I agree with this proposal from Russ.
-----Original Message-----
From: Russ Housley <housley(_at_)spyrus(_dot_)com>
To: ietf-smime(_at_)imc(_dot_)org <ietf-smime(_at_)imc(_dot_)org>
Date: Sunday, February 01, 1998 12:53 PM
Subject: Re: Critical Attributes
All:
Having heard from several implementors that the
SEQUENCE { OID, BOOLEAN, SET OF ANY } is not an
implementation problem, the next draft of CMS will
include this structure for attributes.
I do not plan to allow unauthenticated attribute to
be critical. Since these attribute are not covered
by the signature, they have no integrity protection.
This means that an attacker or malicious recipient
could turn the critical BOOLEAN to FALSE anyway.
Russ