The list of hash algorithms is in front of the data indicating that you should useI agree with this. If you make the argument that there are any number of items you want to do this for, then you need to have the signer place the attributes before the body in all cases. This is the reason that there is a list of hashes prior to the body for these cases.
them because they are later needed. You need this in the document because the algoritms can change.I agree that may be a need some additional not secured hints like that in order to calculate something for an attribute, but this can also be done with a content-type
or a mime-type or a global document policy.
This is the reason that I was trying to establish that there was something other than a message digest which might need to be used in this manner.
I think this may depend on whether there is a structure of the content. One could think about: "This document doesn't violate IPR or DRM" :-) or the doc has been virus-checked.Anyway, I think the problem is settled, these attributes are behind the data?
regards
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature