On Mon, 17 Nov 2003, Bonatti, Chris wrote:
To take on a couple of the questions that Peter didn't address...
Jack Lloyd <lloyd(_at_)randombit(_dot_)net> writes:
3) It is legal to include SignedAttributes and sign everything
that way even when signing plain data content, correct?
Yes, this is basically what SignedData is for. %-}
Maybe I'm not grokking the question.
When signing something other than plain data content, using the attributes
is required (section 5.3 of 3369). Otherwise, they are described as
"optional"; I'm presuming this means an implementation MAY use signed
attributes when signing plain data content as well? It is all-in-all fairly
clear, but I would prefer being 100% certain I know what it's trying to
say. When an RFC isn't completely and totally clear, I don't like to just
assume I'm guessing the correct interpretation.
IMPLICIT.
The module in clause 12.1 of RFC 3369 defaults to IMPLICIT
tagging, and nothing in the definitions of SignerIdentifier or
RecipientIdentifier override this default. In both instances,
this means that the context-specific tag [0] replaces the OCTET
STRING tag.
I saw the default tagging, but given the ease of mixups, I wanted to be
sure. There is lots of stuff in the module with explicit IMPLICIT tags,
which shouldn't really have to be there given that is the default encoding.
Sometimes IMPLICT tags are there, sometimes they are not. See last sentence
of my previous paragraph.
Thanks,
Jack