Phil,
The goal is that the S/MIME v3 set of specs will allow an S/MIME v3 agent to
generate a signedData object (assuming that all optional new stuff is
omitted) that can be verified by a legacy "as-is" v2 agent, and vice versa.
Changing AuthAttributes to SEQUENCE OF AuthAttribute will break that "bits
on the wire" compatibility, because the legacy "as-is" v2 agent won't be
able to decode the authenticated attributes because it will be expecting a
"SET OF" tag rather than "SEQUENCE OF". Therefore, I still agree with Russ'
proposed syntax as follows: (I changed the UnauthAttribute component names,
but that is orthogonal to the point that you making):
AuthAttributes ::= SET OF AuthAttribute
AuthAttribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
attrValues SET OF AttributeValue }
UnauthAttributes ::= SET OF UnauthAttribute
UnauthAttribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
attrValues SET OF AttributeValue }
AttributeValue ::= ANY
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================