Dave:
With the addition of MACs in the form of authenticated-data, I think that
signedAttributes and unsignedAttributes will make it clear that signed-data
does not rely on anything in authenticated-data.
I will make the change in the next draft.
Russ
At 01:03 PM 3/23/98 -0500, David P. Kemp wrote:
I suggest that the CMS SignerInfo fields "authenticatedAttributes" and
"unauthenticatedAttributes" be renamed to "signedAttributes" and
"unsignedAttributes" respectively.
There are two justifications for this request, one trivial and one
substantive:
* Trivial reason: "signed" is easier to type than "authenticated",
and it sounds pretentious to use five syllables when one will do.
* Real reason: signing is a mechanical process - attributes are either
covered by a digital signature or not. Authentication is a process
involving policies and procedures - an attribute is not "authenticated"
unless the signature (including the cert path) verifies correctly and
the certificate policies allow the use of the attribute. It is incorrect
to call an attribute authenticated solely because it is signed, just
as it is incorrect to call a certificate "valid" because it is signed.