Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00
"Jim Schaad" <ietf@augustcellars.com> Fri, 17 May 2013 17:49 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: smime@ietfa.amsl.com
Delivered-To: smime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 370CB21F8AD5 for <smime@ietfa.amsl.com>; Fri, 17 May 2013 10:49:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3kWOSyOiYq6x for <smime@ietfa.amsl.com>; Fri, 17 May 2013 10:49:24 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) by ietfa.amsl.com (Postfix) with ESMTP id 681F521F8A54 for <smime@ietf.org>; Fri, 17 May 2013 10:49:24 -0700 (PDT)
Received: from Philemon (unknown [88.214.187.239]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 902CB2CA48; Fri, 17 May 2013 10:49:23 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Russ Housley' <housley@vigilsec.com>
References: <20130418151254.13949.52367.idtracker@ietfa.amsl.com> <50816A63-E208-449A-977A-9F31544C9222@vigilsec.com> <00fc01ce3d61$0055ad20$01010760$@augustcellars.com> <708EAE82-3FC4-4979-A72C-30EA52DE26C0@vigilsec.com> <022901ce4770$48a51250$d9ef36f0$@augustcellars.com> <968BB011-0FA5-4E48-8043-BACA74D915FF@vigilsec.com>
In-Reply-To: <968BB011-0FA5-4E48-8043-BACA74D915FF@vigilsec.com>
Date: Fri, 17 May 2013 18:48:33 +0100
Message-ID: <069301ce5326$c20ae680$4620b380$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJXqOTs93H7Sx2qVjApye56zgIYjwLwaxZ6ArtIz18BXIWQUQJOCNs6AiyrZV2XmuQCcA==
Content-Language: en-us
Cc: 'IETF SMIME' <smime@ietf.org>
Subject: Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/smime>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2013 17:49:30 -0000
> -----Original Message-----
> From: Russ Housley [mailto:housley@vigilsec.com]
> Sent: Friday, May 17, 2013 2:37 PM
> To: Jim Schaad
> Cc: 'IETF SMIME'
> Subject: Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00
>
> Jim:
>
> >>> 8. Is there a requirement that systems should accept
> >>> KeyPkgIdentifier.attribute values that they do not understand as it
> >>> can be reflected in the receipt without having to decode it?
> >>
> >> As with all CMS processing, unrecognized attributes are ignored. I'm
> >> not
> > sure
> >> this needs to be repeated further. It comes up here:
> >>
> >> * badUnsignedAttrs is used to indicate that the unsignedAttrs
> >> within SignerInfo contains one or more attributes. Since
> >> unrecognized attributes are ignored, this error code is used
> >> when the object identifier for the attribute is recognized, but
> >> the value is malformed or internally inconsistent.
> >
> >
> > I don't think that this is an acceptable solution ore response at this
> > point.
> >
> > If I send you
> >
> > Key package id and receipt request ::= {
> > pkgID = { random OID you never heard of, binary value } receiptReq
> > = {
> > encryptReceipt FALSE,
> > receiptsFrom - absent
> > receiptsTo = {Me}
> > }}
> >
> > You have three options:
> >
> > 1 - say that the signed attribute is bad because you do not understand
> > a piece if it and neither process nor receipt the package
> > 2 - say that you don't care that the signed attribute is bad and
> > process it and return a receipt because you do not need to understand
> > the key package identifier
> > 3 - say that you ignore things you do not understand and process the
> > package but do not return a receipt.
>
> Does this text resolve you concern?
>
> * badUnsignedAttrs is used to indicate that the unsignedAttrs
> within SignerInfo contains one or more attributes. Since
> unrecognized attributes are ignored, this error code is used
> when the object identifier for the attribute is recognized, but
> the value is malformed or internally inconsistent. In
> addition, this error code can be used when policy prohibits an
> implementation from supporting unsigned attributes.
>
No. I think this is going to need a F2F conversation to resolve.
> Russ=
- [smime] draft-housley-ct-keypackage-receipt-n-err… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad