John Pawling wrote:
Phil,
Maintaining backwards compatibility with PKCS #7 v1.5 is an important goal
of many of the S/MIME WG members. Your suggestion makes sense, but it
breaks backwards compatibility with PKCS #7 v1.5 (which uses "SET OF").
Understood, and I know we've had this discussion before.
Just wanted to look it over one last time in light of the
differences that already exist between UnAuthAttributes
and
AuthAttribute ::= SEQUENCE {
type OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
values SET OF AttributeValue }
though I understand the reasoning here. Seems to me like
a relatively minor change since it only impacts a tag.
Phil
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================
At 09:18 AM 2/23/98 -0500, asn1(_at_)mindspring(_dot_)com wrote:
If authenticated attributes are to be DER encoded, they
will be subject to the sorting rules required to assure
that they are unique if a SET is used. This may lead to
unanticipated results, including interoperabilty problems.
If we are free to do as we wish here in redefining types,
I would much prefer to see
AuthAttributes ::= SEQUENCE OF AuthAttribute
used instead. It would allow senders to explicitly
control the order of the AuthAttribute components,
and would offer less processing overhead.
Phil
--
Phillip H. Griffin Griffin Consulting
asn1(_at_)mindspring(_dot_)com ASN.1-SET-Java-Security
919.828.7114 1625 Glenwood Avenue
919.832.7008 [mail] Raleigh, North Carolina 27608 USA
------------------------------------------------------------
Visit http://www.fivepointsfestival.com
http://www.five-points.com
------------------------------------------------------------