What is the benefit of sending the cert with the message? If you truly want to
authenticate the originator you have to acquire the cert by independent,
trusted means, don't you?
-----Original Message-----
From: owner-ietf-ediint@xxxxxxxxxxxx
[mailto:owner-ietf-ediint@xxxxxxxxxxxx]On Behalf Of Jess Sightler
Sent: Thursday, June 05, 2003 6:36 AM
To: lstoeckle@xxxxxxxxxxxxxxxx
Cc: ietf-ediint@xxxxxxxxxxxxxxxx
Subject: Re: AS2-SMIME : has the certificate to be included inside
thesignatu re?
I can't speak 100% from the spec on this, but I know that iSoft makes
sending the Certificate with a signature optional.
Based on that, I believe that it is an option to not send the cert. I
believe that sending the Cert would be a good practice, however.
Thanks,
Jess
On Thu, 2003-06-05 at 09:58, lstoeckle@xxxxxxxxxxxxxxxx wrote:
> Hello,
>
>
>
> I am new on this list - and I need your help.
>
>
>
> AS2: when sending a signed message (the original message which can
> also be signed, or a signed MDN), has the signer's certificate to be
> included inside of the signature MIME part?
>
> Is it mandatory or should AS2 compliant products accept both? (signed
> messages containing the cert, or not containing it, in which case they
> would try to find a certificate on the local key store etc.)
>
>
>
> Regards,
>
> -----------------------------------------
> Ludan STOECKLE
> DSI Groupe Casino - Etudes
>
> 04 77 45 48 01
>
> lstoeckle@xxxxxxxxxxxxxxxx
> -----------------------------------------
>
>
>
>
>
>
--
=======================================
Jess Sightler
Senior Developer
Exim Technologies
131 Falls Street
Greenville SC 29601
Phone: 864-679-4651
=======================================
|
