I think this is an error. I think the end of the RFC 3852 algorithm
should be:
IF (originatorInfo is absent) AND
(unprotectedAttrs is absent) AND
(all RecipientInfo structures are version 0)
THEN version is 0
ELSE version is 2
Do others agree?
Russ
At 01:04 AM 11/3/2008, zhaohui cheng wrote:
Hi Russell,
I have a question regarding the consistence between RFC 3852 and RFC
3369.
For the version of EnvelopedData, the rules in RFC 3369 and RFC
3852 are defined as follows
---RFC 3369
IF ((originatorInfo is
present) AND
(any version 2 attribute certificates are present)) OR
(any
RecipientInfo structures include pwri) OR
(any
RecipientInfo structures include ori)
THEN version is 3
ELSE
IF
(originatorInfo is present) OR
(unprotectedAttrs is present) OR
(any RecipientInfo structures are a version other than 0)
THEN
version is 2
ELSE
version is 0
--RFC 3852
IF (originatorInfo is
present) AND
((any
certificates with a type of other are present) OR
(any
crls with a type of other are present))
THEN version is 4
ELSE
IF
((originatorInfo is present) AND
(any version 2 attribute certificates are present)) OR
(any RecipientInfo structures include pwri) OR
(any RecipientInfo structures include ori)
THEN
version is 3
ELSE
IF (originatorInfo is absent) OR
(unprotectedAttrs is absent) OR
(all RecipientInfo structures are version 0)
THEN version is 0
ELSE version is 2
It appears the two sets of rules are not consistent. In particular,
if originatorInfo is absent but one
RecipientInfo structure has version other than 0, then according to RFC
3369, the version should be 2, but 0 in 3852. Is this rule deliberately
changed in 3852 or just typos?
Kind regards,
Michael Cheng