For the record, I also agree with Russ and John.
-----Original Message-----
From: John Pawling <jsp(_at_)jgvandyke(_dot_)com>
To: Russ Housley <housley(_at_)spyrus(_dot_)com>; phoffman(_at_)imc(_dot_)org
<phoffman(_at_)imc(_dot_)org>
Cc: ietf-smime(_at_)imc(_dot_)org <ietf-smime(_at_)imc(_dot_)org>
Date: Wednesday, February 25, 1998 2:59 PM
Subject: Re: Criticality of Authenticated Attributes
All,
I agree with Russ. Furthermore, I believe that essSecurityLabel should be
the only attribute that is required to always be critical. ESS should not
require criticality for attributes that legacy products need to process
(contentType, messageDigest, signingTime, smimeCapabilities). I don't
believe that the following new attributes should be mandated to always be
critical: contentIdentifier, mlExpansionHistory, receiptRequest, and
contentHints. So, that only leaves essSecurityLabel as being mandatory
critical.
Furthermore, I recommend that the following text should be added to the
description of the critical flag in CMS, Sec 5.2: "Note that setting
critical to TRUE will cause interoperability problems with legacy software
that does not recognize the AuthAttribute ASN.1 syntax."
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================
At 08:48 AM 2/25/98 -0500, Russ Housley wrote:
Paul:
Please add a sentence to the description of each authenticated attribute.
We need to specify whether the attribute is always critical, never
critical, or the originator's choice.
I think that security label should always be critical.
Russ