LAMPS Working Group                                         D.K. Gillmor
Internet-Draft                            American Civil Liberties Union
Intended status: Standards Track                            B. Hoeneisen
Expires: 8 September 2022                                 pEp Foundation
                                                             A. Melnikov
                                                               Isode Ltd
                                                            7 March 2022


                      Header Protection for S/MIME
                 draft-ietf-lamps-header-protection-08

Abstract

   S/MIME version 3.1 introduced a mechanism to provide end-to-end
   cryptographic protection of e-mail message headers.  However, few
   implementations generate messages using this mechanism, and several
   legacy implementations have revealed rendering or security issues
   when handling such a message.

   This document updates the S/MIME specification to offer a different
   mechanism that provides the same cryptographic protections but with
   fewer downsides when handled by legacy clients.  Furthermore, it
   offers more explicit guidance for clients when generating or handling
   e-mail messages with cryptographic protection of message headers.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 8 September 2022.

Copyright Notice

   Copyright (c) 2022 IETF Trust and the persons identified as the
   document authors.  All rights reserved.




Gillmor, et al.         Expires 8 September 2022                [Page 1]


Internet-Draft          Header Protection S/MIME              March 2022


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   5
     1.1.  Two Schemes of Header Protection  . . . . . . . . . . . .   6
     1.2.  Problems with Wrapped Messages  . . . . . . . . . . . . .   6
     1.3.  Problems with Injected Headers  . . . . . . . . . . . . .   7
     1.4.  Motivation  . . . . . . . . . . . . . . . . . . . . . . .   7
       1.4.1.  Backward Compatibility  . . . . . . . . . . . . . . .   7
       1.4.2.  Deliverability  . . . . . . . . . . . . . . . . . . .   8
     1.5.  Other Protocols to Protect Email Header Fields  . . . . .   8
     1.6.  Applicability to PGP/MIME . . . . . . . . . . . . . . . .   9
     1.7.  Requirements Language . . . . . . . . . . . . . . . . . .   9
     1.8.  Terms . . . . . . . . . . . . . . . . . . . . . . . . . .   9
     1.9.  Document Scope  . . . . . . . . . . . . . . . . . . . . .  10
       1.9.1.  Out of Scope  . . . . . . . . . . . . . . . . . . . .  11
   2.  Specification . . . . . . . . . . . . . . . . . . . . . . . .  11
     2.1.  Injected Headers Scheme . . . . . . . . . . . . . . . . .  12
     2.2.  Wrapped Message Scheme  . . . . . . . . . . . . . . . . .  12
     2.3.  Sending Side  . . . . . . . . . . . . . . . . . . . . . .  12
       2.3.1.  Composing a Cryptographically-Protected Message Without
               Header Protection . . . . . . . . . . . . . . . . . .  12
       2.3.2.  Header Confidentiality Policy . . . . . . . . . . . .  13
       2.3.3.  Composing with "Injected Headers" Header
               Protection  . . . . . . . . . . . . . . . . . . . . .  14
       2.3.4.  Composing with "Wrapped Message" Header Protection  .  18
       2.3.5.  Choosing Between Wrapped Message and Injected
               Headers . . . . . . . . . . . . . . . . . . . . . . .  19
     2.4.  Default Header Confidentiality Policy . . . . . . . . . .  19
       2.4.1.  Minimalist Header Confidentiality Policy  . . . . . .  20
       2.4.2.  Strong Header Confidentiality Policy  . . . . . . . .  20
       2.4.3.  Offering Stronger Header Confidentiality  . . . . . .  20
     2.5.  Receiving Side  . . . . . . . . . . . . . . . . . . . . .  21
       2.5.1.  Identifying that a Message has Header Protection  . .  21
       2.5.2.  Updating the Cryptographic Summary  . . . . . . . . .  22
       2.5.3.  Rendering a Message with Injected Headers . . . . . .  22
       2.5.4.  Rendering a Wrapped Message . . . . . . . . . . . . .  25
       2.5.5.  Guidance for Automated Message Handling . . . . . . .  27
       2.5.6.  Affordances for Debugging and Troubleshooting . . . .  28
       2.5.7.  Rendering Other Schemes . . . . . . . . . . . . . . .  28



Gillmor, et al.         Expires 8 September 2022                [Page 2]


Internet-Draft          Header Protection S/MIME              March 2022


       2.5.8.  Composing a Reply to an Encrypted Message with Header
               Protection  . . . . . . . . . . . . . . . . . . . . .  29
       2.5.9.  Implicitly-rendered Header Fields . . . . . . . . . .  30
       2.5.10. Unprotected Header Fields Added in Transit  . . . . .  30
   3.  E-mail Ecosystem Evolution  . . . . . . . . . . . . . . . . .  32
     3.1.  Dropping Legacy Display Elements  . . . . . . . . . . . .  32
   4.  Usability Considerations  . . . . . . . . . . . . . . . . . .  32
     4.1.  Mixed Protections Within a Message Are Hard To
           Understand  . . . . . . . . . . . . . . . . . . . . . . .  33
     4.2.  Users Should Not Have To Choose a Header Confidentiality
           Policy  . . . . . . . . . . . . . . . . . . . . . . . . .  33
     4.3.  Users Should Not Have To Choose a Header Protection
           Scheme  . . . . . . . . . . . . . . . . . . . . . . . . .  33
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  33
   6.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .  33
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  33
   8.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  33
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  33
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .  33
     9.2.  Informative References  . . . . . . . . . . . . . . . . .  34
   Appendix A.  Possible Problems with some Legacy Clients . . . . .  35
     A.1.  Problems Reviewing signed+encrypted Messages in List
           View  . . . . . . . . . . . . . . . . . . . . . . . . . .  36
     A.2.  Problems when Rendering a signed+encrypted Message  . . .  36
     A.3.  Problems when Replying to a signed+encrypted Message  . .  37
     A.4.  Problems Reviewing signed-only Messages in List View  . .  37
     A.5.  Problems when Rendering a signed-only Message . . . . . .  38
     A.6.  Problems when Replying to a signed-only Message . . . . .  38
   Appendix B.  Test Vectors . . . . . . . . . . . . . . . . . . . .  39
     B.1.  Baseline Messages . . . . . . . . . . . . . . . . . . . .  39
       B.1.1.  No cryptographic protections over a simple message  .  39
       B.1.2.  S/MIME signed-only signedData over a simple message, No
               Header Protection . . . . . . . . . . . . . . . . . .  40
       B.1.3.  S/MIME signed-only multipart/signed over a simple
               message, No Header Protection . . . . . . . . . . . .  42
       B.1.4.  S/MIME encrypted and signed over a simple message, No
               Header Protection . . . . . . . . . . . . . . . . . .  44
       B.1.5.  No cryptographic protections over a complex
               message . . . . . . . . . . . . . . . . . . . . . . .  47
       B.1.6.  S/MIME signed-only signedData over a complex message,
               No Header Protection  . . . . . . . . . . . . . . . .  48
       B.1.7.  S/MIME signed-only multipart/signed over a complex
               message, No Header Protection . . . . . . . . . . . .  50
       B.1.8.  S/MIME encrypted and signed over a complex message, No
               Header Protection . . . . . . . . . . . . . . . . . .  53
     B.2.  Signed-only Messages  . . . . . . . . . . . . . . . . . .  57
       B.2.1.  S/MIME signed-only signedData over a simple message,
               Wrapped Message . . . . . . . . . . . . . . . . . . .  57



Gillmor, et al.         Expires 8 September 2022                [Page 3]


Internet-Draft          Header Protection S/MIME              March 2022


       B.2.2.  S/MIME signed-only multipart/signed over a simple
               message, Wrapped Message  . . . . . . . . . . . . . .  59
       B.2.3.  S/MIME signed-only signedData over a simple message,
               Injected Headers  . . . . . . . . . . . . . . . . . .  61
       B.2.4.  S/MIME signed-only multipart/signed over a simple
               message, Injected Headers . . . . . . . . . . . . . .  63
       B.2.5.  S/MIME signed-only signedData over a complex message,
               Wrapped Message . . . . . . . . . . . . . . . . . . .  65
       B.2.6.  S/MIME signed-only multipart/signed over a complex
               message, Wrapped Message  . . . . . . . . . . . . . .  67
       B.2.7.  S/MIME signed-only signedData over a complex message,
               Injected Headers  . . . . . . . . . . . . . . . . . .  70
       B.2.8.  S/MIME signed-only multipart/signed over a complex
               message, Injected Headers . . . . . . . . . . . . . .  73
     B.3.  Encrypted-and-signed Messages . . . . . . . . . . . . . .  76
       B.3.1.  S/MIME encrypted and signed over a simple message,
               Wrapped Message with hcp_minimal  . . . . . . . . . .  76
       B.3.2.  S/MIME encrypted and signed over a simple message,
               Injected Headers with hcp_minimal . . . . . . . . . .  79
       B.3.3.  S/MIME encrypted and signed over a simple message,
               Injected Headers with hcp_minimal (+ Legacy Display)  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  82
       B.3.4.  S/MIME encrypted and signed over a simple message,
               Wrapped Message with hcp_strong . . . . . . . . . . .  85
       B.3.5.  S/MIME encrypted and signed over a simple message,
               Injected Headers with hcp_strong  . . . . . . . . . .  88
       B.3.6.  S/MIME encrypted and signed over a simple message,
               Injected Headers with hcp_strong (+ Legacy Display) .  91
       B.3.7.  S/MIME encrypted and signed reply over a simple
               message, Wrapped Message with hcp_minimal . . . . . .  94
       B.3.8.  S/MIME encrypted and signed reply over a simple
               message, Injected Headers with hcp_minimal  . . . . .  97
       B.3.9.  S/MIME encrypted and signed reply over a simple
               message, Injected Headers with hcp_minimal (+ Legacy
               Display)  . . . . . . . . . . . . . . . . . . . . . . 100
       B.3.10. S/MIME encrypted and signed reply over a simple
               message, Wrapped Message with hcp_strong  . . . . . . 103
       B.3.11. S/MIME encrypted and signed reply over a simple
               message, Injected Headers with hcp_strong . . . . . . 106
       B.3.12. S/MIME encrypted and signed reply over a simple
               message, Injected Headers with hcp_strong (+ Legacy
               Display)  . . . . . . . . . . . . . . . . . . . . . . 109
       B.3.13. S/MIME encrypted and signed over a complex message,
               Wrapped Message with hcp_minimal  . . . . . . . . . . 113
       B.3.14. S/MIME encrypted and signed over a complex message,
               Injected Headers with hcp_minimal . . . . . . . . . . 116
       B.3.15. S/MIME encrypted and signed over a complex message,
               Injected Headers with hcp_minimal (+ Legacy Display)  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120




Gillmor, et al.         Expires 8 September 2022                [Page 4]


Internet-Draft          Header Protection S/MIME              March 2022


       B.3.16. S/MIME encrypted and signed over a complex message,
               Wrapped Message with hcp_strong . . . . . . . . . . . 124
       B.3.17. S/MIME encrypted and signed over a complex message,
               Injected Headers with hcp_strong  . . . . . . . . . . 128
       B.3.18. S/MIME encrypted and signed over a complex message,
               Injected Headers with hcp_strong (+ Legacy Display) . 132
       B.3.19. S/MIME encrypted and signed reply over a complex
               message, Wrapped Message with hcp_minimal . . . . . . 136
       B.3.20. S/MIME encrypted and signed reply over a complex
               message, Injected Headers with hcp_minimal  . . . . . 140
       B.3.21. S/MIME encrypted and signed reply over a complex
               message, Injected Headers with hcp_minimal (+ Legacy
               Display)  . . . . . . . . . . . . . . . . . . . . . . 144
       B.3.22. S/MIME encrypted and signed reply over a complex
               message, Wrapped Message with hcp_strong  . . . . . . 148
       B.3.23. S/MIME encrypted and signed reply over a complex
               message, Injected Headers with hcp_strong . . . . . . 152
       B.3.24. S/MIME encrypted and signed reply over a complex
               message, Injected Headers with hcp_strong (+ Legacy
               Display)  . . . . . . . . . . . . . . . . . . . . . . 155
   Appendix C.  Additional information . . . . . . . . . . . . . . . 159
     C.1.  Stored Variants of Messages with Bcc  . . . . . . . . . . 159
   Appendix D.  Examples . . . . . . . . . . . . . . . . . . . . . . 160
     D.1.  Example text/plain Cryptographic Payload with Legacy
           Display Elements  . . . . . . . . . . . . . . . . . . . . 160
     D.2.  Example text/html Cryptographic Payload with Legacy Display
           Elements  . . . . . . . . . . . . . . . . . . . . . . . . 161
   Appendix E.  Document Considerations  . . . . . . . . . . . . . . 162
   Appendix F.  Document Changelog . . . . . . . . . . . . . . . . . 163
   Appendix G.  Open Issues  . . . . . . . . . . . . . . . . . . . . 164
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . 165

1.  Introduction

   Privacy and security issues regarding email Header Protection in S/
   MIME have been identified for some time.  Most current
   implementations of cryptographically-protected electronic mail
   protect only the body of the message, which leaves significant room
   for attacks against otherwise-protected messages.  For example, lack
   of header protection allows an attacker to substitute the message
   subject and/or author.

   This document describes two different structures for how message
   headers can be cryptographically protected, and provides guidance for
   implementers of MUAs that generate and interpret such messages.  It
   takes particular care to ensure that messages interact reasonably
   well with legacy MUAs.




Gillmor, et al.         Expires 8 September 2022                [Page 5]


Internet-Draft          Header Protection S/MIME              March 2022


1.1.  Two Schemes of Header Protection

   This document addresses two different schemes for cryptographically
   protecting email header sections or fields and provides guidance to
   implementers.

   One scheme is the form specified in S/MIME 3.1 and later, which
   involves wrapping a message/rfc822 or message/global MIME object with
   a Cryptographic Envelope around the message to protect.  This
   document calls this scheme "Wrapped Message", and it is documented in
   more detail in [RFC8551].  Experience has shown that this form does
   not interact well with some legacy MUAs (see Section 1.2).

   Consequently, another form of header protection is introduced, where
   the protected header fields are placed directly on the Cryptographic
   Payload, without using an intervening message/* MIME object.  This
   document calls this scheme "Injected Headers", and it is documented
   in more detail in this document, in Section 2.3.3 and Section 2.5.3.

1.2.  Problems with Wrapped Messages

   Several legacy MUAs have revealed rendering issues when dealing with
   a message that uses the Wrapped Message header protection scheme.

   In the worst cases, some mail user agents cannot render message/
   rfc822 message subparts at all, in violation of baseline MIME
   requirements as described on page 5 of [RFC2049].  This leaves all
   wrapped messages unreadable by any recipient using such a MUA.

   In other cases, the user sees an attachment suggesting a forwarded
   email message, which -- in fact -- contains the protected email
   message that should be rendered directly.  In most of these cases,
   the user can click on the attachment to view the protected message.

   However, viewing the protected message as an attachment in isolation
   may strip it of any security indications, leaving the user unable to
   assess the cryptographic properties of the message.  Worse, for
   encrypted messages, interacting with the protected message in
   isolation may leak contents of the cleartext, for example, if the
   reply is not also encrypted.











Gillmor, et al.         Expires 8 September 2022                [Page 6]


Internet-Draft          Header Protection S/MIME              March 2022


1.3.  Problems with Injected Headers

   A legacy MUA dealing with an encrypted message that has some header
   fields obscured using the Injected Headers scheme will not render the
   obscured header fields to the user at all.  A workaround "legacy
   display" mechanism is provided in this document, which most legacy
   MUAs should render to the user, albeit not in the same location that
   the header fields would normally be rendered.

1.4.  Motivation

   Users generally do not understand the distinction between message
   body and message header.  When an e-mail message has cryptographic
   protections that cover the message body, but not the header fields,
   several attacks become possible.

   For example, a legacy signed message has a signature that covers the
   body but not the header fields.  An attacker can therefore modify the
   header fields (including the Subject header) without invalidating the
   signature.  Since most readers consider a message body in the context
   of the message's Subject header, the meaning of the message itself
   could change drastically (under the attacker's control) while still
   retaining the same cryptographic indicator of authenticity.

   In another example, a legacy encrypted message has its body
   effectively hidden from an adversary that snoops on the message.  But
   if the header fields are not also encrypted, significant information
   about the message (such as the message Subject) will leak to the
   inspecting adversary.

   However, if the sending and receiving MUAs ensure that cryptographic
   protections cover the message headers as well as the message body,
   these attacks are defeated.

1.4.1.  Backward Compatibility

   If the sending MUA is unwilling to generate such a fully-protected
   message due to the potential for rendering, usability,
   deliverability, or security issues, these defenses cannot be
   realized.

   The sender cannot know what MUA (or MUAs) the recipient will use to
   handle the message.  Thus, an outbound message format that is
   backward-compatible with as many legacy implementations as possible
   is a more effective vehicle for providing the whole-message
   cryptographic protections described above.





Gillmor, et al.         Expires 8 September 2022                [Page 7]


Internet-Draft          Header Protection S/MIME              March 2022


   This document aims for backward compatibility with legacy clients to
   the extent possible.  In some cases, like when a user-visible header
   like the Subject is cryptographically hidden, the message cannot
   behave entirely identically to a legacy client.  But accommodations
   are described here that ensure a rough semantic equivalence for
   legacy clients even in these cases.

1.4.2.  Deliverability

   A message that cannot be delivered is less useful than a message with
   perfect cryptographic protections.  Senders want their messages to
   reach the intended recipients.

   Given the current state of the Internet mail ecosystem, encrypted
   messages in particular cannot shield all of their header fields from
   visibility and still be guaranteed delivery to their intended
   recipient.

   This document accounts for this concern by providing a mechanism
   (Section 2.3.2) that prioritizes initial deliverability (at the cost
   of some header leakage) while facilitating future message variants
   that shield more header metadata from casual inspection.

1.5.  Other Protocols to Protect Email Header Fields

   A separate pair of protocols also provides some cryptographic
   protection for the email message header integrity: DomainKeys
   Identified Mail (DKIM) [RFC6376], as used in combination with Domain-
   based Message Authentication, Reporting, and Conformance (DMARC)
   [RFC7489].  This pair of protocols provides a domain-based reputation
   mechanism that can be used to mitigate some forms of unsolicited
   email (spam).

   However, the DKIM+DMARC suite provides cryptographic protection at a
   different scope than the mechanisms described here.  In particular,
   the message integrity and authentication signals provided by
   DKIM+DMARC correspond to the domain name of the sending e-mail
   address, not the sending address itself, so DKIM+DMARC not provide
   end-to-end protection.  DKIM+DMARC are typically applied to messages
   by (and interpreted by) mail transfer agents, not mail user agents.
   The mechanisms in this document are typically applied to messages by
   (and interpreted by) mail user agents.

   Furthermore, DKIM+DMARC only provides cryptographic integrity and
   authentication, not encryption.  So cryptographic confidentiality is
   not available from that suite.





Gillmor, et al.         Expires 8 September 2022                [Page 8]


Internet-Draft          Header Protection S/MIME              March 2022


   DKIM+DMARC can be used on any message, including messages formed as
   described in this document.  There should be no conflict between
   these schemes.

1.6.  Applicability to PGP/MIME

   This document describes end-to-end cryptographic protections for
   e-mail messages in reference to S/MIME ([RFC8551]).

   Comparable end-to-end cryptographic protections can also be provided
   by PGP/MIME ([RFC3156]).

   The mechanisms in this document should be applicable in the PGP/MIME
   protections as well as S/MIME protections, but analysis and
   implementation in this document focuses on S/MIME.

   To the extent that any divergence from the mechanism described here
   is necessary for PGP/MIME, that divergence is out of scope for this
   document.

1.7.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

1.8.  Terms

   The following terms are defined for the scope of this document:

   *  S/MIME: Secure/Multipurpose Internet Mail Extensions (see
      [RFC8551])

   *  PGP/MIME: MIME Security with OpenPGP (see [RFC3156])

   *  Message: An Email Message consisting of Header Fields
      (collectively called "the Header Section of the message")
      followed, optionally, by a Body; see [RFC5322].

      Note: To avoid ambiguity, this document avoids using the terms
      "Header" or "Headers" in isolation, but instead always uses
      "Header Field" to refer to the individual field and "Header
      Section" to refer to the entire collection.

   *  Header Field: A Header Field is a line beginning with a field
      name, followed by a colon (":"), followed by a field body (value),
      and terminated by CRLF; see [RFC5322].




Gillmor, et al.         Expires 8 September 2022                [Page 9]


Internet-Draft          Header Protection S/MIME              March 2022


   *  Header Section: The Header Section is a sequence of lines of
      characters with special syntax as defined in [RFC5322].  It is the
      top section of a Message, and it contains the Header Fields
      associated with the Message itself.

   *  Body: The Body is the part of a Message that follows the Header
      Section and is separated from the Header Section by an empty line
      (i.e., a line with nothing preceding the CRLF); see [RFC5322].  It
      is the (bottom) section of Message containing the payload of a
      Message.  Typically, the Body consists of a (possibly multipart)
      MIME [RFC2045] construct.

   *  Header Protection: cryptographic protection of email Header
      Sections (or parts of it) for signatures and/or encryption

   *  Cryptographic Layer, Cryptographic Payload, Cryptographic
      Envelope, Structural Headers, Main Body Part, User-Facing Headers,
      and MUA are all used as defined in
      [I-D.ietf-lamps-e2e-mail-guidance]

   *  Legacy MUA: a MUA that does not understand header protection as
      described in this document.  A Legacy Non-Crypto MUA is incapable
      of doing any end-to-end cryptographic operations.  A Legacy Crypto
      MUA is capable of doing cryptographic operations, but does not
      understand or generate messages with header protection.

   *  Wrapped Message: The header protection scheme that uses the
      mechanism described in [RFC8551], where the Cryptographic Payload
      is a message/rfc822 or message/global MIME object. (see
      Section 2.2).

   *  Injected Headers: The header protection scheme that uses the
      mechanism described in this document (see Section 2.1), where the
      protected header fields are inserted on the Cryptographic Payload
      directly.

   *  Header Confidentiality Policy: a functional specification of which
      header fields should be obscured when composing an encrypted
      message with header protection.  See Section 2.3.2.

1.9.  Document Scope

   This document describes sensible, simple behavior for a program that
   generates an e-mail message with standard end-to-end cryptographic
   protections, following the guidance in
   [I-D.ietf-lamps-e2e-mail-guidance].  An implementation conformant to
   this draft will produce messages that have cryptographic protection
   that covers the message's headers as well as its body.



Gillmor, et al.         Expires 8 September 2022               [Page 10]


Internet-Draft          Header Protection S/MIME              March 2022


   This document also describes sensible, simple behavior for a program
   that interprets such a message, in a way that can take advantage of
   these protections covering the header fields as well as the body.

   The message generation guidance aims to minimize negative
   interactions with any legacy receiving client while providing
   actionable cryptographic properties for modern receiving clients.

   In particular, this document focuses on two standard types of
   cryptographic protection that cover the entire message:

   *  A cleartext message with a single signature, and

   *  An encrypted message that contains a single cryptographic
      signature.

1.9.1.  Out of Scope

   While the generation guidance aims to provide minimal disruption for
   any legacy client, such a client by definition does not implement
   this document.

   Therefore, the document does not attempt to provide guidance for
   legacy clients.

   Furthermore, this document does not explicitly contemplate unusual
   (and tricky) variants of cryptographic message protections, including
   any of these:

   *  Encrypted-only message (without a cryptographic signature)

   *  Triple-wrapped message

   *  Signed message with multiple signatures

   *  Encrypted message with a cryptographic signature outside the
      encryption.

   All such messages are out of scope.

2.  Specification

   As mentioned in Section 1.1, this document describes two ways to
   provide end-to-end cryptographic protection for an e-mail message
   that includes all header fields known to the sender at message
   composition time.





Gillmor, et al.         Expires 8 September 2022               [Page 11]


Internet-Draft          Header Protection S/MIME              March 2022


   A receiving MUA MUST be able to handle both header protection
   schemes, as described in Section 2.5.

   A sending MUA MUST be able to generate the Injected Headers scheme
   (Section 2.3.3), and MAY generate the Wrapped Message scheme
   (Section 2.3.4).

2.1.  Injected Headers Scheme

   The Injected Headers scheme places all header fields to be protected
   directly into the header section of the Cryptographic Payload.

   For an encrypted message that has at least one user-visible header
   field omitted or obscured outside of the Cryptographic Payload, those
   header fields MAY also be duplicated into decorative copies in the
   Main Body MIME part of the Cryptograhic Payload itself.  These
   decorative copies within the message are known as "legacy display
   elements".

   Composing a message with the Injected Headers scheme is described in
   Section 2.3.3.  Rendering such a message is described in
   Section 2.5.3.

2.2.  Wrapped Message Scheme

   The Wrapped Message scheme creates a message/rfc822 (or message/
   global) MIME object containing the message and all header fields to
   be protected, and then uses that encapsulated MIME part as the
   Cryptographic Payload.

   Composing a message with the Wrapped Message scheme is described in
   Section 2.3.4.  Rendering such a message is described in
   Section 2.5.4.

2.3.  Sending Side

   This section describes the process an MUA should use to apply
   cryptographic protection to an e-mail message with header protection.
   We start by describing the legacy message composition process as a
   baseline.

2.3.1.  Composing a Cryptographically-Protected Message Without Header
        Protection

   [I-D.ietf-lamps-e2e-mail-guidance] describes the typical process for
   a legacy crypto MUA to apply cryptographic protections to an e-mail
   message.  That guidance and terminology is replicated here for
   reference:



Gillmor, et al.         Expires 8 September 2022               [Page 12]


Internet-Draft          Header Protection S/MIME              March 2022


   *  origbody: the traditional unprotected message body as a well-
      formed MIME tree (possibly just a single MIME leaf part).  As a
      well-formed MIME tree, origbody already has structural headers
      (Content-*) present.

   *  origheaders: the intended non-structural headers for the message,
      represented here as a list of (h,v) pairs, where h is a header
      field name and v is the associated value.  Note that these are
      header fields that the MUA intends to be visible to the recipient
      of the message.  In particular, if the MUA uses the Bcc header
      during composition, but plans to omit it from the message (see
      section 3.6.3 of [RFC5322]), it will not be in origheaders.

   *  crypto: The series of cryptographic protections to apply (for
      example, "sign with the secret key corresponding to X.509
      certificate X, then encrypt to X.509 certificates X and Y").  This
      is a routine that accepts a MIME tree as input (the Cryptographic
      Payload), wraps the input in the appropriate Cryptographic
      Envelope, and returns the resultant MIME tree as output.

   The algorithm returns a MIME object that is ready to be injected into
   the mail system:

   *  Apply crypto to origbody, yielding MIME tree output

   *  For each header name and value (h,v) in origheaders:

      -  Add header h of output with value v

   *  Return output

2.3.2.  Header Confidentiality Policy

   When composing an encrypted message with header protection, the
   composing MUA needs a Header Confidentiality Policy (HCP).  In this
   document, we represent that Header Confidentiality Policy as a
   function hcp:

   *  hcp(name, val_in) --> val_out: this function takes a header field
      name name and initial value val_in as arguments, and returns a
      replacement header value val_out.  If val_out is the special value
      null, it mean that the header field in question should be omitted
      from the set of header fields visible outside the Cryptographic
      Envelope.







Gillmor, et al.         Expires 8 September 2022               [Page 13]


Internet-Draft          Header Protection S/MIME              March 2022


   For example, an MUA that only obscures the Subject header field by
   replacing it with the literal string [...] and does not offer
   confidentiality to any other header fields would be represented as
   (in pseudocode):

   hcp(name, val_in) → val_out:
       if name is 'Subject':
           return '[...]'
       else:
           return val_in

   Note that such a policy is only needed when the end-to-end
   protections include encryption (confidentiality).  No comparable
   policy is needed for other end-to-end cryptographic protections
   (integrity and authenticity), as they are simply uniformly applied so
   that all header fields known by the sender have these protections.

   This asymmetry is an unfortunate consequence of complexities in
   message delivery systems, some of which may reject, drop, or delay
   messages where all header fields are removed from the top-level MIME
   object.

   This document does not mandate any particular Header Confidentiality
   Policy, though it offers guidance for MUA implementers in selecting
   one in Section 2.4.  Future documents may recommend or mandate such a
   policy for an MUA with specific needs.  Such a recommendation might
   be motivated by descriptions of metadata-derived attacks, or stem
   from research about message deliverability, or describe new
   signalling mechanisms, but these topics are out of scope for this
   document.

2.3.3.  Composing with "Injected Headers" Header Protection

   The "Injected Headers" header protection scheme places the header
   fields to be protected directly on the cryptographic payload.  Unlike
   in the "Wrapped Scheme" (see compose-wrapped-message), there is no
   wrapping of the message body in any additional message/* MIME part.
   This section describes how to generate such a message.

   To compose a message using "Injected Headers" header protection, the
   composing MUA needs one additional input in addition to the Header
   Confidentiality Policy hcp defined in Section 2.3.2.

   *  legacy: a boolean value, indicating whether any recipient of the
      message is believed to have a legacy client.  If all recipients
      are known to implement this draft, legacy should be set to false.
      (How a MUA determines the value of legacy is out of scope for this
      document; an initial implementation can simply set it to true)



Gillmor, et al.         Expires 8 September 2022               [Page 14]


Internet-Draft          Header Protection S/MIME              March 2022


   Enabling visibility of obscured header fields for decryption-capable
   legacy clients requires transforming a header list into a readable
   form and including it as a decorative "Legacy Display" element in
   specially-marked parts of the message.  This document recommends two
   different mechanisms for such a decorative adjustment: one for a
   text/html Main Body part of the e-mail message, and one for a text/
   plain Main Body part.  This document does not recommend adding a
   Legacy Display element to any other part.

   Please see [I-D.ietf-lamps-e2e-mail-guidance] for guidance on
   identifying the parts of a message that are a Main Body Part.

   The revised algorithm for applying cryptographic protection to a
   message is as follows:

   *  if crypto contains encryption, and legacy is true:

      -  Create ldlist, an empty list of (header, value) pairs

      -  For each header field name and value (h,v) in origheaders:

         o  If h is user-facing (see
            [I-D.ietf-lamps-e2e-mail-guidance]):

            +  If hcp(h,v) is not v:

               *  Append (h,v) to ldlist

      -  If ldlist is not empty:

         o  Identify each leaf MIME part of payload that represents the
            "main body" of the message.

         o  For each "Main Body Part" bodypart of type text/plain or
            text/html:

            +  Insert Legacy Display element header list ldlist into the
               content of bodypart (see Section 2.3.3.1 for text/plain
               and Section 2.3.3.2 for text/html)

            +  Add Content-Type parameter hp-legacy-display with value 1
               to bodypart

   *  For each header field name and value (h,v) in origheaders:

      -  Add header field h of MIME part payload with value v





Gillmor, et al.         Expires 8 September 2022               [Page 15]


Internet-Draft          Header Protection S/MIME              March 2022


   *  Set the protected-headers parameter on the Content-Type of payload
      to v1

   *  Apply crypto to payload, producing MIME tree output

   *  If crypto contains encryption:

      -  Create new empty list of header field names and values newh

      -  For header field name and value (h,v) in origheaders:

         o  Let newval be hcp(h,v)

         o  If newval is not null:

            +  Add newh[h] to newval

      -  Set origheaders to newh

   *  For each header field name and value (h,v) in origheaders:

      -  Add header field h of output with value v

   *  Return output

   Note that both new parameters (hcp and legacy) are effectively
   ignored if crypto does not contain encryption.  This is by design,
   because they are irrelevant for signed-only cryptographic
   protections.

2.3.3.1.  Adding a Legacy Display Element to a text/plain Part

   For a list of obscured header fields represented as (header, value)
   pairs, concatenate them as a set of lines, with one newline at the
   end of each pair.  Add an additional trailing newline after the
   resultant text, and prepend the entire list to the body of the text/
   plain part.

   For example, if the list of obscured header fields was [("Cc",
   "alice@example.net"), ("Subject", "Thursday's meeting")], then a
   text/plain part that originally contained:

   I think we should skip the meeting.

   Would become:






Gillmor, et al.         Expires 8 September 2022               [Page 16]


Internet-Draft          Header Protection S/MIME              March 2022


   Subject: Thursday's meeting
   Cc: alice@example.net

   I think we should skip the meeting.

2.3.3.2.  Adding a Legacy Display Element to a text/html Part

   Adding a Legacy Display Element to a text/html part is similar to how
   it is added to a text/plain part (see Section 2.3.3.1).  Instead of
   adding the obscured header fields to a block of text delimited by a
   blank line, the composing MUA injects them in an HTML <div> element
   annotated with a class attribute of header-protection-legacy-display.

   The content and formatting of this decorative <div> have no strict
   requirements, but they SHOULD represent all the obscured header
   fields in a readable fashion.  A simple approach is to assemble the
   text in the same way as Section 2.3.3.1, wrap it in a verbatim <pre>
   element, and put that element in the annotated <div>.

   The annotated <div> should be placed as close to the start of the
   <body> as possible, where it will be visible when viewed with a
   standard HTML renderer.

   For example, if the list of obscured header fields was [("Cc",
   "alice@example.net"), ("Subject", "Thursday's meeting")], then a
   text/html part that originally contained:

   <html><head><title></title></head><body>
   <p>I think we should skip the meeting.</p>
   </body></html>

   Would become:

   <html><head><title></title></head><body>
   <div class="header-protection-legacy-display">
   <pre>Subject: Thursday's meeting
   Cc: alice@example.net</pre></div>
   <p>I think we should skip the meeting.</p>
   </body></html>

2.3.3.3.  Only Add a Legacy Display Element to Main Body Parts

   Some messages may contain a text/plain or text/html subpart that is
   _not_ a main body part.  For example, an e-mail message might contain
   an attached text file or a downloaded webpage.  Attached documents
   need to be preserved as intended in the transmission, without
   modification.




Gillmor, et al.         Expires 8 September 2022               [Page 17]


Internet-Draft          Header Protection S/MIME              March 2022


   The composing MUA MUST NOT add a Legacy Display element to any part
   of the message that is not a main body part.  In particular, if a
   part is annotated with Content-Disposition: attachment, or if it does
   not descend via the first child of any of its multipart/mixed or
   multipart/related ancestors, it is not a main body part, and MUST NOT
   be modified.

   See [I-D.ietf-lamps-e2e-mail-guidance] for more guidance about common
   ways to distinguish main body parts from other MIME parts in a
   message.

2.3.3.4.  Do Not Add a Legacy Display Element to Other Content-Types

   The purpose of injecting a Legacy Display element into each Main Body
   MIME part is to enable rendering of otherwise obscured header fields
   in legacy clients that are capable of message decryption, but don't
   know how to follow the rest of the guidance in this document.

   The authors are unaware of any legacy client that would render any
   MIME part type other than text/plain and text/html as the Main Body.
   A generating MUA SHOULD NOT add a Legacy Display element to any MIME
   part with any other Content-Type.

2.3.4.  Composing with "Wrapped Message" Header Protection

   The Wrapped Message header protection scheme is briefly documented in
   Section 3.1 [RFC8551].  This section provides a more detailed
   explanation of how to build such a message, and augments it with the
   forwarded parameter as described in
   [I-D.melnikov-iana-reg-forwarded].

   To compose a message using "Wrapped Message" header protection, we
   use those inputs described in Section 2.3.1 plus the Header
   Confidentiality Policy hcp defined in Section 2.3.2.  The new
   algorithm is:

   *  For header field name and value (h,v) in origheaders:

      -  Add header field h of origbody with value v

   *  If any of the header fields in origbody, including header fields
      in the nested internal MIME structure, contain any 8-bit UTF-8
      characters (see section section 3.7 of [RFC6532]):

      -  Let payload be a new MIME part with one header field: Content-
         Type: message/global; forwarded=no, and whose body is origbody.

   *  Else:



Gillmor, et al.         Expires 8 September 2022               [Page 18]


Internet-Draft          Header Protection S/MIME              March 2022


      -  Let payload be a new MIME part with one header field: Content-
         Type: message/rfc822; forwarded=no, and whose body is origbody.

   *  Apply crypto to payload, yielding MIME tree output

   *  If crypto contains encryption:

      -  Create new empty list of header field names and values newh

      -  For header field name and value (h,v) in origheaders:

         o  Let newval be hcp(h,v)

         o  If newval is not null:

            +  Append (h,newval) to newh

      -  Set origheaders to newh

   *  For header field name and value (h,v) in origheaders:

      -  Add header field h of output with value v

   *  Return output

   Note that the Header Confidentiality Policy hcp is ignored if crypto
   does not contain encryption.  This is by design.

2.3.5.  Choosing Between Wrapped Message and Injected Headers

   When composing a message with end-to-end cryptographic protections,
   an MUA SHOULD protect the header fields of that message as well as
   the body, using one of the formats described here.

   A compatible MUA MUST be capable of generating a message with header
   protection using the Injected Headers Section 2.3.3 format.

2.4.  Default Header Confidentiality Policy

   An MUA SHOULD have a sensible default Header Confidentiality Policy,
   and SHOULD NOT require the user to select one.

   The default Header Confidentiality Policy SHOULD provide
   confidentiality for the Subject header field by replacing it with the
   literal string [...].  Most users treat the Subject of a message the
   same way that they treat the body, and they are surprised to find
   that the Subject of an encrypted message is visible.




Gillmor, et al.         Expires 8 September 2022               [Page 19]


Internet-Draft          Header Protection S/MIME              March 2022


   [[ TODO: select one of the two policies below the recommended default
   ]]

2.4.1.  Minimalist Header Confidentiality Policy

   Accordingly, the most conservative recommended Header Confidentiality
   Policy only protects the Subject:

   hcp_minimal(name, val_in) → val_out:
       if name is 'Subject':
           return '[...]'
       else:
           return val_in

2.4.2.  Strong Header Confidentiality Policy

   Alternately, a more aggressive (and therefore more privacy-
   preserving) Header Confidentiality Policy only leaks a handful of
   fields whose absence is known to increase rates of delivery failure,
   and simultaneously obscures the Message-ID behind a random new one:

   hcp_strong(name, val_in) → val_out:
       if name in ['From', 'To', 'Cc', 'Date']:
           return val_in
       else if name is 'Subject':
           return '[...]'
       else if name is 'Message-ID':
           return generate_new_message_id()
       else:
           return null

   The function generate_new_message_id() represents whatever process
   the MUA typically uses to generate a Message-ID for a new outbound
   message.

2.4.3.  Offering Stronger Header Confidentiality

   A MUA MAY offer even stronger confidentiality for header fields of an
   encrypted message than described in Section 2.4.2.  For example, it
   might implement an HCP that obfuscates the From field, or omits the
   Cc field, or ensures Date is represented in UTC (obscuring the local
   timezone).

   The authors of this document hope that implementers with deployment
   experience will document their chosen Header Confidentiality Policy
   and the rationale behind their choice.





Gillmor, et al.         Expires 8 September 2022               [Page 20]


Internet-Draft          Header Protection S/MIME              March 2022


2.5.  Receiving Side

   An MUA that receives a cryptographically-protected e-mail will render
   it for the user.

   The receiving MUA will render the message body, a selected subset of
   header fields, and (as described in
   [I-D.ietf-lamps-e2e-mail-guidance]) provide a summary of the
   cryptographic properties of the message.

   Most MUAs only render a subset of header fields by default.  For
   example, few MUAs typically render Message-Id or Received header
   fields for the user, but most do render From, To, Cc, Date, and
   Subject.

   A MUA that knows how to handle a message with header protection makes
   the following two changes to its behavior when rendering a message:

   *  If it detects that an incoming message had protected header
      fields, it renders header fields for the message from the
      protected header fields, ignoring the external (unprotected)
      header fields.

   *  It includes information in the message's cryptographic summary to
      indicate the types of protection that applied to each rendered
      header field (if any).

   A MUA that handles a message with header protection does _not_ need
   to render any new header fields that it did not render before.

2.5.1.  Identifying that a Message has Header Protection

   An incoming message can be identified as having header protection
   based on one of two signals:

   *  The Cryptographic Payload has Content-Type: message/rfc822 or
      Content-Type: message/global and the parameter forwarded has a
      value of no.  See Section 2.5.4 for rendering guidance.

   *  The Cryptographic Payload has some other Content-Type and it has
      parameter protected-headers set to v1.  See Section 2.5.3 for
      rendering guidance.

   Messages of both types exist in the wild, and a compliant MUA MUST be
   able to handle them both.  They provide the same semantics and the
   same meaning.





Gillmor, et al.         Expires 8 September 2022               [Page 21]


Internet-Draft          Header Protection S/MIME              March 2022


2.5.2.  Updating the Cryptographic Summary

   Regardless of whether a cryptographically-protected message has
   protected header fields, the cryptographic summary of the message
   should be modified to indicate what protections the header fields
   have.

   Each header field individually has exactly one the following
   protections:

   *  unprotected (this is the case for all header fields in messages
      that have no header protection)

   *  signed-only (bound into the same validated signature as the
      enclosing message, but also visible in transit)

   *  encrypted-only (only appears within the cryptographic payload; the
      corresponding external header field was either omitted or
      obfuscated)

   *  signed-and-encrypted (same as encrypted-only, but additionally is
      under a validated signature)

   Note that while the message itself may be signed-and-encrypted, some
   header fields may be replicated on the outside of the message (e.g.
   Date).  Those header fields would be signed-only, despite the message
   itself being signed-and-encrypted.

   Rendering this information is likely to be complex and messy ---
   users may not understand it.  It is beyond the scope of this document
   to suggest any specific graphical affordances or user experience.
   Future work should include examples of successful rendering of this
   information.

2.5.3.  Rendering a Message with Injected Headers

   When the Cryptographic Payload does not have a Content-Type of
   message/rfc822 or message/global, and the parameter protected-headers
   is set to v1, the values of the protected header fields are drawn
   from the header fields of the Cryptographic Payload, and the body
   that is rendered is the Cryptographic Payload itself.

2.5.3.1.  Example Signed-only Message with Injected Headers








Gillmor, et al.         Expires 8 September 2022               [Page 22]


Internet-Draft          Header Protection S/MIME              March 2022


   A └─╴application/pkcs7-mime; smime-type="signed-data"
      ⇩ (unwraps to)
   B  └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
   C   ├─╴text/plain
   D   └─╴text/html

   The message body should be rendered the same way as this message:

   B └┬╴multipart/alternative
   C  ├─╴text/plain
   D  └─╴text/html

   It should render header fields taken from part B.

   Its cryptographic summary should indicate that the message was signed
   and all rendered header fields were included in the signature.

   The MUA SHOULD ignore header fields from part A for the purposes of
   rendering.

2.5.3.2.  Example Signed-and-Encrypted Message with Injected Headers

   Consider a message with this structure, where the MUA is able to
   validate the cryptographic signature:

   E └─╴application/pkcs7-mime; smime-type="enveloped-data"
      ↧ (decrypts to)
   F  └─╴application/pkcs7-mime; smime-type="signed-data"
       ⇩ (unwraps to)
   G   └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
   H    ├─╴text/plain
   I    └─╴text/html

   The message body should be rendered the same way as this message:

   G └┬╴multipart/alternative
   H  ├─╴text/plain
   I  └─╴text/html

   It should render header fields taken from part G.











Gillmor, et al.         Expires 8 September 2022               [Page 23]


Internet-Draft          Header Protection S/MIME              March 2022


   Its cryptographic summary should indicate that the message was signed
   and encrypted.  As in Section 2.5.4.2, each rendered header field
   found in G should be compared against the header field of the same
   name from E.  If the value found in E matches the value found in G,
   the header field should be marked as signed-only.  If no matching
   header field was found in E, or the value found did not match the
   value from G, the header field should be marked as signed-and-
   encrypted.

2.5.3.3.  Do Not Render Legacy Display Elements

   As described in Section 2.1, a message with cryptographic
   confidentiality protection MAY include "Legacy Display" elements for
   backward-compatibility with legacy MUAs.  These Legacy Display
   elements are strictly decorative, unambiguously identifiable, and
   will be discarded by compliant implementations.

   The receiving MUA SHOULD avoid rendering the identified Legacy
   Display elements to the user at all, since it is aware of header
   protection and can render the actual protected header fields.

   If a text/html or text/plain part within the cryptographic envelope
   is identified as containing Legacy Display elements, those elements
   should be hidden when rendering or generating a draft reply.

2.5.3.3.1.  Identifying a Part with Legacy Display Elements

   A receiving MUA acting on a message that contains an encrypting
   Cryptographic Layer identifies a MIME subpart with within the
   Cryptographic Payload as containing Legacy Display elements based on
   the Content-Type of the subpart.

   *  The subpart's Content-Type contains a parameter hp-legacy-display
      with value set to 1

   *  The subpart's Content-Type is either text/html (see
      Section 2.5.3.3.3) or text/plain (see Section 2.5.3.3.2)

   Note that the term "subpart" above is used in the general sense: if
   the Cryptographic Payload is a single part, that part itself may
   contain a Legacy Display element if it is marked with the hp-legacy-
   display=1 parameter.

2.5.3.3.2.  Omitting Legacy Display Elements from text/plain

   If a text/plain part within the Cryptographic Payload has the
   Content-Type parameter hp-legacy-display="1", it should be processed
   before rendering in the following fashion:



Gillmor, et al.         Expires 8 September 2022               [Page 24]


Internet-Draft          Header Protection S/MIME              March 2022


   *  Discard the leading lines of the body of the part up to and
      including the first entirely blank line.

   Note that implementing this strategy is dependent on the charset used
   by the MIME part.

   See Appendix D.1 for an example.

2.5.3.3.3.  Omitting Legacy Display Elements from text/html

   If a text/html part within the Cryptographic Payload has the Content-
   Type parameter hp-legacy-display="1", it should be processed before
   rendering in the following fashion:

   *  If any element of the HTML <body> is a <div> with class attribute
      header-protection-legacy-display, that entire element should be
      omitted.

   A straightforward way for an HTML-capable MUA to do this is to add an
   entry to the [CSS] stylesheet for such a part:

   body div.header-protection-legacy-display { display: none; }

2.5.4.  Rendering a Wrapped Message

   Some MUAs may compose and send a message with end-to-end
   cryptographic protections that offer header protection using the
   Wrapped Message scheme described in Section 3.1 of [RFC8551].  This
   section describes how a receiving MUA should identify and render such
   a message.

   When the Cryptographic Payload has Content-Type of message/rfc822 or
   message/global, and the parameter forwarded is set to no, the values
   of the protected header fields are drawn from the header fields of
   the Cryptographic Payload, and the body that is rendered is the body
   of the Cryptographic Payload.

2.5.4.1.  Example Signed-Only Wrapped Message

   Consider a message with this structure, where the MUA is able to
   validate the cryptographic signature:

   J └─╴application/pkcs7-mime; smime-type="signed-data"
      ⇩ (unwraps to)
   K  └┬╴message/rfc822 [Cryptographic Payload]
   L   └┬╴multipart/alternative [Rendered Body]
   M    ├─╴text/plain
   N    └─╴text/html



Gillmor, et al.         Expires 8 September 2022               [Page 25]


Internet-Draft          Header Protection S/MIME              March 2022


   The message body should be rendered the same way as this message:

   L └┬╴multipart/alternative
   M  ├─╴text/plain
   N  └─╴text/html

   It should render header fields taken from part K.

   Its cryptographic summary should indicate that the message was signed
   and all rendered header fields were included in the signature.

   The MUA SHOULD ignore header fields from part J for the purposes of
   rendering.

2.5.4.2.  Example Signed-and-Encrypted Wrapped Message

   Consider a message with this structure, where the MUA is able to
   validate the cryptographic signature:

   O └─╴application/pkcs7-mime; smime-type="enveloped-data"
      ↧ (decrypts to)
   P  └─╴application/pkcs7-mime; smime-type="signed-data"
       ⇩ (unwraps to)
   Q   └┬╴message/rfc822 [Cryptographic Payload]
   R    └┬╴multipart/alternative [Rendered Body]
   S     ├─╴text/plain
   T     └─╴text/html

   The message body should be rendered the same way as this message:

   R └┬╴multipart/alternative
   S  ├─╴text/plain
   T  └─╴text/html

   It should render header fields taken from part Q.

   Its cryptographic summary should indicate that the message was signed
   and encrypted.  Each rendered header field found in Q should be
   compared against the header field of the same name from O.  If the
   value found in O matches the value found in Q, the header field
   should be marked as signed-only.  If no matching header field was
   found in O, or the value found did not match the value from Q, the
   header field should be marked as signed-and-encrypted.








Gillmor, et al.         Expires 8 September 2022               [Page 26]


Internet-Draft          Header Protection S/MIME              March 2022


2.5.5.  Guidance for Automated Message Handling

   Some automated systems have a control channel that is operated by
   e-mail.  For example, an incoming e-mail message could subscribe
   someone to a mailing list, initiate the purchase of a specific
   product, approve another message for redistribution, or adjust the
   state of some shared object.

   To the extent that such a system depends on end-to-end cryptographic
   guarantees about the e-mail control message, header protection as
   described in this document should improve the system's security.
   This section provides some specific guidance for systems that use
   e-mail messages as a control channel that want to benefit from these
   security improvements.

2.5.5.1.  Interpret Only Protected Header Fields

   Consider the situation where an e-mail-based control channel depends
   on the message's cryptographic signature and the action taken depends
   on some header field of the message.

   In this case, the automated system MUST rely on information from the
   header field that is protected by the mechanism described in this
   document.  It MUST NOT rely on any header field found outside the
   cryptographic payload.

   For example, consider an administrative interface for a mailing list
   manager that only accepts control messages that are signed by one of
   its administrators.  When an inbound message for the list arrives, it
   is queued (waiting for administrative approval) and the system
   generates and listens for two distinct e-mail addresses related to
   the queued message -- one that approves the message, and one that
   rejects it.  If an administrator sends a signed control message to
   the approval address, the mailing list verifies that the protected
   To: header field of the signed control message contains the approval
   address before approving the queued message for redistribution.  If
   the protected To: header field does not contain that address, or
   there is no protected To: header field, then the mailing list logs or
   reports the error, and does not act on that control message.

2.5.5.2.  Ignore Legacy Display Elements

   Consider the situation where an e-mail based control channel expects
   to receive an end-to-end encrypted message -- for example, where the
   control messages need confidentiality guarantees -- and where the
   action taken depends on the contents of some MIME part within message
   body.




Gillmor, et al.         Expires 8 September 2022               [Page 27]


Internet-Draft          Header Protection S/MIME              March 2022


   In this case, the automated system that decrypts the incoming mssages
   and scans the relevant MIME part SHOULD identify when the MIME part
   contains a legacy display element (see Section 2.5.3.3.1), and it
   SHOULD parse the relevant MIME part with the legacy display element
   removed.

   For example, consider an administrative interface of a confidential
   issue tracking software.  An authorized user can confidentially
   adjust the status of a tracked issue by a specially-formatted first
   line of the message body (for example, severity #183 serious).  When
   the user's MUA encrypts a plain text control message to this issue
   tracker, depending on the MUA's HCP and its choice of legacy value,
   it may add a legacy display element.  If it does so, then the first
   line of the message body will contain a decorative copy of the
   confidential Subject: header field.  The issue tracking software
   decrypts the incoming control message, identifies that there is a
   legacy display element in the part (see Section 2.5.3.3.1), strips
   the legacy display lines (including the first blank line), and only
   then parses the remaining top line to look for the expected special
   formatting.

2.5.6.  Affordances for Debugging and Troubleshooting

   Note that advanced users of an MUA may need access to the original
   message, for example to troubleshoot problems with the MUA itself, or
   problems with the SMTP transport path taken by the message.

   A MUA that applies these rendering guidelines SHOULD ensure that the
   full original source of the message as it was received remains
   available to such a user for debugging and troubleshooting.

2.5.7.  Rendering Other Schemes

   Other MUAs may have generated different structures of messages that
   aim to offer end-to-end cryptographic protections that include header
   protection.

   While this document is not normative for those schemes, it offers
   guidance for how to identify and handle these other formats.  In the
   following a list of systems that are known to generate email messages
   with end-to-end cryptographic protections that include header
   protection using a different MIME scheme.









Gillmor, et al.         Expires 8 September 2022               [Page 28]


Internet-Draft          Header Protection S/MIME              March 2022


2.5.7.1.  Pretty Easy Privacy (pEp)

   The pEp (pretty Easy privacy) [I-D.pep-general] project specifies
   MIME schemes for Signed-and-Encrypted email messages that also
   provide header protection [I-D.pep-email].  Similar to the "Wrapped
   Messages" scheme described in Section 2.3.4 and Section 2.5.4, pEp
   email messages are fully encapsulated in the Cryptographic Payload.

   More information can be found in [I-D.pep-email].

2.5.8.  Composing a Reply to an Encrypted Message with Header Protection

   When composing a reply to an encrypted message with header
   protection, the MUA is acting both as a receiving MUA and as a
   sending MUA.  Special guidance applies here, as things can go wrong
   in at least two ways: leaking previously-confidential information,
   and replying to the wrong party.

2.5.8.1.  Avoid Leaking Encrypted Headers in Reply

   As noted in [I-D.ietf-lamps-e2e-mail-guidance], an MUA in this
   position MUST NOT leak previously-encrypted content in the clear in a
   followup message.  The same is true for protected header fields.

   Values from any header field that was identified as either encrypted
   or signed-and-encrypted based on the steps outlined above MUST NOT be
   placed in cleartext output when generating a message.

   In particular, if Subject was encrypted, and it is copied into the
   draft encrypted reply, the replying MUA MUST obfuscate the
   unprotected (cleartext) Subject header field as described above.

   [[ TODO: formally describe how a replying MUA should generate a
   message-specific Header Protection policy based on the cryptographic
   status of the headers of the incoming message ]]

2.5.8.2.  Avoid Misdirected Replies to Encrypted Messages with Header
          Protection

   When replying to a message, the Composing MUA typically decides who
   to send the reply to based on:

   *  the Reply-To, Mail-Followup-To, or From header fields

   *  optionally, the other To or Cc header fields (if the user chose to
      "reply all")





Gillmor, et al.         Expires 8 September 2022               [Page 29]


Internet-Draft          Header Protection S/MIME              March 2022


   When a message has header protection, the replying MUA MUST populate
   the destination fields of the draft message using the protected
   header fields, and ignore any unprotected header fields.

   This mitigates against an attack where Mallory gets a copy of an
   encrypted message from Alice to Bob, and then replays the message to
   Bob with an additional Cc to Mallory's own e-mail address in the
   message's outer (unprotected) header section.

   If Bob knows Mallory's certificate already, and he replies to such a
   message without following the guidance in this section, it's likely
   that his MUA will encrypt the cleartext of the message directly to
   Mallory.

2.5.9.  Implicitly-rendered Header Fields

   While From and To and Cc and Subject and Date are often explicitly
   rendered to the user, some header fields do affect message display,
   without being explicitly rendered.

   For example, Message-Id, References, and In-Reply-To header fields
   may collectively be used to place a message in a "thread" or series
   of messages.

   In another example, Section 2.5.8.2 observes that the value of the
   Reply-To field can influence the draft reply message.  So while the
   user may never see the Reply-To header field directly, it is
   implicitly "rendered" when the user interacts with the message by
   replying to it.

   An MUA that depends on any implicitly-rendered header field in a
   message with header protection SHOULD use the value from the
   protected header field, and SHOULD NOT use any value found outside
   the cryptographic protection.

2.5.10.  Unprotected Header Fields Added in Transit

   Some header fields are legitimately added in transit, and could not
   have been known to the sender at message composition time.

   The most common of these header fields are Received and DKIM-
   Signature, neither of which are typically rendered, either explicitly
   or implicitly.

   If a receiving MUA has specific knowledge about a given header field,
   including that:





Gillmor, et al.         Expires 8 September 2022               [Page 30]


Internet-Draft          Header Protection S/MIME              March 2022


   *  the header field would not have been known to the original sender,
      and

   *  the header field might be rendered explicitly or implicitly,

   then the MUA MAY decide to operate on the value of that header field
   from the unprotected header section, even though the message has
   header protection.

   The MUA MAY prefer to verify that the header fields in question have
   additional transit-derived cryptographic protections (e.g., to test
   whether they are covered by a valid DKIM-Signature, see [RFC6376])
   before rendering or acting on them.

   Specific examples appear below.

2.5.10.1.  Mailing list header fields: List-* and Archived-At

   If the message arrives through a mailing list, the list manager
   itself may inject header fields (most of which start with List-) in
   the message:

   *  List-Archive

   *  List-Subscribe

   *  List-Unsubscribe

   *  List-Id

   *  List-Help

   *  List-Post

   *  Archived-At

   For some MUAs, these header fields are implicitly rendered, by
   providing buttons for actions like "Subscribe", "View Archived
   Version", "Reply List", "List Info", etc.

   An MUA that receives a message with header protection that contains
   these header fields in the unprotected section, and that has reason
   to believe the message is coming through a mailing list MAY decide to
   render them to the user (explicitly or implicitly) even though they
   are not protected.

   FIXME: other examples of unprotected transit header fields?




Gillmor, et al.         Expires 8 September 2022               [Page 31]


Internet-Draft          Header Protection S/MIME              March 2022


3.  E-mail Ecosystem Evolution

   This document is intended to offer tooling needed to improve the
   state of the e-mail ecosystem in a way that can be deployed without
   significant disruption.  Some elements of this specification are
   present for transitional purposes, but would not exist if the system
   were designed from scratch.

   This section describes these transitional mechanisms, as well as some
   suggestions for how they might eventually be phased out.

3.1.  Dropping Legacy Display Elements

   Any decorative Legacy Display element added to an encrypted message
   that uses the Injected Header scheme is present strictly for enabling
   header field visibility (most importantly, the Subject header field)
   when the message is viewed with a decryption-capable legacy client.

   Eventually, the hope is that most decryption-capable MUAs will
   conform to this specification, and there will be no need for
   injection of Legacy Display elements in the message body.  A survey
   of widely-used decryption-capable MUAs might be able to establish
   when most of them do support this specification.

   At that point, a composing MUA could make the legacy parameter
   described in {#compose-injected-headers} to false by default, or
   could even hard-code it to false, yielding a much simpler message
   construction set.

   Until that point, an end user might want to signal that their
   receiving MUAs are conformant to this draft so that a peer composing
   a message to them can set legacy to false.  A signal indicating
   capability of handling messages with header protection might be
   placed in the user's cryptographic certificate, or in outbound
   messages.

   This draft doesn't attempt to define the syntax or semantics of such
   a signal.

4.  Usability Considerations

   This section describes concerns for MUAs that are interested in easy
   adoption of header protection by normal users.

   While they are not protocol-level artifacts, these concerns motivate
   the protocol features described in this document.

   See also the Usability section in [I-D.ietf-lamps-e2e-mail-guidance].



Gillmor, et al.         Expires 8 September 2022               [Page 32]


Internet-Draft          Header Protection S/MIME              March 2022


4.1.  Mixed Protections Within a Message Are Hard To Understand

   [[ TODO ]]

4.2.  Users Should Not Have To Choose a Header Confidentiality Policy

   [[ TODO ]]

4.3.  Users Should Not Have To Choose a Header Protection Scheme

   [[ TODO ]]

5.  Security Considerations

   [[ TODO ]]

6.  Privacy Considerations

   [[ TODO ]]

7.  IANA Considerations

   This document requests no action from IANA.

