"Jim Schaad (Exchange)" <jimsch(_at_)EXCHANGE(_dot_)MICROSOFT(_dot_)com> writes:
John and Russ,
I completely disagree with this. I don't think that it is any type of a
fair statement to say that down level clients should be able in any way,
shape or form to be able to parse one of these new messages. This is why
the MUST occurs in the S/MIME documents.
The problem is that these are combined new and old messages.
I don't think it is a deficency of a down level client to be able to
completely fail if the ASN does not completely match to spec, I think this
is normal. If a down-level client is not looking at version numbers then it
will deal with what it deals with, but I think that we need to give them
help not to kill them selfs.
I don't believe that the version number matters here much. The
way I see it, a client that's smart enough to skip innapropriately
versioned Signer or RecipientInfos should be smart enough to
skip over a different CMS version number and see if it can
really read the message.
If you are going to go with this agruement then I want to take you arguement
to the logical extreme. The text in section 6.1 should be changed so that
the version number there does not have anything to do with the version
numbers in RecipeientInfos. The same aguements about down-level clients
appear just as valid here as with SignedData.
I tend to agree here. OTOH, if OriginatorInfo is present, then
it seems that the version number must be increased. Else what
good is the version number in the first place?
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]