draft-ietf-smime-rfc2630bis-05.txt   draft-ietf-smime-rfc2630bis-06.txt 
S/MIME Working Group R. Housley S/MIME Working Group R. Housley
Internet Draft RSA Laboratories Internet Draft RSA Laboratories
expires in six months September 2001 expires in six months December 2001
Cryptographic Message Syntax Cryptographic Message Syntax
<draft-ietf-smime-rfc2630bis-05.txt> <draft-ietf-smime-rfc2630bis-06.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
To view the entire list of current Internet-Drafts, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
Abstract Abstract
This document describes the Cryptographic Message Syntax (CMS). This This document describes the Cryptographic Message Syntax (CMS). This
syntax is used to digitally sign, digest, authenticate, or encrypt syntax is used to digitally sign, digest, authenticate, or encrypt
arbitrary messages. arbitrary messages.
The CMS is derived from PKCS #7 version 1.5 as specified in RFC 2315
[PKCS#7]. Wherever possible, backward compatibility is preserved;
however, changes were necessary to accommodate attribute certificate
transfer and key agreement techniques for key management.
Once approved, this draft will obsolete RFC 2630. The discussion of
specific cryptographic algorithms has been moved to a separate
document [CMSALG]. Separation of the protocol and algorithm
specifications allows the IETF to update each document independently.
No mandatory to implement algorithms are specified. Rather,
protocols that reply on the CMS are expected to choose appropriate
algorithms for their environment. The algorithms may be selected
from [CMSALG] or elsewhere.
This draft is being discussed on the "ietf-smime" mailing list. To This draft is being discussed on the "ietf-smime" mailing list. To
join the list, send a message to <ietf-smime-request@imc.org> with join the list, send a message to <ietf-smime-request@imc.org> with
the single word "subscribe" in the body of the message. Also, there the single word "subscribe" in the body of the message. Also, there
is a Web site for the mailing list at <http://www.imc.org/ietf- is a Web site for the mailing list at <http://www.imc.org/ietf-
smime/>. smime/>.
Table of Contents Table of Contents
Status of this Memo ................................................ 1 Status of this Memo ................................................ 1
Abstract ........................................................... 1 Abstract ........................................................... 1
Table of Contents .................................................. 3 Table of Contents .................................................. 2
1 Introduction ................................................... 5 1 Introduction ................................................... 4
2 General Overview ............................................... 5 2 General Overview ............................................... 5
3 General Syntax ................................................. 6 3 General Syntax ................................................. 6
4 Data Content Type .............................................. 6 4 Data Content Type .............................................. 6
5 Signed-data Content Type ....................................... 7 5 Signed-data Content Type ....................................... 7
5.1 SignedData Type ........................................... 8 5.1 SignedData Type ........................................... 8
5.2 EncapsulatedContentInfo Type .............................. 10 5.2 EncapsulatedContentInfo Type .............................. 9
5.2.1 Compatibility with PKCS #7 ......................... 10 5.2.1 Compatibility with PKCS #7 ......................... 10
5.3 SignerInfo Type ........................................... 12 5.3 SignerInfo Type ........................................... 11
5.4 Message Digest Calculation Process ........................ 14 5.4 Message Digest Calculation Process ........................ 13
5.5 Message Signature Generation Process ...................... 15 5.5 Message Signature Generation Process ...................... 14
5.6 Message Signature Verification Process .................... 15 5.6 Message Signature Verification Process .................... 15
6 Enveloped-data Content Type .................................... 15 6 Enveloped-data Content Type .................................... 15
6.1 EnvelopedData Type ........................................ 17 6.1 EnvelopedData Type ........................................ 16
6.2 RecipientInfo Type ........................................ 19 6.2 RecipientInfo Type ........................................ 19
6.2.1 KeyTransRecipientInfo Type ......................... 19 6.2.1 KeyTransRecipientInfo Type ......................... 19
6.2.2 KeyAgreeRecipientInfo Type ......................... 20 6.2.2 KeyAgreeRecipientInfo Type ......................... 20
6.2.3 KEKRecipientInfo Type .............................. 21 6.2.3 KEKRecipientInfo Type .............................. 23
6.2.4 PasswordRecipientInfo Type ......................... 24 6.2.4 PasswordRecipientInfo Type ......................... 24
6.2.5 OtherRecipientInfo Type ............................ 24 6.2.5 OtherRecipientInfo Type ............................ 24
6.3 Content-encryption Process ................................ 25 6.3 Content-encryption Process ................................ 25
6.4 Key-encryption Process .................................... 25 6.4 Key-encryption Process .................................... 25
7 Digested-data Content Type ..................................... 26 7 Digested-data Content Type ..................................... 25
8 Encrypted-data Content Type .................................... 25 8 Encrypted-data Content Type .................................... 27
9 Authenticated-data Content Type ................................ 28 9 Authenticated-data Content Type ................................ 27
9.1 AuthenticatedData Type .................................... 28 9.1 AuthenticatedData Type .................................... 28
9.2 MAC Generation ............................................ 30 9.2 MAC Generation ............................................ 30
9.3 MAC Verification .......................................... 31 9.3 MAC Verification .......................................... 31
10 Useful Types ................................................... 32 10 Useful Types ................................................... 32
10.1 Algorithm Identifier Types ............................... 32 10.1 Algorithm Identifier Types ............................... 32
10.1.1 DigestAlgorithmIdentifier ........................ 32 10.1.1 DigestAlgorithmIdentifier ........................ 32
10.1.2 SignatureAlgorithmIdentifier ..................... 32 10.1.2 SignatureAlgorithmIdentifier ..................... 32
10.1.3 KeyEncryptionAlgorithmIdentifier ................. 32 10.1.3 KeyEncryptionAlgorithmIdentifier ................. 32
10.1.4 ContentEncryptionAlgorithmIdentifier ............. 33 10.1.4 ContentEncryptionAlgorithmIdentifier ............. 33
10.1.5 MessageAuthenticationCodeAlgorithm ............... 33 10.1.5 MessageAuthenticationCodeAlgorithm ............... 33
10.1.6 KeyDerivationAlgorithmIdentifier ................. 33 10.1.6 KeyDerivationAlgorithmIdentifier ................. 33
10.2 Other Useful Types ....................................... 33 10.2 Other Useful Types ....................................... 33
10.2.1 CertificateRevocationLists ....................... 34 10.2.1 CertificateRevocationLists ....................... 33
10.2.2 CertificateChoices ............................... 34 10.2.2 CertificateChoices ............................... 34
10.2.3 CertificateSet ................................... 35 10.2.3 CertificateSet ................................... 34
10.2.4 IssuerAndSerialNumber ............................ 35 10.2.4 IssuerAndSerialNumber ............................ 35
10.2.5 CMSVersion ....................................... 35 10.2.5 CMSVersion ....................................... 35
10.2.6 UserKeyingMaterial ............................... 35 10.2.6 UserKeyingMaterial ............................... 35
10.2.7 OtherKeyAttribute ................................ 36 10.2.7 OtherKeyAttribute ................................ 35
11 Useful Attributes .............................................. 36 11 Useful Attributes .............................................. 36
11.1 Content Type ............................................. 36 11.1 Content Type ............................................. 36
11.2 Message Digest ........................................... 37 11.2 Message Digest ........................................... 37
11.3 Signing Time ............................................. 38 11.3 Signing Time ............................................. 38
11.4 Countersignature ......................................... 39 11.4 Countersignature ......................................... 39
Appendix A: CMS ASN.1 Module ...................................... 41 12 ASN.1 Modules .................................................. 40
Appendix B: Version 1 Attribute Certificate ASN.1 Module .......... 47 12.1 CMS ASN.1 Module ......................................... 41
References ......................................................... 48 12.2 Version 1 Attribute Certificate ASN.1 Module ............. 46
Security Considerations ............................................ 49 13 References ..................................................... 48
Acknowledgments .................................................... 51 14 Security Considerations ........................................ 49
Author Address ..................................................... 51 15 Acknowledgments ................................................ 51
Full Copyright Statement ........................................... 52 16 Author Address ................................................. 51
17 Full Copyright Statement ....................................... 52
1 Introduction 1 Introduction
This document describes the Cryptographic Message Syntax (CMS). This This document describes the Cryptographic Message Syntax (CMS). This
syntax is used to digitally sign, digest, authenticate, or encrypt syntax is used to digitally sign, digest, authenticate, or encrypt
arbitrary messages. arbitrary messages.
The CMS describes an encapsulation syntax for data protection. It The CMS describes an encapsulation syntax for data protection. It
supports digital signatures and encryption. The syntax allows supports digital signatures and encryption. The syntax allows
multiple encapsulations; one encapsulation envelope can be nested multiple encapsulations; one encapsulation envelope can be nested
skipping to change at page 5, line 32 skipping to change at page 4, line 32
[PROFILE]. [PROFILE].
The CMS values are generated using ASN.1 [X.208-88], using BER- The CMS values are generated using ASN.1 [X.208-88], using BER-
encoding [X.209-88]. Values are typically represented as octet encoding [X.209-88]. Values are typically represented as octet
strings. While many systems are capable of transmitting arbitrary strings. While many systems are capable of transmitting arbitrary
octet strings reliably, it is well known that many electronic mail octet strings reliably, it is well known that many electronic mail
systems are not. This document does not address mechanisms for systems are not. This document does not address mechanisms for
encoding octet strings for reliable transmission in such encoding octet strings for reliable transmission in such
environments. environments.
The CMS is derived from PKCS #7 version 1.5 as specified in RFC 2315
[PKCS#7]. Wherever possible, backward compatibility is preserved;
however, changes were necessary to accommodate version 1 attribute
certificate transfer, key agreement and symmetric key-encryption key
techniques for key management.
This document obsoletes RFC 2630 [OLDCMS] and RFC 3211 [PWRI].
Password-based key management is included in the CMS specification,
and an extension mechanism to support new key management schemes
without further changes to the CMS is specified. Backward
compatibility with RFC 2630 and RFC 3211 is preserved; however,
version 2 attribute certificate transfer is added. The use of
version 1 attribute certificates is deprecated.
S/MIME v2 signatures [OLDMSG], which are based on PKCS#7 version 1.5,
are compatible with S/MIME v3 signatures [MSG], which are based on
RFC 2630. However, there are some subtle compatibility issues with
signatures using PKCS#7 version 1.5 and the CMS. These issues are
discussed in section 5.2.1.
Specific cryptographic algorithms are not discussed in this document.
The discussion of specific cryptographic algorithms has been moved to
a separate document [CMSALG]. Separation of the protocol and
algorithm specifications allows the IETF to update each document
independently. No mandatory to implement algorithms are specified.
Rather, protocols that reply on the CMS are expected to choose
appropriate algorithms for their environment. The algorithms may be
selected from [CMSALG] or elsewhere.
In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD, In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL are to be interpreted as SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL are to be interpreted as
described by Scott Bradner in [STDWORDS]. described by Scott Bradner in [STDWORDS].
2 General Overview 2 General Overview
The CMS is general enough to support many different content types. The CMS is general enough to support many different content types.
This document defines one protection content, ContentInfo. This document defines one protection content, ContentInfo.
ContentInfo encapsulates a single identified content type, and the ContentInfo encapsulates a single identified content type, and the
identified type may provide further encapsulation. This document identified type may provide further encapsulation. This document
skipping to change at page 13, line 20 skipping to change at page 13, line 8
together with the signed attributes using the process described in together with the signed attributes using the process described in
section 5.4. The message digest algorithm SHOULD be among those section 5.4. The message digest algorithm SHOULD be among those
listed in the digestAlgorithms field of the associated SignerData. listed in the digestAlgorithms field of the associated SignerData.
Implementations MAY fail to validate signatures that use a digest Implementations MAY fail to validate signatures that use a digest
algorithm that is not included in the SignedData digestAlgorithms algorithm that is not included in the SignedData digestAlgorithms
set. set.
signedAttrs is a collection of attributes that are signed. The signedAttrs is a collection of attributes that are signed. The
field is optional, but it MUST be present if the content type of field is optional, but it MUST be present if the content type of
the EncapsulatedContentInfo value being signed is not id-data. the EncapsulatedContentInfo value being signed is not id-data.
Each SignedAttribute in the SET MUST be DER encoded. Useful SignedAttributes MUST be DER encoded, even if the rest of the
attribute types, such as signing time, are defined in Section 11. structure is BER encoded. Useful attribute types, such as signing
If the field is present, it MUST contain, at a minimum, the time, are defined in Section 11. If the field is present, it MUST
following two attributes: contain, at a minimum, the following two attributes:
A content-type attribute having as its value the content type A content-type attribute having as its value the content type
of the EncapsulatedContentInfo value being signed. Section of the EncapsulatedContentInfo value being signed. Section
11.1 defines the content-type attribute. However, the content- 11.1 defines the content-type attribute. However, the content-
type attribute MUST NOT be used as part of a countersignature type attribute MUST NOT be used as part of a countersignature
unsigned attribute as defined in section 11.4. unsigned attribute as defined in section 11.4.
A message-digest attribute, having as its value the message A message-digest attribute, having as its value the message
digest of the content. Section 11.2 defines the message-digest digest of the content. Section 11.2 defines the message-digest
attribute. attribute.
skipping to change at page 30, line 9 skipping to change at page 29, line 50
the recipient. If the digestAlgorithm field is present, then the the recipient. If the digestAlgorithm field is present, then the
authAttrs field MUST also be present. authAttrs field MUST also be present.
encapContentInfo is the content that is authenticated, as defined encapContentInfo is the content that is authenticated, as defined
in section 5.2. in section 5.2.
authAttrs is a collection of authenticated attributes. The authAttrs is a collection of authenticated attributes. The
authAttrs structure is optional, but it MUST be present if the authAttrs structure is optional, but it MUST be present if the
content type of the EncapsulatedContentInfo value being content type of the EncapsulatedContentInfo value being
authenticated is not id-data. If the authAttrs field is present, authenticated is not id-data. If the authAttrs field is present,
then the digestAlgorithm field MUST also be present. Each then the digestAlgorithm field MUST also be present. The
attribute in the SET MUST be DER encoded. Useful attribute types AuthAttributes structure MUST be DER encoded, even if the rest of
are defined in Section 11. If the authAttrs field is present, it the structure is BER encoded. Useful attribute types are defined
MUST contain, at a minimum, the following two attributes: in Section 11. If the authAttrs field is present, it MUST
contain, at a minimum, the following two attributes:
A content-type attribute having as its value the content type A content-type attribute having as its value the content type
of the EncapsulatedContentInfo value being authenticated. of the EncapsulatedContentInfo value being authenticated.
Section 11.1 defines the content-type attribute. Section 11.1 defines the content-type attribute.
A message-digest attribute, having as its value the message A message-digest attribute, having as its value the message
digest of the content. Section 11.2 defines the message-digest digest of the content. Section 11.2 defines the message-digest
attribute. attribute.
mac is the message authentication code. mac is the message authentication code.
skipping to change at page 32, line 15 skipping to change at page 32, line 14
10 Useful Types 10 Useful Types
This section is divided into two parts. The first part defines This section is divided into two parts. The first part defines
algorithm identifiers, and the second part defines other useful algorithm identifiers, and the second part defines other useful
types. types.
10.1 Algorithm Identifier Types 10.1 Algorithm Identifier Types
All of the algorithm identifiers have the same type: All of the algorithm identifiers have the same type:
AlgorithmIdentifier. The definition of AlgorithmIdentifier is AlgorithmIdentifier. The definition of AlgorithmIdentifier is taken
imported from X.509 [X.509-88]. from X.509 [X.509-88].
There are many alternatives for each algorithm type. There are many alternatives for each algorithm type.
10.1.1 DigestAlgorithmIdentifier 10.1.1 DigestAlgorithmIdentifier
The DigestAlgorithmIdentifier type identifies a message-digest The DigestAlgorithmIdentifier type identifies a message-digest
algorithm. Examples include SHA-1, MD2, and MD5. A message-digest algorithm. Examples include SHA-1, MD2, and MD5. A message-digest
algorithm maps an octet string (the message) to another octet string algorithm maps an octet string (the message) to another octet string
(the message digest). (the message digest).
skipping to change at page 34, line 21 skipping to change at page 34, line 15
However, there may be more CRLs than necessary or there MAY be fewer However, there may be more CRLs than necessary or there MAY be fewer
CRLs than necessary. CRLs than necessary.
The CertificateList may contain a CRL, an Authority Revocation List The CertificateList may contain a CRL, an Authority Revocation List
(ARL), a Delta CRL, or an Attribute Certificate Revocation List. All (ARL), a Delta CRL, or an Attribute Certificate Revocation List. All
of these lists share a common syntax. of these lists share a common syntax.
CRLs are specified in X.509 [X.509-97], and they are profiled for use CRLs are specified in X.509 [X.509-97], and they are profiled for use
in the Internet in RFC <TBD> [PROFILE]. in the Internet in RFC <TBD> [PROFILE].
The definition of CertificateList is imported from X.509. The definition of CertificateList is taken from X.509.
CertificateRevocationLists ::= SET OF CertificateList CertificateRevocationLists ::= SET OF CertificateList
10.2.2 CertificateChoices 10.2.2 CertificateChoices
The CertificateChoices type gives either a PKCS #6 extended The CertificateChoices type gives either a PKCS #6 extended
certificate [PKCS#6], an X.509 certificate, a version 1 X.509 certificate [PKCS#6], an X.509 certificate, a version 1 X.509
attribute certificate (ACv1) [X.509-97], or a version 2 X.509 attribute certificate (ACv1) [X.509-97], or a version 2 X.509
attribute certificate (ACv2) [X.509-00]. The PKCS #6 extended attribute certificate (ACv2) [X.509-00]. The PKCS #6 extended
certificate is obsolete. The PKCS #6 certificate is included for certificate is obsolete. The PKCS #6 certificate is included for
backward compatibility, and PKCS #6 certificates SHOULD NOT be used. backward compatibility, and PKCS #6 certificates SHOULD NOT be used.
The ACv1 is also obsolete. ACv1 is included for backward The ACv1 is also obsolete. ACv1 is included for backward
compatibility, and ACv1 SHOULD NOT be used. The Internet profile of compatibility, and ACv1 SHOULD NOT be used. The Internet profile of
X.509 certificates is specified in the "Internet X.509 Public Key X.509 certificates is specified in the "Internet X.509 Public Key
Infrastructure: Certificate and CRL Profile" [PROFILE]. The Internet Infrastructure: Certificate and CRL Profile" [PROFILE]. The Internet
profile of ACv2 is specified in the "An Internet Attribute profile of ACv2 is specified in the "An Internet Attribute
Certificate Profile for Authorization" [ACPROFILE]. Certificate Profile for Authorization" [ACPROFILE].
The definition of Certificate is imported from X.509. The definition of Certificate is taken from X.509.
The definitions of AttributeCertificate are imported from X.509-1997 The definitions of AttributeCertificate are taken from X.509-1997 and
and X.509-2000. The definition from X.509-1997 is assigned to X.509-2000. The definition from X.509-1997 is assigned to
AttributeCertificateV1 (see Appendix B), and the definition from AttributeCertificateV1 (see section 12.2), and the definition from
X.509-2000 is assigned to AttributeCertificateV2. X.509-2000 is assigned to AttributeCertificateV2.
CertificateChoices ::= CHOICE { CertificateChoices ::= CHOICE {
certificate Certificate, -- See X.509 certificate Certificate,
extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete
v2AttrCert [2] IMPLICIT AttributeCertificateV2 } -- See X.509 v2AttrCert [2] IMPLICIT AttributeCertificateV2 }
10.2.3 CertificateSet 10.2.3 CertificateSet
The CertificateSet type provides a set of certificates. It is The CertificateSet type provides a set of certificates. It is
intended that the set be sufficient to contain chains from a intended that the set be sufficient to contain chains from a
recognized "root" or "top-level certification authority" to all of recognized "root" or "top-level certification authority" to all of
the sender certificates with which the set is associated. However, the sender certificates with which the set is associated. However,
there may be more certificates than necessary, or there MAY be fewer there may be more certificates than necessary, or there MAY be fewer
than necessary. than necessary.
skipping to change at page 35, line 27 skipping to change at page 35, line 21
subjects and issuers of certificates within a chain. subjects and issuers of certificates within a chain.
CertificateSet ::= SET OF CertificateChoices CertificateSet ::= SET OF CertificateChoices
10.2.4 IssuerAndSerialNumber 10.2.4 IssuerAndSerialNumber
The IssuerAndSerialNumber type identifies a certificate, and thereby The IssuerAndSerialNumber type identifies a certificate, and thereby
an entity and a public key, by the distinguished name of the an entity and a public key, by the distinguished name of the
certificate issuer and an issuer-specific certificate serial number. certificate issuer and an issuer-specific certificate serial number.
The definition of Name is imported from X.501 [X.501-88], and the The definition of Name is taken from X.501 [X.501-88], and the
definition of CertificateSerialNumber is imported from X.509 definition of CertificateSerialNumber is taken from X.509 [X.509-97].
[X.509-97].
IssuerAndSerialNumber ::= SEQUENCE { IssuerAndSerialNumber ::= SEQUENCE {
issuer Name, issuer Name,
serialNumber CertificateSerialNumber } serialNumber CertificateSerialNumber }
CertificateSerialNumber ::= INTEGER CertificateSerialNumber ::= INTEGER
10.2.5 CMSVersion 10.2.5 CMSVersion
The CMSVersion type gives a syntax version number, for compatibility The CMSVersion type gives a syntax version number, for compatibility
skipping to change at page 41, line 5 skipping to change at page 40, line 18
or more instances of AttributeValue present. or more instances of AttributeValue present.
The UnsignedAttributes syntax is defined as a SET OF Attributes. The The UnsignedAttributes syntax is defined as a SET OF Attributes. The
UnsignedAttributes in a signerInfo may include multiple instances of UnsignedAttributes in a signerInfo may include multiple instances of
the countersignature attribute. the countersignature attribute.
A countersignature, since it has type SignerInfo, can itself contain A countersignature, since it has type SignerInfo, can itself contain
a countersignature attribute. Thus, it is possible to construct a countersignature attribute. Thus, it is possible to construct
arbitrarily long series of countersignatures. arbitrarily long series of countersignatures.
Appendix A: CMS ASN.1 Module 12 ASN.1 Modules
Section 12.1 contains the ASN.1 module for the CMS, and section 12.2
contains the ASN.1 module for the Version 1 Attribute Certificate.
12.1 CMS ASN.1 Module
CryptographicMessageSyntax CryptographicMessageSyntax
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2001(14) } pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2001(14) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
-- EXPORTS All -- EXPORTS All
-- The types and values defined in this module are exported for use in -- The types and values defined in this module are exported for use in
-- the other ASN.1 modules. Other applications may use them for their -- the other ASN.1 modules. Other applications may use them for their
-- own purposes. -- own purposes.
IMPORTS IMPORTS
-- Directory Information Framework (X.501) -- Imports from RFC <TBD> [PROFILE], Appendix A.1
Name
FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
informationFramework(1) 3 }
-- Directory Authentication Framework (X.509-2000)
AlgorithmIdentifier, Certificate, CertificateList, AlgorithmIdentifier, Certificate, CertificateList,
CertificateSerialNumber CertificateSerialNumber, Name
FROM AuthenticationFramework { joint-iso-itu-t ds(5) FROM PKIX1Explicit88 { iso(1)
module(1) authenticationFramework(7) 4 } identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0)
-- Attribute Certificate Definitions (X.509-2000) pkix1-explicit(18) }
-- Imports from RFC <TBD> [ACPROFILE], Appendix B
AttributeCertificate AttributeCertificate
FROM AttributeCertificateDefinitions { joint-iso-itu-t FROM PKIXAttributeCertificate { iso(1)
ds(5) module(1) attributeCertificateDefinitions(32) 4 } identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0)
attribute-cert(12) }
-- Indirectly from Directory Authentication Framework (X.509-1997) -- Imports from Appendix B of this document
AttributeCertificateV1 AttributeCertificateV1
FROM AttributeCertificateVersion1 { iso(1) member-body(2) FROM AttributeCertificateVersion1 { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
modules(0) v1AttrCert(15) } ; modules(0) v1AttrCert(15) } ;
-- Cryptographic Message Syntax -- Cryptographic Message Syntax
ContentInfo ::= SEQUENCE { ContentInfo ::= SEQUENCE {
contentType ContentType, contentType ContentType,
content [0] EXPLICIT ANY DEFINED BY contentType } content [0] EXPLICIT ANY DEFINED BY contentType }
skipping to change at page 45, line 43 skipping to change at page 45, line 17
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
CertificateRevocationLists ::= SET OF CertificateList CertificateRevocationLists ::= SET OF CertificateList
CertificateChoices ::= CHOICE { CertificateChoices ::= CHOICE {
certificate Certificate, -- See X.509 certificate Certificate,
extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete
v2AttrCert [2] IMPLICIT AttributeCertificateV2 } -- See X.509 v2AttrCert [2] IMPLICIT AttributeCertificateV2 }
AttributeCertificateV2 ::= AttributeCertificate -- See X.509-2000 AttributeCertificateV2 ::= AttributeCertificate
CertificateSet ::= SET OF CertificateChoices CertificateSet ::= SET OF CertificateChoices
IssuerAndSerialNumber ::= SEQUENCE { IssuerAndSerialNumber ::= SEQUENCE {
issuer Name, issuer Name,
serialNumber CertificateSerialNumber } serialNumber CertificateSerialNumber }
CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
UserKeyingMaterial ::= OCTET STRING UserKeyingMaterial ::= OCTET STRING
OtherKeyAttribute ::= SEQUENCE { OtherKeyAttribute ::= SEQUENCE {
keyAttrId OBJECT IDENTIFIER, keyAttrId OBJECT IDENTIFIER,
skipping to change at page 47, line 18 skipping to change at page 46, line 38
ExtendedCertificateInfo ::= SEQUENCE { ExtendedCertificateInfo ::= SEQUENCE {
version CMSVersion, version CMSVersion,
certificate Certificate, certificate Certificate,
attributes UnauthAttributes } attributes UnauthAttributes }
Signature ::= BIT STRING Signature ::= BIT STRING
END -- of CryptographicMessageSyntax END -- of CryptographicMessageSyntax
Appendix B: Version 1 Attribute Certificate ASN.1 Module 12.2 Version 1 Attribute Certificate ASN.1 Module
AttributeCertificateVersion1 AttributeCertificateVersion1
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) v1AttrCert(15) } pkcs(1) pkcs-9(9) smime(16) modules(0) v1AttrCert(15) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
-- EXPORTS All -- EXPORTS All
-- Only one type is defined, and it is exported.
IMPORTS IMPORTS
-- Directory Authentication Framework (X.509-1997) -- Imports from RFC <TBD> [PROFILE], Appendix A.1
AttributeCertificate AlgorithmIdentifier, Attribute, CertificateSerialNumber,
FROM AuthenticationFramework { joint-iso-itu-t ds(5) Extensions, UniqueIdentifier
module(1) authenticationFramework(7) 3 } ; FROM PKIX1Explicit88 { iso(1)
identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0)
pkix1-explicit(18) }
-- Version 1 Attribute Certificate -- Imports from RFC <TBD> [PROFILE], Appendix A.2
GeneralNames
FROM PKIX1Implicit88 { iso(1)
identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0)
pkix1-implicit(19) }
AttributeCertificateV1 ::= AttributeCertificate -- Imports from RFC <TBD> [ACPROFILE], Appendix B
AttCertValidityPeriod, IssuerSerial
FROM PKIXAttributeCertificate { iso(1)
identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0)
attribute-cert(12) } ;
-- Definition extracted from X.509-1997 [X.509-97], but
-- different type names are used to avoid collisions.
AttributeCertificateV1 ::= SEQUENCE {
acInfo AttributeCertificateInfoV1,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING }
AttributeCertificateInfoV1 ::= SEQUENCE {
version AttCertVersionV1 DEFAULT v1,
subject CHOICE {
baseCertificateID [0] IssuerSerial,
-- associated with a Public Key Certificate
subjectName [1] GeneralNames },
-- associated with a name
issuer GeneralNames,
signature AlgorithmIdentifier,
serialNumber CertificateSerialNumber,
attCertValidityPeriod AttCertValidityPeriod,
attributes SEQUENCE OF Attribute,
issuerUniqueID UniqueIdentifier OPTIONAL,
extensions Extensions OPTIONAL }
AttCertVersionV1 ::= INTEGER { v1(0) }
END -- of AttributeCertificateVersion1 END -- of AttributeCertificateVersion1
References 13 References
ACPROFILE Farrell, S., and R. Housley. An Internet Attribute ACPROFILE Farrell, S., and R. Housley. An Internet Attribute
Certificate Profile for Authorization. RFC <TBD>. <Date>. Certificate Profile for Authorization. RFC <TBD>. <Date>.
{draft-ietf-pkix-ac509prof-*.txt} {draft-ietf-pkix-ac509prof-*.txt}
CMSALG Housley, R. Cryptographic Message Syntax (CMS) Algorithms. CMSALG Housley, R. Cryptographic Message Syntax (CMS) Algorithms.
RFC <TBD>. <Date>. {draft-ietf-smime-cmsalg-*.txt} RFC <TBD>. <Date>. {draft-ietf-smime-cmsalg-*.txt}
DSS National Institute of Standards and Technology. DSS National Institute of Standards and Technology.
FIPS Pub 186: Digital Signature Standard. 19 May 1994. FIPS Pub 186: Digital Signature Standard. 19 May 1994.
ESS Hoffman, P. Enhanced Security Services for S/MIME. ESS Hoffman, P. Enhanced Security Services for S/MIME.
RFC 2634. June 1999. RFC 2634. June 1999.
MSG Ramsdell, B. S/MIME Version 3 Message Specification. MSG Ramsdell, B. S/MIME Version 3 Message Specification.
RFC 2633. June 1999. RFC 2633. June 1999.
OLDCMS Housley, R., "Cryptographic Message Syntax", RFC 2630, OLDCMS Housley, R., Cryptographic Message Syntax, RFC 2630,
June 1999. June 1999.
OLDMSG Dusse, S., P. Hoffman, B. Ramsdell, L. Lundblade, and OLDMSG Dusse, S., P. Hoffman, B. Ramsdell, L. Lundblade, and
L. Repka. S/MIME Version 2 Message Specification. L. Repka. S/MIME Version 2 Message Specification.
RFC 2311. March 1998. RFC 2311. March 1998.
PROFILE Housley, R., W. Ford, W. Polk, and D. Solo. Internet PROFILE Housley, R., W. Ford, W. Polk, and D. Solo. Internet
X.509 Public Key Infrastructure: Certificate and CRL X.509 Public Key Infrastructure: Certificate and CRL
Profile. RFC <TBD>. <Date>. Profile. RFC <TBD>. <Date>.
[draft-ietf-pkix-new-part1-*.txt] [draft-ietf-pkix-new-part1-*.txt]
skipping to change at page 48, line 45 skipping to change at page 48, line 48
PKCS#6 RSA Laboratories. PKCS #6: Extended-Certificate Syntax PKCS#6 RSA Laboratories. PKCS #6: Extended-Certificate Syntax
Standard, Version 1.5. November 1993. Standard, Version 1.5. November 1993.
PKCS#7 Kaliski, B. PKCS #7: Cryptographic Message Syntax, PKCS#7 Kaliski, B. PKCS #7: Cryptographic Message Syntax,
Version 1.5. RFC 2315. March 1998. Version 1.5. RFC 2315. March 1998.
PKCS#9 RSA Laboratories. PKCS #9: Selected Attribute Types, PKCS#9 RSA Laboratories. PKCS #9: Selected Attribute Types,
Version 1.1. November 1993. Version 1.1. November 1993.
PWRI Gutmann, P. Password-based Encryption for S/MIME. PWRI Gutmann, P. Password-based Encryption for S/MIME.
RFC <TBD>. <DATE>. [draft-ietf-smime-password-*.txt] RFC 3211. December 2001.
RANDOM Eastlake, D., S. Crocker, and J. Schiller. Randomness RANDOM Eastlake, D., S. Crocker, and J. Schiller. Randomness
Recommendations for Security. RFC 1750. December 1994. Recommendations for Security. RFC 1750. December 1994.
STDWORDS Bradner, S. Key Words for Use in RFCs to Indicate STDWORDS Bradner, S. Key Words for Use in RFCs to Indicate
Requirement Levels. RFC2119. March 1997. Requirement Levels. RFC2119. March 1997.
X.208-88 CCITT. Recommendation X.208: Specification of Abstract X.208-88 CCITT. Recommendation X.208: Specification of Abstract
Syntax Notation One (ASN.1). 1988. Syntax Notation One (ASN.1). 1988.
skipping to change at page 49, line 22 skipping to change at page 49, line 28
X.509-88 CCITT. Recommendation X.509: The Directory - Authentication X.509-88 CCITT. Recommendation X.509: The Directory - Authentication
Framework. 1988. Framework. 1988.
X.509-97 ITU-T. Recommendation X.509: The Directory - Authentication X.509-97 ITU-T. Recommendation X.509: The Directory - Authentication
Framework. 1997. Framework. 1997.
X.509-00 ITU-T. Recommendation X.509: The Directory - Authentication X.509-00 ITU-T. Recommendation X.509: The Directory - Authentication
Framework. 2000. Framework. 2000.
Security Considerations 14 Security Considerations
The Cryptographic Message Syntax provides a method for digitally The Cryptographic Message Syntax provides a method for digitally
signing data, digesting data, encrypting data, and authenticating signing data, digesting data, encrypting data, and authenticating
data. data.
Implementations must protect the signer's private key. Compromise of Implementations must protect the signer's private key. Compromise of
the signer's private key permits masquerade. the signer's private key permits masquerade.
Implementations must protect the key management private key, the key- Implementations must protect the key management private key, the key-
encryption key, and the content-encryption key. Compromise of the encryption key, and the content-encryption key. Compromise of the
skipping to change at page 51, line 7 skipping to change at page 51, line 14
countersigning process need not know the original signed content. countersigning process need not know the original signed content.
This structure permits implementation efficiency advantages; however, This structure permits implementation efficiency advantages; however,
this structure may also permit the countersigning of an inappropriate this structure may also permit the countersigning of an inappropriate
signature value. Therefore, implementations that perform signature value. Therefore, implementations that perform
countersignatures should either verify the original signature value countersignatures should either verify the original signature value
prior to countersigning it (this verification requires processing of prior to countersigning it (this verification requires processing of
the original content), or implementations should perform the original content), or implementations should perform
countersigning in a context that ensures that only appropriate countersigning in a context that ensures that only appropriate
signature values are countersigned. signature values are countersigned.
Acknowledgments 15 Acknowledgments
This document is the result of contributions from many professionals. This document is the result of contributions from many professionals.
I appreciate the hard work of all members of the IETF S/MIME Working I appreciate the hard work of all members of the IETF S/MIME Working
Group. I extend a special thanks to Rich Ankney, Simon Blake-Wilson, Group. I extend a special thanks to Rich Ankney, Simon Blake-Wilson,
Tim Dean, Steve Dusse, Carl Ellison, Peter Gutmann, Bob Jueneman, Tim Dean, Steve Dusse, Carl Ellison, Peter Gutmann, Bob Jueneman,
Stephen Henson, Paul Hoffman, Scott Hollenbeck, Don Johnson, Burt Stephen Henson, Paul Hoffman, Scott Hollenbeck, Don Johnson, Burt
Kaliski, John Linn, John Pawling, Blake Ramsdell, Francois Rousseau, Kaliski, John Linn, John Pawling, Blake Ramsdell, Francois Rousseau,
Jim Schaad, and Dave Solo for their efforts and support. Jim Schaad, and Dave Solo for their efforts and support.
Author Address 16 Author Address
Russell Housley Russell Housley
RSA Laboratories RSA Laboratories
918 Spring Knoll Drive 918 Spring Knoll Drive
Herndon, VA 20170 Herndon, VA 20170
USA USA
rhousley@rsasecurity.com rhousley@rsasecurity.com
Full Copyright Statement 17 Full Copyright Statement
Copyright (C) The Internet Society (date). All Rights Reserved. Copyright (C) The Internet Society (date). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. In addition, the included on all such copies and derivative works. In addition, the
ASN.1 module presented in Appendix A may be used in whole or in part ASN.1 module presented in Appendix A may be used in whole or in part
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/