Peter,
I am having a problem seeing why having the attributes first causes a
problem for algorithms that want them second. All that is needed is that
the encryption wrapper for the code understand that the attributes are going
to come in first and hold onto them until later. This is assuming that the
encryption wrapper understands the difference between the body and the
attributes.
Jim
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Peter Gutmann
Sent: Tuesday, April 17, 2007 9:52 AM
To: housley(_at_)vigilsec(_dot_)com;
pgut001(_at_)cs(_dot_)aucKland(_dot_)ac(_dot_)nz
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt
Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:
The difference is the swapped order of authAttrs and
authEncryptedContentInfo.
Yup. That is, I'm not saying they absolutely have to be last, but that
forcing them to be first rules out the use of some algorithms (and vice
versa).
The best placement seems to depend on the authenticated encryption
modes that one thinks will become most popular in the Internet over
time. We each have examples that support our preferred placement. I
do not know which of us has the better crystal ball.
Is there any way to put money both ways?
Peter.