%% You should probably cite rfc6211 instead of this I-D.
@techreport{schaad-smime-algorithm-attribute-05,
    number =    {draft-schaad-smime-algorithm-attribute-05},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-schaad-smime-algorithm-attribute/05/},
    author =    {Jim Schaad},
    title =     {{Cryptographic Message Syntax (CMS) Algorithm Identifier Protection Attribute}},
    pagetotal = 11,
    year =      2011,
    month =     jan,
    day =       24,
    abstract =  {The Cryptographic Message Syntax (CMS), unlike X.509/PKIX certificates, is vulnerable to algorithm substitution attacks. In an algorithm substitution attack, the attacker changes either the algorithm being used or the parameters of the algorithm in order to change the result of a signature verification process. In X.509 certificates, the signature algorithm is protected because it is duplicated in the TBSCertificate.signature field with the proviso that the validator is to compare both fields as part of the signature validation process. This document defines a new attribute that contains a copy of the relevant algorithm identifiers so that they are protected by the signature or authentication process. {[}STANDARDS-TRACK{]}},
}