ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RFC 3852 Errata

2007-09-21 07:06:14
from [Russ Housley] [Permanent Link] 

Dear RFC Editor:

I am writing to report an errata in RFC 3852.

Section 5.4 contains an error.  Section 5.4 includes this paragraph:

   The result of the message digest calculation process depends on
   whether the signedAttrs field is present.  When the field is absent,
   the result is just the message digest of the content as described
   above.  When the field is present, however, the result is the message
   digest of the complete DER encoding of the SignedAttrs value
   contained in the signedAttrs field.  Since the SignedAttrs value,
   when present, must contain the content-type and the message-digest
   attributes, those values are indirectly included in the result.  The
   content-type attribute MUST NOT be included in a countersignature
   unsigned attribute as defined in section 11.4.  A separate encoding
   of the signedAttrs field is performed for message digest calculation.
   The IMPLICIT [0] tag in the signedAttrs is not used for the DER
   encoding, rather an EXPLICIT SET OF tag is used.  That is, the DER
   encoding of the EXPLICIT SET OF tag, rather than of the IMPLICIT [0]
   tag, MUST be included in the message digest calculation along with
   the length and content octets of the SignedAttributes value.

The last two sentences of this paragraph should say:

   The IMPLICIT [0] tag in the signedAttrs is not used for the DER
   encoding, rather an universal SET OF tag is used.  That is, the DER
   encoding of the universal SET OF tag, rather than the IMPLICIT [0]
   tag, MUST be included in the message digest calculation along with
   the length and content octets of the SignedAttributes value.

There is a similar error in Section 9.2, which includes this paragraph:

   If authAttrs field is present, the content-type attribute (as
   described in Section 11.1) and the message-digest attribute (as
   described in section 11.2) MUST be included, and the input to the MAC
   calculation process is the DER encoding of authAttrs.  A separate
   encoding of the authAttrs field is performed for message digest
   calculation.  The IMPLICIT [2] tag in the authAttrs field is not used
   for the DER encoding, rather an EXPLICIT SET OF tag is used.  That
   is, the DER encoding of the SET OF tag, rather than of the IMPLICIT
   [2] tag, is to be included in the message digest calculation along
   with the length and content octets of the authAttrs value.

The last two sentences of this paragraph should say:

   The IMPLICIT [2] tag in the authAttrs field is not used
   for the DER encoding, rather an universal SET OF tag is used.  That
   is, the DER encoding of the SET OF tag, rather than of the IMPLICIT
   [2] tag, is to be included in the message digest calculation along
   with the length and content octets of the authAttrs value.

Thanks,
  Russ
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • RFC 3852 Errata, Russ Housley <=
Previous by Date:  {Blocked Content} I-D ACTION:draft-ietf-smime-cades-05.txt, Internet-Drafts
Next by Date:  {Blocked Content} I-D Action:draft-ietf-smime-cms-auth-enveloped-06.txt, Internet-Drafts
Previous by Thread:  {Blocked Content} I-D ACTION:draft-ietf-smime-cades-05.txt, Internet-Drafts
Next by Thread:  {Blocked Content} I-D Action:draft-ietf-smime-cms-auth-enveloped-06.txt, Internet-Drafts
Indexes:  [Date] [Thread] [Top] [All Lists]