Internet Engineering Task Force (IETF) J. Schaad Request for Comments: 6211 Soaring Hawk Consulting Category: Standards Track April 2011 ISSN: 2070-1721Cryptographic Message Syntax (CMS)Algorithm Identifier Protection AttributeAbstractThe Cryptographic Message Syntax (CMS), unlike X.509/PKIXcertificates, is vulnerable to algorithm substitution attacks. In an algorithm substitution attack, the attacker changes either thealgorithm being used or the parameters of the algorithm in order tochange the result of a signature verification process. In X.509certificates, the signature algorithm is protected because it isduplicated in the TBSCertificate.signature field with the provisothat the validator is to compare both fields as part of the signature validation process. This document defines a new attribute thatcontains a copy of the relevant algorithm identifiers so that theyare protected by the signature or authentication process.Status of This MemoThis is an Internet Standards Track document.This document is a product of the Internet Engineering Task Force(IETF). It represents the consensus of the IETF community. It hasreceived public review and has been approved for publication by theInternet Engineering Steering Group (IESG). Further information onInternet Standards is available in Section 2 of RFC 5741.Information about the current status of this document, any errata,and how to provide feedback on it may be obtained athttp://www.rfc-editor.org/info/rfc6211.Schaad Standards Track [Page 1]
本文来源:https://www.2haoxitong.net/k/doc/4656846c58fafab069dc024f.html
