What is the PKCS#7 detached signature format?

Question

This website claims that (emphasis added):

In PKCS#7 SignedData, attached and detached formats are supported… In detached format, data that is signed is not embedded inside the SignedData package instead it is placed at some external location…

However, RFC2315 seems to define no such "detached" format.

• SignedData comprises:
  • version = INTEGER 1
  • digestAlgorithms: SET OF DigestAlgorithmIdentifier
  • contentInfo, comprising:
    • contentType = data (OBJECT ID “1.2.840.113549.1.7.1”)
    • content: Data = the message that was signed
  • signerInfos: SET OF SignerInfo, each comprising:
    • version = INTEGER 1
    • issuerAndSerialNumber
    • digestAlgorithm: DigestAlgorithmIdentifier
    • encryptedDigest: EncryptedDigest = the low-level signature

Neither SignedData/contentInfo nor ContentInfo/content:data are OPTIONAL; and the former may only be one of the six defined types: data, signedData, envelopedData, signedAndEnvelopedData, digestedData, and encryptedData; I see no detachedData or any similar options. (Choosing digestedData does not resolve it, as ContentInfo/content:digestedData is also non-optional.)

What belongs in the contentInfo field of a detached SignedData object?

Answer 1

From section 7 of RFC 2315:

    3.   The optional omission of the content field makes
         it possible to construct "external signatures," for
         example, without modification to or replication of the
         content to which the signatures apply. In the case of
         external signatures, the content being signed would be
         omitted from the "inner" encapsulated ContentInfo value
         included in the signed-data content type.

So this "external signature" is a detached signature.