Jim:
1. Section 5.1 --- NOTE this would replace John's comment #2
Since we are now using EncapulsatedContentInfo in four different
structures, lets do a break out on the fields of it. This would allow
for the single description of the eContent field being optional which
would apply to all four locations where it is referenced.
Good idea. I will do it for CMS-04.
2. Section 5.1 Since we are now octet encoding the eContent field, I
don't see any reason to say that for "external signatures" that the
content type must be id-data. Recommend we delete this sentence
Agree. I now say: "If the eContent value within EncapsulatedContentInfo is
absent, then the signatureValue is calculated and the eContentType is assigned
as though the eContent value was present."
3. Section 5.1 Add following sentence to description of version "If the
encapsulated content type is id-data, then the value of the version
shall be 1; however, if the encapsulated content type is other than
id-data, then the value of version shall be 3."
Agree. The new words are: "version is the syntax version number. If no
attribute certificates are present in the certificates field and the
encapsulated content type is id-data, then the value of version shall be 1;
however, if attribute certificates are present or the encapsulated content
type
is other than id-data, then the value of version shall be 3."
4. Section 5.2 paragraph describing version. There is an extra and in
the last sentence: "authenticatedAttributes and field is absent" --
remove the and
Fixed. See words in 3 above.
5. -Section 5.3 last paragraph. I don't think this paragraph makes
sense any more. It was refering to the content section and we no longer
DER encode content. Recommend we just delete the entire paragraph.
Agree. It will be gone in CMS-04.
6. Sections 8 and 9 should have a enumerated list of the steps similar
to that in section 7 describing how to create these items.
For section 9, I agree. Rich Ankney and I are working on thise words.
For section 8, PKCS#7 did not include such a list. I guess the felt it was
obvious. Before I put the time into this one, I would like to hear what
others
think.
7. I heartly second John's recommendation for adding to
authenticatedAttributes to the AuthenticatedData structure.
Rich Ankney and I are working on that addition.
8. Part of my continuing fight to remove MD2 from the world. Please
remove MD2 form the list of examples in DigestAlgorithmIdentifier. If
you want a third example use RIPEMD-160.
I agree. Looking into this further, I found that MD2 was not released to the
public for any use. It was released for particular purposes when used with
PEM. So, CMS-04 will not reference MD2.
Russ