On Wed, 15 May 2002, FRISCH Laurent FTRD/DTL/ISS wrote: > Something bothers me with the authenticatedAttributes field in PKCS#7. It is > defined in SignerInfo by "authenticatedAttributes [0] IMPLICIT Attributes", > Attributes being a "SET OF attributes". This means that you should order > attributes in the SET OF when signing ('cuz you have to DER-encode them). > ok.
PKCS may be considered a moving target. AuthenticatedAttributes are defined to be a SEQUENCE in Secure Electronic Transactions > Yet, in openssl (pk7_doit.c, in PKCS7_signatureVerify, see after), one can > see that explicitly no ordering is asked (IS_SEQUENCE flag). > > When can a bug happen ? Hmmm. Tricky. Probably never happen in real life. > Still, theoretically... Some SET software is available already -vf ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]