Jeffrey Petit via RT
2012-07-17 13:24:22 UTC
I reviewed differences between S/MIME 3.1 vs. 3.2. The OpenSSL cms
utility advertises S/MIME 3.1 support which prompted me to perform
this review.
1) "Section 3.4.3.2: Replace micalg parameter for SHA-1 with sha-1".
RFC 3851 (S/MIME v3.1) states:
--------------------------------------
The micalg parameter allows for one-pass processing when the
signature is being verified. The value of the micalg parameter is
dependent on the message digest algorithm(s) used in the calculation
of the Message Integrity Check. If multiple message digest
algorithms are used they MUST be separated by commas per [MIME-
SECURE]. The values to be placed in the micalg parameter SHOULD be
from the following:
Algorithm Value used
MD5 md5
SHA-1 sha1
SHA-256 sha256
SHA-384 sha384
SHA-512 sha512
Any other (defined separately in algorithm profile or "unknown"
if not defined)
--------------------------------------
RFC 5751 (S/MIME v3.2) states:
--------------------------------------
The micalg parameter allows for one-pass processing when the
signature is being verified. The value of the micalg parameter is
dependent on the message digest algorithm(s) used in the calculation
of the Message Integrity Check. If multiple message digest
algorithms are used, they MUST be separated by commas per [MIME-
SECURE]. The values to be placed in the micalg parameter SHOULD be
from the following:
Algorithm Value Used
MD5 md5
SHA-1 sha-1
SHA-224 sha-224
SHA-256 sha-256
SHA-384 sha-384
SHA-512 sha-512
Any other (defined separately in algorithm profile or "unknown"
if not defined)
--------------------------------------
The CMS command should be made S/MIME v3.2 compliant, which to my
knowledge, only involves changing the micalg parameter.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
utility advertises S/MIME 3.1 support which prompted me to perform
this review.
1) "Section 3.4.3.2: Replace micalg parameter for SHA-1 with sha-1".
RFC 3851 (S/MIME v3.1) states:
--------------------------------------
The micalg parameter allows for one-pass processing when the
signature is being verified. The value of the micalg parameter is
dependent on the message digest algorithm(s) used in the calculation
of the Message Integrity Check. If multiple message digest
algorithms are used they MUST be separated by commas per [MIME-
SECURE]. The values to be placed in the micalg parameter SHOULD be
from the following:
Algorithm Value used
MD5 md5
SHA-1 sha1
SHA-256 sha256
SHA-384 sha384
SHA-512 sha512
Any other (defined separately in algorithm profile or "unknown"
if not defined)
--------------------------------------
RFC 5751 (S/MIME v3.2) states:
--------------------------------------
The micalg parameter allows for one-pass processing when the
signature is being verified. The value of the micalg parameter is
dependent on the message digest algorithm(s) used in the calculation
of the Message Integrity Check. If multiple message digest
algorithms are used, they MUST be separated by commas per [MIME-
SECURE]. The values to be placed in the micalg parameter SHOULD be
from the following:
Algorithm Value Used
MD5 md5
SHA-1 sha-1
SHA-224 sha-224
SHA-256 sha-256
SHA-384 sha-384
SHA-512 sha-512
Any other (defined separately in algorithm profile or "unknown"
if not defined)
--------------------------------------
The CMS command should be made S/MIME v3.2 compliant, which to my
knowledge, only involves changing the micalg parameter.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org