Multiple Signatures in Cryptographic Message Syntax
RFC 5752, “Multiple Signatures in Cryptographic Message Syntax”, is a Proposed Standard document published in January 2010 by S. Turner, J. Schaad. The canonical text is published by the RFC Editor.
Abstract
Cryptographic Message Syntax (CMS) SignedData includes the SignerInfo structure to convey per-signer information. SignedData supports multiple signers and multiple signature algorithms per signer with multiple SignerInfo structures. If a signer attaches more than one SignerInfo, there are concerns that an attacker could perform a downgrade attack by removing the SignerInfo(s) with the \'strong' algorithm(s). This document defines the multiple-signatures attribute, its generation rules, and its processing rules to allow signers to convey multiple SignerInfo objects while protecting against downgrade attacks. Additionally, this attribute may assist during periods of algorithm migration. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 5752 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 5751 Secure/Multipurpose Internet Mail Extensions Version 3.2 Message Specification
- RFC 5753 Use of Elliptic Curve Cryptography Algorithms in Cryptographic Message Syntax
- RFC 5750 Secure/Multipurpose Internet Mail Extensions Version 3.2 Certificate Handling
- RFC 5754 Using SHA2 Algorithms with Cryptographic Message Syntax
- RFC 5749 Distribution of EAP-Based Keys for Handover and Re-Authentication
- RFC 5755 An Internet Attribute Certificate Profile for Authorization
- RFC 5748 IANA Registry Update for Support of the SEED Cipher Algorithm in Multimedia Internet KEYing
- RFC 5756 Updates for RSAES-OAEP and RSASSA-PSS Algorithm Parameters