| draft-ietf-lamps-cms-update-alg-id-protect-04.txt | draft-ietf-lamps-cms-update-alg-id-protect-05.txt | |||
|---|---|---|---|---|
| Network Working Group R. Housley | Network Working Group R. Housley | |||
| Internet-Draft Vigil Security | Internet-Draft Vigil Security | |||
| Updates: 5652 (if approved) August 27, 2020 | Updates: 5652 (if approved) August 27, 2020 | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: February 28, 2021 | Expires: February 28, 2021 | |||
| Update to the Cryptographic Message Syntax (CMS) for Algorithm | Update to the Cryptographic Message Syntax (CMS) for Algorithm | |||
| Identifier Protection | Identifier Protection | |||
| draft-ietf-lamps-cms-update-alg-id-protect-04 | draft-ietf-lamps-cms-update-alg-id-protect-05 | |||
| Abstract | Abstract | |||
| This document updates the Cryptographic Message Syntax (CMS) | This document updates the Cryptographic Message Syntax (CMS) | |||
| specified in RFC 5652 to ensure that algorithm identifiers in signed- | specified in RFC 5652 to ensure that algorithm identifiers in signed- | |||
| data and authenticated-data content types are adequately protected. | data and authenticated-data content types are adequately protected. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 2, line 15 ¶ | skipping to change at page 2, line 15 ¶ | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Required use the same hash algorithm . . . . . . . . . . . . 3 | 3. Required use the same hash algorithm . . . . . . . . . . . . 3 | |||
| 3.1. RFC 5652, Section 5.3 . . . . . . . . . . . . . . . . . . 3 | 3.1. RFC 5652, Section 5.3 . . . . . . . . . . . . . . . . . . 3 | |||
| 3.2. RFC 5652, Section 5.4 . . . . . . . . . . . . . . . . . . 4 | 3.2. RFC 5652, Section 5.4 . . . . . . . . . . . . . . . . . . 4 | |||
| 3.3. RFC 5652, Section 5.6 . . . . . . . . . . . . . . . . . . 4 | 3.3. RFC 5652, Section 5.6 . . . . . . . . . . . . . . . . . . 4 | |||
| 3.4. Backward Compatibility Considerations . . . . . . . . . . 5 | 3.4. Backward Compatibility Considerations . . . . . . . . . . 5 | |||
| 3.5. Timestamp Compatibility Considerations . . . . . . . . . 5 | 3.5. Timestamp Compatibility Considerations . . . . . . . . . 5 | |||
| 4. Recommended inclusion of the CMSAlgorithmProtection attribute 6 | 4. Recommended inclusion of the CMSAlgorithmProtection attribute 5 | |||
| 4.1. RFC 5652, Section 14 . . . . . . . . . . . . . . . . . . 6 | 4.1. RFC 5652, Section 14 . . . . . . . . . . . . . . . . . . 6 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 8 | 8.2. Informative References . . . . . . . . . . . . . . . . . 8 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 1. Introduction | 1. Introduction | |||
| This document updates the Cryptographic Message Syntax (CMS) | This document updates the Cryptographic Message Syntax (CMS) | |||
| [RFC5652] to ensure that algorithm identifiers in signed-data and | [RFC5652] to ensure that algorithm identifiers in signed-data and | |||
| authenticated-data content types are adequately protected. | authenticated-data content types are adequately protected. | |||
| The CMS signed-data Content Type [RFC5652], unlike X.509 certificates | The CMS signed-data Content Type [RFC5652], unlike X.509 certificates | |||
| [RFC5280], can be vulnerable to algorithm substitution attacks. In | [RFC5280], can be vulnerable to algorithm substitution attacks. In | |||
| an algorithm substitution attack, the attacker changes either the | an algorithm substitution attack, the attacker changes either the | |||
| skipping to change at page 4, line 38 ¶ | skipping to change at page 4, line 38 ¶ | |||
| Add the following paragraph as the second paragraph in Section 5.4: | Add the following paragraph as the second paragraph in Section 5.4: | |||
| ADD: | ADD: | |||
| When the signedAttrs field is present, the same digest algorithm | When the signedAttrs field is present, the same digest algorithm | |||
| MUST be used to compute the digest of the encapContentInfo | MUST be used to compute the digest of the encapContentInfo | |||
| eContent OCTET STRING, which is carried in the message-digest | eContent OCTET STRING, which is carried in the message-digest | |||
| attribute, and the digest of the collection of attributes that are | attribute, and the digest of the collection of attributes that are | |||
| signed. | signed. | |||
| nit: there may be a grammar nit here, relating to the parallelism of | ||||
| "compute the digest of" - I think "the collection of attributes that | ||||
| are signed" should also have an "of" or "digest of" prefix. | ||||
| 3.3. RFC 5652, Section 5.6 | 3.3. RFC 5652, Section 5.6 | |||
| Change the paragraph discussing the signed attributes as follows: | Change the paragraph discussing the signed attributes as follows: | |||
| OLD: | OLD: | |||
| The recipient MUST NOT rely on any message digest values computed | The recipient MUST NOT rely on any message digest values computed | |||
| by the originator. If the SignedData signerInfo includes | by the originator. If the SignedData signerInfo includes | |||
| signedAttributes, then the content message digest MUST be | signedAttributes, then the content message digest MUST be | |||
| calculated as described in Section 5.4. For the signature to be | calculated as described in Section 5.4. For the signature to be | |||
| End of changes. 4 change blocks. | ||||
| 7 lines changed or deleted | 3 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||