draft-ietf-lamps-cms-update-alg-id-protect-04.txt   draft-ietf-lamps-cms-update-alg-id-protect-05.txt 
Network Working Group R. Housley Network Working Group R. Housley
Internet-Draft Vigil Security Internet-Draft Vigil Security
Updates: 5652 (if approved) August 27, 2020 Updates: 5652 (if approved) August 27, 2020
Intended status: Standards Track Intended status: Standards Track
Expires: February 28, 2021 Expires: February 28, 2021
Update to the Cryptographic Message Syntax (CMS) for Algorithm Update to the Cryptographic Message Syntax (CMS) for Algorithm
Identifier Protection Identifier Protection
draft-ietf-lamps-cms-update-alg-id-protect-04 draft-ietf-lamps-cms-update-alg-id-protect-05
Abstract Abstract
This document updates the Cryptographic Message Syntax (CMS) This document updates the Cryptographic Message Syntax (CMS)
specified in RFC 5652 to ensure that algorithm identifiers in signed- specified in RFC 5652 to ensure that algorithm identifiers in signed-
data and authenticated-data content types are adequately protected. data and authenticated-data content types are adequately protected.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 2, line 15 skipping to change at page 2, line 15
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Required use the same hash algorithm . . . . . . . . . . . . 3 3. Required use the same hash algorithm . . . . . . . . . . . . 3
3.1. RFC 5652, Section 5.3 . . . . . . . . . . . . . . . . . . 3 3.1. RFC 5652, Section 5.3 . . . . . . . . . . . . . . . . . . 3
3.2. RFC 5652, Section 5.4 . . . . . . . . . . . . . . . . . . 4 3.2. RFC 5652, Section 5.4 . . . . . . . . . . . . . . . . . . 4
3.3. RFC 5652, Section 5.6 . . . . . . . . . . . . . . . . . . 4 3.3. RFC 5652, Section 5.6 . . . . . . . . . . . . . . . . . . 4
3.4. Backward Compatibility Considerations . . . . . . . . . . 5 3.4. Backward Compatibility Considerations . . . . . . . . . . 5
3.5. Timestamp Compatibility Considerations . . . . . . . . . 5 3.5. Timestamp Compatibility Considerations . . . . . . . . . 5
4. Recommended inclusion of the CMSAlgorithmProtection attribute 6 4. Recommended inclusion of the CMSAlgorithmProtection attribute 5
4.1. RFC 5652, Section 14 . . . . . . . . . . . . . . . . . . 6 4.1. RFC 5652, Section 14 . . . . . . . . . . . . . . . . . . 6
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
8.1. Normative References . . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . 7
8.2. Informative References . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
This document updates the Cryptographic Message Syntax (CMS) This document updates the Cryptographic Message Syntax (CMS)
[RFC5652] to ensure that algorithm identifiers in signed-data and [RFC5652] to ensure that algorithm identifiers in signed-data and
authenticated-data content types are adequately protected. authenticated-data content types are adequately protected.
The CMS signed-data Content Type [RFC5652], unlike X.509 certificates The CMS signed-data Content Type [RFC5652], unlike X.509 certificates
[RFC5280], can be vulnerable to algorithm substitution attacks. In [RFC5280], can be vulnerable to algorithm substitution attacks. In
an algorithm substitution attack, the attacker changes either the an algorithm substitution attack, the attacker changes either the
skipping to change at page 4, line 38 skipping to change at page 4, line 38
Add the following paragraph as the second paragraph in Section 5.4: Add the following paragraph as the second paragraph in Section 5.4:
ADD: ADD:
When the signedAttrs field is present, the same digest algorithm When the signedAttrs field is present, the same digest algorithm
MUST be used to compute the digest of the encapContentInfo MUST be used to compute the digest of the encapContentInfo
eContent OCTET STRING, which is carried in the message-digest eContent OCTET STRING, which is carried in the message-digest
attribute, and the digest of the collection of attributes that are attribute, and the digest of the collection of attributes that are
signed. signed.
nit: there may be a grammar nit here, relating to the parallelism of
"compute the digest of" - I think "the collection of attributes that
are signed" should also have an "of" or "digest of" prefix.
3.3. RFC 5652, Section 5.6 3.3. RFC 5652, Section 5.6
Change the paragraph discussing the signed attributes as follows: Change the paragraph discussing the signed attributes as follows:
OLD: OLD:
The recipient MUST NOT rely on any message digest values computed The recipient MUST NOT rely on any message digest values computed
by the originator. If the SignedData signerInfo includes by the originator. If the SignedData signerInfo includes
signedAttributes, then the content message digest MUST be signedAttributes, then the content message digest MUST be
calculated as described in Section 5.4. For the signature to be calculated as described in Section 5.4. For the signature to be
 End of changes. 4 change blocks. 
7 lines changed or deleted 3 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/