RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5035, "Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility", August 2007

Source of RFC: smime (sec)

Errata ID: 2364
Status: Verified
Type: Technical

Reported By: Alfred Hoenes
Date Reported: 2007-09-09
Verifier Name: Tim Polk
Date Verified: 2010-07-29

Section 4 says:

On mid-page 6, Section 4 of RFC 5035 gives the following text as part
of the new Section 5.4.1.1, Certificate Identification Version 2 :

   The fields of ESSCertIDv2 are defined as follows:

   hashAlgorithm
      contains the identifier of the algorithm used in computing
      certHash.

   certHash
      is computed over the entire DER-encoded certificate (including the
|     signature) using the SHA-1 algorithm.

   [...]

The core reason for the new Cert ID version is algorithm agility.
Therefore, specifying SHA-1 here does not make any sense (and it
would turn the hashAlgorithm field useless) !

The 'certHash' field explanation should say:

   certHash
      is computed over the entire DER-encoded certificate (including the
|     signature) using the algorithm specified by hashAlgorithm.
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

It should say:

See above.

Notes:

See above.

Report New Errata