Network Working Group J. Schaad
Request for Comments: 5273 Soaring Hawk Consulting
Category: Standards Track M. Myers
TraceRoute Security, Inc.
June 2008
Certificate Management over CMS (CMC): Transport Protocols
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
This document defines a number of transport mechanisms that are used
to move CMC (Certificate Management over CMS (Cryptographic Message
Syntax)) messages. The transport mechanisms described in this
document are HTTP, file, mail, and TCP.
1. Overview
This document defines a number of transport methods that are used to
move CMC messages (defined in [CMC-STRUCT]). The transport
mechanisms described in this document are HTTP, file, mail, and TCP.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [MUST].
2. File-Based Protocol
Enrollment messages and responses may be transferred between clients
and servers using file-system-based mechanisms, such as when
enrollment is performed for an off-line client. When files are used
to transport binary, Full PKI Request or Full PKI Response messages,
there MUST be only one instance of a request or response message in a
single file. The following file type extensions SHOULD be used:
Schaad & Myers Standards Track [Page 1]
RFC 5273 CMC: Transport Protocols June 2008
+---------------------+----------------+
| Message Type | File Extension |
+---------------------+----------------+
| Simple PKI Request | .p10 |
| Full PKI Request | .crq |
| Simple PKI Response | .p7c |
| Full PKI Response | .crp |
+---------------------+----------------+
File PKI Request/Response Identification
3. Mail-Based Protocol
MIME wrapping is defined for those environments that are MIME native.
The basic mime wrapping in this section is taken from [SMIMEV3].
When using a mail-based protocol, MIME wrapping between the layers of
CMS wrapping is optional. Note that this is different from the
standard S/MIME (Secure MIME) message.
Simple enrollment requests are encoded using the "application/pkcs10"
content type. A file name MUST be included either in a content-type
or a content-disposition statement. The extension for the file MUST
be ".p10".
Simple enrollment response messages MUST be encoded as content type
"application/pkcs7-mime". An smime-type parameter MUST be on the
content-type statement with a value of "certs-only". A file name
with the ".p7c" extension MUST be specified as part of the content-
type or content-disposition statement.
Full enrollment request messages MUST be encoded as content type
"application/pkcs7-mime". The smime-type parameter MUST be included
with a value of "CMC-Request". A file name with the ".p7m" extension
MUST be specified as part of the content-type or content-disposition
statement.
Full enrollment response messages MUST be encoded as content type
"application/pkcs7-mime". The smime-type parameter MUST be included
with a value of "CMC-response". A file name with the ".p7m"
extension MUST be specified as part of the content-type or content-
disposition statement.
Schaad & Myers Standards Track [Page 2]
RFC 5273 CMC: Transport Protocols June 2008
+--------------+------------------------+------------+--------------+
| Item | MIME Type | File | SMIME Type |
| | | Extension | |
+--------------+------------------------+------------+--------------+
datatracker.ietf.org