RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5272, "Certificate Management over CMS (CMC)", June 2008

Note: This RFC has been updated by RFC 6402

Source of RFC: pkix (sec)

Errata ID: 8137
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: David von Oheimb
Date Reported: 2024-10-12

Section C.1 says:

NoSignatureValue contains the hash of the certification request. 

It should say:

NoSignatureValue contains the SHA-1 hash value of the certification request. 
The hash value given by NoSignatureValue SHOULD be ignored.

Notes:

The hash value was not sufficiently defined because the choice of the hash algorithm was not specified.
At that time presumably the use of SHA-1 was implied.

I suggest requiring SHA-1 here simply for backward compatibility.
From today's perspective more flexibility may be demanded and SHA-1 likely no more is the best choice.

Anyway I see no real value in NoSignatureValue (pun intended), so it should not matter.
For this reason I propose ignoring the hash value.

Report New Errata



Advanced Search