I wrote:
changes are necessary at some point, e.g. due to PQC.
Here's a concrete example of this, let's say there's a new SignerInfo
introduced due to PQC, with version 42. Since there's a ton of non-PQC
implementations out there, the forwards-compatible way to deal with this is to
sign each message twice, once with an existing algorithm, once with a PQC
algorithm. So the SignedData would be:
SignedData {
version = ?,
digestAlgorithms,
content,
signerInfos {
signerInfo version = 1,
signerInfo version = 42
}
}
An implementation that only understands non-PQC will use the v1 signerInfo, an
implementation that understands PQC will use the v42 signerInfo (or possibly
both).
So, what value should '?' have? Following the current usage in the RFCs,
it'll be set to 42, or at least some value other than any existing allowed
one, which means this forwards-compatible use of SignedData won't actually be
forwards compatible, not because of any actual real compatibility problem but
because of an artificial one created by the way the SignedData version is
used.
Peter.
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime