Securing Header Fields with S/MIME
draft-cailleux-secure-headers-07
Network Working Group L. Cailleux
Internet-Draft DGA MI
Intended status: Experimental C. Bonatti
Expires: 17 May 2015 IECA
17 November 2014
Securing Header Fields with S/MIME
draft-cailleux-secure-headers-07
Abstract
This document describes how the S/MIME protocol can be
extended in order to secure message header fields. This
technology provides security services such as data integrity,
non-repudiation and confidentiality. This extension is
referred to as 'Secure Headers'.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet
Engineering Task Force (IETF). Note that other groups may
also distribute working documents as Internet-Drafts. The
list of current Internet-Drafts is at
http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-
Drafts as reference material or to cite them other than as
"work in progress."
This Internet-Draft will expire on 26 January 2015.
Cailleux & Bonatti Expires 17 May 2015 [Page 1]
Internet-Draft Securing Header Fields with S/MIME Nov 2014
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as
the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date
of publication of this document. Please review these
documents carefully, as they describe your rights and
restrictions with respect to this document. Code Components
extracted from this document MUST include Simplified BSD
License text as described in Section 4.e of the Trust Legal
Provisions and are provided without warranty as described in
the Simplified BSD License.
Table of Contents
1. Introduction..............................................3
2. Terminology and conventions used in this document.........3
3. Context...................................................5
4. Mechanisms to secure message header fields................7
4.1. ASN.1 syntax of secure header fields.................9
4.2. Secure header fields length and format..............10
4.3. Canonization algorithm..............................10
4.4. Header fields statuses..............................11
4.5. Signature Process...................................11
4.5.1. Signature Generation Process...................11
4.5.2. Signature verification process.................12
4.6. Encryption and Decryption Processes.................14
4.6.1. Encryption Process.............................14
4.6.2. Decryption Process.............................15
5. Case of triple wrapping..................................16
6. Security Gateways........................................17
7. Security Considerations..................................17
8. IANA Considerations......................................18
9. References...............................................18
9.1. Normative References................................18
9.2. Informative References..............................19
Appendix A. Formal syntax of Secure Header..................20
Cailleux & Bonatti Expires 17 May 2015 [Page 2]
Internet-Draft Securing Header Fields with S/MIME Nov 2014
Appendix B. Secure Header Fields example....................22
Appendix C. Acknowledgements................................24
1. Introduction
S/MIME [RFC 5751] standard defines a data encapsulation format
for the achievement of end to end security services such as
integrity, authentication, non-repudiation and
confidentiality. By default, S/MIME secures message body
parts, at the exclusion of the message header fields.
S/MIME provides an alternative solution to secure header
fields. "The sending client MAY wrap a full MIME [RFC 2045]
message in a message/rfc822 wrapper in order to apply S/MIME
security services to header fields". However, the S/MIME
solution doesn't provide any guidance regarding what subset of
message header fields to secure, procedures for clients to
reconcile the "inner" and "outer" headers, or procedures for
Show full document text