draft-ietf-smime-x400transport-01.txt   draft-ietf-smime-x400transport-02.txt 
Internet Draft Paul Hoffman, IMC Internet Draft Paul Hoffman, IMC
draft-ietf-smime-x400transport-01.txt Chris Bonatti, IECA draft-ietf-smime-x400transport-02.txt Chris Bonatti, IECA
November 22, 2000 May 2, 2000
Expires May 22, 2001 Expires in six months
Transporting S/MIME Objects in X.400 Transporting S/MIME Objects in X.400
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
skipping to change at line 172 skipping to change at line 172
2.4 Transfer Encoding 2.4 Transfer Encoding
According to various S/MIME specifications for message wrapping, CMS According to various S/MIME specifications for message wrapping, CMS
objects MAY optionally be wrapped in MIME to dynamically support 7-bit objects MAY optionally be wrapped in MIME to dynamically support 7-bit
transport. This outer wrapping is not required for X.400 transport, and transport. This outer wrapping is not required for X.400 transport, and
generally SHOULD NOT be applied in a homogeneous X.400 environment. generally SHOULD NOT be applied in a homogeneous X.400 environment.
Heterogeneous mail systems or other factors MAY require the presence of Heterogeneous mail systems or other factors MAY require the presence of
this outer MIME wrapper this outer MIME wrapper
2.5 Encoded Information Type Indication
In [MSG], the application/pkcs7-mime content type and optional
"smime-type" parameter are used to convey details about the security
applied (signed or enveloped) along with information about the contained
content. This may aid receiving S/MIME implementations in correctly
processing the secured content. Additional values of smime-type are
defined in [ESS] and [X400WRAP]. In an X.400 transport environment, MIME
typing is not available. Therefore the equivalent semantic is conveyed
using the Encoded Information Types (EITs). The EITs are conveyed in
the original-encoded-information-types field of the X.400 message
envelope. This memo defines the following smime-types.
smime-type EIT Value (OID)
CMS protection type Inner Content
enveloped-data id-eit-envelopedData
EnvelopedData Data
signed-data id-eit-signedData
SignedData Data
cert-management id-eit-certManagement
SignedData empty (zero-length content)
signed-receipt id-eit-signedReceipt
SignedData Receipt
enveloped-x400 id-eit-envelopedx400
EnvelopedData X.400 content
signed-x400 id-eit-signedx400
SignedData X.400 content
Sending agents SHOULD include the appropriate S/MIME EIT OID value.
Receiving agents SHOULD recognize S/MIME OID values in the EITs field,
and process the message appropriately according to local procedures.
In order that consistency can be obtained in future S/MIME EIT
assignments, the following guidelines should be followed when assigning
a new values of EIT. Values assigned for S/MIME EITs should correspond
to assigned smime-type values on a one to one basis. The restrictions of
section 3.2.2 of [MSG] therefore apply. S/MIME EIT values may coexist
with other EIT values intended to further qualify the makeup of the
protected content.
2.5.1 Enveloped Data
The enveloped data EIT indicates that the X.400 content field contains a
MIME type that has been protected by the CMS Enveloped-data content type
in accordance with [MSG]. The resulting enveloped data CMS content is
conveyed in accordance with section 2.2. This EIT should be indicated by
the following OID value:
id-eit-envelopedData OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) envelopedData(0) }
2.5.2 Signed Data
The signed data EIT indicates that the X.400 content field contains a
MIME type that has been protected by the CMS Signed-data content type in
accordance with [MSG]. The resulting signed data CMS content is conveyed
in accordance with section 2.2. This EIT should be indicated by the
following OID value:
id-eit-signedData OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) signedData(1) }
2.5.3 Certificate Management
The certificate management message is used to transport certificates
and/or CRLs, such as in response to a registration request. This is
described in [CERT3]. The certificate management message consists of a
single instance of CMS content of type Signed-data. The encapContentInfo
eContent field MUST be absent and signerInfos field MUST be empty. The
resulting certificate management CMS content is conveyed in accordance
with section 2.2. This EIT should be indicated by the following OID
value:
id-eit-certManagement OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) certManagement(2) }
2.5.4 Signed Receipt
The signed receipt EIT indicates that the X.400 content field contains a
Receipt content that has been protected by the CMS Signed-data content
type in accordance with [ESS]. The resulting signed data CMS content is
conveyed in accordance with section 2.2. This EIT should be indicated by
the following OID value:
id-eit-signedReceipt OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) signedReceipt(3) }
2.5.5 Enveloped X.400
The enveloped X.400 EIT indicates that the X.400 content field contains
X.400 content that has been protected by the CMS Enveloped-data content
type in accordance with [X400WRAP]. The resulting enveloped X.400 CMS
content is conveyed in accordance with section 2.2. This EIT should be
indicated by the following OID value:
id-eit-envelopedX400 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) envelopedX400(4) }
2.5.6 Signed X.400
The signed X.400 EIT indicates that the X.400 content field contains
X.400 content that has been protected by the CMS Signed-data content
type in accordance with [X400WRAP]. The resulting signed X.400 CMS
content is conveyed in accordance with section 2.2. This EIT should be
indicated by the following OID value:
id-eit-signedX400 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) signedX400(5) }
3. Security Considerations 3. Security Considerations
This entire document discusses the topic of conveying security protocol This entire document discusses the topic of conveying security protocol
structures. Additional security issues are identified in section 5 of structures. Additional security issues are identified in section 5 of
[MSG], section 6 of [ESS] and the Security Considerations section of [MSG], section 6 of [ESS] and the Security Considerations section of
[CMS]. [CMS].
A. References A. References
[CERT3] Ramsdell, B., Editor, "S/MIME Version 3 Certificate
Handling", RFC 2632, June 1999.
[CMS] Housley, R., "Cryptographic Message Syntax", RFC 2630, June 1999. [CMS] Housley, R., "Cryptographic Message Syntax", RFC 2630, June 1999.
[MSG] Ramsdell, B., Editor "S/MIME Version 3 Message Specification", RFC [MSG] Ramsdell, B., Editor "S/MIME Version 3 Message Specification", RFC
2633, June 1999. 2633, June 1999.
[MUSTSHOULD] Bradner, S., "Key words for use in RFCs to Indicate [MUSTSHOULD] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997. Requirement Levels", RFC 2119, March 1997.
[PKCS-7] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version [PKCS-7] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version
1.5", RFC 2315, March 1998. 1.5", RFC 2315, March 1998.
[X.400] ITU-T X.400 Series of Recommendations, Information technology - [X.400] ITU-T X.400 Series of Recommendations, Information technology -
Message Handling Systems (MHS). X.400: System and Service Overview; Message Handling Systems (MHS). X.400: System and Service Overview;
X.402: Overall Architecture; X.411: Message Transfer System: Abstract X.402: Overall Architecture; X.411: Message Transfer System: Abstract
Service Definition and Procedures; X.420: Interpersonal Messaging Service Definition and Procedures; X.420: Interpersonal Messaging
System; 1996. System; 1996.
B. Differences between version -00 and -01 B. Differences between version -01 and -02
Many small corrections from Bill Ottaway. Added section 2.5 and its sub-sections.
Added [CERT3] to Appendix A.
C. Editors' Addresses C. Editors' Addresses
Paul Hoffman Paul Hoffman
Internet Mail Consortium Internet Mail Consortium
127 Segre Place 127 Segre Place
Santa Cruz, CA 95060 USA Santa Cruz, CA 95060 USA
phoffman@imc.org phoffman@imc.org
Chris Bonatti Chris Bonatti
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/