Re: Comments on draft-ietf-smime-rfc2630bis-03
"Housley, Russ" <rhousley@rsasecurity.com> Wed, 19 September 2001 15:59 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA04884 for <smime-archive@odin.ietf.org>; Wed, 19 Sep 2001 11:59:29 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8JFU3923155 for ietf-smime-bks; Wed, 19 Sep 2001 08:30:03 -0700 (PDT)
Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.6/8.11.3) with SMTP id f8JFU1D23147 for <ietf-smime@imc.org>; Wed, 19 Sep 2001 08:30:01 -0700 (PDT)
Received: from sdtihq24.securid.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 19 Sep 2001 15:27:12 UT
Received: from exna00.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA27078 for <ietf-smime@imc.org>; Wed, 19 Sep 2001 11:30:01 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <T1DQNSRV>; Wed, 19 Sep 2001 11:25:13 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.1.51]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id T1DQNSRQ; Wed, 19 Sep 2001 11:25:08 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: jimsch@exmsft.com
Cc: ietf-smime@imc.org
Message-Id: <5.0.1.4.2.20010919102807.0280ca88@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.1
Date: Wed, 19 Sep 2001 10:49:07 -0400
Subject: Re: Comments on draft-ietf-smime-rfc2630bis-03
In-Reply-To: <001601c140b9$39f1cd40$0c00a8c0@soaringhawk.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Jim: >1. The comment I had for section 3 was for > >id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2) > us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) > content-types(1) 6} > >Not for id-contentType. (This has come to you privately but not on the >list.) I have already fixed it in the yet-to-be-published rfc2630bis-04. I expect to release -04 later this week (hopefully this afternoon). >2. Section 5.2.1. I don't follow the reasoning behind putting this >section in the document. If the issue is to allow for the processing of >PKCS#7 item, then I think that information is lacking (specifically the >fact that "content" MUST be DER encoded). At present it only allows for >parsing of the content, in some cases. (Note that my guess is that the >current MSFT code would fail if the OID corresponded to an OCTET STRING >as it would not be able to guess which way to go.) A better way of >doing the guessing is really to say that you look to see if you have an >OCTET STRING and assume you will have a CMS rather than a PKCS#7 object. >The problem with your current method is there is nothing to stop >somebody from creating a CMS signed data object using the same embedded >content (but OCTET wrapped). This text was proposed by Peter Gutmann and improved upon by John Pawling. This is one place where backward comparability with PKCS#7 has not been preserved, and we are trying to warn implementors about the potential dangers. You make a good point about DER. I have made a few changes to the text to highlight the DER issue. Are these changes sufficient? I propose: 5.2.1 Compatibility with PKCS #7 This section contains a word of warning to implementers that wish to support both the CMS and PKCS #7 [PKCS#7] SignedData content types. Both the CMS and PKCS #7 identify the type of the encapsulated content with an object identifier, but the ASN.1 type of the content itself is variable in PKCS #7 SignedData content type. PKCS #7 defines content as: content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL The CMS defines eContent as: eContent [0] EXPLICIT OCTET STRING OPTIONAL The CMS definition is much easier to use in most applications, and it is compatible with both S/MIME v2 and S/MIME v3. S/MIME signed messages using the CMS and PKCS #7 are compatible because identical signed message formats are specified in RFC 2311 for S/MIME v2 [OLDMSG] and RFC 2633 for S/MIME v3 [MSG]. S/MIME v2 encapsulates the MIME content in a Data type (that is, an OCTET STRING) carried in the SignedData contentInfo content ANY field, and S/MIME v3 carries the MIME content in the SignedData encapContentInfo eContent OCTET STRING. Therefore, in both S/MIME v2 and S/MIME v3, the MIME content is placed in an OCTET STRING and the message digest is computed over the identical portions of the content. That is, the message digest is computed over the octets comprising the value of the OCTET STRING, neither the tag nor length octets are included. There are incompatibilities between the CMS and PKCS #7 signedData types when the encapsulated content is not formatted using the Data type. For example, when an RFC 2634 [ESS] signed receipt is encapsulated in the CMS signedData type, then the Receipt SEQUENCE is encoded in the signedData encapContentInfo eContent OCTET STRING and the message digest is computed using the entire Receipt SEQUENCE encoding (including tag, length and value octets). However, if an RFC 2634 signed receipt is encapsulated in the PKCS #7 signedData type, then the Receipt SEQUENCE is DER encoded [X.509-88] in the SignedData contentInfo content ANY field (a SEQUENCE, not an OCTET STRING). Therefore, the message digest is computed using only the value octets of the Receipt SEQUENCE encoding. The following strategy can be used to achieve backward compatibility with PKCS #7 when processing SignedData content types. If the implementation is unable to ASN.1 decode the signedData type using the CMS signedData encapContentInfo eContent OCTET STRING syntax, then the implementation MAY attempt to decode the signedData type using the PKCS #7 SignedData contentInfo content ANY syntax and compute the message digest accordingly. The following strategy can be used to achieve backward compatibility with PKCS #7 when creating a SignedData content type in which the encapsulated content is not formatted using the Data type. Implementations MAY examine the value of the eContentType, and then adjust the expected DER encoding of eContent based on the object identifier value. For example, to support Microsoft AuthentiCode, the following information MAY be included: eContentType Object Identifier is set to { 1 3 6 1 4 1 311 2 1 4 } eContent contains DER encoded AuthentiCode signing information >3. I think it is time to remove the [** NEW **] and [** OLD **] >comments so we can see a true draft for last call. Okay. I will do that before I publish -04. The WG Last Call is already in progress. I will expend the deadline once the -04 draft is published. I would expect it to close next week. Russ
- Comments on draft-ietf-smime-rfc2630bis-03 Jim Schaad
- Re: Comments on draft-ietf-smime-rfc2630bis-03 Housley, Russ
- RE: Comments on draft-ietf-smime-rfc2630bis-03 Jim Schaad
- RE: Comments on draft-ietf-smime-rfc2630bis-03 Pawling, John
- RE: Comments on draft-ietf-smime-rfc2630bis-03 Jim Schaad