draft-ietf-smime-escertid-05.txt   draft-ietf-smime-escertid-06.txt 
Network Working Group J. Schaad Network Working Group J. Schaad
Internet-Draft Soaring Hawk Consulting Internet-Draft Soaring Hawk Consulting
Updates: 2634 (if approved) March 22, 2007 Updates: 2634 (if approved) April 24, 2007
Intended status: Standards Track Intended status: Standards Track
Expires: September 23, 2007 Expires: October 26, 2007
ESS Update: Adding CertID Algorithm Agility ESS Update: Adding CertID Algorithm Agility
draft-ietf-smime-escertid-05.txt draft-ietf-smime-escertid-06.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 35 skipping to change at page 1, line 35
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 23, 2007. This Internet-Draft will expire on October 26, 2007.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
Abstract Abstract
In the original Enhanced Security Services for S/MIME document (RFC In the original Enhanced Security Services for S/MIME document (RFC
2634), a structure for cryptographically linking the certificate to 2634), a structure for cryptographically linking the certificate to
be used in validation with the signature was introduced, this be used in validation with the signature was introduced, this
skipping to change at page 2, line 29 skipping to change at page 2, line 29
2. Replace Section 5.4 'Signing Certificate Attribute 2. Replace Section 5.4 'Signing Certificate Attribute
Definitions' . . . . . . . . . . . . . . . . . . . . . . . . . 4 Definitions' . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Insert new section 5.4.1 'Signing Certificate Attribute 3. Insert new section 5.4.1 'Signing Certificate Attribute
Definition Version 2' . . . . . . . . . . . . . . . . . . . . 5 Definition Version 2' . . . . . . . . . . . . . . . . . . . . 5
4. Insert new section 5.4.1.1 'Certificate Identification 4. Insert new section 5.4.1.1 'Certificate Identification
Version 2' . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Version 2' . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5. Insert new section 5.4.2 ' Signing Certificate Attribute 5. Insert new section 5.4.2 ' Signing Certificate Attribute
Defintion Version 1 . . . . . . . . . . . . . . . . . . . . . 9 Defintion Version 1 . . . . . . . . . . . . . . . . . . . . . 9
6. Insert new section 5.4.2.1 Certificate Identification 6. Insert new section 5.4.2.1 Certificate Identification
Version 1 . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Version 1 . . . . . . . . . . . . . . . . . . . . . . . . . . 11
7. Normative References . . . . . . . . . . . . . . . . . . . . . 12 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12
Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 13 8. Normative References . . . . . . . . . . . . . . . . . . . . . 13
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 18 Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 14
Intellectual Property and Copyright Statements . . . . . . . . . . 19 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 19
Intellectual Property and Copyright Statements . . . . . . . . . . 20
1. Introduction 1. Introduction
In the original Enhanced Security Services (ESS) for S/MIME document In the original Enhanced Security Services (ESS) for S/MIME
[ESS], a structure for cryptographically linking the certificate to document[ESS], a structure for cryptographically linking the
be used in validation with the signature was defined. This certificate to be used in validation with the signature was defined.
structure, called ESSCertID was hardwired to use a SHA-1 hash value. This structure, called ESSCertID, identifies a certificate by its
The recent attacks on SHA-1 require that we define a new attribute hash. The structure is hardwired to use a SHA-1 hash value. The
which allows for the use of a different algorithms. This document recent attacks on SHA-1 require that we define a new attribute which
performs that task. allows for the use of different algorithms. This document performs
that task.
This document defines the structure ESSCertIDv2 along with a new This document defines the structure ESSCertIDv2 along with a new
attribute SigningCertificateV2 which uses the updated structure. attribute SigningCertificateV2 which uses the updated structure.
This document allows for the structure to have algorithm agility and This document allows for the structure to have algorithm agility by
defines new attributes to deal with the updating. including an algorithm identifier and defines a new signed attribute
to use the new structure..
This document specifies the continued use of ESSCertID to ensure
compatiblity when SHA-1 is used to for certificate disamiguation.
