RFC Errata
RFC 5272, "Certificate Management over CMS (CMC)", June 2008
Note: This RFC has been updated by RFC 6402
Source of RFC: pkix (sec)
Errata ID: 8137
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: David von Oheimb
Date Reported: 2024-10-12
Section C.1 says:
NoSignatureValue contains the hash of the certification request.
It should say:
NoSignatureValue contains the SHA-1 hash value of the certification request. The hash value given by NoSignatureValue SHOULD be ignored.
Notes:
The hash value was not sufficiently defined because the choice of the hash algorithm was not specified.
At that time presumably the use of SHA-1 was implied.
I suggest requiring SHA-1 here simply for backward compatibility.
From today's perspective more flexibility may be demanded and SHA-1 likely no more is the best choice.
Anyway I see no real value in NoSignatureValue (pun intended), so it should not matter.
For this reason I propose ignoring the hash value.