John:
I do not think that "legacy software" is an issue. If any of the attributes
are critical, the version number should handle that situation.
How about:
Caution should be exercised in adopting any critical attributeswhich might
reduce interoperability.
Russ
At 05:28 PM 2/25/98 -0500, John Pawling wrote:
All,
I agree with Russ. Furthermore, I believe that essSecurityLabel should be
the only attribute that is required to always be critical. ESS should not
require criticality for attributes that legacy products need to process
(contentType, messageDigest, signingTime, smimeCapabilities). I don't
believe that the following new attributes should be mandated to always be
critical: contentIdentifier, mlExpansionHistory, receiptRequest, and
contentHints. So, that only leaves essSecurityLabel as being mandatory
critical.
Furthermore, I recommend that the following text should be added to the
description of the critical flag in CMS, Sec 5.2: "Note that setting
critical to TRUE will cause interoperability problems with legacy software
that does not recognize the AuthAttribute ASN.1 syntax."
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================
At 08:48 AM 2/25/98 -0500, Russ Housley wrote:
Paul:
Please add a sentence to the description of each authenticated attribute.
We need to specify whether the attribute is always critical, never
critical, or the originator's choice.
I think that security label should always be critical.
Russ