ietf-smime
[Top] [All Lists]

Re: CMS-06 Comments

1998-08-04 13:38:40
Brian,

Please note that I didn't change any of the text about which you are
inquiring.  When Russ wrote Section 9.2, he based the text on CMS Sec 5.4
(Message Digest Calculation Process) which was based on the following PKCS
#7, v1.5 text:

"(For clarity: The IMPLICIT [0] tag in the authenticatedAttributes field is
not part of the Attributes value. The Attributes value's tag is SET OF, and
the DER encoding of the SET OF tag, rather than of the IMPLICIT [0] tag, is
to be digested along with the length and contents octets of the Attributes
value.)"

In my opinion, I like Russ' "EXPLICIT SET OF" text because it emphasizes
that the SET OF tag must be a part of the DER encoded data which is input to
the MAC calculation process.

- John Pawling



At 09:45 AM 8/4/98 -0700, Brian Korver wrote:
John,

One minor nit....

John Pawling writes:
[snip]
The result of the MAC calculation process depends on whether the 
authenticatedAttributes field is present.  When the field is absent, 
the result is just the MAC of the content as described above.  When 
the field is present, however, the result is   the MAC of the complete 
DER encoding of the authenticatedAttributes value contained in the 
AuthAttributes field. Since the authenticatedAttributes value, when 
present, must contain the content-type and mac-value attributes, those 
values are indirectly included in the result.  A separate encoding of 
the authenticatedAttributes field is performed for MAC calculation.  
The IMPLICIT [0] tag in the authenticatedAttributes field is not used 
for the DER encoding, rather an EXPLICIT SET OF tag is used.  That is, 

I know what you mean, but "EXPLICIT SET OF" looks almost like ASN.1.
I'd suggest dropping EXPLICIT.  If it isn't clear enough, maybe we
should parenthetically state the actual tag byte (0x31).


the DER encoding of the SET OF tag, rather than of the IMPLICIT [0] 
tag, is to be included in the MAC calculation along with the length 
and content octets of the authenticatedAttributes value.
[snip]

brian
briank(_at_)terisa(_dot_)com



<Prev in Thread] Current Thread [Next in Thread>