Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
RFC 5035
| Document | Type |
RFC - Proposed Standard
(August 2007; Errata)
Updates RFC 2634
|
|
|---|---|---|---|
| Last updated | 2020-01-21 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized with errata bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 5035 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Tim Polk | ||
| Send notices to | (None) | ||
Network Working Group J. Schaad
Request for Comments: 5035 Soaring Hawk Consulting
Updates: 2634 August 2007
Category: Standards Track
Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
In the original Enhanced Security Services for S/MIME document (RFC
2634), a structure for cryptographically linking the certificate to
be used in validation with the signature was introduced; this
structure was hardwired to use SHA-1. This document allows for the
structure to have algorithm agility and defines a new attribute for
this purpose.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Notation . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2. Updates to RFC 2634 . . . . . . . . . . . . . . . . . . . 2
2. Replace Section 5.4 'Signing Certificate Attribute
Definitions' . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Insert New Section 5.4.1 'Signing Certificate Attribute
Definition Version 2' . . . . . . . . . . . . . . . . . . . . 4
4. Insert New Section 5.4.1.1 'Certificate Identification
Version 2' . . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. Insert New Section 5.4.2 'Signing Certificate Attribute
Definition Version 1' . . . . . . . . . . . . . . . . . . . . 7
6. Insert New Section 5.4.2.1 'Certificate Identification
Version 1' . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8. Normative References . . . . . . . . . . . . . . . . . . . . . 10
Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 11
Schaad Standards Track [Page 1]
RFC 5035 ESSCertID Update August 2007
1. Introduction
In the original Enhanced Security Services (ESS) for S/MIME document
[ESS], a structure for cryptographically linking the certificate to
be used in validation with the signature was defined. This
structure, called ESSCertID, identifies a certificate by its hash.
The structure is hardwired to use a SHA-1 hash value. The recent
attacks on SHA-1 require that we define a new attribute that allows
for the use of different algorithms. This document performs that
task.
This document defines the structure ESSCertIDv2 along with a new
attribute SigningCertificateV2, which uses the updated structure.
This document allows for the structure to have algorithm agility by
including an algorithm identifier and defines a new signed attribute
to use the new structure.
This document specifies the continued use of ESSCertID to ensure
compatibility when SHA-1 is used for certificate disambiguation.
1.1. Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.2. Updates to RFC 2634
This document updates Section 5.4 of RFC 2634. Once the updates are
applied, the revised section will have the following structure:
5.4 Signing Certificate Attribute Definitions
5.4.1 Signing Certificate Attribute Definition Version 2
5.4.1.1 Certificate Identification Version 2
5.4.2 Signing Certificate Attribute Definition Version 1
5.4.2.1 Certificate Identification Version 1
In addition, the ASN.1 module in Appendix A is replaced.
Schaad Standards Track [Page 2]
RFC 5035 ESSCertID Update August 2007
2. Replace Section 5.4 'Signing Certificate Attribute Definitions'
5.4 Signing Certificate Attribute Definitions
The signing certificate attribute is designed to prevent simple
substitution and re-issue attacks, and to allow for a restricted set
of certificates to be used in verifying a signature.
Two different attributes exist for this due to a flaw in the original
design. The only substantial difference between the two attributes
is that SigningCertificateV2 allows for hash algorithm agility, while
SigningCertificate forces the use of the SHA-1 hash algorithm. With
the recent advances in the ability to create hash collisions for
SHA-1, it is wise to move forward sooner rather than later.
When the SHA-1 hash function is used, the SigningCertificate
Show full document text