Nový draft IETF smime - Multiple Signatures in S/MIME
20.12.2006Abstract:
CMS SignedData includes the SignerInfo structure to convey per-
signer information. SignedData supports multiple signers and
multiple signature algorithms per-signer with multiple SignerInfo
structures. If a signer attaches more than one SignerInfo, there are
concerns that an attacker could perform a downgrade attack by
removing the SignerInfo(s) with the 'stronger' algorithm(s). This
document defines a signed attribute, its generation rules, and its
processing rules to allow signers to convey multiple SignerInfo
while protecting against downgrade attacks. Additionally, this
attribute may assist during periods of algorithm migration.
Zdroj: http://www.ietf.org/internet-drafts/draft-ietf-smime-multisig-00.txtAutor: JP