On Wednesday, April 15, 1998 9:40 AM, Darren Harter
I agree with Russ' proposal to mandate the encoding of
authenticatedAttributes in DER.
Is it an error to try to re-encode the attributes as DER on an incoming
message? Granted you cannot re-encode the attribute values, but the
outer SET OF can be reordered according to DER.
We may want to point this out in the spec. I know that our products
reorder the outer SET OF for an incoming message according to DER (for
better or worse), and then do the signature validation. This actually
led to an incompatibility with another product that got fixed, but we
can avoid it in the future by saying that receiving applications MUST
NOT reorder the attributes according to DER.
Blake C. Ramsdell
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060