Razumain
commented
2 years ago It turns out that CMS that is used to sign the CMC Request has a field for signingTime that can be used for this purpose. This is much better than to define a new attribute.
This issue is closed. No action required.
CMC (RFC 5272) is using nonce data to support replay protection. However the protocol does not specify how to include a time when the request was made, making replay protection very hard in practice.
CMC is extensible and allow creation of custom request and response data in the form or control attributes.
To support our use of CMC we need to specify an OID for MessageTime control attribute with the ASN.1 structure of GeneralizedTime according to section 6 of RFC 5272.
This issue reserves the following ASN.1 OID:s for this purpose:
id-cmc OBJECT IDENTIFIER ::= { id-eleg 6 } -- CMC control attributes RFC 5272
-- CMC Control Attributes id-cmc-messageTime OBJECT IDENTIFIER ::= {id-cmc 1} -- Message creation time for CMC requests and responses