Re: Critical Attributes

All:

Having heard from several implementors that the 
SEQUENCE { OID, BOOLEAN, SET OF ANY } is not an
implementation problem, the next draft of CMS will
include this structure for attributes.

I do not plan to allow unauthenticated attribute to
be critical.  Since these attribute are not covered
by the signature, they have no integrity protection.
This means that an attacker or malicious recipient
could turn the critical BOOLEAN to FALSE anyway.

Russ