Peter Gutmann wrote:
OTOH nobody (except for you) has stated that their implementations won't
reject
an EnvelopedData based solely on the version value. I'd really like to see
some comments from other implementors - Baltimore, MS, Entrust, OpenSSL,
Netscape, what do all of these implementations do? If the vendors won't
respond, perhaps someone who has all this stuff installed for interop testing
or whatever could feed them some EnvelopedData with a weird version number (eg
42) to see what they do.
Well for current versions of OpenSSL...
It doesn't check the version value so an invalid value will be silently
permitted.
It will reject a message with an unexpected encoding such as a
RecipientInfo that isn't PKCS#7 compatible.
It can be made more tolerant of unexpected encodings and may well end up
including CMS support anyway.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson(_at_)drh-consultancy(_dot_)demon(_dot_)co(_dot_)uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: drh(_at_)celocom(_dot_)com PGP key: via homepage.