   [[ RFC Editor: This section may be removed before publication. ]]

8.  Acknowledgments

   The authors would like to thank the following people who have
   provided helpful comments and suggestions for this document: Berna
   Alp, Bernhard E.  Reiter, Claudio Luck, David Wilson, Hernani
   Marques, juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Robert
   Williams, Russ Housley, Sofia Balicka, Steve Kille, Volker Birk, and
   Wei Chuang.

9.  References

9.1.  Normative References

   [I-D.ietf-lamps-e2e-mail-guidance]
              Gillmor, D. K., "Guidance on End-to-End E-mail Security",
              Work in Progress, Internet-Draft, draft-ietf-lamps-e2e-
              mail-guidance-02, 25 January 2022,
              <https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-
              mail-guidance-02.txt>.






Gillmor, et al.         Expires 8 September 2022               [Page 33]


Internet-Draft          Header Protection S/MIME              March 2022


   [I-D.ietf-lamps-header-protection-requirements]
              Melnikov, A. and B. Hoeneisen, "Problem Statement and
              Requirements for Header Protection", Work in Progress,
              Internet-Draft, draft-ietf-lamps-header-protection-
              requirements-01, 29 October 2019,
              <https://www.ietf.org/archive/id/draft-ietf-lamps-header-
              protection-requirements-01.txt>.

   [RFC2045]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
              Extensions (MIME) Part One: Format of Internet Message
              Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996,
              <https://www.rfc-editor.org/info/rfc2045>.

   [RFC2046]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
              Extensions (MIME) Part Two: Media Types", RFC 2046,
              DOI 10.17487/RFC2046, November 1996,
              <https://www.rfc-editor.org/info/rfc2046>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC5322]  Resnick, P., Ed., "Internet Message Format", RFC 5322,
              DOI 10.17487/RFC5322, October 2008,
              <https://www.rfc-editor.org/info/rfc5322>.

   [RFC8551]  Schaad, J., Ramsdell, B., and S. Turner, "Secure/
              Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
              Message Specification", RFC 8551, DOI 10.17487/RFC8551,
              April 2019, <https://www.rfc-editor.org/info/rfc8551>.

9.2.  Informative References

   [CSS]      World Wide Web Consortium, "Cascading Style Sheets Level 2
              Revision 2 (CSS 2.2) Specification", 12 April 2016,
              <https://www.w3.org/TR/2016/WD-CSS22-20160412/>.

   [I-D.ietf-lamps-samples]
              Gillmor, D. K., "S/MIME Example Keys and Certificates",
              Work in Progress, Internet-Draft, draft-ietf-lamps-
              samples-08, 2 February 2022,
              <https://www.ietf.org/archive/id/draft-ietf-lamps-samples-
              08.txt>.

   [I-D.melnikov-iana-reg-forwarded]
              Melnikov, A. and B. Hoeneisen, "IANA Registration of
              Content-Type Header Field Parameter 'forwarded'", Work in



Gillmor, et al.         Expires 8 September 2022               [Page 34]


Internet-Draft          Header Protection S/MIME              March 2022


              Progress, Internet-Draft, draft-melnikov-iana-reg-
              forwarded-00, 4 November 2019,
              <https://www.ietf.org/archive/id/draft-melnikov-iana-reg-
              forwarded-00.txt>.

   [I-D.pep-email]
              Marques, H., "pretty Easy privacy (pEp): Email Formats and
              Protocols", Work in Progress, Internet-Draft, draft-pep-
              email-01, 2 November 2020,
              <https://www.ietf.org/archive/id/draft-pep-email-01.txt>.

   [I-D.pep-general]
              Birk, V., Marques, H., and B. Hoeneisen, "pretty Easy
              privacy (pEp): Privacy by Default", Work in Progress,
              Internet-Draft, draft-pep-general-00, 3 March 2022,
              <https://www.ietf.org/archive/id/draft-pep-general-
              00.txt>.

   [RFC2049]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
              Extensions (MIME) Part Five: Conformance Criteria and
              Examples", RFC 2049, DOI 10.17487/RFC2049, November 1996,
              <https://www.rfc-editor.org/info/rfc2049>.

   [RFC3156]  Elkins, M., Del Torto, D., Levien, R., and T. Roessler,
              "MIME Security with OpenPGP", RFC 3156,
              DOI 10.17487/RFC3156, August 2001,
              <https://www.rfc-editor.org/info/rfc3156>.

   [RFC6376]  Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed.,
              "DomainKeys Identified Mail (DKIM) Signatures", STD 76,
              RFC 6376, DOI 10.17487/RFC6376, September 2011,
              <https://www.rfc-editor.org/info/rfc6376>.

   [RFC6532]  Yang, A., Steele, S., and N. Freed, "Internationalized
              Email Headers", RFC 6532, DOI 10.17487/RFC6532, February
              2012, <https://www.rfc-editor.org/info/rfc6532>.

   [RFC7489]  Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based
              Message Authentication, Reporting, and Conformance
              (DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015,
              <https://www.rfc-editor.org/info/rfc7489>.

Appendix A.  Possible Problems with some Legacy Clients

   When an e-mail message with end-to-end cryptographic protection is
   received by a mail user agent, the user might experience many
   different possible problematic interactions.  A message with header
   protection may introduce new forms of user experience failure.



Gillmor, et al.         Expires 8 September 2022               [Page 35]


Internet-Draft          Header Protection S/MIME              March 2022


   In this section, the authors enumerate different kinds of failures we
   have observed when reviewing, rendering, and replying to messages
   with different forms of header protection in different legacy MUAs.
   Different legacy MUAs demonstrate different subsets of these
   problems.

   Hopefully, a non-legacy MUA would not exhibit any of these problems.
   An implementer updating their legacy MUA to be compliant with this
   specification should consider these concerns and try to avoid them.

A.1.  Problems Reviewing signed+encrypted Messages in List View

   *  Unprotected Subject, Date, From, To are visible

   *  Threading is not visible

A.2.  Problems when Rendering a signed+encrypted Message

   *  Unprotected Subject is visible

   *  Protected subject (on its own) is visible in the body

   *  Protected subject, date, from, to visible in the body

   *  User interaction needed to view whole message

   *  User interaction needed to view message body

   *  User interaction needed to view protected subject

   *  Impossible to view protected subject

   *  Nuisance alarms during user interaction

   *  Impossible to view message body

   *  Appears as a forwarded message

   *  Appears as an attachment

   *  Security indicators not visible

   *  User has multiple different methods to Reply: (e.g. reply to
      outer, reply to inner)

   *  User sees English "Subject:" in body despite message itself being
      in non-English




Gillmor, et al.         Expires 8 September 2022               [Page 36]


Internet-Draft          Header Protection S/MIME              March 2022


   *  Security indicators do not identify protection status of header
      fields

   *  Header fields in body render with local header field names (e.g.
      showing "Betreff" instead of "Subject") and dates (TZ, locale)

A.3.  Problems when Replying to a signed+encrypted Message

   Note that the use case here is:

   *  User views message, to the point where they can read it.

   *  User then replies to message, and they are shown a message
      composition window, which has some UI elements

   *  If the MUA has multiple different methods to Reply: to a message,
      each way may need to be evaluated separately

   This section also uses the shorthand UI:x to mean "the UI element
   that the user can edit that they think of as x."

   *  protected subject is in UI:subject (and will leak)

   *  protected subject is quoted in UI:body

   *  protected subject is not anywhere in UI

   *  message body is _not_ visible/quoted in UI:body

   *  user cannot reply while viewing protected message

   *  reply is not encrypted by default (but is for normal S/MIME
      sign+enc messages)

   *  unprotected From: is in UI:To

   *  User's locale (lang, TZ) leaks in quoted body

   *  Header fields not protected (and in particular, Subject is not
      obscured) by default

A.4.  Problems Reviewing signed-only Messages in List View

   *  Unprotected Subject, Date, From, To are visible

   *  Threading is not visible





Gillmor, et al.         Expires 8 September 2022               [Page 37]


Internet-Draft          Header Protection S/MIME              March 2022


A.5.  Problems when Rendering a signed-only Message

   *  Unprotected Subject is visible

   *  Protected subject (on its own) is visible in the body

   *  Protected subject, date, from, to visible in the body

   *  User interaction needed to view whole message

   *  User interaction needed to view message body

   *  User interaction needed to view protected subject

   *  Impossible to view protected subject

   *  Nuisance alarms during user interaction

   *  Impossible to view message body

   *  Appears as a forwarded message

   *  Appears as an attachment

   *  Security indicators not visible

   *  Security indicators do not identify protection status of header
      fields

   *  User has multiple different methods to Reply: (e.g. reply to
      outer, reply to inner)

   *  Header fields in body render with local header fields (e.g.
      showing "Betreff" instead of "Subject") and dates (TZ, locale)

A.6.  Problems when Replying to a signed-only Message

   This uses the same use case(s) and shorthand as Appendix A.3.

   *  Unprotected Subject: is in UI:subject

   *  Protected Subject: is quoted in UI:body

   *  Protected Subject: is not anywhere in UI

   *  Message body is not visible/quoted in UI:body

   *  User cannot reply while viewing protected message



Gillmor, et al.         Expires 8 September 2022               [Page 38]


Internet-Draft          Header Protection S/MIME              March 2022


   *  Unprotected From: is in UI:To

   *  User's locale (lang, TZ) leaks in quoted body

Appendix B.  Test Vectors

   This section contains sample messages using the different schemes
   described in this document.  Each sample contains a MIME object, a
   textual and diagrammatic view of its structure, and examples of how
   an MUA might render it.

   The cryptographic protections used in this document use the S/MIME
   standard, and keying material and certificates come from
   [I-D.ietf-lamps-samples].

   These messages should be accessible to any IMAP client at
   imap://bob@header-protection.cmrg.net/ (any password should
   authenticate to this read-only IMAP mailbox).

   You can also download copies of these test vectors separately at
   https://header-protection.cmrg.net.

   If any of the messages downloaded differ from those offered here,
   this document is the canonical source.

B.1.  Baseline Messages

   These messages offer no header protection at all, and can be used as
   a baseline.  They are provided in this document as a counterexample.
   An MUA implementer can use these messages to verify that the reported
   cryptographic summary of the message indicates no header protection.

B.1.1.  No cryptographic protections over a simple message

   This message uses no cryptographic protection at all.  Its body is a
   text/plain message.

   It has the following structure:

   └─╴text/plain 152 bytes

   Its contents are:









Gillmor, et al.         Expires 8 September 2022               [Page 39]


Internet-Draft          Header Protection S/MIME              March 2022


   MIME-Version: 1.0
   Content-Type: text/plain; charset="utf-8"
   Content-Transfer-Encoding: 7bit
   Subject: no-crypto
   Message-ID: <no-crypto@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:00:02 -0500

   This is the no-crypto message.

   This message uses no cryptographic protection at all.  Its body is a
   text/plain message.

   --
   Alice
   alice@smime.example

B.1.2.  S/MIME signed-only signedData over a simple message, No Header
        Protection

   This is a signed-only S/MIME message via PKCS#7 signedData.  The
   payload is a text/plain message.  It uses no header protection.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 3852 bytes
    ⇩ (unwraps to)
    └─╴text/plain 204 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="signed-data"
   Subject: smime-one-part
   Message-ID: <smime-one-part@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:01:02 -0500

   MIILFwYJKoZIhvcNAQcCoIILCDCCCwQCAQExDTALBglghkgBZQMEAgEwggFABgkq
   hkiG9w0BBwGgggExBIIBLU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
   IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
   bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydCBtZXNz
   YWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2Ugdmlh
   IFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFp
   biBtZXNzYWdlLiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0aW9uLg0KDQotLSAN



Gillmor, et al.         Expires 8 September 2022               [Page 40]


Internet-Draft          Header Protection S/MIME              March 2022


   CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgIT
   Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ
   RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT
   QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy
   MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
   FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
   MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx
   Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu
   Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T
   HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We
   ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg
   n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC
   MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt
   aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg
   MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58
   BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl
   OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu
   OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o
   pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4
   oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf
   qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY
   1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN
   AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
   BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
   MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
   ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
   DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr
   +E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O
   xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt
   dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ
   DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj
   0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA
   AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
   BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
   BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
   ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
   BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn
   euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN
   uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt
   9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5
   2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4
   DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT
   BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
   UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX
   MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
   hvcNAQkFMQ8XDTIxMDIyMDE1MDEwMlowLwYJKoZIhvcNAQkEMSIEIESMi+9/LUlD
   fGjj+6U50VNLFxbzvyVJ0wzwnTS114DyMA0GCSqGSIb3DQEBAQUABIIBACJHeayB
   UllC4GdcgdojTUjoeIy6UIbrSg/aKZgAkCB8Dwq0hdU10qiun6WKI/TxM5izpRvL



Gillmor, et al.         Expires 8 September 2022               [Page 41]


Internet-Draft          Header Protection S/MIME              March 2022


   UsNBGmqknPBMFhvwX6KCrwFk0p0j5Y5DZqX30deiQiGTUv3NiwZGTrKJ3JkyymFO
   HGbe5Thrq3inRLVfilEuIZewaJsnJhKfnEq9fS09icTJ5olPDAH6mZbW6hpYmU3F
   KBk2qJNqJX6bo60rCogu3wXDj0wxnqEXmeNDH5/+L9UVZur+EWzviUc8Ldd/kP3L
   DOO7ivs10bAWe8Tbw7NjuP8ZlVvzcvj3nXWzZzxh2ymDIOvyJA+t0LHQvsN/fbdW
   fC6Pm51fEkabbmw=

B.1.3.  S/MIME signed-only multipart/signed over a simple message, No
        Header Protection

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a text/plain message.  It uses no
   header protection.

   It has the following structure:

   └┬╴multipart/signed 4156 bytes
    ├─╴text/plain 224 bytes
    └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

   Its contents are:

   MIME-Version: 1.0
   Content-Type: multipart/signed;
    protocol="application/pkcs7-signature"; boundary="76c";
    micalg="sha-256"
   Subject: smime-multipart
   Message-ID: <smime-multipart@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:02:02 -0500

   --76c
   MIME-Version: 1.0
   Content-Type: text/plain; charset="utf-8"
   Content-Transfer-Encoding: 7bit

   This is the smime-multipart message.

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a text/plain message. It uses no
   header protection.

   --
   Alice
   alice@smime.example

   --76c
   Content-Transfer-Encoding: base64



Gillmor, et al.         Expires 8 September 2022               [Page 42]


Internet-Draft          Header Protection S/MIME              March 2022


   Content-Type: application/pkcs7-signature; name="smime.p7s"

   MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
   hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
   KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
   MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
   dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
   BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
   ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
   acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
   yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
   Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
   N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
   B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
   arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
   AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
   CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
   8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
   hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
   zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
   jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
   zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
   A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
   qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
   7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
   ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
   cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
   MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
   A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
   AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
   a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
   /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
   SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
   saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
   ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
   BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
   ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
   VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
   8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
   G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
   RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
   bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
   7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
   OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
   MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
   RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
   cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
   9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa



Gillmor, et al.         Expires 8 September 2022               [Page 43]


Internet-Draft          Header Protection S/MIME              March 2022


   MC8GCSqGSIb3DQEJBDEiBCBBQlio2vX/u19qayJ1Cm1QL6VZY0fBeGz9o7nEzCRO
   +zANBgkqhkiG9w0BAQEFAASCAQARvwKQYbbPuADZ7KqyO9LuESdEfBxOF80sHKNz
   UXrHZo8JdKaKxr/cTAuzBvoTxsmqvzP3ItCBm+javqX22+tHTpqisz5jkoiWyNVS
   e+F++YX8mXokgQpY26mZ+15Mv8pYYhptn6zdkRU1+QOwwlDCc6ykkCZeXyc+Hf7c
   xqM6SqPMQ+G7wIF6P2jHCId8Xyl7sdbL0i6PjotesHU+7nQsCjgI/iVR/ubWUdFX
   CTg8HVy4p683V3Y9DoRNP4MlUdmon8JasHDvA0240JcXxhJn1zEYa4gOnwgu3kh9
   3Y+NeucYCT0bXCBq2RLVQSpdNZfScXKL9QvZ3FtB0r6Bmtky

   --76c--

B.1.4.  S/MIME encrypted and signed over a simple message, No Header
        Protection

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses no header protection.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 6720 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 3960 bytes
     ⇩ (unwraps to)
     └─╴text/plain 239 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: smime-enc-signed
   Message-ID: <smime-enc-signed@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:03:02 -0500

   MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAE1K2Qo2Ln5O6L9qgFnOdvuAuXnh2dLiYWIt
   x7B9W2VMQCtrxTipZfUe+Y4oV/Rxifp4gChJ2lCgt6A4hHyApD1yNqmR1pCT+ky6
   jOJlr907Jzy9nIADEjaeKTIHePPWEWPiF3Otlrvg25NobNAE/dzcSgaS+SHsfPgu
   vW6gA+lfzdoOKIWNVl1AJfbDRw8DeDi5n8ZPLkb/gYteBpY5mC2Iu8TebZ5qstQH
   i8G01K4xb6E7eMdXKx+gyDxox1P79E4q3dCKwYPK/C6B3AaY52WW55js9mb79OH5
   6/XvIEez58lV4a9d0iY7g+aoARyTPE9Z79miRYT0aagyYhblb14wggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAWANrcGMnwYd7bg/TA9Wagm3q



Gillmor, et al.         Expires 8 September 2022               [Page 44]


Internet-Draft          Header Protection S/MIME              March 2022


   dbiZLg3NxHQZRLRySCFHt5wGkq1XcD7bWYwF0hSKiI4AJxJapfGUDEpDk1FYBU4r
   9zS/elrwCnhwpO9sLfbJPRVvMTgTZuCOaY25ovZWvWtkS9MRDH+WoM5SNTf4vHHu
   kjcSx5hafbhyiC5pPLLTRyIjObYgKraIMBXix7XKtSR/G7uD+HSIzhYUXqY0q2uQ
   w7XiijbRd4bq9zqBbXriYyhFdo/JsBnYckjmmKcTLp6DfYTEzILKBJOepEiY5X4J
   0JPeFyGxs7WSKDp1JZLZtjbMwvtEuUAwZ+iXDr1x/rQhq7mZIWqIbG6QpxYX6zCC
   EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBDwXZa6LrdPCgLubNCkd3qAghAA
   kaaty8gkFo4+y5iWeOqsbZ9paegmFbiGsTQxrta64sj8znKQfQKz6/g055IcDixI
   STqxPMV+w01jv6+Azoy9qJP29UTL0mXAP0LDionSBTn/4VAwBMSUDRus6jkq045K
   UXxmIpcO3SeOnpCLksyij6QlnAO24SbKsBex7R5EXYXU7W1G/PCoz9SWlYrQuXJ9
   cU5ONWldvYE4/WeD1m3pjv3XKLNEWiaUIVolKFRhR4v+FUedn6dlVYDgfJrH8xDC
   kW9gQvI1ZBbnBOr/zkoDhMMKtTgTvmzLIauDEi2RWKzlvwCattvIkkrjt+SwWpvr
   oc6i58XfCx/d0YHPp5AIU8pslawDtQXe5ecACY9J/K0OgX1G51HI+O2XMC9S9QYn
   YPxA+CsRxmhKHzQv9au48aQwmLBkhkXZq7FCve8GTnCLdU5AmtP6ff59lga7+hfb
   VSz+jSodBL1WnlIKw/lrBvXFem/A4mtY/W9y9EVhGyRFuhoZDCiGRo/bPsyDNZBS
   WAsjHLI3NJeUgHFFcEn5xOwDmhmJOehzs712pqrzMd0VrT4hALvvhSGB7nybL5dR
   pabbxtpBgqzlwu6eoX1jSh5bF8/RsAJ81dxvn8AWcFc8q81YfYOzjqf7ZnuumT10
   18/rdepv/nfyiYCRhr2Eekj0F3bXjlTG1oeCNTuUPcNHVX6+hQ7FY2CJm9JCqNhL
   7whKhq+kKJuPugHb1e5d2rJFkNHrMIJAga8QqKy9eqKct4gW5FFT70wyB15YToJb
   qVxb3BEZ6u1shpZ9IGVzS0Jmvke+Ptze86it00fQIJWfrFqoag83GcCuQEyYEcIc
   HXWFsZIbQ1UD2+YSWBOzRBUUuJ3U66w3J5oDAYfYnieFNPuP0dhaAMsu7QQfLSZa
   T/GbSibQoFXcDx6MaZ5fbZ1iduvoZZfERNMe5vN+q/w9Lx5e8hf1EZmTNMuoRn9O
   wfT/wuM06Cc8FR2Ft7QLu80jqePQ6tAYwvA5QOvpBN9A82DUWz0I9eRDl9+S8Z+I
   QgjbPcZ0ACFqLCfbT6uzrKp2vGSrA+IcS89+qBB+sKbtWPgTrK7QlJgc7NpHGyhZ
   BltAVXv4fPngqn+gSqGuerD/xmvszHMIIHq6Q4ADxbxDE4R0yoV2afXUVyAMo85Q
   eNG5WJ83Z12msJqx1+1EUzzoQXxvrZHm0bMziCjV/P1cu/ChtmuemopRxkplLbJv
   /mChRaKv9TotDy2Dwzf5N5Xy58gb/0ktMXMdGpYts9awYc742TCscrTqutBAXtNM
   dXA0OyelkVHBBCRcoUEWWhUGQKYmK0NQIpxduJYcLLhkMI+2QfyfdkODplEtXbX9
   LaZhPRi9osmmF0fnSkmt2mtD+W8uxBF7espDkUsidb8NiUtzBrSqTADQUIuAw5xG
   322wFZ0DtpFM6nHpbYBfIGlIR4LyqTzyaSRJtMkMiDFgnMWrNF6pMsToo+4GbARO
   MWM9mq4XSMrKAinqu7T8UGWOt9bMfMJrTrpfETgQCL4vur9nI1CbgcPWW14U2oBW
   2lT1duS0o2eRpeGA93U6zF7BbCmlEqPK45Qmm78NwMcI9i4GgHSG2ssEn8URmv0L
   qp9+UmkhvLT26dZtkB0wPMEVOIWx3e+F34eVzno5jAbiJxuUIdDPDwQg7xtrcLif
   lRsaiGx7MtWsP6paqGBrYdHcXNt8P8k2ywNqRicTSThG0P09CNDWFwNaKa+9Ia7a
   EnWoFmNoNm/IUH+wbRQUnT7oh0qU2mxdgMnygDhEELe1+4tGCTAPTbxSU3gxQyv0
   w686bzZP9uGLoRfivmXKm73Wu0HtUefT1rNdPsJDfqEfo8mEY4EDMh+Fa50S9Yj6
   SGe8X9jDaTEJLd+yL7xEvdEQ7FxHbqo7twj/g4Im0OeG2ngEchWlYcuOrlgog4bv
   kWwcMhOCcQ/9242sgCTG/ATAV1ix0Z16/WCzzY60Zxk1eAlP3Ar9NiQHGuVClR0o
   QxhlP/1KvyVMAQTtuEposNLUdXMydq8lVErFuopYej3NJOPE7eA4BeIXNyrhxqfX
   j23tfb3/C4uHEmgjnfW1LZIjwWrOjoEZa2+lG+Si7YQWLLJWFNqEEH2rpxQMnwvx
   282dIYpyY14PDLLN5nMltY8MeMaNp6Q8rOwTDozmmZ9RONzbKJL3FxSVENKgdJTf
   v+gpLOvXou6qDdidAqxErGM0j68g8Rnsdw7Lj3FQH7JjLZiR3EQgGxRKDwTsV1rW
   ODtsNyKBtHDBOn/zOFTmgTVpYol2x/kV22C1Wn9ZArHFgZDxDyDjjJqxJwHlgVdE
   J+bUZ1C5DatXxvjpFhrTpUz1dvsTsq48cmepEiEnqYO/33uU7KIqjBxY527dagnR
   q01ntVycY4wiLKjuJHHHy/b25ORyxS/x6nVYJsoRNXsvYCZ1zqHC7uh9eQStAyj6
   zotbPet++u2REXKSwzhI+6mTCrFkfeHxt3BqTPAxHPxsZAmquayksNs8e94G5LnD
   VLAbdtwuIdeuz3rDWObafnaOVXD8vzjoMpiZcYKubb9pdFQIdxpYXPyqwz2f+c8g
   9VnLXajpwqByOPtLT5knKWMbsXJ5Gc8sNIGl1blYnj5ao+z6JNV2qqWA8dukpM5Q
   /KwmBvR9/RijeIEPGoqRcwUi92fuvVJV7oZf2ZCCGMLw8W4pSrzfs/xdOJslrTgN



Gillmor, et al.         Expires 8 September 2022               [Page 45]


Internet-Draft          Header Protection S/MIME              March 2022


   trDrAOKlraCKJQ5zHwZyg+c65KUe+5voj4WTu27g/vWTmPjF70htA+UIYcsNVYU9
   yGuznj6x/2EV7rLsUTpMqMFN0s4dQl4Hhfr4gaoDROb7bOdkVtWAvwP4c18wlJA9
   08X9kQNPqID0M0NOruz8JO8gyTIxyAmopnEDREvMT7JCGuwPM9YRE64pVPOZ1AZm
   STC7LY11zMhZL+RvhwbWqjkKeKN3hQM4/45BHGFVgg6k5iobcv78lZHWO28SWila
   dEgJLSobB9ieOTfrWqBrBBHjpaDwuyjS+QwjsF8SFLdRD5TY1IugUvW5Swnucikh
   X1rK/FaRRQJGzUesrkN06LlpFiiRyW9nuDjdpaKV4P9pkEjHmtN3KF95LjJnXs+Z
   07cF0sX2K7FY4GCfFxGPSsqbcR/6zAFHVPjgPGDH51yOTe05RWLhgGEWqt7mIeSD
   ppJdnY1LDFK0AFbXAFnjxhNwlfJiLB4vdsFqxGSYXfAjns8vZR62PgSExxUMxrO6
   P7oIAYisiU+9XuG40ok8RFCZgN2Qdy5oNDbYow8x3XR4BQu8+2sT9nLvJosjYNhT
   8yHMhhAbJl5VWK1EaB2gMxmAISiCCkQQ4YlStMc/LUkl8XOdQmf9SF0L1puuGEpM
   V3BhxNxCReiXA8ulMtnytw++lhl3qapALVu5OsJBQ2sqrhc7VhZTfiRQHr5s/i97
   OrBb1ZHv48NblW+tsS0Vl+jW/7AMUvQO+j7wYDI8Q2GplujJ08iHxZw/YDjR+up4
   bmQjK3xySaCi9Ef58KYOj0Y8ITvS61GMn0bCkL23UGNwISo2gPEcStdOksZtlvGX
   X37skWsFPD3M85DqQeckjv3PFzGQL7ZZLUQmmYqwG43DKrDJSZld7VYHmTY0rrMj
   gNo6iqzI+6Ygi81y14ZWTVeOFIH9tOKvjtuJz+90Qi9vEbDqF43+hiyWVg/aOke8
   4TGy7BZp5j/+SCr78/LvTko/5gafEymhaQmmsR7hskt3AhjfTyUfq/cAtuIm39U2
   MmXRwPdrzWASGy/lF0QnrgB0T85+ID58J9VaP78mI/BtKO20wWMTjbabR7J3Rn+8
   KW4H6eewVWBqghCnsJQuqibbZeFDjFgJ9kIaTvGD0TBehpp9TidmppXM4Dl4J+V/
   u7dSL257DzlKkk42gK4Cs0P1dZwe888KIABF38AZ8dnWtD492eYxA9We6NB2ru1o
   K59oloZdn+slcF3DLfvVpyfkZ8o3EVgAPVXiDfHWuVp1gL8Cv5ahVlk9BJSD1CgC
   Vwsm01V1E7QeNh3gNdQI88tu4wh5SVFk4U2cYI+dDMFUVDMzrUI3tKvWXNZOzn4V
   Ce6Eu2JPIcCOYUwDHpsq5aj9BPKBguhQQybDpAAkgSZLwhzAD7rEvo8TU8gzZ2KZ
   zH506GoFtU4oNinnrvyHX96/bG/VlizOE9YtQNyEfxxSOBsZD9jgd1pG4j/FDF1Z
   Ib+KUUo8Y7GKlOu+l+/WIVcp0nIsyIC4zGdM6DThCT6nGrhKboduTgF5NRH/Hf03
   Vrbj/ZarK0t1gzbzPgxotZiUfCVEuav9AVqxA2Zq5afs6bRfohqyFqwKHiYV19C4
   m00v4HisEFDGG3f5+Zj/x6tnX9QxR81DOomUooh8aYs/iAz0nrKyux6GMHSlj8db
   UbvQ+1VvNE3Fj0xu46HkKzGtFqpgXxzDLkE9e7NJ+Hw4tbOLfINQ0qS7iTcjMbwg
   snexBuL6rf8NF28EdlqQzCPLZVhnOd1+KKJS7V/M8u/R/y22+IXzFSA2TlxhId09
   IduZ3ByCz2HFJfVj7SameC3KANbRnBkdud1hclIBDS5Hhpqk4M8i3zmZRZWgLyjR
   edtSaHuJAlHiKgAtQVeIzlL6Ilw3jVoHL0vOdISoQpoWWhejB9f47KRmUbdb5Pxb
   Ot2ylXJKYFfoCQUs1xkNAyynSJAJ97yEAZm7aDmE4bjs33pz4L3nYxO/KUY6EB/E
   eGgPk3Cdvt2JYY5BuFoxXYRKQgZ06c9mXzavJJXXWQUUB5k2QG0uyKPmwNr2sdJQ
   A8ehhmgGws+7qXwZQEcNC3W0vmiGOBDYP3JVJPiNLFVQN9k8ClE7+0emFn2UcNyG
   294hO1G0uBPAbCdhAyDnNpVj5RS0EgY647agQHyp/gjSt4XeoaCIKaalb4iGpT+C
   4r2BqRcVUCdE3MRQFqiT6ccm+8h8eA7xtMB8c9OgUTEIKk/WSc0DUsCJB62Plgtj
   KJ4xXQXTzzUCDMnACFp6mBTd3g2ZbnfHKSyJdAvPigVbA+Qhy2eWUTYpi6yjTIyT
   eaQ2qafGppn85oLFkdgdmE3Ty1UxOpAsqLyNlNAa6YT3D/0Jl3VnfhFKlmywWIG6
   Z2SLd0r07xoBUuAKHkFUuRauGYbVbU/Frmdylv6I9DhCqV/XEDa/tHOa/LWugvb+
   x5A+g+kZiTiWRRLZYHungyjquAf/zeJsPYRoQEi4KHAQ30xCDk/dhWdhDBnUXT8P
   hzMj8VN3yjQA1vMNA5uefj2/+MIkLkz6+XPl/lJNLFHYi+EERgxJ2mFm/s02h9NF
   NhyWBsBtsEwi+rVbfcRRBpVjR5MwUohNHMGxwgj7rzvUkDe47ueXDP74j+JclO68
   r4jQ3sob123uSYryDHBZxZSbwjFU2ufE8W+XL/NGwTw04alHZfKsH4x4ZbGqwunf
   U4lkcOY/ijmuhL5mn2YYUE6w4oywZuLx5WCv2oAvQawMmNP9AeI1jcV9JiKa+8y0
   sAa1LzD78Dg4FKO8t3d13Q==







Gillmor, et al.         Expires 8 September 2022               [Page 46]


Internet-Draft          Header Protection S/MIME              March 2022


B.1.5.  No cryptographic protections over a complex message

   This message uses no cryptographic protection at all.  Its body is a
   multipart/alternative message with an inline image/png attachment.

   It has the following structure:

   └┬╴multipart/mixed 1371 bytes
    ├┬╴multipart/alternative 794 bytes
    │├─╴text/plain 206 bytes
    │└─╴text/html 304 bytes
    └─╴image/png inline 232 bytes

   Its contents are:

   MIME-Version: 1.0
   Content-Type: multipart/mixed; boundary="428"
   Subject: no-crypto-complex
   Message-ID: <no-crypto-complex@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:00:02 -0500

   --428
   MIME-Version: 1.0
   Content-Type: multipart/alternative; boundary="db9"

   --db9
   Content-Type: text/plain; charset="us-ascii"
   MIME-Version: 1.0
   Content-Transfer-Encoding: 7bit

   This is the no-crypto-complex message.

   This message uses no cryptographic protection at all.  Its body is a
   multipart/alternative message with an inline image/png attachment.

   --
   Alice
   alice@smime.example
   --db9
   Content-Type: text/html; charset="us-ascii"
   MIME-Version: 1.0
   Content-Transfer-Encoding: 7bit

   <html><head><title></title></head><body>
   <p>This is the <b>no-crypto-complex</b> message.</p>
   <p>This message uses no cryptographic protection at all.  Its body is a



Gillmor, et al.         Expires 8 September 2022               [Page 47]


Internet-Draft          Header Protection S/MIME              March 2022


   multipart/alternative message with an inline image/png attachment.</p>
   <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
   --db9--

   --428
   Content-Type: image/png
   Content-Transfer-Encoding: base64
   Content-Disposition: inline

   iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
   MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
   sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
   vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

   --428--

B.1.6.  S/MIME signed-only signedData over a complex message, No Header
        Protection

   This is a signed-only S/MIME message via PKCS#7 signedData.  The
   payload is a multipart/alternative message with an inline image/png
   attachment.  It uses no header protection.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 5249 bytes
    ⇩ (unwraps to)
    └┬╴multipart/mixed 1288 bytes
     ├┬╴multipart/alternative 882 bytes
     │├─╴text/plain 258 bytes
     │└─╴text/html 353 bytes
     └─╴image/png inline 236 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="signed-data"
   Subject: smime-one-part-complex
   Message-ID: <smime-one-part-complex@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:01:02 -0500

   MIIPHwYJKoZIhvcNAQcCoIIPEDCCDwwCAQExDTALBglghkgBZQMEAgEwggVIBgkq
   hkiG9w0BBwGgggU5BIIFNU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
   IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjExMCINCg0KLS0xMTANCk1JTUUt
   VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2



Gillmor, et al.         Expires 8 September 2022               [Page 48]


Internet-Draft          Header Protection S/MIME              March 2022


   ZTsgYm91bmRhcnk9IjE5MyINCg0KLS0xOTMNCkNvbnRlbnQtVHlwZTogdGV4dC9w
   bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
   dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWlt
   ZS1vbmUtcGFydC1jb21wbGV4IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQt
   b25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUN
   CnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo
   IGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVh
   ZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w
   bGUNCi0tMTkzDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMt
   YXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNv
   ZGluZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+
   PGJvZHk+DQo8cD5UaGlzIGlzIHRoZSA8Yj5zbWltZS1vbmUtcGFydC1jb21wbGV4
   PC9iPiBtZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J
   TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQg
   aXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
   ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3Rl
   Y3Rpb24uPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1l
   LmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS0xOTMtLQ0KDQotLTEx
   MA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5j
   b2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlW
   Qk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNF
   bEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZ
   bkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpv
   MDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91
   bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLTEx
   MC0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkq
   hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
   MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
   eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME
   SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl
   MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+Rp
   wpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPK
   J2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ
   2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3
   lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMH
   bM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpq
   tQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
   ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI
   KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw
   546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG
   9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXO
   SBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2M
   fbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHN
   aaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwD
   R6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459Cyq
   bqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXnt
   dX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
   MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy



Gillmor, et al.         Expires 8 September 2022               [Page 49]


Internet-Draft          Header Protection S/MIME              March 2022


   dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
   NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
   VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
   ggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRr
   jFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP9
   68+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dK
   vIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCx
   qqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATK
   RGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
   A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
   eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNV
   HQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfx
   CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cb
   bmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVE
   DMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhs
   plrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnu
   mghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4
   rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYx
   ggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
   MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
   aXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3
   DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDEwMlow
   LwYJKoZIhvcNAQkEMSIEIAiYlRaTjUNCbHnrieg64m3mMEmTRF8kqt5E8+ogUh5/
   MA0GCSqGSIb3DQEBAQUABIIBAILQrmFl9ls0ehRVddBjQEsH5VnT+NxYWjofr2i0
   w5OoB4RU3+6bPs2i5Y+IZvdnQTkfux+L/Rmy+cK5tlK8J9taLXm3/mJO/57tW+Cl
   E9WSBFb1Ik29FHbTuTbrcSaE6Dr5zGwZBmlkcb3rx+AdYM8PMAhDd+ESwYwyjWk4
   A7zRNEA1pD4XZdiz0a/kULobW9W3OKaQdJANQG0CX23puEW+wk9hzuuWX+IXeLwh
   4R1kXSigeWxlu44jrBGOzkr/UjonxvpjBzyvlS6ltj0HekROzHy9tXEHyeP6BOzC
   kWKI9KZRyeZenYIOJRgqicDLdDgrZN5AoQqE+rBlK5i82l0=

B.1.7.  S/MIME signed-only multipart/signed over a complex message, No
        Header Protection

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a multipart/alternative message
   with an inline image/png attachment.  It uses no header protection.

   It has the following structure:

   └┬╴multipart/signed 5199 bytes
    ├┬╴multipart/mixed 1344 bytes
    │├┬╴multipart/alternative 938 bytes
    ││├─╴text/plain 278 bytes
    ││└─╴text/html 376 bytes
    │└─╴image/png inline 232 bytes
    └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

   Its contents are:



Gillmor, et al.         Expires 8 September 2022               [Page 50]


Internet-Draft          Header Protection S/MIME              March 2022


   MIME-Version: 1.0
   Content-Type: multipart/signed;
    protocol="application/pkcs7-signature"; boundary="e18";
    micalg="sha-256"
   Subject: smime-multipart-complex
   Message-ID: <smime-multipart-complex@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:02:02 -0500

   --e18
   MIME-Version: 1.0
   Content-Type: multipart/mixed; boundary="831"

   --831
   MIME-Version: 1.0
   Content-Type: multipart/alternative; boundary="a1e"

   --a1e
   Content-Type: text/plain; charset="us-ascii"
   MIME-Version: 1.0
   Content-Transfer-Encoding: 7bit

   This is the smime-multipart-complex message.

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a multipart/alternative message
   with an inline image/png attachment. It uses no header protection.

   --
   Alice
   alice@smime.example
   --a1e
   Content-Type: text/html; charset="us-ascii"
   MIME-Version: 1.0
   Content-Transfer-Encoding: 7bit

   <html><head><title></title></head><body>
   <p>This is the <b>smime-multipart-complex</b> message.</p>
   <p>This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a multipart/alternative message
   with an inline image/png attachment. It uses no header protection.</p>
   <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
   --a1e--

   --831
   Content-Type: image/png
   Content-Transfer-Encoding: base64



Gillmor, et al.         Expires 8 September 2022               [Page 51]


Internet-Draft          Header Protection S/MIME              March 2022


   Content-Disposition: inline

   iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
   MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
   sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
   vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

   --831--

   --e18
   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-signature; name="smime.p7s"

   MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
   hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
   KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
   MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
   dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
   BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
   ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
   acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
   yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
   Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
   N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
   B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
   arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
   AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
   CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
   8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
   hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
   zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
   jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
   zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
   A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
   qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
   7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
   ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
   cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
   MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
   A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
   AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
   a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
   /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
   SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
   saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
   ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
   BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
   ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD



Gillmor, et al.         Expires 8 September 2022               [Page 52]


Internet-Draft          Header Protection S/MIME              March 2022


   VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
   8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
   G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
   RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
   bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
   7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
   OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
   MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
   RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
   cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
   9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa
   MC8GCSqGSIb3DQEJBDEiBCDXOvk8vYdge4ktwwFa4GFP+Zxia/eTOacb5ZgEXQA7
   WjANBgkqhkiG9w0BAQEFAASCAQAIBfufI8gxAWPFjnahNo6lRRGWj0U1S4GkRl6h
   LCNh5x49ns9BM51cZp+s5KhQSxhFdmuru+wCwgRk7KjzckAnizh70/dEYJmsjSZl
   zmLEGmtQ+q9MoyydZD9s2l9891WDjsCFjVIIhRkLTI7Zeh6+wQQpGKDbv0MoYQ95
   a9HPz6DuuCjCTCv+rUEOAys4X+dQsgDx3hsSITVoKDR11kHVmZnjC4Byce6HY0Gn
   cEg/VqBGK4R70/46XTk/EgLPsnSPLPfc8Pc1kw6yyF+QNyLV4tKvOKRvNJGf+Pjy
   GvJIthBGOKFbOtWPpY+nFTMT+aNODuyAVQUmlbQIvz0/WXvU

   --e18--

B.1.8.  S/MIME encrypted and signed over a complex message, No Header
        Protection

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses no
   header protection.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 8690 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 5426 bytes
     ⇩ (unwraps to)
     └┬╴multipart/mixed 1356 bytes
      ├┬╴multipart/alternative 950 bytes
      │├─╴text/plain 293 bytes
      │└─╴text/html 388 bytes
      └─╴image/png inline 236 bytes

   Its contents are:









Gillmor, et al.         Expires 8 September 2022               [Page 53]


Internet-Draft          Header Protection S/MIME              March 2022


   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: smime-enc-signed-complex
   Message-ID: <smime-enc-signed-complex@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:03:02 -0500

   MIIZDAYJKoZIhvcNAQcDoIIY/TCCGPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAJGYWhyOEdeaxA1hlsqTJL/nwL8aIuFtQBnq
   8aptWsaRxmbkwfd639Jspx9JZhc4gu50hiKu1HdJ2+IL7vvPRB49SfqiCst+ImD3
   syFxHjbMJSpFDNNukyut/SYV+DAHbvgiGxB0vCT8iW+qbKgwvQYcm2Kcs0UYV7ek
   NXA7wkNjIygcyRSbg7Xdhv9HcGGtIshTBvwS9DaYwmjo/8IlrXfeIusKU7dhZgMK
   bVVbotXAylbEFH6vpDFWK5pc+DPgVPFe8iA8z02k8HdtXEM44g++0/chZAiqe8uw
   UARmERg+5Y+2dROAVHRWFvloW6qWw71jBmtf55abK6jJFhSIzmowggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAB9sGmAYY1DHhoMQbd734joYE
   SjbvkHEPyOAlJI7FfGdAr4I+dmkYeBuvZVM1YWhtejpVAlurNbbLkOEj+yPhGbTG
   nxBGt08KsSGKCM1blIY9MpkbsdUs0rSkPs33cYeRLJwGTzAsTSy0txkCETlKQBgK
   0JGNQHIu8gvPjyMrlRI5xHGVjvbdz0LiWeQPJmoqBFyO53sliYgWGiZmeqjVUSc9
   LeQ1h0kHl+vF0QQxAqIl9+SpjRTlFe3MXdq3gmvwgkYPelF48YaBst45yyJh57+z
   Z3pAX7dJgjE75Msb1MKn7q/OSpF4Ux/yfwTVFxNJEGFGo46FOWkVb2lSBRhqxTCC
   Fd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEN/jbIuyBiQPvx9QS9tgtISAghWw
   /W8bWpUqIZAatmwlv5kmA9az3Z9YUJnqm2X8mh1MO+UrRCcq/uk04cXYQaF0iqS+
   M6torBqIrSRUMFkcC7k9TEaDFIuUYpRfp00AFGT/+imSNuouqRb69TcXkAHqfU7S
   p9atNXNLr7tSxVec1j/uuW8cwTToPi7U/kHFCdGQt+YwMoUhD4gVp6lxWtgeNUE+
   RNr/vN/hPSwXyWR/WCk4Vlc9AjGlwds4m4R9MzGHaaFWjOSGbkhm8dN/e0s409ze
   8YzvbRc3GKz669zduW9lLGzjbaGGd+X3Oug9zf6JPkdwvQAv6rPfQK6zbOBtNs7Q
   KYm2APsaHFjItbN6/pM1E5ypYb+q+W+jQQqrbZOFziwlxFWWU0vUe0GwADCjEkKN
   68ImJdvWjB1FvdFrGQLFRogHBwcyxCttF9ZJcG88ldMGOt5S7vKfSWY8l5ZEOtr0
   ZqgmIA5tiajWyasZPpqgz4Cz0pP6NJpeuTlpHrDKH/YjMvtdzzpnaBvFPMQJGu7Z
   2gG5BX36PMHNFWDUi+L9fUnXl2pjuWqYPOS4WatITNaRP6NIyR3qsbSNZ0uqS7Ry
   bZs9xvpYBsFIupxr6b3a2o1aSx4I0rjLijDjYDesIjV2b+eis/vMi5HKbY2feFch
   tTPdcv2KxP1yxflB5xF/jVxaFXlsRr7ZW3tPrWuR/oGhSn5DM6Ruqg0zN7RoMAuu
   9QxQRWS8eyw5VFxThQ/5pWVos2xwF3WtKVfuOXbhhKlWwwcZpiW32UvwnLG6QdLp
   2FdmgD/MJMkGHOrB2LyUx6fABSOrOBz7iEe2uwPDTKIyLNj8uH4P9+O9IaYnNHbT
   mOjGGF4eTRVwRe8QTj8aQA+ObyxriGHEDNIXTF+QFES9+roo2zWbbOF2PT+C/LIA
   Rmhtc0gFnpcCQ0iZNNssJDBlZhu1iEGq5Vbm/UXqS11b/vWtBmqrwUoBsrgXvkvx
   HevFH4VrRQE8aIDCKMFDTme6Ti9zZyJh7sviuBQETt0rIQ4Hd8tVPR4B9VSIKbER
   mgOsxcNkGEDPipr8Z+hioTO7g1++ZhUbPQSY6biWrQmRemE4nIXisAEXfX5oPtrN
   X9y92vgfUEF9q8c6uiVlh7MMt/U8WyjuoM/pEQRd24sA1n+Hxytq99aStV0DQqg8
   eC7RmmtjGToJkdeOPPJwZEn2QVloYuJs4jD4Aqrt+KlaooFh59tAacHt3KL7LO/c
   U/sUfENJ9ouHlfmJd84xc5w0D4g0lB53Ly6YRjLlzlrd1fhkU2OJiG9s7Ki6yC/a
   4B7rA5cULoxyKiSIlQTDbTqo7CO0dA0RPkKP7ZQWMTrRhjeF4qfNJNKwkTu1kXJt



Gillmor, et al.         Expires 8 September 2022               [Page 54]


Internet-Draft          Header Protection S/MIME              March 2022


   rIlw6XRj3xix+kYBrDHkzZI8Jp27Z4lbkpcXu9U3iOHP+HPD8T8HepC2n63eQop2
   +EJ2A06pintq029gtfssP7Tl4kybuimSgyaVLEIwcwzdI44fYg/Oiiezr66DSi/F
   QggHZW3pgIdudD/CS4Uf7MdZid3S19NSBh3iAdiajotqXz7SEMCCt3YfdrIDFX7b
   XQxhbVD/26zPKilLSYbAs634xeU91PUEdFvYdeA6uMSGo5Fn+0D2ldT8vZiE5H2T
   ud0buFrNqN8mnvAo6PxIDHqobXkTjcbdFDnPm43xGfvNPO8WUvGOHwSEhlzz+pvh
   BeQ7XxOo/U0aNSXdT88TZ9v9z4VYCLaW2ko+WAd9PrmKLkcdqxmt0WT7z1ii2RG7
   hLOpjKI4FHWFGwtXcx8YnXr4FDr6m87DhiYURQbLSV4iUfBgECFFhVuz4quYIyZn
   yDrMlVJJ15vmZmwOlJKfSjMKyUZTJRPZaqRqjEu1hmLfuTKygTpFHw0Rx8HTkiDE
   wWG4c3Jyh5AMSjYmTNnVgr/fqH1N56k9LD9ydWquMKe0HW3X2bhMQ6M+x03l1b/k
   XUbF7lD2W+u2BJMGDnhvU2alL42QPQebGjrsb/Dmoq9BtJr1ldrB224aCbaYCSkN
   dsQCCSPLCB/TXJAGoDSznw5f0OdG/gsafEOq2SvCrnACoQwkpz8HHYezx1QnV4Bn
   kv7Cq70vb3wndsctTZrdR39fpB/rWILMer7kfsClrto7WK3p2QRgEAgDya82SWtJ
   FJpOzO/6hW3EcIvq7TZHElWCvf/5gG6YsaDi36dBGfwUMI+NkAVOCCcKCLmro6ET
   Rw0Yb3sawxuBrS5hOG4jCXcuN3lEC8AVVARho17xHU5nt+pfFTV4jt/uJh6iWxx8
   zmwiPKO3tCaNAWsVHy3UHNG9D8kz+ygMqMSQLFtzMnW8cty2Xf9YF5SiBefQflgM
   HbI0dvzXxGStYSOjrQehUVLaW6gLnPuyssSDISubCQuf89AILtRpH+rETIq8Ai6L
   t1v1dsbI2ikHBvWe0z9f+EsXks1E2hO7GyPiK3TgwzVeT+t3z5wA0/39l7qigGZ/
   R6v3e2RhaBu6DSBhUX97hvJgn0rIjdkNv2A380mrW9Xz2ZXJhYkj5Isp5cH5wy8p
   rW11eL6trfkuqozm174uYA44/DRqnEqqU6QhIeIJEAUeXilsfBittZ24twIulKx7
   8S6g2BjuoBvv6RiwNw1gUtch45H844gqTrwjAr4j+CarCc8mYmI1LjaM9uVUOgtl
   4q5+2m2f294KOKgiY45Q7Hit+TwqO+inWlskDqZAb04zn0/aZbdrqomWh+f7Nufd
   KvlFWAoljZg+ekAFFytBreBJsw+zah4yAz4W28gldy1w44f68xNzCRg4SpoEm8Rp
   gbQXVKzi7mFcfYn0R1GgFFldLDLLV9FOb4hXYAgY3KV0qu6hfyrq6zAw8CRAPYkP
   3rhV082VlFOaxIUiA/U06vuXOWFzkMKciH8XEDvdPZycExa5HTzr9D7Je89csh5Z
   AuQFRoHOshr3cDpiq+MLO1HpL+b0Ol+tCkWlJSBE0y3JV4udFnWmESoqU4WAGKhP
   +AWSZdwjySJEZnZtRgovk+fquvxnL6FjPJL/ohdEAQPeXfvbvgxQoeeiDFCcst9q
   O5G1Ekiq3VH4NDCgARDCeGFag4oJU6Naw0rKAW3dzZQjZxU0c8a+CdVLV+ZaXYUC
   rbopg4GKcAnCo2RP3tIXNvgHvnHWhWhtiys7hzVNPtO6jXk0d7qIF7hClxq5aShe
   kweXjMHYZJLjB/NT4JZoIgeyQKJAZkSSqbqBgbK3Mtuw5aZQaChuMr0MYyXbZ5Yv
   4EABKcGUj1nIcsx4goKlsCnNVUIakz4oHCaxdKfGA/SyKbs8cgS+zusjpD9ankYh
   tH8VGAO6s0td3CvDhHVoX8S5kyUO1LkyNhkXDCe5TnTEKRF4b7vLpNj71FzLYPC7
   vc1FHNSFhyPjD+MGQsqohf1HozSJUMlt/Au72XxP8LXQgqJiRP0UkZ39IjRMt4BK
   +rXt6baHjmcQfowjAhIPsqDNGLgFRGGK4FSJ1hRb11kOFz4VHJ8604AkmS2Mk5fF
   kTXLOkxOEqvb+JBVd4J/NmW6wvlEZ7iHw+3nRS7E6o1+wefl5b/axmVeJgU/h6KP
   OfJZ8vDjzNtrkHFTbix4Vj7bzQFLLfiGl7bP++hN+8ioJDsxob0/DijdcTvdJnzR
   XJRgBH4iEEJrOcleQ5HIq2kLmUoYz+U4YpBVFbOKUyQfheYl689HphhUg2NEs9w/
   6am0jNfHpdUrRuBCHtBLIJySdyexq9Gzy/M5/+j51v29YXCLZo/lu6JpPXv21wGy
   uG/+T5wFKVlcIBVfwgYJJM4Whht7I9S6IAqp35b0hLNtYoyGAqttOSEENpM5wJKw
   DGLeB4vye2vyiK67ZACxcnqUrDePFYRFKUMSj+U/zeB62y/DVmZBkr7XAXiGBKbp
   M5YMTuLmsz6uB2S9Pp1fuiwO3qV4myPHlNQMtHZVnn/Fcgo+3rpW1zx3JSX+aMdT
   eEran9uQRAyfMHOd6k1tghZwvvZwGaU+9Oi7hyL2o4nJY1G/cqWvSK1E48u8aftK
   oPv6RmpJDvJbh/uriqGZKNIf27t5O/IGBBcwRGeMBgqYYkmG4ss6cvbIcBcnyP/D
   w4EoGDTLL+YU3vOZKUp5l8TEHYvtDGuBf1nMt0uTT1Zk6savmLVEHOYObjpHGAVO
   Mn5PvfV2L+QYi2mpCxAmArscHVJSysWXJ66Lzps4J0hI2mfxalyK/N+qW8dNrvkJ
   tyokrjjfnO3FVyD4j2Ph962pMLP9m0FsNBVaO2ntBYojDYYd5MqXNcUMVkvaxORk
   UTuUsCwU7CwIkTDpHtDt+9u8Ljl39jkejwEAovh70EVDkGaclDCi0PVs/jq9ferb
   V1T9QGbP8U2wp6pwVsJAdo4nuH+sn7HUsDxGP0/Zwz65dhSyd7eHLNSfEdxBMFSq
   GyQ/RG03Rxq+sgtAKLjaBlS4Ra7xNLAKdxO0dlyciNXPFHubDDhaib7BQE3qG7WY



Gillmor, et al.         Expires 8 September 2022               [Page 55]


Internet-Draft          Header Protection S/MIME              March 2022


   9JYC9NeBS6qtfn5PBS9xaf5xtHLbIBegz0NRmct2KkamMIQsAJYRvcJ98mMXrFwO
   qpqtQ0KHePJk7CLjUB8oQooWUuD7LGpmeSCnjTUSXqqJiW40ZWX0IWJYGkCEOLuZ
   KrCIkTYimOq6fQBfbe6aAzrF1Wpdk7/7GXhiJf/agQnRkvrCP3xAeYNDBxDMnWmD
   EKeY12hNSGbEx/GEvM3c0odMtd6HMko8X1G9OXevZWd10CiEFkqeL6faFO0v+rZc
   gHF18L09KUOIxIjyPis3lKTrFLBqJnfzyHDeIiIlCCfqAgW/2ng3EK5sDs4fnvYN
   DmNJIE0oDiDodIQrznGwn5Qsj2sG/aUgp8cNNdsLWn7diGmSrdJFZWji9/rluO60
   1nwrMHbPBzEpEufZjGs8TbN5Ww2CUfuSFBkB+dn7dkoORVppiakqygh/OzSiNYp1
   KCNU7RkGV45I+hadL7RU811L5F4Qimo7WQXW6F8fFEakURm4PU2cREpR86dhe/Xt
   XNp6pvLjvgZb9G2CgtgDMgsZqSRlDa71B6ktIvg1js0blZ4Tcn4APcdi5F2Tm6Uj
   h7V01OozajrZ4VGJVYI6DsBRPfa5DY+l4f/ITDyONn9VBmnOlIQhwC1G4l1csAnW
   L4T0bi2glMl3BdafBAR0H7RePm08oohRiV9gB3lm9OXy7t9tyMdmfJSKExALnc5/
   aE+7QfadJ1uaKI8MvFbfkWKB6x5KD+XHjNQ0NHOewM3aloJUp2Ok6CiNp9yekVAb
   w8cIhvODtQysXPMj/q+wnuieOzkYHt9I2TA+wc4Bq+p6ZFGbIZUBzmb21h8SRqUw
   HXC6D2VSMCBFjIVpePbYB8TbgEkY60obahPfkiq4BN1SnJc9rGK3ueMOcXLwyp8j
   5enxquno55PmmeSvyU9VS5vwcUiLoEggLfmc3l0/XVlVpyFUsl1y1KjhBh0YfSDf
   R0wTA3fMRH8v9UVQlVcoNBS+FzXPk8wRm4Nbx0zQ/d6BqDeL25dvQw8qy0+CIntR
   cMWV+BG5PIFFmL4N9fqw1iHyK6ccIhp9KpUuVrpTTmmE2DuuJJiO00lZU52DzaTg
   GvRuEjZz/TryEYploSpya4iaNzqnaaWd/g4STf5EXzH192QBf7WJoct/EaioK+8T
   hIpyR5qXBX0RK/+TlIT2+oOPFdEXXOI5II+0YTdYa+y1uV9qKnN3apBXS+7GLodr
   fjOABQTpXkglp6d7CTJU5gJlR+xQjkOKMvuQJn1WzeN3pkEFKaC/9SwoL/olvs5+
   uCpE5QWUXNuCPyd9us8/mNsXse69SNK/oF5/Zqn8NawfmQVMo8JaPWpWarqJXdoY
   2Mt/UhmLgfrZ6QidZEQi6OPcLgNbbYY35VHGgYsHj8c07GYTo3p59lKC6xEotY92
   9MyKOgM8fw3dfAbBPXA4TqyUm6kD1J2Fy1sMMkyfR5WnQDsR+/Vxq5k5bTlJ1ZRF
   8FZHeWv5AItHWP8KknJv9yHpygUWgj1PtFTPI9JfC4OI4kTybfGkS67iIB72oojf
   dLLyzdJ/WMy9HSlT6EncV0clQTVlsCpxvNMn7Wxt4BkYd0v8eLPm7d7saiwl38D5
   TtHy3EgkOABsPPUoihuls1gJKoRq7hWT3CYf5UBCsa3Ocd7Qo2yKJNgDrRosp45j
   X6u//xxA/LDXgrq+th28PN7i+E9ZkWHt16wdUbtFQBEOmpm5ZB3hq88mDk15v9vb
   OnQnwGf6h3UWx/AzmPuRPu2C/7mEtB7/tUj9nqwCgjXIJ8oYhv2uD6IjoAZgRbwm
   T7KoMb9T780h/0LealOBpZ2a9LZgNAIcDWWhb8fGcS537GIzIS6eZG31J2Pdb+ip
   isCzrnRZmWJqR9MPhUq0lhTLEuxd0RnuqQE+VnYydNvDu0p3L5nfINK9vtGWybkc
   XRFbJS23dc0vS6ug29jGzLzjODz/S6TTvo0qgl2heFVFdYzD/z1pw2dPQAlk+RhO
   dAG0tDQCIyVr719e64j4ZbFjMNfE7QA+YJfMaQ1HlXEGQvF9oLA34dN9hiNAh2Ls
   9ehAOIo7gs192SDDOwDHSmJJr27A/BdGGc4vC+t8Bc7hjFza2ixJ9VkIh1pa8ZU9
   aNnNbLcnfb5l8/7DXgSpiVFncgsLaCZ3iORFxE/IsNX9+R0An0+y+r2mpdtDWg1w
   69g+EMg4dJw8u7pTTW4J47TCAECjF3WVybl8YpvVmgVsrTIL/jDlNWq66JtH2yC7
   Kcc7IF1neMYTpW033hDTKDcY271nz/BhdumwynboWzKTjyNuim6e/OdCKOJHT8YJ
   8icUmzbOi8iYjAwhSqu6t8OZBYIT7oItqzfkQMKKLWwuguJsRa3P6OY9Gg7FUZno
   PXjOCpNyGzY0hg5VVk6FV+thB11MYmlnG16D50UbrH4tgnzkUwpUCMrXLdWr7dfp
   l9u77ICFSiWnIUTtah+s9TUULnBAL1TWyEN6dcqdtT2+HYzDN+FT9+HJsUabDIVP
   9421qkTt5VlCWImXEPdeq4PqfE7LWtEA666xhpgzdnmmE35QHI/por/HS47TlxTV
   38m+Laew31eEWGaiORbPI8XlNZqlfwjv39bpJH9nqMdaeY/kbgFCAsJyuW1nfJ4W
   uiTUYsk0Cs9u70BdYYfo0+zdUgem+XM0epL9zH9gsKiJ4gfdbv8x0rmcXhIhaA/V
   bRGj9MYxyBbCORCNCMt1OeX/GndLxj9azdHKugZdLzGTA0Dx84xRd9rDWOSxGv1/
   bNVXqDqCaW7BcSiO8pAnWlvwQ+m/p2Wxkzi71uxJhhHX7M8/k6mdJmmrB6SRf6S2
   4oc7ojwI6vXTexWry421uQcrQTOMIFutqna5NYRylICuC0vm3WdNuRLfN7Lkpafq
   evbT4zaksQOuDFoXIGIQ8kJ6HTEOA+v33uV7BZfqlo1yIetX1JnToGheZBMc3skU
   pCQjWDeZA6u42Nz+ewytKgYRwr2trDE0bX3xMfH0+/o=




Gillmor, et al.         Expires 8 September 2022               [Page 56]


Internet-Draft          Header Protection S/MIME              March 2022


B.2.  Signed-only Messages

   These messages are signed-only, using different schemes of header
   protection and different S/MIME structure.  The use no Header
   Confidentiality Policy because the hcp is only relevant when a
   message is encrypted.

