ietf-smime
[Top] [All Lists]

Re: [smime] [Editorial Errata Reported] RFC5652 (2026)

2010-01-29 15:13:12
The proposed correction is appropriate, and does not result in a technical change to the RFC. I have no objection to this errata.

spt

RFC Errata System wrote:
The following errata report has been submitted for RFC5652,
"Cryptographic Message Syntax (CMS)".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=5652&eid=2026

--------------------------------------
Type: Editorial
Reported by: Alfred Hoenes <ah(_at_)TR-Sys(_dot_)de>

Section: 5.3, pg. 15

Original Text
-------------
[[  around the page break from page 14 to page 15: ]]

      digestAlgorithm identifies the message digest algorithm, and any
      associated parameters, used by the signer.  The message digest is
      computed on either the content being signed or the content
<< page break >>
      together with the signed attributes using the process described in
      Section 5.4.  The message digest algorithm SHOULD be among those
|     listed in the digestAlgorithms field of the associated SignerData.
                                                             ^^^^^^^^^^
      Implementations MAY fail to validate signatures that use a digest
      algorithm that is not included in the SignedData digestAlgorithms
      set.


Corrected Text
--------------
      digestAlgorithm identifies the message digest algorithm, and any
      associated parameters, used by the signer.  The message digest is
      computed on either the content being signed or the content
      together with the signed attributes using the process described in
      Section 5.4.  The message digest algorithm SHOULD be among those
|     listed in the digestAlgorithms field of the associated SignedData.
      Implementations MAY fail to validate signatures that use a digest
      algorithm that is not included in the SignedData digestAlgorithms
      set.


Notes
-----
Rationale:
  There's no such ASN.1 type/object named "SignerData" in relevant
  specifications.   Text should refer to "SignedData" instead.
  This is an undetected legacy flaw inherited literally from RFC 2630,
  RFC 3369, and RFC 3852.

Instructions:
-------------
This errata is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.
--------------------------------------
RFC5652 (draft-ietf-smime-rfc3852bis-00)
--------------------------------------
Title               : Cryptographic Message Syntax (CMS)
Publication Date    : September 2009
Author(s)           : R. Housley
Category            : DRAFT STANDARD
Source              : S/MIME Mail Security
Area                : Security
Stream              : IETF
Verifying Party     : IESG

_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime

<Prev in Thread] Current Thread [Next in Thread>