Peter Gutmann wrote:
I would like to repeat my suggestion to have two fields, one before and one behind."Jim Schaad" <ietf@xxxxxxxxxxxxxxxxx> writes:Do you really consider this to be done efficiently for use with the two current document algorithms? The validator needs to buffer the entire body stream before it can start doing the validation pass.I consider it done efficiently for the existing (SignedData/AuthData) formats. I consider it done horribly inefficiently for AuthEnvData, for the reason you give above, but it's algorithm-specific: For the two chosen algorithms, it happens to be more convenient to put the auth.attributes first. For many other algorithms (as illustrated by the existing SignedData/AuthData practice), you need to have the auth.attributes last. Peter.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature