Phillip,
I respectfully disagree with your comments. At a minimum, the CMS spec must
mandate: "Each individual authenticatedAttribute MUST be DER-encoded and the
SET OF authenticatedAttributes MUST be ordered as per DER when they are
digested to generate or verify the signedData signerInfo signature value.
Furthermore, each individual authenticatedAttribute MUST be DER-encoded when
it is transmitted."
The day is coming when there will be gateways that decode CMS objects, add
fields and then re-encode them. If we do not specify DER and these gateways
change the order of the authenticatedAttributes, then the recipient will not
be able to re-construct the authenticatedAttributes that were digested by
the signer.
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================
I