[Top] [All Lists]

Re: Questions on digest and signature algorithm identifiers in CMS

2007-01-26 09:12:47

On Fri, Jan 26, 2007 at 04:02:28AM -0800, Blake Ramsdell wrote:
Julien Stern wrote:
I am just faced with a simple practical problem, namely: what is an
implementation supposed to do when it receives a CMS message where
the hash function in the digestAlgorithm and the signedAlgorithm
are not the same?  I mean, there must be quite a large number of CMS
implementations that were faced with the same problem!


Now, a "tough guy" implementation might take the precaution that every 
other implementation is crazy, and digest with every algorithm that they 
understand. In my case, I always digest with MD5 and SHA-1. So I 
personally don't listen to the digestAlgorithms field in SignedData or 
the digestAlgorithm field in SignerInfo. When I get to the signature 
verification, I say "OK, so which digest do I need" and use the right 
one (or freak out if it's not one of those). So I never have the 
heartache of betrayal from these fields, at the acceptable (in my case) 
cost of performance.


Thank you for your input.
I like your interpretation (considering the digest as a pure hint) too.

- What should be the behavior of a verification algorithm which is
faced with such a situation?

Not sure if it's specified anywhere, but that's up to the implementation 
I would say.

OK. I guess I have my answer :) So, I'll go for either "reject"
or "use only digests as a hint".