On Tue, Nov 18, 2003, Alex Marandon wrote: > On Tue, Nov 18, 2003 at 01:29:02PM +0100, Dr. Stephen Henson wrote: > [...] > > [analyses message you sent me] > > > > Its here that the problem lies. The S/MIME software that you are using is not > > copying the issuer name correctly meaning that the version in the PKCS#7 > > structure does not match that in the recipients certificate. In fact it is > > taking the T61String and making it a PrintableString and using characters that > > are illegal in a PrintableString in the process. > > > > In other words the S/MIME client that produced that message is broken. > > Could you please point me to "official" documents that explain all these > rules. I had a quick look at S/MIME RFC and didn't found that. Then I'll > be able to show the software vendors why their implementation is broken. >
Well the contents of a PrintableString are listed in several places. The official one is X680 the 07/2002 document lists the permitted characters in a table in clause 37.4 though that document isn't publically downloadable. A less official version is the ASN1 laymans guide which is on RSAs site: http://www.rsasecurity.com/rsalabs/pkcs/ where it is mentioned in 5.11. That's showing it is violating ASN1. The IssuerAndSerialNumber field is defined in PKCS#7 6.7 (from RSAs site). There are various matching rules for DNs but the only one that is guaranteed to work is to copy the issuer name exactly as it appears in the certificate in question. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
