Russ,
Further to Jim's EMail and although I did not attend the meeting in
Chicago, the minutes of the meeting on this issue states that:
"Slide #9: Message Authentication Code (MAC) Algorithms: The group decided
by a clear majority that HMAC-with-SHA1 will be the mandatory-to-implement
algorithm. The wording in CMS will be: "If authenticatedData is
implemented, then HMAC-with-SHA1 must be implemented." The group also
decided that DES MAC will not be included in CMS as an optional algorithm."
As suggested by Jim, I would for myself prefer 3DES MAC as a "may" instead
of DES MAC.
Francois Rousseau
AEPOS Technologies
<snip>
5. Section 12.5.2. DES MAC should be struck and replace
with 3DES MAC.
My notes from Chicago indicate that HMAC with SHA-1 and DES
MAC are the two
algorithms that will be included. As 12.5 says: "CMS
implementations that
support authenticatedData must include HMAC with SHA-1. CMS
implementations
may also include DES MAC."
I'll believe your notes over my memory. I had thought that DES MAC was
struck and replaced with 3DES MAC.
Enjoy,
Russ