This document specifies the syntax and semantics for the Cryptographic
Message Syntax (CMS) content constraints extension. This extension is
used to determine whether a public key is appropriate to use in the
processing of a protected content. In particular, the CMS content
constraints extension is one part of the authorization decision; it is
used when validating a digital signature on a CMS SignedData content or
validating a message authentication code (MAC) on a CMS AuthenticatedData
content or CMS AuthEnvelopedData content. The signed or authenticated
content type is identified by an ASN.1 object identifier, and this
extension indicates the content types that the public key is authorized to
validate. If the authorization check is successful, the CMS content
constraints extension also provides default values for absent attributes.
Working Group Summary
This document is an individual submission. It provides an authorization
mechanism for use with the Trust Anchor Management Protocol (TAMP).
The document is detailed and clear. It has been implemented as part of a
not-yet-released open source library.
Geoff Beier is the Document Shepherd for this document.
Tim Polk is the Responsible Area Director.