Re: Last Call Comments on CMS-10

[EKR <ekr@rtfm.com>]

"Jim Schaad (Exchange)" <jimsch@EXCHANGE.MICROSOFT.com> writes:
> John and Russ,
> 
> I completely disagree with this.  I don't think that it is any type of a
> fair statement to say that down level clients should be able in any way,
> shape or form to be able to parse one of these new messages.  This is why
> the MUST occurs in the S/MIME documents.
The problem is that these are combined new and old messages.

> I don't think it is a deficency of a down level client to be able to
> completely fail if the ASN does not completely match to spec, I think this
> is normal.  If a down-level client is not looking at version numbers then it
> will deal with what it deals with, but I think that we need to give them
> help not to kill them selfs.  
I don't believe that the version number matters here much. The
way I see it, a client that's smart enough to skip innapropriately
versioned Signer or RecipientInfos should be smart enough to
skip over a different CMS version number and see if it can
really read the message.

> If you are going to go with this agruement then I want to take you arguement
> to the logical extreme.  The text in section 6.1 should be changed so that
> the version number there does not have anything to do with the version
> numbers in RecipeientInfos.  The same aguements about down-level clients
> appear just as valid here as with SignedData.
I tend to agree here. OTOH, if OriginatorInfo is present, then
it seems that the version number must be increased. Else what
good is the version number in the first place?

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]