| < draft-ietf-smime-cms-mult-sign-02.txt | draft-ietf-smime-cms-mult-sign-03.txt > | |||
|---|---|---|---|---|
| S/MIME Working Group R. Housley | S/MIME Working Group R. Housley | |||
| Updates: 3852 (once approved) Vigil Security | Updates: 3852 (once approved) Vigil Security | |||
| Expires June 2007 November 2006 | Expires August 2007 February 2007 | |||
| Cryptographic Message Syntax (CMS) | Cryptographic Message Syntax (CMS) | |||
| Multiple Signer Clarification | Multiple Signer Clarification | |||
| <draft-ietf-smime-cms-mult-sign-02.txt> | <draft-ietf-smime-cms-mult-sign-03.txt> | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than a "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/1id-abstracts.html | http://www.ietf.org/1id-abstracts.html | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| Abstract | Abstract | |||
| This document updates the Cryptographic Message Syntax (CMS), which | This document updates the Cryptographic Message Syntax (CMS), which | |||
| skipping to change at page 2, line 12 ¶ | skipping to change at page 2, line 12 ¶ | |||
| handling of the SignedData protected content type when more than one | handling of the SignedData protected content type when more than one | |||
| digital signature is present. | digital signature is present. | |||
| 1. Introduction | 1. Introduction | |||
| This document updates the Cryptographic Message Syntax (CMS) [CMS]. | This document updates the Cryptographic Message Syntax (CMS) [CMS]. | |||
| The CMS SignedData protected content type allows multiple digital | The CMS SignedData protected content type allows multiple digital | |||
| signatures, but the specification is unclear about the appropriate | signatures, but the specification is unclear about the appropriate | |||
| processing by a recipient of such a signed content. This document | processing by a recipient of such a signed content. This document | |||
| provides replacement text for a few paragraphs, making it clear that | provides replacement text for a few paragraphs, making it clear that | |||
| the protected content is valid if any of the digital signatures for a | the protected content is validly signed by a given signer, if any of | |||
| particular signer is valid. | the digital signatures from that signer is valid. | |||
| This property is especially important in two cases. First, when the | This property is especially important in two cases. First, when the | |||
| recipients do not all implement the same digital signature algorithm, | recipients do not all implement the same digital signature algorithm, | |||
| a signer can sign the content with several different digital | a signer can sign the content with several different digital | |||
| signature algorithms so that each of the recipients can find an | signature algorithms so that each of the recipients can find an | |||
| acceptable signature. For example, if some recipients support RSA | acceptable signature. For example, if some recipients support RSA | |||
| and some recipients support ECDSA, then the signer can generate two | and some recipients support ECDSA, then the signer can generate two | |||
| signatures, one with RSA and one with ECDSA, so that each recipient | signatures, one with RSA and one with ECDSA, so that each recipient | |||
| will be able to validate one of the signature. Second, when a | will be able to validate one of the signatures. Second, when a | |||
| community is transitioning one-way hash functions or digital | community is transitioning one-way hash functions or digital | |||
| signature algorithms, a signer can sign the content with the older | signature algorithms, a signer can sign the content with the older | |||
| and the newer signature algorithms so that each recipient can find an | and the newer signature algorithms so that each recipient can find an | |||
| acceptable signature, regardless of their state in the transition. | acceptable signature, regardless of their state in the transition. | |||
| For example, consider a transition from RSA with SHA-1 to RSA with | For example, consider a transition from RSA with SHA-1 to RSA with | |||
| SHA-256. The signer can generate two signatures, one with SHA-1 and | SHA-256. The signer can generate two signatures, one with SHA-1 and | |||
| one with SHA-256, so that each recipient will be able to validate at | one with SHA-256, so that each recipient will be able to validate at | |||
| least one of the RSA signatures. | least one of the RSA signatures. | |||
| 2. Terminology | 2. Terminology | |||
| skipping to change at page 3, line 16 ¶ | skipping to change at page 3, line 16 ¶ | |||
| | A recipient independently computes the message digest. This message | | A recipient independently computes the message digest. This message | |||
| | digest and the signer's public key are used to verify the signature | | digest and the signer's public key are used to verify the signature | |||
| | value. The signer's public key is referenced either by an issuer | | value. The signer's public key is referenced either by an issuer | |||
| | distinguished name along with an issuer-specific serial number or by | | distinguished name along with an issuer-specific serial number or by | |||
| | a subject key identifier that uniquely identifies the certificate | | a subject key identifier that uniquely identifies the certificate | |||
| | containing the public key. The signer's certificate can be included | | containing the public key. The signer's certificate can be included | |||
| | in the SignedData certificates field. | | in the SignedData certificates field. | |||
| | | | | |||
| | When more than one signature is present, the successful validation | | When more than one signature is present, the successful validation | |||
| | of one signature associated with each signer is usually treated | | of one signature associated with a given signer is usually treated | |||
| | as a successful validation of the signed-data content type. However, | | as a successful signature by that signer. However, there are some | |||
| | there are some application environments where other rules are needed. | | application environments where other rules are needed. An | |||
| | An application that employs a rule other than one valid signature for | | application that employs a rule other than one valid signature for | |||
| | each signer must specify those rules. Also, where simple matching of | | each signer must specify those rules. Also, where simple matching of | |||
