Phil:
If authenticated attributes are to be DER encoded, they
will be subject to the sorting rules required to assure
that they are unique if a SET is used. This may lead to
unanticipated results, including interoperabilty problems.
If we are free to do as we wish here in redefining types,
I would much prefer to see
AuthAttributes ::= SEQUENCE OF AuthAttribute
used instead. It would allow senders to explicitly
control the order of the AuthAttribute components,
and would offer less processing overhead.
I agree. I always prefer SEQUENCE OF; however, I need to
use SET OF for backward compatibility with PKCS#7 v1.5.
Russ