Cryptographic Message Syntax (CMS) Algorithm Identifier Protection Attribute
RFC 6211

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>
Subject: Protocol Action: 'Cryptographic Messages Syntax (CMS) Algorithm Identifier Protection Attribute' to Proposed Standard (draft-schaad-smime-algorithm-attribute-05.txt)

The IESG has approved the following document:
- 'Cryptographic Messages Syntax (CMS) Algorithm Identifier Protection
  (draft-schaad-smime-algorithm-attribute-05.txt) as a Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Sean Turner.

A URL of this Internet Draft is:

Technical Summary

An authenticated/signed attribute is defined to protect the algorithm 
definitions of the message body and the signature. Currently this 
information is not included in the signature computation and could 
theoretically be changed without the signature validator knowing. This 
provides an attack avenue on CMS signature and authentication operations 
that currently has no known successful attacks. The new attribute is 

Working Group Summary

There was a small amount of discussion on the working group list if this
should be expanded to include the new authenticated encryption 
algorithms. It was decided that these should be treated separately by any
interested community. The document was considered in the S/MIME working 
group, but there was no push for adoption as it was believed that the 
working group would be shutting down shortly.

Document Quality

The document has been implemented by the author and an example of using 
the attribute can be found in draft-schaad-smime-hash-experiment. There 
are no known plans for vendors to implement this, but I have received 
private email asking as to the status of the document.


Jim Schaad ( is the Document Shepherd.
Sean Turner ( is the Responsible Area Director.