Brian,
Please note that I didn't change any of the text about which you are
inquiring. When Russ wrote Section 9.2, he based the text on CMS Sec 5.4
(Message Digest Calculation Process) which was based on the following PKCS
#7, v1.5 text:
"(For clarity: The IMPLICIT [0] tag in the authenticatedAttributes field is
not part of the Attributes value. The Attributes value's tag is SET OF, and
the DER encoding of the SET OF tag, rather than of the IMPLICIT [0] tag, is
to be digested along with the length and contents octets of the Attributes
value.)"
In my opinion, I like Russ' "EXPLICIT SET OF" text because it emphasizes
that the SET OF tag must be a part of the DER encoded data which is input to
the MAC calculation process.
- John Pawling
At 09:45 AM 8/4/98 -0700, Brian Korver wrote:
John,
One minor nit....
John Pawling writes:
[snip]
The result of the MAC calculation process depends on whether the
authenticatedAttributes field is present. When the field is absent,
the result is just the MAC of the content as described above. When
the field is present, however, the result is the MAC of the complete
DER encoding of the authenticatedAttributes value contained in the
AuthAttributes field. Since the authenticatedAttributes value, when
present, must contain the content-type and mac-value attributes, those
values are indirectly included in the result. A separate encoding of
the authenticatedAttributes field is performed for MAC calculation.
The IMPLICIT [0] tag in the authenticatedAttributes field is not used
for the DER encoding, rather an EXPLICIT SET OF tag is used. That is,
I know what you mean, but "EXPLICIT SET OF" looks almost like ASN.1.
I'd suggest dropping EXPLICIT. If it isn't clear enough, maybe we
should parenthetically state the actual tag byte (0x31).
the DER encoding of the SET OF tag, rather than of the IMPLICIT [0]
tag, is to be included in the MAC calculation along with the length
and content octets of the authenticatedAttributes value.
[snip]
brian
briank(_at_)terisa(_dot_)com