Draft IETF SMIME - Multiple Signatures in S/MIME
29.06.2007Abstract:
CMS SignedData includes the SignerInfo structure to convey per-signer
information. SignedData supports multiple signers and multiple
signature algorithms per-signer with multiple SignerInfo structures.
If a signer attaches more than one SignerInfo, there are concerns
that an attacker could perform a downgrade attack by removing the
SignerInfo(s) with the 'strong' algorithm(s). This document defines the multiple-signatures attribute, its generation rules, and its
processing rules to allow signers to convey multiple SignerInfo while
protecting against downgrade attacks. Additionally, this attribute
may assist during periods of algorithm migration.
Zdroj: http://www.ietf.org/internet-drafts/draft-ietf-smime-multisig-01.txtAutor: JP