Jim,
I am not sure if you have any plan to change this for version 3 of CERTDIST
or if it was discussed in Orlando, but I just thought that the syntax for
the SMimeEncryptionCerts attribute in Section 3 should be more flexible and
not necessarily be bound for ever to SHA1. I however agree that SHA-1
should be the default digest algorithm at this point. Instead I suggest
that it could read as follows:
SMimeEncryptionCerts ::= SEQUENCE OF SMimeEncryptionCert
SMimeEncryptionCert ::= SEQUENCE {
certHash CertHash,
capabilities SMIMECapabilities
}
CertHash ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest
}
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
Digest ::= OCTET STRING -- hash of the entire certificate
Francois Rousseau
AEPOS Technologies