RFC Errata
RFC 5035, "Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility", August 2007
Source of RFC: smime (sec)See Also: RFC 5035 w/ inline errata
Errata ID: 2364
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-09
Verifier Name: Tim Polk
Date Verified: 2010-07-29
Section 4 says:
On mid-page 6, Section 4 of RFC 5035 gives the following text as part
of the new Section 5.4.1.1, Certificate Identification Version 2 :
The fields of ESSCertIDv2 are defined as follows:
hashAlgorithm
contains the identifier of the algorithm used in computing
certHash.
certHash
is computed over the entire DER-encoded certificate (including the
| signature) using the SHA-1 algorithm.
[...]
The core reason for the new Cert ID version is algorithm agility.
Therefore, specifying SHA-1 here does not make any sense (and it
would turn the hashAlgorithm field useless) !
The 'certHash' field explanation should say:
certHash
is computed over the entire DER-encoded certificate (including the
| signature) using the algorithm specified by hashAlgorithm.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It should say:
See above.
Notes:
See above.