Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00
Russ Housley <housley@vigilsec.com> Fri, 17 May 2013 13:37 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: smime@ietfa.amsl.com
Delivered-To: smime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5D3921F93EB for <smime@ietfa.amsl.com>; Fri, 17 May 2013 06:37:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PbOVmLVOnU9p for <smime@ietfa.amsl.com>; Fri, 17 May 2013 06:36:57 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id 402A321F93E8 for <smime@ietf.org>; Fri, 17 May 2013 06:36:57 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id 7914BF24076; Fri, 17 May 2013 09:37:04 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id WYXbYQpGfwYg; Fri, 17 May 2013 09:36:52 -0400 (EDT)
Received: from [192.168.2.109] (pool-96-241-156-29.washdc.fios.verizon.net [96.241.156.29]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id BFCE5F2406E; Fri, 17 May 2013 09:37:03 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <022901ce4770$48a51250$d9ef36f0$@augustcellars.com>
Date: Fri, 17 May 2013 09:36:48 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <968BB011-0FA5-4E48-8043-BACA74D915FF@vigilsec.com>
References: <20130418151254.13949.52367.idtracker@ietfa.amsl.com> <50816A63-E208-449A-977A-9F31544C9222@vigilsec.com> <00fc01ce3d61$0055ad20$01010760$@augustcellars.com> <708EAE82-3FC4-4979-A72C-30EA52DE26C0@vigilsec.com> <022901ce4770$48a51250$d9ef36f0$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.1085)
Cc: 'IETF SMIME' <smime@ietf.org>
Subject: Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/smime>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2013 13:37:03 -0000
Jim:
>>> 8. Is there a requirement that systems should accept
>>> KeyPkgIdentifier.attribute values that they do not understand as it
>>> can be reflected in the receipt without having to decode it?
>>
>> As with all CMS processing, unrecognized attributes are ignored. I'm not
> sure
>> this needs to be repeated further. It comes up here:
>>
>> * badUnsignedAttrs is used to indicate that the unsignedAttrs
>> within SignerInfo contains one or more attributes. Since
>> unrecognized attributes are ignored, this error code is used
>> when the object identifier for the attribute is recognized, but
>> the value is malformed or internally inconsistent.
>
>
> I don't think that this is an acceptable solution ore response at this
> point.
>
> If I send you
>
> Key package id and receipt request ::= {
> pkgID = { random OID you never heard of, binary value }
> receiptReq = {
> encryptReceipt FALSE,
> receiptsFrom - absent
> receiptsTo = {Me}
> }}
>
> You have three options:
>
> 1 - say that the signed attribute is bad because you do not understand a
> piece if it and neither process nor receipt the package
> 2 - say that you don't care that the signed attribute is bad and process it
> and return a receipt because you do not need to understand the key package
> identifier
> 3 - say that you ignore things you do not understand and process the package
> but do not return a receipt.
Does this text resolve you concern?
* badUnsignedAttrs is used to indicate that the unsignedAttrs
within SignerInfo contains one or more attributes. Since
unrecognized attributes are ignored, this error code is used
when the object identifier for the attribute is recognized, but
the value is malformed or internally inconsistent. In
addition, this error code can be used when policy prohibits an
implementation from supporting unsigned attributes.
Russ
- [smime] draft-housley-ct-keypackage-receipt-n-err… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad