Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
RFC 5035
Document Type RFC - Proposed Standard (August 2007; Errata)
Updates RFC 2634
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Reviews
SECDIR Last Call Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5035 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Tim Polk
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                          J. Schaad
Request for Comments: 5035                       Soaring Hawk Consulting
Updates: 2634                                                August 2007
Category: Standards Track

                Enhanced Security Services (ESS) Update:
                    Adding CertID Algorithm Agility

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   In the original Enhanced Security Services for S/MIME document (RFC
   2634), a structure for cryptographically linking the certificate to
   be used in validation with the signature was introduced; this
   structure was hardwired to use SHA-1.  This document allows for the
   structure to have algorithm agility and defines a new attribute for
   this purpose.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
     1.1.  Notation . . . . . . . . . . . . . . . . . . . . . . . . .  2
     1.2.  Updates to RFC 2634  . . . . . . . . . . . . . . . . . . .  2
   2.  Replace Section 5.4 'Signing Certificate Attribute
       Definitions' . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Insert New Section 5.4.1 'Signing Certificate Attribute
       Definition Version 2'  . . . . . . . . . . . . . . . . . . . .  4
   4.  Insert New Section 5.4.1.1 'Certificate Identification
       Version 2' . . . . . . . . . . . . . . . . . . . . . . . . . .  5
   5.  Insert New Section 5.4.2 'Signing Certificate Attribute
       Definition Version 1'  . . . . . . . . . . . . . . . . . . . .  7
   6.  Insert New Section 5.4.2.1 'Certificate Identification
       Version 1' . . . . . . . . . . . . . . . . . . . . . . . . . .  8
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   8.  Normative References . . . . . . . . . . . . . . . . . . . . . 10
   Appendix A.  ASN.1 Module  . . . . . . . . . . . . . . . . . . . . 11

Schaad                      Standards Track                     [Page 1]
RFC 5035                    ESSCertID Update                 August 2007

1.  Introduction

   In the original Enhanced Security Services (ESS) for S/MIME document
   [ESS], a structure for cryptographically linking the certificate to
   be used in validation with the signature was defined.  This
   structure, called ESSCertID, identifies a certificate by its hash.
   The structure is hardwired to use a SHA-1 hash value.  The recent
   attacks on SHA-1 require that we define a new attribute that allows
   for the use of different algorithms.  This document performs that
   task.

   This document defines the structure ESSCertIDv2 along with a new
   attribute SigningCertificateV2, which uses the updated structure.
   This document allows for the structure to have algorithm agility by
   including an algorithm identifier and defines a new signed attribute
   to use the new structure.

   This document specifies the continued use of ESSCertID to ensure
   compatibility when SHA-1 is used for certificate disambiguation.

1.1.  Notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

1.2.  Updates to RFC 2634

   This document updates Section 5.4 of RFC 2634.  Once the updates are
   applied, the revised section will have the following structure:

   5.4  Signing Certificate Attribute Definitions

   5.4.1  Signing Certificate Attribute Definition Version 2

   5.4.1.1  Certificate Identification Version 2

   5.4.2  Signing Certificate Attribute Definition Version 1

   5.4.2.1  Certificate Identification Version 1

   In addition, the ASN.1 module in Appendix A is replaced.

Schaad                      Standards Track                     [Page 2]
RFC 5035                    ESSCertID Update                 August 2007

2.  Replace Section 5.4 'Signing Certificate Attribute Definitions'

   5.4 Signing Certificate Attribute Definitions

   The signing certificate attribute is designed to prevent simple
   substitution and re-issue attacks, and to allow for a restricted set
   of certificates to be used in verifying a signature.

   Two different attributes exist for this due to a flaw in the original
   design.  The only substantial difference between the two attributes
   is that SigningCertificateV2 allows for hash algorithm agility, while
   SigningCertificate forces the use of the SHA-1 hash algorithm.  With
   the recent advances in the ability to create hash collisions for
   SHA-1, it is wise to move forward sooner rather than later.

   When the SHA-1 hash function is used, the SigningCertificate
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools