{"draft":"draft-schaad-smime-algorithm-attribute-05","doc_id":"RFC6211","title":"Cryptographic Message Syntax (CMS) Algorithm Identifier Protection Attribute","authors":["J. Schaad"],"format":["ASCII","HTML"],"page_count":"11","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"IETF - NON WORKING GROUP","abstract":"The Cryptographic Message Syntax (CMS), unlike X.509\/PKIX\r\ncertificates, is vulnerable to algorithm substitution attacks.  In an\r\nalgorithm substitution attack, the attacker changes either the\r\nalgorithm being used or the parameters of the algorithm in order to\r\nchange the result of a signature verification process.  In X.509\r\ncertificates, the signature algorithm is protected because it is\r\nduplicated in the TBSCertificate.signature field with the proviso\r\nthat the validator is to compare both fields as part of the signature\r\nvalidation process.  This document defines a new attribute that\r\ncontains a copy of the relevant algorithm identifiers so that they\r\nare protected by the signature or authentication process.\r\n[STANDARDS-TRACK]","pub_date":"April 2011","keywords":["[--------]","example","s\/mime","SMIME"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6211","errata_url":null}