1.1. Notation 1.1. Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1.2. Updates to RFC 2634 1.2. Updates to RFC 2634
This document updates section 5.4 of RFC 2634. Once the updates are This document updates section 5.4 of RFC 2634. Once the updates are
skipping to change at page 4, line 7 skipping to change at page 4, line 7
5.4.1.1 Certificate Identification Version 2 5.4.1.1 Certificate Identification Version 2
5.4.2 Signing Certificate Attribute Definition Version 1 5.4.2 Signing Certificate Attribute Definition Version 1
5.4.2.1 Certificate Identification Version 1 5.4.2.1 Certificate Identification Version 1
In addition, the ASN.1 module in Appendix A is replaced. In addition, the ASN.1 module in Appendix A is replaced.
2. Replace Section 5.4 'Signing Certificate Attribute Definitions' 2. Replace Section 5.4 'Signing Certificate Attribute Definitions'
5.4 Signing Certificate Attribute Definiitions 5.4 Signing Certificate Attribute Definitions
The signing certificate attribute is designed to prevent simple The signing certificate attribute is designed to prevent simple
substitution and re-issue attacks, and to allow for a restricted set substitution and re-issue attacks, and to allow for a restricted set
of certificates to be used in verifying a signature. of certificates to be used in verifying a signature.
Two different attributes exist for this due to a flaw in the original Two different attributes exist for this due to a flaw in the original
design. The only substantial difference between the two attributes design. The only substantial difference between the two attributes
is that SigningCertificateV2 allows for hash algorithm agility, while is that SigningCertificateV2 allows for hash algorithm agility, while
SigningCertificate forces the use of the SHA-1 hash algorithm. With SigningCertificate forces the use of the SHA-1 hash algorithm. With
the recent advances in the ability to create hash collisions for the recent advances in the ability to create hash collisions for
SHA-1 it is wise to move forward sooner rather than later. SHA-1 it is wise to move forward sooner rather than later.
When the SHA-1 hash function is used, the SigningCertificate When the SHA-1 hash function is used, the SigningCertificate
attribute MUST be used. The SigningCertificateV2 attribute MUST be attribute MUST be used. The SigningCertificateV2 attribute MUST be
used if any algorithm other than SHA-1 is used and SHOULD NOT be used used if any algorithm other than SHA-1 is used and SHOULD NOT be used
for SHA-1. Applications SHOULD recognize both attributes as long as for SHA-1. Applications SHOULD recognize both attributes as long as
they consider SHA-1 able to distinguish between two different they consider SHA-1 able to distinguish between two different
certificates. (I.e. the possibility of a collision is sufficently certificates. (I.e. the possibility of a collision is sufficiently
low.) low.) If both attributes exist in a single message they are
independently evaluated.
Four cases exist which need to be taken into account when using this Four cases exist which need to be taken into account when using this
attribute for correct processing: attribute for correct processing:
1. Signature Validates and the hashes match: This is the success 1. Signature Validates and the hashes match: This is the success
case. case.
2. Signature Validates and the hashes do not match: In this case the 2. Signature Validates and the hashes do not match: In this case the
certificate contained the correct public key, but the certificate certificate contained the correct public key, but the certificate
containing the public key is not the one that the signer intended containing the public key is not the one that the signer intended
skipping to change at page 6, line 10 skipping to change at page 6, line 10
access to all the certificates required for validation. If only access to all the certificates required for validation. If only
the signing certificate is present in the sequence, there are no the signing certificate is present in the sequence, there are no
restrictions on the set of certificates used in validating the restrictions on the set of certificates used in validating the
signature. signature.
policies contains a sequence of policy information terms that policies contains a sequence of policy information terms that
identify those certificate policies that the signer asserts apply identify those certificate policies that the signer asserts apply
to the certificate, and under which the certificate should be to the certificate, and under which the certificate should be
relied upon. This value suggests a policy value to be used in the relied upon. This value suggests a policy value to be used in the
relying party's certification path validation. The definition of relying party's certification path validation. The definition of
PolicyInformation can be found in [PKIXCERT]. PolicyInformation can be found in[RFC3280].
