I have had a private mail that requested the following:
In section 3, you say:
digestAlgorithms SHOULD contain the one-way hash function used to
compute the message digest on the eContent value.
I would rather this be a MUST!
My reply was that this would impose a new behavior on the CMS document
where this behavior is a SHOULD not a MUST. The reply to this was to
ask me to take it to the list as a question of wheither the CMS document
is too lienant on this issue.
HERE IS MY TAKE!
1. Presence of a digest algorithm is not techincally needed to
successfully validate a signature. The one that is needed is in the
SignerInfo structure.
2. My implementations of CMS WILL FAIL if the digest algorithm is not
present in this field. I have a stream based implementation of
signature processing that requires the digest algorithm to be known
prior to starting to process the content. (I have a fall back of adding
SHA-1 if the field is empty.) This is permitted behavior under CMS.
3. I do not know of anybody who delibrately omits putting this into the
message.
I would be happy with changing this from a SHOULD to a MUST, but if this
is done it needs to propigate all of the way back to CMS.
Jim