All,
I agree with Jim's proposals regarding the ContentHints attribute with a few
minor comments:
In Jim's bullet 2, he stated: "For example,signed receipts state that a
contentHint MUST be included if encryption is to be added." I believe that
this should be changed to "For example, when a signedData/Receipt (i.e.
signedData including Receipt content) is encrypted within an envelopedData
object, then an outer signedData object MUST be created that encapsulates
the envelopedData object and a contentHints attribute with contentType set
to the id-ct-receipt OID MUST be included in the outer signedData SignerInfo
authenticatedAttributes."
In Jim's bullet 3, he stated:
"3. Change section 2.4 bullet 6.1
6.1 If a receipt is to be enclosed in an encryption layer, an outer
signedData object must be created and a contentHints attribute
SHOULD be created and added to the SignerInfo structure's
authenticated attributes."
IMHO, this should be re-worded as follows:
"3. Change section 2.4 bullet 6.1
6.1 If the signedData/Receipt is to be encrypted within an envelopedData
object, then an outer signedData object MUST be created that encapsulates
the envelopedData object and a contentHints attribute with contentType set
to the id-ct-receipt OID MUST be included in the outer signedData SignerInfo
authenticatedAttributes. When the receiving agent process the outer
signedData object, then the presence of the id-ct-receipt OID in the
contentHints contentType indicates that a signedData/Receipt is encrypted
within the envelopedData object encapsulated by the outer signedData."
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================