| | the signer identifier is not sufficient to determine whether the | | the signer identifier is not sufficient to determine whether the | |||
| | signatures were generated by the same signer, the application | | signatures were generated by the same signer, the application | |||
| | specification must describe how to determine which signatures were | | specification must describe how to determine which signatures were | |||
| | generated by the same signer. Support of different communities of | | generated by the same signer. Support of different communities of | |||
| | recipients is the primary reason that signers choose to include more | | recipients is the primary reason that signers choose to include more | |||
| | than one signature. For example, the signed-data content type might | | than one signature. For example, the signed-data content type might | |||
| | include signatures generated with the RSA signature algorithm and | | include signatures generated with the RSA signature algorithm and | |||
| | with the ECDSA signature algorithm. This allows recipients to | | with the ECDSA signature algorithm. This allows recipients to | |||
| | verify the signature associated with one algorithm or the other. | | verify the signature associated with one algorithm or the other. | |||
| skipping to change at page 3, line 50 ¶ | skipping to change at page 3, line 50 ¶ | |||
| | MUST gracefully handle unimplemented versions of SignerInfo. | | MUST gracefully handle unimplemented versions of SignerInfo. | |||
| | Further, since all implementations will not support every possible | | Further, since all implementations will not support every possible | |||
| | signature algorithm, all implementations MUST gracefully handle | | signature algorithm, all implementations MUST gracefully handle | |||
| | unimplemented signature algorithms when they are encountered. | | unimplemented signature algorithms when they are encountered. | |||
| This block of text is replaced with: | This block of text is replaced with: | |||
| | signerInfos is a collection of per-signer information. There MAY | | signerInfos is a collection of per-signer information. There MAY | |||
| | be any number of elements in the collection, including zero. When | | be any number of elements in the collection, including zero. When | |||
| | the collection represents more than one signature, the successful | | the collection represents more than one signature, the successful | |||
| | validation of one of signature from each signer ought to be | | validation of one of signature from a given signer ought to be | |||
| | treated as a successful validation of the signed-data content | | treated as a successful signature by that signer. However, | |||
| | type. However, there are some application environments where | | there are some application environments where other rules are | |||
| | other rules are needed. The details of the SignerInfo type are | | needed. The details of the SignerInfo type are discussed in | |||
| | discussed in section 5.3. Since each signer can employ a | | section 5.3. Since each signer can employ a different digital | |||
| | different digital signature technique and future specifications | | signature technique and future specifications could update the | |||
| | could update the syntax, all implementations MUST gracefully | | syntax, all implementations MUST gracefully handle unimplemented | |||
| | handle unimplemented versions of SignerInfo. Further, since all | | versions of SignerInfo. Further, since all implementations will | |||
| | implementations will not support every possible signature | | not support every possible signature algorithm, all | |||
| | algorithm, all implementations MUST gracefully handle | | implementations MUST gracefully handle unimplemented signature | |||
| | unimplemented signature algorithms when they are encountered. | | algorithms when they are encountered. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| The replacement text will reduce the likelihood of interoperability | The replacement text will reduce the likelihood of interoperability | |||
| errors during the transition from MD5 and SHA-1 to stronger one-way | errors during the transition from MD5 and SHA-1 to stronger one-way | |||
| hash functions, or to better signature algorithms. | hash functions, or to better signature algorithms. | |||
| 7. Normative References | 7. Normative References | |||
| [CMS] Housley, R., "Cryptographic Message Syntax (CMS)", | [CMS] Housley, R., "Cryptographic Message Syntax (CMS)", | |||
| skipping to change at page 5, line 7 ¶ | skipping to change at page 5, line 7 ¶ | |||
| Russell Housley | Russell Housley | |||
| Vigil Security, LLC | Vigil Security, LLC | |||
| 918 Spring Knoll Drive | 918 Spring Knoll Drive | |||
| Herndon, VA 20170 | Herndon, VA 20170 | |||
| USA | USA | |||
| EMail: housley(at)vigilsec.com | EMail: housley(at)vigilsec.com | |||
| Copyright Statement | Copyright Statement | |||
| Copyright (C) The Internet Society (2006). | Copyright (C) The IETF Trust (2007). | |||
| This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | |||
| contained in BCP 78, and except as set forth therein, the authors | contained in BCP 78, and except as set forth therein, the authors | |||
| retain all their rights. | retain all their rights. | |||
| This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | |||
| ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | |||
| INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | |||
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| Intellectual Property Rights or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
| pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
| this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
| might or might not be available; nor does it represent that it has | might or might not be available; nor does it represent that it has | |||
| made any independent effort to identify any such rights. Information | made any independent effort to identify any such rights. Information | |||
| on the procedures with respect to rights in RFC documents can be | on the procedures with respect to rights in RFC documents can be | |||
| found in BCP 78 and BCP 79. | found in BCP 78 and BCP 79. | |||
| End of changes. 9 change blocks. | ||||
| 27 lines changed or deleted | 27 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||