ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt

2007-04-10 06:12:47
from [Russ Housley] [Permanent Link] 

Peter:
>On the second item, I disagree. The authenticated attributes are handled the 
>same as in AuthenticatedData.

They're placed before the data, not after it, which is unlike any other use of
authenticated attributes in any CMS PDU.  As both Peter Sylvester and myself
have already pointed out, this makes one-pass/streaming processing impossible.
As I already said in response, AES-CCM and AES-GCM both require the processing of the "additional authenticated data" (the authenticated attributes in this structure) prior to the processing of the payload (the encapsulated content in this structure). Thus, the only way that one-pass processing can be accomplished with these authenticated encryption modes is for the authenticated attributes to appear first. 

Russ
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt, Peter Sylvester
Next by Date:  Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt, Russ Housley
Previous by Thread:  Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt, Peter Gutmann
Next by Thread:  Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt, Peter Gutmann
Indexes:  [Date] [Thread] [Top] [All Lists]