ietf-smime
[Top] [All Lists]

Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt

2007-04-30 10:35:24
Jim Schaad wrote:
Peters,

I think that you are off base on this.  If you are going to make an
attribute that is dependent on the body you WANT the attributes to come
before the body.  If this is not the case, the authenticator does not know
that the attribute validation needs to be setup until the body has been
completely processed and it cannot be placed in stream anymore.  This does
make things harder for the encoder, but the authentication operation can be
assumed to occur more often than the encoding operation.
The messageDigest is an authenticated attribute that cannot be set before the data. You may need some information in order to start the compution, that's why there are the
hash algorithms indicated before.

But the global application context or document context knows what you have to do,
at least the creator cannot place such an attribute before the data.
If this swap is done for reasons of consistency I can agree with this.  If
this is done to satisfy the need for the argument based on the content of
the body I oppose swapping the body and the authenticated attributes.
How would you then insert such the attribute on the fly?

regards
Peter

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature