I have to admit to some confusion over the claimed need to
back the requirements for digested-data, encrypted-data, and
authenticated-data from MUST to MAY. My reading of RFC 2630
suggests that they already are MAY, and neither are they used in
the message spec (RFC 2633). Clause 2 of CMS is pretty clear in
stating the conformance requirement for CMS. To wit:
An implementation that conforms to this specification
must implement the protection content, ContentInfo, and
must implement the data, signed-data, and
enveloped-data content types. The other content types
may be implemented if desired.
Can somebody explain where the supposed requirement to support
these wrappers stems?
Description: S/MIME Cryptographic Signature