Protocol Action: 'ESS Update: Adding CertID Algorithm Agility' to Proposed Standard

The IESG <> Mon, 21 May 2007 22:41 UTC

Return-path: <>
Received: from [] ( by with esmtp (Exim 4.43) id 1HqGZ7-0003TH-V3; Mon, 21 May 2007 18:41:21 -0400
Received: from [] ( by with esmtp (Exim 4.43) id 1HqGZ5-0003Ra-Bj for; Mon, 21 May 2007 18:41:19 -0400
Received: from ([]) by with esmtp (Exim 4.43) id 1HqGZ4-0007FP-1G for; Mon, 21 May 2007 18:41:19 -0400
Received: from ( []) by (Postfix) with ESMTP id E60502ACB0; Mon, 21 May 2007 22:40:47 +0000 (GMT)
Received: from ietf by with local (Exim 4.43) id 1HqGYZ-0000DE-Mn; Mon, 21 May 2007 18:40:47 -0400
X-test-idtracker: no
From: The IESG <>
To: IETF-Announce <>
Message-Id: <>
Date: Mon, 21 May 2007 18:40:47 -0400
X-Spam-Score: -2.8 (--)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
Cc: Internet Architecture Board <>, smime chair <>, smime mailing list <>, RFC Editor <>
Subject: Protocol Action: 'ESS Update: Adding CertID Algorithm Agility' to Proposed Standard
X-Mailman-Version: 2.1.5
Precedence: list
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

The IESG has approved the following document:

- 'ESS Update: Adding CertID Algorithm Agility '
   <draft-ietf-smime-escertid-06.txt> as a Proposed Standard

This document is the product of the S/MIME Mail Security Working Group. 

The IESG contact persons are Tim Polk and Sam Hartman.

A URL of this Internet-Draft is:

Technical Summary

  This document updates RFC 2634, which defines the SigningCertificate
  attribute among many other things.  The SigningCertificate attribute
  makes use of ESSCertID, a structure for cryptographically binding the
  signer's certificate.  The ESSCertID structure was hardwired to use
  the SHA-1 one-way hash function.  This document specifies a
  replacement algorithm agile structure, and it defines a new attribute
  that uses it.

Working Group Summary

  This document has been reviewed by the S/MIME Working Group, and there
  is solid support for the document.  Many enterprises are looking to
  ensure S/MIME is not tied to SHA-1.

Protocol Quality

  This document updates RFC 2634.  Clear guidance is given as to what
  sections are replaced, while the remaining text is unaltered.  Version
  numbers are used to allow for easier implementation.

  This document was reviewed by Tim Polk for the IESG.

Note to RFC Editor

  In section 6., please make the following change:


   certHash  is computed over the entire DER encoded certificate
      (including the signature).


   certHash  is computed over the entire DER encoded certificate
      (including the signature) using the SHA-1 algorithm.

  In section 7., please append the following text as new closing

   The attributes defined in this document permit a signer to select a
   hash algorithm to identify a certificate.  A poorly selected hash
   algorithm may provide inadequate protection against certificate
   substitution or result in denial of service for this protection.  By
   employing the attributes defined in this specification with the same
   hash algorithm used for message signing, the sender can ensure that
   these attributes provide commensurate security.

   Since recipients must support the hash algorithm to verify the
   signature, selecting the same hash algorithm also increases the
   likelihood that the hash algorithm is supported in the context of
   certificate identification.  Note that an unsupported hash algorithm
   for certificate identification does not preclude validating the message

   but does deny the message recipient protection against certificate

   To ensure that legacy implementations are provided protection against
   certificate substitution, clients are permitted to include both
ESScertID and ESScertIDv2 in the same message.  Since these attributes are

   generated and evaluated independently, the contents could conceivably
   be in conflict.  Specifically, where a signer has multiple certificates

   containing the same public key, the two attributes could specify
   different signing certificates.  The result of signature processing may

   vary depending on which certificate is used to validate the signature.

   Recipients that attempt to evaluate both attributes may choose to
reject such a message.

IETF-Announce mailing list