Jim Schaad wrote:
The messageDigest is an authenticated attribute that cannot be set before the data. You may need some information in order to start the compution, that's why there are thePeters, I think that you are off base on this. If you are going to make an attribute that is dependent on the body you WANT the attributes to come before the body. If this is not the case, the authenticator does not know that the attribute validation needs to be setup until the body has been completely processed and it cannot be placed in stream anymore. This does make things harder for the encoder, but the authentication operation can be assumed to occur more often than the encoding operation.
hash algorithms indicated before.But the global application context or document context knows what you have to do,
at least the creator cannot place such an attribute before the data.
If this swap is done for reasons of consistency I can agree with this. If this is done to satisfy the need for the argument based on the content of the body I oppose swapping the body and the authenticated attributes.
How would you then insert such the attribute on the fly? regards Peter
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature