draft-ietf-smime-compression-07.txt   rfc3274.txt 
Internet Draft Editor: Peter Gutmann
draft-ietf-smime-compression-07.txt University of Auckland
November 11, 2001
Expires May 2002
Compressed Data Content Type for CMS
Status of this memo Network Working Group P. Gutmann
Request for Comments: 3274 University of Auckland
Category: Standards Track June 2002
This document is an Internet-Draft and is in full conformance with all Compressed Data Content Type for
provisions of Section 10 of RFC2026. Cryptographic Message Syntax (CMS)
Internet-Drafts are working documents of the Internet Engineering Task Status of this Memo
Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months This document specifies an Internet standards track protocol for the
and may be updated, replaced, or obsoleted by other documents at any Internet community, and requests discussion and suggestions for
time. It is inappropriate to use Internet-Drafts as reference material improvements. Please refer to the current edition of the "Internet
or to cite them other than as "work in progress." Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
The list of current Internet-Drafts can be accessed at Copyright Notice
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at Copyright (C) The Internet Society (2002). All Rights Reserved.
http://www.ietf.org/shadow.html.
Abstract Abstract
The Cryptographic Message Syntax data format doesn't currently contain This document defines a format for using compressed data as a
any provisions for compressing data before processing it. Compressing Cryptographic Message Syntax (CMS) content type. Compressing data
data before transmission provides a number of advantages including the before transmission provides a number of advantages, including the
elimination of data redundancy which could help an attacker, speeding elimination of data redundancy which could help an attacker, speeding
up processing by reducing the amount of data to be processed by later up processing by reducing the amount of data to be processed by later
steps such as signing or encryption, and reducing overall message size. steps (such as signing or encryption), and reducing overall message
Although there have been proposals for adding compression at other size. Although there have been proposals for adding compression at
levels (for example at the MIME or SSL level) these don't address the other levels (for example at the MIME or SSL level), these don't
problem of compression of CMS content unless the compression is address the problem of compression of CMS content unless the
supplied by an external means (for example by intermixing MIME and compression is supplied by an external means (for example by
CMS). This document defines a format for using compressed data as a intermixing MIME and CMS).
CMS content type.
1. Introduction 1. Introduction
This document describes a compressed data content type for CMS. This This document describes a compressed data content type for CMS. This
is implemented as a new ContentInfo type and is an extension to the is implemented as a new ContentInfo type and is an extension to the
types currently defined in CMS [RFC2630]. CMS implementations SHOULD types currently defined in CMS [RFC2630]. CMS implementations SHOULD
include support for the CompressedData content type. include support for the CompressedData content type.
The format of the messages are described in ASN.1 [ASN1]. The format of the messages are described in ASN.1 [ASN1].
The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
"RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in [RFC2119]. interpreted as described in [RFC2119].
1.1 Compressed Data Content Type 1.1 Compressed Data Content Type
The compressed-data content type consists of content of any type The compressed-data content type consists of content of any type,
compressed using a specified algorithm. The following object compressed using a specified algorithm. The following object
identifier identifies the compressed-data content type: identifier identifies the compressed-data content type:
id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 } us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 }
The compressed-data content type shall have ASN.1 type CompressedData: The compressed-data content type shall have ASN.1 type
CompressedData:
CompressedData ::= SEQUENCE { CompressedData ::= SEQUENCE {
version CMSVersion, version CMSVersion,
compressionAlgorithm CompressionAlgorithmIdentifier, compressionAlgorithm CompressionAlgorithmIdentifier,
encapContentInfo EncapsulatedContentInfo encapContentInfo EncapsulatedContentInfo
} }
The fields of type CompressedData have the following meanings: The fields of type CompressedData have the following meanings:
version is the syntax version number. It MUST be 0. Details of the version is the syntax version number. It MUST be 0. Details of
CMSVersion type are discussed in CMS [RFC2630], section 10.2.5. the CMSVersion type are discussed in CMS [RFC2630], section
10.2.5.
compressionAlgorithm is a compression algorithm identifier, as compressionAlgorithm is a compression algorithm identifier, as
defined in section 2. defined in section 2.
encapContentInfo is the content which is compressed. Details of the encapContentInfo is the content which is compressed. Details of
EncapsulatedContentInfo type are discussed in CMS [RFC2630], section the EncapsulatedContentInfo type are discussed in CMS [RFC2630],
5.2. section 5.2.
Implementations SHOULD use the SMIMECapabilities attribute to indicate Implementations SHOULD use the SMIMECapabilities attribute to
their ability to process compressed content types. Details of indicate their ability to process compressed content types. Details
SMIMECapabilities are discussed in MSG [RFC2633], section 2.5.2 of SMIMECapabilities are discussed in MSG [RFC2633], section 2.5.2.
A compression SMIMECapability consists of the AlgorithmIdentifier for A compression SMIMECapability consists of the AlgorithmIdentifier for
the supported compression algorithm, in the case of the algorithm the supported compression algorithm. In the case of the algorithm
specified in this document this is id-alg-zlibCompression as specified specified in this document, this is id-alg-zlibCompression, as
in section 2. Alternatively, the use of compression may be handled by specified in section 2. Alternatively, the use of compression may be
prior arrangement (for example as part of an interoperability profile). handled by prior arrangement (for example as part of an
interoperability profile).
The SMIMECapability SEQUENCE representing the ability to process The SMIMECapability SEQUENCE representing the ability to process
content compressed with the algorithm identified by id-alg- content compressed with the algorithm identified by id-alg-
zlibCompression MUST be DER-encoded as the following hexadecimal zlibCompression MUST be DER-encoded as the following hexadecimal
string: string:
30 0D 06 0B 2A 86 48 86 F7 0D 01 09 10 03 08 30 0D 06 0B 2A 86 48 86 F7 0D 01 09 10 03 08
(but see also the implementation note in section 2.1). (but see also the implementation note in section 2.1).
2. Compression Types 2. Compression Types
CMS implementations that support the CompressedData content type MUST CMS implementations that support the CompressedData content type MUST
include support for the ZLIB compression algorithm [RFC1950] [RFC1951], include support for the ZLIB compression algorithm [RFC1950]
which has a freely-available, portable and efficient reference [RFC1951], which has a freely-available, portable and efficient
implementation. The following object identifier identifies ZLIB: reference implementation. The following object identifier identifies
ZLIB:
id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 } us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }
This algorithm has no parameters. The parameters field SHOULD be This algorithm has no parameters. The parameters field SHOULD be
encoded as omitted, but MAY be encoded as NULL (see the implemenation encoded as omitted, but MAY be encoded as NULL (see the
note in section 2.1). implementation note in section 2.1).
2.1. Implementation notes 2.1. Implementation notes
ZLIB allows for a number of compression levels ranging from good but ZLIB allows for a number of compression levels ranging from good but
slow compression to less good but fast compression. The compression slow compression, to less good but fast compression. The compression
level is always compatible with the decompression algorithm, so there level is always compatible with the decompression algorithm, so there
is no need to specify the compression level as an algorithm parameter. is no need to specify the compression level as an algorithm
parameter.
There are two possible encodings for the ZLIB null parameters field There are two possible encodings for the ZLIB null parameters field
which arise from the fact that when the 1988 syntax for which arise from the fact that when the 1988 syntax for
AlgorithmIdentifier was translated into the 1997 syntax, the OPTIONAL AlgorithmIdentifier was translated into the 1997 syntax, the OPTIONAL
associated with the AlgorithmIdentifier parameters got lost. Later it associated with the AlgorithmIdentifier parameters got lost. Later
was recovered via a defect report, but by then everyone thought that it was recovered via a defect report, but by then, everyone thought
algorithm parameters were mandatory. Because of this some that algorithm parameters were mandatory. Because of this, some
implementations will encode null parameters as an ASN.1 NULL element implementations will encode null parameters as an ASN.1 NULL element
and some will omit them entirely (see for example section 12 of CMS and some will omit them entirely (see for example section 12 of CMS
[RFC2630]). Although the correct encoding is to omit the parameters [RFC2630]). Although the correct encoding is to omit the parameters
field, implementations may encounter encodings which use an ASN.1 NULL field, implementations may encounter encodings which use an ASN.1
element for the parameters. NULL element for the parameters.
3. Security Considerations 3. Security Considerations
This RFC is not concerned with security, except for the fact that This RFC is not concerned with security, except for the fact that
compressing data before encryption can enhance the security provided by compressing data before encryption can enhance the security provided
other processing steps by reducing the quantity of known plaintext by other processing steps by reducing the quantity of known plaintext
available to an attacker. However, implementations should be aware of available to an attacker. However, implementations should be aware
possible security threats of combining security sensitive material with of possible security threats of combining security sensitive material
possibly untrusted data before the compression and encryption. This is with possibly untrusted data before the compression and encryption.
because information about the sensitive data may be inferred from This is because information about the sensitive data may be inferred
knowing the untrusted data and the compression ratio. from knowing the untrusted data and the compression ratio.
4. IANA Considerations 4. IANA Considerations
The CompressedData content type and compression algorithms are The CompressedData content type and compression algorithms are
identified by object identifiers (OIDs). OIDs were assigned from an identified by object identifiers (OIDs). OIDs were assigned from an
arc contributed to the S/MIME Working Group by RSA Security. Should arc contributed to the S/MIME Working Group by RSA Security. Should
additional compression algorithms be introduced, the advocates for such additional compression algorithms be introduced, the advocates for
algorithms are expected to assign the necessary OIDs from their own such algorithms are expected to assign the necessary OIDs from their
arcs. No action by the IANA is necessary for this document or any own arcs. No action by the IANA is necessary for this document or
anticipated updates. any anticipated updates.
Author Address
Peter Gutmann
University of Auckland
Private Bag 92019
Auckland, New Zealand
pgut001@cs.auckland.ac.nz
References References
ASN1 CCITT Recommendation X.208: Specification of Abstract Syntax [ASN1] CCITT Recommendation X.208: Specification of Abstract
Notation One (ASN.1), 1988. Syntax Notation One (ASN.1), 1988.
RFC2119 Key Words for Use in RFC's to Indicate Requirement Levels, [RFC2119] Bradner, S., "Key Words for Use in RFC's to Indicate
S.Bradner, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
RFC1950 ZLIB Compressed Data Format Specification version 3.3, [RFC1950] Deutsch, P. and J-L Gailly, "ZLIB Compressed Data Format
P.Deutsch and J-L Gailly, May 1996. Specification version 3.3", RFC 1950, May 1996.
RFC1951 DEFLATE Compressed Data Format Specification version 1.3, [RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification
P.Deutsch, May 1996. version 1.3", RFC 1951, May 1996.
RFC2630 Cryptographic Message Syntax, R.Housley, June 1999. [RFC2630] Housley, R., "Cryptographic Message Syntax", RFC 2630, June
1999.
RFC2633 S/MIME Version 3 Message Specification, B.Ramsdell, June [RFC2633] Rmasdell, B., "S/MIME Version 3 Message Specification", RFC
1999. 2633, June 1999.
Appendix A: ASN.1 Module Appendix A: ASN.1 Module
CompressedDataContent CompressedDataContent
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) compress(11) } smime(16) modules(0) compress(11) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
IMPORTS IMPORTS
CMSVersion, EncapsulatedContentInfo FROM CryptographicMessageSyntax CMSVersion, EncapsulatedContentInfo FROM CryptographicMessageSyntax
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) } pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) }
AlgorithmIdentifier FROM AuthenticationFramework AlgorithmIdentifier FROM AuthenticationFramework
{ joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3 }; { joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3 };
CompressedData ::= SEQUENCE { CompressedData ::= SEQUENCE {
version CMSVersion, -- Always set to 0 version CMSVersion, -- Always set to 0
compressionAlgorithm CompressionAlgorithmIdentifier, compressionAlgorithm CompressionAlgorithmIdentifier,
encapContentInfo EncapsulatedContentInfo encapContentInfo EncapsulatedContentInfo
} }
CompressionAlgorithmIdentifier ::= AlgorithmIdentifier CompressionAlgorithmIdentifier ::= AlgorithmIdentifier
-- Algorithm Identifiers
id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 } us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }
-- Content Type Object Identifiers
id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 } us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 }
END END
Author Address
Peter Gutmann
University of Auckland
Private Bag 92019
Auckland, New Zealand
EMail: pgut001@cs.auckland.ac.nz
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society 2001. All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or others, and derivative works that comment on or otherwise explain it
assist in its implementation may be prepared, copied, published and or assist in its implementation may be prepared, copied, published
distributed, in whole or in part, without restriction of any kind, and distributed, in whole or in part, without restriction of any
provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing the document itself may not be modified in any way, such as by removing
copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of developing Internet organizations, except as needed for the purpose of
Internet standards in which case the procedures for copyrights defined developing Internet standards in which case the procedures for
in the Internet Standards process must be followed, or as required to copyrights defined in the Internet Standards process must be
translate it into languages other than English. followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 51 change blocks. 
168 lines changed or deleted 170 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/