On Wed, 15 May 2002, FRISCH Laurent FTRD/DTL/ISS wrote:
> Something bothers me with the authenticatedAttributes field in PKCS#7. It is
> defined in SignerInfo by "authenticatedAttributes [0] IMPLICIT Attributes",
> Attributes being a "SET OF attributes". This means that you should order
> attributes in the SET OF when signing ('cuz you have to DER-encode them).
> ok.
PKCS may be considered a moving target. AuthenticatedAttributes are
defined to be a SEQUENCE in Secure Electronic Transactions
> Yet, in openssl (pk7_doit.c, in PKCS7_signatureVerify, see after), one can
> see that explicitly no ordering is asked (IS_SEQUENCE flag).
>
> When can a bug happen ? Hmmm. Tricky. Probably never happen in real life.
> Still, theoretically...
Some SET software is available already
-vf
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
