John,
One minor nit....
John Pawling writes:
[snip]
The result of the MAC calculation process depends on whether the
authenticatedAttributes field is present. When the field is absent,
the result is just the MAC of the content as described above. When
the field is present, however, the result is the MAC of the complete
DER encoding of the authenticatedAttributes value contained in the
AuthAttributes field. Since the authenticatedAttributes value, when
present, must contain the content-type and mac-value attributes, those
values are indirectly included in the result. A separate encoding of
the authenticatedAttributes field is performed for MAC calculation.
The IMPLICIT [0] tag in the authenticatedAttributes field is not used
for the DER encoding, rather an EXPLICIT SET OF tag is used. That is,
I know what you mean, but "EXPLICIT SET OF" looks almost like ASN.1.
I'd suggest dropping EXPLICIT. If it isn't clear enough, maybe we
should parenthetically state the actual tag byte (0x31).
the DER encoding of the SET OF tag, rather than of the IMPLICIT [0]
tag, is to be included in the MAC calculation along with the length
and content octets of the authenticatedAttributes value.
[snip]
brian
briank(_at_)terisa(_dot_)com