RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5652, "Cryptographic Message Syntax (CMS)", September 2009

Source of RFC: smime (sec)
See Also: RFC 5652 w/ inline errata

Errata ID: 6250
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Russ Housley
Date Reported: 2020-08-06
Verifier Name: Benjamin Kaduk
Date Verified: 2020-08-07

Section 9.2 says:

   If the authAttrs field is present, the content-type attribute (as
   described in Section 11.1) and the message-digest attribute (as
   described in Section 11.2) MUST be included, and the input to the MAC
   calculation process is the DER encoding of authAttrs.  A separate
   encoding of the authAttrs field is performed for message digest
   calculation.  The IMPLICIT [2] tag in the authAttrs field is not used
   for the DER encoding, rather an EXPLICIT SET OF tag is used.  That
   is, the DER encoding of the SET OF tag, rather than of the IMPLICIT
   [2] tag, is to be included in the message digest calculation along
   with the length and content octets of the authAttrs value.

It should say:

   If the authAttrs field is present, the content-type attribute (as
   described in Section 11.1) and the message-digest attribute (as
   described in Section 11.2) MUST be included, and the input to the MAC
   calculation process is the DER encoding of authAttrs.  A separate
   encoding of the authAttrs field is performed for message digest
   calculation.  The IMPLICIT [2] tag in the authAttrs field is not used
   for the DER encoding, rather an EXPLICIT SET OF tag is used.  That
   is, the DER encoding of the SET OF tag, rather than of the IMPLICIT
   [2] tag, is to be included in the MAC calculation along
   with the length and content octets of the authAttrs value.

Notes:

The paragraph is talking about the input to a MAC calculation, not the input to message digest calculation.

Report New Errata