[openssl-dev] Signing Internet-Drafts and RFCs
Russ Housley
housley at vigilsec.com
Wed May 11 21:03:55 UTC 2016
Today, the IETF uses OpenSSL to digitally sign Internet-Drafts. If you care about the details, please see RFC 5485.
We are looking to expand Internet-Draft signing, and start signing RFCs as well. Someone has suggested that we support RFC 5126, "CMS Advanced Electronic Signatures (CAdES)”. This would mean including some signed attributes that we do not currently use.
A CAdES Basic Electronic Signature (CAdES-BES) must include these signed attributes:
- Content-type — I know OpenSSL supports this one.
- Message-digest — I know OpenSSL supports this one.
- ESS signing-certificate-v2 — I cannot tell if this is supported.
The ESS signing-certificate-v2 attribute is defined in RFC 5035. I am interested in using it with SHA-256. Is it supported? If not, what would need to happen to get it supported?
Russ
More information about the openssl-dev
mailing list