I agree with Russ' proposal to mandate the encoding of
authenticatedAttributes in DER.
Darren
-----Original Message-----
From: John Pawling <jsp(_at_)jgvandyke(_dot_)com>
To: ietf-smime(_at_)imc(_dot_)org <ietf-smime(_at_)imc(_dot_)org>
Date: Tuesday, April 14, 1998 09:41
Subject: 30 Mar 98 S/MIME WG Minutes
snipped...
3) Darren Harter stated that there is a problem if a BER-encoded
authenticatedAttribute is received by an S/MIME agent that does not
recognize the OID for the attribute. In this case, the receiving agent
can't decode the attribute and re-encode it using DER because the agent
does
not know the syntax of the attribute. This may result in a signature
verification error. Darren proposed the following options for solving this
problem: mandate DER encoding of the complete signedData object; or change
syntax of authenticatedAttribute to use OCTET STRING (similar to v3 X.509
certificate Extension format). Russ stated that his initial position is to
mandate DER-encoding of the authenticatedAttributes. This solves the
problem
stated by Darren, because the receiving agent can simply hash over the
transmitted DER-encoded authenticatedAttributes without decoding and
re-encoding them. This issue will be resolved through messages on the
S/MIME
mail list.
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================