Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
RFC 5035
Document | Type |
RFC - Proposed Standard
(August 2007; Errata)
Updates RFC 2634
|
|
---|---|---|---|
Author | Jim Schaad | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5035 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Tim Polk | ||
Send notices to | (None) |
Network Working Group J. Schaad Request for Comments: 5035 Soaring Hawk Consulting Updates: 2634 August 2007 Category: Standards Track Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract In the original Enhanced Security Services for S/MIME document (RFC 2634), a structure for cryptographically linking the certificate to be used in validation with the signature was introduced; this structure was hardwired to use SHA-1. This document allows for the structure to have algorithm agility and defines a new attribute for this purpose. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Notation . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Updates to RFC 2634 . . . . . . . . . . . . . . . . . . . 2 2. Replace Section 5.4 'Signing Certificate Attribute Definitions' . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Insert New Section 5.4.1 'Signing Certificate Attribute Definition Version 2' . . . . . . . . . . . . . . . . . . . . 4 4. Insert New Section 5.4.1.1 'Certificate Identification Version 2' . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Insert New Section 5.4.2 'Signing Certificate Attribute Definition Version 1' . . . . . . . . . . . . . . . . . . . . 7 6. Insert New Section 5.4.2.1 'Certificate Identification Version 1' . . . . . . . . . . . . . . . . . . . . . . . . . . 8 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 8. Normative References . . . . . . . . . . . . . . . . . . . . . 10 Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 11 Schaad Standards Track [Page 1] RFC 5035 ESSCertID Update August 2007 1. Introduction In the original Enhanced Security Services (ESS) for S/MIME document [ESS], a structure for cryptographically linking the certificate to be used in validation with the signature was defined. This structure, called ESSCertID, identifies a certificate by its hash. The structure is hardwired to use a SHA-1 hash value. The recent attacks on SHA-1 require that we define a new attribute that allows for the use of different algorithms. This document performs that task. This document defines the structure ESSCertIDv2 along with a new attribute SigningCertificateV2, which uses the updated structure. This document allows for the structure to have algorithm agility by including an algorithm identifier and defines a new signed attribute to use the new structure. This document specifies the continued use of ESSCertID to ensure compatibility when SHA-1 is used for certificate disambiguation. 1.1. Notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.2. Updates to RFC 2634 This document updates Section 5.4 of RFC 2634. Once the updates are applied, the revised section will have the following structure: 5.4 Signing Certificate Attribute Definitions 5.4.1 Signing Certificate Attribute Definition Version 2 5.4.1.1 Certificate Identification Version 2 5.4.2 Signing Certificate Attribute Definition Version 1 5.4.2.1 Certificate Identification Version 1 In addition, the ASN.1 module in Appendix A is replaced. Schaad Standards Track [Page 2] RFC 5035 ESSCertID Update August 2007 2. Replace Section 5.4 'Signing Certificate Attribute Definitions' 5.4 Signing Certificate Attribute Definitions The signing certificate attribute is designed to prevent simple substitution and re-issue attacks, and to allow for a restricted set of certificates to be used in verifying a signature. Two different attributes exist for this due to a flaw in the original design. The only substantial difference between the two attributes is that SigningCertificateV2 allows for hash algorithm agility, while SigningCertificate forces the use of the SHA-1 hash algorithm. With the recent advances in the ability to create hash collisions for SHA-1, it is wise to move forward sooner rather than later. When the SHA-1 hash function is used, the SigningCertificateShow full document text