Russ,
I agree with all of your recommendations.
I also agree with Dave Kemp's enhancement to add SIZE(1..MAX) to
AuthAttributes and UnauthAttributes.
Thanx for listening,
John Pawling
At 09:58 AM 2/25/98 -0500, Russ Housley wrote:
John:
1) How about the following ASN.1. It has shorter names.
AuthAttributes ::= SET OF AuthAttribute
AuthAttribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
attrValues SET OF AttributeValue }
UnauthAttributes ::= SET OF UnauthAttribute
UnauthAttribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
attrValues SET OF AttributeValue }
2) >Recommend that the following sentence replace the aforementioned text:
"Note that only the value octets of the envelopedData encryptedContentInfo
encryptedContent OCTET STRING are encrypted; the OCTET STRING tag and length
octets are not encrypted."
How about: "The input to the content-encryption process is the "value" of the
content being enveloped. Only the value octets of the envelopedData
encryptedContentInfo encryptedContent OCTET STRING are encrypted; the OCTET
STRING tag and length octets are not encrypted."
Russ