draft-ietf-smime-x400transport-06.txt   draft-ietf-smime-x400transport-07.txt 
S/MIME Working Group S/MIME Working Group
Internet Draft Paul Hoffman, IMC Internet Draft Paul Hoffman, IMC
draft-ietf-smime-x400transport-06.txt Chris Bonatti, IECA draft-ietf-smime-x400transport-07.txt Chris Bonatti, IECA
May 1, 2003 May 12, 2003
Expires November 1, 2003 Expires November 12, 2003
Transporting S/MIME Objects in X.400 Transporting S/MIME Objects in X.400
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
skipping to change at line 140 skipping to change at line 140
If the CMS object is not covered by an outer MIME wrapper, the If the CMS object is not covered by an outer MIME wrapper, the
content-type field of the P1 envelope MUST be set to the following content-type field of the P1 envelope MUST be set to the following
CMS-defined value: CMS-defined value:
id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
content-types(1) 6} content-types(1) 6}
2.2.1 Carrying Plaintext MIME objects as X.400 Content 2.2.1 Carrying Plaintext MIME objects as X.400 Content
When transporting a CMS object in X.400, the preferred approach (except When transporting a plaintext MIME object in X.400, the preferred
as discussed in section 2.3 below) is to convey the object as X.400 approach is to convey the object as X.400 message content. The content-
message content. This section describes how S/MIME CMS objects are type field of the P1 envelope MUST be set to the following CMS-defined
conveyed as the content part of X.400 messages. This mechanism is value:
suitable for transport of CMS-protected messages regardless of the mail
content that has been encapsulated.
Implementations MUST include the CMS object in the content field of the
X.400 message.
If the CMS object is covered by an outer MIME wrapper, the content-type
field of the P1 envelope MUST be set to the following CMS-defined value:
id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs7(7) 1 } rsadsi(113549) pkcs(1) pkcs7(7) 1 }
If the CMS object is not covered by an outer MIME wrapper, the
content-type field of the P1 envelope MUST be set to the following
CMS-defined value:
id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
content-types(1) 6}
2.3 Carrying S/MIME as IPMS Body Parts 2.3 Carrying S/MIME as IPMS Body Parts
Under some circumstances S/MIME CMS-protected messages can be conveyed Under some circumstances S/MIME CMS-protected messages can be conveyed
within select body parts of the content. Implementations generally within select body parts of the content. Implementations generally
SHOULD NOT embed CMS objects within X.400 body parts, but should instead SHOULD NOT embed CMS objects within X.400 body parts, but should instead
convey them as content as described in section 2.2. Nevertheless, one convey them as content as described in section 2.2. Nevertheless, one
notable exception is necessary for the case of forwarding. notable exception is necessary for the case of forwarding.
In instances when CMS objects are forwarded as part of a message In instances when CMS objects are forwarded as part of a message
forwarding function, use of a body part is necessary. When forwarding a forwarding function, use of a body part is necessary. When forwarding a
skipping to change at line 197 skipping to change at line 181
delivery-envelope [1] OtherMessageDeliveryFields OPTIONAL, delivery-envelope [1] OtherMessageDeliveryFields OPTIONAL,
mts-identifier [2] MessageDeliveryIdentifier OPTIONAL} mts-identifier [2] MessageDeliveryIdentifier OPTIONAL}
id-ep-content ::= {joint-iso-itu-t(2) mhs(6) ipms(1) ep(11) 17} id-ep-content ::= {joint-iso-itu-t(2) mhs(6) ipms(1) ep(11) 17}
id-et-content ::= {joint-iso-itu-t(2) mhs(6) ipms(1) et(4) 17} id-et-content ::= {joint-iso-itu-t(2) mhs(6) ipms(1) et(4) 17}
The implementation MUST copy the CMS object to be forwarded into the The implementation MUST copy the CMS object to be forwarded into the
Content field of the content-body-part. The direct-reference field of Content field of the content-body-part. The direct-reference field of
the body part MUST include the OID formed by the concatenation of the the body part MUST include the OID formed by the concatenation of the
id-ep-content value and the following CMS-defined value. id-et-content value and the following CMS-defined value.
id-ct-contentInfo OBJECT IDENTIFIER ::= id-ct-contentInfo OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) content-types(1) 6} pkcs-9(9) smime(16) content-types(1) 6}
For example, to forward any CMS object the DATA component of the body For example, to forward any CMS object the DATA component of the body
part would be identified by { 2 6 1 4 17 1 2 840 113549 1 9 16 1 6 }. part would be identified by { 2 6 1 4 17 1 2 840 113549 1 9 16 1 6 }.
