Re: Straw Poll: encoding of authenticated attributes in cms-auth-enveloped ID

[pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)]

"Turner, Sean P." <turners@xxxxxxxx> writes:

>There was one open issue (the last slide) that dealt with the encoding of
>authenticated attributes.  It was discussed at the meeting; however,
>responses from a wider audience (i.e., this list) is necessary.  Please
>indicate your preference on whether:
>
>A) The encoding of the authenticated attributes should be done exactly the
>same as in SignedData.
>
>B) The encoding of the authenticated attributes should use the encoding that
>will be transmitted.

I've already talked to Russ about this in private a while back, I'd strongly
support a move to SEQUENCE OF and bits-on-the-wire encoding:

-- Snip --

There is one other change that would *really* help implementors (and that
should have been made ages ago for any new format that includes
auth.attributes), change the:

  attributes [0] SET OF Attribute

to:

  attributes SEQUENCE OF Attribute

The former is a royal pain for implementors because what's transmitted isn't
what's hashed, and the DER rules for sorting SET OF elements is an eternal
booby-trap for implementors (the CMS spec should really include big red
flashing lights and klaxons in the appropriate section warning people about
this).  With this change, a large chunk of the text necessary in "Message
Digest Calculation Process" simply falls away, because now you can just hash
the bits-on-the-wire form rather than having to rewrite the data first.

-- Snip --

Peter.