errata logo graphic

Found 2 records.

Status: Reported (1)

RFC5652, "Cryptographic Message Syntax (CMS)", September 2009

Source of RFC: smime (sec)

Errata ID: 3867

Status: Reported
Type: Technical

Reported By: Jos Breek
Date Reported: 2014-01-16

Section 5.3 says:

digestAlgorithm identifies the message digest algorithm, and any
associated parameters, used by the signer.

It should say:

digestAlgorithm identifies the message digest algorithm, and any
associated parameters, used by the signer in the signature Generation 
Process. The message digest algorithm shall be equal to the message 
digest algorithm used in the signatureAlgorithm field.

Notes:

The text stated that the message digest algorithm is "used by the signer". It is unclear for what purpose the message digest algorithm is used.

There are implementations that use the message digest algorithm specified in the messageDigest field instead of the message digest algorithm specified in the signatureAlgorithm.

Is the purpose of the messageDigest field to nest the hashing algorithm used in the signing process? If so, please use the corrected text to clarify the goal of the field.


Status: Held for Document Update (1)

RFC5652, "Cryptographic Message Syntax (CMS)", September 2009

Source of RFC: smime (sec)

Errata ID: 2026

Status: Held for Document Update
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2010-01-28
Held for Document Update by: Tim Polk

Section 5.3, pg. 15 says:

[[  around the page break from page 14 to page 15: ]]

      digestAlgorithm identifies the message digest algorithm, and any
      associated parameters, used by the signer.  The message digest is
      computed on either the content being signed or the content
<< page break >>
      together with the signed attributes using the process described in
      Section 5.4.  The message digest algorithm SHOULD be among those
|     listed in the digestAlgorithms field of the associated SignerData.
                                                             ^^^^^^^^^^
      Implementations MAY fail to validate signatures that use a digest
      algorithm that is not included in the SignedData digestAlgorithms
      set.

It should say:

      digestAlgorithm identifies the message digest algorithm, and any
      associated parameters, used by the signer.  The message digest is
      computed on either the content being signed or the content
      together with the signed attributes using the process described in
      Section 5.4.  The message digest algorithm SHOULD be among those
|     listed in the digestAlgorithms field of the associated SignedData.
      Implementations MAY fail to validate signatures that use a digest
      algorithm that is not included in the SignedData digestAlgorithms
      set.

Notes:

Rationale:
There's no such ASN.1 type/object named "SignerData" in relevant
specifications. Text should refer to "SignedData" instead.
This is an undetected legacy flaw inherited literally from RFC 2630,
RFC 3369, and RFC 3852.


Report New Errata