encrypted. I still believe that the first paragraph is fine [..] and that the second paragraph should be deleted. Finally, the second paragraph of section 6.3 was removed in the new RFC 3369, and no mention to the input of the content-encryption process remains. From John's words, I understand that if we want to nest a SignedData into an EnvelopedData, we shall encrypt the whole BER encoded SignedData (including tag and length octets). This is incompatible with PKCS#7 (RFC 2315), where it is clearly stated that only the content octets of the BER encoding are encrypted. I need to be sure that this is the intended meaning, because there is a whole section (5.2.1) in RFC 3369 explaining the incompatibility of SignedData in CMS and PKCS#7, but nothing is said about the incompatibility of encrypted contents.
- Input to content-encryption process in CMS luciano.medina
- RE: Input to content-encryption process in CMS Jim Schaad