Blake,
IMHO, the S/MIME specs should not be written with the assumption that
implementations are not going to properly implement the specs. If an
implementation is signing BER-encoded authenticatedAttributes, then it is
broken and it must be fixed. The other implementations should not have to
take special actions to compensate for broken implementations.
Therefore, I agree with Dave Kemp that IF we agree that the entire SET OF
authenticatedAttributes must be tranmitted in a DER-encoded form, THEN the
specs should say nothing about the recipient re-encoding/re-ordering the SET
OF authenticatedAttributes.
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================