If present, the SigningCertificateV2 attribute MUST be a signed If present, the SigningCertificateV2 attribute MUST be a signed
attribute; it MUST NOT be an unsigned attribute. CMS defines attribute; it MUST NOT be an unsigned attribute. CMS defines
SignedAttributes as a SET OF Attribute. A SignerInfo MUST NOT SignedAttributes as a SET OF Attribute. A SignerInfo MUST NOT
include multiple instances of the SigningCertificate attribute. CMS include multiple instances of the SigningCertificateV2 attribute.
defines the ASN.1 syntax for the signed attributes to include CMS defines the ASN.1 syntax for the signed attributes to include
attrValues SET OF AttributeValue. A SigningCertificate attribute attrValues SET OF AttributeValue. A SigningCertificateV2 attribute
MUST include only a single instance of AttributeValue. There MUST MUST include only a single instance of AttributeValue. There MUST
NOT be zero or multiple instances of AttributeValue present in the NOT be zero or multiple instances of AttributeValue present in the
attrValues SET OF AttributeValue. attrValues SET OF AttributeValue.
4. Insert new section 5.4.1.1 'Certificate Identification Version 2' 4. Insert new section 5.4.1.1 'Certificate Identification Version 2'
Insert the following text as a new section Insert the following text as a new section.
5.4.1.1 Certificate Identification Version 2 5.4.1.1 Certificate Identification Version 2
The best way to identify certificates is an often-discussed issue. The best way to identify certificates is an often-discussed issue.
The ESSCertIDv2 structure supplies two different fields that are used The ESSCertIDv2 structure supplies two different fields that are used
for this purpose. for this purpose.
The hash of the entire certificate allows for a verifier to check The hash of the entire certificate allows for a verifier to check
that the certificate used in the verification process was the same that the certificate used in the verification process was the same
certificate the signer intended. Hashes are convenient in that they certificate the signer intended. Hashes are convenient in that they
are frequently used by certificate stores as a method of indexing and are frequently used by certificate stores as a method of indexing and
retrieving certificates as well. The use of the hash is required by retrieving certificates as well. The use of the hash is required by
this structure since the detection of substituted certificates is this structure since the detection of substituted certificates is
based on the fact they would map to different hash values. based on the fact they would map to different hash values.
The issuer/serial number pair is the method of identification of The issuer/serial number pair is the method of identification of
certificates used in [PKIXCERT]. That document imposes a restriction certificates used in[RFC3280]. That document imposes a restriction
for certificates that the issuer distinguished name must be present. for certificates that the issuer distinguished name must be present.
The issuer/serial number pair would therefore normally be sufficient The issuer/serial number pair would therefore normally be sufficient
to identify the correct signing certificate. (This assumes the same to identify the correct signing certificate. (This assumes the same
issuer name is not re-used from the set of trust anchors.) The issuer name is not re-used from the set of trust anchors.) The
issuer/serial number pair can be stored in the sid field of the issuer/serial number pair can be stored in the sid field of the
SignerInfo object. However the sid field is not covered by the SignerInfo object. However the sid field is not covered by the
signature. In the cases where the issuer/serial number pair is not signature. In the cases where the issuer/serial number pair is not
used in the sid or the issuer/serial number pair needs to be signed, used in the sid or the issuer/serial number pair needs to be signed,
it SHOULD be placed in the issuerSerial field of the ESSCertIDv2 it SHOULD be placed in the issuerSerial field of the ESSCertIDv2
structure. structure.
skipping to change at page 8, line 21 skipping to change at page 8, line 21
Hash ::= OCTET STRING Hash ::= OCTET STRING
IssuerSerial ::= SEQUENCE { IssuerSerial ::= SEQUENCE {
issuer GeneralNames, issuer GeneralNames,
serialNumber CertificateSerialNumber serialNumber CertificateSerialNumber
} }
The fields of ESSCertIDv2 are defined as follows: The fields of ESSCertIDv2 are defined as follows:
hashAlg contains the identifier of the algorithm used in computing hashAlgorithm contains the identifier of the algorithm used in
certHash. computing certHash.
certHash is computed over the entire DER encoded certificate certHash is computed over the entire DER encoded certificate
including the signature. including the signature.
issuerSerial holds the identification of the certificate. The issuerSerial holds the identification of the certificate. The
issuerSerial would normally be present unless the value can be issuerSerial would normally be present unless the value can be
inferred from other information (e.g. the sid field of the inferred from other information (e.g. the sid field of the
SignerInfo object). SignerInfo object).
The fields of IssuerSerial are defined as follows: The fields of IssuerSerial are defined as follows:
skipping to change at page 9, line 8 skipping to change at page 9, line 8
name from the certificate encoded in the directoryName choice of name from the certificate encoded in the directoryName choice of
GeneralNames. For attribute certificates, the issuer MUST contain GeneralNames. For attribute certificates, the issuer MUST contain
the issuer name field from the attribute certificate. the issuer name field from the attribute certificate.
serialNumber holds the serial number that uniquely identifies the serialNumber holds the serial number that uniquely identifies the
certificate for the issuer. certificate for the issuer.
5. Insert new section 5.4.2 ' Signing Certificate Attribute Defintion 5. Insert new section 5.4.2 ' Signing Certificate Attribute Defintion
Version 1 Version 1
(Note: This section does not present new material. This section
contains the original contents of Section 5.4 in [ESS], which are
retained with minor changes in this specification to achive backwards
compatibility.)
Insert the following text as a new section.
5.4.2 Signing Certificate Attribute Definition Version 1 5.4.2 Signing Certificate Attribute Definition Version 1
The signing certificate attribute is designed to prevent the simple The signing certificate attribute is designed to prevent the simple
substitution and re-issue attacks, and to allow for a restricted set substitution and re-issue attacks, and to allow for a restricted set
of certificates to be used in verifying a signature. of certificates to be used in verifying a signature.
The definition of SigningCertificate is The definition of SigningCertificate is
SigningCertificate ::= SEQUENCE { SigningCertificate ::= SEQUENCE {
certs SEQUENCE OF ESSCertID, certs SEQUENCE OF ESSCertID,
skipping to change at page 11, line 7 skipping to change at page 11, line 7
SignedAttributes as a SET OF Attribute. A SignerInfo MUST NOT SignedAttributes as a SET OF Attribute. A SignerInfo MUST NOT
include multiple instances of the SigningCertificate attribute. CMS include multiple instances of the SigningCertificate attribute. CMS
defines the ASN.1 syntax for the signed attributes to include defines the ASN.1 syntax for the signed attributes to include
attrValues SET OF AttributeValue. A SigningCertificate attribute attrValues SET OF AttributeValue. A SigningCertificate attribute
MUST include only a single instance of AttributeValue. There MUST MUST include only a single instance of AttributeValue. There MUST
NOT be zero or multiple instances of AttributeValue present in the NOT be zero or multiple instances of AttributeValue present in the
attrValues SET OF AttributeValue. attrValues SET OF AttributeValue.
6. Insert new section 5.4.2.1 Certificate Identification Version 1 6. Insert new section 5.4.2.1 Certificate Identification Version 1
(Note: This section does not present new material. This section
contains the original contents of Section 5.4 in [ESS], which are
retained with minor changes in this specification to achive backwards
compatibility.)
Delete old section 5.4.1 Delete old section 5.4.1
Insert the following as new text Insert the following as new text
5.4.2.1 Certificate Identification Version 1 5.4.2.1 Certificate Identification Version 1
Certificates are uniquely identified using the information in the Certificates are uniquely identified using the information in the
ESSCertID structure. Discussion can be found in section 5.4.1.1. ESSCertID structure. Discussion can be found in section 5.4.1.1.
This document defines a certificate identifier as: This document defines a certificate identifier as:
ESSCertID ::= SEQUENCE { ESSCertID ::= SEQUENCE {
certHash Hash, certHash Hash,
issuerSerial IssuerSerial OPTIONAL issuerSerial IssuerSerial OPTIONAL
} }
The fields of ESSCertID are defined as follows: The fields of ESSCertID are defined as follows:
certHash is computed over the entire DER encoded certifiate certHash is computed over the entire DER encoded certificate
(including the signature). (including the signature).
issuerSerial holds the identification of the certificate. This issuerSerial holds the identification of the certificate. This
field would normally be present unless the value can be inferred field would normally be present unless the value can be inferred
from other information (e.g. the sid field of the SignerInfo from other information (e.g. the sid field of the SignerInfo
object). object).
The fields of IssuerSerial are discussed in section 5.4.1.1 The fields of IssuerSerial are discussed in section 5.4.1.1
7. Normative References 7. Security Considerations
This document is designed to address the security issue of a
substituted certificate used by the validator. If a different
certificate is used by the validator than the signer the validator
may not get the correct result. An example of this would be that the
original certificate was revoked and a new certificate with the same
public key was issued for a different individual. Since the issuer/
serial number field is not protected the attacker could replace this
and point to the new certificate and validation would be successful.
The attributes defined in this document are to be placed in locations
that are protected by the signature. This attribute does not provide
any additional security if placed in an un-signed or un-authenticated
location.
8. Normative References
[ESS] Hoffman, P., "Enhanced Security Services for S/MIME", [ESS] Hoffman, P., "Enhanced Security Services for S/MIME",
RFC 2634, June 1999. RFC 2634, June 1999.
[PKIXCERT]
Housley, R., Ford, W., Polk, W., and D. Solo, "Internet
X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile", RFC 3280,
April 2002.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, BCP 14, March 1997. Requirement Levels", RFC 2119, BCP 14, March 1997.
[RFC3280] Housley, R., Ford, W., Polk, W., and D. Solo, "Internet [RFC3280] Housley, R., Ford, W., Polk, W., and D. Solo, "Internet
X.509 Public Key Infrastructure Certificate and X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile", RFC 3280, Certificate Revocation List (CRL) Profile", RFC 3280,
April 2002. April 2002.
[RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)", [RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)",
RFC 3852, July 2004. RFC 3852, July 2004.
skipping to change at page 13, line 12 skipping to change at page 14, line 12
[RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)", [RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)",
RFC 3852, July 2004. RFC 3852, July 2004.
Appendix A. ASN.1 Module Appendix A. ASN.1 Module
Replace the ASN.1 module in RFC 2634 with this one. Replace the ASN.1 module in RFC 2634 with this one.
ExtendedSecurityServices-2006 ExtendedSecurityServices-2006
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006(30) } pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006(30) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
IMPORTS IMPORTS
-- Cryptographic Message Syntax (CMS) [RFC 3852] -- Cryptographic Message Syntax (CMS) [RFC 3852]
ContentType, IssuerAndSerialNumber, SubjectKeyIdentifier ContentType, IssuerAndSerialNumber, SubjectKeyIdentifier
FROM CryptographicMessageSyntax2004 { iso(1) member-body(2) us(840) FROM CryptographicMessageSyntax2004 { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0)
cms-2004(24)} cms-2004(24)}
-- PKIX Certificate and CRL Profile, Section A.1 Explicity Tagged Module -- PKIX Certificate and CRL Profile, Section A.1 Explicity Tagged Module
-- 1988 Syntax [RFC 3280] -- 1988 Syntax [RFC 3280]
AlgorithmIdentifier, CertificateSerialNumber AlgorithmIdentifier, CertificateSerialNumber
FROM PKIX1Explicit88 FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6)
{ iso(1) identified-organization(3) dod(6) internet(1) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) pkix1-explicit(18) } security(5) mechanisms(5) pkix(7) id-mod(0)
; pkix1-explicit(18) }
-- PKIX Certificate and CRL Profile, Sec A.2 Implicitly Tagged Module, -- PKIX Certificate and CRL Profile, Sec A.2 Implicitly Tagged Module,
-- 1988 Syntax [RFC 3280] -- 1988 Syntax [RFC 3280]
PolicyInformation, CertificateSerialNumber, GeneralNames PolicyInformation, CertificateSerialNumber, GeneralNames
FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6)
internet(1) internet(1)
security(5) mechanisms(5) pkix(7)id-mod(0) security(5) mechanisms(5) pkix(7)id-mod(0)
id-pkix1-implicit(19)}; id-pkix1-implicit(19)};
-- Extended Security Services -- Extended Security Services
skipping to change at page 13, line 41 skipping to change at page 14, line 37
-- PKIX Certificate and CRL Profile, Sec A.2 Implicitly Tagged Module, -- PKIX Certificate and CRL Profile, Sec A.2 Implicitly Tagged Module,
-- 1988 Syntax [RFC 3280] -- 1988 Syntax [RFC 3280]
PolicyInformation, CertificateSerialNumber, GeneralNames PolicyInformation, CertificateSerialNumber, GeneralNames
FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6)
internet(1) internet(1)
security(5) mechanisms(5) pkix(7)id-mod(0) security(5) mechanisms(5) pkix(7)id-mod(0)
id-pkix1-implicit(19)}; id-pkix1-implicit(19)};
-- Extended Security Services -- Extended Security Services
-- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1 -- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
-- constructs in this module. A valid ASN.1 SEQUENCE can have zero or -- constructs in this module. A valid ASN.1 SEQUENCE can have zero or
-- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to -- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to
-- have at least one entry. MAX indicates the upper bound is unspecified. -- have at least one entry. MAX indicates the upper bound is unspecified.
-- Implementations are free to choose an upper bound that suits their -- Implementations are free to choose an upper bound that suits their
-- environment. -- environment.
-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
-- The contents are formatted as described in [UTF8]
-- The contents are formatted as described in [UTF8]
-- Section 2.7 -- Section 2.7
ReceiptRequest ::= SEQUENCE { ReceiptRequest ::= SEQUENCE {
signedContentIdentifier ContentIdentifier, signedContentIdentifier ContentIdentifier,
receiptsFrom ReceiptsFrom, receiptsFrom ReceiptsFrom,
receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames } receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames
}
ub-receiptsTo INTEGER ::= 16 ub-receiptsTo INTEGER ::= 16
id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1}
ContentIdentifier ::= OCTET STRING ContentIdentifier ::= OCTET STRING
id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7}
ReceiptsFrom ::= CHOICE { ReceiptsFrom ::= CHOICE {
allOrFirstTier [0] AllOrFirstTier, allOrFirstTier [0] AllOrFirstTier, -- formerly "allOrNone [0]AllOrNone"
-- formerly "allOrNone [0]AllOrNone" receiptList [1] SEQUENCE OF GeneralNames
receiptList [1] SEQUENCE OF GeneralNames } }
AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone
allReceipts (0), allReceipts (0),
firstTierRecipients (1) } firstTierRecipients (1)
}
-- Section 2.8 -- Section 2.8
Receipt ::= SEQUENCE { Receipt ::= SEQUENCE {
version ESSVersion, version ESSVersion,
contentType ContentType, contentType ContentType,
signedContentIdentifier ContentIdentifier, signedContentIdentifier ContentIdentifier,
originatorSignatureValue OCTET STRING } originatorSignatureValue OCTET STRING
}
id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1} rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1}
ESSVersion ::= INTEGER { v1(1) } ESSVersion ::= INTEGER { v1(1) }
-- Section 2.9 -- Section 2.9
ContentHints ::= SEQUENCE { ContentHints ::= SEQUENCE {
contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL, contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
contentType ContentType } contentType ContentType
}
id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4} rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4}
-- Section 2.10 -- Section 2.10
MsgSigDigest ::= OCTET STRING MsgSigDigest ::= OCTET STRING
id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5}
skipping to change at page 15, line 7 skipping to change at page 16, line 4
id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4} rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4}
-- Section 2.10 -- Section 2.10
MsgSigDigest ::= OCTET STRING MsgSigDigest ::= OCTET STRING
id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5}
-- Section 2.11 -- Section 2.11
ContentReference ::= SEQUENCE { ContentReference ::= SEQUENCE {
contentType ContentType, contentType ContentType,
signedContentIdentifier ContentIdentifier, signedContentIdentifier ContentIdentifier,
originatorSignatureValue OCTET STRING } originatorSignatureValue OCTET STRING
}
id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 } us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 }
-- Section 3.2 -- Section 3.2
ESSSecurityLabel ::= SET { ESSSecurityLabel ::= SET {
security-policy-identifier SecurityPolicyIdentifier, security-policy-identifier SecurityPolicyIdentifier,
security-classification SecurityClassification OPTIONAL, security-classification SecurityClassification OPTIONAL,
privacy-mark ESSPrivacyMark OPTIONAL, privacy-mark ESSPrivacyMark OPTIONAL,
security-categories SecurityCategories OPTIONAL } security-categories SecurityCategories OPTIONAL
}
id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2}
SecurityPolicyIdentifier ::= OBJECT IDENTIFIER SecurityPolicyIdentifier ::= OBJECT IDENTIFIER
SecurityClassification ::= INTEGER { SecurityClassification ::= INTEGER {
unmarked (0), unmarked (0),
unclassified (1), unclassified (1),
restricted (2), restricted (2),
confidential (3), confidential (3),
secret (4), secret (4),
top-secret (5) } (0..ub-integer-options) top-secret (5)
}(0..ub-integer-options)
ub-integer-options INTEGER ::= 256 ub-integer-options INTEGER ::= 256
ESSPrivacyMark ::= CHOICE { ESSPrivacyMark ::= CHOICE {
pString PrintableString (SIZE (1..ub-privacy-mark-length)), pString PrintableString (SIZE (1..ub-privacy-mark-length)),
utf8String UTF8String (SIZE (1..MAX)) utf8String UTF8String (SIZE (1..MAX))
} }
ub-privacy-mark-length INTEGER ::= 128 ub-privacy-mark-length INTEGER ::= 128
skipping to change at page 16, line 39 skipping to change at page 17, line 38
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9}
-- Section 4.4 -- Section 4.4
MLExpansionHistory ::= SEQUENCE MLExpansionHistory ::= SEQUENCE
SIZE (1..ub-ml-expansion-history) OF MLData SIZE (1..ub-ml-expansion-history) OF MLData
id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3}
ub-ml-expansion-history INTEGER ::= 64 ub-ml-expansion-history INTEGER ::= 64 MLData ::= SEQUENCE {
MLData ::= SEQUENCE {
mailListIdentifier EntityIdentifier, mailListIdentifier EntityIdentifier,
expansionTime GeneralizedTime, expansionTime GeneralizedTime,
mlReceiptPolicy MLReceiptPolicy OPTIONAL } mlReceiptPolicy MLReceiptPolicy OPTIONAL
}
EntityIdentifier ::= CHOICE { EntityIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber, issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier SubjectKeyIdentifier } subjectKeyIdentifier SubjectKeyIdentifier
}
MLReceiptPolicy ::= CHOICE { MLReceiptPolicy ::= CHOICE {
none [0] NULL, none [0] NULL,
insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames, insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,
inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames } inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames
}
-- Section 5.4 -- Section 5.4
SigningCertificate ::= SEQUENCE { SigningCertificate ::= SEQUENCE {
certs SEQUENCE OF ESSCertID, certs SEQUENCE OF ESSCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL policies SEQUENCE OF PolicyInformation OPTIONAL
} }
id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
skipping to change at page 17, line 43 skipping to change at page 18, line 43
DEFAULT {algorithm id-sha256 parameters NULL}, DEFAULT {algorithm id-sha256 parameters NULL},
certHash Hash, certHash Hash,
issuerSerial IssuerSerial OPTIONAL issuerSerial IssuerSerial OPTIONAL
} }
ESSCertID ::= SEQUENCE { ESSCertID ::= SEQUENCE {
certHash Hash, certHash Hash,
issuerSerial IssuerSerial OPTIONAL issuerSerial IssuerSerial OPTIONAL
} }
Hash ::= OCTET STRING Hash ::= OCTET STRING IssuerSerial ::= SEQUENCE {
IssuerSerial ::= SEQUENCE {
issuer GeneralNames, issuer GeneralNames,
serialNumber CertificateSerialNumber serialNumber CertificateSerialNumber
} }
END -- of ExtendedSecurityServices-2006 END
-- of ExtendedSecurityServices-2006
Author's Address Author's Address
Jim Schaad Jim Schaad
Soaring Hawk Consulting Soaring Hawk Consulting
PO Box 675 PO Box 675
Gold Bar, WA 98251 Gold Bar, WA 98251
Phone: (425) 785-1031
Email: jimsch@exmsft.com Email: jimsch@exmsft.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
 End of changes. 44 change blocks. 
69 lines changed or deleted 97 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/