B.2.1.  S/MIME signed-only signedData over a simple message, Wrapped
        Message

   This is a signed-only S/MIME message via PKCS#7 signedData.  The
   payload is a text/plain message.  It uses the Wrapped Message header
   protection scheme.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 4213 bytes
    ⇩ (unwraps to)
    └┬╴message/rfc822 566 bytes
     └─╴text/plain 228 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="signed-data"
   Subject: smime-one-part-wrapped
   Message-ID: <smime-one-part-wrapped@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:04:02 -0500

   MIIMIwYJKoZIhvcNAQcCoIIMFDCCDBACAQExDTALBglghkgBZQMEAgEwggJMBgkq
   hkiG9w0BBwGgggI9BIICOU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
   IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246
   IDEuMApDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IgpD
   b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0ClN1YmplY3Q6IHNtaW1lLW9u
   ZS1wYXJ0LXdyYXBwZWQKTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LXdyYXBw
   ZWRAbGhwLmV4YW1wbGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl
   PgpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIg
   MjAyMSAxMDowNDowMiAtMDUwMAoKVGhpcyBpcyB0aGUgc21pbWUtb25lLXBhcnQt
   d3JhcHBlZCBtZXNzYWdlLgoKVGhpcyBpcyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBt
   ZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRoZQpwYXlsb2FkIGlzIGEg
   dGV4dC9wbGFpbiBtZXNzYWdlLiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2Ug
   aGVhZGVyCnByb3RlY3Rpb24gc2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1l
   LmV4YW1wbGUKoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQw
   DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
   V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo



Gillmor, et al.         Expires 8 September 2022               [Page 57]


Internet-Draft          Header Protection S/MIME              March 2022


   b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
   bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gB
   UCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXP
   mrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEF
   XgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41ko
   aZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX
   +TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iP
   sIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
   AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
   MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkV
   fAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
   KoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtK
   tl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3M
   RsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0
   LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXw
   fDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyu
   OfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3
   QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF
   VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB
   IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw
   OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX
   MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
   ggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo
   7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+95
   0MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYW
   Tut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfC
   n+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9
   COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw
   ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p
   bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAw
   HQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwH
   Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4K
   kkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30Uxf
   yrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HV
   X524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP
   0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+
   JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSz
   NnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
   UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
   dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq
   hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA0
   MDJaMC8GCSqGSIb3DQEJBDEiBCCt+Ik56mZTd2mpSgOXM38dS7jM5alU2FDX9/58
   cga1szANBgkqhkiG9w0BAQEFAASCAQCxKLkx5li14OIOcH2tcWqcsQilPLgQ30ck
   qhJL2X9/Cl22ibOGNwL8w3qSEBeG1a+WtHw3bSqJx1ciRYcLs16ms23no5QoZ0pU
   fRLmQuTEgObCf+syiTGnWLj8e+2aRVP1L9yEIbin6+hFyp4s393zYhdMOPAP2ruI
   lg+BxoWXUjXso+8lPgqLawA+9KMI6tQZMnwI9LpGJmZfoSXdHWqWtjdotzZpqsKm
   Ihr8DBKtUetqgZ2zqDO3zo3W2L6EmNM05BJUmqwAt/cN+X9kws5dAqtHDQhPNTa1



Gillmor, et al.         Expires 8 September 2022               [Page 58]


Internet-Draft          Header Protection S/MIME              March 2022


   WUX0oTTkMzn1RAlOxfowEStSnfDOOzIqg+L7LgiMw9jhIgP4/uB2

B.2.2.  S/MIME signed-only multipart/signed over a simple message,
        Wrapped Message

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a text/plain message.  It uses
   the Wrapped Message header protection scheme.

   It has the following structure:

   └┬╴multipart/signed 4451 bytes
    ├┬╴message/rfc822 596 bytes
    │└─╴text/plain 256 bytes
    └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

   Its contents are:

   MIME-Version: 1.0
   Content-Type: multipart/signed;
    protocol="application/pkcs7-signature"; boundary="20c";
    micalg="sha-256"
   Subject: smime-multipart-wrapped
   Message-ID: <smime-multipart-wrapped@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:05:02 -0500

   --20c
   MIME-Version: 1.0
   Content-Type: message/rfc822; forwarded="no"

   MIME-Version: 1.0
   Content-Type: text/plain; charset="utf-8"
   Content-Transfer-Encoding: 7bit
   Subject: smime-multipart-wrapped
   Message-ID: <smime-multipart-wrapped@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:05:02 -0500

   This is the smime-multipart-wrapped message.

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a text/plain message. It uses the
   Wrapped Message header protection scheme.

   --



Gillmor, et al.         Expires 8 September 2022               [Page 59]


Internet-Draft          Header Protection S/MIME              March 2022


   Alice
   alice@smime.example

   --20c
   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-signature; name="smime.p7s"

   MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
   hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
   KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
   MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
   dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
   BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
   ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
   acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
   yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
   Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
   N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
   B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
   arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
   AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
   CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
   8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
   hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
   zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
   jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
   zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
   A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
   qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
   7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
   ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
   cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
   MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
   A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
   AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
   a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
   /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
   SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
   saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
   ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
   BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
   ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
   VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
   8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
   G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
   RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
   bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
   7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz



Gillmor, et al.         Expires 8 September 2022               [Page 60]


Internet-Draft          Header Protection S/MIME              March 2022


   OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
   MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
   RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
   cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
   9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA1MDJa
   MC8GCSqGSIb3DQEJBDEiBCCcDIxr7wd3VCCz1VBG9nySvUJ/Fhzo26f78El/UUbj
   jTANBgkqhkiG9w0BAQEFAASCAQBUmMGL40IZQmt3Nad/ymEUOLu3Dgfd/nYKuj6P
   fjKYJFb9UhwtufZK9/WyVtytLsFJMYHZgUSWU3VbHk1L/cO0469Rbqo6CqlLRJPK
   uN2Eul2UCa+3ovMIQ8g0NBflXrdfR0OVRqvfO91hLFkTxLfCDUG8ziRWOLWucgZg
   zkVXqEzvFyOtsSbr3GAY817wWgl1+PTFchO4XF+rg7cNysKqGLtjxP9lN3PcURYv
   TmooTPY46kheab7ZAzKqQI6go7somKmMqD7UsctMLSVZo+EX5/N9vq5znv7bfpoE
   Rgd+NZNQD+VYDIOU1FI5ZjyjHpRmcFpywjvHNbTBGlYhv3q4

   --20c--

B.2.3.  S/MIME signed-only signedData over a simple message, Injected
        Headers

   This is a signed-only S/MIME message via PKCS#7 signedData.  The
   payload is a text/plain message.  It uses the Injected Headers header
   protection scheme.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 4185 bytes
    ⇩ (unwraps to)
    └─╴text/plain 239 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="signed-data"
   Subject: smime-one-part-injected
   Message-ID: <smime-one-part-injected@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:06:02 -0500

   MIIMDgYJKoZIhvcNAQcCoIIL/zCCC/sCAQExDTALBglghkgBZQMEAgEwggI3Bgkq
   hkiG9w0BBwGgggIoBIICJE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
   ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1pbmpl
   Y3RlZA0KTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkQGxocC5l
   eGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog
   Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg
   MTA6MDY6MDIgLTA1MDANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl
   dD0idXRmLTgiOyBwcm90ZWN0ZWQtaGVhZGVycz0idjEiDQoNClRoaXMgaXMgdGhl
   IHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBz



Gillmor, et al.         Expires 8 September 2022               [Page 61]


Internet-Draft          Header Protection S/MIME              March 2022


   aWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEu
   ICBUaGUNCnBheWxvYWQgaXMgYSB0ZXh0L3BsYWluIG1lc3NhZ2UuIEl0IHVzZXMg
   dGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVyDQpwcm90ZWN0aW9uIHNjaGVtZS4N
   Cg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3
   oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsG
   A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM
   QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4
   WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
   TVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEB
   BQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoi
   ZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3i
   Ox7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLo
   OAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqU
   uqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8
   v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNV
   HRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNh
   bGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB
   /wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgw
   FoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCc
   sTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPI
   FlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMG
   HjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M527
   4XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P
   1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1
   SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0G
   CSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
   MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
   aXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQK
   EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxh
   Y2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+S
   tijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc
   9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rT
   iz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJ
   C3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfo
   g8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOW
   wks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFl
   AwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAK
   BggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeu
   KWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqG
   SIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2
   doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVY
   eDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqG
   JdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQs
   Pn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcs
   m0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0w
   CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
   IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw6
   9Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB



Gillmor, et al.         Expires 8 September 2022               [Page 62]


Internet-Draft          Header Protection S/MIME              March 2022


   MBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA2MDJaMC8GCSqGSIb3DQEJBDEiBCA7
   4grfze+Y7DQEGFAYHyyvRpNkuuZFR0V+RvSTvu4FGDANBgkqhkiG9w0BAQEFAASC
   AQB1KYVvQNZpe3EKeM0XhJrlJNxneVmZWFCEl5YFeRsO8FeIwJkV65YtFJKjOVVy
   qYuZBGz4MsKaddXxAOXI/Q7cJ+70d9iOc1mL3PD2/U6DOwwhNfJoNSK7miYfMASV
   42TMJWTt0T1ORJnvBitjkTuZDus1tp3xwxbrZTa4pyGaXEhBW/Fc4z6L+z8hpQv/
   +6dw3+ORgfc67VTHVnsVVfb0UPrWvdxFdL5xYdqXxlhDsLMEms2ttHHzvjC003Kq
   As0xMHEmMpfdL5M69MAjvroOUv0SXETfQaxca7IKd+9xUNNRretZ9xz2kn2uD+k7
   unTEyVGeHrWmQMw/8MdvEac/

B.2.4.  S/MIME signed-only multipart/signed over a simple message,
        Injected Headers

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a text/plain message.  It uses
   the Injected Headers header protection scheme.

   It has the following structure:

   └┬╴multipart/signed 4417 bytes
    ├─╴text/plain 258 bytes
    └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

   Its contents are:

   MIME-Version: 1.0
   Content-Type: multipart/signed;
    protocol="application/pkcs7-signature"; boundary="12b";
    micalg="sha-256"
   Subject: smime-multipart-injected
   Message-ID: <smime-multipart-injected@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:07:02 -0500

   --12b
   MIME-Version: 1.0
   Content-Transfer-Encoding: 7bit
   Subject: smime-multipart-injected
   Message-ID: <smime-multipart-injected@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:07:02 -0500
   Content-Type: text/plain; charset="utf-8"; protected-headers="v1"

   This is the smime-multipart-injected message.

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a text/plain message. It uses the



Gillmor, et al.         Expires 8 September 2022               [Page 63]


Internet-Draft          Header Protection S/MIME              March 2022


   Injected Headers header protection scheme.

   --
   Alice
   alice@smime.example

   --12b
   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-signature; name="smime.p7s"

   MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
   hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
   KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
   MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
   dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
   BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
   ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
   acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
   yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
   Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
   N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
   B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
   arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
   AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
   CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
   8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
   hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
   zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
   jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
   zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
   A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
   qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
   7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
   ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
   cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
   MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
   A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
   AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
   a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
   /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
   SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
   saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
   ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
   BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
   ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
   VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
   8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
   G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl



Gillmor, et al.         Expires 8 September 2022               [Page 64]


Internet-Draft          Header Protection S/MIME              March 2022


   RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
   bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
   7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
   OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
   MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
   RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
   cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
   9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa
   MC8GCSqGSIb3DQEJBDEiBCCXRoUdgR7J+TnI6kw8MpGtWVJPCnoAB+XfkDf78dWi
   cTANBgkqhkiG9w0BAQEFAASCAQCitU3JsEMd9FhqUu87UxYScDI1pDfZnX1vjges
   xBmmSy5lq5vvs+axKK/hTOR7YLSuLJLNwxJgDCPEmHi1hV5Tpj5mLH8qEXu4c+kK
   s9is53v0NvibhIvDEpnqNvL/kMVDAk2gTqYHCE2Ij7qcWWNhnGdweMJZsBvLy/Xi
   BLaD2t4qHY9lPaeMugDrxThNWEhjoDIoI5f7NpBPYvJgB7b1cJhXqil5weYrJiGr
   hyTr56lff+Xjs8qjgrrzdJ8HHeUsxDJulrX8auo+pIKudcu41U8Ben2M9nCiVbEG
   aqbbPK7xip5c/YZEaZWYAs8w+dif68J8Eo7QO/kkr45Tt5pf

   --12b--

B.2.5.  S/MIME signed-only signedData over a complex message, Wrapped
        Message

   This is a signed-only S/MIME message via PKCS#7 signedData.  The
   payload is a multipart/alternative message with an inline image/png
   attachment.  It uses the Wrapped Message header protection scheme.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 5631 bytes
    ⇩ (unwraps to)
    └┬╴message/rfc822 1613 bytes
     └┬╴multipart/mixed 1549 bytes
      ├┬╴multipart/alternative 946 bytes
      │├─╴text/plain 282 bytes
      │└─╴text/html 380 bytes
      └─╴image/png inline 232 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="signed-data"
   Subject: smime-one-part-complex-wrapped
   Message-ID: <smime-one-part-complex-wrapped@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:04:02 -0500

   MIIQOgYJKoZIhvcNAQcCoIIQKzCCECcCAQExDTALBglghkgBZQMEAgEwggZjBgkq



Gillmor, et al.         Expires 8 September 2022               [Page 65]


Internet-Draft          Header Protection S/MIME              March 2022


   hkiG9w0BBwGgggZUBIIGUE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
   IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246
   IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9Ijhm
   ZiIKU3ViamVjdDogc21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkCk1lc3Nh
   Z2UtSUQ6IDxzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWRAbGhwLmV4YW1w
   bGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxi
   b2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowNDow
   MiAtMDUwMAoKLS04ZmYKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBt
   dWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSIxYWUiCgotLTFhZQpDb250
   ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl
   cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlz
   IGlzIHRoZSBzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWQgbWVzc2FnZS4K
   ClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3
   IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5h
   dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwphdHRhY2htZW50
   LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHByb3RlY3Rpb24g
   c2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKLS0xYWUKQ29u
   dGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl
   cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRt
   bD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+CjxwPlRoaXMgaXMg
   dGhlIDxiPnNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgtd3JhcHBlZDwvYj4gbWVzc2Fn
   ZS48L3A+CjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2
   aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFy
   dC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwph
   dHRhY2htZW50LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHBy
   b3RlY3Rpb24gc2NoZW1lLjwvcD4KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFs
   aWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPgotLTFhZS0t
   CgotLThmZgpDb250ZW50LVR5cGU6IGltYWdlL3BuZwpDb250ZW50LVRyYW5zZmVy
   LUVuY29kaW5nOiBiYXNlNjQKQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lCgpp
   VkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFj
   RWxFUVZSNDJ1VlRPeGJBCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZ
   bkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oKc2dyemZjcVZNcEwyam8w
   NDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3Vs
   aQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0KCi0tOGZmLS0K
   oIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcN
   AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
   BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
   MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
   ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
   DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc
   2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZm
   OpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG
   /e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWT
   LMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF
   +XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEA
   AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
   BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
   BwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83z



Gillmor, et al.         Expires 8 September 2022               [Page 66]


Internet-Draft          Header Protection S/MIME              March 2022


   dw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
   BQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg3
   1/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG9
   1PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF
   7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGX
   noEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDT
   qNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/Qqmi
   XDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNV
   BAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmlj
   YXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4
   WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMO
   QWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0
   9InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5J
   O6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96
   wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHE
   FbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3
   f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokF
   QgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAE
   EDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBs
   ZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYE
   FLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYa
   ZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0e
   NARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GH
   qgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPT
   UNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE
   6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3e
   oZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCC
   AfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8G
   A1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQIT
   N0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMx
   CwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA0MDJaMC8GCSqG
   SIb3DQEJBDEiBCDMOILEox46FkWxHI/3mD5yDe0N8CAfZ/xaQnI0alyyOTANBgkq
   hkiG9w0BAQEFAASCAQBWzuGAP7C0InZ86JeaKimYKXpArooRzZnso+wJtXhZlmTX
   csHp783QCEKYE0F+rv1IrD+fcFULz8Lo7Mm+PWQbtkbx5uZR7IFLGlK+8i8wVCZj
   1Bs2lgpZ/qg1qP+ddCPwZuywITEGnjjqg76OHJOgxJniG3/teIy6dHMI2OBogZjN
   kdVSbBhOa9GnTtnWJd2zH7t0tV16NyH3+pNn4DTUWR2IvRgxHky/KT7cIOTfQj9C
   HEizTljQMDvHhoHslWdwjAGjH3foH4CXP1/1bN+qBH2QAuRZ8+LueDcllQsPJXtc
   fUseHVMstoHac0rajLjDZ8FXSLCkmto6RRSQVsT0

B.2.6.  S/MIME signed-only multipart/signed over a complex message,
        Wrapped Message

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a multipart/alternative message
   with an inline image/png attachment.  It uses the Wrapped Message
   header protection scheme.

   It has the following structure:



Gillmor, et al.         Expires 8 September 2022               [Page 67]


Internet-Draft          Header Protection S/MIME              March 2022


   └┬╴multipart/signed 5542 bytes
    ├┬╴message/rfc822 1671 bytes
    │└┬╴multipart/mixed 1607 bytes
    │ ├┬╴multipart/alternative 1002 bytes
    │ │├─╴text/plain 310 bytes
    │ │└─╴text/html 408 bytes
    │ └─╴image/png inline 232 bytes
    └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

   Its contents are:

   MIME-Version: 1.0
   Content-Type: multipart/signed;
    protocol="application/pkcs7-signature"; boundary="ce9";
    micalg="sha-256"
   Subject: smime-multipart-complex-wrapped
   Message-ID: <smime-multipart-complex-wrapped@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:05:02 -0500

   --ce9
   MIME-Version: 1.0
   Content-Type: message/rfc822; forwarded="no"

   MIME-Version: 1.0
   Content-Type: multipart/mixed; boundary="c33"
   Subject: smime-multipart-complex-wrapped
   Message-ID: <smime-multipart-complex-wrapped@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:05:02 -0500

   --c33
   MIME-Version: 1.0
   Content-Type: multipart/alternative; boundary="bb6"

   --bb6
   Content-Type: text/plain; charset="us-ascii"
   MIME-Version: 1.0
   Content-Transfer-Encoding: 7bit

   This is the smime-multipart-complex-wrapped message.

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a multipart/alternative message
   with an inline image/png attachment. It uses the Wrapped Message
   header protection scheme.



Gillmor, et al.         Expires 8 September 2022               [Page 68]


Internet-Draft          Header Protection S/MIME              March 2022


   --
   Alice
   alice@smime.example
   --bb6
   Content-Type: text/html; charset="us-ascii"
   MIME-Version: 1.0
   Content-Transfer-Encoding: 7bit

   <html><head><title></title></head><body>
   <p>This is the <b>smime-multipart-complex-wrapped</b> message.</p>
   <p>This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a multipart/alternative message
   with an inline image/png attachment. It uses the Wrapped Message
   header protection scheme.</p>
   <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
   --bb6--

   --c33
   Content-Type: image/png
   Content-Transfer-Encoding: base64
   Content-Disposition: inline

   iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
   MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
   sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
   vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

   --c33--

   --ce9
   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-signature; name="smime.p7s"

   MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
   hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
   KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
   MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
   dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
   BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
   ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
   acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
   yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
   Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
   N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
   B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
   arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
   AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
   CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj



Gillmor, et al.         Expires 8 September 2022               [Page 69]


Internet-Draft          Header Protection S/MIME              March 2022


   8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
   hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
   zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
   jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
   zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
   A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
   qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
   7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
   ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
   cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
   MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
   A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
   AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
   a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
   /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
   SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
   saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
   ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
   BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
   ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
   VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
   8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
   G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
   RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
   bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
   7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
   OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
   MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
   RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
   cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
   9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa
   MC8GCSqGSIb3DQEJBDEiBCAv+o7fTfRFOqnpRsH2sYzOleh5w2W+5q6Nde9GJQWH
   nTANBgkqhkiG9w0BAQEFAASCAQBrqtTw1eU834PA6rF6Vsac5dGAswyv4vh/EVxO
   xBY7A+uEacaMOXRaSzkTqehOkOGa31d2bV6XmWbcR9kNvradw//dXOkctHW/cW6x
   1BALj1aFAbYmObCY/FTItu7nLGIAIQCm0W4OVHgH7I/QXOsz3o7hH68SWItJnLDy
   cSEDzRKNh1vl5cN0euY0mNA6HcvKchkIlWCj1pcJVmTq3FQE4GNeeO1x2Pz3ao7y
   vDO/E/s1iF2SiPS7GcgluywZ1ln5xAwR95/G/lUlqWFBXPAPgIMda1kDsqRI++tE
   7aFVuQ9rEoAQJ8KeS8QWA/Lf/iefFfu0ESJxjRDdbJ3+gm5P

   --ce9--

B.2.7.  S/MIME signed-only signedData over a complex message, Injected
        Headers

   This is a signed-only S/MIME message via PKCS#7 signedData.  The
   payload is a multipart/alternative message with an inline image/png
   attachment.  It uses the Injected Headers header protection scheme.




Gillmor, et al.         Expires 8 September 2022               [Page 70]


Internet-Draft          Header Protection S/MIME              March 2022


   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 5651 bytes
    ⇩ (unwraps to)
    └┬╴multipart/mixed 1579 bytes
     ├┬╴multipart/alternative 950 bytes
     │├─╴text/plain 292 bytes
     │└─╴text/html 387 bytes
     └─╴image/png inline 236 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="signed-data"
   Subject: smime-one-part-complex-injected
   Message-ID: <smime-one-part-complex-injected@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:06:02 -0500

   MIIQRwYJKoZIhvcNAQcCoIIQODCCEDQCAQExDTALBglghkgBZQMEAgEwggZwBgkq
   hkiG9w0BBwGgggZhBIIGXU1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
   ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt
   b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBsaHAuZXhhbXBsZT4NCkZyb206IEFs
   aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4
   YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA2OjAyIC0wNTAwDQpD
   b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjVkYSI7IHBy
   b3RlY3RlZC1oZWFkZXJzPSJ2MSINCg0KLS01ZGENCk1JTUUtVmVyc2lvbjogMS4w
   DQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9
   IjllYyINCg0KLS05ZWMNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl
   dD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zl
   ci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC1j
   b21wbGV4LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25s
   eSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBh
   eWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFu
   IGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVj
   dGVkIEhlYWRlcnMgaGVhZGVyIHByb3RlY3Rpb24gc2NoZW1lLg0KDQotLSANCkFs
   aWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTllYw0KQ29udGVudC1UeXBlOiB0
   ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAxLjAN
   CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KPGh0bWw+PGhlYWQ+
   PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+VGhpcyBpcyB0aGUgPGI+
   c21pbWUtb25lLXBhcnQtY29tcGxleC1pbmplY3RlZDwvYj4gbWVzc2FnZS48L3A+
   DQo8cD5UaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBL
   Q1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2Fs
   dGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRh
   Y2htZW50LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlciBwcm90
   ZWN0aW9uIHNjaGVtZS48L3A+DQo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxp



Gillmor, et al.         Expires 8 September 2022               [Page 71]


Internet-Draft          Header Protection S/MIME              March 2022


   Y2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+DQotLTllYy0t
   DQoNCi0tNWRhDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KQ29udGVudC1UcmFu
   c2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxp
   bmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFDTmlS
   ME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzczOW5PM1RwUncyMGRxcGJmQVJR
   RWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2S3drWg0Kc2dyemZj
   cVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2
   MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3QUFBQUJKUlU1RXJrSmdnZz09
   DQoNCi0tNWRhLS0NCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
   TVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24g
   QXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0w
   CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2Ug
   TG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi
   44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3
   ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3y
   nqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAO
   peNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhv
   BbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8
   QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwG
   CmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNV
   HSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVE
   PIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZ
   MA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7
   GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RF
   FdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+b
   l8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6d
   SYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9Rd
   NI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIB
   AgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQK
   EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBT
   IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8y
   MDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
   V0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOC
   AQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0s
   I7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVA
   ckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prD
   tpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4
   jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3
   VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB
   /wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNl
   QHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQD
   AgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSR
   MI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBp
   I3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ
   99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZX
   L2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+Dqat
   iQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1A



Gillmor, et al.         Expires 8 September 2022               [Page 72]


Internet-Draft          Header Protection S/MIME              March 2022


   LgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/t
   HuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMI
   TEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlv
   biBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkw
   GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIw
   MTcwNjAyWjAvBgkqhkiG9w0BCQQxIgQgSnZFRpoKyudHBvkAo6hqyxtaGzBVpz8R
   sk+FJtjH7PgwDQYJKoZIhvcNAQEBBQAEggEADAiUCPkW4o6qXePSs+Yh+ZPDq8Zy
   v5hHlSNGGLmQP82ZDL/+zob54QvODTFnFb8SNL05nxIZlmZo/XtxRThlSiIy/Cnb
   xL9dkylfOaOdtkc5MMv+W5AWQQ4CsJfkN+g9EPr+XcsFCn7Dsb/Vu836eZhSQ+tB
   kttfKuhy/XKImI3fp5GLZhGu5NVWnwwC+lUm3AoKhmKhI3M8KCt84xpMGYXHJd1t
   DfADNo6cWgQ0pQeF7mSh4gSneysep2koZNVx9LpCjoYzto6t5DorJBtBiZBr7qBg
   jY68KcMpZ2N4IIPLtcup96bHPeR+IkDqaF4EeeFIfCysEKBRFkbF+qzgNw==

B.2.8.  S/MIME signed-only multipart/signed over a complex message,
        Injected Headers

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a multipart/alternative message
   with an inline image/png attachment.  It uses the Injected Headers
   header protection scheme.

   It has the following structure:

   └┬╴multipart/signed 5510 bytes
    ├┬╴multipart/mixed 1637 bytes
    │├┬╴multipart/alternative 1006 bytes
    ││├─╴text/plain 312 bytes
    ││└─╴text/html 410 bytes
    │└─╴image/png inline 232 bytes
    └─╴application/pkcs7-signature [smime.p7s] 3429 bytes

   Its contents are:

   MIME-Version: 1.0
   Content-Type: multipart/signed;
    protocol="application/pkcs7-signature"; boundary="34f";
    micalg="sha-256"
   Subject: smime-multipart-complex-injected
   Message-ID: <smime-multipart-complex-injected@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:07:02 -0500

   --34f
   MIME-Version: 1.0
   Subject: smime-multipart-complex-injected
   Message-ID: <smime-multipart-complex-injected@lhp.example>
   From: Alice <alice@smime.example>



Gillmor, et al.         Expires 8 September 2022               [Page 73]


Internet-Draft          Header Protection S/MIME              March 2022


   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:07:02 -0500
   Content-Type: multipart/mixed; boundary="193"; protected-headers="v1"

   --193
   MIME-Version: 1.0
   Content-Type: multipart/alternative; boundary="db5"

   --db5
   Content-Type: text/plain; charset="us-ascii"
   MIME-Version: 1.0
   Content-Transfer-Encoding: 7bit

   This is the smime-multipart-complex-injected message.

   This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a multipart/alternative message
   with an inline image/png attachment. It uses the Injected Headers
   header protection scheme.

   --
   Alice
   alice@smime.example
   --db5
   Content-Type: text/html; charset="us-ascii"
   MIME-Version: 1.0
   Content-Transfer-Encoding: 7bit

   <html><head><title></title></head><body>
   <p>This is the <b>smime-multipart-complex-injected</b> message.</p>
   <p>This is a signed-only S/MIME message via PKCS#7 detached signature
   (multipart/signed).  The payload is a multipart/alternative message
   with an inline image/png attachment. It uses the Injected Headers
   header protection scheme.</p>
   <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
   --db5--

   --193
   Content-Type: image/png
   Content-Transfer-Encoding: base64
   Content-Disposition: inline

   iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
   MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
   sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
   vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==

   --193--



Gillmor, et al.         Expires 8 September 2022               [Page 74]


Internet-Draft          Header Protection S/MIME              March 2022


   --34f
   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-signature; name="smime.p7s"

   MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
   hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
   KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
   MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
   dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
   BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
   ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
   acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
   yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
   Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
   N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
   B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
   arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
   AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
   CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
   8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
   hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
   zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
   jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
   zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
   A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
   qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
   7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
   ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
   cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
   MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
   A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
   AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
   a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
   /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
   SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
   saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
   ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
   BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
   ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
   VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
   8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
   G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
   RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
   bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
   7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
   OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
   MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
   RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv



Gillmor, et al.         Expires 8 September 2022               [Page 75]


Internet-Draft          Header Protection S/MIME              March 2022


   cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
   9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
   MC8GCSqGSIb3DQEJBDEiBCBpheScfJ+ESh8/z2r5jHx3Lw+5VkH8zTicO3HRGxfm
   ozANBgkqhkiG9w0BAQEFAASCAQADy9VgxUcoI8DWKdyHqPM8nLuaHB1B/SONgbzi
   4S1gIMs4wR6S02LpiG36z4/zFw0JUbvqwC2WJN7+W0Vra6ZX/x7Hfmv+uqdsMW6j
   r8IXATRFWNm6GEbih2BsYABTNy8z0JGs+y6dcNNdDIwDJIkJETi+xv1eFA0deoWI
   PyHmUjpzzjOcTAkFnSsa4lwSBOty8lZPW6u0klUx+VVGRkgg/0uXTBB1yGD02gbw
   q5893RxO3g5zzxaYJP03zyO/WW7FmCJNNQbyZbQD8R4rvR0hVna0r7XoW4Q+WZfU
   Dz29oLszzmumpedAaP7q/M0jySdSjWfQn1W5hHHhAMIlwcqt

   --34f--

B.3.  Encrypted-and-signed Messages

   These messages are encrypted and signed.  They use PKCS#7 signedData
   inside envelopedData, with different header protection schemes and
   different Header Confidentiality Policies.

B.3.1.  S/MIME encrypted and signed over a simple message, Wrapped
        Message with hcp_minimal

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Wrapped Message header protection scheme with
   the hcp_minimal Header Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7345 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4436 bytes
     ⇩ (unwraps to)
     └┬╴message/rfc822 679 bytes
      └─╴text/plain 321 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <smime-enc-signed-wrapped-minimal@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:08:02 -0500

   MIIVLAYJKoZIhvcNAQcDoIIVHTCCFRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN



Gillmor, et al.         Expires 8 September 2022               [Page 76]


Internet-Draft          Header Protection S/MIME              March 2022


   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAFHb+aM8bhyJ1nFFuBDyyBVQf2IplykrvvYb
   mKqBk08i2gecPSOMTkW5e2oQ4+WT4rtU4E0JXfMSA2KukKc+QUA3ycVCoL5zhetX
   GsEx74S5P4JMY/uAoyBlEogGNi2lvagvgOGkqHJCZAjKjPNmqyTfafyv1Y4BQRQ+
   WJi7mURDIbgrc0xfcC/yt7UWxFlfUhm6n7rTvRKhe4D0EOOB8yKupUgcDzBMTw5F
   P9HEy0vFij12+LNKSsOPhVp0PbPkMCVi+ERtXEgV7C7BRVVYBiprpYJxJryO9t3E
   jmIupqHZMgXxlAKFpBsdlPWfI1mrMVZTBpRgy8Bds7CORgWbs0MwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAX1PxPDDlV2Wo766+MhR82lW8
   pD0GWAM1ScYPggh4t5OFmSjFtyiqawhMcQhoRsAkGV387oXupYXH/lkaD7nIdZW+
   pZK1/RZUU0txvlsRIpJduXcWm/Dsu0lQtQSfcg5FaslSMjBpMI41BD2KC9M5meDP
   NqHnzNMFv0ZiPO6x+bTCXhds8WTi/B2DDyXGjEaN6RUFw6rKNXwbXoR0DJCMosF5
   55gQuo1k040YMqYRwdsJGETr/r/JaEPwNekogAfuXBkNE3JQB7aVgePp8mIZNIIU
   0nP6eXp95UwLsoA/zwbOv9XSYgQDCcQ0MWycXmmn4ysbeWi1p7P+6CLwgx/TNTCC
   Ef4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEN9EoELwqIPQUHcQvENM3K+AghHQ
   7MaGZ6VZ5f9fpYjTHCbQSjcBtsF3qd7/z94CkYE+Fdt4Xtm91GlDSRONaVuT9yV6
   vd3hoFTCfrX1aQSzzHn3SPtIh7ySaTG70ctsXP33UjcMjzDbvyvfIl1mxsct5rSx
   e+cJ4z++pLB0vQeq1JlbuqY8SkSX9FyDZegnUD+zCB3qv7YSZEwD+EjifauMcrl5
   p29hRgVx522WoILf6Ty14stVYot76cyOYE5AlEUMxBg98tLLzNgvgpevmhZwNzby
   B3v68cMTXh8Zm8UB6F17oxdLFIszhEMnM4v2RSWB5O7L5C4ab+zWpB58AcOeIesg
   E9TvdhcJVsiQHLMtVqxXcyyzlh/T1g1YZnfI4+Q0gNTTS9kp5y2Jpl8AWiHV3lJH
   ltigpNDSlfbskC4ZUKNLmwMTed03kH2leAZGK9afAC+nNwKvSlhWovXXujmTwGao
   8fQPc9cKfRS3tx5dOnEY5A6ZPbAx3SkcdHpUc/Z6Z9at0NnN80ppl55sichJeP+Q
   yoWX/IMhZwNksoiP1Wqa2KYGk89l3EvBOOKMH3G/IOcilg75VxjfKQ/IrB6xrhb7
   wY3YCV14MtJ4T9gi0rtkXxq6YfJ6LQVXP3BWpmlf3xwxQn3HUsQNFO/dESQMikOy
   PgNT/wkwX0+v0XY59maI2tF9sMFiheLeRRjPDbwaXNCX4ghzpOA0KQ1+0/upcXPd
   O2sskI3b3qh+gbRhTUOxAMA5i/POQ6QOj/0jxfbN081YdiHE49jlx5MA00u/yn2V
   WKlDkXE570tX5Z3upvQvLVYuc7+hfsr0oIC/A+4UKzt3G3kjmHqKvkPeP4ytu5Cw
   VxRQlhl+rWISO/EzflNHsgNwE/X3eOmub8vNl/fX9ng5hMVaz38pAQyQysr2Rg2s
   ZDasrLS4kWuGOtv8gXD+Lm34r31bQfl+0NoVpJFV0iHYzBcmL+refdBec9Jfm0yI
   KkX1YkAovvlnYL5ZYzP8E08hNtZW+rln041yyZa12hRlORO6lBqxb9W23vTgU4O4
   vIRppUbJrf6tmYQMiYXkC+Kugur1nBJtEbLQ2WurYFSkdrrZYLg6+cs/K+sGgCMI
   0GokK2ntwmLWHCVU9w15i+7G0HYxZkschUQeIokU2M6KePbp36Mb0vQlVJhlqTmU
   HdW6EDk+iXDNW72gZccDyPhZbhZT2g4iWHl6xA5iydhE9le80boq437OlgMIHUkS
   2+cEArcITxmKpDQWxREYF74jJyz2Yf8rZY4uI6j97+LHYlds7X5HIIq37xVUKUud
   sDav+1XMQygilVzgdQ6MTKH29rK+/OKJhWZYn5HDGUIa4GzskjL9Sp93xG+sRvtP
   tC2bhURNdHjg7HyyH+RldvxN74NiFrNCj39TXyw5Tzs44nxsVqghdu04BYMm5uGp
   9rN4c7Asn7kfjg9rmntnmnmBotKncRM4W1ybT0zZ4QoBCvl2306QKgll3Qiv4E2e
   3l/POH7VEtTBeYph3JUhCjoF/DU7lQetAaH3sKDdRqvxb8pjvQKI+q3NLUhYMLdl
   /HqrtNXq4ItRsfz+yYsEKlw68fPncK4OEVjxD8e1kP9iccyhEWK9sS+zZmsJmRP1
   +CzHNdV/3F4V2eaa+YRiBgerv8jjqKhozquzKBnFerDrGvBnctYkBCL04sGowv3c
   uxADq5pw1sBo2XIwsA6/hKtCijpkIOiPjawE+uKwDiQdGutdxOx5v/wk7McMU0qO
   tjhrKGa3WqQ7w9lLO/xqNVBsGxKSDsyCZuKnpYlg3MgRK5JEq7GngLiBKRN3EErD
   f74gk2ZQ5l+41eokY/3YTYhAFnDabzhxLK2vZxuc5JWOScoo/Ej7AATgKkhr1U/g
   CHvGyXxqrozMu/Vks564d4QTx7SHcOzJs0pIeN79muMOwEFYBKnQJWZPxyzZ+Bx9
   p97BbhQwhJ3sCJPiwMrLUJCI3d/DDPkz8IPru7rBmuYfTJv2buakTrR4hwjg8oK1
   2YnhHumejoHzR9EfDQelF3hYZSzwCH64ODMsSXGCRZjps7Gu1KWvdRxAiZHHCCA8



Gillmor, et al.         Expires 8 September 2022               [Page 77]


Internet-Draft          Header Protection S/MIME              March 2022


   98vBO6pjBFG+J1KVufCTecBAyFKQOToYBMiQ195wzucZjnEeFtBDlaSwTJAx8rM2
   ROR5DasKHRqdV6i2LV4b/3Xq5CUqZw3Q/kZcdSQTrqtDafc5lTLS/dPdCVWr/XAh
   wjBgP9alKi33QhB73CFNTM4T9HAgR4SkqqpfEQEWkcJOIE3K7pfcQbplvR2uIIdg
   gExjg5vyMloBFEO2YBcBi8bzUKF+sVpIkaOyfeD/tUydll0e/eDkwMD6Mx01ssgT
   POJKR7EggddGlm/BCB29IekA5Y4Ydc7GslOFhO8zC2LCm5OHfNgzCaOos6lZtpzA
   II9ihCb2/P0VRO0XSJ4RoR9Srj4DJji/VlzHqqswZJQyzqJMRJT15mQHf2tOmobJ
   PCHpkJVwJNjHphbKTcqfokzHh1YnOvTJ2f0svarDhV8H3q9cM+ODMDPFOARjZ/hi
   ciDo60l0MciMAYzh5CoAbLQgzlHNUZIM4CCqidPVzHyn1lIifhH+yEWkXkkCO8QV
   1kDFbwmBhLRPawpIxsr7QuZ0aICJBdGZ2Xwx55VAbht7SObllNYbM50QeMtpzJC7
   0vKgPkoctvuqR8vO4lsIqxUc6vtHW8C8YWHhz8g9oLBPeR0o/0I4+AePScm/BICy
   DrnYGfFM9C/rMU+PateE/dvsGiW6dTm+9SUFqEqwIOazGfAwE83G85ZVePQ0Q7RB
   jxvZkgnSg7DZkbuy1EmSRUa5gR0wttH+4jVTYo9Zqrjw7NOvn/OLIIYDcpxQBrUE
   /ntfknMq8luYOMou8YJCIOtx/wL89sYZhJu49H657dGB/A2tpGRVSb82OIei7rhu
   +9quDIPXoPgBcEPh8k5eLtF23XJTfTi2sxD7WU1XwhiX0+0CfvQNFt8ptJUrPB9/
   GzNzN0brNex9YUbFEAeGh6BiopGlTAeauu/VSc6J0Dl2uxLtt/sqx5riBDvgiXpu
   vp+N22l3sEjyMeQ1iO3EJKhAHNpAFbMi6uEeMVCNneg9IxJj8lodiCaWKxjQafhY
   i97omBTNjLQWXj3gCyIr4gK8aD9jrcixrPrUuK1yO4jdSuprINoQcDLE1T/yPd/O
   OTwDZewzygLHRI/2eg0JPHtjZer/m+stDLbRxnhKGfwjTR7Redk0cX4oLPiyVI40
   mRZ30OkMZ53iYRvzrsChO+L7Z3D6q5nZ2vO5yKFvfHgcmy3RZW9WyaiCF+wnLGD+
   gcOtrcMs+SYc1FO1xCpCNd2obYK0icviIqH4TpAuSrW0bYCtM6hzoDdbW1OBtcal
   08D6XVsUPgy4o683tf5TyqMZYqEssG6UbY+O8HElcJ4p1jzb50VxwwFrMkfntREv
   Birra5k4+/Td6nOWE/Ba6lCOWVC8cBy1qp0bkKsm1IWNrbbGZmfLx9hgfLtxtCZQ
   +DaWbvzEEeH6qyGy8VR/rX6kU0+rHMIyohPbk35VysC/s87OfBsuUheFCigfC7xE
   v69dle3NAnXQpCE8OyIlL063AWlQBxEvEMfkutCX9LM/w2h7PI7DGu71Naj1CxTo
   g/74mJrIT9lneVCKlEpkmEMCimLd5NzjUcGatCLu574LfGpsOEDRUDvIi8HBJOAP
   spptpgQ8LMAjnvWilPQZcbd/0WvRzzKEp8i5k3IvtVHi/aFu9lZvnopgDJe43L30
   tT3Kt9d/ZjHRswW4MT8vnCiDkBNF7TTyTC/jUq6pOuHglfc5H6QRgEjow/maBCB/
   ApoGhlvCv+7J8ExVzkesaqrcTWQpHmq2szcTpnnhjgzV5W9CHGv2R0GcqQGHvkBB
   Ds4wYl+OKDQhXczbqX7C9bJOjDb6hhlQhTtlO1/M5iBdW53k2OCcliV056KNLFhd
   yLDvXZg7r7IuGo75lb9urObCI/w2KGDfN3P4Y8yRseJeBY9m+txWMJNyhCyNJQnn
   7jLZ3es8cx/zQC/6AUQtNrjHzM+sIoSxSHXnS61Akj21zY0qyn6pZalPgVM0HIy6
   I5r4BTGdIeI/kc6LoKhrfgeQnH6PwZmmddNIFQo6la3lpXuWgOZfqWOILo7L+2dR
   neQ5AYaQj0QdH8z8aYrIgwwFzxFzETtnGJkE/HoN/MNGSaMD2x5b4y8ObDpvAkG5
   AD8/VxZOsBJE1hTz/v7DBFY062MdYDbKHkBSOAxUPMI0ivu8yV5JzC6+x/98L+C7
   NJTs6g2OIWXqgAX+NHZbFDdeIYMcExoMH8R/mz1zLibFZG8f4Buv73rdhwuRQ1/F
   aKAxL58efL/ppkEvFEGrJhOKtXjQv2mEloseTc64JuG7wXql0/LW22Fiw+b9vP8z
   aowf6DrVDB4CiZBvbjpyk/t8EtByn0JLq+Qp/f5FgIglB0DWteA1PVC22i0zlg/d
   +aVKtOHRCsJXupP+jIjdJUekwJSZCid72SmwS6lfCinpJlVedq7OOA/SrJ9eg5Om
   Etg28g9N3x3BzC4Q+gI5CMSKlfC3d2xHohxxdkwO2MJWdOXbjwPaPxgqYbngJC4E
   WLCXLPTLw6XuTJ6lQJRpF3kk6REmqnRlDz8Dmm3ocpCcNLa7Vo05LkCnZfUvmZc4
   jw/2JwuLcZR9yooiuHRMZj/WOFzRhPmWQWwCESCqcKYfNnXLKVsOZfWaUbNapIbA
   5EOZoVpFQYZRz00Q7vdSodDtJ0REPxvybjGomJTYm8VgsICQZVTAhU8cNkRgh3KF
   tqULWhLK7TzOzl2rrr1+LuSq1pb+QM0Az4ALYByeWEKno920ZaCfa/DxxMitx/Zy
   RDfAtYiUzOmtWKcJnGfPzuInCHQ7QRYh2+xDh/o9k5qSeSV+lrG4MlI0sptm4lfN
   W6oEJR7Y99IoIt1enqjicyLDYpJavZCgMjHznCSPffWziOB8Vy1vpbs80mTQlvN2
   J2V6HqLTgDg27MO6vZoBjjSjBdW+AJcwOzzY0eMvT+hEkLqcSRXXEB40Wr/qtwFv
   aLYhIToRENyvxRbQGmXWL8iT2mCs57m1sr0tvP2t7J4DWbp4CoiPY2IFLC4vZLK8
   KgfPwD1d7qdZEwykzn9tzisOdx83ta0qeXc02kXsvxglglxlhO+DL6oamH2G1BBz



Gillmor, et al.         Expires 8 September 2022               [Page 78]


Internet-Draft          Header Protection S/MIME              March 2022


   yVVaDnw3C72aV6BKL5XFjbW5WdqKr0/2Gh8EE6IPZIw9TlMbt2TxSTdGxXDgslBB
   plIDqlQo47imspSjw1lbZm/duczPWuDpNW1f9uHRyIPcA8QaqXA+hvgeLbVpJuJG
   6Y11FEYeIl+0tX251S9qhkDCvZ8MIZZ2muqYoB/Bac/CsbkoGJHgF5kglRNBMCZv
   aUGnTA/PaUEDyHJY74VsJJFVv8Hbsvwi5M0AUuAIIy60lGL3VZqQRdQjInJKEXIp
   szLOcHyaL8tHY0IRSP4XaSR6hiEbFJvbPUIKS4TqTr9N+mT1FeVkJXxjGJVqwcxn
   GSohbJc93gt3r2sS7HAr5fhJI3xDyXIYhWmRIQatvlKh5SXsg9wSVMNFn4D1Ql49
   Flb9J+ydb3ENJlVnOaKGC/hyGhULNAUTDyg+pqz3Nu5lwejgFNgz3/W/KPNnIFnM
   6vJto9bEpNKATOOBLXW20ztJCjgH0DD7AvQAVTGu8208MBL8PueUDlUysqZduTay
   f2aVXIcEfPFwXR8lzHtDe87Iu/RqKwPnkHy+nFRKUSVhyhQ3EgnWZpLRNzHgPxvf
   C74UbBFrBARWFRty28HGPqM75jNsOIsquad+9gxleRsuPE1klsjiXlvDTltrEYE/
   EF56h9hdn88C7SEO4KFMbI/6ae62JQdpO7CPgq+5YGHMVUZeQHJZkfLAQUVTCRQt
   cZH86BtnMyKPZeovEd0guyX0kv27gswviZXf1h0ey5voAGw0EH9j6+z5SN0sPhry
   AzwG8mH27qDlrrGCn1gX5fOS39+xtuuseqAW+iQgDk9IGrqAstMQYRW1kRYXKQlg
   y/1c1Q5/M6kyq5M2iI9ggd7hrqTcEh9Xy1dRBPdCljXyWZo2eTnp0n9whXZbMtLu
   lIZc102dTwLWWXM7uLK3xDQS653AQKc8C46DW3GslHl5+jW00C5orPHh5xeLX9UO

B.3.2.  S/MIME encrypted and signed over a simple message, Injected
        Headers with hcp_minimal

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Injected Headers header protection scheme with
   the hcp_minimal Header Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7305 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4406 bytes
     ⇩ (unwraps to)
     └─╴text/plain 333 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <smime-enc-signed-injected-minimal@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:09:02 -0500

   MIIVDAYJKoZIhvcNAQcDoIIU/TCCFPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAEqWQtP9NMp0lborDI5F55uEoZxerbw2f8G8
   04jr822TF4ehQnzqtlSmtb3q7XZZGz3OVYv0JOO2DWrWWbSzaaWHXwJ8HdM0vxiO



Gillmor, et al.         Expires 8 September 2022               [Page 79]


Internet-Draft          Header Protection S/MIME              March 2022


   87SvZMWXXzwrZSyrabmCte7HhJOo0FYqMphkC8UoGtIE+J5Z1XpZqjpiicTDHZPD
   qKPIXCE026LS1ujO/1l/ON5cBrdMRlzEE/tnl2vA3e95pUEM2ILObukZPPKLiTfr
   ejLM2/oQUklYmh54leeC3dQA0xIf0Wktzrp4qt/qJPPKI/RCw/JL0Saf2x005pET
   PBRhxQdPEyjKfBRIOm/FMa+LkAqzjHlJI6MbYs7a+zAZvqH/tXkwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABaLUv4/qgPpg9LQVoTctoa3J
   8+wK32xlFwCr3LzD4A+3AZGAzqgJ6roO/cyDbz6swNjZQb6IvsHrxn2hCLyGS7JZ
   pxaqvNh0MTZ7ppvAAMY/cbtim6oo+aR+YBFMuUejNy2Lf4g9Qugs7C86BqwT/DDR
   8012vrQcTRVqxxgtaJtTSHXPZVQeoTL9QvyvBR69XJ4fNvap1F5CVPlGONwVWgYd
   7u1FQCViH1ASwcJ2VMYTAp2vWgrghn6taCB5NuzPH6TLqXM33bzaEZ9+7ya0kOyC
   h6PtoTm+Sk504F3qTf3EZ9l+pZw9dYKmHXnJSXzhInzob22BUwmi8rmAhyz7YDCC
   Ed4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECnEpHap3uuwIy1DMX4JXriAghGw
   Y9Dgh6eaEPJSGb2YLpt5P4NZqy1iFQN5A5F/ejZ+0XBWbhPihaoCRKaixUL0XFx0
   f1THjHHFDNcuiZ2dxbGtWtuCZkxt44ycJ2GOJpCNcWVnO0aJckEyiPxhjn4yu16d
   pqbT2G4Pt6DEW8teMJFNpaM7AcGbp04KTf02zIy1PQRjQRafhFO8+7Jkm8ndRPUP
   bNfOdLq+oIErDaMDlr84VyUEaSjJzIS5xh7+Igilk1O9cGQViTaOEtDhhL19sWrn
   Tdmrit+/jso6IPZKIlkaA8U1sZ4B3gWEjyxOphDKmtzOY5P5hQNcbXquk6CQT+N0
   2XB5h9OdYPQc5hSUY3PxG0WwUovzQGAQLH/LwCm57sjfSNdTYJO4NijQB5kIzmSI
   8KLqLquMser7JzSyhGaatw3zC9rZl52FUohJQk3OSIzeMhJoXrQ1lyWEQOSfdCFo
   +iaV7OjHoEYQtmmcamzZwOi18JN4FyufRh7DyCBi4RoDx7OwWgKr601VrhcPZNwV
   r+8Ysuqprpb1YEPlE1cqL0ZxVX5z21UQ133U08p4CV9fW0TuuNnMFRARnfnwoXFS
   ORqrSR45G/274tG2/j3R94EdomMSJ8/Zx/qf7fou+EkdhfVNB/6ANb2jAm37bUeg
   I89QvN/BTVcXwhMDsYV6OqPMaHwD3B/O7yF8HjyRiVh78bUX9rU1pIgXSrmnnuyB
   1noOrWKpacjxQenLebNa8CZVG4ZpQRa3f/NXOcS17auNb/qoT/xtgcTaWb6jF5M/
   D3ulDiILH/jCyDaglL7ItSzTKu2BCH9tNXy2DVV0FSMTyfOLrYaZpYGLULvoly+u
   yBqTQram5ZxmWjGhM80snWlmaB4kQ1FBWoW++rnEbQ9JEL+n6UxTJHBbR6bNuY7u
   5jjYih1tEKM7Y6cQbWn/PykRIjP76mukR/PI84WHQGP+n6K8QjCP32Ij5v0BdXCN
   KftDYROYNGK168oej0ozUpPnz5LJw3vbDEFzMVVCjEY2qOD7EdTFAYojNwL4IuGW
   W43/PKeEi7smTQWxGWrbIFxPwuuNKyMOHLGiKXqSJSzj531jTiGasWVpHibEKlUS
   IWOXef/7Q/PZvCa8vxmVGowSQ7gWQTVEohKi0MV7lYuxDTWRacPetjFzkwOZoTHF
   5gFV+/CY2W5VXVSKIR5mr/jjQtBu+7LOAep2MGq1u1LZJgXDaOkPR5Rz6orfCz70
   M7oE85uq430h6goP4YKeCU1sxSE9YXRqICN83AhY7JCzrP4bKVnKdia56XEmxMKR
   LQ29Z2zSakaIPKbSmxMuIqknlOV29PGG1KztSDonWIFVVLJb6Qne8altI7zTxml1
   IMi5zxcto96g35HGN1V0h9zJKA8xOf6q18yhfJnWQ0ONkMpfHrHPTOXaU1r4hzm3
   mPEnuG94PWMw6EKi485rsY0tZgE/PZr1slDsxmAO6r06mqwc5NfNZoHwNl6WFWZ6
   1uRmctWEMW7gHeqly4TfXH4QiRMXAuzDdrYnVjWGqNlk3zEY/v/ppxI/woU4wBmw
   pxwr3LTvna/8jpkt060hM8ZUkAs9zYbtQBGLqrSy1prf+nplrXDQhkIgbV3Lpx2H
   hdMljzMyvPJse5AyQ42L9w5SZa0vIA9t7Rn+i9LKxjpdMsY+zW7tgqMhRTd6U9pY
   kfRsOnDJJuv1ypSBwbaEfZgiNtUkFwuzQRrfKLqjJeKCXw5cpad+f4xPPPc52UM5
   RnJMTFe6UFlNmodzkyLr6pltMRmnLxs12uTXHR/9z8Ni/+mUWg8G/9aTwujB1JOl
   6Le8TE96yPlWqF//qSz8WJVWgTrfPGpQkwpzBWaV251LvgKzETe16/EY8zo/G3nN
   ahlOW1aeBxbKm2VwtGwZM84bYWaH0cLPAQAvkFhv5zk+5pgC98rwifhhXTefYA2P
   0D950lUaTQTWkjrw6t2kzg6mQ7TF0Ee1i5EW+SxVKbd266MQgSZNhzXsFTgs8XA/
   aNmXLx2DjpbQIjI5AzvE5YWeN+d5lHDee4Z54sDp6GsqpYj136AHZIE6I1jxxi8U
   p7J7Bkc1zs/4FdY9cGfHTlhV7ugtaENq3w5whavoMgaQZIj0qi/PyLBSFrScCK15
   3kfdaRRwdg4E43PqQDRW0e49oKWX6VxGzqVlsOhzo4Hq8GvMhvSjC9gJQK1hIeDY
   otBZIhEmOZQBq4rlJ6nVaWEPJkfebn8GB2xkogf3j+o16u4rv+djux87+QJ1h+cZ



Gillmor, et al.         Expires 8 September 2022               [Page 80]


Internet-Draft          Header Protection S/MIME              March 2022


   vOIk/12eJaW3cxzBa/ckfph6TAPM1wEkcdxpLtF+dbNc7WHXK6NV8P5zPBTq58mC
   iCpwhMnRUKY78wOdsAK5/oXl1bya5fFBSrVf7lPPyADaw09puu5di9cJUyOGEcH9
   dWWI29MnuhJ/+GPGLrT+X36CDc4UMuYHNqGI0Eqk6XuEUgZDwbsmpYUt0J2zBvu+
   Rb4xAIb1a94wXzsAQ/4aVKaUSd6ofjycbzcc6aU1vyQtqAOZPFP7S9z3dyN1LCA0
   Uiat5crCQbVhJQNVMabkFBOWIF5kGIIERqmupnlukf8OFS+XGw8t24PPq4os2MnP
   xtdZMOlmE1wvFlcD2/thU8hfXUfYnT2qmObikJpXQE0e7BAsAnYQj6u05eboEhfH
   1bx1ZsZX+8bb504ah7QLfuqwAg9WTzdWooCpiCuYlAS/I7Ey2JW1tna3BZMCYMJi
   SOD4yZG62wfP4QZFvv4WWKyg+NYdPj4XkHse7Yd7qTI5mxCr7bjtccBZi80JU19G
   w+OvdypURyiYXylUYolj55nFnEUX+IP3/pToBWpL7yRizP/Q98xEUjoOS1QV9rz8
   ppg7XjBYZrns2JERC2L2xQUUfBgTtd28lNgCt02PwnF8F+KrS2w+kiJZI9CvN3ie
   No/ufb4uOFLlJU+YWC2c1kBb+5bxF1uVN2jhIfZRNXzbGVVifpTsIaz/qddsFtnI
   8Y6yhImBpFCrdzt9GjsZjdNRFwTy60fJrXdkzwQgTwR8k4b8OF7AWYPxqgLHRhRv
   v2P26GOG2d7+BhGyZcaiz2y/eleV1eG/rgfqYHi+a3IDAa3Iq0hDg9IQ4x6/qh5L
   viDAM70hN8kqGkg8//BaXvgETIIMyupmvi7nWpBVKozs/jGI90UCOSf8uJDDcbnP
   XOnV47XI0XufAeIdxKa30hxw7b9UTqE6DAe0Vzc3qtWLscadPIxjHOoko+PGoUOe
   A7w0vNwutU8beBDHkhz84Ni9hmSWOy9A+7J3XFMm7QxJJTmKoRe5bySvCy38god5
   12WxVrlxuftoGPf8QYtLc5F7B+gx5i8Pv8eI/JJLMnGBdci9OUYkIe6IAw0zMxjz
   0wPzIITHL8l5ejE6cc+Gy+SwVosoa0RC43n0AzP4BWu4wRmJungQTSzMUM+6xb2k
   ku3XkjwdQLVY7qX7M7AbDr/7eK7ojWnixTyNY75zqObQaoyhgKJlD+6iwadbMVq8
   SYpSY2EUnFSVM3+NeGVF/ANLoGcBHzYiokQy1HQZlTpB/2nYA3kBfL9mZoUxN0fi
   Ca8uDcGvB0MsHne8wvOMv9A4GCYYHSQxZ+SMtylTMtZ6qENDdRSz7JFC6jbaho3U
   KM5+8iyAbXOh3PnMNURtJ+9+nFHI+7Uiudkoel/ymgOZgJhrKkbSd6X9i0f2da/F
   SeLx1jFtLx8GDkwZfI+8N/JOTsH0/0tI5gW4UUvWoRtF3XUMU6ZFPnkCK8GLUCqs
   eCgzZdnCV0tYxvZNtQhZe9prONcE1bbRGCJ/OeZRNKKH2CrjdLG811wFC47KfrMD
   xRTM9wFxVsFDyr6VyhxojPuEz2OjmxnStXyd3nofcVVr8kI9VxIqPbRTLvlzevRC
   CMdeZPGMgvEPLXCWAkFTuqpTYwWBx+aHDGj8EPWoVKp/4DRwjwYMEyiErQjz+a6c
   0Kg5lovwNc0x3w5qx+7aU5hA8JF8YGj0+Oj4HdNeFs0n5uAqSXI4IkaiMcik3F5I
   pJRwI5VHLfm/UoeazisJ3IDq3TKAYpeh7lSJ6xotJkZnqlMBFzMA1vu/WMN8Ymye
   1GUEFPLgoRiukUOrfqDC1pfgYKXtvRsJRIFMPiaT/6kGDMA6OOVRjNOBO44OxuJJ
   N2o71Q7+J6/Rig2Gck7bEVmmaZdj/lgrD7H2Hs/aUhFS5vQzdCnTiXBdcfUIyHM3
   AsrOlzmwPgBup6FH4GW6oL64cFGmuSsCzkCwdXJKNt9AMq5h3efJVWhnRnldAYKo
   bgkLdL4u2ls9R802FQHqC9WahhGh7EF/fnVGE+yJkFI13jJUC7ZSU4W+QTLYR41e
   ucYxmO+DmK9UDLOXyExJaSqohfaCba4nz+Dw2BFRSgV3JG3RcbsLsfcerXwQdyxl
   R/u5ZRt3SThNNz/UIgkTZXTYMWZezQbHv6REvER0rwlDtMXpg0/rcPcH6iGSKEi4
   Wn365bCmBTYHd6mCOh8p2YycZoQBgqGAxfSxz5q9OXJGIikrou7UfnSKTHqhubXz
   PVmNwGbxuR5FrEYkR6sHQwpF4Hr9pbiqq4OZFXr0NvdC0fB7LL63x9XWV+TFXnPE
   j9ycJeqxVQgB6fQ83nNfwb7WKCe4waoEARcZ2CNY14V3pePfZttMYwQDtHR7Ssko
   VpjhgDqoQpMP3sdNFR7u7DqmwLkkhwArU1J0LynI72G2IutRxnOx4hWxiNizYntB
   d9bjlUpcOt7UYf6mDnadqFg6gQa69YiYuRR5JChc1P6LUSVTyNNMkCznkoPVOWGm
   VQvaEPkWWZI2/YSmZqtBsuE2G2ggK6q0nRXCO1GxjeNuoJkgaedceHrGFtnyfQBQ
   gHG1j7L1HV840nwdJNS3nMhxceof7nQVsOyllcdHv7Flui5ZSxPzAJb6turW8ssy
   xU8838uMVgqwnwVzj1Hz9mGguIeGX4rATS1tlvVR93GAebDWcEBiGg2hdJLfrvUF
   Gru8B/HMtDc+HFwyDICgwVMrjixqb4QlOMZV8X8B2NdFG66U4KMG2KCmUeVU8ExX
   sCMrf0/JEVC8uXZWUNXby7H1u4rMH257aYkhhXwh/obKUx9DDqkWxW8QFjNeCQYq
   +ACwiXXJlWOPg8CSXw5HQHdTLJHDtUXQ6qGuJMJCB5VCDcnO4SRv93e7wxnqYqpM
   vQeKYt1gEx2SBn79jgkoZUCJ+GKqqdA2X0lWs+n/yl39OSyckWHgEvHv+MzLjx5T
   pAG7lMwClyA5Tg1xiuYhliensL03XmszIm9qLTRD7tQ05RwC+fzpmBa6sU4eyQUe
   ZnLupGijRq4IbhFWng18sDrS2dyVnib3tS3E8dnn9jTBDXxDnQrfgq1GNcK+W7R0



