ietf-smime
[Top] [All Lists]

Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt

2007-04-10 11:20:20

The encoding issue raised by Peter and Peter needs to be very clear. The current document really handles this by reference, which is probably not the best.

I suggest the re-write of the 3rd paragraph of section 2.2 to handle this directly instead of by reference:

   If optional authenticated attributes are present, then they are DER
   encoded.  A separate encoding of the authAttrs field is performed to
   construct the authenticated associated data (AAD) input to the
   authenticated encryption algorithm.  The IMPLICIT [1] tag in the
   authAttrs field is not used for the DER encoding, rather an EXPLICIT
   SET OF tag is used.  That is, the DER encoding of the SET OF tag,
   rather than of the IMPLICIT [1] tag, is to be included in the
   construction of the AAD along with the length and content octets of
   the authAttrs value.  If the authenticated encryption algorithm
   requires the AAD to be padded to a multiple of some block size, then
   the padding MUST be added as described in Section 6.3 of [CMS].  This
   padding method is well defined if and only if number of octets in the
   block size is less than 256.

Russ