RFC Errata
RFC 5272, "Certificate Management over CMS (CMC)", June 2008
Note: This RFC has been updated by RFC 6402
Source of RFC: pkix (sec)
Errata ID: 8137
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: David von Oheimb
Date Reported: 2024-10-12
Held for Document Update by: Deb Cooley
Date Held: 2025-01-17
Section C.1 says:
NoSignatureValue contains the hash of the certification request.
It should say:
NoSignatureValue contains the SHA-1 hash value of the certification request. The hash value given by NoSignatureValue SHOULD be ignored.
Notes:
This has been fixed in RFC 6402
The hash value was not sufficiently defined because the choice of the hash algorithm was not specified.
At that time presumably the use of SHA-1 was implied.
I suggest requiring SHA-1 here simply for backward compatibility.
From today's perspective more flexibility may be demanded and SHA-1 likely no more is the best choice.
Anyway I see no real value in NoSignatureValue (pun intended), so it should not matter.
For this reason I propose ignoring the hash value.