[Top] [All Lists]

RE: Authenticated Attributes DER vs BER (Was 30 Mar 98 S/MIME WG Minutes)

1998-04-16 12:44:06
On Thursday, April 16, 1998 6:21 AM, jsp(_at_)jgvandyke(_dot_)com
[SMTP:jsp(_at_)jgvandyke(_dot_)com] wrote:
CMS should mandate that each individual authenticatedAttribute MUST be
DER-encoded when it is transmiited, but the SET OF
need not be ordered as per DER when they are transmitted."  In other
the authenticatedAttributes can be transmitted in any order and the
receiving software MUST ensure that they are ordered as per DER before
digesting them to verify the signature.

Got it.  The text from the minutes is:

Russ stated that his initial position is to
mandate DER-encoding of the authenticatedAttributes. This solves the
stated by Darren, because the receiving agent can simply hash over the
transmitted DER-encoded authenticatedAttributes without decoding and
re-encoding them. This issue will be resolved through messages on the
mail list.

Which indicates that Russ's position is that the entire
authenticatedAttributes MUST be DER encoded on transmission, which was
the reason for my original post.  I would think that this would be the
version that went into the draft.

Personally, I like the version that's in the minutes (unless I am
misinterpreting them) -- mandate that the entire authenticatedAttributes
be DER encoded.

Is there a good reason to have the authenticatedAttributes at the sender
in DER format for the purpose of calculating the signature, and then
reorder them to put them in the message?  It seems like that would not
be useful, unless there was a deliberate ordering that the sender was
trying to impress (which flies in the face of using a SET, of course).

And in the event that we mandate DER encoding on transmission, I propose
that receiving agents MUST NOT attempt to recode the attributes as DER.

I may have missed something, however.

Blake C. Ramsdell
Worldtalk Corporation
For current info, check
Voice +1 425 882 8861 x103  Fax +1 425 882 8060

<Prev in Thread] Current Thread [Next in Thread>