I agree with Russ. Furthermore, I believe that essSecurityLabel should be
the only attribute that is required to always be critical. ESS should not
require criticality for attributes that legacy products need to process
(contentType, messageDigest, signingTime, smimeCapabilities). I don't
believe that the following new attributes should be mandated to always be
critical: contentIdentifier, mlExpansionHistory, receiptRequest, and
contentHints. So, that only leaves essSecurityLabel as being mandatory
Furthermore, I recommend that the following text should be added to the
description of the critical flag in CMS, Sec 5.2: "Note that setting
critical to TRUE will cause interoperability problems with legacy software
that does not recognize the AuthAttribute ASN.1 syntax."
J.G. Van Dyke & Associates, Inc.
At 08:48 AM 2/25/98 -0500, Russ Housley wrote:
Please add a sentence to the description of each authenticated attribute.
We need to specify whether the attribute is always critical, never
critical, or the originator's choice.
I think that security label should always be critical.