Darren,
I respectfully disagree with your comments and with your proposed changes to
the ESSSecurityLabel syntax. The X.411 securityLabel syntax was included in
ESS to maximize the re-use of existing software. It was not included in ESS
to provide direct bits-on-the-wire compatibility with existing non-CMS
security protocols. There are not any commmercially deployed S/MIME user
agents (that I know of) currently using the X.411 securityLabel syntax as an
authenticatedAttribute. Therefore, direct backwards compatibility between
eSSSecurityLabels and S/MIME v2 agents using X.411 securityLabels is not a
requirement.
Any interoperability between eSSSecurityLabels and X.411 securityLabels will
occur as part of the process of translating the CMS signedData format to the
non-CMS format that uses X.411 securityLabels (and vice versa). During that
translation process, the eSSecurityLabel can be translated to an X.411
securityLabel (and vice versa).
Your proposal adds significant complexity to the ESSSecurityLabel format
which I believe is not required because the translating software can
accommodate any differences between the ESSSecurityLabel and X.411 security
label representations.
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================