[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RFC2630-bis comment

To: <ietf-smime@xxxxxxx>, "Russ Housley" <rhousley@xxxxxxxxxxxxxxx>
Subject: RFC2630-bis comment
From: "Jim Schaad" <jimsch@xxxxxxxxxx>
Date: Wed, 5 Dec 2001 13:49:46 -0800
Importance: Normal
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Reply-to: <jimsch@xxxxxxxxxx>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Russ,

I believe that the requirement in section 5.3 about DER encoding of
SignedAttributes is too restrictive.  The current statement is "Each
SignedAttribute in the SET MUST be DER encoded."  I believe that the
intended statement is really "Each AttributeValue in the
SignedAttributes SET MUST be DER encoded."

Here is my problem.  Assume that I have an attribute FOO with 3 values.
If I do the encode of the entire SignerInfo object in one shot, then I
cannot cause the sort of the the attribute values without doing a DER
encoding of the SignerInfo object.  It's easy to correctly DER encode an
attribute if the attribute values are correctly DER encoded, and this
deals with the potential problem of a third party having to decode and
re-encode the values.

Please make this change as it continues to statisfy the requirement
behind the added statement, but imposes the smallest requirement on the
implementors.

Jim

Follow-Ups:
- Re: RFC2630-bis comment
  - From: Housley, Russ

Prev by Date: S/MIME WG Agenda for 52nd IETF
Next by Date: Re: RFC2630-bis comment
Previous by thread: S/MIME WG Agenda for 52nd IETF
Next by thread: Re: RFC2630-bis comment
Index(es):
- Date
- Thread