All,
I have a few minor comments to CMS-06:
1) Sec 9.2, MAC Generation: A few months ago, the "Message Digest
Calculation Process" section of CMS was updated to reflect the change
from "ContentInfo" to "EncapsulatedContentInfo" in the signedData
syntax. Similar changes need to be made to the "MAC Generation"
section of CMS to reflect the inclusion of "EncapsulatedContentInfo"
in the authenticatedData syntax. Recommend that the first 5
paragraphs of the MAC Generation section of CMS should be changed to
read as follows:
"9.2 MAC Generation
The MAC calculation process computes a message authentication code
(MAC) on either the content being authenticated or the content
together with the originator's authenticated attributes. In either
case, the initial input to the MAC calculation process is the "value"
of the encapsulated content being authenticated. Specifically, the
initial input is the encapContentInfo eContent OCTET STRING to which
the authentication process is applied. Only the octets comprising the
value of the eContent OCTET STRING are input to the MAC algorithm, not
the tag or the length octets.
The result of the MAC calculation process depends on whether the
authenticatedAttributes field is present. When the field is absent,
the result is just the MAC of the content as described above. When
the field is present, however, the result is the MAC of the complete
DER encoding of the authenticatedAttributes value contained in the
AuthAttributes field. Since the authenticatedAttributes value, when
present, must contain the content-type and mac-value attributes, those
values are indirectly included in the result. A separate encoding of
the authenticatedAttributes field is performed for MAC calculation.
The IMPLICIT [0] tag in the authenticatedAttributes field is not used
for the DER encoding, rather an EXPLICIT SET OF tag is used. That is,
the DER encoding of the SET OF tag, rather than of the IMPLICIT [0]
tag, is to be included in the MAC calculation along with the length
and content octets of the authenticatedAttributes value.
When the authenticatedAttributes field is absent, then only the octets
comprising the value of the authenticatedData encapContentInfo
eContent OCTET STRING (e.g., the contents of a file) are input to the
MAC calculation. This has the advantage that the length of the
content being authenticated need not be known in advance of the MAC
generation process.
Although the encapContentInfo eContent OCTET STRING tag and length
octets are not included in the MAC calculation, they are still
protected by other means. The length octets are protected by the
nature of the MAC algorithm since it is computationally infeasible to
find any two distinct messages of any length that have the same MAC."
2) Sec 11.1, Content Type: Please change as follows:
OLD: "A content-type attribute must have a single attribute value."
NEW: "The SignedAttributes and AuthAttributes syntaxes are each
defined as a SET OF Attributes. The SignedAttributes in a signerInfo
MUST NOT include multiple instances of the content-type attribute.
Similarly, the AuthAttributes in an AuthenticatedData MUST NOT include
multiple instances of the content-type attribute. The Attribute
syntax defines attrValues as a SET OF AttributeValue. A content-type
attribute MUST only include a single instance of AttributeValue. There
MUST NOT be zero or multiple instances of AttributeValue present in
the attrValues SET OF AttributeValue."
3) Sec 11.2, Message Digest: Please change as follows:
OLD: "A message-digest attribute must have a single attribute value."
NEW: "The SignedAttributes syntax is defined as a SET OF Attributes.
The SignedAttributes in a signerInfo MUST NOT include multiple
instances of the message-digest attribute. The Attribute syntax
defines attrValues as a SET OF AttributeValue. A message-digest
attribute MUST only include a single instance of AttributeValue. There
MUST NOT be zero or multiple instances of AttributeValue present in
the attrValues SET OF AttributeValue."
4) Sec 11.3, Signing Time: Please change as follows:
OLD: "A signing-time attribute must have a single attribute value."
NEW: "The SignedAttributes syntax is defined as a SET OF Attributes.
The SignedAttributes in a signerInfo MUST NOT include multiple
instances of the signing-time attribute. The Attribute syntax defines
attrValues as a SET OF AttributeValue. A signing-time attribute MUST
only include a single instance of AttributeValue. There MUST NOT be
zero or multiple instances of AttributeValue present in the attrValues
SET OF AttributeValue."
5) Sec 11.4, Countersignature: Please change as follows:
OLD: "A countersignature attribute can have multiple attribute values."
NEW: "The UnsignedAttributes syntax is defined as a SET OF Attributes.
The UnsignedAttributes in a signerInfo MAY include multiple instances
of the countersignature attribute. The Attribute syntax defines
attrValues as a SET OF AttributeValue. A countersignature attribute
MUST only include a single instance of AttributeValue. There MUST NOT
be zero or multiple instances of AttributeValue present in the
attrValues SET OF AttributeValue."
6) Sec 11.5, MAC Value: Please change as follows:
OLD: "A MAC-value attribute must have a single attribute value."
NEW: "The AuthAttributes syntax is defined as a SET OF Attributes.
The AuthAttributes in an AuthenticatedData MUST NOT include multiple
instances of the MAC-value attribute. The Attribute syntax defines
attrValues as a SET OF AttributeValue. A MAC-value attribute MUST
only include a single instance of AttributeValue. There MUST NOT be
zero or multiple instances of AttributeValue present in the attrValues
SET OF AttributeValue."
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================