If an originator uses the same public/private key pair for both digital sig- natures and key management, then it’s easy to figure out which key to use
112 Part III ■ Secure Email
when replying or generating a receipt, but nowadays many originators use separate key pairs for digital signatures and encryption. Recipients can use the S/MIME-encryption-key-preference attribute to locate the public key that the signer would like others to use for key management operations. Now you might be thinking, ‘‘Isn’t that what the key usage certificate extension is intended to do?’’ and you’d be right; however, if the signer has more than one, then additional clues are needed. The S/MIME-encryption-key-preference attribute is identified by theid-aa-encrypKeyPrefobject identifier, and it has the following syntax:
attr-encryptKeyPref CMS-ATTRIBUTE ::=
{ SMIMEEncryptionKeyPreference IDENTIFIED BY id-aa-encrypKeyPref } id-aa-encrypKeyPref OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 11 }
SMIMEEncryptionKeyPreference ::= CHOICE {
issuerAndSerialNumber [0] IssuerAndSerialNumber, receipentKeyId [1] RecipientKeyIdentifier, subjectAltKeyIdentifier [2] SubjectKeyIdentifier }
If the S/MIME-capabilities attribute is included in a signed-data, authen- ticated-data, or authenticated-enveloped-data, then it must be signed or authenticated attribute. It may appear in either an inner or outer layer.
Signed Receipts
Signed receipts allow originators to verify that the message has been delivered to the recipients, which is called proof of delivery. Originators can then use the signed receipt to prove to a third party that the recipient was able to verify the signature of the original message.
N O T E Proof of delivery does not indicate that the recipients actually understood the message; it indicates only that they could process the signed message. If the originator wants that kind of assurance, they need to explicitly ask the recipient send a signed reply in the body of the message.
The process works with multiple attributes and the receipt content type. The process is shown in Figure 6-5.
Content Identifier
For receipts to work, messages need to be uniquely identifiable. Email messages already have this feature as part of aMessage ID:header, but it’s not signed and it’s assigned after the message signature has been generated. [RFC2634] recommends that the concatenation of username or key identifier, current
Turner c06.tex V3 - 03/26/2008 5:34pm Page 113
Chapter 6 ■ Protecting Email Message Contents 113
Alice Bob Compose message
Construct signed-data with signed-receiptrequest, message-digest, and content-identifier attributes
Send message Retrieve message Verify signed-data with
signed-receipt-request attribute Generate Signed Receipt content
type encapsulated in a signed-data with message-signature-igest and message-digest attributes Send signed receipt message Receive message
Verify signed-data that encapsulates signed receipt Verify message-signature-digest
attribute matches original message-digest attribute
Figure 6-5 Signed receipts
time, and a random number. The content-identifier attribute is identified by theid-aa-contentIdentifierobject identifier, and it has the following syntax:
attr-ContentIdenfier ATTRIBUTE ::=
{ ContentIdentifier IDENTIFIED BY id-aa-contentIdentifier } id-aa-contentIdentifier OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7 }
ContentIdentifier ::= OCTET STRING
The content-identifier may be included in either the inner or outer layer, and it may be a signed attribute. If it’s used as part of the signed receipt request process, then it’s included as a signed attribute.
Receipt Request
Another primary thing for receipts to work is the actual request for the receipt. There are three parts to the receipt request:
1. Pointing to the message’s content-identifier attribute 2. Requesting whom you want receipts from
3. Indicating where receipts should be sent
Pointing to the message’s content-identifier attribute is easy because the field is just copied from the attribute and placed in thesignedContentIdentifier field. You can request receipts from all recipients, non-mail-list recipients, or specific recipients. You can also request where receipts should be sent;
114 Part III ■ Secure Email
maybe your boss wants to be copied on everything or maybe you want an administrative assistant to track the receipts for you. Either way, you can include your name, someone else’s name, or an arbitrary list. The receipt- request attribute is identified by the id-aa-receiptRequestobject identifier, and it has the following syntax:
attr-receiptRequest ATTRIBUTE ::=
{ ReceiptRequest IDENTIFIED BY id-aa-receiptRequest } id-aa-receiptRequest OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1 }
ReceiptRequest ::= SEQUENCE {
signedContentIdentifier ContentIdentifier, receiptsFrom ReceiptsFrom,
receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames }
ub-receiptsTo INTEGER ::= 16 ReceiptsFrom ::= CHOICE {
allOrFirstTier [0] AllOrFirstTier,
receiptList [1] SEQUENCE OF GeneralNames } AllOrFirstTier ::= INTEGER {
allReceipts (0),
firstTierRecipients (1) }
The receipt-request attribute must be included in an inner layer, and it must be a signed attribute.
Message Signature Digest
The recipient needs to bind the original message that included the receipt to the signed receipt. This is done by placing the message digest of the original message in the message-signature-digest attribute. Recipients do this by including signed attributes from the original message, which was validated when the signature was verified. The message-signature-digest attribute is identified by theid-aa-msgSigDigestobject identifier, and it has the following syntax:
attr-msgSigDigest ATTRIBUTE ::=
{ MsgSigDigest IDENTIFIED BY id-aa-msgSigDigest } id-aa-msgSigDigest OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5 }
Turner c06.tex V3 - 03/26/2008 5:34pm Page 115
Chapter 6 ■ Protecting Email Message Contents 115
The message-signed-digest attribute must be included in an inner layer, and it must be a signed attribute.