[Top] [All Lists]

Authenticated Attributes DER vs BER (Was 30 Mar 98 S/MIME WG Minutes)

1998-04-15 09:40:41
I agree with Russ' proposal to mandate the encoding of
authenticatedAttributes in DER.


-----Original Message-----
From: John Pawling <jsp(_at_)jgvandyke(_dot_)com>
To: ietf-smime(_at_)imc(_dot_)org <ietf-smime(_at_)imc(_dot_)org>
Date: Tuesday, April 14, 1998 09:41
Subject: 30 Mar 98 S/MIME WG Minutes


3) Darren Harter stated that there is a problem if a BER-encoded
authenticatedAttribute is received by an S/MIME agent that does not
recognize the OID for the attribute.  In this case, the receiving agent
can't decode the attribute and re-encode it using DER because the agent
not know the syntax of the attribute.  This may result in a signature
verification error.  Darren proposed the following options for solving this
problem: mandate DER encoding of the complete signedData object; or change
syntax of authenticatedAttribute to use OCTET STRING (similar to v3 X.509
certificate Extension format).  Russ stated that his initial position is to
mandate DER-encoding of the authenticatedAttributes. This solves the
stated by Darren, because the receiving agent can simply hash over the
transmitted DER-encoded authenticatedAttributes without decoding and
re-encoding them. This issue will be resolved through messages on the
mail list.

John Pawling
J.G. Van Dyke & Associates, Inc.

<Prev in Thread] Current Thread [Next in Thread>