The ForwardedContentParameters are optional and MAY be supported at the The ForwardedContentParameters are optional and MAY be supported at the
discretion of the implementor. The OID value id-et-content MAY also be discretion of the implementor. The OID value id-et-content MAY also be
skipping to change at line 250 skipping to change at line 234
| CMS protection type Inner Content | | CMS protection type Inner Content |
| | | |
+-----------------------------------------------------+ +-----------------------------------------------------+
| | | |
| enveloped-data id-eit-envelopedData | | enveloped-data id-eit-envelopedData |
| EnvelopedData Data | | EnvelopedData Data |
| | | |
| signed-data id-eit-signedData | | signed-data id-eit-signedData |
| SignedData Data | | SignedData Data |
| | | |
| cert-management id-eit-certManagement | | certs-only id-eit-certsOnly |
| SignedData empty (zero-length content) | | SignedData empty (zero-length content) |
| | | |
| signed-receipt id-eit-signedReceipt | | signed-receipt id-eit-signedReceipt |
| SignedData Receipt | | SignedData Receipt |
| | | |
| enveloped-x400 id-eit-envelopedx400 | | enveloped-x400 id-eit-envelopedx400 |
| EnvelopedData X.400 content | | EnvelopedData X.400 content |
| | | |
| signed-x400 id-eit-signedx400 | | signed-x400 id-eit-signedx400 |
| SignedData X.400 content | | SignedData X.400 content |
skipping to change at line 303 skipping to change at line 287
The signed data EIT indicates that the X.400 content field contains a The signed data EIT indicates that the X.400 content field contains a
MIME type that has been protected by the CMS signed-data content type in MIME type that has been protected by the CMS signed-data content type in
accordance with [MSG]. The resulting signed data CMS content is conveyed accordance with [MSG]. The resulting signed data CMS content is conveyed
in accordance with section 2.2. This EIT should be indicated by the in accordance with section 2.2. This EIT should be indicated by the
following OID value: following OID value:
id-eit-signedData OBJECT IDENTIFIER ::= id-eit-signedData OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) id-eit(10) id-eit-signedData(2) } pkcs-9(9) smime(16) id-eit(10) id-eit-signedData(2) }
2.5.3 Certificate Management 2.5.3 Certs Only
The certificate management message is used to transport certificates The certs-only message is used to transport certificates
and/or CRLs, such as in response to a registration request. This is and/or CRLs, such as in response to a registration request. This is
described in [CERT31]. The certificate management message consists of a described in [CERT31]. The certs-only message consists of a
single instance of CMS content of type signed-data. The encapContentInfo single instance of CMS content of type signed-data. The encapContentInfo
eContent field MUST be absent and signerInfos field MUST be empty. The eContent field MUST be absent and signerInfos field MUST be empty. The
resulting certificate management CMS content is conveyed in accordance resulting certs-only CMS content is conveyed in accordance
with section 2.2. This EIT should be indicated by the following OID with section 2.2. This EIT should be indicated by the following OID
value: value:
id-eit-certManagement OBJECT IDENTIFIER ::= id-eit-certsOnly OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) id-eit(10) id-eit-certManagement(3) } pkcs-9(9) smime(16) id-eit(10) id-eit-certsOnly(3) }
2.5.4 Signed Receipt 2.5.4 Signed Receipt
The signed receipt EIT indicates that the X.400 content field contains a The signed receipt EIT indicates that the X.400 content field contains a
Receipt content that has been protected by the CMS signed-data content Receipt content that has been protected by the CMS signed-data content
type in accordance with [ESS]. The resulting CMS signed-data content is type in accordance with [ESS]. The resulting CMS signed-data content is
conveyed in accordance with section 2.2. This EIT should be indicated by conveyed in accordance with section 2.2. This EIT should be indicated by
the following OID value: the following OID value:
id-eit-signedReceipt OBJECT IDENTIFIER ::= id-eit-signedReceipt OBJECT IDENTIFIER ::=
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/