Gillmor, et al.         Expires 8 September 2022               [Page 81]


Internet-Draft          Header Protection S/MIME              March 2022


   n4c3EfHXenwQ1mkxdp5gefawftI8pa7VU9oVPdNHG2DbGtNfyrdcvKBjNV8k5Eq7
   f2ScfXVavYXbDN0kFohBQZJCQNMEdrJRq6G1OoBmCu1joXpo48LWj/Wf4EM339nm
   A0umfbUWwMMUHOtHDCdFwMUQ/pviN4J0u67f32f8WnK7FJGLqcKQSBmT710lp0wg
   B1A2gBGUp3/OtsLsc5RZMSUyXYuqZ+qXjKkhEj8ApsB4sO8mEkho0KJRDqW0uu5o
   yij7OfBY9kxe056y0xWee2Fw4O0SRscjAcuGkkiCZi8Beb9JriE5ddE9Hw9W5/Ai
   Xyxn3C7Mv4ozpFzvKgw/bukNYIKdDZ2nWeqpnRoSyAbuHJ0FFdayEvx/XSSPdq/t
   g3V1bNrMbZMYr/QJkQqCvncusXK5OpFeOF/2jj+EnJrbubrOmTR+GzKAN88Qq67n
   nMRrQVCOZ+3Wiq1ykBY7nrVLfHW/AF8BDW+xqr6uNIO5u084yZRpStkE611JMZVY
   MvTtm+Yb5trb/qUuzJbpgSRT40mlHynstp+vEEcM6ujVFSUEITFCQuaPKmZl/qHd
   M+AqbdMRu6MLGBR1TX5rTVd6kIj2qDTmPbnV/6PK59T8Nv6Aekokdc5CtYgc4oKh
   ftDRa60EjpLGiJgCQzT7khzTrHZMN9YxdtrTDBr4fHitqlr5RjU+Aymx+NL0CXmX
   V+LiVvvQxHGpGiZEaV7onQ==

B.3.3.  S/MIME encrypted and signed over a simple message, Injected
        Headers with hcp_minimal (+ Legacy Display)

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Injected Headers header protection scheme with
   the hcp_minimal Header Confidentiality Policy with a "Legacy Display"
   part.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7565 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4584 bytes
     ⇩ (unwraps to)
     └─╴text/plain 423 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID:
    <smime-enc-signed-injected-minimal-legacy@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:10:02 -0500

   MIIVzAYJKoZIhvcNAQcDoIIVvTCCFbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAC+Eq3peshJhf1JB/ataWrNRTuNhGtgwfe7q
   0EmuJ93I3x04yobd1gfM+UQ8fBXZNobbjj57dkoxkbYEEtGKltv9PQrZ4Qw/e8UM
   rgYA++xUC/h4dLTBBD+6U2KFinZFbVBJ7irGCZVB4ddzF2F9dMzZjMH9DOZIS4Yy



Gillmor, et al.         Expires 8 September 2022               [Page 82]


Internet-Draft          Header Protection S/MIME              March 2022


   sB8Egd8ouTVQCLCfc7FB7i6f5qpfj3FibrPFQBrxFobqID08eoeQLv0oNkI4b78W
   xdkG88IHfdWmjCr0+5Zj/1XdmMnuQfDaGV0r4FemW/gCjq9UnQCF9Z6Yi3WQeCm9
   xyEcMfUBWbBlpt5sBXqfV9JrdP6/5bQn53myy2B77XRrGmIzA04wggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdfxEVSY21BQVbKsyGRIhEI8f
   oJYQGAob33mMh9x08UAKGVuquskYMwZs2ZzPcFIPCBQquiecjjXN5wxq1MWLaiRW
   Uxg4tqnwezPRnGQD9GsjwmlV/n2JMhbMx/iXXYfvZ3f3mEwsUzfKPkxmO/G3j6q9
   zXW3J5c0ipriUdJHt26EFllENbXUWSp32pwEjOXxp/nCHy4SphqyoHLgHTxQ9oTj
   sJU9nMm2Tdl0Z+WtHuRMxLbFjFF4lURAz35aWJ5Iw+v0eBxQX1GxuNZ4CrmQsKrd
   CE2hcL2vXsRECb4A+6596OGIon3R/BLQeLC8DPVdUFHvx1/N2REyW+hENgsY6jCC
   Ep4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFVaSaXfBQr5J2dso1R7Q+6AghJw
   pYrgLyq6XYnx9XGh8iNTbg26fpAqJ/xIjvD6nilunwHyMUMY08cEIIe7V6BClAKi
   kBfWqycgmbgBhr0X92qKyLS/izZ5+QdJeqracwwwepbT33PZXDBy5q7hhIF90Bc/
   GMId1bJGopFeyjjrczBpN30biBPas7kzVFn/wGrRfTi2Mo7crR0v9znT0ixht33F
   KB49E/QZFdtyip1Dz+2zIm+1WkYX9nsW+fyLcUo4OHpywofaDHWpx1MrxUs2QF91
   8CR68OCF/GSnUVJcySVKp1xXrEeoN7i3TX4+0BWSWlIVYp5g0vrJ1eD3vadQTJuB
   gDk2Myz7mtAdswdqd/wpPn28tBGM5+GLwImlTORyf2Eqscr1ptWJXsdDlsKf/u7u
   Wgrz+Z6GFqiSVmB35k2oO03E/hEu74u0H3zErccItnxq6ElhDmVBRgYO+3Nwmh7/
   Cr7nfoSykkpZPona4ULy+3O9VrRI31cCheD+EIB+HRo58Ez22AxmlVINMq9ANC67
   Gl/xTtJBiqb/PvT/mQiAgOvD95GtK152R361w630qTBcIV36ZN+zCC82AQIDKbOK
   PmZm9nMyACvQ8oogodcctHvFcQj87+eqJRmmFU2/CMsreSXmujzxXH6HGK+kanBN
   lDAV8efJXHsD8+2V2on05j6WN7inIUdZeZGvEzrDeGu8mTdGQwCEoyH0PVRYYVKF
   31uCk4eB50Rdze4z+Fn0mBNjwykdbVySdLZnKMX2jalrcbrP510I6dsUnG9T83xk
   uvcNrf1RfNq63Iy/GsHMNnLNtgSpLc4N+hz67uU6G2y2+dLikA3ODBomVXDxqPvq
   ozR2Lcaqb5Wi/T8YLB4AY6BUAAfTWrhT0FWeccWYe8O+l0PnPHbqKTejSDpkzz6M
   3wB2MtLOsCxSDJouFWohnAlwFbZ7hEfdcuRXSklk1rSbpEFHOsWiNCdfzmoSvVOa
   yXOMR9fWCaYXXZJyZOZwTZ7KjFswa7LbZNJxPpV4RDNEOBGrGkxfGe8N2B0AuN46
   7YkKLTQRy2f2BhZGKrKnGgNLPWvccBouqR0tvA09X7QUFAqfDJKJKAq2jPFfnjLI
   S/DA1pUuMzGd1AAJPXkRXC5MvbepTLxPcwvo8Ucw+zzzmSTYQuyOyUwXqNyj+DpS
   cdqSt5QYxQiMMBQ7QCA95OIGmwXXXX+PvpS6ShMGtidC3Q/h7M+oT+SCoCZqOVNW
   ttRmECtUzx3t5IVRPE1shpsdNE7SyUS0KHUnguliMTWhaAWWfM03vppFHRMQ1Paj
   KPybWs+V+Pa0gOzstjTqKr0u5L0wX1CRtH+add6GnjZuzaJ+pOZtC1CIGlHl8Rji
   dCO472JhGSeEt/T5ugKEQ3gvVE38GdduYyDNL0u5Ef6vBRbY9mJCITfI134szZac
   axoN5PKF2Gd5XM7kyU+DeHntXpvxfwDF/39ScoZ1Fow1qHbxRcFEH+3YyhFfPvar
   JELk7bMfE1CLcE93CAmuVdxLjwMgXLD0fD2p7o03dgEcoMfuQBtk9LqaiND0/b8U
   N2FJbAyLGxKn+Dkorl+TF16ydEJIGQnIv6kvJYi2v6QdblmSCoY7rF3IuA72aO8A
   dpenqkKsPLgp5ltXAbND8d2gXVaLxyMOSJSSgKo0vZYKQYcPh5FeaIMtWhbpo6ci
   ht3Wb3jFcXT7REyuTVIbXcmwp5BfGF5HjtdsAUhuyZUWUfOdHWyirtORHoFlmokS
   UMlRMaDa0CcoiJPXpQmvUivQxM+rPQUEHSTShwnx7hMjOUTUXxiaakiw0QNA9ZKL
   +GMSQBAFIz+20NO4OGUtL86+ypHLQppCgOlYrbxcLKRvIIs4+VsaIvgCw5DGdStR
   9jftX9HpMUXcIQvUIxZn+pWNMeTD9f1ScHgQzYklDcbLf+YCYM0GXnnVr1Xeu4Me
   VlhyXuHUZdsghw4BpyRk12gvO4UQcCvrwo/jLr3TO+msHMj8K7GZagwqzwBNJ3EV
   UeuYuFPYxk3nwsS9csq0WnH8i1YIBa63pdYH4VuRGWm8Y7vbI5/I0HTb6O3jYVB0
   8Iwn+GdBK/UJe5scdKBgBPc/cg6M043WgzdQp0jYpRZbehyB/KVU/W9x8df3DkXa
   DM53Ub6Is1CK8/eSrjkmjnwytkF+JuVUxYB52yoDzg8JbxiBKwn7NcNN79k8hW3I
   KZTSRImiDH4s59fzHmCMZYN4TrZ7aMC/jqMKlPfJjZRraM3aeRC4DvvHh0fD/bcB
   rWzmZfFZeTjsKTYKHh4ehbgMKbBU0wMQyYg8HZ8XILgHNhGHz3UqiEKGlY3tOE+P



Gillmor, et al.         Expires 8 September 2022               [Page 83]


Internet-Draft          Header Protection S/MIME              March 2022


   9/2DFIerkICH5xybrAxcvDJeyMF8sWVxW6ZJ8Ka7OOUMEmCfdcum625cz1uIs9u3
   MyD6VCyef/j0TpqD+kn40IqQnfzL0QzrHA9Vp6k/pg3NpMhFc5ftr4QsBgyCDA5n
   vKcsC5p2gi7/I9BgEw4aVu98QCO5dtULTssnjxZZHXhggg40FEw0gv254T7r6yJz
   gYa/tRiRzM4I1VILMvTdbC91eqBR2QSEBfjpBoPWJTXNcQfw+6lSdQCXC9LyIhwR
   +8BNMu883XsyEW2nHu5pELYUuFFIG1LLAPL9h13BKbOg/Q0tvhHnjRZvujBGlLSK
   rSbq9JZX9cT+r6R4kab92kbII2bEuBAOei7rNge0kLba5jTmsLiOSI38Vsr5AZok
   pIbQl8SbqDEnnApKiIL9BuFCUfHG+uoM5hpg9B7ldmDyCAiFSAzm/YsNwHqcHpEs
   el83W3ds1EMf+VJ6St/mq5GJfAKH+vfp3qXaNqJ3WoaII+VAK0VJ42gxXgtdzojS
   pNX505etbGndrzjGEUSrcfXKhUduDklpB0wtAPewEXQFJj5pIZCO/KX2B6Xxe7xn
   xGk3b3zY6FQfIMVX4VIYDA+eaTu2AvEJ+1HNAZNJmPO1y59VBUif0vfARKnuh7fP
   mQVBAguXLkzbZomaCs/WEYLFIN7dKw3gJw5nYyKNRjRUgW5PSRjsv4UVsCUIw2EJ
   bWiJ6n2B0LM97iaDbMTlHUBb5O1HDNn0o5qgd0lqto+2BCsWJpqvCSNUXPW/kXGr
   Suq0yAcjmajGOvZSuN3/uUMdd7f8z+g/kzOw5tGz4m/Y3rx+WdM2IvyRuw5pVNWd
   4NXI7onnvatoU9lPkXzaDpUTUj0bI3MOiGWEsId8pyCDIAkjhud80in/kQsAoU9q
   E8RFW1YopzYsXXG3bVWYYVGoqk8mew/5dYAThg5LnTNuQw1SGb61TSpwhNjh4uuO
   0coeDjLGD7+IDcwHZ/lOqIGXi1W0L02y+jT3GGUVQ6gM6b+JmTHgz9WREh/ewegV
   Zz9jHHEoj5XSGW4EcBE5UB5R4tg76KqZJTfrDOKifiLQ+bI/u4jPt6P2TpGd8rPU
   2bH1dJaImjko/zcMfq4hTxKiL8qxnPAjbMEwtCtlcO9ZOa1oJM0r5CO1TnFo09uq
   FaP0RHz3949Pue+6Khf4My25iOdUor5qA7kxPsV6H0zZegWtLhWQ5bQqedzp5/eM
   LUZVgqQV4EqczWW6nVSHq14h1572C3wZEy8lSkMhFPmNo+cdYCucDeA7Z+If2jvm
   KotQrWLQ6GNUTV+uDM6y7YvVO+DK4C8mVvi4Kk85/7yQsLV1iDA9JWtH2D3+JTRv
   MZ1E5RduDm/XBr18LGBp08kBGLlm5sUg1Wf9bAb7VwoEgJf6YGPXxngTnQhpmSF3
   05txmNA7C1O79SfGJGaS1xLuJrTaXuZGHYEK3mWv7x1pRtUkzMam7nu9Fk0WEBsi
   4TWBRNwFDLt+eRDhlcEZ3BXYXxaYmd5cXZUYdGaQuwbBkD47MEwL/XEPROuqpWFG
   IH3c2ZkmrugKkNgaKKJb8A196iXGBBz7JcofKzud8PK+3tWOdXYM0y/KXNM3vimE
   QHrX3fidOvKpxrYJMgbcCkFaXWvGM3F6IksWK9R2IuPOS60MZ/IZPweiuQqMLgYK
   iLqf4Xkpc+mI+9iFwbfVOg8b+0+bI7fBfrCFsGliDS5xeBsmB86h+fn+O53BCZeZ
   S6ltkJUm1lKQxzSKvYfdvY3Atm/MYVQK6/bIVZg+BniwM8VEFY26BWz0lsxzK0UY
   FbtfWN9vjObdqOtiSoTMFIjcGC1C7z1mi1uiExj0saHwbTKFuyHduJ+VRLm3+uto
   ou9iSAahnyum4gnxQ7IIcceBe+/mp5SbG5G3EZwVQRkUHD/P/6fCJ2U2Qsl2lmmI
   HClgZBzFMe8HeDW4K1tTnk4YMOyTbn3qMPq0Qii8a6yjDxTYfoCXWzVWF80VmOkz
   1wVLaNm3GRujlWDRURCzwbWDUV9/dm++kWwquY23VagcWgaTKLWTW4vuAq0rf1KJ
   EYONqKKZHxBRyhg1+M6KQqGAgg3LZk6MqiMzABR8V6jmnLLbw1AIUCcaAGOynlZI
   WpcaMisOUT3C3v2ChiEQtQrfWX9vlOY/ScwND6KDieQMqkzMrPUZU8we/Mms/ouG
   tiD4hMx3QZf2BTKcPeGDt9R5pkWYg1ZzL+7vsDouLCuDAnUOsSfu5w+Qgp9aRB98
   O8g+RbMbBoiOljAK7Bbj6pqXD/IXJ3PubuED+Q8TSG4YexDXGX1qvBPvxUsSlS1p
   5XDmwx/ULLKV5UdRUlrTqmDjALIGAEww0awhTvvxaCHaRynxq1/9fJYFQcZ8JvlQ
   j0Zjaqw8BS9rw1z+ZQDwYQbko0pBYWc/vKLib0YERvqph84iHWtvXfydd0poJvSa
   KESUEko1Djp9ia+iEpUrwOQ4bU4cNXpqAlQtHy3ZntHWYdkWRRH8o5Fj9sYO+sDx
   mQvwACvKaUb+o42n5AjfgI4fYoFBtHJj8TKDVxfPGJfajp/Nb+/xmyor8jbNOQZc
   ofBI9oZnZgGz8FdxG/eg1ZiUXHqGvs/fx7p2qjdcz5CMXbSzhvpiuMhDPGLDfDpN
   6T/DEY5OjN7dTHOhjYdPGYHZeH2o9dE6W60PlvREtOdHyJ0RZ0vwtWUzJEgGadcb
   HA1e6w72My04BWtL6SStDSfVhlUU7PSjqSA0mSc/8M/WjQJid2poodyKEOVijSID
   P1a5dKKJPo9WZtRPQUSSUtOYOdTTScYDynhYQ3qVGgIiEZBgI9XlLVXsvnTSXCTv
   1uUPGg/P7wNmfg0GEpJDPqudqE3j2s8JRNWsuqiE44QKle/3JlHewX0m7hNyoVVM
   qZdJ3nkuA/7f68PW7+ctHoojLOxD41VLt+UjWgU2heqxsP4DlhTuSYprwl4Mg/Fq
   PyWkyh9qftkIi8WKAw8VcfSj9jRQGk+YHtt38DV9mBrPd2h7QUNKPa16Gw489CTz
   hKP6MrCVLwLveTAJvx0YCH8k+yq6bCB6zURi4L1qOiu7VskLyB54/TEcLDMTRmEQ



Gillmor, et al.         Expires 8 September 2022               [Page 84]


Internet-Draft          Header Protection S/MIME              March 2022


   6Nsueo1eldOv6SyXILaQljAbEZAXy0ZHGOy8YNbDm4y0caEhzr7Z2YmXrfEOo5Cb
   Qmk/qtJb2cCNBIlyt/8DhseAE3ocYSDDGHFyyb1UneK+zmWdQIzKEch+ho0or2BG
   X9B9kJOdsk/1en/Ln41PQoWCGshu23ftb7btgKzriCHzNQYFdq2Lr/1VMwScD56K
   8RuUopGOJ3mwBDqJJweqYZj6h4NtdY1LcOy1+f0lObhLzcGQZ80vec6Uz02RNKCR
   j816g+bUQuQSrJAecEnRy92vzQfnKngKknC3HC66S3kVQpf7ssyo/cS+hnj/VtML
   3tq6Sw4fdd+mWlEKk9L4CisIFbV/P7Q+6HyreiOnai184ltgWA1AEKU47SIchIoe
   gT5Gak9VyqGOhuyJVSfEuyphI7EUIjXFK6MMz35oWkwT5tcroUT4zYfH/p3W08Og
   rQjBqIJfvVNTjbSXUfebiMrRNAPXSuN9knQkqHgNdh/0T6HsPGEFxvEFu38D+Qby
   3WexSSUsUnH989T49sYCh6GSrk4h6hRl8Bhh7+UYg0alXi1SZzMMEMab7AGvuQI0
   fKC/wXyhekq/1ZOtuEkDaTWvLedbHgaSKc/8WUItnLSefrR8iMgpTTQDsa0r+cEd
   Zf1Nfv4eBMuSYAJ6fT5LmhDS5LlAbkz/1tBfYkkout37Uppu73u2tnx2lgtxHXaH
   /4N94VfakQa5/J5s/yjx3YHb010Z1yEzgk3+GslWOdD5HY4PpX8oJCKEKChqr8E5
   D/d4XnQqvVepA/WLTXnk8j9ZRTkpSThqo1/v379XqFn6IbQlQyg57EuhSWJzFlbr
   92AByhfG3CgJcjhwGBp49vlu0axM9Ahx94N/J0H4HRECcagNDsIOhfufB4/8OyOc
   BrK7Ai7RR8LDtknZ8oxMdg==

B.3.4.  S/MIME encrypted and signed over a simple message, Wrapped
        Message with hcp_strong

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Wrapped Message header protection scheme with
   the hcp_strong Header Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7345 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4432 bytes
     ⇩ (unwraps to)
     └┬╴message/rfc822 675 bytes
      └─╴text/plain 319 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <73a42f8e-8f5a-5c62-b982-82ace766fd32@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:11:02 -0500

   MIIVLAYJKoZIhvcNAQcDoIIVHTCCFRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAHMG7sjRDCJDMqgvQrFh4sk9MkaJJY7q6B3r



Gillmor, et al.         Expires 8 September 2022               [Page 85]


Internet-Draft          Header Protection S/MIME              March 2022


   hY87n3jM6UYk/ZaBi9uzcB1pDAF0hJkFLmo+PRUbFLUrmeYfQI6OuvVElpwIDWMp
   cMtfzlXgKAO6fh/On6aoVhpfv9EmaG1rCU5ezDPPbaXW8caNi2/yvL0ustpqKOTj
   cOLgMK45tPcHeIaSD+8A4P0uf/GLzEFhDPdJrt3mVq76UbAoIGasA/sDhhg0xygq
   ZH3IPQoYShFEUmsK+RC9Sc9dmXtVYPByCEsPdhTieJyjW695dde8xl7ZeWS+JZai
   QK8pXZUdRL8El82+001HTXZYybfF05sFmJHQZ3LlftF2Dqs800cwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEALvjSc3y8/+aA+Mk2+8tupO51
   fsr8cR8BV0+aR/CYDXaeAFg6CPk12PnLcpFRZDdqitxfe7SpMgk0oT3IsBxvuOsr
   0QckRlRLOwlv43Y9jJFMc7VInrB7bJ/cPHHgB07tPtB69/Qf252gsUs3UbWko8JU
   JXBkymfUAe5+x8/gGQYNJdvNC+v9cmnwTORFF/IJ/WcGsyHPhxguR+JZqIJkSI8T
   xjawV40qcahz5G/O3vLI8kxW96lSSmVE9WIuPafsMbP1KZN/6i1gaUOPFcsH1jln
   fdnk3fToayCGwOAQvh/UYvlGTA06Rtnmz44YLZiGbVLFLGlvcXFfwL1JLdl25DCC
   Ef4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJo6kOdMHnCo9aCxhG8k8qSAghHQ
   oifxeGRuuDaxdcCkEyNhsAq0P92jEteuI38u48FqaDfBniUs9wmW/EiEaTmXWvdB
   f7df3XeOK8yGqyR4pcXSYSK8iGfLezceiIwABbXRS8eLcNT9NPc5MPopD/h4q1Vq
   +L1iuvm8P0OIh561cmKglrAmTebH1bnyjYLw6GH82/dscgRu4mihqvJTYQC3uaLY
   H0dJnqyYV124/K0QyAPKCm3gR9gniHVlejlQKIVwOT649mTdZ6FVeMk9eaLQtKf3
   mkx0trUzXduJnBj4cASKSovC8yySEuGwWu4kROF1g650ledfeU4SC9lwPwzvHPD/
   lk4R/gUA0UAolIj7GaNDZ4CqpZqDYOG2wJvCQjfK7MU9TgoPsSRXhlmZPCam4ecK
   gdybUd0A4UTQ9OlZiCrS0pDyKQyatn0u04SfKU/b97P9VwNageENErZTERoUx1T8
   Vq9yBTKZIWoQe/2wsVvVJaR2+SXunrla9HDwpHqDtZHhR6i9TtnpO8KMOCWLZbb+
   lVrxswrexUtGPCJRl62TBchhyO1dIyz8eWMiUvHhLUkFnSUGh81MdQKItc0qJ9g3
   iu3tSd05AEHxNf+2hKrrTZzWCClatSvyfRbW6/OmlIzh9+JUyJLcCywJbxQUuWRA
   5pc3bHrd6/Ff1dqgw1dbH9x0Q/r0lbKrWK98B+7/KIAfvy/XTW3NAJNdlzpzyhl4
   Ko4ujuBiRJz0xRKIPSMOH4w76YejowDi4O5Ea/F44hlTop5N/lYNVkPIVnGYrEHD
   7s05/cjQTX+A98PpoFVKHxphV+jRiwDz7uUYlW6ClyrC7/H7VkzdtPk07EyY+zXs
   uThq5Js+uwgsbNqnA613vTEF0p8f8k5fLi+HSgL/TYz/UtW7JknTl6k7TvLXuQWT
   UWmrWrD/UKADkkehGkZHpMZe+RaImwRd/x10M9+ZBovlbflDigfhRVimwTppKE2k
   /S+GSXDs5r5ESN7OgIZv8swYTk6Nl8yoFijBD+wvWU4u6JNLl5RlJZZbki00Hhse
   4Of2qogvmNfTpHbAU5DL4UWdehoK1fmPu4KaSpL2sRnTpqzyZEdAwG1JIOB0YAqE
   ztszmcxi1s9KWQ/XdNJBG2QHvSMf4QTCuY2e+335Y9/ZC5WBphpAazRp9xfXc3de
   Pl93N6ydfn09wT5k7TMeLOJrqPa84H06oRAyXqFYwiOVWRvyfrsInUv6AJfhRJBN
   dA3ebIVCwrfG1w8OHerzDBo5yPc1ASLrmuPjaQ42CDrHqzfnMw9tHq5ZajoCGF60
   4mzqu9/99upVaaToFRsA40lUpRN2QoOYUBOl3Ck34mWGWg8vf6akYADylm0SrpRO
   yM+/8WeERonQcc3YqrmVjzM/yh4RLpl89oWWhHIHAAp1YyuwCj+kjiOq2HNhvyuq
   9acwfjQ7mKBfK1i7PAydvWb9dt95VnY5LF+MvevJOdf1lEt6rISePs+AhoQCA1u1
   B92MpDynfPUFoeRMx3do/zhVmY64qN7rlV0XxuuZXUW3WoopjdUzTmHycYBn7sM4
   3U0d02yJgy+IqiTOusRaQGC3/IJiZmXoTL94wBsOB1++cP59GPyvm6qgM7iO9fUW
   VO4ik8lTEs1WegTez1Lr96dwkPv6mfFJQIDlxVoZ4LVRf3FbQa9cZS7wxSe6hgpI
   0Y6YB/s21v13GpCX8RtHEkEkW4Zc/9CrpUv+1/R3QXRvYOnQaWXc96w0/lVkoxCd
   SRrlglhl6yY0QYvOmTbusUdC0QtrcQBRVcVeqqbfLhip9Nxe8vabPkoGQro+l5sO
   xkO8YwlPt6oa0hh5NjqZaBpMhD0xAqHT0826xj7R5wp49KKtR90K4wuUy0OAWpFY
   NdihvipP1jGuCio13PPc+Vah0+ACMMDvEWjYk2qEy2TRbWooNB9szzUoQ7P0kKJx
   LfMSO7ecJ6sSsjcprsKzgOsjQXtIcAgRMnxFFaCfeg2zjW1I5HC+jbiNtqda0aQQ
   L0RZ1a3KWIIPNBq18u+cXXjfaBy4HQhlXmQEnStkLrx1JuAI1wxhXWYdsrjJ2xEW
   hQBjBwcnTAc5i/vU8H+oI1Pnc32DF8qfa51w1uLdoYl37PUMlerpXq+mPvL9cX/l
   w2zd7Nc+UUezqOYPrBbwnrWOvG1msrjBPqKnJGHZJhlZOfLdmLa6inlsQBpX6kXb



Gillmor, et al.         Expires 8 September 2022               [Page 86]


Internet-Draft          Header Protection S/MIME              March 2022


   K+8mpshqf472HOfje8/hrdLnOe9Qxdf8eNyi0DHs2MzxkYRktNJFIEK6JHo62NSG
   /aM1VJbKudK1V7FFd/hrOAVg+uLbrsaFBdI6EE868qQpDThpd3WnyX8HztTkm7Up
   zpPujeRarCgEk4RPLl3erYa7d+8lpD0hzZOlQkEALbSlCV0uTW3RSd60fNp4gvXu
   GCzrJ/gsevjRJNggz3QojIXW9RFaU1Wwy80yIWdTguCswGBjMdUBRghKQlM6LlHU
   qqXGdRL742XbYU76RVNlTnjUvAFvumey5cylAck7Lm68hV8rhTBsWMAJCP6VYhY9
   i2AiW440gsNOWu/uCLBNpxPlfA5UFYNx3fo5XriyTPumhhkwsaF1N/jnWeXm8eUz
   /ylnM5K6sD0gOX0ThLWVg90IC+qbMPNu5dOpCznI9DIup6dIhx8L2j+JoeqdsCBY
   6Xt6KE8silLZAkYFFe5A57qlTq/z1s/p/6TlhmRP/2IC+2sSX9EBqXGDD98gy66h
   rBapI4n5N6RNt1N5fnWJPVSnvFYIDQ145EmqPd/gUmMBF/AalgyLEdxc3xKOT+Gd
   G0BcwQJdvmUp8rPGWgP5oy/qNIAdB3dnlfAdeOeeeiiGhaSpcwVhEaWOfYS+IXUM
   kGWNDccjDIZHvGyLNYSihyAP6vOxZWzj2EWWUEAhtGodCQ74qm6JxRMGyVuBvyFD
   MtZxMQE/AU/bPQmNBNCkN69NXyYW9Uk7p//Ef0EvZG4WYgQvaZ1u4E/P8xOL6au0
   pDcB5UWRoqkyU7jguMb7f167iCgkRTTFSLULD+ljv/4zflFv4F6cQhv+NaEAF48l
   fCUFjEMtGLCp99xxnu3M6CdiabZNCyuGEVkhzL/fq1JpVlgKRFeDFU/wfTe8D4QT
   9tranwYyAVj3gd2f0ijrlQ5/9Ch0s83/X2CpSk8fHFOz3oBS7Gfyz45BugIhDqml
   NkX8J2vKlCBOx2Xo/3waf/Wf3ajOEFXKR9fC+TSO6DrSS6XGBSQXn95SsWrzuA9I
   RuemiW8+wYbygIW4auucs+V60BRwG0wxAzn+0lX7zac+WHjerZui+E/7ehmFc8NP
   ZW/FVFtCYi6oc26dysKTzhpOUmh0WX4TvFHEx4KCL9QXTC/Ya1jrZTBFF+OtsJOi
   oRDK2/yjrGU67Q1zK5escKJg0YdorZjMkfb0nNdjNOeJ1fLNL5eB8em/LEpaF+vK
   aCWLa8tVvuq8ggUZ6PHQNkqeIssJoSXrmCfSP0DEtjk2ZDGsHaHOJ8KUBLR+wiSs
   g+NRIG3Uvch6kARJqN3AgW1BySV42A+C6x+BPUEbcwDv3qz0DLmfNob4WArd+jyk
   42Gnk9VL/bbddnhCyzYyHCr1D0XMIzewqzfR9ppDbgCLMxb7Q7a+8Umlkddd/aC5
   wFUAVB88JT1gj+NqxHZs4BIStd91ElFslmx9yXD/dEUPGfqyl5tbTrbGQpfv393U
   Q6L6cwZS11Rg+b7E777ZSuOWxJL92ATouJmzCYLjafI0jBN9BpGIymvi2QvUYgB9
   9Bia2X/SRc1fc00VRK77c1GtW6Nj9L37eiXMKseQEWY3i94vY2Z61ytosB2BCcSO
   R0QRJSWzXCXTJ6btCnFhZUuGhrnG6ibGKYmrTJTzNcrN4yJ/eByDqOc0YBUR10S2
   uGMqxwB0adJ9ci+r76ZLzdo7OvTIb+WGbOP3IIYeSjIsymkc+ShbO4mAEcodrYX0
   n3wYsjrhRYf4WIDxQhWJRUdBpty2LGl4OGUOTPOQPDaKwnGIiBUiT554NJMvv6WW
   KLEBxtJlJQ8LhN/jo9ZwxwI/FZ68pd0h4r5Mh1atVxJHbLmnWmdd0L2b8w9UyBwM
   ts/zY9bdjfndBgU3zmDsjkZgZdgGtzL9KbUwHDInvCKtODM+X7QQKHu482dRb/vo
   uIkQDy6meuxdj8e/xzdSua2aSQhYaRXuZlE7uq4EyN3OcJB/rE3OR1sgKh5k+7hm
   kSibtsFYYMWvBzh/Mata98kYHs6Bf+Rgx/FdA8989koFmkAb/B41NFKuTuS0DmK1
   2SDKgHb6rmn+cftv1MOzfgJdnGObqa3NCEYnICWitPw6NAbqllvRWdKj2A91oMO9
   YU1P/ZNox2vKWdH6rkpGfKJYVwdtVEwu1Nhaobu6p2c71RyCzJSYuAMshOyLXxgE
   1mCup6EU6+IqLryA4WkD2IdpYbVP/tOdFLKY1fBcGJtSVdgJCXiC/krDLDKhrEkm
   RCiIcf6ghGlEn0Jpk0xU3OWMh+kD01MO2IJuwk4TlT0kBRqZAtYWQQYQv0xecZ/K
   DvOXZNUQQSzXFSpnGo7wOLoUh9gB5GOIbDqtAShYsCXbU3fuXl8/6Lojv+f0YBBN
   capJh5oWBmJAmowJU3pL1JyABd5+R//cj1hQFApBKrs+cbP6ZO2cDabDWavBPPQ/
   QQCPjbMENRsGrU5bdWRoG13qP8+FVk+aNHF0xtn+mc18scGhwfem6/hFgKyBCAZh
   H7RmYuWoRZP73XPLYAM3sfwb1hLZSFNhbKHs0O/Fg2b5MkFy3DwttMbqH+2vDLBv
   6CJ8s0VTULjSk9b+ddvk6rgUy+Nce4l3s8Gq1ZfUUdV/AfYeovwoUhCIkKYj2DFS
   jBB6Zvoo8Z7zQpqNOHIiz+02zoYKtLconQWBGhVhn/A5ytYh05JZ72725AjitaE/
   9iRvigf0u4hQrowNuR+5t6bjA+5nfpKimd/3G6JdvY+QcN3BizQ39ZyUrUr3pmY5
   KkyHTZolsazk9ZKQY8LU1/nM2IraTuFzLhP6Mttj8DR+zXDjoPX5xxsr9VVWlcTG
   Y1NPHo1SYvqScQ7K3LVVsiqAzbr7SHOABDF8ZtfwVqIDDmk7cubaTlUEdGA/tXTu
   iQMYNv8iJ4MmE0tte0sRrPKKbnEPlf+UiSI2LDEYPuvXooGoroNFHzqPUX+6BswB
   8GSEpsQDPzSJlYTugYrX+2PlM75c89dhfuidAHdubHMqurOUaWtTKTl57rd9en4e
   HF0ZHQpXBgGQyQ7fT51WsXBZjxhWjHM4uDmc3WiST9DQX+blihwoOGx3moRbbAR4



Gillmor, et al.         Expires 8 September 2022               [Page 87]


Internet-Draft          Header Protection S/MIME              March 2022


   UsUJ8lopNmbY+Pf5XGvp92PtxzIBJyJ1Wfp0nCX3g4LhuwHpi5JOGu2nfKD2LZR9
   l9OehrIncV0oF5rcJWwKnRZbTBJgozaxKwkUUfp/qEAteGYxEeAJC0wy4ZD3N2cS
   r3I2871gQAni/LsF8CEAPaXE6swdSsfc0GWTi5W+jnDh2oeAWeUOqb10+vwLikC+
   Xm4VabpnHPZPiozLRL6TaVEqvmBpvUXgZffUIXpXHsWbVpJuPsIzMlmgeKEdwUvD
   Efcmnds0p3V5B4ZaXLfR6aHdtrDT+B8eNb1bB2wOP/IA7Up4NzVf9BtEzq2JKj18
   mtSbNmSuhSGqYP3fKWV4inAgRQiDDw3bnazMh/mI17qMLa25lzP9IJ5RNDRRWCjf
   +mljnLpyYHb5RyZ4nqD4+w59YM9Q/v72C2cyL6WygYE4JVXIWdnrHPSTkjBBjoxD
   P1WbthMP6DJcM5v9t8Rv8Mc8bPiUrKzMDCbXNcPJm1HDCnYrWXFYqOvUpKvWn6zt
   Q39rPppCdrHkNzFS20MsvWiw9KsWg2rb/ph+qh418ac8VdyXNcETVgkLeYHnue61
   Rbb04HvCvu3bBNjy8D6yRlFVIVxH3Zy7+iz3fJ70VwlqqpmlnMsidx3v1ykAeK1t
   uo42n/3t82Dx/5s3p9rZnhWXUdO0etjL88GpyzvdwtkYy3Nj/8afvB62iUwZ1fR5
   rcnklWkphSq9HL6brXQsS3lODDHsy8xIJlu5RrGD2MOIOy/rbMxNT5WnGoZ6j/RJ
   Spn1f944h2LkyVFFNgIlq1W6MLfTNBrZZ6kMpJ8X39iL5KmkrQ1me1rgJTtM4heK

B.3.5.  S/MIME encrypted and signed over a simple message, Injected
        Headers with hcp_strong

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Injected Headers header protection scheme with
   the hcp_strong Header Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7305 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4402 bytes
     ⇩ (unwraps to)
     └─╴text/plain 331 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <27139e00-e05f-581d-a339-d2bd43bd0f42@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:12:02 -0500

   MIIVDAYJKoZIhvcNAQcDoIIU/TCCFPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAFeMxt6IIoOR5Kq2Jiucu85qezrNEQcYm6sV
   Cuo2f+/3QCmr85ho7PNGXSmj0LkmkvIAh4RYf2fH6jqYSYgsxQjT3jOcx70hhTms
   zQV8e/UJvWRvxQHhPbtnDFketPi2CA++Y8zqvbl3L/dBeL+ltiQqcQprqy9RY5pH
   FibcQ5OkxPIzBZQUL5NrjwRf16gujq+nGVrhphjwjWsCX+ypt6ZrrBPtje3Iudw6



Gillmor, et al.         Expires 8 September 2022               [Page 88]


Internet-Draft          Header Protection S/MIME              March 2022


   /0MkMj2lJPEkgWvFEFNL/FkcNRzHlH3dQxqjaf28Jp7eY/3tF4NVHcirE9DSc6hV
   7v5zVlVEtthdFE9shnbPxf+Sbww+M3ZTVOxJwGNwPwhM7ehf8wMwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAZ8MBsyH2Tp59sokhPP1DnTLh
   iblpxffhKGR1N86t0QjQcmsND8MhB4aM7BtgsymR3IcdKrchClmkt6ATp9anhFwz
   7U93WrdRIUcSqLnwoCU5P6lGpM+w6XYJqWjpU2Yd76iYLPOYBeAFtMbxdrOEwSCh
   KZH2jyGohfZXtA8jwGbf3rV4sQ4EyZum5yfm0i8cOK7FPSPK/7pqtP797I9IBT0L
   YdssDTrrNMDRBKZ8AXRO/UZFGyWAcX1SGSlwAQ4Ilg87lgUblYdKihC4VhH2Qn0m
   YZG37Til6fmiZqAUFyJZp5nuJW8sUMzgrjzv8vuO5u66W7LoEhCQQYTRSrxFYTCC
   Ed4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEAfIC8XIvnLoAcDMT8ITOq+AghGw
   lTqzvMWiOchU/VM97L/Ya1UcMR5Gp9ca4N2T5OXhTDXkanfsUHQtiKBHI9XXBP1h
   Modt75Gunm5g+Jaj5K6hI2OtXZHGJFrH7MkZ6ttTNUeIHqtjacCA8j6Bunoa2qmT
   MCCdHnTipVzH8tFx8d5xcNETtOvuUjXwIpBMsehYbKBqpEG3qcS/Ke9chuwIEbwJ
   vDwkagqw97Cyn+b+EWAj2hEKUGnS/YtzsrhPwkhox3M+MG7eCJ577KUmIvrJcOZw
   d7vku5E0Z075QiAfw40KaHVkqHsEEuAJ6FtQAOpwuHrTTZkMkTiZpETf40N4SPWu
   uk0JIZpJvbxnZvktxbCDZV9FrGV/6TCpFgo0iAh28LWcjVkiFTS1kOtKqMFQxAu7
   78W/dA6JSkli8OYPhevcdyP8Ffyh+S1j+7cFirJPyKi/WS5oJn5vIZqzkJelySyf
   vzGAiy84zd7AFevlZyHSJhYhvkpRa3Q9puIgF2DveqUvoFWuhhkg9SJ3QMGqVC6v
   z8bPYqk+vG2btGT6FjlzZk/J0et2jpe+luFQ6qqVxQZQReUXaY3KZk3jSyub5M8U
   RmIBw+lOeE7HXor+L/IMW2AV4TC45Crl61YlbOadPDyClJtsleWj7nlRkfRZTmAv
   fgecHCgqAFIin76vB0uB7BcWXEJ1je8QBP9RHSadMFsxtO7QMwVXqMXLil4xaNPP
   hUV3Z+YquW+rpMbb3WpFO1AzYtwUbagK08eIzQmEa3nrpiX0so42imrrde3VgWiN
   l/ZRyo9cPuCmmsdsJkxGfa2pdTecK52lE3Add8BI4qjF+W6ZhZnEmzkMiDuHGmoD
   OOWvV+yV5S40HBhvGFlbBQR9xjKp2k5oIWLiSSbeUxpTw96sQ8Viu+MLgjubTjrL
   bvWPHJzykokgM0VgZs0MwDQ6TNw3sSeI4wB/5btssUmjTwOinqjHbVjyityjM4WZ
   5u7z29MaUNUY3I/rTBvN/RllEh/dBBBh1hCjbywizIQtOv146GRwPUGZeWymkNkt
   xRqRxU+ecdzT3FZIDMjcK4F1PqY0ylK06yevfI8mioUFU3HwNBpmkhfwgKx+K+WY
   zoLatFBnvon9gemuVKvI/HblzOSqMXG30TQVzifza9Zhfeh9Hwz0cnknLCKYVyYq
   NcQoTI6PyBZ44Rc5UmMr5o33OI0pffYHq0+QueAb15SskBOnCi6ELWBi6n38fVEB
   Nh/7kpFO19JqXnUwrsl7jRMGp0gsM+sW9xaxbCkb8d6VOVS78gewysolaGe0AerO
   qMQnNbfzbNH3IqxHGote/Y0husOkU5Kyglq6k3Aq7KCLtIlVLnyT+7rPmpf8jbrC
   TlZmT3IaunHh3qS/c7xo0ybB1sFJzHdlrgwZ/FqMFGI65pynQ5zVGH37MspWs3L+
   ZJ0w1nvA8W1e9cYGh41g/Ipz8Tl8hn4hhxP3XbQrPczDQ6i0cZn3Il84Iy0EyW/h
   u0lLnQtzN9aes0ihuE8uL5H5DKFlG0L3zwE9eayxb9DXk+1wVLnCfO6fGHgJFNt4
   tbFIDW6y1ZLvsNT6FZwJUiLD5i21UIaMUDossMBzruTMGp8sTPqadxEtQRO8u/mU
   ezKAKFr0DP86svFjFtMUK8mp9trqWpg5c6ftgN/7uG4fzq5DKAcPFbUspLH9J+Mw
   WcbS3bojohXXNtpV4VgYbdjOqNFw5P2tKHRHSYFyHmu7eznQCrgklNNONJFQA9dr
   3wHvLNshSt8ECsLarvnHUxyLCqn/i5Hy3Elzalma1iL7wYp3/7i+rl+qx39U6RCO
   1uHAZHWw2/IU5JkDkxjqRDOlkHgcfmwGdIBoKuHbcPxohwAlR7fD6ez0pnjW8RBo
   AiDbgUB1rWOOrLKFQMIabr7QDFrnmjLRQ6f19MJUtdsktb5E+r5odPTE/87yPS6w
   wZxtM3xoFbIkmjzAjc3URxJRtDNVeeyKOCvnyxXO/QSS62Rs10/gOGmrpdiAA0yO
   F3+n0jCBMkhtMmP7J2DiCDCwTCuuFglWJwxfE+TzeOzEOiiH5Pjce9PBTRgHJfnS
   7apBM8IT+HatvHMcC848/mtO7Sg1ZpYQo+xBRjM4viMwSfYX+HeuiTQ4X/AxjGeT
   sSOsOmozJwJiRkzwB95wY5yaTuSBLZgk1w0cakzfk6elcxVYiN7PUc1/GOR43sp3
   soZF7Q+vI6pIbDzOXGH5gE8yrutkDhHs6pnQJ5hVWi4KBo1R5dFNhYv2FsQHpVKC
   ocw/Ng+jARRSHTEvRyvZTTe61evbTjG0ocCYx7j2rNsyov8MX4b1XpECBOdpOAUE
   IcfQUUqYtgfs+m4h3QGlch38u4UVUPAbhqCy14HHSsmA2y097eej/A1IKx1Q7AAh



Gillmor, et al.         Expires 8 September 2022               [Page 89]


Internet-Draft          Header Protection S/MIME              March 2022


   oyjCVIIrKtZClfkfu6gPq9ft3L0aYqwQY4Ns9Br90qNyC57zvklvZDziNDy+/5NK
   9raZxhPSJzek09erc68W5mR1d/M3+hnHUJJtldIfd1Ud5LdJSnqUd/7f98xxFrSR
   zxyxdyPyCnRix1+mcCRoYsFwkYtnocmBcuKgoNtiGpmx9KZfbEk85xHW4OOBZPus
   BQReMzmCHYMPWTsh4RrP0BjLkdjMrlmwZ+P3fr1PE5CCTwie9z9hO5gXnrc2isRF
   PMhm28AVdi7HHNHW0eCBRluz/TtgwZKK/ZsDJ9kx0NXCoWgvyLC2QhU9NT3q5jYr
   LzSdyoaTypOzoYQT7rIgaQ6nyuo2gJ1rtkKYGAAWKp3Z8QIWz1VFV7XDXekKnPK0
   i2O63tw/PtB/PMRXMqRvO4lBP+M3GY67yROQ75RWfvaAmQhyYfA9p+1FkLnaXlql
   8sh6D/BSRAr0aaGBPdxY+M/WBNnIAr0e1VfcwUIav+x8j4/YJDGi7Rb8IJj3C7+P
   9ev9NDQU3NICaUVlYOXo+PCa+WMVG6cHkk2u4GvYu2r5/v57RScgzDYpfOJwadAx
   EINItmSH827SL6mLKPLPr6nvGhMZSONUSVk9M0XqgGWUVlFPh/Vc7PV4qpi8F36Z
   i898n6XP7u1L7TFUvWYHEbsK5x71uURECMlkCr+tueRKzfEfRtfnpP12Y6mVt9JZ
   fBkOGR8I1ZAoghQ0IsC0JP3c1f4z6msuZwleDm2C98WpohbHX3D1AnCFSPzl5RHS
   /abEFkAJ2hfuaSQNc/nw9BWcceX1WNXxC1bA8GsXRguODW/BgfJ+lGsptFZORZqJ
   u+XIpl7NaHPrQl8pnF+pRN5Zqzn+nDO3H0Uu5tdKKpk0spelQenzG4bDzy0UBJel
   l9cTFLJwz0sUXZStIGz5KhwMiIW9O9evFGE6q8lm4LxUcG5OaSgUNmZWmJ2dGWGN
   72Q7Qyg3FSZRBbFDkkBYAWUFrnjrHEAQSFsD9NVjrCAVEXEHfwnGncn2Ysh+gm8U
   Poj0VWH6R1BIAgDQbITeskfo32dyIn9RHWPqwF16914VXndx/5XO/bORTCqQSpFc
   vaTwSt0NVkFVRvCsGG74SCEznwBulWd6ijslVKnOrZqlMXfzPiNUSTk3DEdwatsL
   12yNVNiKoAdKK9oxbIyMHYHJXJWVluhwPy4gS43ND2PllePBWC6DgnFQyIS2uPmD
   sJ8V4fz6MYcLZQyfI0nOVwyRUE80vTKAczJ4u5hJ0HhhIXSoEqBJONSO9X1Ta7MW
   uKmqm8O3X7JHEZcCa1kb1SO1KeFXtVXRudVLhPP5Lc+o+DaxfvtOEpxjD3wjB2O8
   Z3fYwkH0aW3sDo2aWSTuYC98UJ0/imqlxG8+4FrkwRkaoGetwt6oXaDY1RXE8GDy
   FOBIxBrxAncl1gv5dBxsjOmzQmNYCHtMG3T+AfDKmzsSRyPNWhi8NeEK9G0PThu1
   LYezQjfKTm6zhq3Jlm6Fn9DZ3CxXU7MZRqrVW0yXgsjlC0Mfb2WKiXZB7PZ2lQKy
   qi0hZoVubPHAoAK6rezhq0Amd0lf3K/L6qVeilFMD7ilcP7r7dW/6hm2ZV4WS7Ck
   W3R1ERI/HDgJ15NnWyyaXqcbwaRhpJma70FWE6c3lm5s1mcu64txxJDJSB4E4aI8
   HVkz51slcwbuE/YzdNUbNrr98iuAlh+3iJOZ1jKK3bHfb8zBZL9IDYFv+Hsb/fdb
   tkTASb1fZUIp3u9OhvD91Vqb3IYriQiX8RB6/6cmvk3L+lbDGNk8leupqSPrhIOt
   YvDSVbQSyE93KGdNbyUe1U/l3TervPeu2dOL1qkPFoEs+TXThUUxzjyCvp3kapmh
   MmbI3pVHqZKLfGym9BZcm80gOVMLsD/ICYwLfmMQbGXOVvQRBvn0rVLdbu3YKOll
   MZci10F9Usak+agLidFmLlCBWnLk3uBNsj1zX/KkSFMPp9RBCpVDdtY2f4Fm1SSN
   Mg+dmnVNqZHQuXA/Z2nuxwGKxrWF29crk8Nakha13U0X+qnBPUnRrs7X/IFhpsY5
   OsGsD3US2ACHpojAENsGoCpwJ0ydsQJ1926iSbQpcyL1avqxouPA70KoNWL8Jn6F
   uuh/OM/NC2JhKNa3wbfMHg3btoAZiK1hhT8NKFbZ6P7QfDkrmP9j8kJK7nfWsiYp
   psAur9z0EW//oWWAWR/xZ0E5rG0QUVfjTTWEMVQOwf6Q6cjJ1EhxYrpIj0gA56li
   Cw+ZUqUAyl1FHFEvVTPAeJD2XyZW0jwxaL67DyyxeGBLJj5dzTBbBiZ06vkMk7b+
   u5Z/iGaM1mgn3jS0y8a13WAn/y35u6HZzteP8A42ZL4+fBsFL6cmIrWDYsLYEmB6
   0owZ5Iz6xmqLXbfwNkRZBDmixp2eeQPcMX8FnXK+6lZEl/AGlSlRSz5r8HoPOwI4
   /3HE3uykVyRl3dWCnQG1A9V/2xw325/WgbvZ7z4gOxhwsYTNucIyCik3PR1j8OdD
   GfEICpkLRCA/28hWE663wV93bRwVMqJi1MSTfxprAW10ChqZqe91RM5ijXbisdoG
   yiwKF87xW5/lfEbBhVJAnXqjvjMtDZbkBEteBDMOJ4yR2lWOj8/F+96IPUulX6N7
   6BGczTT+dFe22fgjFqjOllOaA5H9d0A2me1oaSpveDLWSd9k++tuhgbq5amEj0+V
   o8qcJ8YydforXi39Tugm1elPjlJFSfG7uH1LFNzBBKp+cfDWBtfNqnsFUkJoXT/d
   21Xwl9DKzGIfzcjDyrXDQEdf9Lzvh6VJ3CWJ9FwpbIw0rzo49ULXkl40Uyy9nhA6
   JJlX1sI4q6yWxUTSXQunbZH6LogTq9FshR5xAhkHmJhjAdDMkR/d3cBcDxKs0pdk
   5PPw7R1w43Ledc+sV73bvEmD7r+mrQXfbYhvkP8nmLB8VkbPUqq2dqUwvnAq8WkZ
   ggzcOKk8vETew+4B+E1zC3wUzpL+B9O8qhIJu2XHQqkKJraDaB4k7/jTtlgVFjQN
   J3swWfsiDRKYUrPzZfac8+smCyy6FN1S37fGLOAIaDFcTiO1fZc1OhCXRHI3uRpl



Gillmor, et al.         Expires 8 September 2022               [Page 90]


Internet-Draft          Header Protection S/MIME              March 2022


   dNXwFG6OepZTs+r3yLEpqH82vnbak35zhJTZgWWlUutcLLYLuulaTv85TntCV5du
   tEPiR2f6oxgo+96zUxxpFAMU6+EZz01IeGYy61+NTJ0aAOhWvlmpff2uDBEJtdnu
   /i7WYT5qC6Pae0ZWIhseLGI1U/CUMfdY295pCfCQSTS8O16J93yHY5bWMwMyDw52
   Vf584mGeE3a5/j9ju9qnjdl7Z5rjR7bc7oYKjCP+Pv+R3pOo7jhNhTKCbipvH2Ik
   xi+aa9nsTlYgNFMTmbFljhcsiTbPSOw6NpNfJmynWlduqM2Ra5ZSMOjdKtOEW5mL
   HKN7LhzMs5nWvxM2m6J26kzfbM3+d5W361BvgU6v9oCE8uSobGI/sSNP0kgGU9Cx
   A9kSrxMnhahtlC02aROS08PSeAcErUnyKJLOdrcACRM/T6iwROLI38Nn3E/PuqmF
   XDcN6aosfk5Gz0WhEuIe7o4bEDcHTKkeZ90/qNyJuCTwh99VUEeN9T6PovTSTYr2
   xpl2Dca+KXzEcdmT6bL3eyrBAMRW8HyfYTxAJntty0pLOgszHc9Im6q5Y+HvKOU2
   Jck3h1nygfBehDUwsLTWPg==

B.3.6.  S/MIME encrypted and signed over a simple message, Injected
        Headers with hcp_strong (+ Legacy Display)

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Injected Headers header protection scheme with
   the hcp_strong Header Confidentiality Policy with a "Legacy Display"
   part.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7540 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4576 bytes
     ⇩ (unwraps to)
     └─╴text/plain 419 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:13:02 -0500

   MIIVvAYJKoZIhvcNAQcDoIIVrTCCFakCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAEwle5fdKMS6hyob72qHYwMpicWoxWhovcMx
   m9ncW3nWi8JUNK4Y306rc91m1a91Bnmm6koyF5vbpMTU7MQgVK8Xsfmc8Pl5UeX7
   9nO2hq9Nk5YDrbEy2VetDe+8FmyhJHM2AEKCRYJENj8JVN32v38+96h/H+JtAagN
   hbEnXCjwumjHMPq3nqq+32oFDLLRppc1JZ1khgX2LCH7MjfRp8ikVnSvAUa8tdtr
   uWtEPqmUktYXUtad5ZqXQXual6KDi+0XCy44Ou+txnGyzY/iFBl/U9o11QtMSBaq
   hrCIF4WUgYlH1u3KN97+lm0qxlFcLQHGZx/eEhbejFEFwoFIOukwggGEAgEAMGww



Gillmor, et al.         Expires 8 September 2022               [Page 91]


Internet-Draft          Header Protection S/MIME              March 2022


   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKiTmrMj8VnpLrV7+Exp1xnLj
   Vd5b5eQeYliijqjmlUqj8JoYMSe5FokiSfC+lheSGabYyRZ7KxKY2NRScXNIX2Fz
   r2Gv9imDrelGioRcACAbwJTj9aJYZqcY6NCkfvPvdhcs0sVvw1L3CX/iUbLkw5xm
   P73HitnQIGolSmgB3M1hEVNIrhSefymvaQcekGRrNAH4paHMsNJqJOY77FmSVzmr
   YFketa7EX4sYy4Gf+7akz3GTH+wBHbmEFJnKp+4EC4ABLo3N7AQokqUlbn5DdUXG
   1JkgTT/wAqPW7wO/JDM0yv+yfqjA/IsWKwwFG8UtW9maIP/NYDumgW4CzYqUVDCC
   Eo4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKA15xixtiHfDNDPM9jjLlCAghJg
   uO1SOu8ogsWNs1fQP2jjEv7BYc+c4S79FLRrC6DAccBIlKL5S789CjRrx2+aIXVi
   A1/gBT9yGFF7ex0g+L5Q47TYi/kZYprf3V8l2nf7NCSCn4MOczDpL0h98q6F0aqq
   9m6kIL6Z2LkTVCTLtuUfFv7WivKXqjw5G2rbgvKU1Biuw4hSn604yNsCrOvLVr9L
   fb8UA1Msy6Og9VVZJEM57Ns5wDcTnCNfecl3RLvQs0MtaX4qtk8DiY+A8maTM5PE
   VmbwBnkYLlNEmv3KMhbYQdPN2YfXObyRVxg+HDuOd0wHx4TXKYK3frhgN+uII6hN
   Py3gJmRR+HpK/kxCzXc2ZuyQLycQF2+Buv4bfW6PczVVGaw80iAWM5Iaj9H7Tv/T
   fycspPk62ce3cGdh/RUT78mc4pEKMaZvut8WTf0u5szet/NnSyH/VgnymZ1etHL/
   9ijhv2lGfkhUltEGlHE3OIkcQhZAFRhMfMgDHcOAuATGcpybxmUAlVSF8F2pia66
   frmrFyzmKEQ1ce9fuyd0DX5MbPtPTb3fDgOPwHoknczGnSF8GE0kqIRcs4wiz906
   KrHSwKM78SxxcMnJS1Z2V71fIx5LmcSiidjYhsr1gyDDzUhqksK4/YyrdLS5CAdA
   DVmWlQ/x7ALB+/gyW+2EYj4FhlhREW03Haqc4lDECCIVNjvxjqmhE8MnkUihJnqJ
   yQAH/U+wBcK2zce62XHZpMbJBKlOSsGfjY+ofURfhjPPzfXlHSnDYMWAYkFWsUhk
   4L95+YwIcaDoYlen1XyNdmqRu7HC1K5tVQwGW4ffIeaJlxBe8NuOMaW3Tmn7KJrQ
   Y/QWy2sR/dgT3aTOSUO8sM+OHrmCW+44tdHFdsaGbQYrBX1l+2XtP/buOecSgkVb
   1v7B+4d+1T/BfoJxhDVyZ5wIulKjBVYOLJe/dj8JuYwDk9RNYpSl2XEKgl/5vsOa
   NpMNTmx/Sp6qw7OgqETPhZX6zFevW/Q81vnXiX/9bc3JEr7AmPmKoxij0JAI+a/g
   HPHTUR/7AylcvuqAXs3Ni8OTtOzzu5HU3YYqB3J9eeovmY8lTKyKS+bTgS9PQExr
   3HtgzFoLQji+x6t5YcijdiEjsjD0R8ukMCRH0QMostGlodIrAla/3BU4+4epKtdl
   WwzPGlaPONuW11351UOArbfY0VKUa1IZj0lnKWs0Pr7CJsEObiRT+WMY1xDR6K3w
   PUq0d8v+m8+gldNpqVJ/jm1U7BswjmKWnTcHgJYebwpA4BuAVUAQJJTzYy+MioEJ
   cNRngJF53JY3v9vBoQD/7g3CIzCI+UBiS/duaiVCtyzIwQ+T537LmrFWdDDHhzFC
   S4k96TozHwcJQZT19GW4svAz2M8eZBTuBWoXtPn4sH/BHOC5yBjH5bHf5qg2vV1L
   dCfWdg9T6AYewLUr9c2EPd2t8Z04SH+KwsruM4z1db1LibNf1PxwXIpB1tpnKOox
   nQAGYRHDyBLyIJ7Mdwoz5QfS1ZOQ61ct77tM343Rf1C8voyh90yDQXhGxkvfGPFr
   RP1EEZK7oANIl0nhGkYwXkBsmdMR+KsC5VXA8tfXKkSAcEpXAbY+aqRCbUYRvpnV
   AZ3iNObov/wWcnnvYFZC844eFjYYg0lkbXsFcig0iS37EcGN2jSRZaiV5kVq7hHF
   +VUnwsSFthMwtK+Z0cuJjRLrs1upM4fBbbVdRuSe2n2yvVZiZeXe59Jr6WwERlkI
   n+sc1D/wkXIBrCRGclyoyW1JU4A531Pd46dgcgHNtuP8Yv/PW6zHc4HT6VYro9mI
   wJosMTwIuL0W+Qr8/XLN+siI+XhdcaVGA480p3BxrjSeeqyWAC2QRVbWnf5YdXmp
   NSkKo1ZsceL9myNGEBk6UTZyDDzo7aJiOy1rqPCJDlhfXofYDyPlSByHE8zoMnwj
   KVhOHUHE2Q4FDiCpSJO5qlvhSB2svgWlrTcBI02qevuCHugFvbUIAI4sN0XPcl5y
   1afNwNbXK3bQ+ZC8nXwKZRxQLRBbEk+YGP8XkDmXf59WjGoRJMO1v/5gxZQAb1s/
   g2VX/juutTVUt0GZP0umPmrnRQXjwTLtfJpIETj4AKUuGKEhr+i8uuNlvIDHJTZ8
   qQiqddhek7kTGfpZ5GTHsx4U1Nexaio1aHCln2oDYlkY0XBTlAmuU4kFo0sqfD6k
   hVHvlF9/A3sQt3v5ygiV42HVAjbYZl1RHRKPLBFhuomDxl9FBPbjGzF+cOKYRrnN
   qdZpYGtCNKp1VDudQw0ffHFCTjebXmPPOkgMrNtidWZGbf8wEPEf3VHE49gj7+lN
   e5dwUlUXWQnfAs8VBIF4kSWhDG3gIFhD8IKoNTRPZeDL2O8bW6bfEBuKRlD9DE4z
   rOot/hUAabFfA30AU1aMno7Rv5XNidY9sGTs39HSxL6CiGdHq1OoKErMW6vaVnZ2
   z0FCLo9VBtXR5qAGQ5MgFlOPq+/rhK8+qNb/iPozMddYgxktJPiORCg4B0xhDySt



Gillmor, et al.         Expires 8 September 2022               [Page 92]


Internet-Draft          Header Protection S/MIME              March 2022


   8IuzPhsNINyj0+eclvG17TQPwX69jaUutQm3F82ldrLrFYXBDytfyz+APuWurZGH
   NtBGj9JkKN50//7reaWeVkDSh8VwMwwfTCajrSQerUEu7rww0z+mGsSRzawuWahF
   ZFpyNn2o/Pfn8eeBOW2E/2n/ndPvDf6jvAM8rL2rT3gGMktmYM4TvZxdFHG5gEFj
   7M8itL9dqDTaeaHMKaFN6AYqPIhMTnYJa15iV3eKavPwE/t33q6oeNW8Rb+kv/lO
   BMaVSzwxKti/MLt0xRe+x8+8HyvcxaINaojri2CYnbxCrH8HjTCsqVeiAIui4/q3
   GjxEAiEfRoRmhRU+qcJ1O1XCqDsAhn7NOCUtQx9zS8ueWVUJeT19SsgQpjquSobg
   Pc37RBBJP/QNHODoGUsYOLEmzMzAtC9YMOCXjmcm7g/2S9dspURtpV5UaCwm6eAt
   0quRoCr0ajbnG0zRWkoPRob6ZuIEOqMielz2QsuhTacD7OygdRNU2wmBcBAe7RKY
   J7dsJ/oYpJf6y+uBReB0AEUJhpErULETUlZ4uoLBWlqyP3drMYAAdoXXIBpLTN7E
   9VkhIbQxhCuN7o2q6M2mykHAqEBAca9KkL0UiouLiPC9Ygxr0FAUJpzFBb6dBXQn
   Jo3JqNw7TyTzVf7PoZ1V8hkQdrvrJ/67peI+rMZS2Cn9ut93AilRdO2v/fJmvUcx
   8cei7AJlboOdMzdKTkDpX4Opmo/EDwl/uR4M7bVwoGLiVx83lutJ3FFmsNcwH53e
   FgyM2jdlWKncm0EnNhi8Njr/8j+O8iBlaGD9rTlkDRb8RlcF9VtMrKKp3/AYf6wk
   Ecenr9xcJxKzKxKigRNHmj1hEsJEyElICYoxlglyfyJRVeyVHoqO3OJ8cDeSwfFd
   kDK2va4X7CPQvWFkkOTsv70vw+Q820SdkSiU4bq8rK37Hku3qFwErTgFT0Iph8OP
   dz3TS00qpIWVYTRlCgWJnmwv2h20AAC25Cfwwa9ro+Xov5dr+/CZPEl/0wF4aZ3h
   34uau8enUXV07sZ0ibmPUvwl6lZd8vj3I+h4y6JbQTclHtaNxlFKvRubFomrclMI
   EqWbB24KS46W4U/l2qv2GD5SfiV9SjmwX8hYvhKlbY976BNL5VZbXNx2lyU2LUKs
   Uhlv9BxW9c3YCo80yDY3vw7nfq49u3X9Xf3lQtDI839WfB5PnG/59UJhHWIxvpe2
   xn+mdUaGoyfLXSm2eZefp7C+41wsceFWgxpiVT6WekOoGyq/v0dRMHOruTOKyX2p
   BIlzuqf0/2Vw9y3fnEJNsY0K+Afi6aevoHKQCWwr4tjc9YEawrzeVyNU2vZ3/YY3
   2NsMxQP0a+JqMpIbv2I3GX0lIOhW0Ws5Al/Qzx9rA+bIAXbQKT0z0bHdGm/rj2C7
   z6ngk24CxIJNc38+YPhO6l7agY2bfXy5UJktxZPNxU23Os2GuqG4ymkfM2pf1nkN
   TXFOrhDNpaZKhSEEU3Vv/6f3w1y9wfjptEsanbt7oHDTnrh1BZPzUvvGuR7rmjy7
   AFqG+Ql6KduTqdWV3U5FqGk4RVuOKDj8rxkQDPZo23l76g0WRJOJY+aQi7uqQStL
   v0BtVtALm1LNMHfAza9FKOcbNlc+fyWLkJ6cqA1dKUqIyUAFh3EqDQQk3wcwuqQH
   oBOZYRSsY8vSbFvA8mL2njUfxuhnGG+iUcNxJGaURHzhABBfrRHlbBmyDjW9gJPB
   TQaDauQgHe0K5OZooPi9UIGPIGJCy0hgnF9MupBiMkBDJmOBLK1bx6Fwj7h/Qjrc
   eVceaQtEbXvhiewH0BjiWckvSQ5tzoCeBE/9E2Bn/NCtf4ZUzWK1l1jAKU4Cb5Hm
   pZTTueisZbC302FNqM7hOOFsEqer24L2YH3TZOoaNaFd1pzPAzfbbqghQiFrREIo
   NmvhXVVzse+pskP3bXscjdartlkb8tXIKNSi1YP9TArBW1zBxy4hUqHv30hzS3uP
   PmxpFlZPGgmmwu4sU9uAXG8WS+rWsDats8GmVnnx3kXJyessMHm7txv02TZ8Jplk
   cj7ciVmkfy3CBT5mMZ8Qn2pWAdtsXFn4OQFE6CGTiSDkZ2LA1iisyWOqQSVg6o9A
   TYNF7xBFqxi2AiebiERKRLO3JOyZohVHNsbMWlCIMXUdH5TfUKAVLTkaAbB5b8Fc
   lNJs9EUuuFPnuorJIO6sETOp/mejzkaHiq3yBsmHgSKoUHTN49lcjg5GM8WDXr0P
   8XJqRBIme3ySH6QF0yY6vCDISvKlAPisi4LRd0zpnh6LJmMxob1tvMerzXCEL1lc
   wzAzuHVBGNI3BBltQ5mYdTAj0+SSDLwILnJ9Sf44JuWc4HaUBzX3nf20G0T2bxh/
   2N1BbY9U5Fjtp7R8dNU37NrhxTKjhXSabJ8w0x6dkuvq6uWLOhzAw1OQKkHmEquR
   X0G5kRsWw0DYi0m/wfpvtBYZUKr124ejzLrl9FLXYVx4cVO8WOgnHxc4FW5mZl3e
   LlSyxfe6EoYzj1Z96wM4buC9TDesk83m6TlKA1PlZvBbU+nnpgFL7d1RXrsTD0Rn
   5nk06TDXqQba/sRzzvyd5zjF8LfiPEdIB/X/zpqy5jK0Q01FixhOpyWA9MXYu2Se
   6keqSwT2lnfR/ZhpqRhA39TnmoITHS1lAPPkf/Er+8ecJlsNVzfuVkRBVVvSq4Hn
   tOA0l1ItIK24/z5wa1e8W4dGnURA2OGWEPm1YACq8K1o+nSir0k4+VvJCm42+2vk
   Zi1hE+FWxHQ9H+Pt58nJj5pNflP6VH+up0515X0EHRIkTm9ecyYPQETdG89ZbUwl
   Hys/1nsNIKnuREwY5P/J+A5/s/+xl94jNNBsv1Q8kLngufxOQBbpwGjRxCTTfzbj
   MHIONho7Xg0TbJQrq41oU1goDWV5tQsMH4VUg7ESiLzceMECYiQsnVLg+FOUqDvJ
   4vaaGYvSTIaxlgpjL3qpHbmYa7+XXN0Vr8eHvr4XPB5PDua1oEftZPA1z9dGCEAo
   RPISOQbZBVxC2SmC60mZ3ANIUnBDIA6/6VRaByAWoH43QkuC7c6Z85TIB7Wosx9c



Gillmor, et al.         Expires 8 September 2022               [Page 93]


Internet-Draft          Header Protection S/MIME              March 2022


   KatEOhxIRGwcTvLf00vKY3bHb9aihWMDnpBEKUfIpHU71iC9nCtij16NokXMNAqo
   SYvTbH9XJNfG7R3O9dINOgfD+aKTvkY3pP713HZyf/FiHyH5H+obcjXlHsKidTjg
   BUptxdFQt6yVJaAy0xCZtUPV8Yrd3XZaAV1rX1tDsnfJe1Ab5u7CxpDYLijdwLml
   seOiMm6Uy0Nxr1UhfKmx9GPlrqMgm/U1Z2NBE5TKa5lAI+3iIGWxPUOByT18/7S0
   jYkvk2oO9B9iPcYqxyUn7mS1vefRxwCmbIOP2lo39QYEX2zUsh3/kLoqxBwRk/Bj
   /S2lLwfSxi1Qrb3dJHyHyBIrMeGDCUXESmEv7n4JhFlSWjMYLTDY6TmlBefU1x+a
   klwE9TszGKt+rCMCUp1tt5axy0zPz3U7yJF63/j+kxT3YH7SJcmC47pOpALhG+dx
   5zdQnZiTtioYO7E8ZiaLPM2+42pYf9vhugpZhyA3R/EFJYYBBqjo36Iw7Jh6gP9q
   NzM4+CFNs3sdVuvkRNbDks6s9Z5FICjjK9BsYb2IjzyqDVMGdAxX0uuJTLoXTJ+o
   lis5qqmnmylbPMoSsUiJZ+0ZQbw5m2NgNEZNrQEvfTj4L+R3tZfgCePtn1lVji6r
   lUo4asH3v+jk5varkDOjOF9/mX4Ycu+TX3ItDx2c6kcbMsP7tknEMa7Xd006g2f0

B.3.7.  S/MIME encrypted and signed reply over a simple message, Wrapped
        Message with hcp_minimal

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Wrapped Message header protection scheme with
   the hcp_minimal Header Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7605 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4626 bytes
     ⇩ (unwraps to)
     └┬╴message/rfc822 816 bytes
      └─╴text/plain 327 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <smime-enc-signed-wrapped-minimal-reply@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:14:02 -0500
   In-Reply-To: <smime-enc-signed-wrapped-minimal@lhp.example>
   References: <smime-enc-signed-wrapped-minimal@lhp.example>

   MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAJG/Nu5fmnMkn1fBsCANbQMYLALsx0mJWEly
   TzK5u5MUntTeOq+fVAUULIJkXaF4inxIe6HSau/bWDWISRy5txztdBIrGLB2RZt7
   Yq6OY4UVqXmD3EwkUab9wJVVj1ZTP4O8ijOAfpCjJkzfcQD5J0ZLr3CRXz7JT1wR



Gillmor, et al.         Expires 8 September 2022               [Page 94]


Internet-Draft          Header Protection S/MIME              March 2022


   CUHwhSBCMOuy7/lM2fKeyI+ThUNFUQQRECIjA0PmMrQt1dYM+bXNPi4lY9BVM5qx
   J8DQG9XNcQtPsIfz7ELwD20a7jGykPYUHzyFE681x+4KTBKjRZb9t2Ezecydep9M
   T92aV0ZU4A3Vd8bujGl9sUvWCbFR6/vhT9TOHHpqRUOOLJr20iswggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKUK3Tne27yc9+vIqGMeTO6/u
   Ieg0Iav3LcaUwnCOGLjLZhlnpZEzC/SfNTobX7d/2yPH5oc4gDxGekJO2YyCkin5
   RqpYlhIeCEWtii45otBUInis/kAroFNbe7TOfJ9ck5tVXxLJ0WwG4mW+CoMlRF6o
   E7tB3VSvplzvuapfi2/TrLtmCDb4rlAfyhTIeIQy8J2LuSEbmDm2RllrWNVhVPTo
   9gQYfEz9VxyC6Ix13w18tJ7vAgvECibxVDj6AVkAB6ThJJGle5YRQHsqbEDbQjBX
   RBXfKBjTQ9eZqxRIKjfP11iYA+tNktr4WRyY6YUA1dWvb+GBV/qS2F78yjK4ETCC
   Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEE9Ajv97rc3cRK2SsCiVP3yAghKQ
   4aCK5bc+ic/OjQtKizK3Vidpqd/12OkW7gP/7UOS3BiPtRIUkwQux1cSiCmFa8FS
   B2Hv6npe8PgIkgv6B4E/paVga591QdjPmnyoUmAWrH5ILbAdHllugybzhs45sSg5
   xHftcE9xswAoBb0Es60qRMyNEbOilRKYIDVoXjFiyA5SxLCFxXZTveJGqQV6bErY
   bEsTEhz578Cq+tMZVC6fRR/iSi1ZilyP7AYtCxUH1K5FSgt8qnxLSwk1kiRaBnMJ
   Wtk3Ve+BETCUBTn6jYdL3rBLw8rx2bp+qUcVCu48KTW1Bk/eytSJ6Fn62hJnmNs3
   m7U06C3nra2hvFWYhKva0JgOD+EyAiqGWwXOdD7jRS9js/dkFgguZVT9OewCvEb4
   gGTXLtmTF5oiCipk5o8rRhQk8mkrXQSmfAkD0R7hav45BnaisfI+4rd3VRBqV0NZ
   wXVFiOfEpq4hhA2fCV3owC+DiW+54F6gUEz0htkkfbJdD4r7+8u1Y8oLrEkPZGJU
   7SOjAM5yC7TErr4U9FCligOLjWKmeKud+rV+AGKUVEtgXlAe1C6EPQDY+uToSsP1
   bwRmAroLwBBD1fttSRuS7089AsGqDNLbLfhoxrwkwtyDG/1t0XbjWNNw+8a5y/nn
   xnLklpqHvaHRSzrH6VAcSmrSuJUrJ+bxm7yPWqJbz17+8wrQa1FObsq7NBfUz1LD
   93+hvKOmLVIWTpYq02QlkYgRNyEFSXgTbLslA5l9WChT75VhrwQrRT70JVP+RXwd
   LT9su8myIifWOZpEIJpSgSMAJs7EPDJTdckMkBEVyiQRIcNra7lZsjjI5JQa6nVg
   8pqD7tbH9ZH/AV/Z87q00VNUP3ppQWlkwaw3ZuLEH9DWfxVbrIxD+c9DjzTl+axI
   voBsFnXWUQyW7CsirR0jhoM7sLcLXqv87UnwxlH7WgSiwkzNAoNj5gvZ8FB9xLw6
   ZvndV4o8MOYKaXQuOkIo4fJ8xkjxa4g2suRFsOHUS8+EeuBKmMJhmOXx3P2TVFmY
   jZcIPkXuHbJUMS3sCcDkwsN6Xbt7aa3jzqUpEJwwge3BG/1PC7Xeb4JgWH9uP5Hy
   /JkC7Q4gfLcqXNvBE800MyGXpZCj9iXWNYSbAHLazBYpARpj+a2/nj+D0xjPYNo4
   iwBzCBpOpva2C0f0MO7Axas7XDRRRuoP0bVeo/gDS7Nm7mq+HpH4RYdLP8Idr4ff
   8wHmnihggUDFmvJnWAEePrMXZb2fCjr0zFAwHG7aL7GI4bH2tbN84uOYFGCUrAf9
   qRe+7v7SGZIiQIXNvQCzsHkNbhSb1hOeAeKpMG+nkU4IHI2GGjs2291D7kEkKN0F
   VA4f15pSlKLlEF8T4HhoWc8S8+sGxdXm4iujbis/yrkXH13bk46A55DNk+aCvDkl
   nJatM4o58mMFun1LaCMUZl/AQW3CFDRJxOU2Ae7VbgXRsb6gokkiL7hmxC0fNXwG
   ff75Lo6/MywhXI8vANmoTBVNeOCO7atRVdzYZ3xvQ7tTgUgr2BCDQlw+1aDLso60
   SxunTtZxDECm9V8mWeoQjzmWYLuYeCbaUfeoY0dhQfwlph8tOrunEfwrbfCMK1Gv
   QX5b1eQURzZ/owrqE9/fUHHY+EjMrxk0T6+45cA+N3oOJS32KkIgv6+91GE43YKK
   9eAiDYmrBaIoDMXAzpW0yyWmzPjSuKuolPsCKnVeMN1bM/1Iib1/lyjF0yegu4bS
   0VIh+z/cNBg9Eetrbr2gR68d5mZzWXvB/Wfa6VM6Odl6t7Kq30wiFUJ5OtVaRPkg
   NSOeAXekL2rUQdmVJFwOtO6FmoYimgc+YD7b4HZICUSbpaernIhy9+ZS3iLrci3Y
   9tiMlikwHpBX8ykQ59fI/i21SK+JVtqzjFOVq6hoRLegzQ/OSHuiEr+RWYmnGXH3
   TLRaPx1xp4S5P5zEsrIGmkQVudXavewItyxq4vyEzC1BS7L4rK0XcK0n940IKJj5
   YwOIj2uiGGew6AFVEF2GsO29XdpbM4XbuIrXMVKBV5VR8B06ppA8NcVOK0PgvfhO
   66yomGxgvUn9V0v76+x/ZZpsyonbIsdfnoHmaK5gIfUcAKVIp8I2B7gN4tH8ut1+
   YumRhc/R6Y37ZbeY9ZpMh1WFDJ04LOaiccFaU8yt0Grdhmg+VLQg+mzOUIZReTJb
   VCP2201EGNisGeYp4sIqlVfziAtyPgnvTN8qtUhoZOZ5ghK5xlB9nmmbhf2wjOGY
   vB3dyw+dTkOBIH3tqqS90ATEddzJHHVV/oXzFAs6FtGbRFA0YpGvgYC+RUpYqvqj



Gillmor, et al.         Expires 8 September 2022               [Page 95]


Internet-Draft          Header Protection S/MIME              March 2022


   lcm1OLqlEHl8tpQlrWzTEIGVUMePTRBW77CXSZGNh3yz+eC6l270KPKbhNbvZSQg
   uI+NZXnGCdapQh8NIUmn4Suo/Kevo9/Z5WKg2k1gFI6rZVw2rdMuY0PVZfyuGTeE
   KuLtXAmNZ8GVFBOq/uz6GoiO6s5nFh7587LHc+X4bayK63tuKnkRdKJoqzChoU7y
   P7zFJGwR0Rhe70vFwlihlYI2y9kH11Y6GSzULYY2tYozH0cmAkYMnSTmeo5lq7Oh
   NveHC6v1vVQZ6BUYN+6fm/jU8fuE8aTgrnREfdDNbPUF4G3hZz7Kyzu5KgWxWVjm
   a7Jd10MxVjUhqVtU52/H8eikdanl1QCSTtjnt8BP2apT8lXjzT2zdZsiIeEXhylX
   03ao14tBqMDvpZ2Uriq0S3d4O6zZ8DdCA/4vqyVpdA5GYxj34Wg2tMN07XHZ+5iF
   4D+Dra9pXS3mqmR+U/MUF495/9xM6+eKSN0e3gyHW3LLhMtnc/sNIod0mMvIkexl
   1VblCRNsO/vKpLm9TOgilk4uhk6//Nha+SoknZwZbKpV2HP/yjFm3/yopccmqRbJ
   96z4Uwgqeq37EBPdrck7d395U29Wntzzh122iauJyNYXmer9OqsH+tM71mJ6NWiR
   KQ23Pj5h4nxvhDRAMD2tN65RfRPD+Qjz8QJ/6h9scXL2we2QuzNSZZ/IfITHt1Tj
   c0Qp3HQgFH24JSf/QnhdPz06SUZp0rzR1Ykgh97miSOzOZZt6K0oPYy/YeAC+kyL
   K15Cu3F7fVrk/aYuU3TSSO10vfblioC3K74lWQZHmEd8nOF25++U7FspYVGa68Gq
   lJiI/W8vhtTDUCdSwymn1NgsrVVg9ip7RCkSBjoibnup7nTOLbdi/yNTmgD+s/Fu
   F9ieEEQN0/k8ARP71YAZR8YSaG2dLuYh/pRTpe3xoxLqwNyC6ck2eOWq0lK+LBOi
   /T+b6HH2v64De8MGR33MNDf2DagAJ40/RlJJqXhLm6JTn0ZB4C9gygJRUumv9KIV
   li9yccYXs/dU+zYXiVOwedmN7vtm6lJTkWfet+gTRz4zS0z3UA2+dtiu8LLVm9oG
   5BGb8qiRF5WNXjaB+HC81bpJfuIDzAja/2QPAwFH3tG5ixKlN4/ryCwoGllkamDx
   IiZPf+2itg/7CLDnomfCGn2XEe1WxS8CGR+c+sH1k3umqpDJam0FZ8y1g7gaFUO3
   QhpGY2kt7EvPhOXdbwMhNADHFCu9oEC/TLxknowMsdjme/vA1h00ttDWG0dPnKQO
   VYpCRCFQCVOvNqbrc/kbRRiIZxnuPmcoRcI31MqUDirZWfyxpMJsfgGCQxAMe72q
   nCHGQgaRIC60JXosP0wFPSibg9HloaEAFAwheI6rMoKaLy2WL696rG/zxEQSovB5
   wTsHFs1UAaB70nCVoLu+0lS7mL2s5JPv6Hk0i0+wSi5uYMOpO6TUY2tZE3ay52zR
   tJHKVK0rT7yTe6VQOr6PW//y7Ygqy+glBPVUJo8YV6oV4QF2vrj+StNKV457paQ4
   +ACh6FXcShgGxI6Em41W/wrBQEt2wzOUv2QKsx1T4rjtBk+hA1xfJoCYuJjiTqtT
   HpdHHTPqX4WzGa+7Kelr1YITR7TGAbOlPeJd0IMP8mu3zoRc1p15Te0mrXwM7CuA
   7f+c5VIPIXaPxcQmGdPgrs9t9jzpV+JUpeokAtUpVJ+jcJtTaFf1SQqd/6w6rI3o
   uvYT5IxS05EUu2nTYxjQRuTlonWNXkqVHEDGi99u/FrOgh9fZ10oX0FgTN4u5R6H
   58uGsmJnWUE0Voj+1iSKb86wgwDJw8QOHhnrAoDBxAhtWTuydmuEhjGaFmQdNSKr
   I3xC9o2Q4dqI/Kmht/fzrZiifbxvPleMkvaMUOKPEdWOQXaDeIAauR/Bg14jyrvo
   5GcTdHxa9DBvSpuhE/jpTk0029DBIKhTWPiUK2mCoRk+e1JILSi+k/q6P105sziD
   TIBCjg7ba04EahFU7f8EReRzToWb2e+a2/F1DIw0r6o8SQJcrDi2MNORjEpOkAWP
   HEAeTHh9WojXnEsnHChwG+pshviy+tZInONjU3Q187xSUbNseO5u+tKVTLtMEr6H
   AnU8UzFHkUDnpw6fjJjRfKYe7BQrM4uxeN+V3CjzNrK2VLQvMiUw5fcuEOboEbBT
   dzhUObkrGKaUGGbuyIBhR5zVRQC3QsATra0ITzrPEBxGD2yY/PkpW+GhiV+6Qp57
   fHtZSB0EQHOM3mihF0XJqLnx8dXAXJobdo5jNBXSo14os4fw88WdUCpmBDPpbWgD
   Fy6hynY8tjtmeaGFQC6o8tzFNMnSH/Re7uO77x45Ly1WeHBhXHARumCEVRkI1Yg0
   8WE9KLZ+TEkcTok4hMcYH27XnKSWElrUNV2ViuXKyH2jDZe2lSvLO9kex+h8Fl3C
   cfgeToh4pYrcxYB1Q+2Sehwy/nubL2pTbq09ZifaTyJaUyf6ilbAX82TUVSCRRn9
   pqGlo6+sFZsKG/AitwV0xZ3DsuFbhVaePSArpAGJ6VLTMeHqHGy/20euCky6fsyE
   DAU/W4DYjv9cN2BoATOxWkWKyI9IbGyN0Ob6E8LfPXoCswXAtuW/MdphWUHWlKED
   v/WYC1ZYL8oRIzDAvNQGJxp7CI9iGaQCEcsbwzoGw7AGsb7pt0lfLJfVTNC28qSG
   tCei/HdZbUvdwUDRwePFXxSh8uhZEOWFNnqaIVTYDdbxnIHfnHNNjBczT+TjKKlz
   s5A5dWgxCtLZcGKGmqcOmiw/KnNsAEJ5y7fFur4fvKrXQvQYctdYiJ5yX1O2gtci
   IHiHmfohFrl4TWB7iKEVj0+pfQqqnJIWYj5Sgd96UkR9FOl+Suc4lnTRqzSkOkYj
   zkYZFaa7SPobvhK3N7as3niAgcb4VfTAoFXkOX7oVPPpDrHcd7UfZ/Vj2RnuO2/7
   4o4aUm89U3k/9FgEapUL/rKCOoCGnazK+w4+Hcg2wzkgkSNFU/sgxEqY7cKAHjTt
   TAxKYh/F1r7MizSf0uFRyksMEa3NSeDqNhDhHV0IbPandc9CWVT2eqU5uvOgsNPp



Gillmor, et al.         Expires 8 September 2022               [Page 96]


Internet-Draft          Header Protection S/MIME              March 2022


   oLnDUUFC7rkQhQW1h39BaUzndXGU88LT5Lqb31Z8/8/AMMn4ZxowOTggd3Z0NSVe
   ymrsuSGyuOEU0agx9ipbomjzc5Cz1oOcF2D0/0ofzdTPkGFhb1NtOjutGbg5x50B
   3bIphtV6lpFP+GapZKcX6e308lJ/2AV2hJywbxN1AnLPnqmkGeHaU1nOp60JQ5TR
   It8Oi/LjjNc5hrFa8zKU2aM+c0lXT0VQu9DvEkHqqkMBCH8B35NXlXn7GYDzFwBs
   NnGcrNvJl3y5LbJjdrORsyggVHjl5Rda8Nx3ihLdt2lkse6UBoUkZMJGwc3ZmpGW
   2wX7+5Pv9ttUmQ4bx7xcKy0su4jQaOWpjoJ1l2G5Ju0BzRx0Vfvn2WGX4aY0AJR0
   uIZgeibQy5/3hW5keuHgB1Q7134DgYMSSjj0C4PBvHnpSnuTjYPqgE6+D7UrNnbX
   x6PbWeP0soJxQfy3i26+flQ2yPZcNIOSzSulQdK36RTeOR7C2XcQhsivgBbsM35Q
   3E29rbMMFDfUzCZmdJNivvf+kvHID5I8RtX2p51YIQVcyItTunQkR9P/avTMBqyN
   28vQlzFk3RtJrpOuy8m0nOfNue4VpUV35u3FdYIa6RkqLB8ZBiLcSFoi559B9czW
   C6zz4GlpoHMNJbPN+dNbNFIoTeSi0dE0vHlP++Xo3phOC3bBcRxNwEoIExYwxxBS
   uWGQBDNIdRHsYOVYSSiEx9QE0bOinnitTHLthPcpcE0yMQkl+diABJe/J5IBPee8
   O9sicjpgeFcIozBDz26njPOgLMl5o0xtKDsJ1tKloM2g9NpA2kjXy/4uW1iru69E
   c592xssBoY3eEzoKdAOE2OHUBVnmA2v+kJc51y1BkY3YYi9LICEDPZvR0PTDl72o
   cJY2hGykCCDvfrTBjTuvIB5KeKgMfJRJDMtGAfzPESCXOZcDr4pXX4im1japeGUx

B.3.8.  S/MIME encrypted and signed reply over a simple message,
        Injected Headers with hcp_minimal

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Injected Headers header protection scheme with
   the hcp_minimal Header Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7585 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4600 bytes
     ⇩ (unwraps to)
     └─╴text/plain 339 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID:
    <smime-enc-signed-injected-minimal-reply@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:15:02 -0500
   In-Reply-To: <smime-enc-signed-injected-minimal@lhp.example>
   References: <smime-enc-signed-injected-minimal@lhp.example>

   MIIV3AYJKoZIhvcNAQcDoIIVzTCCFckCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN



Gillmor, et al.         Expires 8 September 2022               [Page 97]


Internet-Draft          Header Protection S/MIME              March 2022


   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBABgRQRzXTRs0Jqxrl9ouqlyyOUVTZpzsEN4E
   rRGV0bKlOV1O8OiF4s73Oamfc1GowC6YOss5JBen3EQq5NmMsFXjlU5sSiFGgsX6
   IjkVSHC9c9QtdJtXyEoqEhf2lGJ22FcLjU0M21XxtKMlArch5aouJO1+nTj8AIqk
   25JNvqG2dpiLaN61T9hSnyZe7bqDUflBo5Xm5REOc6EBvO+lFgjtIJB73QWiGBu9
   C9iPJPz7du0yIReoX0wtkClqUzrBEiqO64SNQ2MuLTLrl2niNDfaQrvfDa62Y6Zz
   RKPE+I461BxC2Evp18cJVdmOLPE/41b6QPu38l6L8/fSoKYoCk8wggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAbgflLBuq/SuTA535o03fl0T7
   hFJz1cRgrOgdYfajI+bAIAncrUXPCxEhAIJAV9DNOJnISnnTNW0E5ND32Dbcji83
   GwhT2iC+Uzx+0auUYuuVZ/go7eHMUWrY1Vm5dqNq5JbTwVgWy8lIC5CatZVYDVFW
   o26J351tuF7mAaIaLYXOnUrLgqWpgqI7zXjHrL0hADXlaJARcCY3Uv/PO1YOsb83
   1zQQs7Mu82fjhmJWqZ4yQX7rBKSk5V3aoPjFcj1w2vQWUXHqczJmr0ZHYiaZQuLT
   gglkNNSPNFVlfipXESE0ksP3ZoM+DzLahjfKSLiQTY1Gacasb9+oVwALBhUoCTCC
   Eq4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKODP8WCdJVi34OU9/jVCwaAghKA
   Ed5TZquhpH35bEbuVz9wfPotJOKJ6xieYlQEcchc8+87Log3fBKWsZo1NwcRMZzW
   PhE8p73CscBYylFWDtwWTtQfsu+pizFoH1B2u+byGhyr+cEVOcI2hSM7BTFzBEbR
   RlAWNZse0ZlvW9MABUHhu/7QFVwV9LYaL+UlEEAvoPfnX1QP1WPbjyIl4v+/4i4B
   6jk2HBMlN2r7Kjk1+i0hdt8V7WXHRWifGO9rGmZzi4hVkFIiRkqOqXpghbsHOdTL
   mWf8LfMXatmz39ueE27ZJC/1KHygfdFqQkTfSutBP05eP7lJHPn3cb7ktJ3wmEj+
   0iCyGySJlwKB9EFbWPOo3ENWZ90csz4250Djzzx6HIUk5jA2ePiEw8VyoTCq77kc
   n88G6ucn+7hApODGLazPByQeB4OTg4EwkVwa3fZ6CHENZfDNDjiqYtBtxLUh7KAt
   elv3UmZ5PtoWGuUd/7MYNeGiZeVuALdFAzI9Z8uY1BEQE6kZQY4g1IAvvd09Xvu5
   Z7LA4qbfbpw3708ps9KmKmlcrhmDs62DkZP26lKUgC98FmpmKgpKmPb/V475+OlZ
   FLJkE8LVPrhBQlgJWSFmPCj5FTkWml+dAriVS+7RdkeohjOepRIw7ON+BODCpvSO
   AKHry0k5ANJOZhIgYOPCByDs+AypJtqPl8M0azkThmlFLBc1m6HDVroDklpZkGib
   hgANe0pnA87omyIXs3lWpkApS3Ri4HrlJXj8sM1gqJABeQEOOcej3yIlIcKgVh1J
   OYPfeRlibKzDHbIpVFs5QMzKNNwil/t2+VmuV9Reye1pdtpXPFDP68ilPO/VCyMk
   Uq6yKfU/3gtieCtCgYbh/5dAcYwAVwB4XvYqCO4Sxj369X90TBM5Ege/4e/jcNik
   S4wJ1VNVIgs6WlQbAsQ0GwwyULguRbnmXuwXmLySLgKd3pqSeR6mM6HGGXe9rdSN
   miIc53pdrWAaLRqP35oyOCjwdl8xgaaLAV2Un3AD+Lwwts2rSOpiTFbTLRHPYvN9
   /44HfmulG/cxGTWfJrXq54hh+UteebsyKUx9Um4LGqs29HIx5skDVOxhzYPM3+J9
   ZP/IVgnm/tqkzVvYd0s1SmHdhQyXuGt9BaWjii2JZdrQjbUv7KrtfLcGUNGl3yzR
   q4hyRecPQeCO89AryPZor5CQ2H1fi1ibSDcILtCP2UDzScA9qd3lvMRZV83rFcYl
   cRYGUyckJP6aJFYUPCXRiDei9/nSkLDCIjtVHESDyUtGFTv8DeTH208INYj5xjBv
   cEtW1IM2DXft68jf9Z5XsnUM1QO2jhLDaUptBWmKDgzeQa3KESniqdceGLrTM1H0
   lFgMPFEn9W/Ma3pdi2I21TnzIcS7ZaO+NG/2ZLKXMEVBrXVEU+R7heEo6mey9+qV
   ftDsbNZJoB7mTlMf75Ut4jax9YReArT22jhHyxZ5NiUu1200emE6VMlH2t3UB5gS
   9aoVqxh9xNiDMO+6Gh0xHbc3m712hWT6yIHYcPCHzC/wqBE7VE1jcq5PF3ZpfrBz
   ZMVa18yGAvhW+lF/Fl5GUpsyxJ7LR3RMUappLFdx+OBrAHWI3B59ZIDYTodigu6k
   e4qJyNKMwlEGusefonkkAX/53Z63QXe0RswKzW3cfydOvwfC0Hi0TQX4kqXj4MAg
   N/gNFOVRpbUfLEmaWyohkVEkcgxqyYm2Qvw0oADhU/Loz9p6a1Fjz2E29DNsKtdT
   uszU9+2D+9PptibTCm5BOEbgM27wSfTwjcyKpcZ1E+6SEiGVQthWIIj8cCSkp9uG
   vTQrG0F1HCYzBIUixyzrCJoc1jBRv9lcRrjG+xdVOrRX2gNKz/bgU+9e3MPW/MFe
   uuhCqpee6qMBPJY7JQqa6qsJRDIbmjib2gCdSLsYr8+E/KGTwu1TDDb9bKq1I1lm
   3LWl+d+VrGBz3Hl10N2PDgedjwHco3igrwt3dMiciqF7l4R/aDCJXgQOb2PxOqoY
   Eyg6vrAoykdSfrpFU6UDhXbnxBdlsRSQ5zfX49Rr+YHXOk/VWuQQkeWMA0m9nQ4C



Gillmor, et al.         Expires 8 September 2022               [Page 98]


Internet-Draft          Header Protection S/MIME              March 2022


   BiU72A3+nP11Kh7mc0/3FXzSEuF7zzfhfU88tEVvzmTpVJkgNm70NEZ2tX6VBe9g
   ycH24ytDbrYu5voZUP1CepPCdOTwq+uD1iU/UcIKxnsnxwPmnvqU/3Chl/wOd8/V
   4TwbNbRlSYit7Xt/3Kg63vkQa3wOBxZ5j/KOZLLPYkSy1OJTzvE7Y1Glf8T8oeGP
   li0RQbOaux8t+j9ZrHCtxfDvbTOEOXYeVuQV2rnbvQcXg+KOAv8Ef4TEfSnnnG/1
   dW0Uvb+YxJjABh84LTf6X7ja8BTJIY+oyIMIptw3Iw3BKmpHe0DqZaJKatzZ2JP7
   IaBmSS46Oxngqb3tIs/iX10OuvfoYFF8JP9VNwlVacn40mU0YuGJi62oWugI5yPG
   zjI1lcVAsiiTYMM8OUmw/UuTDwIgIO6AOSVNMMjWcihBOQSn5HgJNP3dc9JWCIzd
   xM5npoLCukhsKgzQr3MHHroiP6Jn+UsYwoNvFeVkVzb7nZM9sqmrQ75JJPiqADfX
   NpSGqNdGU6q4o7aCtjegr0coM4xyfyOEKyq04w5oXhYzAQ7qGvN4j0iw+WVtIX6x
   kMV1cVXLzeJ/oNxL1aIgZjt+sN8MGTf1IBftWxfuGO+WKvWwuO7D/BTsxexdfstQ
   J401huuod1YSoSsHMcT1YdDaRospOz9pvkjREwwb9RZtlnCjKALdVGeLDBLG3bc8
   SX/LC//AosoGt1gzAFtBa7/n3Xup3EqME+nXH1K0xjvED8jh6xchDA8U+tSghuC1
   0OmY4GFlqXtshxJOf0tbCGEoXJUGFLeYPUG8d8cn6aLwQiRi3D8OMZhDRSdz3KWw
   M08i6lvavxGnwBPG+XIVDvxkzEaeEZrZ9Ea19/RnW+bZwxMwvC7Ecqk4q7o/djW+
   FKjWedjnGYAJIHSZCljRDosskfmgCEL4nfgMwVfqF+xS8bTxyQu5RxqwBPDk8EM9
   ZN1EH4WY00hgN4N2oqllTUn8L2Ehx5JAhiTckZz+cp/nzKVpKArnjBQpCjTBUDiG
   PT28zjiTkrZi1eKw1C2zwaQ8KOjMjRp1An1P6zSiuayEtf/GW8nHzG9FcJoRlMKR
   TUt05KBg7wgE1RxPumyws1RL4cpIb2oWlyfSqlYNHdNCQykyuu/ubaQVg3VZyz03
   CRl5V3ErDa95ZM+cbaGx2JMXR29N6wTXEGi8FCMZpS5gTucp67yZtG3Ik+PPWkih
   8bYskpn0AcPCl283neE57MhsEp+BOekq9tAx4IEWDVzL7w1EotLT5gp5iZlqMeQT
   A4kCWEbcX0emotgo/KgYhSfgaSDa+LJqvFNlOAqpWU0ApqrBkhDUUY97uznHWjXc
   yS5rzHHDbrO448nJpFo9ioCAwFYkWaEKRCEljUlqlfdaP+jHYIz48nuecCtuVOeU
   gpdgE4EhL0mGG+ylj1wC6Isrqdj41aR5m3ZwMeucBE7RkyiCVMW8/GobcG4OEqGn
   grvjoMjWLjOIoJoeuZsv4ED7JjAbedGsA7WqGGzVTyyXbUVseSuYsb7eVy7I0VZF
   KiPI06KglRA9AQYPtnij3qku/RMQNWWrSjSSwUlm4FceY77GGo9BctQ7DdYSoMOa
   ia2CYsL/nR12wRySdKzJOBmgBPDA+cFORwReVoBwGl4z1YB7jCBCpjKaB3zRrfwa
   RGXijQqS8frHtNaj6+jQqa6myg6vlUPPRnEyPz69WyE5BVJOaSftCOixCtBI+Fnx
   hJDiobd6WBzdueaB7Qc6W6tS79C+F50dUbzHeZLQNRXHztZX/H4TyJ2Jz7Bhy1hh
   Haa5mIhgjdV985ZHUEBXIch5x85lmAjUQPADei3chwO0idxi+nbq/exCmsAxj6JC
   cIuVA764o2gftaIAEj94JXMVy7Xi3en12L8wbUezyFZGKhUxwKi1WFhvb3or70DM
   yT4U/URV1HgDgeKAyOsAkTeSAZsK08cRvhxDrpLl7y5wOfxFkSbN/04KujYb6YBe
   Z/aUF4VZeNeg7FEmpW6XAVSorFQ6DgMLmY2TyIIh5GswHwfcB7tqgYVYSieRM/ns
   GZ9hks9nsg6NlaL5ueYYOyGs8MB50XHDS42uK18fvRI8qA5liX/CkCdUJC5Hlu4i
   lt3BXM3Z25iaYaKEmosgNj4cMdreoKFckmq8nSBdeZdIJ0xWX4/ioBdOaQRTknIV
   wSSQb1utN5X/AZmKnF/65svl3IgngkLQIbFCCaD2IAzS5itRuTcbK+KZbKSCLNpg
   U/qYmuh0TDeHHMO126VEPQXAQnxvtV/0MobXpswmuo91PVsbFgCU2IA0JDILkI/a
   xwaCsoQSzTnw9qN5BVmIodbT1BBfoDorlC/C2HrkeD/J3+jSX/35Zbb9GnuLnlwU
   j/fQaGftHgt63pLqqMycYcVmiA0quvpMZYRmBGhHPyr+TcoLzkFNAsNswev6//U6
   hxWkF6SAaIVWF7hTAePbDqIyeVLm4s2S5Qhjw5IAsQokxff2C9GZTLDJpBlKv7oE
   r3HBtOIs6Y2CzkCH9nXfQvbv2LWEgsAgq4dLk3Z2NRCt/LZAWF3E5a1wW4YRRH7j
   Ozl8aACWB6WnKnz82+1v2FciFB9L8b0gNwU01u7sE1ayC2TQGzXAhu0riMtqBiJX
   bLmCos3/VelP2TodcI9HmrjSPH5HOWnP0h3M7VgXHbohm9FgOZf+0GNaSI4Hr/3X
   nvFuT6JgJUS4Nrq9uE2RpZ1XDvLUVrwE77tnLaqXMbLeHm/V/TXviqaxEEgtCSba
   iWgsWkhjk8JL/Oa/HBSA5mhf8Sq1ru46/sJXjRdZ1wXGEVmCoSkJmgKTn2a/8K1g
   XE1NMeTFZucz8WJDAC5DFvqthrHHcAcG8YMVTE4EzwfTrYe9dxfHjILMDjP8A3Dx
   c7tlM/6g1c4nQTI471xs28iOsRw3upKY1T4S5MRqidQD2yKYbBVp0zMAwsybq0ay
   Bmugnz5xafztkADCg1mgQ4BzhXWz+0CMNj4txId3kMwGt7Qi20RDf7cDrv0S3krh
   lDGwGSl3fr9aaLISh6m62v7hg5Jn4wl2yXEGxAPj2TXzZwVGL9hmzbghxt8pJM/u



Gillmor, et al.         Expires 8 September 2022               [Page 99]


Internet-Draft          Header Protection S/MIME              March 2022


   HR2vMKohagn56K3xIfwi8QrWDBr9r8OKj2Ia88v2i/QeQe8CqOVu6yR8xAxGQFiW
   mJZO3enMPl00rRF9wdj33CxaF2q2kVysid59tPfJanTHUYz+IFV6/NsRfMgye0gV
   9k/ebq0x5OIIjAjhllfIFj/jyupnblUteAILhvNBfkqiDkWg9Yhqd2MZXgIGuJod
   CLUq8fWt0iNV6WkSthZI4O2wMz3ek4YuIfyVrh+oxQcG6PihlwEu5wamZb2g0GDp
   tqa8AD7v/mezlHR4a2xogj9lDLz3RXH1RYOQHSbvvRebgjZrntOG+gidcbQvsB2e
   aS5X3SZXYQ0hbG4KACkwKWTj84Jxflp+KMfdybhVz9HneTtiLMsvlibPVj54ZuPc
   YNmELTHyCxjlsX61mmtydIAoitzN+YrB+MWx06KnPbWW18AsH/gWNX0qtYIRxJjY
   rZkvzOEOUgRBxdWuK9FlOcbAfq6S3fIPMJycTlSalOA6ltq5XtjfozA2ckRutqV3
   1n+JM3Lo55CMe9igKfi4sEuIPmFjQQccxh85PMZKXZv+k+EU/PgD21HxWLbp1y1n
   lwSllaTC9kNAplcvelROfuM5jqi1qDF6Q6w8pwem2m+vUc0aV0CBGJvvz8+Y76Bo
   fho7SD9SeBOnCsSxq1cOKaeWPl10Y001wUfI061oTbSya/tbNGgaE+pXzIbhKCvv
   wOTZ6t3+12dhZ0mx9Ozo1pxslASescGr4MDQePR6lecDPdgU6cJZMCzMiKrbZC1M
   lFlApbM5HdkJOGOAVxHvbBP5u5SSfu5GGDcjiVp27A8kLGB1x1JkFr/ayVqyi0Zn
   7QUQu85CxW0nxqFFkYxXfvWVpPvbzorPySEntj+ZmwdqB6asqBuHoW+WEVf/U4Sp
   7YZ5c4Q6mP9/HZV3J+1b+BaFuuROp8lwuvYuITRpobOncr3+U4Pr77vdBbzYFm65
   kR5uZgS38rm3DX54qlUhb7AeWPnwqtEIaJA3soThkk+J4/GAIDM46cQaJdPfXikq
   AuZkkSOqjH0qEQR2gprYNTTakISQXK3os+aSrdScZq87W55RQ4bW+1pwZjCnlEI5
   zTgzG2iWGCaPHZvoCV0cv+Ln14a+rplNBoRDHhDuN5Vxnd8R3QFz7iL6WOW8XPUW
   Vfhi1ZMHR8/e0rgqlF7nEw8B8XYydKsPRpYDnrjWOUA=

B.3.9.  S/MIME encrypted and signed reply over a simple message,
        Injected Headers with hcp_minimal (+ Legacy Display)

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Injected Headers header protection scheme with
   the hcp_minimal Header Confidentiality Policy with a "Legacy Display"
   part.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7845 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4806 bytes
     ⇩ (unwraps to)
     └─╴text/plain 435 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID:
    <smime-enc-signed-injected-minimal-legacy-reply@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:16:02 -0500



Gillmor, et al.         Expires 8 September 2022              [Page 100]


Internet-Draft          Header Protection S/MIME              March 2022


   In-Reply-To:
    <smime-enc-signed-injected-minimal-legacy@lhp.example>
   References:
    <smime-enc-signed-injected-minimal-legacy@lhp.example>

   MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAGNl0aq5o2OJUxeEgaKipbTTomG9IBdUTU2t
   ZdTEG6d1H4121Dz0Q5zSqpMHqbqb/HQpqERcNiXtq0vu2aBMF48OoZoO85R4khlC
   8uARKo/8CAcUANfGIjie+ojPw1o8eaDT8CQL8/T2TZ012rfdQahxsIAr83/tFQMD
   5EqnQVxHA9IM69Epdiwk4IrQjep6djisHGG61WLrc8tbIXgBM7QHKdrEA9yJuWFp
   zpnGgYTGHi3gPzE8H4MJK3hnZ3uNAWqHy/nLUw/BwzD6EOKM5CRoSKcwYI0yAYu2
   zGrO7E5fvoqfFzBsYJp038zjw95tEOGUDeszdrGP2dPg16g5AjwwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAG67SjjL4JZnZLqZM62xH8Cdz
   SGchx+DpraOfE5ehEpY40Jy9j8sF6Wu21MLUNRZHQ+pUlNky7tA0DCIWcIbJlWV1
   PHfr/M0xf++3kfnJBFAjiGzp1ROhtpeP5p+qtky9VLxoArhI071rvEG0Z3u+6IO5
   Z9OLz4jX5lzZvi6XIQLp3wtBxap1hQ6lBD3DWX3W2lCdKw0mKPhHQlwig0kXFWUV
   mpUs6oJZV3HlUp+ifN6znQJVWjDOAT08d2Rtq0y3RGvivEWB6ElLpy9vu6a6JWIL
   1TTb/owfsyochfPx0ew4y/edwROayHmScjQ/ysa4ee5ehFnG691E1F0hKXJLozCC
   E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOh03Ev+7rYyNOa01Xc4M6eAghNA
   Mmz6xWWqsulbcV8u720fQPHh5AMbqDsGBizaAz6U1atqA09hSm7bPTSZH8HsuP3M
   psIfwjyqa+yeFZqhx90wHC1CMBJJUcsKTnzKjNL71IC4NntenOTMTkIuFcnWT4Nu
   PBmKZjCN+8XqeJKQMyRT93MxKXNrMugo99jEnDIp1vvEk94e9sp9F2tfBbAspxjw
   vyDpJWsMyylq1GPfHcepIqZ4ULyPCIiFgV/1xfvqu29NM2RClWuBPR/2ro0k12Z6
   f2idvHL65xzqBxJf1APVZLUVcKZZdPMGXgk7H4a/NULP7AL12zxMqIzMXilk+Hp6
   H+9igKeybOrw2qYbZea2E7XxCJinzqdMpE1S3ChlaRTyKCLyDF3mKnuX9IMcS1Y0
   08dc23dKkLW85VYc6MhZXPu5SADPfDNj43GGuyy7L6hqLNfr1vLfYRLGfiPwG1CU
   KKVOvFNxRUi3bJq2vMzmErG/mUkMZXWiFLEv4pj3eT+5eCrlwNqYgsezECwtcYWw
   KZrDYEep+2oGlIjyO0XLqWJf+aqaAHPaAUkyB3sbvTvCe5OwkV286LnXEbzCJSCU
   ZlpbGV81YlAXQQb5wKzKGpMn8jmUVOw89w+1v6zXmu8voytNqowE3QBsjHzVkBvO
   6RJ0+CkcRRC6oy5aOPP0GmjPBxodwTmmkJYdqUqDd7QAqkrlbjITjFMgs9NAocrP
   XyzjkT96178e3BFIaOY34JCZa2rB3I/dEFpPILq9bgR42Jajc+hhikFB3aQm3Gx+
   ljZHAyDjJbSNGsMS2k9Vv/yNAYyy2AFA957mhXHX5mIKimD89pJAhnfoL0Dl202+
   F8eDfn3nU81gOR4rTWadeCsTbJnWtABBcwd3Yt6AZ5+aF+OnnWKdICvc4UTVD03Z
   rP+bdla8xvTY2vkB+l2P4h+NVRRxszuR/9z1gF3I+8MRbpANT7zEr8Szs3RhO69R
   N/Kz1nro4K7zZWh5xfkX49khdcOORwk7ecBojed8JJXS+hi3D25BA5l7hll1eC5s
   a90m4GVcZBvykdWd48VKmrdYttGAZTyW8afjfjSfPqN6Q21vHuNMec6MM1wXZsqZ
   nacCtsBJhfYrmOSdsFygTxg5Qsw6OC8EqFWZHtyUuXOUoFM5fJGC1nXCri/er9xq
   HybJe5s8nbyK62Kc7QQPPU3oPMN8ApyvvL5NrKKF7OxFPX3XGIva1VAKgoBUsWUa
   44Usk/YQdw+3VngpUi7QJpn3fTbGMF31LHxoztmn7aNZ8cVDdidme096V+gbbUpq
   ay6QKYXnOWB6PclfewkY/G5ETwdRrB6jtJ1bwJ+0b2LBD7wU5cWBd/MeWBzYl4JO
   ZfpwfHuw3V8VQasdCVmqrzb6EA+8NLu34NxSzVEejItaMz2aawCHnGbHnYlTbvsK
   JQ3/JHBu44dkMSFPwiUOONd1wa17SBtjOOnjFnz2IMGpkyhMNOjjw9Jq7CUMPGda
   mcfhosZo/jxC+6ZrSybIJsmOzyasMsXxgRUvjGVjf8rpmhou5ThWJu8rlfWg6pia
   JbtyomU4c48lthqN/AaZNkkKlUsZg5uqHpO8jn1bOFVgREb2bOWnUzG9Y+SDxWV+



Gillmor, et al.         Expires 8 September 2022              [Page 101]


