John,
I agree in general with what you propose. I understand the benefit of using an
OCTET STRING to ensure easy decoding for recipients that do not understand the
syntax of the data associated with keyTypeIdentifier. However, I believe that
a true ANY would be better than an OCTET STRING in this case.
Applications that support CMS already have to deal with a lot of ANY's, so one
more is not going to add much complexity. Also, using an ANY rather than an
OCTET STRING allows for a single pass decode process, which an embedded OCTET
STRING encoding does not.
The amended part of your syntax would be:
ExternalyDefinedKeyAgreement :: = SEQUENCE {
keyTypeIdentifier OBJECT IDENTIFIER,
keyTypeInfo ANY DEFINED BY keyTypeIdentifier }
Regards,
Darren
------------------------------------------------------------------------
Darren Harter BSc (Hons) CEng MBCS
Entegrity Solutions Corp
http://www.entegrity.co.uk
+44 (0) 1452 371383
Email: mailto:darren(_at_)sapher(_dot_)com