Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00
"Jim Schaad" <ietf@augustcellars.com> Fri, 17 May 2013 17:49 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: smime@ietfa.amsl.com
Delivered-To: smime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 370CB21F8AD5 for <smime@ietfa.amsl.com>; Fri, 17 May 2013 10:49:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3kWOSyOiYq6x for <smime@ietfa.amsl.com>; Fri, 17 May 2013 10:49:24 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) by ietfa.amsl.com (Postfix) with ESMTP id 681F521F8A54 for <smime@ietf.org>; Fri, 17 May 2013 10:49:24 -0700 (PDT)
Received: from Philemon (unknown [88.214.187.239]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 902CB2CA48; Fri, 17 May 2013 10:49:23 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Russ Housley' <housley@vigilsec.com>
References: <20130418151254.13949.52367.idtracker@ietfa.amsl.com> <50816A63-E208-449A-977A-9F31544C9222@vigilsec.com> <00fc01ce3d61$0055ad20$01010760$@augustcellars.com> <708EAE82-3FC4-4979-A72C-30EA52DE26C0@vigilsec.com> <022901ce4770$48a51250$d9ef36f0$@augustcellars.com> <968BB011-0FA5-4E48-8043-BACA74D915FF@vigilsec.com>
In-Reply-To: <968BB011-0FA5-4E48-8043-BACA74D915FF@vigilsec.com>
Date: Fri, 17 May 2013 18:48:33 +0100
Message-ID: <069301ce5326$c20ae680$4620b380$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJXqOTs93H7Sx2qVjApye56zgIYjwLwaxZ6ArtIz18BXIWQUQJOCNs6AiyrZV2XmuQCcA==
Content-Language: en-us
Cc: 'IETF SMIME' <smime@ietf.org>
Subject: Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/smime>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2013 17:49:30 -0000
> -----Original Message----- > From: Russ Housley [mailto:housley@vigilsec.com] > Sent: Friday, May 17, 2013 2:37 PM > To: Jim Schaad > Cc: 'IETF SMIME' > Subject: Re: [smime] draft-housley-ct-keypackage-receipt-n-error-00 > > Jim: > > >>> 8. Is there a requirement that systems should accept > >>> KeyPkgIdentifier.attribute values that they do not understand as it > >>> can be reflected in the receipt without having to decode it? > >> > >> As with all CMS processing, unrecognized attributes are ignored. I'm > >> not > > sure > >> this needs to be repeated further. It comes up here: > >> > >> * badUnsignedAttrs is used to indicate that the unsignedAttrs > >> within SignerInfo contains one or more attributes. Since > >> unrecognized attributes are ignored, this error code is used > >> when the object identifier for the attribute is recognized, but > >> the value is malformed or internally inconsistent. > > > > > > I don't think that this is an acceptable solution ore response at this > > point. > > > > If I send you > > > > Key package id and receipt request ::= { > > pkgID = { random OID you never heard of, binary value } receiptReq > > = { > > encryptReceipt FALSE, > > receiptsFrom - absent > > receiptsTo = {Me} > > }} > > > > You have three options: > > > > 1 - say that the signed attribute is bad because you do not understand > > a piece if it and neither process nor receipt the package > > 2 - say that you don't care that the signed attribute is bad and > > process it and return a receipt because you do not need to understand > > the key package identifier > > 3 - say that you ignore things you do not understand and process the > > package but do not return a receipt. > > Does this text resolve you concern? > > * badUnsignedAttrs is used to indicate that the unsignedAttrs > within SignerInfo contains one or more attributes. Since > unrecognized attributes are ignored, this error code is used > when the object identifier for the attribute is recognized, but > the value is malformed or internally inconsistent. In > addition, this error code can be used when policy prohibits an > implementation from supporting unsigned attributes. > No. I think this is going to need a F2F conversation to resolve. > Russ=
- [smime] draft-housley-ct-keypackage-receipt-n-err… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Russ Housley
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad
- Re: [smime] draft-housley-ct-keypackage-receipt-n… Jim Schaad