Internet-Draft          Header Protection S/MIME              March 2022


   0IhwAq3FamYXMGAWGkmgr6xi2EJAXLPe14qy+p+GzQ3wEHu2lBLRTiAMpgJzqsXh
   toundiL6kl9C0g6oawjx42JcOHITrjYtO1ySkFaFiynKT+dvBV2rNigWpUDrTxJv
   308zWn9sGToO/iam0jSm0V9J0HptLw6BZhdqp/iZyre9wwouwP4uKzAY4Vi5clvu
   e0KMJXaMg1ykE8D0wg5MpxKPy1oIoSXoMbFKh/hAjZoxQTgotxoYMeGLe8FOYw+l
   9pZSm0EwtL2ImAA/qyDp6A6245mc0W46sDE2vUyKMfWPNVFlnwCFackni/Rzg36M
   bVbxxpxGTY8GpSm4z4RI9EwwhbrdgzdyFD6qC8kXXGuXZpQ2n+e1ysdCmPSLcEy7
   t0aXFBNyYMOI6eCBVNowQiZrQTp5aHxmxRgfeB/Ee45dfg2jvdryr7Cz6NO34kad
   Qv8gXyMx5Jfpjb6EIX/kGxliFbMFKUNB1DAVO1gJkL9mvsNa3nk1ZA5u7StcCRuH
   z4Qq0ST2uEkv0OgT5UKh/SEW3OEg9AkF/G2kA1+4df192P3tP9JrJhFuxtcgrY/V
   Q9mQV+R5MapirlP/OAmdMogkgktmfT0/VBUEup4I4bL6RTGr2Hs0KYUzcUNEbKEo
   F24QXk8dri3SZf5WtIYW5cGflDptkKoUxGRsS5UHkfx8QXz1PG6PWpHR9Gy7SDQe
   FvDIf7tegV8l2O7ak/v6TjoSyqXTq5IBjCpnmsHNoLd9pRVmfGwWzh6aL/CyeMqk
   WOfOkIbKY4FIJUtU8dZmDRgEsq3O7cFnRdffFwAwodbrc9OAXdPHlpjAd7Ev/d6Q
   F3YRA5ndYXDktkUW0pPwmooCO7cKcYQsVFX9FeIt60Emvtd1+XY+zZF8i4kc38uP
   sHaUBNYGAIlyZEyouBqEQyB11gc1/cQgxlc81izK+J7IXlwcYgmwq/jrpJ/mBeUM
   V3P4N1HqjfH2yc7fGnVLE86barIMsqtdrZ58kMLdZNiQiwe9DZzOWmIx5BSrqWEb
   tNtew/8ftKcMHrFAMyBkEArOWyyTty7QkvWlmAWDCGVt8rVuWIWlqk0gp2zATtMR
   Fao6Io1thU2G8nPdEd0ntVssPQMmlhS4Bf16UAxpXUJ05KKgtyyzqxqWe+jGenxJ
   /qu1JNzhlgjWPuFJ/qnm7+Vk0W/HFvwMiY95Jd+dAxhkqhk69PKVpcr6uBwKJRjn
   IHgr2jpEoyswZNKlRlZLMtiKEpc+sM1vnCgf5qIAUVi7WmSS7WxI4h9OUdTVjz4/
   bjmJSDI7ekPdvoD1P6DvS6atTCgu0NgxkG15zSnqOD2q5+l87MGOiV6IL2vq/0Qk
   oqwpKn2DCzLkO29XfVOPCZEyloJaufBlXWfqJIBA0EK9hQafa1q2ObXwQ9VT+JQW
   z+y25MbD5x7E7iqTTJPGNG+Lc1KVPVuryLz5aRsQdIa4AgvTZ0+Tgy2yt89tfZ2v
   6dQ+VfyWTsHtwaympKDDGRKmk5qlhr88UkI9Km8d1bmTicg+94+ot20tJE43pyDp
   XpEohbQIfeNtYtkkOWRr+7Q9XBlq49FMBTFOoMv+ygcy2622WF7cSIFIIDUzh3UQ
   Ca17U/TfyKbpoYxxeP5psXEI9q0fZg1N2Lc4CgyHt3CqTOZbie3+Vtsl3+YKZyJ8
   Fwm11tlEMw67hezntqgf3ndcB0JRvoZSifIa3NLdYANJG+70yR3lG5Llly3kJ3w3
   llKPCvy4theKWfYSAHxfx1+3nnPLV6PF7ZlTAZaHRukvKtnSOWb4Kvd06UWIN5Wi
   GiWjiYQS01VDdq2CWMQ6v5QR+KIt2lmse6mxwHg87UW6TR8FPsA4F6GBZA0W4IdH
   vLV2AjVR7G8UqWkcv7ETl/dE27daGrtF7Z82cO9x/9sBuFXJk8gxl7/rn9aOqRF0
   2SY4CrMACJ8qnu9aakvtU+vN670pnFUAboIEG66jJ7Wd2SbhgXDOUmThzoZWezM4
   IIwVxlLlxqF4FJvPEQjI32UcoViUU4GkG5SgXerArXeYKRwRGoMMoNccUcar0rm6
   JuZMU58vcP9Uhz/HaRtaQUWjwG1N/I2Q1XJPX+Tzy4c3ae9pcoKoOFfL1VYSDLTI
   4KFH5ElGswcW7kHfsibCxrZc9Q3dP6bT+YteuGvbbSHgP1YFp0Iw4ok4Dzi8EWGp
   6KvdCH5m1qZYJgawSVISnxLPLUdbqY/49uExMm+HcvO1fXNcbV2SF/KnhdJ26w5y
   VcuMB1/ze/mG9MAerxoFBRIO29SRLhe39zsK2RNjDXDEi6R1q3F9oTQL/rCufOG5
   Crl/ogQBFihF5Gyc8sqmVG6/f+p6dPcwHAX9US/WGI1zRR+qZ2TRW53zfe4CEgvi
   YyRg6aniqaS15moIjoR2k7ieadjMPhw/zDIlvTbIjR10i1w2e97yTT3o7dvjAjQF
   yJ6tcnCP7pX+WC0pEYF6LVQiIs1xEZFnsnug22YBFpYfyxVO7m3H7LTlZFjWdxpm
   5JElz5wqdv7005yFo58JAs8fIpcD54VLQ9czDPpByq6M10JmasVc1EmdG98FgcuI
   jGycJv0lloomv91iojQHTc3m1fCDrPcMMDeELBfoeP5Xpd4ZhHOBwx/BjdUfQHI+
   DALW+hazukHzcsCamfYh6XffFbqXKBg2r+4An7z2Bnb6xoQRB3TW4yibQ5XhDasi
   kXsJ3m7Rx1Ja/scA8IqeEKD3xE2KWfARGBA4QSXv7/r3Q7/PHhCiBSQMZuLkPAxn
   RDDmyHFi4F4jU+L5zsrvy4qJ+nV6CwPIn5Py+6LuUnqe/ZHZv9MzsWbhbaChY+Gb
   uUYSfUVGbY3pdVIBiHymgmpHjlOxjDdD15WGRM8sI4yG0f6L0hCSm/fD0cIpihDZ
   HMikn2GaNYTS5A50+GkRQPfYnm+lKHN/enyD6vOHITFgqJufjk9TtFD6lt0l2kri
   O8Yx+o8fFvFaeFUBaTWpPMi/ffgZio3ih+vRQxlMX2G3JdDolPPuRTR5ZbH+a3f6
   aAueSmT53IFvv7280mVHUPN0VtjqHdkOT8p/+xVy1VwCtl9h4xCLSQOKwwLzvEXw



Gillmor, et al.         Expires 8 September 2022              [Page 102]


Internet-Draft          Header Protection S/MIME              March 2022


   W64AQfaJ/tELAdB2k0l7tRO4tVlt0c94hgR1d2r67TZZzPC5y2tBspXL29SabgtY
   CRCpmaF09VIH3o05brlBrj0glYdy7t6U+TfMDunWiLCDmYtweCs9kGeESiruTHdr
   GTiWBojP4HAsGP+3qYD0nfMXKELYgaPC/xtl7A3ON5tR0pwDkSckCzrwHYKWL66X
   KGOBDPW/o+Eq9BjwFN4n4lP4OXlcmGQqGBWHgnVSldditTAvFEEe1pokqQI0G6Cf
   9/qeVR/kgY8/YmkwfSyL2b0xZMI1Yo7S54irqaP4j22vIKWA1RkrH9N0LV5sXAzy
   XJxZVx0PCOFQVnyJqCNX29qfQ2j/KLmHfaK5ZESCdUzyvPEQkxt4NtQT+tGuJGBy
   sWjK6jVA+CRw8xdLFZMwEZgoAhAVdW3bl75BmqSGGs72LvKs6535tfwsXMN4YJSe
   x7Ax4n9HoH9zNsrJ4sFCsaI2jdGY5cj3XjB4oNcjutsMLj0xLg54wo5AAEHik+4G
   qC9KPLpWIe7XXQFdUsMfByfqvFlj3iRERNdWCnhxk6xdXk29xaNgLh+uAEmG63Qb
   3DfVqsaCTed4N+gNf7sr/9xJ3PojwlcCXfCiO4h7J+tRw5m3bdOyhibVErHftemb
   8skTeC6Sy27zEmeBj9suIyWeruTTAd77XzD7y+py6Mo7k0PV5nP7anGbVeKIZoSe
   /pLC7TzSOaEzR/1fYia93Rz7ZD2weqp+j+OUgCipefeOeCs7nwPThu/Qki2Z0cki
   F/pBP0xgIl2RRIPiInSWGq5WzfmdUo6BSkzz0PSJAa88yac7/Z/h8+rca7HGZzbB
   h1Y05I3Zx2oI2RxDW1ZS/x3ZEW1Qx14PNzpfKn4tyLIfCk02fZoA2YEb3s+NwASV
   SaSz95eSz3gaaa7QcdwvXjy9Q9obcuZuQt57NofpkeL9R6sv1SJG0+3W/He8D9q/
   yW46YufMjtUUXCMmQecEBvUDNkr5BdAfAcpqtvEHx8mp+CKPOU0EfRaXC6+mtzYD
   lQQBHHBNXj0HwiKEMCmdJDMGv5hTwxLFJHPC0u4/cZLhebSqNxLM8siMH3zyua6z
   L1YWygKvdhf09syokQVndzz7M9rz8pKqvosbVP3nn37Pu90jpEphZnY66cPbIQuR
   BmjA2DLAImK/u2KQEtwNiiRYzWxmZxw+hiVMBaWHhmY0Dn5K+v3LQlnlUeIR5uwP
   /gdCM+F0Jy1FOPEfso9V/dVPa+sgXJc8Np42PGmgnbpNUR7+MMh1EQ+1iNq41Yuq
   AsdKuq30cRy/5CC00IFz5tKDS0NpLKjEfa+LuZzPXd8i+MLthWEDPsi9/j+kwgjX
   2QanQPnMj2kJ9sl5K22nMHtZWf0PI2B/3m3ic330yWaDJPm35z7UlYimwKLAPsg3
   91JJxNt6f79/cqZbGOau01nffytR4/uSyra7AYmGUhSDFnd2FEpKTtzutURPKviy
   kDHUtu8OnJE+0jJrg6HIxyf7NzVhgYUESyMFyL+MHEbf4h4R+DoV8pdqVhJLk5Zu
   Rtfejj0y6g53mq2e26I3y0iu9P9WMBowvmx3e5q0u+D8exIIM9V2aKfGFS0qynSB
   O3BpRAofu6fjzSN6SxCaG/lCO40NIegIf+FXcehxr2eVV9+ql7dvc/bwOxer1bV4
   BBvuuRy9AO39kW0B8wCQDq/tzAIjxItCTM2deFxlwB/fAbbIG+a/PVBxA7T+aYsF
   WGoNCxoFYe3TYXuVdp9FtSVlKIzW2E8LTT2pUfs1a7U22v4RnCFWTcjubRkaicoA
   eI5QRSnnESPlNF9Ci9TufpUPOxjOrImfoChuCftBoUUCLWSKktXKzICP3wrRt9Vs
   8b8gb0Pg3hx5kSZjBJQ+yCeeRDGGEU9eTa8lsJTEitk=

B.3.10.  S/MIME encrypted and signed reply over a simple message,
         Wrapped Message with hcp_strong

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Wrapped Message header protection scheme with
   the hcp_strong Header Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7605 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4616 bytes
     ⇩ (unwraps to)
     └┬╴message/rfc822 810 bytes
      └─╴text/plain 325 bytes




Gillmor, et al.         Expires 8 September 2022              [Page 103]


Internet-Draft          Header Protection S/MIME              March 2022


   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:17:02 -0500

   MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAIEzSE7YJfWjy0TMQGEfYcrcBw2uruGZw+/k
   QaHXEcEFdwDSaKvAzEFoNN0xMpZ090ybC5MHqteYMRpaax43TsCnes6XevL7o7FV
   gSMI6CCnmVlY2Dvj+oGPHkl/ZkFRPz+Hsrnvl65Fs19thjbtQ7LX9uKE8TBODLRF
   nCnuyDdHx7iDJGI6xepIvD4M3zaUwpNa3fFi8XOC7UH7br6+UGCRQCZl9nrAU1W/
   VvfRt+6XSWXl71IU/0syMw4ghwS2tsLgZhIrDkFNlEokgVR8bDejaV9px7jH+d3m
   FJ0t4hBjsZAfnggaecXwoKUaPqlj6Xl0e9cLtqwr+26h1TmA8X0wggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEACUHcgXEC4pKuedLh3CB0QLAW
   HULF5htBXebTlJVES1voU9Smp5OkueBMptF18R2ojjM36C5d3xtdsBddVweJqNyA
   Hgp92O7qVoPyVXvp7BByoNRgZcrMx1pRoTREEjCX585MOXEBFUxRVRPohViZaOAM
   dgdWFB02fcOwGh+RtwBfE5Ege2zujhTpF/ie7XIbNOlWsZrTDGdQ63VaqvX3AS0m
   TPJyeqUkstDWSzOIrOlp1W/YjMcYNjDkygeNgppdV4SEUFYTNxz6rqql4E+a8LxX
   IogOTMh2ruDPamtoAEMfsMvz9XUjSN4TRWXORLkzQeaI0jcPVjr6AHLJFG6etzCC
   Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDyefElL8mhLfkZjajQLY7KAghKQ
   4f1OU+eyhjobu3iIzeCooqq/a6JmdoGQbY6s656cODYMhlimkXQkRV1QEZiLkAOi
   aKPZy3zmuu00h5lnpduDqzFq16Clw8CY/99ep7I6vANjzmvh4pV0onCsR9GuYexq
   65nR8oy9dXdCFP6vkGBFXcrTqnbPQrZF9DSxpXiicROjS5ybp8clDbMJKB0x9LQE
   vHcxB5jaNGAsb+IVHZr3LjvO5V5T0/YsXn6aJXQAVU3bOO7iUjxgvGxQGSsShre7
   F5qW99KiI2cc0c/wPtv4PyvgcVuLs/CFtvc9CfgbIAr/Vm4AupZUbaizLnpxSK3S
   PKY0l/8j0x8Eavv7LsO7R9WzZwS8zK5Zrx3aDRclXUMCXyQkel4nZvCOintGDoKo
   QuSs4Fy3M826VYkKfc7uaVo7j5lzoSeNUeD0q5hpmrTnJ/ce8C9T0FES75jc6P3r
   Q6yAakdLcsTL4XPc9Hi9stkX0pPrGYrK1HYaDBDBKZ92VdiEVGlX/41hltwX0f79
   M/R1sbT4a2j9PsWKRI7Pva3L0nNGV0iajjBslyppdXLKNFBH02Vy4zoujcjj34Mr
   SsrmW5EkoxUZGzlX9NAYV8N5/f8faUCYnSbfHg/QIK9WBKggCTm7e8Gq2iGgzVmx
   Jpj85EkYXLDkS7tN4KhgJRp3ZYRFdRUutoq4SVNzNc3AhYDMVyBWcpDAIY/Y8ync
   ZsHpEFB1Ypau4/vtj14MCjlIfOtRDf3oH7Z0Gp6ecWGFwkZ+P8muIY95FEfOofeH
   gTzUi2M3NwbGVOSPpTMxZE5wesAvXaWVS2pN2KPmQLBXPVij7vqavbVd1e31d8JJ
   cRJwxdVYO3Tfe42TQRdKjYIxQmPrjRdx9d6TyyoZE00mGed11v6Z7lxWcvGZDl8k
   rMM30LF4IgQjCVr7EiAYIybviRYLNNKptCqLK/TvANtevYEhb9yTynwevu1nFW5e
   Uw3rihR3MJgCV7+zSvsjKHubdSpuu5adyMKfYpRyDQM94pKVEvEVxR8Ja51xyVB4
   p8T3Y22rNWjlsBf0B7UAVqb/oDuN5oW2M8K53GVXEPUg+80dlR8r82Wq7ahSyae+
   /jAZcaopN062hQvXXsIFj9vy/B2rdDu3hreUtFIjgLrCmKqmeXIvh7lcBL1hQ9Zm
   EI+F7fIJJSynDna7PLsU0tANrE6lmn9XkdL9EVCVZK5LMFp8LtuGo8EMZ/MxZ2LQ



Gillmor, et al.         Expires 8 September 2022              [Page 104]


Internet-Draft          Header Protection S/MIME              March 2022


   99duo1um5gSBdZJYhrxb2rpmsVRrtLjzKCmywxOEBlyj3hYBNjFcdYhRd9RsMRgg
   QjoZME5ovHDRyBABUiwOtyGIFD9rt8xNqjzHWEizeAzfj+WbDfWDz9qrysvx4Myg
   scicK+yCWBwRvL2LbNb+uHhX879Ejj4zzkSlqDIuOTvGduojH+Ti6aZjEdnpfKGM
   xHRFRHBI4hmwuiwzqO6h6CpuX/2aew8wByIAaomyyGeTscBaJk0JumMxhSmeyImn
   T9DTF4dUXR9cGEs2qYquQcSSc2KNZpaRpVDNcTETNPLNh+vFUPJcv485g3e8EJIy
   VS99+e2lECdjkc+iHVMBTXdwSMEgrlYdIlfrPCy2nwsajp9+4lhL2aPk3yEqSs6x
   QHPO9cEKNuL7BG1Cpq9wkr0O7CVayEWY9W0k912ARy637pYpgeQ/w3eNhlGjSuRK
   pXZr7WWgT8MEuF0PJPOVWy2V49JmKjP4po+9/V+ewHievS/Z74/xozJnNhNqyYDp
   56mGQ3FH5Q628WcPdk2V9h897AOsHVyFrjFHlObWeUuQqQVctYqT6QtW/rITmQwE
   85DzWoYELv6ng+IjSswQEeKFm7UIbz6UBPe5IVYJaA6nAXV9Ir0ErT0A8QLN/Inw
   Buz4RnznGuXNgm7mONvWZrYnbwNKGsbO/LSmsKDmlCqDd/CRZLP2/r0mgNld6Iqy
   wuFfFo9Ml8WXUY3veMD4J9+i1sm08jMQfIqKgBOOczsBt0sPn2yE9mgcsDgudO95
   jFz4g2E8RUSRJgj/av9nM1lSCYjnizkBezVvM/S/qJmGHOl8RbYSZlZBIJq+xkAv
   xGKG0oNKVzHe8VtMUwBbi5kOOx5oTrvJ/A3s36MrE0JlcBKV/jMMt2FyDE++PvFE
   0X0zf1YsK5281jNBMBIA8GRbLb8+G/6q5RMf/epfy7c4oJRpDblPVhSMWXmgUNxc
   mLmCftewVJZvvtUu0WWcVWZ4s2GZOjtBFlqXcm8nBdY39drprA0pcrkL26XKWM7y
   F+6CqwCgsMabwViBtsY/BMVeO26UCfXJfytMGyCeuano9d3p12VHCLM49TQcWIpZ
   6yRLmKEYoXxvtThZE7WndatiUmS646xpsLmtoHpAhN9V/AJVUB5DPHDkFr75fWp+
   GYsKyEDDIq/4U6gYlFkzWuNF3if8PWwT8PbkiA+2XWrUs9N0Tw+ugD8LkeobRw5M
   gHcphVR6Zia3WvpXBe7u/rGgNqzRWHSDtT2UWKsJx32iPuQEVb7/KQNT6blBhFrK
   LUa6Xp1ZUtvdiJ09fNx9plaKquHQqjV00YTga++ZCrdLnEL0IxRMUbzf6tkF0fF+
   gNnP7uaCt/1mXRyilDgb68oLxN8R/fCRTSVZibLhimWPRFXm0Qf8nznYR2+nOARW
   K4SfFLhhB7QqsLHuQ6WB8k4vwewhAuNM6EDR9wSyp5wJ4/NRtwm8b+Vf9aYXweQ7
   8n+mGBpKQBwStOllzU+pDdorM+jmLeky2hPVkR59IvEiZmnDQXdzEWZAVEC9jbsa
   llb8FnL61OedbblBkjfeaXn+hD3iRbz44vyHa/l/4fi717XNCyWMEL4Op/hezWdt
   pGtexT+AoYw2uA9+qNkz7OxtqcSzcVkm3jWTJPJLrYslUUhI5HF8yH7NtbaySqPm
   ybxysODBGFXz7qf/o/rg2SNHfSIcfr/itP0ZpnuHiCtFwIBYFLoY2ceMYeKfvrKX
   9Ble9lgex4BtKL/uPFQopYWNPKAchseKIJzptZpPW2T37kt1UYzEhzieQpC6IDCn
   qSZeq/Nd56iF/kw78PQMDCGLdulJDh/nu18LD62GhCWpZMEGdxDJvP+VdycMEIkb
   BHXKLKm5NNAygyw2Wj6kiAPR3+/ZJBMuRzBFSxI87Zt/iXoHM9PYvyDcgjC8wwEK
   z4jRNokSW2eSmgRp8ty0ZSWcgnnegymkRsYSYkIc7894qFP44PmypNB981mLje3c
   FsuvRcVny3r/KJ4XI14OqbkYWwD8rkHbXohiYQx8N5VUqlfQCMyPpaqYf247fW1p
   YJwOKXeOsJeiv5/uUiC6GzgunABnBhZS5uFVKoCtVITzzOKpqAEFFMr6fG1nOMzv
   Y9XwwT9fnM3XWB6RsXeHvSMKjQQXzOMxc23mtV0wse1Mg01UJVcLURy1jWoY815F
   DDNeBt5irzunTvX3eRCGz9oaJ6Dzl6er72YqmHFyKEGFyFjCpOxMI3LlwZhUCRM0
   MrsbtGKchcht9fmh2QouxtQh8T9r0vLlVrHyJhWwargNxQG+25ZPyb7pmBR9Fs+B
   5PFhN2O3nOr9LbPdrDXxvsGexOwAwf5kp0LdM/8g+cn5qqSNGcj2jDagZ5j2IPbJ
   9S7HmRxx/D0v5RFnwrc+WVPR+z83bYwlN6Ug9KB1S1lwE9E5DEUb4MWbnh3RCi8k
   Uhh0ErIcBWByUooqZz1in408/ebhlpC2zYCOHqUP1AgVsycmvbZf68bHDZxJWPGz
   w4EJYYCAF9DGbvaF+pA3TWnt7jmf8qLliwGCgC7U2XjsL6aTClql8QseE2OvvBLE
   11g4ZbXJXHs/rV9ZuKzzIE7MTQmZTY4923ROG/Bt9Bc/1AJ/a3e/mdYoZ+79TnQr
   /sLP2FiqVHAOtLY8SQXnVP/Tes/Jc6EAxemoCR7fT+959WcC+vaow6MTngjk6JBb
   YQUU5wNNFl/834tnvSLBI4IohjKbp/ZBqsctq6bg3pGb5MjfJgOxybX3G37CdccZ
   yxd3N0+3lXBWuEuUEzusUu1pqxK/TpVTcptV8IJJweiQjwYCESMsp0vHO44a5ruy
   WDiMaDOdgSiKgTl+4LiQsTTqVG1Hd3WB/16hUvIUeCmwbsDLZ7JZWy6b0PyQSqdi
   AH2GwmcRRU0Kiebx942EDTkSTDudSCd8fcE9B3zg7VkgNkTRyHALUW/4kEm2LayA
   Igg5Rkfe/t3w0wiDfiPkx6KZH//S5FpHgbFbPiXGLcKIozH0ocs5kT6L7vKc433K
   es5nwUksTlIiBdSP8fJjknUww179CqF5H3N00HUo3vN9Ghso3bvBvI0WOd84iuLk



Gillmor, et al.         Expires 8 September 2022              [Page 105]


Internet-Draft          Header Protection S/MIME              March 2022


   7OX098rJyQR8HBBiUFG6ze6ZY8hd4EY87dFY2/01p24iuQkLpXgxIRPmm2Z49Wvo
   2MlXLGIao+4D+sY3+E5RtOfjJ9oEUFZX1HJ5zjGB9poPJV2O/RSiRXpU4weIW2+t
   T4gvboMSMPZh4tccAsIMZxostc1LjBl3lrLzR62crJOdOc3vKHhDrd9RdR2QM9yp
   ufaOAwJm+Ubb5+liqVPo5bwyXOxJZ5Q5cyBQRhwwFUL0y+tWwPmyGR1ysoW+soFm
   w0NNGgn4qZFm3O0i7wkFJK1gZzo8t5d2XXx1yp063X6BYVLT+SGuTSNrfpk8MuWo
   0Q+6lyZ6UjZ5XLuGvyKFOyraKr3ETdfMCA/bDmx2FI/rFDhziwWgtYJpSaoEptP+
   I/+rZxfQEd1kzJ+SgvggUbpRXR6/UCHBcvjSnJNMyBRnjTU5j9FBfitay2L5ZOL8
   79hudV2c/NO+qTc1yMir5zQyYLfN5oIHUIOJRRTs1/kSu5Uk3i+ByDvAXG9nJ+I4
   t/zZ9FSvk4RatM+nHLbqQvA31qfv8yoz9quVhEAMZRMticGWmwvPkchjZQdtzwTo
   vCKBC7M12xITparw+kZuD5tD2d62xn8vTAgLhaFebflI5N5dF58XgwOkqMEoYq+l
   mYNorq/q659Ac97jyJ35UEGsS8tbkWCAHcj27WwkCcFnXMyfkRrDXasOyQWqZ8iQ
   mmZeVjJKrHNHAV5Xj8l+CI2BJlLwYyS/IwbK45UuIi1xcMAAx21J/HMk80Y8laDR
   qbqq5IPR2ndsYs2JYchBB06t4VXmcJSzK9Y9CFzK8OOOawFE3DpTjcl4ZCxodKSM
   MuTGLS2+ZYqM4buYp92HbeXBz+tjCaFp16wFiPm3yRpm969smGt8Hhc0wkSvJIOl
   LmFkXib4QXDx5ulHVDRH93B2tnq9kCG0Zs/AHaUkN5/TeFx2BIvMEJyQTNHfl2Sn
   kF0+ao3jREVMhAadVzFq5Yvr907MFID/t29EEyWkk7NU1zmOjTzOt02akO40Pnog
   Qibu6gHHGFY6Aje3zHdIBEXnIETJd1vda//GG5u1fdb7bgJzoY/sdORb/U6ZY2zA
   hlqJnifV7+0aT1aVDXD/F/FSd+B8sK96e1MC0oB7YJ517ZxdZ09WJ/fNJaXBU1PS
   2065hVjG4S4XfYonkvE4Ig3OUntnwg6y4fx3ZUgUFo3XJtGhgyBIw6ZNrHrhyJHZ
   w89PxnGJpGTA6tDbJMUNSir6yvR9/uhgADhfVJszdhSFKKre4BdDwn7gEtd3X2dx
   TbkFAs3TzfummzNHO0Cl1v86RR8xx3jRGRqJLd5RtwoaNUoTMIR6oFNx+1KOG/lp
   ADjBJU3otm8hC7Vp5HdTtRk0mH36inha9dPTjFalx1OIUmj3V5icC2ZlLApdAuzD
   uAiYMqntZJGHawGLKOc9UspeMgmUiblo25gDMYsuG0stOfQZjQi9EQLQ2xyyj4Ha
   RIrSLm+guqcYPQJgRhAOEx1owEGqJqYoR4rmps7w/kAW7TrTrdXeXHLBbvavGtwo
   rt0mrTfHPhPmsYbQz/4T7Lsm2k60TjGbSm8tGgBRydJI5ly45U/FpNXVgykgXBMF
   P+hJLVMvKgHehLCoxn5sBE5Zzf8/PrgZ6c1iG/iBXgnbMW0+yKUQ8sVLvp92YpY7
   hKplcj7RKJL3HBxzUeuUhFGfaiq7MgpKm18vgnFXJoc/NL5N4eKLzn3TD0q/Xhid
   5lpZgm3+6c/mDgS4RUIqtHaALsVQhoMGdrK2Tr1bi2VoKIhEOng9UF2WxQJiDNhr
   VM99rYy6aX8H9bj70xYG+KtlO1fEjp0+S1OEfxeLCEi/DShQjPrEwumCW2dKz0Q1
   7G2u+qo6Zcml9eJp5ZX4GPHrlImX4+ngp27/cNDQML/pHZrTbT+h2HZiDObED3if
   Lj/pAB43Snah9bg7XoUWOE5lNQoOq6uSG+bUFsuuprFeekcs850DtaryNWzpi+4/
   5bScqoMawu64YqNq/1pSCXImEEab9nXtn6q4aPjhKHEAhWD73YR0nP3kV6XUn1yF

B.3.11.  S/MIME encrypted and signed reply over a simple message,
         Injected Headers with hcp_strong

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Injected Headers header protection scheme with
   the hcp_strong Header Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 7565 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4592 bytes
     ⇩ (unwraps to)
     └─╴text/plain 337 bytes



Gillmor, et al.         Expires 8 September 2022              [Page 106]


Internet-Draft          Header Protection S/MIME              March 2022


   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <0b3ea6dd-0e91-5a91-9bc0-3d553f892983@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:18:02 -0500

   MIIVzAYJKoZIhvcNAQcDoIIVvTCCFbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAD2qfM1qd/wlIn5/weLGjTIvhLXq8DBtZlBx
   74LEO41mLd1hgnRYsPIWC2PtjkC/seobOuZC+CV58bybhtZc98t+SPFhw/rCzvKD
   r+TYWJWJ5klGojWrmZJXuXFUA6GW1KvNQYQV2xkntNjeOe0dUY/UwXDXnV2hwOSz
   K0MpYY9/M847oDrGiWv4xDqLd7WrN+ztQiy+4b29oA4Hy40Ll/z9o3yNMYEeZ+ZU
   oICNWAvSHhIHuHztoEhhGI01wF7KFpygyjP34o5oC0MRFwyUPmqJEuj+/o265hfj
   zKAzd20Dh0lY5f4cKRak/Nq7j0YAVUMftIn6Z1AI3NBdqAuncSAwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAmcFRU9fU/PySxv4kLIQ1zBV4
   nTTHsBv+t6RGYcEOmqToQCdNyyQie+HqTJh6M2/Cc1sbRuOVsrfhJc0RQqKG2VOa
   huevYf4E/x7+3Apl7zzg6rOUfi0rSCv8y5PYLaHe3AbZvJr/ilj5YKIj8+D6JnZe
   WxSSPZTDbmnN+oTtePW9v+hfq6OWomQ/VnUJTSQNUnkxTnhBK5MiOnwmIYBpOD5Z
   29/dLzfgciF1gFtTdEjszQ05IkVB20IvP2hvyaciljfKmFXS3302jAuxLSPiAQIK
   UYw8JQCLz+TEGT7jr2XKXTQQo2yv3dRTB9Y4P0/MglX8fbzqWLyOY94hK8fWMzCC
   Ep4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBaBWCdD05Wk7rGu0j8AGnmAghJw
   LWbI6Q5pWF3Q3tMokfjJ+6dzF8HNZm7De0S6Hu3eU/9w7ooJDnRsWbdr6B5QI3b5
   fsXYC3Vfjp4iYgwikm2xX4AXzt07T4YUl2V3yKNU5UKPhRLrbH6zb91+ghmZ3Nor
   yEWWu2QuHVTg4xsCaEG/+LX71k2wJTI6Lk4QDH15OyIN6KaivSZkqjNll6OgQTp4
   /0YdExevb/K2WX7w34kdq1KFg0Vju2hGrnPMhgpvfuzkQirtFtZ6FmeUXWm13lX9
   Guf6GeL6F4r6aZqH5gz1JUVh++3OC6bzPG0MdkSVo5hELTYRvfclnSLbyYcoE38a
   v9aMDlRv8v45Nd3eCxClG93Vh/EP8NOS02geATE0/mNk5f3jsZ9iFZOdRMZ+jVuB
   l00t/jCj9PiJaxLZ4+Vf9qB2CJ15PtbEp8CfhNi1mGU3Z8LJbPApUpRW/rzmTf0P
   JbGJzL0mU39zRnEoIRDAFAaqTj5pVgqWiYVJhKkfs7fHXd6hHM7MXqpQXtc4KrPC
   UJWjii4DhyEEeTscOx10QPrGqST5nNFbc6Hb8qFKc0/bIE//QGz9rGerH+cFxeKa
   sOkevWj7Gb6EhMu2aGJMmnqoh0pNj2bp/5vZ6paFmhn37B89nJJhLXqQeDcgglmA
   f7DzuAAN5CSw6KmiJocmaYe6RHZjCEZmILXHSRJoDoTEIIrQiV4NNGxah7Nw3gaw
   wwASkf+dhn6mKg+6y1mVIIPdgW/CjjLSUTvox7WeKdmlX4yjmJSASoCJM3NWGW3z
   BVDdY3nxkSQ6QcpaK1N57MpOmkP2EjbN3ch8vQuj+croYOmR72zD2mGNQ5iMzcl+
   US5jIew4R49N1TavwubkQKXtxl6WnUgVGLeFm2d+J7zGWT6tw88k740Oce8UwVpu
   NBZduEjPtYnsyXIRxL5tYEPqUrSbrTbsK10WesjpTD9+i+fBqvf2Y832yXQeu97r
   9JSQi1Q6Xtyvsmy2lM5ahdzwS8cz2WSxMmJgVyGKlFX7REPjktHf6dkDM+GZs+6w
   SBhDu4Lyf4yrtiwuNsoF1qn2rdhnGQAkjishzsOOIcoctx8ionRi2p+nLn963tfZ
   kYGcbbRaDs27nMBTFCncLpXFqq8Phfmb6fI8Amv4JzptPtqnwU/ygonOdkKoMrqf
   DUXXAJ7r/5otGqc/ABjuCOPe7TeAi4JZm0nnEnJM1SvvuJuPk2cJ18ippjYIF1lf



Gillmor, et al.         Expires 8 September 2022              [Page 107]


Internet-Draft          Header Protection S/MIME              March 2022


   zkOU3aaxJtQKofPszkX6eBEuKWlTo9rlh6M7NqmZ3j9Q82SA8K2W43q0ImgYnded
   h+5i3siTYTHrXwSdN07hKtPI7c2ZE9J4ASDtTmWNmrb2i4u9bxF3+IG1ze8lVZU2
   Woj4mqsBYOEO27tKn5IWVGKrCgJ1maKOCEumEi+iICajyyYOXzl5mXu6Z6+84uDn
   RxMCOxu/mualrIjt35zaUVuvkhMMJnkRijEcdbHk+ICM9x0DLnRQruuY9Kxwjgui
   c8YACZcQf0SSMyQZTbMfJjVXvplXUA0TqF5dCX4TorUEiWy7pclCmBvvAkOADjug
   htFRym605C5HtjmVQonQWL5c5e5z4+cDOISgdkaEvVCqg0pu+MSvMLhjiqoQx7dZ
   Mov5sdbk344oo/G0mokjLT3u52mhM00SighMtW+ABfzwBE16DP1I9sC9Ge999HsU
   EU7hw6vEOIzM5O8hsKTAceB6wpXX0ch1um/emFkjglVnxgHGxYegMezigQwkgaNV
   UwuqPnnrFIce4xu7QZ7pcAcpcWVLUZhEtCK1vh8QPUBcdA7CSrcGWdXuzEZ5V0Xt
   LpF2augMYQ+a9XFQjm2Lx0UZErfesN3plZ+1ci/ltQgVNuZCPABIFNEdZpEKtOfR
   czO5y++dgqlPVOAdAP3bhY4cFSFfyoeOTtJo4Ev1kph7Cgp9s1zR2QEUrwah1zMa
   4zyeqnwomcZtbJfFysNTlIOT8FeRrynOImEZaj5HoCRvicEBUB2Y0X6uFcFlyydv
   1pEEIBfoI2opc5Zczm4x7sr+MUAaGbvVBRoXTn8L0r46JILp7hVYlXt+DeoR3BEt
   sKKSE+q3uuGbWCmhAxeoYZEZwt9VGFv5DPJyhugkn62dA6P6AXPHYf+NbIQIh0oM
   HFRx+3xZwluTmCq4+MFlLFekGuYenQnBEySm7ps3aLRBxjdKTuG59Z7nu1KIeLjg
   nyVhQfyDgyheDLdf4EWpb+moqjmfKnW1k83KSMLR7v8EQyWYBO1jSCCoOTeEFez1
   Z0E2ALHfEWKMFt8fGHd7VQoJlwoIoixNj5jYlm8xGBDvNbFDBCa/4e2CaAIj/AZp
   lhRBXc6JJibLqOihgoxc5fMNTE2klv3qWa47QmbYnkQ1VV5C/u3mwBBlnFHSVHu5
   s1MduNiVpN6Z6/Cex5nloPZK/7TqixnA6/058Ckrqf6nLZUGIT5gFo9RRYyGqbNU
   ptIeBZqRpOxLoFanC2KSOFnJFhDAd4XVzaoXTEvyCjj9miTbccY9xh08ldAlWcZh
   0RItsVcqKhkVD25FH9kViSKjct1V2b1fqBAEcuqwytnB4gp2aUNCRmvu6RDPBpy/
   yNAM6d9dgDCyW55KNpv2aUoJmSxEGLuZhSMJjbiZ/B43ipxJHwpMmP1Vj8y6UX6r
   bzpaSRXhPv6RCdohH0Z6dY8rpO2PEufTa+4YNYcv5ehCY0AVcVSGGy4PgSiS+M9t
   HezSWjMkqB/Oa3a7rEKo0Em/n9Y2L+h3npXY5BPACo590diiPdbOajojdP8s9DbH
   kGepW9TxYpBKKSODBZJF7Gv/yUf1xJ23g+eZjnRgOBaNTRImSe484pSgmSCbOg8N
   dW4Odnk4zyoZg61obVAQShRtmBU2slIx6Yl9zrVJUIxo77d1dkybPob6mtgAauxZ
   RDKT9uaaC03fm4GEJ9HEWfKwK2m4lt8EiHLrjz5Qar/XUW7JajxsJG9+d6pMZtak
   TKevdDYv+3Sr7+TSDUEYtYgPbxBdPtT8yXZa0vruA5BA9yazmxIfbK3HhKe9XFVW
   CEpR1kHad3g8t+xQFEvdKJEEfwrWd31KuqXCmPJqPEyT8uZ51NLG4xqb2oTM14v1
   DcoREgm8ZFVpsvuwylItnwH6jluWV9yzetCoL4AbH/M8os92mzgl9OCygBl4PV1T
   t1UGyDidOpv1Pa4tWvvzJQioGf49mPeatlpFv14W+Iqqw1cKsDVbmq1MusOXgafm
   qZ9nNYAnxLU07FfeN09ljVyAEYMTW0BglxWU2Vo65GoZURH8mu5OHau5gD8FPOqJ
   yl3kUiZ8PKoQp+TCYfWs4IyEDXCo4+wKJ0TPVOhH8mBeAZBQsfmYEXtZhBGSlWxB
   OMu9DJMuEXMSlUWFH0NEajhn1bdU1KD3KUvLXx6lH35NoL6c8ER8AwHTB51wPWsp
   hMiG6T1bhXc8mSrz5Z9ftBXe+5NIN+eChmxUZpYTbv6wvUQJ5aq8iO2CTjBa5948
   RhXCrENgzF2sa2tRVQjWOeMzU5G5NGo+v16bIZIzXv9GsWJdhQfiwJ8PEjdNGEnF
   gFb/zSPJbno41vgKhA5vp4r3T9IGR8wqID6Q4Tf6MnP6MkEPwwzqH6lp1tEhNElV
   2W7lpbkL1n63ciSw+2frJ86QiDDeKMU5OFpWR+pt/6dGuHTSCOG6lKIlJRzDLRpg
   Wg4hOEJOFID+9RU6DBZiNpW1FIt5VZ2ZHYjrqSYEy8z+tenmX/yg42YFxI+1UL63
   PAeyXDuNQ+D2OSrs5WqPz+ac9SGqA1NicNMDnLrm+82OG/4z/1xcTUlTI1ewQRCD
   VvXiTNxll1PvW+/wdD5YGcRz/yjBSTqV+Xb1ALKPTk/qrLpHFerTxWw1BITpNEA2
   kKM3lYBpYZQK+ubTQexACbQeeE7129OG5r9rUEtcTEeh1vzg1hiYrWoGzFOPXUET
   G+ru146zMsDoJSALJuJjgZrEQX/BMumYdFHwPVxAXy7d0lzchXUTUlbzTOMteAUs
   Hn6hpaELCpuWYhKPQ30aN/Q2zWpat7jz1w6rm+NPTHbnw1loE0zJclaw9huFUCQZ
   If/DRPbKz9JTOdfZiz1ZqCxDXilpfYXHgFMWa6OMpcMYQ/yDOggqD7/z2fvwUdOU
   NlDv2HxpoZKuBV6bF664gJ3qdHmHEteecKXjKbuzUbTrQLE/dsZIsgvZyW/sMiZy
   ErLCFA+pcGIeO6za9DFYVQheIpv6/y+gJgc/H8NPJXZVREbfbRqnhqkMGmnw65FB
   lDRstzU1AYvq65aeLXkDaT/9wydtN57ebZWD7zbum6OrgEjdBtJWd3NuiUQf/pqY



Gillmor, et al.         Expires 8 September 2022              [Page 108]


Internet-Draft          Header Protection S/MIME              March 2022


   dbKBfBifI8r8oUWomyJV3l7HOxXLZO7bwXt6sykngeZhnW6gULF0J2VqRShN62iL
   ycHtr7ug33fo+EGHE/FTia3Wg9SUJXgssrcxB++igW1Ou96AHA/Ub4IQZM9plIpE
   BH4a07A0ia2DxYbpWCpeWZWuKmBa5jEF8VIyVy3baic8L2cWmMPjPZ9+DyQpsemj
   RTutRPZUUI5pNUPiGvAby+c/s4zLFtKFFzk0/mE5MhFhwws69llz1BOA/L3QRNX9
   py9AlucjDPOjFrJ4zmvDzdogkwkXGVSF4ELZgh6Jpe4ZKNqkI0Xrv79GOngnHm2Y
   a1srIFshEQj8TxXc3GT4W7HrzrbCjT8NLGE2YVq8xva6iOAX6DcpPLb0DH3fUcJh
   IYBE0Wxlr6ZSU4DaahCfEuNvKBtLv3oE8izP+SBDvo62etQXWS7ku4kQi3z9Xhlp
   1qjLh1ePnZXdO60RlgrpvfwbmT6sFWrnRrOpeCkjU4YgMRJWwzyhWDJK9VVvYpFv
   axcyjGzBgkmdh3+EV8ha+Owy6OCY95+9tZmv5c3jdBHrs8ErFh1AsYDfVWCeN9rW
   T3PcOGahl3AKqRWT1g4yPxIJSGCwxLR1238YLcd05LigKh6VDV10X1AgiON5fyP4
   5o34WccEbM4qvroR+sEBvlFJkA7k3965R1K1exSFkVqyaZbn5P5EgvY4MMgtCxez
   KvYoCaS26llcK8ofGVy/UTyV8B1N6ViBX5NPcKycjVNrnSroPIDZtXjwRHjZiPud
   iboVmbLDgLA3m5hoUUGeLi1jbTkH+OUVga+0rQy1QSNHX/MGTP4zV4Gcj5NU76CQ
   0XWwelntePs9LTNJCJfYKyLPcelDAJ31JOia3Lqg4GtYEJbp4pq3rwdp8vF3etkb
   8QHUBcwfEPe3kyK1VYRPwfwq4tpmLrfWtvofx/mZ33TAoMa3e1p9SXHI+Ndb+Sob
   KL8Fyp43miL9wUFYKnv0Vo67do3cCXYOA6F/wbJw4V+oLdBS2amMQnMwpra94Scf
   L+B1nmzQsGVpl5nieCQE935uFDxfxGUatNbKbsqkX1ZOIORPplfX+TJrAfShBsSj
   E22uxGfq0Bj2W/3tdFVKnkxzCuNtKECq1xQSuTaWkAHW5apFfpVBpWxzGO5eoiE8
   CadNkpr8YFGswCrirpoYqPgGHE68I96yIHal7H+ufo1XK7QH9ZtVSL7CEirYG0Xi
   ZhGhDlQwMBDAhI/57sF2xfGgv8UEm7l7/94isN0XPkSqEmmbjcBpGhRBvRmWggnX
   7DHoQj0viTY2Cj8B4f8ATvdCEuPY+JpCU3xWVdSTJSOXq9NH/isNzxWWxx2aCS2z
   T/K9ol67FcXMJN8tH3TCs0VmXkYwID94DrPknaUXMPqr8fiTedByso764tCoK/bZ
   FcDRnUbdpn8UCN8koJF4UMp6mHOwWxIg4ekX+V+REudBAWOXF9pRdury8xbVFb6A
   t+RvY9aZhTTr7sFFDHOSlhOnRndzfOVj5u0iiKmdmk4NDMf/gIMq1kQ6m2/vjAEu
   2H1p8DJ6XNsLCIZ4nwdqU5326tFOaeylTAcwSXox4M/23zzEHW20+DCSXn+GAd3v
   U0iN+AKsss6pGPFxzwwBzaWBIpCdXmzV1w3JOoLiHQOx2IHkGXXEeaNPDBOa2PoY
   G/vQRsJCv3vgeYHuq+oKiOORye1rLkFakmuSZjgG2Wo05B5tapxMHoW4plyNDDPJ
   0cezb1xnqbDkceXcHa+nTeCouRCqd/P6YVz5ocD4BIdSwrda5GX+6U0bl/e+IDoP
   pHWKijdsU3DAM+uCJrE9EwZHDrkW2qL/Spp9AhtbdMsugaIqVuuTQyCWhoK+wpz7
   wjCdyk1XEMoCfQ8PAS1RyaSUz7fYAsIk9P+FZ6qwyvM9zhmvFQcNoj3E5ObIq18H
   GezlvPOeoDwieqKamAHWkEwefrUb6X4IK9w8dBJrYQgCjnwPq9G0dWu+MbbP8xwE
   w7LgVMRJKMMDllquSaKDrQ==

B.3.12.  S/MIME encrypted and signed reply over a simple message,
         Injected Headers with hcp_strong (+ Legacy Display)

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a text/plain
   message.  It uses the Injected Headers header protection scheme with
   the hcp_strong Header Confidentiality Policy with a "Legacy Display"
   part.

   It has the following structure:








Gillmor, et al.         Expires 8 September 2022              [Page 109]


Internet-Draft          Header Protection S/MIME              March 2022


   └─╴application/pkcs7-mime [smime.p7m] 7845 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 4794 bytes
     ⇩ (unwraps to)
     └─╴text/plain 431 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <b10dcc75-cf43-5fd7-9e48-f932a9d68fb5@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 10:19:02 -0500

   MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBACGdltueYBykYh99Md439ZT6COO0DuOkUssi
   mv3sONO23lQTEH4IDhS8pYhggW0VuZxgSL6feXXdBPYdr8UHnTNZm2X8X2fSpZ+N
   HcdEN21H71tpKrFHxIznR1bEU7/Zb0maRg8+O7g5f1cZb/e0dnjEOLQsEplkUKik
   wZQmfi0FJaFRTGEdQh29pQ7Ww5rVltn8jyZvr6IFqVPjOlhYJ3SciUdJxygMnF1N
   FyIBlmNShELvkr8C4huv3q2LOr02QN/W8TdflPIDakY5zijst5q6ILX6L2EypcuC
   LBTFWAyWYCsechbb0ZyZVFzg7+Yj/ELIeOg7ZC0iPjQhaB9lluYwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAAas3uwX/STpLX/lRqYFr8HSB
   yVCdYgegxlTMbw98g/QmQgcNvrzFDvp6vF+VkGPOqTJAlFSQGJWraNLTmbBQ94i6
   NXuQ3fDrGzr0Ll5RbvpB0VcqrejOrOojHrgkHKGl3DRTIH6tC4mgmOMYZToCev+H
   bWpijRzWYdFH8wGQxwgfWKHF2AnXprLBxe6Uub+drp2fIrASfBehX3Aid+6gYP1h
   tOy57CV4WIRA9/Xr1fAyxkfmChdQHHBziiuvplUtSVVQf5UoB9lKkjRbJhCe45IJ
   mW2hG53SoHPyud6DIhDdUB0RzbTmnnSCnLNo03HohsszxDYJ3oa2Otu5UhvPxTCC
   E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEN9CGuz4+n6t4epemVmxzYWAghNA
   3D4c/K+3F1f4LD3bnX4C/QHDrrX+DwkHhmMT7SdnP5EfQngHFRFaLT14d39XpHOM
   sD7kubDwB5uW026zEoxDmgfcYPzeY1OKVzr/sakxiMRWybdMQyEkwQYWxVzaSTLm
   +pvssI56CmM/uImY6F/i8ncGRy2w+nuAjAhJFlXO9+NUzRPEweEoMccfZ8lX8yoo
   Zy9e9LVvXQJ2gFyA9/Ny3NFXVlK7LbHIV3oAwztLE36nRBlrQRyUswvrYdowbS2u
   fVPzhi83lINf02rA+HJ9WWLRgQtc6oGDHJqEzXiMRQMuBFWj/6sdhISaoELUCSRo
   4ET9+D/hdrPpVuyUc7aglq9ihJnPV1Fod0ga0XHR9RziZgLqLknbroLOqj3mEFCd
   y18HXQbUOCxNuIw7SoLfFfoN/qV7hGOfkf3eFrChKmvD4A+FYezswa7lFq37Zkzs
   hL7EeLHf8PhTPmQmQVd3EFVWhIUrNvR2Fy/lZOJjvokFLpsAfMyh/gL+4SMxJkYr
   MW5KtcDHH84o9J7ZYIZwhoc/Zr86uXtRVQN5cTJnPfMFsckBXD+KEWbTGuiXyzRJ
   ZtzqfVywRm+4MTWmmRHq0CRuHsrbE1WCGmQ2zIjdUIOG2+cge8Uc2aAttFVXfnXs
   SZ3K1JHmRkvDug4qdR62lDDg6zfJNnsStk8ej+y0fLKZJy1qs7/MxcIRjxFaoEvr
   DdKbZk9Pk2pJutgsyU9p9bXN5qZdQWJSM6iZL0VVeolN0sZC1A61eeJUAzbytV5T
   2ahvUGLR/zNMLSFyDUj4/et0/wuwqPVaLLT6VqrG1gylt9VAUm6nfDTj1n5mIerB



Gillmor, et al.         Expires 8 September 2022              [Page 110]


Internet-Draft          Header Protection S/MIME              March 2022


   tVobrisydTBQ3wwDKY8s9t4kebInwfJx5l/lFaDg+BfMmZfIxph+CEVdaWE+ORgD
   97FgoyL7j60qzJvInsEUe8Bb5cml8fyMMYGMlydDGHVUZUGI6OxFaJZMpAhuq37A
   7z0/Y46ykepVvOzjZCBhNldwsW1AftSoWSEXHGbOmeI4rKELBiXqZ2TidS3Ny5Y5
   WGRzzUYufn5rD4OULPIPbi25Fo7WydCFnOIHBSPaZNixaM4fcjSqCZcpXnuzKOGG
   M6iGJ8F4rS3oFgXoeHDSM0CWnLS132zD/NKRklmLTiAgwEJ9BPG+NgNIIouZkv45
   EbFiYCGef4vBisukj0yDBvhlzTdrGAeHk2nqIF5B9DFc3GtuzKUjY/5xLQ9GIWuF
   NFgu6DoHqVmoBaISDRKFlYr4vxqWsoW6a9+yIOcTqLL6ll9hu4Oc0SaYpPEZLV95
   io9pBC4N9HPS8tVBzd/GAeK/BUiv1zordIx9GgwB/200pNkUyAuQ+DXL4yv/MROX
   Dp2tM0TvUNIQNpbcLSP3oGkEll1d2IvTFsKJMXBkCe/oASFUQDD0C4Upv7B6usoJ
   ZH5t1ne3dnxDQfBvhykXpWMxFEkktxpW5EwY5Cl7Br9f10LDX8wntj41F7ddxzDE
   xwk0GOkYfY7JTVnxefTyMCN8rYjEiQCa/KEgeZ2y9ORPG7tnDWpmSbRVOxPrmFDp
   sIHsnefohCbNuoLfWbcHsGX2nNQd7zSn4GRQWAUV2CP10/sVcsthEjTKsHrhMaVs
   PoBrhEos6wS2PBa4zLsFKTe85ORkowEW+n7TGU64Nz+TNR8w2xJqZrhJEiMvS51r
   uQ4fg1vijfgwPlmufZfH9UcTzZ4EpeRvTQp/Yrfc1uIfIliJSIqf2Vk3VJ1trJxj
   Jn0N5EDb/k3bNdxsD5GfuYgaO4bBtQ+8inywlbC7BXtpRJaEdE4xbPvQ/xARTV1r
   SwTwK9cMhzB86GM8KUqLtNhvMOJLitfVRLlRcMYXYcpKaaBvXkPUtKDFU7adHC57
   OOz8WCgazSrM29c8IIvKJKtxk0+zSZ5riscOhNXR7wuWPT1ZMMXWir0oKJIRO/Y1
   XptrfKa8goaSOE6abQZHMjdUwehU2W5epgZAz5XIUS0yBXpqv6f+NRpB75zazfNU
   39buyaJnytIABH4r6777ft3oLe/JI0Eeput70P+imSENLRulQnafte7ZaGMSAsQF
   v3RnekZqnYQnUSPU7hK7vn+sXbkf5tI6ntF7/XXY/BMrk7bAk2dvjiekscZy0Jsf
   CFKjpI9Y+dJ91+CXBGduBmavKSZ7xGdYayVKLyQ1SnGNw+IGm0sJ1fR9AzxGI3pa
   XPh55uuzGOFY5Y34kCO/+0KLbJ0ry7UQGGm8F3L1yLtKeFvYBj1pyAftb7VdMI3D
   XlurTQ+03tPrWP21wFPpB9nZp7i+8JaH5gJSec0w9uooEXEZHkhoDzE/wK51uJgC
   wuPcTFMrXNI2nGaiNJW20FDTsOFZ0iit3cx54qT6w++P6iQRJOzAH2ncSkGz4DFC
   mHlYqgrY69jGWDa8Trg0RDBQH1aUAmOAlhmyVLumqBdpfQN7mppB97DNNVRsDhSY
   VnnhvJH1YVzGJ1vxE50CLTfz8vDHgQmjLfab9IdJ2hb9McpWGGqLLw/u+363yxsv
   ijn5Raylovp5o7XF9t+NKpeGPNXamhbc22Yg08omXRsTv9RicnuPUK6WX9TGp6q6
   9l6X/8rUNdDGKxwCfzVK2pknexty1h1rjMY7QQX5QD/MEZl2BHdVtjN2+DvoqqTZ
   N8T9ow7vZVKgTM0TWy9of78D8KLMW8mHsq6nHD9X97ROrkucD8avlQdjgTuHbQH2
   wXg1dxGGPQR+xDF4p40nfDvILWlEGndaYQH7qBJYvwE6uxO/6uk8otg8AzdfxRlK
   60DByDHk0N8JDQmek0bEHSy4CbuBZgDDZwQlAG7ade0WSRUZ0ZwHGPfFEozYNFG8
   fCluzUuOOaPYUhDchIFYVOw30TwtoDwkEbcMzXXqBpXMzHD4Yk1TIKZY/ok9M3oa
   Oei8xx3pPFJaxfSodmV/qXwv5b+f/UrmCwwC9gLIljzg26o2KZK9SGQfAMf5HbqN
   yzp/RyMKr88w6urhdFdXI7UvPAcsi4wOOA4Q3ANX0T5E/3M9oGRyKpUridBt0Pfe
   Bmyr2Cq6yWDVs94OvPm6b1hOsOTx2KUTKKMTxWbbKjLKob7C6srYllc4x9AzjbJX
   XJu34KZxfbuRbL5mLzpu5BPXQE7VIZqwPXoYl+uvj4sAGq8RfHqpbeExVZAuGl+y
   Tb0gGtwaIyb3xTMV86tkjzMFprxMgbj+iHAeU0k2wbF09Cq2wXGddBUEH2XZYCgv
   aviaalJRhNKIhvr0zmvugsjnsFlX91MYJwGJbw2TbSxLLcKK6Buan3e83SNVZGPi
   Tvvsyo4XebbkCxMy4Vnd+SYRfdPx2wfleJsq6LYqSrAA0DgvTjs/3hnVtGL1YQcd
   jttlij0V8i0VicD5bNUbB132G5qy2BoflCkwdjINBZcx56fXKMOJU5cAf+XGD68p
   shyNm+/cexdiiRjNGChN26m/yNiPAkCwrPacnj+Z/2DTvmFFutAtImSD5y30NOyH
   YtxtuufCXPtwg1wzXcetvufyOHCquSLWIhB/usDLS8L/eqBJaezmF7dHa9oWLz22
   SjiGi+R/WqiSSFgBHAznUd7Wm9cUitJxLpMzVJDeotOGcFyVI0nXUR43B54+phJu
   B5UBU5DSt8VbjehmLUa4VCw8q38vDbH7L4NkTd3pw38lNrNuzmRyIxcq6Ta/zUmn
   CbWBfA6WoBHdaq+Lp8q3VNBE4IkVJObiYWtAegODFUIlvASixnUIYl3YePRXX8+5
   QTGxKzosyzYBm2Xy9cA3DrEY7VviOjXzAtNozQRbiQY0dcmDpc1GocJPk7gNFtPO
   BeCwMhlJ3+UVg+vMeX5lbAK3/gnMCSryxSgs9ku5v4ltN95KZxfOTmEXg2r1SdDz
   pvwkAXzp0wTyD1v12fAexu5KpFTSqauxy0tR682iWElbxmPmqnxrU3Gii0Tass43



Gillmor, et al.         Expires 8 September 2022              [Page 111]


Internet-Draft          Header Protection S/MIME              March 2022


   KUtV7fRY6Lw9DO/hcY4HCbL0uCeCi0YTsM52GPBNPyJkVzQjBAlATxmgSrW05+ND
   Ww3FoDL2ae81XWH4n3ZAZmRwTt3myeUm2UyBWDrXsQOb3MfENTrQDjoI4KjoHHyl
   k0BOS7MfR2SmSJh24aBsZgGuTekTVhcqzJHn68b2H5VkIaiSTS8LNBa12L37LpOK
   7jugg1RMU3KHdgSS4ZrfreHn6R3Mjz380TRwms+6fs4d55mqLWtnE6KMzm79cSw8
   flCcTKgYwpJdPX8qZR6BJKbR9kTeOdWcTgeJtoeWHMccVd7SLFa8Ya7MFAufnkX/
   nKyGteImetM81f2OuOc9s8tdvH6MnRBCGs6TLBJ/6HR7gvkAO8mm7Q7hF8T1f1hW
   7SBcWyV0ombMqutB+VxvKpzWhg+dozChhIVijh4uHCEhgHrDKgCRvQ0xdvPTce/f
   boPaajtf28SlJtoc+72AISoXv1QhQdInO5K36T0MhC47PTZMEVSYwkd+PluzO1ue
   jVw9f4GfO9lmJ8Ly5VHT9auu/wLiJ7N1x1Fuyje1+hBU+eH6vtf/IPDZsYNTyo+7
   r9hjMHdLYoDBqRplLxkEiOhD3j3VvJdTF0D84Ke97ICldKmdtpgTMeXgFI21OolZ
   dZWUeBo2xeqqgJWyNK0XykgOi6uLjs3pW72taG3q7pIgn66rHdQD5rixjisP2uTM
   yDznF+q5QbrtSAsQ3YoghwqLnxQnWrOp0swcef95tLHcJu6k3NNXiaMVVAZlWBIh
   UJ/Hw679GGoXXVFveIzLA1gcThjJ7Y7IU7ipbx8JpczGUXkLjtEuOYxlBBm51q0d
   F39q5YeNs0Z8DXg/Lo8xFgGKTzAuzDfmyM/vabHxFHTUJgyB/Dt/MrAGLztwvBjB
   sffTcVoAnzv5Fv2er9Qxgl7psksLwfRkV59IclGPrxfgwdZM21b0A3FURCGWvTMe
   QLUm9pmb7HsvBfzixhvWU4Wo/OAtFWX59lSAlSeaNaRqtPNAiyj5mdnvJ7Ujl1FG
   h+GAhGNn5yL27v9gvgkzBdUlq37eiNjjzu/m4YBZEkICz3buOVO2/io+vy1rxud5
   aMed7LnIqkXn8qXz2KPouU9BTiHwXLPby4FzKF6vJVF6q870R6b0WEYu0uRwTjLg
   y2dHTpVSjU9rhTu4fHMbvgDBgvRKlY2GWf/d8DSb71lSgWVZvq6SYtjxJigqNKYq
   ekAKOGbchPbn0SRnlYkCCUzOzVI0nFs7SogYWbNv7lI1IkE5xW93Anpytzo6H7iQ
   wX+1hB1jm/Q5iiBYTJU364NCqJ+a2H93H41Bf7PSMhoW+RvSoO7JUAsaOahQPjP8
   c1NAGqPTShgHDWE/1PUHRZ2+AjUOBY9tIe+NH/EF0zPY7uMXhm4srokBSdn1rosB
   6NAnIxY9DDK5LiLrkpQXJJ3Dciifm7ivE+/FRK/4gb4RRwmjxTUtNv2c9Q3apdwX
   ZawER8MGwniMghNwU0plAdt5z+4aZ0nU6fW0S1eAsTZ1uR40BTf911sj2llFdEoL
   2ZeUBYWm+lmx3MGtJIvYk93CmlJMBY8Mlcd1h/vT1FooJjt8EjjLBjzJhWacTbBO
   9/F7XjLzyEaG3v5u7C5T/mdDhYYyoQQj//M34pIUuGb8EL4Heq2wKX/k14QG7RBy
   PtKY8+Uso6DUFztfHwwyjafJKIcddFxiO/eQiIx813Uj/q5BGRRufrNcSVFAgDLE
   zTvGsoZGWkr7zxUw/cfoRAlzKa2h69SCFk4XcYkLLnQVEn27NXN3FhxQDH41f6qt
   CpVIpqeJl300v5fDks3ne84iKGQkMnjdYRGJ2UzGvaxGA9NN28zdhPZKO3IqT3dC
   2Nsq4TgBk/0wICjSg/vlMjaYVifBZo4H2Swb4CSbYh49S6upMHU+Kwx5R+x9TBNG
   vKK14gPzebpQxtjeX/oIJE9WEUS9/STuHpVRnuhYl5kbnD6XTOs2crZHpQlCNm75
   z4gqzHsG/ZXD//NkxsFPb6y7A0tmhol7wiEbLZf7r2O45YE/UGR5IcTcQ+q7dAu+
   T6VXouyzcU927dN6PiKmVkd5E6+oR9zcMWopXvsR0cLR02+SzbtxIeQofq7TV4Gf
   ZaU+lNTzOusfGZR8erXiptDVThvRbk+SpjCydJUf6RKpmQ1TVod8tIEKH9JpBftn
   lhmZ6VHKEM939lifc2pDl9TkyX3I0QBoL01MuPRbpDJiDODIdZmbNltgmoE88maY
   nZW3ZG6GhUjQsYSGEtuyZ6CkbC+dlGIWaVYQJM/YycxZ5QxasmgHwQ9jEgoMfXiS
   EfIBev7/ciyPU76nT/ZcExZ5OYaX9NHvNpL0KJzTNi7NXGK/JDI9gb6P1DTdwreH
   6FdwlkZe4ZX6TpCDrXl1FdL5bI6afUIZOpiiUZtICwVFTzYlhAlui0aD/79t0R0V
   EjXZ0G3JdJmqdd50fqxVfcq/xwDOqqbJUvcVcWg2F6zAMfdwQFNGx1qpL2etFspL
   vwe1mTu1UUP2gUBXpQyPrmf4EM768VaLjRoAFu2v4/M8zalr3WOtokr9YfiFRPEH
   EYAdFENn6A7DDE9uhFPJ+qasySYc1NwmdGtXVS5ynJw4GERicu7mJAa/L5fVzd6n
   xDKBsoZSv0yR+1I5Nl+79Q7L5xE10bITWIL00J8pxTE=









