| | | | | | | | |
|
|
|
You're here: Home |
At 05:05 PM 23/05/2007, Robert Loomans wrote:
> BUT if the Signing Time attribute of the CMS wrapper is NOT protected by > the CMS digital signature then my assumption is _not_ valid (!) > > ***Does anyone want to confirm that the digital signature of CMS covers > the Signing Time attribute? In RFC 3852, section 11.3: The signing-time attribute MUST be a signed attribute or an authenticated attribute; it MUST NOT be an unsigned attribute, unauthenticated attribute, or unprotected attribute.
phew! :-) thanks for the catch Rob
