Russ and Jim,
Regarding Jim's comment 7: In previous messages, I proposed changes to the
Section 6.1, EnvelopedData version-setting algorithm that address your
comments. I repeated the proposal today in my reply to Peter Gutmann's
message sent to the S/MIME mail list.
Regarding Jim's comment 11: In a previous reply to Jim (which he concurred
with), I proposed the following:
[John: I agree that a non-match is a critical security error. Propose that
the following sentence be added to Section 5.6 Message Signature
Verification Process as the last paragraph: "If the signedData signerInfo
includes signedAttributes and the content-type attribute value is different
from the signedData encapContentInfo eContentType value, then the CMS
implementation MUST report an error."
Propose that the following sentence be added to Section 9.3 MAC Verification
as the last paragraph: "If the authenticatedData includes
authenticatedAttributes and the content-type attribute value is different
from the authenticatedData encapContentInfo eContentType value, then the CMS
implementation MUST report an error."]
Regarding Jim's comment 12: I agree with your recommended text.
===========================================
John Pawling, John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com
Getronics Government Solutions, LLC
===========================================