Russ,
Yes - I agree. RFC 2630 also supports this:
If originatorInfo is absent, all of the RecipientInfo structures are version
0, and unprotectedAttrs is absent, then version shall be 0.
Also originatorInfo and unprotectedAttributes aren't defined in RFC 2315 so
to be version 0 these fields can't be present. To be version 0,
RecipientInfos must also have a version = -0, according to RFC 3215.
spt
_____
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]
On Behalf Of Russ Housley
Sent: Monday, November 03, 2008 6:21 PM
To: zhaohui cheng
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Consistence question of CMS
I think this is an error. I think the end of the RFC 3852 algorithm should
be:
IF (originatorInfo is absent) AND
(unprotectedAttrs is absent) AND
(all RecipientInfo structures are version 0)
THEN version is 0
ELSE version is 2
Do others agree?
Russ
At 01:04 AM 11/3/2008, zhaohui cheng wrote:
Hi Russell,
I have a question regarding the consistence between RFC 3852 and RFC 3369.
For the version of EnvelopedData, the rules in RFC 3369 and RFC 3852 are
defined as follows
---RFC 3369
IF ((originatorInfo is present) AND
(any version 2 attribute certificates are present)) OR
(any RecipientInfo structures include pwri) OR
(any RecipientInfo structures include ori)
THEN version is 3
ELSE
IF (originatorInfo is present) OR
(unprotectedAttrs is present) OR
(any RecipientInfo structures are a version other than 0)
THEN version is 2
ELSE version is 0
--RFC 3852
IF (originatorInfo is present) AND
((any certificates with a type of other are present) OR
(any crls with a type of other are present))
THEN version is 4
ELSE
IF ((originatorInfo is present) AND
(any version 2 attribute certificates are present)) OR
(any RecipientInfo structures include pwri) OR
(any RecipientInfo structures include ori)
THEN version is 3
ELSE
IF (originatorInfo is absent) OR
(unprotectedAttrs is absent) OR
(all RecipientInfo structures are version 0)
THEN version is 0
ELSE version is 2
It appears the two sets of rules are not consistent. In particular, if
originatorInfo is absent but one
RecipientInfo structure has version other than 0, then according to RFC
3369, the version should be 2, but 0 in 3852. Is this rule deliberately
changed in 3852 or just typos?
Kind regards,
Michael Cheng