IETF RFC 5816 PDF

Introduction

The time-stamping protocol defined in RFC 3161 [RFC3161] requires that the Cryptographic Message Syntax (CMS) SignedData [RFC5652], used to apply a digital signature on the time-stamp token, include a signed attribute that identifies the signer's certificate.

This identifier only allows SHA-1 [SHA1] to be used as the hash algorithm to generate the identifier value.

The mechanism used in [RFC3161] employed ESSCertID from RFC 2634 [ESS]. RFC 5035 [ESSV2] updated ESSCertID with ESSCertIDv2 to allow the use of any hash algorithm.

The changes to RFC 3161 [RFC3161] defined in this document allow ESSCertIDv2 to be used to include an identifier of the signing certificate as defined in RFC 5035 [ESSV2].