OK -- I just consulted my developers. We do a decode of the entire
SignedData or EnvelopedData object in one shot. This means that we fail the
decode operation no matter if you put the version in or not. We just get to
fail faster if you update the version. Our product does not decode the
structure into pieces and attack the pieces individually.
jim
-----Original Message-----
From: Russ Housley [mailto:housley(_at_)spyrus(_dot_)com]
Sent: Thursday, February 04, 1999 8:34 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Last Call Comments on CMS-10
Calling all implementors...
The crux of this issue is what S/MIME v2 code will do if it encounters a
version 1 SignedData that contains a SignerInfo with a version other than
1. Will your implmentation:
a) fail to parse the ASN.1 and report an error
b) check the version, skip it, and look for another SignerInfo
c) die ungracefully
(if you do not want to admit this publically, please send
private e-mail or use an anonymous service)
Similarly, what will happen if the implementation encounters a version 0
EnvelopedData that contains a RecipientInfo with a version other than 0.
Same three choices.
Russ