RFC Errata
RFC 5035, "Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility", August 2007
Source of RFC: smime (sec)See Also: RFC 5035 w/ inline errata
Errata ID: 2364
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-09
Verifier Name: Tim Polk
Date Verified: 2010-07-29
Section 4 says:
On mid-page 6, Section 4 of RFC 5035 gives the following text as part of the new Section 5.4.1.1, Certificate Identification Version 2 : The fields of ESSCertIDv2 are defined as follows: hashAlgorithm contains the identifier of the algorithm used in computing certHash. certHash is computed over the entire DER-encoded certificate (including the | signature) using the SHA-1 algorithm. [...] The core reason for the new Cert ID version is algorithm agility. Therefore, specifying SHA-1 here does not make any sense (and it would turn the hashAlgorithm field useless) ! The 'certHash' field explanation should say: certHash is computed over the entire DER-encoded certificate (including the | signature) using the algorithm specified by hashAlgorithm. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It should say:
See above.
Notes:
See above.