Securing Header Fields with S/MIME
RFC 7508

Document Type RFC - Experimental (April 2015; No errata)
Last updated 2015-04-22
Stream ISE
Formats plain text pdf html
IETF conflict review conflict-review-cailleux-secure-headers
Stream ISE state Published RFC
Document shepherd Nevil Brownlee
Shepherd write-up Show (last changed 2014-08-11)
IESG IESG state RFC 7508 (Experimental)
Telechat date
Responsible AD (None)
Send notices to (None)
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
Independent Submission                                       L. Cailleux
Request for Comments: 7508                                        DGA MI
Category: Experimental                                        C. Bonatti
ISSN: 2070-1721                                                     IECA
                                                              April 2015

                   Securing Header Fields with S/MIME

Abstract

   This document describes how the S/MIME protocol can be extended in
   order to secure message header fields defined in RFC 5322.  This
   technology provides security services such as data integrity, non-
   repudiation, and confidentiality.  This extension is referred to as
   'Secure Headers'.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for examination, experimental implementation, and
   evaluation.

   This document defines an Experimental Protocol for the Internet
   community.  This is a contribution to the RFC Series, independently
   of any other RFC stream.  The RFC Editor has chosen to publish this
   document at its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7508.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Cailleux & Bonatti            Experimental                      [Page 1]
RFC 7508           Securing Header Fields with S/MIME         April 2015

Table of Contents

   1. Introduction ....................................................2
   2. Terminology and Conventions Used in This Document ...............3
   3. Context .........................................................4
   4. Mechanisms to Secure Message Header Fields ......................6
      4.1. ASN.1 Syntax of Secure Header Fields .......................7
      4.2. Secure Header Fields Length and Format .....................8
      4.3. Canonicalization Algorithm .................................8
      4.4. Header Field Statuses ......................................8
      4.5. Signature Process ..........................................9
           4.5.1. Signature Generation Process ........................9
           4.5.2. Signature Verification Process .....................10
      4.6. Encryption and Decryption Processes .......................11
           4.6.1. Encryption Process .................................11
           4.6.2. Decryption Process .................................12
   5. Case of Triple Wrapping ........................................13
   6. Security Gateways ..............................................13
   7. Security Considerations ........................................13
   8. IANA Considerations ............................................14
   9. References .....................................................14
      9.1. Normative References ......................................14
      9.2. Informative References ....................................15
   Appendix A. Formal Syntax of Secure Header ........................16
   Appendix B. Example of Secure Header Fields .......................18
   Acknowledgements ..................................................19
   Authors' Addresses ................................................19

1.  Introduction

   The S/MIME [RFC5751] standard defines a data encapsulation format for
   the achievement of end-to-end security services such as integrity,
   authentication, non-repudiation, and confidentiality.  By default,
   S/MIME secures message body parts, at the exclusion of the message
   header fields.

   S/MIME provides an alternative solution to secure header fields: "the
   sending client MAY wrap a full MIME message in a message/rfc822
   wrapper in order to apply S/MIME security services to header fields".
   However, the S/MIME solution doesn't provide any guidance regarding
   what subset of message header fields to secure, procedures for
   clients to reconcile the "inner" and "outer" headers, or procedures
   for client interpretation or display of any failures.
Show full document text