Dr Stephen Henson schrieb:
>
> Hmmm. A similar could happen with the PKCS#7 and certificate routines:
> some PKCS#7 implementations don't correctly sort authenticated
> attributes and some certificates are filled with horrible stuff like
> indefinite length encoding. The usual workaround is to verify the
> signature on the original data or order rather than a re-encoded version
> of it: this is done in a few places already.
This discussion has a long history. There has been a
discussion with eric on this behalf long ago. But
AFAIR Eric was not convinced to make signature
verification on the original data. Perhaps he
believed that eventually the correct solution (tm)
only will survive ;-)
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]