The following errata report has been submitted for RFC5652,
"Cryptographic Message Syntax (CMS)".
--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6250
--------------------------------------
Type: Technical
Reported by: Russ Housley <housley(_at_)vigilsec(_dot_)com>
Section: 9.2
Original Text
-------------
If the authAttrs field is present, the content-type attribute (as
described in Section 11.1) and the message-digest attribute (as
described in Section 11.2) MUST be included, and the input to the MAC
calculation process is the DER encoding of authAttrs. A separate
encoding of the authAttrs field is performed for message digest
calculation. The IMPLICIT [2] tag in the authAttrs field is not used
for the DER encoding, rather an EXPLICIT SET OF tag is used. That
is, the DER encoding of the SET OF tag, rather than of the IMPLICIT
[2] tag, is to be included in the message digest calculation along
with the length and content octets of the authAttrs value.
Corrected Text
--------------
If the authAttrs field is present, the content-type attribute (as
described in Section 11.1) and the message-digest attribute (as
described in Section 11.2) MUST be included, and the input to the MAC
calculation process is the DER encoding of authAttrs. A separate
encoding of the authAttrs field is performed for message digest
calculation. The IMPLICIT [2] tag in the authAttrs field is not used
for the DER encoding, rather an EXPLICIT SET OF tag is used. That
is, the DER encoding of the SET OF tag, rather than of the IMPLICIT
[2] tag, is to be included in the MAC calculation along
with the length and content octets of the authAttrs value.
Notes
-----
The paragraph is talking about the input to a MAC calculation, not the input to
message digest calculation.
Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party
can log in to change the status and edit the report, if necessary.
--------------------------------------
RFC5652 (draft-ietf-smime-rfc3852bis-00)
--------------------------------------
Title : Cryptographic Message Syntax (CMS)
Publication Date : September 2009
Author(s) : R. Housley
Category : DRAFT STANDARD
Source : S/MIME Mail Security
Area : Security
Stream : IETF
Verifying Party : IESG
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime