I propose:
The original signing-time attribute defined in [CMS] has the same semantics
as the updated signing-time attribute specified in this
document. Therefore, only one of these attributes SHOULD be present in the
signedAttrs of a SignerInfo object or in the authAttrs of an
AuthenticatedData object. However, if both of these attributes are
present, they MUST provide the same date and time.
Russ
At 07:15 AM 9/17/2004, Peter Sylvester wrote:
> Peter:
>
> Would you prefer MUST?
>
> Russ
>
I don't think that we are debating on the best way to protect
from the results of the Chernobyl or Harrisburg events, in our
case the power plant has not even been constructed.
I think it is up to *you* to explain why there is a SHOULD, a MUST
or whatever addressing the situation of two semantically equivalent
occurences of a time value, whilst in the definition of
signingTime there are several MUSTs ensuring only one.