RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt

["Jim Schaad" <ietf@xxxxxxxxxxxxxxxxx>]

Peter,

I am having a problem seeing why having the attributes first causes a
problem for algorithms that want them second.  All that is needed is that
the encryption wrapper for the code understand that the attributes are going
to come in first and hold onto them until later.  This is assuming that the
encryption wrapper understands the difference between the body and the
attributes.

Jim


> -----Original Message-----
> From: owner-ietf-smime@xxxxxxxxxxxx [mailto:owner-ietf-
> smime@xxxxxxxxxxxx] On Behalf Of Peter Gutmann
> Sent: Tuesday, April 17, 2007 9:52 AM
> To: housley@xxxxxxxxxxxx; pgut001@xxxxxxxxxxxxxxxxx
> Cc: ietf-smime@xxxxxxx
> Subject: Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
> 
> 
> Russ Housley <housley@xxxxxxxxxxxx> writes:
> 
> >The difference is the swapped order of authAttrs and
> authEncryptedContentInfo.
> 
> Yup.  That is, I'm not saying they absolutely have to be last, but that
> forcing them to be first rules out the use of some algorithms (and vice
> versa).
> 
> >The best placement seems to depend on the authenticated encryption
> >modes that one thinks will become most popular in the Internet over
> >time.  We each have examples that support our preferred placement.  I
> >do not know which of us has the better crystal ball.
> 
> Is there any way to put money both ways?
> 
> Peter.