I agree with John's changes.
-----Original Message-----
From: jsp(_at_)jgvandyke(_dot_)com [mailto:jsp(_at_)jgvandyke(_dot_)com]
Sent: Monday, December 29, 1997 10:27 AM
To: Jim Schaad (Exchange); ietf-smime(_at_)imc(_dot_)org
Subject: RE: ESS ContentHints Comments
All,
I agree with Jim's proposals regarding the ContentHints attribute with a
few
minor comments:
In Jim's bullet 2, he stated: "For example,signed receipts state that a
contentHint MUST be included if encryption is to be added." I believe
that
this should be changed to "For example, when a signedData/Receipt (i.e.
signedData including Receipt content) is encrypted within an
envelopedData
object, then an outer signedData object MUST be created that
encapsulates
the envelopedData object and a contentHints attribute with contentType
set
to the id-ct-receipt OID MUST be included in the outer signedData
SignerInfo
authenticatedAttributes."
In Jim's bullet 3, he stated:
"3. Change section 2.4 bullet 6.1
6.1 If a receipt is to be enclosed in an encryption layer, an outer
signedData object must be created and a contentHints attribute
SHOULD be created and added to the SignerInfo structure's
authenticated attributes."
IMHO, this should be re-worded as follows:
"3. Change section 2.4 bullet 6.1
6.1 If the signedData/Receipt is to be encrypted within an
envelopedData
object, then an outer signedData object MUST be created that
encapsulates
the envelopedData object and a contentHints attribute with contentType
set
to the id-ct-receipt OID MUST be included in the outer signedData
SignerInfo
authenticatedAttributes. When the receiving agent process the outer
signedData object, then the presence of the id-ct-receipt OID in the
contentHints contentType indicates that a signedData/Receipt is
encrypted
within the envelopedData object encapsulated by the outer signedData."
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================