Gillmor, et al.         Expires 8 September 2022              [Page 112]


Internet-Draft          Header Protection S/MIME              March 2022


B.3.13.  S/MIME encrypted and signed over a complex message, Wrapped
         Message with hcp_minimal

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Wrapped Message header protection scheme with the hcp_minimal Header
   Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 9470 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6002 bytes
     ⇩ (unwraps to)
     └┬╴message/rfc822 1819 bytes
      └┬╴multipart/mixed 1755 bytes
       ├┬╴multipart/alternative 1132 bytes
       │├─╴text/plain 375 bytes
       │└─╴text/html 473 bytes
       └─╴image/png inline 232 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID:
    <smime-enc-signed-complex-wrapped-minimal@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:08:02 -0500

   MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBABfhanpcfRrENuk7s3Y/t208MLeCOtKAgVuq
   +YxkFGf1eaxIShygOHSwbXnGM+P3BCMmQ+iTm3smLm5KvZdO1e9Mle4QERyC2//p
   VNSbK6NWD+5sFc9YMZ9BrQDIkQ3gSDtVpZiCoNUh/IFYw0d0Bu55kTxrD1iIbPdx
   rPSwuyLw43V+ytTi+PpnlxvI7mGYNLZxHkFIaY1zqjpqdMphNko5TZBE2tXZP37+
   MQ6slzZZ4nnUDIPO9u85PlEabQM4zbTd3gpdri8wZnNb16kqnoMR5/uv8JmAgvEw
   hYY1akgApGMqM9G7wjVSd3vk2kXPR8iPUP7dszHXdlbog0G7hlEwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAEn22GWE7bdTRn4fqNM0tQeXb
   NqN2BYvLUaMBiM4mpghZq9GH3NcmFADp6SMPjrh871dh7aKLQhOsBKLZ5eMlTUJr
   3CcxczSGd+8urr8fnH2/aHmarkkz8YE8eUNIPlcCJbkAuw8cskDdHgE/xPYpcNsC



Gillmor, et al.         Expires 8 September 2022              [Page 113]


Internet-Draft          Header Protection S/MIME              March 2022


   J5mwtcVnenPFt5M6Xg2TeaY7MYLV3nkToPhAr4wJsE+wFQv5sHSzP+W/HmoPzvxF
   cpG3JKqI0oMnmbvWjqFKBc31HsFrr6LOhilpt/WS5N9OiFvld9VdsxX4ihoXfHCh
   KORL5MqJo+dW7iamwXl/EiqbT84z0r865OfvwgWFct2bjs6O1vSR8O3LrHTP2DCC
   GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEAVgmUQkXr9d9o0OLLRDaHKAghfw
   AN3p9ViMzS3HiNWsI5FdjO0ONoey+zwgLD/6NT+kvHSdrO8mVxkiSlqiMlU+p73o
   tuGu2G95XIXZhfdSa+FaFHo9R0+hPc1hRgwIOaKnanBcib69zehPF/v4PzgniUi0
   /l02qOvemyfDyUNepw/LItyoTFFf0h8KxdqSrXAIOUYeaxjVqk5rdjh0WZ8k7rI4
   BMNXgFeiQzKr49+jME51mkjDNulUZiNhuEHpHLwiNfDOUybSoLyN01ZTC7ckSpV4
   FT1+m7FH+LRwAo5ZqugK4i8CXbkqRByxpt8b+oPZz+7mM+L1bPNENBSk84eVfNQu
   6cppe6/gCjdel+Zwr31mwdQ7TGt+nhgQU4+ZdtcEG9zZfcZ2EFxrYasInDZx6pY8
   W1qmI11VESiGBVq6mbDn6QzQRPIZwdxz5mIjm1ghHcNuBLgTnzBXGOANLsYrgWh8
   noVnm6548GvXbYygAghYOljGIrIA9k7wZzfyedIhYYEc07BKHE6x0rNtAZsEs1JO
   Kln/cI3vAn425+Pfr8AJkzBnzzPwcBlDkUsxu2RNbuxAKD+OIIa3gnXk0hdQc4pz
   LJ80AT0AQ1IKReaqa3WFYTDzZ9vqF+MECs5t3CqYpYk0T2dk27pa7K+O3NzklRe6
   gxoCneYhsbNvzBTRhZeZFlt6jhoyhWdD0IZQC+G9WKXyYi1j56x2c04MCTMDse7y
   qBiHsCK8qWkz6PqFz0VhiorX7j7Ke+qTylHEF3jNlBEM1xoW5pHp8Jvg5JeUYK2A
   HovLtRQiF4suTS/f/FltIZzSY8eYs1czdmCFJVAzdDdHAwTiqu17d1R/v5Ypr4N9
   GyeXRUZWmHKZ7d1ixriYwwCWSaT5MAtoO/mIFamf5CMhUcxCLkmdRx23T4UCa/yf
   ffZbPBCO23GzAG4WJOKPyCVWBjIyMlTPinYq4cOlnEqTom3CHYLFNuwAaD0iehuP
   aAqYtMETlFXyu7+AtkWqBgbwmec3z8LLIJzWt1IOb9opoP9QIhTy7aUePT42eA9n
   2r4rorVK4c7HxNCswBlSKbQrELyz1JiUcYeqPArb/jDE/LlgFH/D+wrL1zIAgR8E
   kxzGBaPmxxq6dhDdHeEAU3oqoWbt4e0Fy+bVoiw54O+e5NbvtM1+HAeKXzAy3fX+
   Y8iavBhuLB0iDSDarP2Exc2dDO+rQOk6EYCvqaYh4WRA4iRe4hsW4WrwA9ccLGVi
   +eTdml0/uJn59CcjEFs5bicctGtxTohpuzYE4V2BBBwXNu4KFvG1USuVdsH84Mhl
   TtTo4ptQly0u90eyWWlSdaJORBMRMCj2AY+wvldRFpx10NtbGwQ7PtmemZktZgyf
   UjL69zbu0qVOWW6h686uoOTkF1D6K2spPd7nLZjsu1KJjLCdQgbJNU20z3RswPq7
   cSK659Uv7h/kagEhlY9AhEjtXCbYxP/Tb7ieUQV+CmeGPM0xQceWd/LnSudqh3ZB
   slRv7nDgIaKqoF5dZB8AASqs1W9f62CRy/Kgu+D0kbLvc4unid8yS/CiFXsPGkAw
   LJwd5nihVJC2jw2GrfP17yhNW8TR87nbR/faqoyWmQkjqyw+ezNIkgRM2Tr98fe+
   CTofmHuFAOCAn4q9q40+p6YCDDJCYbyyP2nLIpaOZBpVNtoysfkvH7bBWC5qrFt+
   xK7YzlPi4Dtw08K5F8nqaPdgJY5hSKoP2fPrJBwx40s92rOalZEdNA+Ig8zcMwqo
   EYRE3BKxPBgChWxjuMcowBkNz6ZJzBSsfPfYHz0/9NdDStBl32M29oNN5XBIYjbD
   sS1NqmK7vJVkrszIn8w5t1VQQo6B7SG34/sMPRZvfXLGvwDO0sn5g5NBJ2to323R
   rpNwXHRQao1O6IARwxTSCLk7+r7mjz3U3Cz0YTWpuZZK3yMKg9JbxAN6rG6fb02+
   tideDrU5ibGI+VpBxPaoO/q7XBWks3Q3RX45O2uoAPkYNBr4D6PoMXq1zrtMoSg+
   PDKGTuZaw3RQ+5ED4tFWUl1VQACLDszT4Q/7RWkfF51b2aswy97gEoRCEUYc7GA/
   KDSyviz8kGxEF/KxqGFZhYB1/Xs2VA/o1XUZsbR2YX/mhfn4iEvMUl+vI63YEkbR
   KTQdM2UEw1MaqKSSyo4TGJ8WXG1WerWQ1Vpxn2HmeOb7mIYw0CC5vMrDsYJ4Dz4f
   rAG3v2iqqG7aLpbnXe8BYLVMgcnciJWfav2lWNVUnHhG1IyeOvuvQRBtO9RizxSK
   fe/5rjxBBa7sPu8WDESre5Xg/C8GdbKk4vjxM6pUnYKLMGxpHO/XXWDlaIV4IuIG
   HnfUZ9UzR3cilV53bmuWKlAOMqvJ3QcvO1tXdcQvk535uMu3VgRyrwd1wDbVRH2h
   /ZTW5YEO95wjcCVjfD4YTXZOoinKBFt7vv2WDfCVOYQ4Frkertg/E/V+jcJ0usoS
   qFny9JE2WQ3NSkYb1SEYQD0oiWH/6++kjknuMpWP2Ubc9UTERVD81RGPBNL+vAr5
   ItFtD8iwBROCZg8iB3dWaM6Gs2zu1sYZCWvn18XVrHkQjvqvliIeD9pyrmGKBqc6
   jdlFfhY0Q4Ucy3GxE9yz/WT2SWWXOUmq9PiAzOoh2jg45w7BWmsDnRx5WOwoaJvI
   1W+BXT1K/ajqnzDQELZCYLElG4jbkqmUvpkm6wtZ4vs3xwNMGo5vVLUkudC4ybag
   nHrfb0t42o0IM4mtJOePslIEgLQ4dh3pd1hYFlOjcdwatHJ4yKjhli9UbjWcRFkV
   Brzh1obPcv1pAx9ExiwJqp91ETrdGk0I/Kwr4sacP9+yb9tnuP9Y8M7KXn+K7Y5t



Gillmor, et al.         Expires 8 September 2022              [Page 114]


Internet-Draft          Header Protection S/MIME              March 2022


   p6OXGLEAQsltWjK9b7XRI5y0FJwkMGFFjvKIVgLwDkeIYK5SNqsCgB+MoSwprtgJ
   X7XWtd/6RICinOH+1AnAeB/WUVox4634qyh2GZC8vRvc2xNdKFDcLA3giC2/ltpb
   CeQULpERCoy5Q/1jo+ShZSSmw3JbdcJFuDP4varTgf7Ft9mAWnd8xPtkTTYKgzMo
   ZO6nxNnMdNBu/3+NYWVTSXuq4OFUEmhkftP+GbVdU89jSr2oXsmTSd2PMWOUnNgN
   oJK7meDsHkOPjT1mg05wvvRy9FHN6TNWEfSAAVeJHJOyoSRQDdRtmek/9AXecNb9
   wyKXyw3aGL1wB49hC4AE+w6zw8uAHNF6xYGBLaxW9jWyN+EEYG5mb5Co9MPsqTEa
   +Nx4CMoj3VLFmk3Q8aYtIEmyQBkjY10pGAix8oINf9TTWvAgrHimCBQhsztQoHgz
   uByvSyCbvendL4o2BsiozGAhUM21HC9lL2FdtgVKEmYyXZEGWSdhMY7UD7uIPauo
   7/+5o46AS1ZBAynSHi8oAETNni/oy47O4a7yinNNcAsG+ZXH5mZU5akGiBJjPH7p
   6REwmf11k+RGkS6sOIwdbXqgR3007qZPkesAKUVRB10xZkgEZ+DkZtOaULTxkxqJ
   ED10TW/lZAm3wmTY86UhCsOiPRCMvsfughQisp4yZeEIw1s3vb1Lf3r4FLvgBLRc
   X9wdASPYHMPUWapeeYSajJPZ23B478UIINoziz7dEl/OFGEmHKwiNTgRG2guXVks
   QX+9LH4G+W9Kic5fwm/5M9gkQXOGu+0PIMgIy13RNyFr+5rFfnCcdq+FKC/w6N30
   3/15JKrRup4exCfw5fXIeUpOtJP8W4HKv+cPtTJ2lkJXHHpXkMWswdcBWXGrb4Pp
   rOII2htbmRcq/99mx9/7cWmp1ZY512GEhbd73CV4ZUaRO5JJV82Hbp3j467BorIT
   D/hMJoUsuSOypRvUJGGQ33m5uLOTqmQbuRk21SwNLYEoih0w6HK5Ayz1i4Jyrc0B
   gxWkNkkWD8e1QcYsb5kDlZeoMK7HHAeXzZBmW+LeMrkfAOhXqDFC4HO+Reza8d8k
   97RhAjNAHHdox0KoC6PY2dcu3VQEkYod8PizWgBtZYcjL6fsntjJNL/rDTl2Kfm2
   XkKGG/2Q/2RHiOhGVeEv6lMQN9CmvzIyB2Ijf5fpZLn/B0aedX8H1V33f/J/xsvA
   nw2uAVziSucRJaEcSUoNV/cKgpV1OuwBDcVeE7+p/k+RlY8aohN4J6lWgATzV9+J
   MFbRZXALyzLrVKk6y6Siog+7BisQajPtu/XncGfrRHxwHRJgoOoJM/jXq91KyW1V
   YlUNu/ea/hz5xOUJ0D9AlChu3b2lZZ81MAwnxxjyMVb7xRu+etoSpWYBB9/5B9gL
   KXA2lxpC8tdk0HVpPLH/kGwcZIsIr8GS8A2Unj/dreOIIW0+NxB/ERGPkbPEZ0qR
   zBZZdkBbL8IckfMqP6w37k5ZXKHvJzQS6m2gFmNoXi0EybXe5cveSk/0ZxyohL4n
   BA71Ouc+VoReh4st1zRWPbrOni7AuYeENdTH6kpQZ6Gd1kd0s05c1EPa+zDdPGJr
   21nOL/vYAHVtW9eAFWU17W0zSbRH8Fu0UfBSiuZmRyPrrd+bUL/GTPATDDSEdidy
   YBh/ihWM3PD10fgOrygqbpK/BmeOVEYesTHqjmdjLZU96NGMfmr0x+53a1YhFd4b
   3sFFDdWdmDBh4eO+dELQkbT0ISLjmICTWw8TnKffjM3MDgy08VvjQP1ZiF7C6aao
   wCYNS1iX+B7vANKfj8Ax89jgqPqyjzmB8xbxPsHvBvq7X718tWqXJnFuoFUrEhaz
   l2h0WMxjY1P/r86Y1mzMlw17EwagREZq3sTIRc1pu4qYN93RhsUOXFGRukYQLh7C
   1VKgvOYGTynVDP9C2U07Rq/wPHc4u/6ZimtKJYddc3YqpvNXiQYv1unfGgz1UN9Y
   tYQVDmM9d5k+1tdqONOpG2SIDifSCRpc7fogO5hlo/3+3JSRYg54irwaln2AiaOK
   xhrSXkWlTaV7yIAFr5J38rYA5lGoaYLUAP2NavHiYCHjIUjAkm5TxHEnx0DVOuk7
   IQvkXRRXCkjBPWkvOQL6VwmauiPuQvYrWhUQHng4npHb/h+WY7RQcovz5tMtMOs+
   RFIiORZmJS2Fze0lfsR3TZtu6eUQBotYF85YKvGCo/bPsvN7hKdY1L1CjpsDtn7I
   Q/dhxXWnvE2SXpzWBN9LrQrIKR4UYTcUiXXU+BnEodBJQD2z8/1Bf/r/JzUuHdo/
   CzA1OGF1IcuUYkoBZild5ZrWoikc1e6XCxXtUQ25yub8cq7V9Y8eOzpIee6VyYcy
   NTezqa1AQ/NPVOFICTtl9blP1Tmo2I42GmjWTE7mjdANcl9MXg8vmFqq6PaR1n2D
   na66iGUEPfoNVGYFg0pR0DZAYWIE0ha9rY7Ocy7UbiQKRg73oBSMz1PGy+GNJwVg
   75K9Gpkuu4iTHey3BB6Kc6Qr8ab3CNoAf4z95VqfZ8eH6TwLjPwPrLbCa61iayBA
   MKAqD8mtHmLclE+9F4L9hn3oVIek3gVnKGWannZ64/RON75iwXJ2tijwJRfQsfP3
   dteQX1sBrt/l0Ui66PiOxMi83GwHNzkonFjia9Gn4FEOLTenDZowI+Fzp8uL9SzZ
   slziDSogFCEjSJUmBVBKciUcwD1wwuJi8N4Hw7MUlMxx0gLWLUWe1t2eCdrDd2WH
   vCCfZ+VG41q7d/7nrRKNnThBZohgg0H7DFIuIco5a/u4lEr1vT3Cxb/LSBGWAHfh
   BPC+vKdBAdle2gnyIxajSv/8qPjbx1I09okQvIMygc6uA+ScX97RWbvWvFu5Pzig
   NFl01VSJqI9iO4r9jGm0P9nyDliAQFEcxqUNIQC0V98oZLSFA9q3jF+jqClaMDxL
   Tj6WAZ6fEmamXo4VW1QkjwIIqwQAlDdyC2ffCZhHgtLL7MOqsOagvtMAPRzDGsl3
   Dj4uMUPkhgOmj+LzZby1at51L2n9qtZRiQpIAzSpCiHIakkxCZaix+TLU6xIsIPi



Gillmor, et al.         Expires 8 September 2022              [Page 115]


Internet-Draft          Header Protection S/MIME              March 2022


   TUw5t6QxmgDeqYbio5VYKCldb7LE+SjmESv0Ss4K2HoNxPiViw0G1vQYJoWpLiI5
   E94ftgR41MwWhwEpeb+fB6ilVS+KCyyFOjPBmlWOejlrPYoK1ZbRJqVGfiV15eNl
   bfvWOlVoRqhGG/2YQqc4bnEjhKUYmPnqQ15HWeZGbZnlBQzyArU1s3WhLQxiP+O0
   k9nh6ThhMD/NcynQpa5w45ozDhoLfDrE7W417oV5wcwRjkw89ylt8MRMr7XbJHjo
   OaWaIDc+BU9SNJWo+OCzxkHOBO/rYcUEHC57gh93KWThFdMSgpju8Rl0DshdQwtq
   ivJwyVI2s7csucaxcnao/dlSkEg00fUDTyMpXHsUE+TvAJvZbu9VA82oS59nyej9
   1Wnb4PJxHwP3v+3xp22MadG+wwoQKQ4OsWS8QjmA+AjPltz8bbVlKDaJQ+mX7fO6
   sXc4Q7h8J0AfaX7CHfe08enFdQhgTYdCIinGQVVFE8E52tMp8bCosYKQ0/+Gs7Fs
   YSqSMyrTkd/vTNzzBAt2MKM/qRttltAoR1rGH2GEYGYy97uCXmEK/CS6OLsu7CIm
   /JlSUTPMkfz/rGNQbNIhrmcoshyIxRMn5zJq/y3T3y63jbPRe2+w7tDDIMoFFjhU
   6ciiBm34QaHTg47LOhHjFRzqBPeAswaset9i5XjypsbPbajcvFBA0IqxtXJp8J2o
   eUDpkKsW/Pji8EQqxP6/6nst2hdaWRtvlC4cW9mkCobZ1xvjqnugCN2ANye49yxm
   O9jQYjUxanul/heIQcGPBnhOHMFO2e/RwxsCOqQdP+HVghQcuQOq/S4rtDAuvCF+
   PPfcB8MNbsWdD9IVeKkFXxqn3rtvlbs1WFCTvUjEI0cLorKixghPeYDmKNdDh5Ku
   1ctfIe3wwadx9TV3mvMyjEoz5z/rUstZgh2SmKT7NznKrGHaSKKH/e+qnI02PvU6
   aWi2mVvHOVHG6Sg0RF4FZZeaZj87bXyQz97ainp9jiko2GCwlxuy5hjOcC0Wsjb+
   UcFjBRqePQhSqo2LFT4+XtxbzosuCE74sefZLuNE4wX2cbQ1MPGh36drjY5vnygD
   bl7Zgj5j5kOfDn2rFWORdkgk2yJE7Gae0XnkwifGEBSYNpNXZWgW00gTZxApQaAu
   N2SAKRgKvKzLJTtpgNSIrJ6H2MOU+ImQhoB1uQiN43i265h9u7/GXSHarj9I5Rxm
   yOtUwzF7J6IKV02ZJyDuNUXzpLJJHh3tvQX88N1Y3oLBj937j5xryIDHHNvX4bJP
   Ypjka010Pv9JTQ1PRAVHe4gvpSxb1qnEb+xaqa2/Kz/1hDnVJuHpC3cQyLgTkk7k
   UtJn2j9z48MNK0Mbp7r9BeveVb39QGLfBVOoKnILQX2hv/8dkXvgN+I/tSjuW8k4
   sYXg/tUqwdu1FEdncgA+RvAGIqvWrwwzZESO+BFPavv7anvn5y40s21+r8NctgtK
   RlL34q/LH+w2J4OVlkMEjqf9xDctTDAVWQ0Sdsqul94TCK8UpzNJAsc61QDdedlE
   nUsAKRQiYThJP6uwL7Xz3xAowcMyNyNLcxSLsgaYna7F3/rRoJr4oJErXX73zaVL
   EWjIuw2lJ5ba/5+XN4rHFKSlGtNNP8A5GCgNdbKxknowUZdMSWH2xDOXWExTnCJk
   HJPcmXu1PnWt5NOH920R3EpuFKrRcSKKniORKdNLo7jPLZ6r0KwuPNoQtWgmNzQC
   qSB0EWuRliZX+glNR7cWkwfLIxqVtER37OWpNEPr6YAXUFqgsFgKBNNM9etKVbll
   82mWq9DRGbLCrhxbp8iAu4omBxQe1mGGRRT2WtBwkAvQr2O6sX/RU3nBVt4NvHwN
   yRyiTWYpfve8RzriZuZdCdYjagegbNVfPege0CYdhq3XYzf3AxrUVEZaaC/GCZlq
   innWTPiXunVZyqF0v/UL6Xikh4f/1L8i6Zn3GKeeWHXHnyzsw2c44eTzBnkC5eqz
   F15GHyRMedBfg/3T8VnZSj/39dJ//+xSogpITDQc4yW7u5WKDvS47xQJ142yh4k7
   bIAuqxXgAt87MWUA2mLzuifRpWFDZi999O0EH+teaiezOXbqnv4EPNjWGxRDPbyr
   EIVNcKBxsk3zuFtGCsA2cEXLJIjcucV5Q5PscW5gBOqopPjNEClB5Fa9LpftzIR/
   8QoTaaW3Hr5PrcMgEuRnfIBKriykSxzbyRzsrozP1ieA0ygm35QW0Tvr32QBUwS1
   wmSyyQOnKRpzyLDGZUuUehGyY4C4AZ7utFzxG8SBOdg=

B.3.14.  S/MIME encrypted and signed over a complex message, Injected
         Headers with hcp_minimal

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Injected Headers header protection scheme with the hcp_minimal Header
   Confidentiality Policy.

   It has the following structure:




Gillmor, et al.         Expires 8 September 2022              [Page 116]


Internet-Draft          Header Protection S/MIME              March 2022


   └─╴application/pkcs7-mime [smime.p7m] 9515 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6028 bytes
     ⇩ (unwraps to)
     └┬╴multipart/mixed 1785 bytes
      ├┬╴multipart/alternative 1136 bytes
      │├─╴text/plain 387 bytes
      │└─╴text/html 482 bytes
      └─╴image/png inline 236 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID:
    <smime-enc-signed-complex-injected-minimal@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:09:02 -0500

   MIIbbAYJKoZIhvcNAQcDoIIbXTCCG1kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAJMTpwbSzvTtudiTaWcx0TvyxUZpiHL+UmRp
   WR9LJ8Evl8vh5FnKDB9TadYiAhseHiWnelYjygz/q5C8lV1HH+WwEihs6x7gIROb
   IAudvBR12CMjm4HX7GKkCNDyFse+QRiRuuuQzLG3d0/2slCA33mCsOhkE7RRtjvz
   yoxcOJ8Ulz18BzFtjYnIcjqR/zkeMtaTdaw9S15wLSoCHhdnAl0eYAnebMhpZM5t
   NatVeDmlzoJAlqQKtaE/K+LWfhSm2Y2GKD2I7XaslJS0QBNdDd00AF+537e4m/MY
   RylhEzNmR0dz/Tyg6tyqakhXnPiQDQRv+RaXMH3RWDJWfZI1rYQwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAger+uW41F5G04kqx+ZTa0DlY
   7GfQxltAwowLQzQPB1zUs0/WkjzvXFDBcFkXL/8RPGyqT+5GvNxiloFEB/emqqTg
   qee5jWKPur+BknpyLKQN5bxprkeRSccljN2hO+msRhI6m6T7HIPs7Gqdwtw0C1rY
   Zf0dl0+sKarYj3cR3YKV8BDD1kR+QhfLAmzRxryvhdXSYZah4KShupL2tcBpOYbQ
   TFF5bj6DdNY8heOItu3/EzH7dzfJexThe3dFh7HtSEMkXiVcqNVIqEVtm90dzP2T
   lOrxdnqUscbb+6lrIOxn+JjQmRLSt6JImEGQaKKxXuTzaR+PAERxHemp8HUm1jCC
   GD4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKiRbYjQHnb/KW2jRBj95raAghgQ
   74WlHyDzh0qIAn81LJx1D+JkALWg/z3P8Xhy++EjKaMAmY7CgoYG4O9ElUzkIDwi
   taWh6ide0mxmdP8oKFVVtb2cSIHDWnJD8+Ox1F5eFiVo5zKIdaSRekpopoKFoP15
   /Zck5ua5lprkBMIBuinwHLtHLAq7nVDP9sv3adB55mUKPCRstPSWIYAqqAEBwKoS
   gQsbEH68GxplCaFswEn+GU6Nw4ffdbM3t4yNHNZ/4W6I6P03e5fRhclbU+6wg0s3
   EhQNIgeP0aHYPjoShfAJ4IU+er9TV+UHN5Vz7FiEPE+Hpg9xNzL30fwhwN0Z1zRh
   fX4HEd/nM2kZfezaF4DDoMj6g6N3n3mrl95JZuuH9MoJhhTXEFZ6FIVAPG13RrWY
   4KFehIWCrnjz+KJ+PoG/5A8RJJ9MSZLaWb2c9lmSj5+7WWwPqih+Ky60SXFnkSC9
   uv9X76f4d2mIzBKzPtfpvka7b+LUua/lMCRxVN9q7eikC/po9yzc69kAezNAmwmF



Gillmor, et al.         Expires 8 September 2022              [Page 117]


Internet-Draft          Header Protection S/MIME              March 2022


   xi9Ni7yoCL9aPibcqUv1ZlW/mPajkOJ68o3lbb0KdR6dfW3ZtW+bI7IQwZnq2RDX
   4/fxf5qZ3l1VO8O2oVvfmrr5xpRXVfyYx+wdln2DbG3k/NzUcn8aKlmZ6pNEDily
   va4GJ3Vx1AHN1PxnL8sYFh2q0/VWLE2+wsL6RtQzS9vK5SLJDrl9J+IY5Pn65Io1
   O3gpsKC1bGODiaA0UGewRIUi9yfHzCMLwlmTWC9QBzGP/bqsp5bScgP6u02figP0
   Kl53pevpRsrm4RLF+Jfcz/DoTso2qVSiBChh4qAiPmNXLmoR2YkY9LqWZHXc+Nfc
   4b2cIUluCSTG+pX1p33B9OAytkfVNdj6SPhLvl+jASccJaPdY4Y33cboweJkdVq4
   cBStfoG+nFQsDhXx7KKym19Tzce/tu3CngG19umIuL9rT2uksT14U4h5hsy1bbCJ
   IZZZhpf6JnvCN8xrKaX8LAcblG2+DSbFvrkCZea+ej5v4sYiVBi40E88LQSB30bJ
   FxREDenMDiKRTBEeRjmqY6JtVsVrcm5H19/cDnrsVdAKbp+ToAncdA3Jy2bQpfhe
   Ev7D/zDK2HPam2PODgCSX8ErGs0g1zOOlrtXBd0+BEEb8o9CyBj6VY+Rk5B8Hl6Y
   21asrQGVpgnQTSeJJIfRGk2//3ZPmJvhXnINA9c1B1ctC2g+UPwbxs87V2oRhQkE
   oCdpPS/0GmtCFmG2pdO7Ejbhwx2s5R//sfQEkYc/jkmu8u8xuaUbP+yPSIGaSUBN
   aD+l2wvCsOzAdZpv3oS/uQ41M6ICuCRdWhufcs5M3sNh6rjCk8TvfiYOV9E36Qcu
   5owhwVaHZjy99TCYWq6BbTjgPrw1oYi15eqzUn/xPu+OnjqSkN1J5V14QqutLAOK
   VTfscKVW7rHDcmM2hbwl+rk+X/9F8tY/X8ekuy6Fha+NcYTjAsGwsMGhGZ3I9YI4
   Zw3lpucLV9M3jmLBlF2n9KHbZ920SvFMzuyTeSXM2nEnvRPOoCEzRHcSqew/JMty
   2Qn/me+bp28rc4zDLOz3IAYot0SNC6sskGM6rGsxvUmKkqu3U6D+mI4yhdZL3wL1
   xuwRHM5ERRguxQAzFrCuc5w22UGL1gIShUTowRLirZ/e9KjDg6GzsDRscQEgr4zj
   kCRKsIVT9qotk6PjZXqcn5QJsy1GhH6coGGQdBbBIkwx0+XIOITCmtwIrMU4S79B
   fp+Ll2KTyWT4HcILWA1vof8CUAFYqZMYEOvxCF11yP7UbFelNNRU96BxkCtOfcP4
   2vwp2I+nViA4CwKyoizepwZqkLZERiSvvQAZah+Ukvd7mni4MiWN2OVEPZMvTNmZ
   p8VmOLRESZ0Ut67qh4leKq/c8pQtEhGArUP91n+H88bpfNVI3XhwJrLVEDXCKx7B
   IKcEwE6Di32lZlinkiWMTJq2Vk5oUaAI4D87y04rabhC/4Pl7rMn6LX4vBKDMcRW
   VgrlIy5+AgglFaGE4NqNLaXUHyn4tq8dZIVdg4lWmlNFONKKTtNfTtGTwdYNKfEF
   14LzyWSvfkZvjUMlRWTITQz/rc0zkow98aYbQwWPWgAH7TK6tcsUSaUGi2nVm8FX
   1JAMLH5KrQjBmyiKldpc33Pp2T4vb9CIOvVm7G8+E35XZ8bFdH3JmNcRB+bnh4dH
   Bgn982jnBkTh8TjhksvNs+tlGzHDxh65caJO5t8HuDuX78oUVJfeVU/pm1j7Wa3p
   P0OgW5tckWxyLTYmOhnVHUk0GS01ZZQPYGo6adCGiGz0ghAHiikI0UKy5zrosh/L
   +nERmxlycUETbc2V5N5l8BHveOR83WlhR1qo0SzVlLPJwDqhwDyk3da23fUo0DDX
   XTjgvokUk99fW1Kzma6PQsFJaRbAcOJycBOp9tyPJyo+h3s8L9Moj5S5lxXPq4Bf
   N/LIKISnci9+QtNCg/baPByMLUHULep4llC+aeFqPVT037EJ6ixe88PRpVGkvpyd
   8b2SGlgeP/e7fIOM2lAcpET5HI3hbv6ILYAIM/U6iEZp0CldMxt5nC3GiU0guSte
   c2zBkcwz6idYRETZQnbXFiKDNvolGoR1vh5h9pOFFabcyjpY3dxDpjGMSlrre/lX
   RQF83BVCXFkFGtZjuGSRC+Upe44sL2kxKjHrJTpeFp/gI88Jecm8UuwsFHIFAGdr
   fczsiGKBjeBHUJlCM6i1QYNx9zQs/0Dsf+WWBUzthv84Lw6sVDjZaGYkzjZSwzvg
   iH6+ytZH26KVM3/QQ1qUB2EeLM8Jh3vNSKl3BLsrHr8XqQm8wllKcySSS+mDCmLu
   kmjwrXI8GbWyfkvKJmWi0WMEp4v+AQqltSSoNoQ+NYMzQe1vR+s9wzePrOmQxIpw
   sdT3OxSr13r24K5Rl3YdhOD42YN+RSgU9m9MCLDg0Zst0n2FXfYhl+c02uwoSLbi
   6GHviTKteFAkk10B2E1DDj0gbMMvnXIHvgFIM7GoPf9GU4bDuo5ohDdtCSJwU2qv
   e4JtkY1VCY9zAcnmROqUSDpXvVlw1Q61FhzQ7GpkOuh0auGS7Sc3BTqX5s6Y1Smj
   0dChIy2aDtXppCDxvpLjYBko17JKg74ZlwdzyJe4ohS+w4h3oQNRZMqIGR5MlWeE
   6XCX5xELYh1lXT41SEL+ZXkIig0P+TywxnXMbQ74zY4o7+tVTarYTjf4leBGjkRE
   iqfTJGSCA+HDhMy+ULYRrdsbwWVpeNl66anKpSK8hPZe50+ULzBjVz1rsL+KX7MF
   h660epx9YwxzpEf9TK2SstH7dp3lbDMz96FL6ugWcTWSJa+ERyF4vt814y2lA7W/
   SZx4N5W+IzUG8kcws5UVczajnEE80dm8blBxVofJloKaRd1RS7aP+YPvaeOmI5l4
   FeQ83kAri2oAcfmnk+yudvptSl3A5cmfKV1NCybx7vpK0ePwlg2UJtz1RiIIC20Z
   kCNMpLLN8hVkZHvJo2D9ic8IAmt4EGVQGcD6qp3Cv3RwYeVtJVgMnSw7j5HUpdFI
   JiIZl7ZSNLW83CiiqJXFmkyJx7AxvEOXNC/00jZBtoOKU4RuGp/Uzpx93g+rao+7



Gillmor, et al.         Expires 8 September 2022              [Page 118]


Internet-Draft          Header Protection S/MIME              March 2022


   97oyYSmNk8WVH5qk4LXhlNw0NuQnYEeFICIeLNuZOJOJ/PjBI+hVvr6NtuEZ+0FV
   J3zQYjMafQ9qD9EajVHjHJVyjBCDoAoJNio8l8OFM8/X1NIMxri3nQYc4xfHP+yx
   FgHbHiEcEhn1uHNARec+E6zXcVF/TmOhNovBPEROwhJhybxKAaaSKPzDZEOvfJ8a
   MpQxexpNSpkJ0u5gcEw6Z2xASX6Qn7RTPXwJo7hNYOvqDUVUdwQLPy8vJHgqn4iC
   KAdc1wMsJ7gTR2bgdZYfHGxUlXG4zKPvSZahp+uEcxixhC5N67sC301A1oLmXKFX
   YzGqt3ZhZu4XsPYWV2XEEa6S2Y+3ygke0HuloY/8aosF+3ow8UN0KJWinsyG3Rw7
   t+ssGCQ2sGUTdpx7SOLwpwzlUgLuIJ3tvUK617fsCwUl00uG6j6pqNIALRNiN6QM
   ayUuu2lnKX2WTIiFf2UN5lppaGncolEwYozlfF+0Xw1+xmoFJ+42QgjHrZSLf88P
   w0jisO3nKyTSNvqcJlv2yuloI01u90HO7qiCzpYbByPkFYN0yGhSFZ0aMl9vxoD6
   O9tzFkNN9LZQBhaWxduBZJOxdEsF7Fi4c0ZB2443iyMJvhkxeQ+GeS8sPrX10LQu
   nUVLUXLG24DI2w8o7ihTWn8PtZNgjcMbMf8c0g8+7yjmyRVtWcqJvfL/NtXv5f6x
   FBQQiDqO5xFh2PyjUL+MO9xiUkC5YBBasBUm/cpPKflGnDIiqw5NRKGzdo6/5Pvv
   pB5iUrukmzlDJ6ROUHpniT0FIs2gVa6d2YIoZ1iXxY/eYu8i31aAS0/h8KXiU+fN
   GdzpeVKz3dr+UQwb+gMXafWV887yre6h70AA8gCW1dAbkRaNj9CZeKlm6Z1lQilp
   /NzqbHoCyvn2Ehrn8x8cFpEESBjau62otkaALHD032L2ijfiKqlq3AzTfgOhN2j1
   IbvpXGhke9gEzJG15iiWSqe7agSTb2AGGcgNaRlJP4/DW3nVf7SF01/J1dJPlC/w
   RjmQVSxV+115g5bHxLr9BE4NOgAha0DDHZ4MVujaQaIj3XO3XcLhUROpbSC+cCzT
   ZOmQ/QnCeiMZ1sFCmpn+hRxoV6BA8VBvI5pEprY7+YPiWGt3zqZF4Ot0UggbfZtM
   WSDqYv5CoXdSaVvBOPofBidUdk/ASlgjdQBbXk3P/YBFoAbkbSPQopm1Lmxcytfu
   /W1GGf/VMk5/wm4QC8yu1nE+8b3iZuG2IxthamQZR/qqowk9Qi1juhDiWnx3mITK
   CJHeZhSR6zfF331p1G8mAYln6ZSfxrzQ4R5h8b/O/u4mf294VCNj5hoaTDhxEHmw
   inflbhehkFbk4GQT2Rx7Ub9MU7mhkUpf01Ch7lIn8ci6jg0TS3Yr63gt3FpW8YRG
   Cyauu/nUGZg4MXRfzEas/KNgcyayz7G/WK7puHvCfq/kiM2iaeRZ2BSBuWt7jLUQ
   k5TgBmo51SVsSsr2Csf6mTG30+5kS1AgLkFaxqynIN819dpBLdybUH2dxLcGN6Ue
   wXhbqttN1pnCJ8EtPKo2puWrXla5ke++q9/cZdAx9+hwB7+PLwVPSBxO6IG6i3xu
   LX2b3oxXCmTsFJ0V4AXFZGCwSXSI5tPx4wZPRI6l5OJ/iVxJFxaSQXwoGs/KyjOk
   B9dlqppJkzn6jxmCRt494/c7uVJePG/gm6PxhWVWP+c/S2d28cypy85fIE1kATQP
   YTBSHfzorJhH2dfD+vT5WWCwE5kTsORSiuLNlct3+m1N0gQU/OmAi76cwzpWd+w8
   mtbwm9SY3el48FmHnlD4RFdZd3z/AWFVCmXJroEsUYuLL08NrFx7Cap61XCEEw0w
   VxdjdFeaKOKFTIHBoTK4XUSmEYdMcjQv3lJ4zRGStjRuv4hF1awK/vhzC0ueOjqX
   ZyBjUEE0GCfzu2UvZ9P1jbPbCOWOkM5TNg8Szm5J40FgtwFXr7yZLddFKsqw3F7x
   N2Tc9q61PNXbyElosPciD5vMpCBS7u3R1TP1UNJtoNf8qz/dvoDEh4FmKiVeznCV
   7BFss4q1YEQH3JwVEGjAvcSUsggIpqNI8W8mbIT65vY6VKgP/WsyugD5AFruh5M+
   qlt+Dni6ywMGC+CSQ1Yl1S8bVZviAEgCWZBs2PmP3HjuAFIcNo/hPd6fTK3HVp+V
   6OYgIHScqa3qXt4NBogbYyNFOYwwQq/dokmT41bNzaFbh29xGlKfmOq+1qzT6bQs
   ZSzV2DnyEtnBJ0t3OFR0hWBjUObR5DCfiqjw/ckkEe5rrmS11DCPdmJA9fWTWR5D
   EDICjnGMRrzIrINPKa3stnTRXNEujHw2FfpUIhXcd7IlrWJ+8EjaZKUDB9f4X28d
   +DIR9tpvYhtB9/tWX/vK034ElxKGfLP3GpYMUnm+R8lv+v26JS7jndCylKmdbcjn
   8l05tyykOqCt/hYjFtC+tt13wlTjZrdkJg7lJZ4p6gq4a35vn+gARo+X+RgOHffl
   /aQYY0X8JbfLBOI8BJ8NcvgJ0yaQXkTwGBDlGupCzIz0uUpsVTXUtkwBPgftsM7T
   adqGCstJU44H56nQriTE+UJGSj0JZY5ch4nSTF49iwRvqtabrVUucM4TasERduFr
   12QCvEVgPO30zvkuWJobau3tjHOe2INzAqG8txBYO5pi8StzGJ0sIgJCIxDHHKyI
   pa/V28Es6RYKpneKJLZHIe8ISILgj5bcowaSXLS4hLYr1FCdJzKgxoQg4/tUMHvm
   1B5Se5JfWER3K+4DLKkZ5EzWu39vwQOvYljrmd1ramOCkxSmOvoVt3AGecaW8Y0E
   d0j/iQnMVUwqtik0zprqVr0CCnZah+HfB0CVBqmEi+ymR0Lmtl6GoLzX/d2Jfk76
   eJi9iWDXqU3tQd7ya5fRmrEmQXxZ4F36sFHaBdp8ZVj9NMocDPAvBRXCfsU4vlwq
   7uFEXRN15y9mKlHQc4FGcrF81vYkBt6aSRZKdxwV3zajN+vOBUSlRAa580lzrmrl
   SuQ7XH7OIVIuAcjpmlFcLzAFIx8UXAXflTvg8/T4fpzIbXL5KKebjYFBX3i2PUO/



Gillmor, et al.         Expires 8 September 2022              [Page 119]


Internet-Draft          Header Protection S/MIME              March 2022


   ajofkSfOwiNJrpv/0VyeDeXreFoP8XQlzxQRrST9TRTPgK2A76u/4JSJzwjGc5Uq
   sV4gTCwqFd9UEl+Ls4/P6RuDyGX6gl4/XI/VLxLaDTW2OEccANzOlxDQJALDR34O
   uSqRQf6/aIzUlS+wGUV1WglFYXheY93z/Z9/M18EqF/DunA9WawYlbjl02GYIIyQ
   ENowMwUKzCBOth8JPO/qm6xkNV7Nn/ZbEBAOwb9i2wIUGCJT2csM5GjiqpR7k0cH
   ybYGZQlWpQKYTHHxUIkTYkzREtOa42m2O2U2A3NA45Wu1tYY6r+9/eq7bltH/eFr
   KkNw3S3R/LjDvYGvijThFUAAp4bsdHRo6Vq0B8X61ToqUCenMc4WFR6B/LCJ5oYy
   Xpq3wY7d1CkwFEF8ZHmIIBDcV0rgtkQK45MhkWXkNoeNCQNb+VFHAgU901wC3qG/
   CQBrlzF0mzMLel9OaSt8vR/uzdoCZksxDgElgNmM6tQeSuFdZyi7k9XgB/x2e1H5
   2Ph+u3l3XDhfE3Ce5QULLs5TJFSXhc7x1trZOXLC4T4YJSpIg14LBzIXc9USQ3xM
   UFgw1LUPIlI6uu8IJ33B8OS9HZeLmUZAHkfgJ14O9+UFwV7yWB1bDhDlIEN87LZz
   DWGEUfSOXcUEjgoUMWfitfFtx/UXV8OzJB0TlvRTVY2clZzUY1fsGYzTz46DL+O1
   BQ1o1LzehE9GxkGoGplyS340Ifx/nKWvvOrPCXmFyC+1sU4yYj4OXiFjdRuDy2dD
   9vOEOQ6A6TwGCBHaTHeLYJz/BlN2iDF4xL8hBAIk+jPKugY59SqFGvWq+LBFg3u8
   oy1O6YgAjcrKIrETalXDbHvVBr5u0+XHUhfsEvP/tXhZG7GD45K55TSvIroq8Ext
   zilBP1ypEjJra+uFDDOAhzW43BuQw5Xa1PHg/lVh3bJ2YGuSJ7FHUjF5sgfnq0HT
   gnV5e9J71CJju7AqDUcmAtK7Vf/lCF9kgyd+uwkfAJLDvic5wZxSpwEmaejteHpl
   wPlKPKPE4MRDxXVJpqqxMjh/eXGn4n9lqGfkn+j1STMgYaudnyXSoIe3GO0qfEZ5
   LxeuW/QDMxOLgvVhaZLlQWKg6XVbCFwW5eTCSfZ2xfmSPFyF02coVIcemUZbpnUL
   kXVoToyXbklNuh9Qyisivoy5Mz+DZetDF03042Ric7OOtWl0mIQDRQM7oPCECKOu
   iEEDlk0ZkG5BCFy1uSiznlBEZJR6Nc0NZyTDrX9haA5SsUrtGYZFow1PQXgCI1Ey
   jKVwenOKJbHo8ep728dd+aVBIw2sHnhzQcn5QNZ6URudhSavSM6CQJWqOsYOSrHc
   SIcxiL9CMzGXJzMG8ppnL2TgkiBjRmsst0sTT7Y19TFnScgXDjtwpimlSzkoQ4bY
   a0Gw0jsN0F5k7k1SFjJQLe/fau99wQhJsTdnVeUA1SgzFLiEj0+Ba6z75muf4Yaj
   3CwhLFtXiAia29lqNteJNQSJKJa/NR9Qw9qEBwXuT/T7HxqZXfOAUqsiYeOJ9vOr
   iskAuLrYCHbASEVkcHYOBw==

B.3.15.  S/MIME encrypted and signed over a complex message, Injected
         Headers with hcp_minimal (+ Legacy Display)

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Injected Headers header protection scheme with the hcp_minimal Header
   Confidentiality Policy with a "Legacy Display" part.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 10100 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6456 bytes
     ⇩ (unwraps to)
     └┬╴multipart/mixed 2094 bytes
      ├┬╴multipart/alternative 1431 bytes
      │├─╴text/plain 485 bytes
      │└─╴text/html 637 bytes
      └─╴image/png inline 236 bytes

   Its contents are:



Gillmor, et al.         Expires 8 September 2022              [Page 120]


Internet-Draft          Header Protection S/MIME              March 2022


   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID:
    <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:10:02 -0500

   MIIdHAYJKoZIhvcNAQcDoIIdDTCCHQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAEgnvqzNR+Do6JAxBP8F7JUcbB8kS7mxU+3b
   foHqCQ/5kO96KgY8libT3/JmQw+yAifncpIcl+22N0NqaqisYJj9dKA3Gjs/Uprb
   bSN0zOavKBotza78JC1mzmIIKQ4Vy9QuStaxihfghKti9dZ5+elgenqQhZrq3wjX
   MYBlnGKNgrXmNb/8HVb+ak+kxK9ZiRj7s2A3HBQz4kFOr2wcga3QHrnUFqlllFw+
   Qod2RDSowp7uvZ/vdtVdVcywnCh7P45RUFO1PL4WVr7AhzRDXsVmYWF1x+6uBz9M
   NxOXJX3f7y5+eoTzMUWhJdUwcRM2z8EIT7EdG6I2n1XCgzT8jsIwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAlNiYwrBY5HIxX9zMW8ERT4tV
   Hl5QupEY6aXcOJhoRBLO3hrV9mEbo9vy3DlQkwW1OIsI4UqkQQ98dNeDQYEzy7TF
   onupxyn8dy6gInGpUpqS6Vjnemvm+XbYthI6xuRu4wO1PEnGPuCsFjE79EARuh/e
   2QZutFt0PgbwevdiCDF7mJhFEA1aG0BHfYGxD142JRyQJ81LDB5MxsTD907MOGuF
   mB6+zW7NWvTjYEsSZfqe6Ycc1hcbFt/3yp8gthRh4eeJEtowBFMfxLQEIUiI7ImC
   CesYCwW1gMziG12d3hZkXR0nHd7xu/K1aw09mdvZepumsMwHXSOd66y5U7Bw8jCC
   Ge4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBmL+hRticO6t0R79DViIhWAghnA
   zZMLw8xZkhor3XzGSawL1DOtnmwJnq+wKQl+2FrIFolxv4y/rsh4bZQW0ouD6wF/
   MedLtVae7U9xInumho9P6VKuhRgWUCMMxG36qD/UwZ+s1V25QftaO9rt5cbCMN7/
   e5da5VzohBicz6GzschM8HuV3uoNgxsLjZ88izGE7y/yptAcusUg2Fk+dWxnWwx1
   KVsFEURo0qocwe4qcTEtOO0dPYZn8ebKFizhwAxD2g6jdFWefS+gmlpGQhKPGZJR
   g7dC9sVURBP4FuvuUPvZE2OgSjM7pJCrALawOAUCaWMD+hAU25kX6Y0gydcpzdMW
   Kus7jsPUKBfs9FwjX3gJnv9BFr7uJobL232X6ufvC11OgfzAzPE5GDo4nSdqpand
   JEd0Db6ZWLux4Fduy5xtWqqmGLST7KMZBHMzpo94Z8Op2V9Wqa2hJ/DS4nB4voYD
   fotZeh1dXoILB8HO7l/yq/6AyI3ouSV0GdmtpneoeKyStj+WlPVaREIdmIzup2l2
   +PySH1Kn5ckfcvz1RVQl2IL/Ba28Lx5KqBgbtMdGkfRmbGvH5DEYGiA7h98Q14Lv
   6300MpgLbVjjs3h5QPUYp3tbDr5fUJZvAPJno8NtI5j7KgbPJmQaCNejpqJGWx2s
   g2X0Vmcsj7X24PHknpccTXCq5cAf0rV/59KidMJgjMkVhYSnJVJ35wteFmKxYc/l
   lrcU1E3TJMOoUCeIoTUR6BSwuR9v4pWxkY8y43HZEqPK+lEx6m208woHTVx0YYoU
   76/Y1JC7eDVpqFbOwDCUqSCOZmOzz0R67+pxHNSf6y78gLYEIySt3n8OViIRH69E
   XMChkXCvj6dlynO+1zaFMr1XiFbxzlsIeqMAERp/QNAWAb3OIsqvAeZpG8Kb5byz
   54+JpGZcYQ8VKkhrDt07oE5EM4ACNMQSzk4UfABXl4npNvBUbKZ3FRQPUsHEtLF9
   moSV4lzGGV1pmgOY5Rzuwe5Td3Yj9inGZ2heTO3VywoBN2iBmk2chX2V9xoUO5oA
   If+wmAz2SM3vwT71krjWztCa25BH6O3RR0bFikxREWrfbS3stygZlq+fzmsmSnBe
   n/2AXYZAUV9J0M3jz2FPHr09/y2TBoso9ExI2kSy6pgwqnqj3q/tMyErXgl6FKOC
   /OXMSn40cHCX7ZZ5ud+XJLG7bAb2izzG7jjguLihCL/WxUwQMQ46jzPaJXcg2ioR
   PAQwITRsWGuWR3qyqaLeHBRzfpSKE6I7lIdy5cz2tD7LYrOnx3tJHjiXcyTbzRk2



Gillmor, et al.         Expires 8 September 2022              [Page 121]


Internet-Draft          Header Protection S/MIME              March 2022


   69yMTNciAjBsIcg4VtJ6AKgF5Clxrdu/3iOMXtjOIkfvmlEl/pOsnhkprkQVUsgA
   MjXBclOyE675ukj0TYB5Br+AJfa+beSgZ/5Hd8H/vhfS/0v6Mh6eFyaooWh8w5HS
   jQg4TKzfnRyLMqOC5Us7UNZS9KNtp/g2FlYHYJX3CK2+AZfPtqn18XnoCF49rK54
   S1e9rwAAa9gSYeAsoiEm3tCF+UiFlauSwzDgK82I1TCM7Vm4gD0Lwgi1z8OpDZXY
   U7zavy4wLQhYVdKYQH+kItxxMvdyeu4v5+Fa2LH9+V/wg7lzMG9TmutDOdDGUXy/
   LbXagLTbrPhLqPYVNK1kb+UMuSnrB+56tRJqdZnlC64kOEOG/nLa+K8p/ZE/2jZs
   avakQn7ZXZs98aQ7NKFxNqJ9rgMNB1NMETrVA5Wtty+6WhlwfpW8Au/Md5gsdYfO
   wckX/W+t+87UoW99zM6b8zOkFpfFNEgacBD3EA8dR8TWIgMXUm/Sq6ihlOpInqI1
   bbtuCqcgogz3uKgDDMZilb1taTAutpKTFvPcJ9rMoxC1HYuXhyrn/VNCBGMOVE49
   lAkoiyBesIPM5UQb+Ys6TQ7m/ALazY0PKLKPEWjCqnVtMkEjHIn5b6nDZvQwFoug
   fW2Tnzi0k6OIgiVMBNmx8+zBj8wflkeqdbZ3hS6Akx+lHXVeNGFq47VKwojw0rIM
   bUBUk8rMC+lxJWPebgu/l/+otzeBnSipu8sIA/5dEtVxkXExEKun/U/E7qQZD7jo
   xscyuL1srcfwUd4W9intgyf/86rfJUc8yeAl4QOciAhjZvRc4X0Cf/Y8peIHRHAs
   YKjQQYhQuCT04IqVOnodAzd/oGtFe3nvPu2uNUCOD/Ct66dVHb+n+eB63qeB9T1C
   cqj7AAMSA56ZM9jDICPs33k1Au6Z85gsPLxzySmfk1dtcYsdN1Inh6d+olcdJXtI
   1TfoRY+1xhTfavxfq9asGoQjNEtDywdi8JV8vHQ5ja5fC7LE89qGSkc/lRbTg1Ot
   MSjnQSBVtjmPkNIt2DlWwtdDdr/aAPyK57hsXpwYMOtNSqCF+L8HirXdZ6K+7zBG
   lJd5uB8/EFP7oFi9+MpBSm56GYN8JByRJIF1rSCyK0GdrUb3/DJSd/sdheewQPDR
   ra17SMB/aysgT2xu2cPqlbr+/D9bGA4kTJ7KXp6WZ67kuUC3JtKkaGiqfcESDKym
   mIglSN1W3BflH7fIxgszAdRRyEw01MaipgGbFsoU7sIKgjeQ56sczbl/PBJ3xS07
   GamCZ6m44m5DhVs3k1vawuZqrSTRsxFBVrSYajL6msNtLXu6l4IPD6x9RZ/OCDAt
   CgmX2rSBj3pg0Jx+X1nr69sVhTnq9LbB+GSu85eC/siDkcUEXaV5TzSXakE1afuv
   ESgOpdP1YFDIyiJmW0SKS+5uZLGvyH+hI3UdIaDt+Bj1meBmI+Q8poXc+jAqk2Qf
   /vG/2p9o7EWgawk1cuch6zDa3r4iNXWlKQc+lojXQdP5YhpRUcDKCGe2hdelk2ku
   cdth0i5lM4YqZH71hP5M1df4uR8iDRjyTJCKGcDPVAKTpUXQ+GlbgzZxerv6XBuc
   Ouxmi36H1vzHOBrGgJw8FdXIosD/O25gSJUGr5Q2O9YzOOpcvUZiU/bSglfsb8fH
   9us8+rlf/qHf9Sa1HTd7g93kgTx996ne/D4xtnuc6R9bcUcYmoME14u5pRkHjAAq
   pAv8c0dFypwWm77RLb3SdSIqhuIQ3TK34yh7wILMHOAvZD4O/jYfDn8aMFz9zYBy
   r8iB26Oyc7F7Gn52aZMoLoKuNYpJCE7UsM1N2pkyX5DhkDA/JHJW/5LOtmFHfSfU
   mtkh5PR3c/DcRjsSImjWAW3BDvyOUlgDcGE3dVKzpfCEDwTt06+bIHHpLLv+otYt
   uu3ZbQCNQmt9jCh7FbEYRLixr/as8MT2HijNbBfrT5m5yyo9jAFgl5kLMRe3SDmc
   5eevHjA7ymNRPVmDPAK2yoSG6agF39CmZfZZS07Cwdtha3+YfHIfEaB8tdSEC/YX
   O9g9AQSjTCbfX1TK/bwitDFeTZhLEhQVUK5jCFJECQS2uOiqpgC7Hiv9MObH9GxU
   FM+E+h3Osw0gPmaEGXh9+2V+tR9EwzyE7VPjuUTv/aMl0qdOxIldZWM63BHBqrPn
   y1p4MId6l4zULkZ9m5xnXpBEOHQ0vbwbN8+qtfRTI3axZSbwAJAxvisUtLZDExIr
   Q4ce+BNEMH1QnrKlSfZlIcwC9UwvzDfwkFm/zkiZ34NVPWHT9ep2zJIXkQrQ/ugY
   HOQVEwgHODz88MEsY01V1n2rC0nFTnSMbnwSpOH+cqn8gt1ogwBNYBiyfrFbCSGi
   7p4bUjO4MTXG6cbhZr2ztouRuGN4PWs5aWshQgc204U7mkldftGRuGxOHD6uxr1B
   YllOJHEAQSg+Vm5mAPG7txzMHldLlsScGdwviP4TsLmfObJsxyr8JQKJlB9a0W+2
   r47lIxOZ6+sTkOFIbzoCEH8rlwlpUIJI9QTZtc32bDI3bfEO4DFqUMvrN3cpS2nK
   Zr62fWlcM6s64r2cjmaMno1kwYB86gwZbZbxB1yxndMcIcsKb1vpFpEczg3b9aoH
   M+54UC2/YKtGc/j9xDZgQrivnN9YdMlXq/SSa9rBNGYUiALhkESxUFuc3Q6Kzxto
   sw/OJVyZoDafAF/JnpcFFt0WaSbC4BCnLP5RSBjyHXTBYhN0JWDep/E4IJc8i8Ha
   +LYIFuu7RySDJ4ciLleZ29rNlcEQ4go2H4GX8F+RlniC3oXHYrth6Hp/STe5svk3
   ZtblNLDP/ETyz2oE/0O7NbRmncVQ3/rijaRQX+Lwx59bc1vxeLOOomatawh0+F06
   UgC9UYXHpltXBnJAFVQaScpez2hene/b3WMcl6lZaWFbslvGjCQqfuWXtKt8KSdE
   8ts/s1PAmLln0a/35q4Hu9gMTGT6hmxHm9gyEPNyLsNW/LkDDypIeG4KQ1ha12to
   JILz8xufltXOwmIiMzWyGrMLWZriPhT2XL3uwutMHt++0KCcpG2v2HdOLvaA/+8E



