Jim,
The majority of your message provided comments to the ANSI X9.57 Spec, so I
am not going to debate those comments because this is not the proper forum.
Please address those comments to Rich Ankney,
rankney(_at_)erols(_dot_)com(_dot_)
You stated "S/MIME should not require RSA signatures." This was exactly my
original point.
Jim Craigie included the following syntaxes in his draft CMS module:
SignatureValue ::= ENCRYPTED { DigestInfo }
DigestInfo ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest }
Digest ::= HASHED { CHOICE {
content CMS-CONTENT-TYPE.&Type ({CMSContentTable}),
authenticated-attributes [0] EXPLICIT Attributes } }
This set of syntaxes mandates the RSA-style of generating a digital
signature. My point was to replace this set of syntaxes with:
SignatureValue ::= OCTET STRING
The SignerInfo signatureAlgorithm will indicate exactly what data is to be
encrypted (signed) to form the SignatureValue. There should be appendices
to CMS for DSS, RSA, Elliptical curve (future), etc.
- John Pawling