The latest revision (hopefully last) of the PEM/MIME integration
document has been sent to internet drafts. I'm expecting it to appear
either today or tomorrow.
This revision is:
a. editorially radically different than the last version - a diff of the
two version is *not* possible
b. technically differs from the last in exactly one respect: all key
selectors are represented in hexadecimal (per working group approval)
The editorial changes are as follows.
1. The name is now MOSS - MIME Object Security Services. This means
that all places where the string "PEM" (or "pem") was part of a label
have been changed to "MOSS" (or "moss"), e.g.,
application/pem-keys -> application/moss-keys
2. There is no dependence on RFC 1421 (the PEM procedures) or RFC 1422
(the PEM certification hierarchy). The MOSS protocol does use the
same cryptographic algorithm identifiers as PEM, which are specified
in RFC 1423, although the protocol itself is completely cryptographic
algorithm independent.
3. The document is characterized as a derivate of PEM, neither forward
nor backward, just different. There is a section that compares PEM
with MOSS and describes the differences, without passing judgement on
which is better.
4. The document has been re-organized. It jumps right in to the MOSS
protocol and works it way down to the details, in contrast to
starting right off with names and identifiers. I've included the
table of contents in the next section for a preview.
Please do look at this version when it comes out. If you haven't looked
a version in a while this one is different enough that it is well worth
the time.
Thanks!
Jim
Table of Contents
Status of this Memo ............................................. 1
Abstract ........................................................ 1
1 Introduction ................................................... 2
2 Applying MIME Object Security Services ......................... 3
2.1 Digital Signature Service .................................... 4
2.1.1 Canonicalization ........................................... 4
2.1.2 Digital Signature Control Information ...................... 6
2.1.2.1 Version: ................................................. 7
2.1.2.2 Originator-ID: ........................................... 7
2.1.2.3 MIC-Info: ................................................ 8
2.1.3 application/moss-signature Content Type Definition ......... 8
2.1.4 Use of multipart/signed Content Type ....................... 10
2.2 Encryption Service ........................................... 11
2.2.1 Encryption Control Information ............................. 12
2.2.1.1 DEK-Info: ................................................ 13
2.2.1.2 Recipient-ID: ............................................ 13
2.2.1.3 Key-Info: ................................................ 14
2.2.2 application/moss-keys Content Type Definition .............. 14
2.2.3 Use of multipart/encrypted Content Type .................... 15
3 Removing MIME Object Security Services ......................... 16
3.1 Digital Signature Service .................................... 17
3.1.1 Preparation ................................................ 18
3.1.2 Verification ............................................... 18
3.1.3 Results .................................................... 18
3.2 Encryption Service ........................................... 19
3.2.1 Preparation ................................................ 19
3.2.2 Decryption ................................................. 19
3.2.3 Results .................................................... 20
4 Identifying Originators, Recipients, and Their Keys ............ 20
4.1 Name Forms ................................................... 22
4.1.1 Email Addresses ............................................ 22
4.1.2 Arbitrary Strings .......................................... 22
4.1.3 Distinguished Names ........................................ 23
4.2 Identifiers .................................................. 23
4.2.1 Email Address .............................................. 24
4.2.2 Arbitrary String ........................................... 25
4.2.3 Distinguished Name ......................................... 25
4.2.4 Public Key ................................................. 26
4.2.5 Issuer Name and Serial Number .............................. 27
5 Key Management Content Types ................................... 27
5.1 application/mosskey-request Content Type Definition .......... 28
5.2 application/mosskey-data Content Type Definition ............. 29
6 Examples ....................................................... 31
6.1 Original Message Prepared for Protection ..................... 31
6.2 Sign Text of Original Message ................................ 31
6.3 Sign Headers and Text of Original Message .................... 32
6.4 Encrypt Text of a Message .................................... 33
6.5 Encrypt the Signed Text of a Message ......................... 34
6.6 Protecting Audio Content ..................................... 36
6.6.1 Sign Audio Content ......................................... 37
6.6.2 Encrypt Audio Content ...................................... 37
7 Observations ................................................... 38
8 Comparison of MOSS and PEM Protocols ........................... 39
9 Security Considerations ........................................ 40
10 Acknowledgements .............................................. 41
11 References .................................................... 41
12 Authors' Addresses ............................................ 42
Appendix A: Collected Grammar ................................... 43
Appendix B: Imported Grammar .................................... 47