Late last year, in my "Strawman for adding a MDC to encrypted data", I
proposed, well, pretty much what the subject line said. When Russ published
his AuthEnvelopedData draft, we had an off-list discussion about making it
part of the draft (or at least doing it in a manner that's compatible with the
draft) to make things a bit more uniform. The idea is to use the standard
encrypt+HMAC mechanism already available in IPsec, SSL/TLS, SSH, and others,
and apply it to CMS as well. Since this mechanism has been heavily analysed
and is already supported in many crypto libraries, as well as being a standard
mechanism for PKCS #11 (so it's supported in crypto hardware as well), this
seemed an obvious capability to include alongside CCM and GCM (it's also a
demontration that AuthEnvelopedData is flexible enough to handle different
auth+encrypt mechanisms :-). Anyway, I was asked to mention this on the list
prior to AuthEnvelopedData going to last call, in case anyone was interested.
Peter.