RFC Errata
RFC 3852, "Cryptographic Message Syntax (CMS)", July 2004
Note: This RFC has been obsoleted by RFC 5652
Note: This RFC has been updated by RFC 4853, RFC 5083
Source of RFC: smime (sec)See Also: RFC 3852 w/ inline errata
Errata ID: 1744
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Jan Vilhuber
Date Reported: 2009-03-26
Verifier Name: Tim Polk
Date Verified: 2009-06-05
Section 5 says:
A recipient independently computes the message digest. This message digest and the signer's public key are used to verify the signature value. The signer's public key is referenced either by an issuer distinguished name along with an issuer-specific serial number or by a subject key identifier that uniquely identifies the certificate containing the public key. The signer's certificate can be included in the SignedData certificates field.
It should say:
A recipient independently computes the message digest. This message digest and the signer's public key are used to verify the signature value. The signer's public key is referenced in one of two ways. It can be referenced by an issuer distinguished name along with an issuer-specific serial number to uniquely identify the certificate that contains the public key. Alternatively, it can be referenced by a subject key identifier, which accommodates both certified and uncertified public keys. While not required, the signer's certificate can be included in the SignedData certificates field.
Notes:
The original text seems to indicate that a subjectKeyIdentifier also uniquely identifies a certificate, when in fact no certificate may exist at all. This clarification clarifies some possibly conflicting text from the CMC rfc.