[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt

To: housley@xxxxxxxxxxxx, ietf@xxxxxxxxxxxxxxxxx, pgut001@xxxxxxxxxxxxxxxxx
Subject: RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Wed, 09 May 2007 16:17:23 +1200
Cc: ietf-smime@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

"Jim Schaad" <ietf@xxxxxxxxxxxxxxxxx> writes:

>Do you really consider this to be done efficiently for use with the two
>current document algorithms?  The validator needs to buffer the entire body
>stream before it can start doing the validation pass.

I consider it done efficiently for the existing (SignedData/AuthData) formats.
I consider it done horribly inefficiently for AuthEnvData, for the reason you
give above, but it's algorithm-specific: For the two chosen algorithms, it
happens to be more convenient to put the auth.attributes first.  For many
other algorithms (as illustrated by the existing SignedData/AuthData
practice), you need to have the auth.attributes last.

Peter.

Follow-Ups:
- Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Peter Sylvester

References:
- RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
  - From: Jim Schaad

Prev by Date: RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Next by Date: Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Previous by thread: RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Next by thread: Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Index(es):
- Date
- Thread