To briefly summarize what transpired in Minneapolis wrt this
draft, we mainly discussed the resolution of the certs-only issue
raised by Bill Ottaway. The thrust was that he was uncomfortable
having an S/MIME type called "certs-only" that in practice might
admit either certificates or CRLs. We seemed to have reached
consensus on altering language to make this a ?cert managent ?
type, rather than "certs-only" on the assumption that a
corresponding change would be made in the revised S/MIME Message
Specification (son-of-RFC2633). Jim Schaad then noted that we
also need to add an smime-type value (and associated OID) for the
signed receipts and other defined values. This seemed valid, and
nobody present objected. I would therefore like to establish
some appropriately revised text covering the various S/MIME types
so that we can reissue the document. To that end, I propose the
following as a new starting point.
I hope this revised text is acceptable to all. Otherwise,
well you know my address... The plan is to revise the
x400transport draft and hopefully propose it for WG Last Call
around the time of the next meeting.
Cheers!
Chris
_____________________________
2.5 Encoded Information Type Indication
In [MSG], the application/pkcs7-mime content type and optional
"smime-type" parameter are used to convey details about the
security applied (signed or enveloped) along with infomation
about the contained content. This may aid receiving S/MIME
implementations in correctly processing the secured content.
Additional values of smime-type are defined in [ESS] and
[X400WRAP]. In an X.400 transport environment, MIME typing is not
available. Therefore the equivalent semantic is conveyed using
the Encoded Information Types (EITs). The EITs are conveyed in
the original-encoded-information-types field of the X.400 message
envelope. This memo defines the following smime-types.
smime-type EIT Value (OID)
Security Inner Content
enveloped-data id-eit-envelopedData
EnvelopedData Data
signed-data id-eit-signedData
SignedData Data
cert-management id-eit-certManagement
SignedData none
signed-receipt id-eit-signedReceipt
SignedData Receipt
enveloped-x400 id-eit-envelopedx400
EnvelopedData X.400 content
signed-x400 id-eit-signedx400
SignedData X.400 content
Sending agents SHOULD include the appropriate S/MIME EIT OID
value. Receiving agents SHOULD recognize S/MIME OID values in
the EITs field, and process the message appropriately according
to local procedures.
In order that consistency can be obtained with future, the
following guidelines should be followed when assigning a new
values of EIT. Values assigned for S/MIME EITs should correspond
to assigned smime-type values on a one to one basis. The
restrictions of section 3.2.2 of [MSG] therefore apply. S/MIME
EIT values may coexist with other EIT values intended to further
qualify the makeup of the protected content.
2.5.1 Enveloped Data
The enveloped data EIT indicates that the X.400 content field
contains a MIME type that has been protected by the CMS
Enveloped-data content type in accordance with [MSG]. The
resulting enveloped data CMS content is conveyed in accordance
with section 2.2. This EIT should be indicated by the following
OID value:
id-eit-envelopedData OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) envelopedData(0) }
2.5.2 Signed Data
The signed data EIT indicates that the X.400 content field
contains a MIME type that has been protected by the CMS
Signed-data content type in accordance with [MSG]. The resulting
signed data CMS content is conveyed in accordance with section
2.2. This EIT should be indicated by the following OID value:
id-eit-signedData OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) signedData(1) }
2.5.3 Certificate Management
The certificate management message is used to transport
certificates and/or CRLs, such as in response to a registration
request. The certificate management message consists of a single
instance of CMS content of type Signed-data. The
encapContentInfo eContent field MUST be absent and signerInfos
field MUST be empty. The resulting certificate management CMS
content is conveyed in accordance with section 2.2. This EIT
should be indicated by the following OID value:
id-eit-certManagement OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) certManagement(2) }
2.5.4 Signed Receipt
The signed receipt EIT indicates that the X.400 content field
contains a Receipt content that has been protected by the CMS
Signed-data content type in accordance with [ESS]. The resulting
signed data CMS content is conveyed in accordance with section
2.2. This EIT should be indicated by the following OID value:
id-eit-signedReceipt OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) signedReceipt(3) }
2.5.5 Enveloped X.400
The enveloped X.400 EIT indicates that the X.400 content field
contains X.400 content that has been protected by the CMS
Enveloped-data content type in accordance with [X400WRAP]. The
resulting enveloped X.400 CMS content is conveyed in accordance
with section 2.2. This EIT should be indicated by the following
OID value:
id-eit-envelopedX400 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) envelopedX400(4) }
2.5.6 Signed X.400
The signed X.400 EIT indicates that the X.400 content field
contains X.400 content that has been protected by the CMS
Signed-data content type in accordance with [X400WRAP]. The
resulting signed X.400 CMS content is conveyed in accordance with
section 2.2. This EIT should be indicated by the following OID
value:
id-eit-signedX400 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) eits(***) signedX400(5) }