All,
One of the primary requirements of the S/MIME v3 set of specs is to maintain
backwards compatibility with the S/MIME v2 set of specs. PKCS #7 does not
include a critical flag in the Attributes syntax, so we need to consider how
this would be implemented without breaking backward compatibility. One
alternative would be to make the critical flag optional. The value of the
version number in the signerInfo SEQUENCE could be used to indicate if the
critical flag is being used. Assuming that the S/MIME v2 products examine
the version value, they could determine if they could decode the rest of the
signerInfo SEQUENCE based on the value of the version number.
This raises further issues such as:
1) How do sending agents determine if specific receiving agents can handle
the critical flag?
2) What happens if a S/MIME v3 agent sends a signedData with critical flag
present and the receiving S/MIME v2 agent determines that it can't decode
it. How does the receiving agent communicate the failure to the sending agent?
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================