Gillmor, et al.         Expires 8 September 2022              [Page 122]


Internet-Draft          Header Protection S/MIME              March 2022


   Y9/M5N4Vd6hSNGHKapfmypZB9ECf7jnXEkjvD0u+Er2JJ5G73e2u/vY4H42Af48k
   ZEKdBg6RRK7yZIsaD155TgOCCspcyoiHKmjWKzq3uhT76aKxmdi7gYfl0GOSZjc2
   zNUyWzjrCiehuz/tdFUsG1hfjcja158/RPKmXKdIUBHpm6FQTF9RKhC7hVqEjXju
   cVvmaNC1g3hkvBPEu7ZGsWj4iXG8YxskrKGYB3L6RVbhJuSw7QobThAIH1nI17wC
   5JnUgILU3HzPFmA8A5oC5CrMO3u7p+ambSZO26DRtYElKk3TuynuNwx/UejPWX7j
   S5ejy62kE7vsOEN4mmazRRxDxQC1RjE+XrD9bQR7/G0z6b0dS3BdxDQgnXIAyhLA
   Iaz52rMo0qtun6gNFR8ynICetkwAgmtg+fVKqCIIQuV5zE8nw0fPVQfG2hmFf175
   6+btxw+wUdUJWML/NjquSf+HSP7QXVRzCOVyLsX968iIwym7G10e+thPXbGhXqGy
   SKxx7ZSw0SVDn89z3N58/Lfdi1x84gcEa2wVkssffysVlOIzE7EKTtU7fbzYW6MI
   ihGnXkuQvAYwgKPw86nirrdHXs8nDIwjiuo7//VFzAwnqqTQxkXzbyDQJWZBzZKg
   PC5GqEe8O8mtvanHZFYFytM8PDOxgmTbcNj2QqvTY2XK2nhV27ce7LLK1KHTTDNm
   P8APqv3zVYKugFx7dyCVwPEpgayshnf9wGVfyVd9qHRb5o3LNJjxq8Pg1BpSOuzN
   ocUY2xOES7b6IGm+Apg7eJcl2vmC6eClapHg2U/S/p2T2w5FhWnonCAhO/U8DKBM
   DsMb7+JEJMCIdpm/0KbA8X55f3kkeNShwaDmKJMoEzVXiFMBNBLW/js9DJrPmL+H
   R58bo2I8yRhYnOmvNggyk/pp/JMZm8rJtcJTyI06M1sNuVUvNeisMP7yVgH/KLGE
   734aRoPQWSJA3IrY9h0lI+9zN+/0GB3db1zzImIP/17p88DPXeCW5My4MOhQYU2K
   uuO2JanljJQs3h96Ps8MNMbvRqZGqq2poWLe2PvDCzu23/XIDLjPQk7b1Ttoa1rn
   GfTjYW6W/5WqUrILkrdYWh5UBqtPdt+N0kBk3fzeOAheh6CGtt00T2+sRjXM0ABr
   9g4BF8uBE7nMYF5KorUAdmmwgD3XzHkLTFBlVpD9TOLvQEGJ/l5kdudRSRQmbWMe
   iM61X6D9wFN3XoYBj6Zs0CbNWzLnicOrUIgSwvndNQHUjOx7snPwd7EEpTahMbIf
   MQILRvKV2PWXCjiKZm6b3oiMv83UINinANxhP4qdQ/yHXJx8FtUGmlE8/Ar7wJqn
   UTJ5oICO2rANqCJdnok6ISs0fCYZ/6ok6u6W5sA/PuZKXLAvD4N+vM2ntvrySjcb
   lpHKJFOpAcomoLOZ60CCix1BXAtcejVkNSe835sJiNCK/LDg5I4bkoZ6/SsbPS64
   MkRCaOqeEK9aRD44B+UYzz1cxfAlbUFPIhu34ohFgSL5T9n6NQQ5ARPvoZYSYcB5
   Z79+bYs8W/c4+9F7GAsIy9WJWuJLK1s2gGlSsf7uMkQ2t4ZblN+sNmiL/II2UvMp
   maoMvSTdxATlVRmuvT0NX9Zh8M4PpNF4Fc6UhH0hqnHza1jYBEkAHeZytB47Hmq/
   OsRY5sHEoNJIsoU0OUlQyKhf3CcyWovSl/CKWoasFNM07kb3Sc4sUmLBd964UkFL
   THi+6MuOQvWusXO1Ba5g8XGvMB9T2B23R3Tl61XIFOGRoQ6ZOgnvPmvaEv6LzW3v
   lduQRgkUnYXOYDk0riNqIZ7o1u+60t1MvpU2MMnRoNrWgj3V2QpPyV9P97r51Yk2
   wL27uGVjELbcYNI0ufY2js7L3cfQoY6+4SqcUrlvF8z+RHKRHdz0D7V8pb6OjOTA
   +/ugp/qFXJYPqSi9ipmzoA8+qL378pusJ0lXG+A0Bf+T00nzEzlePwflle5pkQxc
   FpR9cFHYsr6aAmOqf9nCQhzcMPT7xQkfpn9hKMFwB5lbMRD8NrYY0SH1pfaEMDuO
   jMNdqO3IrOTRMuHA9WYsJK0wN/RM7LrLaSQPTqpWMFZhF0FHgcrheuCth94Nvi/D
   MEN/saGODFQJuqpyzRtwkMQGvNE7JW98MFk6gHxZIXisVn5BEksPfM3EqFci6UfC
   bAn1/8XFw29Um2IynHBedf+fTmjxg0D+aazX1jxeGyZ6by8DrlJMxq0yFO1HtLcv
   XwaHFeKrF/tD88VHsiZuq+ek/AAZmrD6C4aSTtJIPysF5hto1l0lIJD9tPC+UfzS
   f2oD2FGKE1Y1KPE3uPlkovnvNfdnV0CPq/17Zxfa30KRZTDstvTdc5+sZNxmbfVZ
   ZnbfQv0g0vo/E8iG5V2Y+gVHRhHwIR8E71/n3JXV51xmchvvJQ9JNJh4sijEr+sH
   7j5oXuEeFqWsISVHV+dlXTp3GZvTAiH2qgMDgbGSP696+VXsTp1h3L7/PEYKQkCG
   d/ntsjq4mGQhI49Je4oCq3+5qb9i9gU1H6g4YFLL5vhkumdkL4mw8KbQoF/0kmGS
   EhzXvd0mPTrlSb14ObVcjh4pvhLJw5uc/AHgCukSkFde3n7Ml9mpqgcJzfHTPYiK
   lBxfy0O0F0ZB5KgH/evozRKQZT5mLO0oFWbjtQJkGxXBhcyqTyCb3/zNGMonfk3P
   Jc7+ooybNn80pZzYHVTaYT2MNVFqKfy0GHMBA5S6SaISzoKtxR2XMwKAMGqInt95
   Ie7dK/Ief0WhNx3iCexZeJ70dAfYMbAqghJYEFyOjPb1I6p7div5cnlR87Q45UQf
   2VLRlOQvAR1OyNk+DxXKFesn61mejZR+5HeeLcu5h1d0R/broo2IrZGvCK3oDWyV
   meuvKtWP8oLn49fA20K56nG8OfkEKXNv/TVn2YqN5llNkU1E+d0v6vF3jFWbuqu4
   al71ighPkUhWrVbXtSRydmNA/gjxkj/hPll1MfYiVOIfQ1wrpUgVpH50t4+a/cYk
   jtqEEqPQtL9Jf91Y1i37JJ0KI6mH7ZIYXhcuPOGEzdQxj2CZxCZgIwe7Lb6GAu75



Gillmor, et al.         Expires 8 September 2022              [Page 123]


Internet-Draft          Header Protection S/MIME              March 2022


   dLAIFwtzLdkKfFXyVlZFKig8ADzESPevxuO0TkNfX2hs8MB0nUFxziE2sY3XW5ih
   vvaQc2o2KcpY+irZj+B1PoYPBaHqcxPAYgK4pdcUqkgjVmLSqxqyStrMYS4/glOr
   cDWhFpYUAM6i55g5ojwK7WJ5HEws8+yUoniq1/d0PsiSfGOxm3P/cf1bPHsXW0Fm
   I6FO3TFT2eQjLU7ZkZTSq1TrRH27EHyJ2drlQUM6aVKhSiHdqTS5hhpanPwfhd3+
   1TZnWC9qLglpCwWjut+r9bqYS2hyFLbR7YCT3+jybEGQBXDHhXy+Xy9jixADek9/
   IGKnmujmTq8F1akLgi1puSBFV08tOTrIiKZ9jV7O/un9T5IIq9eTPFu4dw47q67w
   SUg+ped9JU1iMrer4gmdppjRIYheCUYSe9/9wmedaHLYkYnjNzHqZZlSlxROM10d
   zPe7heqZGurSfVamOl2TKGYMYkPg9j/X0xejK0QQnkW8zP3Ptbb2z2ul/lIwPAQp
   TraAOK74FHKLCkQV/B7Vc0TvoLbyNYWLwQkkLqvwLVb3FdgWSjO3ed0V4/lgJF+A
   DRsBY5DLNf0hSXgfvgMa3kPkN+oD8u93LuIFRJp8+fGjcb2bMC58LpyJhhVUhFQZ
   JNVxhWn0bzuF8VSZbyek2NeIGLkDCziLrKB0ncnkeD9Yry/dgHN2ycWijJaI4TcY
   ixuCz6wtR5zzpxt3tPuY8NSMMfLW3+SH+gwGRpLS0E4QXbFCdsWoiuLduN60A2gL
   5pICZpsqE38z3M1yL2yYc0Kl4BvvNlAsDNXnAET9xadEyt+wHDY1x5VSWONM5+/2
   vgBq6YJnDDgP3fLIUf23nYDH8RVkRvewaKFOB1q0TtWwb6mmTVXFDEEsjjsHG9uT
   uNuGWi3yej3Q00HaqWZ1hdj+gNYDBikIEyvTRwJYWVELYugW9KLJIBLA+Ha4tCbd
   MrPj2jslCXcU3jznPA0f2elPPGC2UPhwFEfo4JsobAGnBbJMkLrFkGt0CId4KjOq
   hBJzY+nG18Lad+pAhPixagmYYr6L4g4aJADhORtoqsuIleCw1MfGxpFYOhbdyJL5
   NcQQwSZKRgVBKuRafocoIvkGrxdCaYbTWS27kVSvT5T7Y8REBMv6akipc5IrUi70
   ouSl909sPj5dz9kJ0RPqTxlUCUN+5LTuzWRxT+EyOLFxX1CjibP8lSjovji+KG1F
   yuHcQh7v9L/amc0MAsFkV0VSMKJQuGGoN/BaIK+yVidMO/P3VNiDHloPi8AalxLv
   V7aAsUeu44NI+V3dnDW2KofLxCHsc44U+c/dpkyJWijRaoejiZ4U5G0Z4RxNRHI8
   cov6b9CP2WhxfoCWqatcsg==

B.3.16.  S/MIME encrypted and signed over a complex message, Wrapped
         Message with hcp_strong

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Wrapped Message header protection scheme with the hcp_strong Header
   Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 9470 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 5994 bytes
     ⇩ (unwraps to)
     └┬╴message/rfc822 1813 bytes
      └┬╴multipart/mixed 1749 bytes
       ├┬╴multipart/alternative 1128 bytes
       │├─╴text/plain 373 bytes
       │└─╴text/html 471 bytes
       └─╴image/png inline 232 bytes

   Its contents are:





Gillmor, et al.         Expires 8 September 2022              [Page 124]


Internet-Draft          Header Protection S/MIME              March 2022


   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:11:02 -0500

   MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAE0WeE2CZplu4oxW9silJTfwzOsPhm847d7z
   qIXcjfvT8bDw1Ftlv/4KmZLDPdBnuisuVpyLo4nnCIwQJYpQgGBTT6QS+49zKBE6
   MCBAtAEpO1EX96vni0EnBTirqrlYTpyCfovzY7Wit0AGZtagvTDbUFZ0x1zspCwd
   jrQHxNGnPvIUgWOmZvE8xcUU7goh5lIMlCrTSo7O1VwvBcAl36MvP2cq5fMwshaq
   5sG8Tisa8scczHgFPox8g4dRg3avviuPIeIWlhFHsjHOyxK//eXvbIAPvqSX2kkN
   XA2WosMZFaOFDbreUYfH3vXXKhM/bN/ppP0j79SP/Oo0zcZNrFswggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAHCEttYG1eFD18WMLL2cj4QA2
   9ufo9YrcguLxREsAqFgSdjNWumX+O6TbxzRXIRWUDM7Fgya5itiSeRX9vVMPqmoE
   IqvVaBvUJrC/vpqimtsZ1DzfMILZS++8zKvhe65KULce+nV5uQFdCqY0haaC+r6Q
   vo/Ync/CML6Gjnp4wpc5DWfXawIfTETdqw3OlRjeC1LN9x2Gm1rZRG4Ae220cevY
   fSeUgEwOAhN0JK0dKJV2FTaSocvlsjSpqeEvrA/7PPTXiNhx3MpW/5LdnLVrGLWi
   nf/8vbIMVRI1a6OuX5LIebtuiMcrDBW37Fz87G2WVfaLEGKlkOpuAq4Hva6UbjCC
   GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEHX14xKi0oQG2bn6PtoB3rCAghfw
   CwTQY9uTkxfjYyQLL9GBme+B4ar0sIhiueLsLSpDqYscvN0BUJ8d0xE+TpJm0IbY
   yB8K+Xu2ZuZEbKHDM6gkwMjUmvzrqaoFM9JdgEdV0xrEEAtZ5fo4CQSQdtOY1EcC
   gXaeqcek2pnEtzdMvpecyxJI+Swcj87MWMQkZC76ukWAJAb5HrzxWR1KppuRWK1k
   k4dSlEU+tkItRahC1nfRNdHbi/N4IYHFR/FS8efbDILhfnCsNrzhirBKkn+xCm9S
   ICK3vs9rLRSxMGD2N2gvZlnijo/rIS38E8qPvgabRYasxvJjpm9pYnw8bna19NA5
   hH44E1Nmd5/hF4MezlJ2HU4Fm2illB31TE0MPz+k1U/luNpMfkgBUnLEzGchYr4O
   +BzewtTsctonsul06hFrrHim5LgtaRxuiAJXnqmArH1N62eoFxC3t5GW1O2O9d6G
   hEFa1cWjh03xZfVOmvog4BUa99tR1SgQf1jkLuSGbYr8mfzufkCnxOzEZEsuumqO
   pGaxc4oX5J4ZiiGCMlK9M2L1/tDjN48CcZ3i1VWB/Dqb6bKHF3eEoy6qQR4aPWeL
   OQxiYK+mRcDtzOMcynvgGo74RmLMNk3rpjpDOM9ltd++8stxLRltZY4dlOfdlwu8
   pO53BAi0nPEwze9ApPBqp5p/bPHUp1lJNAGXY8H6tnhgZ3x3RV/Ji9KGJ6GJmENx
   SVI7r714zXjwM9FJHqCmzI2DKr7p5ysqZ+Qc8mw2CRsfz60LEKA6WGb0NlovfQXL
   tTq0qIOHtYe9Ge0ztbKKnbzbZQL9kQ/32dbfKasQxDczaHjNZ8dNGhNr+BQ5rVWm
   +8FwxmvMZDIX6Py2wbJEREUGCGHh6lUUGiX3GlVYFBnqI1GUxBUVzXxvGJ3cj5t7
   4aX8GRvMBrZQxhwuSLxSFQ/rPyTAusVPphPbwAoav2ZaUIlblLr4yHbawssp81sD
   svgW39lI7SRDonvdo2+qs5nPW0l9leeD9I9wvZM8AQ5q7mxvQkY7WDqX2J6lxxzS
   jP3+jvr5vGOYuPGYGOZeuFSZU7HZGnPGFRk3tWG5Q1dRGPi0TWXzV1eZZo08e0cw
   K6EuDenwxOU7i1LpC2xRxuJgdN4adAi2+AOd4vyJWxIvkQtcbzj57ZKPt80raQXJ
   l/bGRFGynFRuXE510jBbwdBzvseKMOvfNFqB4nv6FMT9zVpGsmpesvDDUdKLDayO
   sEqeoV2boFAP9EvIpmA6i+G27ECsh9cTUlYXueOdcBUHagcS9DT4oNt57euc29b/
   yKd5Y5iE3R0v6VquqewtpwlGS/F2De5x3ETXj86FmcML0aZ9Z2sZMJmVy/Dw+ixl



Gillmor, et al.         Expires 8 September 2022              [Page 125]


Internet-Draft          Header Protection S/MIME              March 2022


   bjVKliDg/FQZzGwsyynEcBARKvdKwM07/o1iYy5n8OouKlmIPUyUmDoix3fS1z8/
   RXYV30BYKERlNHxpPPxzhD95ECeWi68toMliKaMsTstv23mJNwAEh6TrdfXL4Ls6
   HfE/32ohxglD4q+sKg8V5QG8wVBnGpwBXd0yuUxewyeO8Xw1m7Y/PbCJvuSEj4G9
   zSOPXka1ViH3tcnFedmyBugNw+Gs1NHCo49wllf2+UCpaoJcC6zvD8gdQ737Gl/p
   tLvIrC6FZa4CP0PVE0omraIssica9iWZT1QaEWDZDSVlQQvBLfBpYA90XUHxEw2f
   8vWTvVo+Wmx0nZMhlU8sen1kEcKVJNuRC6XDq3fHpVJXnPkdVKk9ssvJ8IfKPSL8
   4cpG9bV7RrGymy0q3hDzbzCPVGe5EdT5EaQyQRiHOjDYx+SGyyHdNQD0nDOT6nh5
   C+guv89wGlYFJnjpYOpKW9Ex8yo3Ib4ArrGLTzXqdZaMaA31oAqhlOPkfp15xPSY
   clEMnTcEGGt98VSHJO1Ku3WDSC57PYd8QJsoFD4ayoYwlLM7Fc1X7CG3s4i6eJOy
   evfhxLQLiW5NX2/xkCnEHhZ7wWyXc6EPA4CQw2Rz0wyYEjEj/JQbcWqdn9eQnqHF
   6O0WW7O4x6zRtVMKYNkvOreAVL3Q7U5EyE4ralLZNc2E/4caDxANP7mXW8x+8QOx
   uJ7KR4z036DYCtZvOFO7d9k3wlwgMSxwJkBGiuIOP9QQ3xWXE49TncQlTIaFV2sN
   Fcl0JLepjTDCSVi1U+JqwjI2DZdAfeLtKkC8Ka4D6Bg+Aovdgq/0ev+dj8Pl+ek4
   et1FTQ6Db/v2POfdiWLFdp1XzSHsEnQlNMfzvintSUsfGB0qOWFwPUj5jfH8/4hX
   D0pxPixHA8PI5/3gSPho+wxgnbsd/j72VHlA+S34IinR+OH4SW+A8qCzcF/JGP5P
   2TSact6pbdx7dfdlcW0J+QC8ity5APj3cOss5XDe3gs95JBgZ1AXEhypZs6avgoB
   empIh6BBYeeu1+NuXmRxpzLQbsqNwivPMtK+Jab2Yw/ASZdqyBHJH8DLa6xi8yFI
   134xG6zMmGqW3Vnxa1IS6opslDenfDzZ2hCDG9m6J2CTqMiY7ec3uoT2QysRPjmL
   cx/gtUxS1L31u6dfC0buV7dcEzuBG0H7m/Lja6vk6Tr+P9D+j1cQyUExDvpGnEOj
   fhVRK//WmqWlxJ+su/yMvnSj9e51K0GC3yYmMem8Zyx7xSWOXpnBrqRf/T3tCAHL
   P4DgV/3jEfFtu0PKV7Hx05YEemLzppQ0GA1IVvnZa/myRLB//x1qVATvGVc7EFhr
   vKtr6FYfLfa7FUdMiDH2cxWx6/Zit+l7JT/PJaKTspmM7UuxWh6eBMEld7GZZMT4
   zaYrPCTvK+ykLj0FMs1ddbQCuD8BROzV/KgmTpiLQSmlcLpkGSODxR0K+8YVXigQ
   tOyNFEDtniIJQ3VoejaeLPX8YnHJPft4R9qAysU9wFdGJ1VPNCuDH29pn/i6KAPU
   Rl8ALoomj6W2htvLQtIrnxIcrKNpvd3FyXS0/+kSqT1WMfK1XdaYxYK1f4AR+P5A
   PGsmE9TA5lfkeYild3osdmL7/3n+x8LOOIDVxps+XdAk4MsQlnqjoazCysc+v6yi
   Y+eMl8nsaxiTt8d8JPS9BpBUi5NlTlCmGsdoYEBjMPEso4/irjuckLKxRDb8S3U0
   o6eo6x5IrEQK3/pw6/Vngiay9f32Rc64roNaCKcfgSl4MFJA2g5I4zIjBCL4stzN
   E3tHKN7dCggwABOSxThjlBo8Q9/ZUPRNXyGlMduAWomNV5SR2tUChA+G8YH4ESNv
   M74R4Ij2moY9P8Pl65M4iKWBGwZ9eHwgHKZTkDBNrOvfwJlcDrjinDhNUwRNtFB9
   hkUY4ZAYqInsedNkZRI4PpSEl3jUtKHILRx4O55De37pwSFO04uZ0NNn7xhFyQYU
   GXV0HxOHt+AkafP9TLFb76lN7WJvPHF43Gl6EYbOVYUDJ8XRktk1AMX4WH4bNz1n
   ViY421ca1q1/NpziXwAUEBpKWm8BR6mcBvZzNWoW9C1tQjWW7JjK5FeRLlMYDMko
   r07Ra6N4/3ZCk+e5bNbJUDAuzb8eqdmGP6X9aTEE9IM+sUNeSOCZsAZtmOknyU3A
   0eLkJyhzAf1uOSIYkD9SrAcsO47mpycYfQhREhwCbzYdM4AX9y0TVsCmVRWBznMK
   z8i9jdnnKQYsSd131h4ZezvalEf4mWGDWY5bdXYwTwJfaFRPNzH7JqcMrQrgWJ9C
   7Im2YgUbOfTCqfxbVGZLstzRcONhn1v9yjXm1LlaaC6fbApPfolBzXSToXHG2FB2
   ABgF+3DvWtltSShKbmqUE00Ppn2uz5ghChxt/uUFupvAntbIoHQPzsVB3GHiyN2p
   pGgScgaIelUp8AUA/htPDdY2Ia0hLmGaxF6lpO3yt+uzAaWE0CSSsUJBBAT+kf2Y
   8WMH1+54KiyyujKFU0Fq/4JQNQ0/JvZNNx3M44rpuTPwpecL91ygQmQ2OLphlKyJ
   Ou4B8cJLexmiUz8BHOtB+xKWfGdnT0OLzeNni+f8HzBPRivcWrpdyyYgOJ/YZnF3
   5+tbP1UsLo0GOjtXL1Egtg71pcgFv2RSDzYIsYMI+C7evP9r7GPoZeqQoU5d2fh4
   hi7XGx8Hz9FlG+qDWhCj3JQUjBNxIPiEbP1u3N5ec/lzv4sgUwNkCcGKooPpm2HT
   ddHIYyRnAGm1/om3HwMiZ+pH61slauPah6padnXHkX4uxNwDURuSFbhcZugAG4Qo
   UDpgSuRw/51av1cLzEN42Y5FFkHWpVZSXf2+XTbODGYOWK4B2rD8nAP5XGbBKpOY
   Zcu9I3Z+/jSkHoO7NFk/SctQmcrkz7CBG8Zg4E6m1XTdI+G4pu2OV3AWSfnnUKj0
   4WnRDhyqPb25EN1dTQAGm9R5ltwb/lVxWqFKjPrRWzkifSZFKjIbFpWV2uqYhAeJ
   +KptyupEN67BuI887mN/v064HR/Vz93Uc4b2ypaOb9ZbMC1gbmGuV7ckFU6yBuYd



Gillmor, et al.         Expires 8 September 2022              [Page 126]


Internet-Draft          Header Protection S/MIME              March 2022


   RA+KadICGwJne8vTRf0KnU1ccldqyz/Zz+uNZy9KMx1E7DtDOKU+0Zydl4Uoeqzv
   4ExE9pD1QIc+XHvxeqQGk5wAYqM+65cw4J0PDJNTlKGoahzpyiJIBBMvh6Nlhg4/
   Ac71Wyv8yIczLyNi4wR5Tvq4I142AH3h5y2pzrUR2yTaB6iCYA+jClpQsLpZoTn/
   Ry4x/8wxc6+tXSXsJkTWaZCDyEIDX8TXJ6nvcDYQvLek5sLf9QWQeSU+VniT8jUF
   vtC5q0Y7BXcA0ymKtHFSB+rr2jJRT+680orbac2nTacuMF/YcTKclX0TXbLRFrqd
   hMsu9An0CLG5CTHIpb1VXhEzuophya1aWsXkfRkU7EteWNiV6Mfg8ASVykh7HTtE
   Zgn/i4vhp5qzEB5ule1VIoevtWmYQxuIqxphqonucqf4AH32lC5S3/G4OaLpJBDS
   DKsGVxF/u86KRZRN3euuy8aTz4pKxSaYp6IFpA5hNZYU8vk0YNd1wFd0K+d+JB4b
   y4tm7ipaJ26YgWE3kX4v9PX3v40UHMQVg+0k66GF0O0/bveWv0wg0KtbXWatb9c9
   xO3ZRWto0h/l+oylLPCSROnVbBoICJ5VHgME/bIvZUIGQMKeWv9f3VQsI1k4J+e7
   JX7SG0bfnuMczVS7fz6FEAV/k+1Z9HvjGXLfjTLXAJQOU0gZYbsr6ZfaAWyUmgBP
   M9BT4M6ucbdvNdKd5AFMyg/DFoH2yINOBjXgEOio+m+5x0YAKE2pUn0W/9xaw+zR
   abZTJHJdEdbW5YXiscG0MJKt1WWVjy1fGq7y6mgi0XqTMf6cY57DzR9k7hmywrpT
   6Bg9CStEDPEub8kNy+IafignKGkHdVwjXCC1Ly2U8P50sSifmvG+9vukY/E/IBgB
   J2x8j2OJQ6FaiQ8PBhxVo+gudwZTQ4NKpgCiIxv2CHERaI8ao+DM4uNmD5T/Kaci
   QWWG0mA+SA3KVvqMreaYKnMmwvtTXbet8zMLHy6knEIBe0v4Gp1sLsr7IugcKANl
   q/IahiURHLXnsmrLVPjojdzaK7uUJuuchZsuuYVJL4CnV/Uo69XvozltlZ0APY9i
   apIFDpZuF8tTBEHTU1uY8mCY918T8CqIcFEN1N5B6cieWhbNCzgR4C1Xl+YsCGgs
   O9dFKtOPKIMJvlk1WpDVIHb4Ae6Ogv6zIUmfnEQlGZzYksOauSQia1EhXYly/3Zo
   vQOenTXQDo2WuPiJohwP3Dh6qQuDkqgPmnhZ0EggdbxvT4xVAvRc2jwOag96XwqF
   WcLgkKDeIcORd/JOBuCyMNPF1oQT4Tqse2TrGgRcbxwLrUAHRhmYhuzvnpjSt9x+
   LCzkF2lGNorizv5Nc8sPSDIzCNKjC725BS65BUaRBQm/XywyZl9TkQ9tZP4vkQ8Y
   YIuejmuJFpu2WD+IhoLVKZgQoFckYjCAIdXK2XqYlpQFfUmcYmlcUbrLlyhwfVZd
   PMFeFvUmIwmQxeZv6MYTyDWg0OwRLDAxsBlrDER0GPbxRsz8y5xrlNT5oayp3Ehs
   JLdDuhCHe3i/TGfHIuh2NUPBZsmGrNCMRCx8ersWKKKATqGm+344paa8AaaQTVxb
   14Yx0JGR/21YqdS3NvnRwDDtojwYieQb1rr3xXae9vFF5xXgtOCMMUiyu4GVuy/4
   6FuDGu9OAzayfOcjtPQLYTIP+P9CNEagX2y+/Phsh9lw3fbjkCWNG3/A0I/u+L3v
   gyFaKP9wfi7uzcebxDlotFmdwSzLvO4idtjlA5F3djh9ZXY/R4cHqVuPgTnTJ7YE
   Q6NzLEHlWB/X0xX2wl6GwA0k+hFVT/MX//+a4sf9dRETuzqbetGyvbqJ8whNQeh0
   7ZyqtGRPxrBsipaq1A4NMTTjeT9usAJze02GuQK8FwBBhVXAKSjeyWX5eKiSIlp9
   X0ytTitsmax66xCgjmCU6a0zuGHMvb/fih2RnuQZoEVmU/YK8xPWsjhwR2vOo+HK
   k0XPfZOlDZLV+ZNMn28Y1wtfBWt6EAqKsQNT/pdDWjcbnq51NOxGaK2yIuznyew8
   KGk0I56x7sixMIfiye1v+vH5OzX68yxjxJ9Wf3ODjcLVWTs0rEi9DcPSXN2EB0UI
   N2Ovqz17RjsA5+YDmkjk+DnPUrKJ1IW7B+7Tyx8Xec99AbsJ4kmnw12U56HlqCdR
   HfOWgI7Ci0Sq0gFozVDV6sA+AYuDGURGaYdWkBM+4VvoZyb0ZSplXW5TfrppRnmP
   yJnmUrRWotuLYxHnV1WsN4Tys2KAXYqbjSj0aGSuUXQxjzPrkqn5cLwxstaHUYr1
   8TxNpQd3uzj2E2Y/Ud485aZR5d0VRA6GDqZc1V3IV3eYDxktBC00K8rT4jhBsUkq
   oOEBjlHqIrRVXZ0XdFAjUO5ihzgGlvTB//DOI7xzpmfO80/ZREtNT7LubT5q2EEe
   M2rJYeOK4anWYGL1IIsck4o5rAT3Wyrq3qReKPAk3Vo9u4PIjmZCX1RE6Ypl7B6i
   MoA/zdlp5fg3kNziivSSbTeM1vR+Vz3XD3/6IeRz6sTZJF2+Jl8N47+W7yxPFKHM
   mia1KU73fNbjXXp/4/l9bZAYFQoatqCsxqTJSAU17f6klXVYsKnsnHMiZcvlJ5OP
   /2Tg25JB4Cuif2UyYUDGTw7ZAWSnVQ56eYYPIgSqJE2+PBGC7a+7bKZLeZoRpzuh
   iODsg8xhw+olSRMO5i01myoPWxJV/hochADoHY+oyk+9Gy3YPHwNUYZAr5glMYME
   m+BA5aY999241lkL6bs3JZsdROR4/m+eVBhfGQq47jejWWcPT+iB9/jPWjfLEnzU
   bK95G61z2uXASIDKVR0PZbsl8/YjBHsgELlVgYXG4pnLO0L+jEEZK4PZHkOEFFZ0
   0cGAVObOkXoIYr47Kgy9RcxZ0APK3GlKmGzCzppqu1x981MyIxllV1ZDkFWrYyCZ
   eZnQXlBdB4UkDTHBBqBDWXKpBHqe2lwrzrNDUTz68DegE7Fsy3RtNWBXdDyNneyg
   6w/rfYkj8i5prYqceBChIsHG0HHoXzpdKAqkBL6WH8k1z2Iw3NuyDFwq0ubXHrMo



Gillmor, et al.         Expires 8 September 2022              [Page 127]


Internet-Draft          Header Protection S/MIME              March 2022


   W8PFxlyh00cdfI3aecM0l7OH+eo/fFzMpQ3Fc9VwEYgFuMmT2BoPSeDLWpInOAKn
   5p5sym5uRRfrosszXJi43DkQJuOmX8gAHM0IfdKkxC61x/GCQER6jLoNBnHq9egY
   V3lzG1PdL2XjjgJ7Gm7S7CPTvO4uPi6/DW6xIHS1N8yAfvOQoORvUA+feom8lXkH
   raLUgRGx/mMyAjvnDpE+QKvXNVRqEAPQ19p6txnh4uB5BvDn0Fvgqvi9TT0Zh0qM
   m+rKKr4yJONSwAktkWlr+h8JdcOonx3AD8bMG2v6jNLQC0D8Tab2NGUiy1ruhf00
   iGXn5rWe3q4mwmJhEOgTeVc42rURcOjIrh5njcvwm3kMIyoF2v8+1FloQcWwYu1G
   8wyAGJytXy8UNi/W4/MR4Td5tVNn3sXIjoRk9sZ9O7ILfIU+4c7067N5VtkAtdPT
   BnyPvEaM/hyyXTxOZ2kVXx3pC2EB4HNQMI9AJfWFcpw/tPupk5JRf2bs4CD06tB3
   GnPORggcMCjGhlIKY2we3OW+38sCY/lXgYd2FWOXupYeEytax0iQn5ZcJlMLIzQ1
   vAtwSP0ighGTimF563kRlmbveO5H/Tu4MWIj5kr/88nMMFWKdIY9FG0NViwfEFxa
   Ieem/FtXVZu6dn0kCG5Hzkwv5ITErz4gaAJpbCWgrb4=

B.3.17.  S/MIME encrypted and signed over a complex message, Injected
         Headers with hcp_strong

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Injected Headers header protection scheme with the hcp_strong Header
   Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 9490 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6020 bytes
     ⇩ (unwraps to)
     └┬╴multipart/mixed 1779 bytes
      ├┬╴multipart/alternative 1132 bytes
      │├─╴text/plain 385 bytes
      │└─╴text/html 480 bytes
      └─╴image/png inline 236 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:12:02 -0500

   MIIbXAYJKoZIhvcNAQcDoIIbTTCCG0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAHU8bGe/H5LsJ+SjrpHwt7+3o55WiMyCIM8u



Gillmor, et al.         Expires 8 September 2022              [Page 128]


Internet-Draft          Header Protection S/MIME              March 2022


   JDc68NB26HoxcT1KAtf33RWDG0EF3HshliusIPEIu99f46HunvPjw3oIBJlXcMmQ
   8CHOFlx+iX82VOPuiW0O8lW6+aVsK3zZF8gxiFoUh/Z+kgL06L58OPM8v+V2cwIa
   ApYX+6UXWvVY4CBZgpFtv8/L5tvwIFX0Zv/Yl50d4U/jFzc7GVq8Baz9JC4UjPrw
   5QYctjl3CCCLNdssAzgxb0Gb/2qXUkPKNel4HxCBE9tWVtAT6N0pJ42iGEeC87yy
   RRk8MhzpaVghBs84p17CCHt/5e2x0Db7RS4fFxzr/KHjy0daW04wggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAjQAOlUQpwd5dQ6rwccqfmudD
   4Vr95tB9KqwFa6dQkQ+ZGQPO/rJMcL7aH3xKJZai1UmzD+B7Qkl2TVg/dCCkyxHC
   9OIIRVw4Hd5H90/K1zxuX5D8bTFsZrbgQMhHTo6GnxZFbkHrW5Cj/XDYmpFSdORg
   Sl/IpiWgxp7mkCM2eO5V8aQxf7gYn0AXW+IWIXnG5FsSO7ViTd3ar+/n0UhZDuYQ
   iE5Sn0iw15b+snWR2u6ECu5COerDvmQA3y3p1DTBQzGpJnj2wWxkSqaunhJsF6/r
   UCaRcXnjTtoFVWegVaY8P/5ZB3J2OpZj2hBazyYi7t9623QdO3PHmT8/LeDN3TCC
   GC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIrz8pPRFcIaD2K3N1GCAaGAghgA
   DGzTGc1dSEpAV7+00CnAVac9cDEwSOG4Loi6QQs2S3iKN1F14B2sdxpfOQq5uvGu
   vfr8Q4g6fYkQLeyJd1vPLjaiA43chMeBl9+2qZVb59rkj19XX42EIHtSplGy5/IU
   5S+BLxju5tV6lkj/akkXKOtUDAaVv7mtZqQE76C8W9NyLj3uKBAfKNngz7KcSQXz
   1Cc4CTI3/S9C2BmV1GjKwLYxS4ZD5S0CEuc8NIUCPb7WzeesnVkN2ZFZoq5gLrns
   DB1gTxu8a2vU1cVklyNohbqC+6IzkCaJUZo+372R05nRLFlwWAXe0Ur4yRa8P0rT
   U0XJ/jo0EIQHLkQ27DKmEd8DWEyJZsFz4uAqqcjhlkLrnCgSGU3AolKkzXvs9VVI
   Db7+E73GQJ9gNU4dDjY+zrVC/ssM8JmwlqKQ9SZ/3p8oLL8LVQ9hiC2j1XH03W52
   yqph6lWkdBL3snl8M4fCre7ukmBbY0Z8JCIFu2lqvMndcvuIy6ygUH/Mjhtz7soV
   6E5/nuTKWZgQN38LFnjm2YeILU0GsmBDjwfyV8S3aTRoQPk3ibMAICJi84SdzIo+
   jNrYikZK3isLflU9PDfle13cmmLcZibK6cceDwFyjR5A0RNgz/D4LIEsQWaq3fW5
   sw758e8mWCbOyXG317vh5TV2Y3wTy8gGIeflPfA8jCSVu3xnMxNArq9AcntgEUGR
   k3C+UefHb1CWPC9+aW0/U83hFyelfCkuAIS39aFVbI3WHdruUd53cE+D1qaZ7AlX
   Dga9uH5Yv4RFkrfbrTntd88k2yv1K6sXYCek+MS723E6NS+cRxpUk8d7qIbIXhDd
   VAvnxtb2qrk7LB/lK0rvVyI2UaH1xh6JRy8TjJqxA7WpBnQ9EM8WBtruzQmqmg7F
   S+l8EdGuKTqG3xhFjxK6Y/k6XndRiPWn+GpRv//llAFqbdm4ej0kiG9ieSfzGoa9
   cKQYw6C8u352uDaB6Ek7GYXMH7dywq9DJOdTpojQUWr4QX+m7Q1qmpljgLfzylib
   qT1Zw8fYTq7fU3QIvmFTZBYkvoU3GLQEOWBS1rPGapUNl2ntj/arj85BTOdMZVVV
   m1RN5qxtrJjA9IK5oMImYheqq8T5wBQ9gftKDMVdb6pPNqwTu3nbjyItKAt8OL4k
   c8IbgH5bTuNcVMJNlUIdxFoOEudnJzirckB7A1RfJDlgDq0WkaIBQsw3YV2npfaP
   D4lkf8HvyvTE6QbEDurgon/rDy6TQ2+bupgrsoCRw9+yvm0CHjKDOvk07L5ZNo5M
   LALNbBRtUgyyM27hkmYKSjGx9740ijlzj3eKl7DQ6XPlhxWPPfOFCYCPY5U9440g
   1unbhT+q3F4x7Lk4U726O3gj25h+SYJiAf+5jRCCUaOpjAaG4ex0s8kdEZnvSLH3
   0w9YmZr7w43Q+3C0IY/du3WCMkj0EgNWeDEALQIo1j3wEVOWIxNsynfEP7ilKGWX
   /L4MkeACKDDYMbXkvM70khXuH0APAGmw5rwuEUH2Nvr4rTvRI7QKMnDJ9BiNKK6A
   e2gySoYelX8c7NeqdoEVUUyigF3rB8LNOqOHqMM7AAsAyt/yjFYVXxze6PXS124Z
   ohTlT3vJstmrAfSsyzc4q29tU8Aiy0AT3xmUe7lN2/QNyzHIrp/KjC6OmNFvcDLE
   dTXLSxCUSLJby/rJ+YH69BJxledxdfogY7JFIXM3+4Hii5/JAsuAGkGpjsmTvc2T
   X9pl1/08ChdT5m1wRo0PqgtXy3Sfyc4hlFDhDvCk0kP51Lpr9YHe51HSRx5x2/+i
   mcSbDu1LU+2wNdu6g8+OResU5LvI87Mt0sCFRvV7yawg3gIt3tZrsStS543vilWd
   +rZ7NQfC+GK7wBeP8xcGmb6LgdxTpJQmW7bOfLkIzXQHd6cd/Ezm24X5WjMkFKeB
   HRJPGK8i5FYjQW8I+26mctTjPmo3MN4m2aUzU934aKZWnnlHd21wahtXB2Z7CNJC
   7gpsed8peXWUzQ+ZTf8nx+nMpq8OdB4CRJl8Ah+GWBu1tkL7P1VikJIOQWE4ef5P
   +wSn1phsQDeZWxyIGjcRcDwah6KougxOu9liqv7Hcy5fbgSDH0dWTJ+mARcQYiP8
   EgdkQ0rmiJJ3INAclG5jle4545SJTrIJqC5j2q2oRgj7JHe515QlIfzpfcNOxi6v



Gillmor, et al.         Expires 8 September 2022              [Page 129]


Internet-Draft          Header Protection S/MIME              March 2022


   Cv/51Srhh9vovy9f6SE92adrBuYf6m10EpR0UT0iYHKPEwCFkA73K6X8crEUXvGA
   PuvzXqqC1aK8kYcYYUKDy3wkY0L4XaO9iNHQ8YDC0bwUg7Gcexee5H5IOC4F1lRk
   sAGVv6QwESYsAikD1qS3d+IJC0DLasJ3OtY6ibSjNBs64A/SWxSVgrmkvyUK8GYs
   bRoLyedYYWsaJLIE4w0SR4LEcNAUsS3IXFgmwzuZfwI6++kVnYnP/Mzfhai3pFOy
   CWn3Q0n7egRd3athFzhalQMSo/F6Nqvp0cj/wQu0Ebevqnnv4hEi/QAVkzH6wWed
   bo0JZaEOEfHHVtK5gHqTbcD7tIxiZGIri6mW4CbdxMYBsMdA7D+CfjmFedVCZTZN
   Hhi90An3agODUXbE2W1tKMrUfxwOS2StF9MRWmjUtoqkqQMp9CSpucAxs57JTHER
   ex/IkrkJZUZ0dss7foEB5kple+JLA0Ilg2EzakCkcoC60TkTY/X34c+azZPLeEDM
   vfNA5xqoiMWOotE9WDh8wlXphW8IHD9ixwPCaZGUNx75sQjqOMxh9UcgRaaolvFo
   XfjktjmfHbhTc/J3VyMxgvcS4WIU+w0Ru+DaDVzL/9Kl1Vdyrbel/SDzccYtDax3
   RpgWZC8/8h996H/Xr3p6gmFS10cQApU/SlvU67Ka6A1aBEIJnrIbv0r7hefAJPe8
   QIEyoz5WYJfaHpHSg49BUuS/vQB5XbvDEbJbTutsF7NWd/6/8R6iNI4iRtfYxrSn
   QCu/yy78iomVpwpFR5qdRpwIIyigs4Do8yIEeKB3Woy1LHx0bsWrQqvQdVwEIszA
   tMkqlW1BJMTqPE1aQY5dwtr/zde2gZIIv41NikHHaOE6D+q3cNwHgUcSeRU1B0Ws
   Y0KjEUhkb1tGlYVBsvtYio88JaQbsNom2MRBJE8eW3gNSIeYyN2BuUeu3MGcEuhb
   x5kymYoD8rnk7UE6zrDc/pZuse8sPk/LMsPitFL1I1QXRjRyc4EhINUCjPI3fXyp
   8rN74Eu+lR22AtXc95TzUr44sr5Xi2JC6ZD91jxexS1TRnoSkd/ODPD00hktkn49
   9vLH1HGtGFRg32LW7SCS2gKQFRf+t8DHGQBKyNt/UoOWGdx9NyUeFS6bqQzlTR1z
   sw6UpnfQt4UuJR02d8Hv4OC3IVq3n5NFEGi0301Fvi7v3TQ4Vd8j7nYH9BR7IeUb
   eES3imAhN20cjEOy5cwn/pHh2TuZQpoEyLAkZJrZzl57Uxu84xRPSY+OyDUU/4Rw
   L3M1pFSTXjG7cJeWS6qYJx6W9M/Kl6XffQSvV+a9tghkCk6fddrd4Zm2DzxJJZ37
   jrdVAxzWoi2oFTLUccS4P/hFje9j9rk3iJRAEpVY7178UvyemgA9OwkYG342DQ4s
   +IR1S059lYjYf0XywFewBbkdLk4Jtnt1ObNkIxVLeaXtZ9ErByUrG4Mw2Bxq/MlZ
   /BEiYdcoHUFPzqMckAqyOrng/k+uTkDs5OBnBIg84i9EAzrfL3iCW///1OMVAml8
   edoavzvZ/fJ3JyClx/+n+Z0o/zbIb0CD61/nT9c+65UMbe8FlZ7Jfu7G883fKFk4
   g9EOnjShWVRgW1xZoTm6n6q2U0cazxQeVMswCe0r5N8+hw5WgW/9KhEB56Yy756r
   GdoIUv2dtOJBBe77EtCLU3QxqfaItSpsgErm3u7pwHFW8t0FbgaoB+Cfln+c7HWk
   5G22Og916iK6k7Xba8HETpcviCtUbKS+SKXobr9ehgBNjQtmUG1MkUgxP9GRKBGk
   M1WnUD9ZN3yyLyEsXyNYRr8psmcS/tHXcpUlTwyKfS2wrNfXUFxUggcyqfkUrYto
   nTN/bThuRWHm1uji69YLvuSGZTdjn6WvPhzG0D0WTaimHrH2LhIev0t7gd8p6461
   Ke9ElGsTojuv+jE4W+a//BDVsMaXONzrmPJFPhHEq+ewSreJCn/dNIy7LwzHNOtp
   RdNY3oNXm3qIQ4ocjo53nEPeChi5sMxmdHTzNvVSl9s3baoLcrSfnSIsczX6gevM
   T3exb0F2ABkqEYLjK94VepPsTVJ8o5JIxaEMTFyXU42em+gGhFD/clr2moylm71i
   zbAFGP3KLDN+nMi2QXmoR14/4VhIs1Sdhs/OdlbsQKK4WBGyRhbcYepWTY0qPFh6
   0vOxXtN/FYJc4b2h+hBTsdrGdiOBYDk3pfKbS4R5z9FnYbP2LYiWjZ7sbUW572J7
   i4tdRsuAdJr2dA+TEk/d04x3xJkxmQ2xIaBmxmaRZbxGKUg2Jk/ndJGUMLih7bNi
   3Cni/051ZtrgXJZyWn4CbawvDIntdK06KetGrrs8CzeUTPz7XOpOucxC7CtDB5Am
   W+s+imvEUX1fGqNoI+FJtevc/pcgrSFk1NFyRQ2F8R6hra70uy02W2Ta0FfFZtgx
   OGboryID8EkpBvEr0rEjxSDzdWnTpbD1RlxKmhlTocft0N4yRfa2MLAuMhIcKY3U
   sKj+SeSfdq+v5UOuEvr4RDuEsWRgFlFeDjv1VDlGkDzR5weT1d1bYXv86oI4G/9V
   pE/86WG2xzyEYrHuUW9/y37EglGUTRP357gGuZvqvLWLo8+TRRWBDHfxUcdlXpKW
   R9ejNA6slpC9Pq7s4cB1zcYMH/tX4o85FCLkIa6PfNSE52Dui5AXo3HliBeUGE4p
   FBBAbc2yK71L6vKp9ld+a7qhzMw+gEKt9bjLRJbSlDiyTvCuisK2n+zW0NZ98ftn
   duoTAWi2pKRw9Tj8csKNgB6XCZmVM0rA0sdQGjRK5L1WFJAhw/tuWA6ZPSXeR59R
   xFlfoqPCKogCImWSokmduQ63dwSrr4rQsvKLRlQCfpv9c68CqFEV2fsIFtcfUAMz
   eYibzi+Xl/t2XDPZ9DYpEopOGcfAXvUqSzqbbcAnvaOXHRcECJGmW22kvqgbDwiY
   Hg1t4LkyWAG2C+5MbFfB0u6U9NVgv3EnPZceDXMTYWhkUu9T7QvyQso+2vaOGt64
   4Qs9he5jL9cLamEkdmlvKhSpJ+uig/1srw8JS6ZNddyCAChKDuVwlW4y/A4Aj7Vk



Gillmor, et al.         Expires 8 September 2022              [Page 130]


Internet-Draft          Header Protection S/MIME              March 2022


   IUBampf6jpzmlaYtkvFUG/X/PkKZYUZsX8XSRTHJ7ngTSMfh6pj9ZjPbGOI8Qnob
   sqdThBen8dLsMS3SS1jg9wqmh1tKV+0Ni0x/xLy3weoC96ujika35zZh/048HKN5
   6104KOA5PiQqmwGSVskQMy8kBZPF2IEOrmQuZUmrz5w1xVGYULNPNhUIscXDGV1+
   0ws5mOu9BHnu7OSy9RjJIp7llfagI0//22OjQ+kwxpaGsSRYN0k9ArR8LiijUoUH
   cxI/VRAa+ELehkMiAzHma0quZ1bztVKd1ISono5d++7W9c68myMreM5IHKI1DMXL
   PfIEvCbhlTOcgetvn/y/6nQDMOTJuzeh1p9un3rIvfVfJtbtId+md3gHa2JRCeua
   tKifW21hk1Ec5rU8x5n3Zcnf/fupeVkkt90fR3NNtZjLKPh+tgvOWiUUztU2Mjpl
   eZ3p1IWgfdLKlmW9Ct2kMXMrEaJILDbC9pWd6lKUTpmXwJSDn2sifPQkfR/ClmAi
   3IUQevSy+HdGEDJmD0lcEr4dIAT/rrAAsJB4faO9oNrU5uJ/gi++qKx0olnMMMkS
   36ZJhczlp7kiZ0mqF5aVGEAwRnP7cOrrViHDEY8bVNTFTiJJKDjLro4w6dbaRPJ8
   xKJgXblHEOCDHf3u91gcKZ6bERuMPxTXcqvTGiRQjRmPgEPUE08ktgBA0Va6QoV0
   1g+ntpIzRmek8t202ITq3Pfl4XW4O1s8MrjDu8U9KatnPlf0eaSjGnhRtJYZO+6z
   vaRgNzqimwjUCyJiuDJjqn6TvwdVZ0P4qCbNLkpBQZjyevAcLg56nQImgBn+KZPZ
   1kPOX93JWxW8jI2qt3xsTdbIT1uXVuPCm4AOMo9/LYE/g1/PLejwMmyCX3mw/dS1
   avlPSQ78JwubirIjAcPz/iEsc+6TRobJWFl7ixFC0fDWW4XwTzpZVqYkcn3qrdQ0
   txX+bV2+6+F/ZMf4OsXUN3RxsVveT99cGMyJyhpWytCGOE5tRd2xB14N2VsO6r1R
   M/ZhnTrBjwmEZLzwKXMhnE3rRhubX3JMgQ42jLEZqtfyzGh3Qz5UOEN/eNwpTTLt
   h0kqu9DX1/vN3MwTYaHHl7MMniZsZwUAlRLBwEUpMipuTOSiDArQqmzi0NFRlU6E
   4TuxVFnQZvI2PdCccF6owNBxQX4jz6foY6VVuXTYaVl1F1ykkwRrwPU7R2gY2V0J
   c3a75TZ7GZq3EZLdPz7yQyMS9iAIvjzgIXvPPcXi7zbT+eUPPEc/D/jY5SUuirj1
   OPy4xxb+yDrtilHLDzvZKLkOjT06S4RLA5CdZv0HLWKMvAUF9Qyb43PaqFNRjEta
   TxiqKyIrFKon2nzbOiNh8W8z404/1KBAOdn1IlMhGZ4b5hOWsY0KY2sCr/rqRJs0
   yxdFL7o4QwtONtfEep6gMBirUEpIHXkqfYlj3nBLuA6X4WkoARkLomRn1c0O4LO2
   oxO8bZSmTNNWtlB1K45DjxQft4huCMdIa5N5hRfPUlG4G+Z08tjZRYMKuHi78Ntn
   SKtyo+9XOYCaiOHnUOzhSd0wXpZAVtixrhsKZJ8BeOSb2HhJW23hoPUd5EI6h0tU
   P8JT7Vfshp6nc0nm5uWc/hGb4+G2F6Qaea19ZodxPquvOOgzw51ts8V9rTlxKfKh
   bXrrAYYVQQEXLw7qEeptTrEIa2PEb/ALsXboBcvxJeHE2esGYFinD/w2k1bMwqaG
   KebiMZTB98PvrrwTfi+mPl0wHA3FmRm4B1IPH18yqgPIqHZPWnKZHyN7D84vn0B3
   c/jGgii3mYui1iNu78cI8l5dFgXektZv1A58e6zUO6kTd2ShOmT8NJkqOg1AACVT
   5n9nfFBF+WLdflN1dFIdxc7Y1XCth1i+RjuWC53vASEbdnzMFmCuT5bh8Hh82rFo
   UbQ2Y5ssuqI6F/onzAh7XezjMGFzDEblF5S4WrGnyJ1EcikxxJ/2zV4lGacEXWDa
   kFvC8oHxlepSFtq9B2b9/ZJSVwy/p48UyJ0/buYFoYwME/FFvFA5BU4Wo4UvVPeH
   iVDV8mC5cH5t2HubjV4332LFKpqSIqA6+BLhytDhOx9I4E6Ns078N5/US1vVZ86i
   6w1yMcTT6SXn4N877apC2BgDR3T/byu34Y2zHUjTW/4YQJQQqFVQq9watpFShVbx
   OmLPa8AkZOmScgvEQKUfP15p7zZXoNpWMMSwTiALbDYiLTGVi0bh2EZ3voRqca1Q
   oSSlHtLoxpSrWtydtXlRQZUT/c+crTac+rxw2XmgfT+kqovdHPqLXhfZQTxdtYRO
   ruIAiWG0TbUUsBEVOqWY7RJjGflWTnEyCNk7Sk6PdFqWz7T7hRNYCbEEdVl4fbK+
   rpxBbmdpNQxY4KQOumQIPxLj/iPtXkCSu5qVEgpHyrBsahu9kaCuU2x6lggIqfir
   xwqzwG/lJNu0NCPOjR2/R3nAieqNy3eus+yXDAa4L1YxdgQixBod7iDt/v1CZL6E
   zGoDoJpm8hWnoBvuYYDbmA8fAkfIq4utPMHrpr+bOW/7a7PESN7dBV4onEWfQFaT
   D/T33gyRT5ly0UWd7Sf/BothnNXSQYWX7+jwkUMR5yCszQCxGqjuBLGE9mFAjnxZ
   1PG8K/hN2jFAyfL8vAs5ak/Ui2eDi3x8UQE3mFRTxvS/irNUS1c1Sf1AgPaEGZWl
   fV35q+7N15gJrNsopoZ/X64U4CzNzk+6114IjbczrzkJqF4xWzRLmMxdZGsJrhjg
   ox3JAAECGdYMfbDsu1TGiJ4J3/ooGsBU/xTgi532AyXGT8Vbd8jt2kug+K7KKBTp
   xw+jRrSD9gW3kcUe3e4hqTxwVNUslt5uqkjFKpMgdQ5Uzlt1kAVKEhGCmSOHGw+e
   8lii+Oc+IggActRBZFM/DMucxfR4gTlVT8adbtODeR6l/nWwQBumEdDR004PgXp8





Gillmor, et al.         Expires 8 September 2022              [Page 131]


Internet-Draft          Header Protection S/MIME              March 2022


B.3.18.  S/MIME encrypted and signed over a complex message, Injected
         Headers with hcp_strong (+ Legacy Display)

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Injected Headers header protection scheme with the hcp_strong Header
   Confidentiality Policy with a "Legacy Display" part.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 10075 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6444 bytes
     ⇩ (unwraps to)
     └┬╴multipart/mixed 2086 bytes
      ├┬╴multipart/alternative 1425 bytes
      │├─╴text/plain 481 bytes
      │└─╴text/html 633 bytes
      └─╴image/png inline 236 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <9cfcaae2-9fec-5aca-9a29-c98da35b262d@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:13:02 -0500

   MIIdDAYJKoZIhvcNAQcDoIIc/TCCHPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAByIMaFU0xsD/lTxj7lo116DStu37Nert2mk
   49trfnEu2mQhv6MAkHx1/MoOvM9j5S/Q1YSfRhF5c7XVgUWLl7xafpFcdxqwyK5J
   BfPzYzqEjA+P/oGei2qVW/IvI5iJkbFD04TPw4Cvfab6wNOnAhLiflDJElxx1uUD
   93ha4H0ng3pb7MBP4wyYCSeCc16mqDolTGCP6ejUEzn9GAAMAyOVK6A5DxVe711M
   UtAdjXwP3Gy4IRYTFfISTD3nKp51OaKSv8g9qQtGCuYdfJxW3eB0BpG6OmBLMiEU
   /jv1oVMZp0NwmuT+BSbkdecwgwuwJgqOOFn/4aIDEmyHyC72fakwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAELJsGfVgEhqvwyS2R6g8/Srk
   JTe+rInzh0ZtMqt+7FoT1/5aaw3JDLnPsncJyVpqrxrWq4lJadCL5ycSUOaspAEP
   RLkQGexmMk27IYrhwXfTkALRWqrH3yvGihyuSwALfMWqX4uWgyJB4TGxN/xXfvWl
   34jTPewe4JQOWGajIc/dgrKKDgQcbiT8v5UYw7d2ha8YpcUxII/t+RfXqknLDfRm
   lGq3zXjwfmve1ABkYtvr7NZ5J1HsAQzMKn9m2C1w69ocgTgBqCHxVHJ8k+hHdXAz



Gillmor, et al.         Expires 8 September 2022              [Page 132]


Internet-Draft          Header Protection S/MIME              March 2022


   L1U5kc1vlKxKklqtviEXZBtDXc1cc+jXEqNT7ZI1t4FlnqqYgroVTvzsSpKMqDCC
   Gd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEB6qJslpRAtedRCD+VoEQzeAghmw
   cU0VsqpEoyC+vYCYkiY3Kbxt4jFIYYdAjPJRd8vfGkNtINaoFODWIXX7QSy7RU9E
   Pd7Fc7zrQ+9FwrrSbxtMQZ4s4Z3cI4COUOMPR/7nlHspkKLyJQ16bEp6Z2GOjn8h
   32kVC/Zb+ibVcKXyTABW0dRCtl2f5Kai4jEtwXlrcx43SLS9NUEMDTqpsgphCS7L
   BHfHSmaM5g/RCX2Wa41meHlkDnQsR7T86qK/Wbna6eOdYL9uyhIlFC8UKZr2PSRc
   1/hFb+4vgubeJtOIpODtHCsTxZFMudj8t7Wusq9KdzBBLNu7afQLx2f/tMPI2Zxl
   ZTjDuhsopFZIH0Lp6MNNCcCzWHVVeY6KlqMI6fqDHL1OcFpWNManOERp/KfP/Gu9
   8kRxF4uM7siFrHjdeOa8fjARE4luXNKUio7DRezkVxPnX2dzg5CLTq0/U47x2DON
   TOmM9kAie/7SxOmbAOmMJlO3p91Zyez6+BmXZlV7UdhvdCf50o+0y8X7sBLEwZB1
   vzQvCRUvJeSm2k51hpNGv4GEA5fKKRQVdAITaCD1b9GJpmiqJmjt9YJlnlM8SkuL
   yxMBp9RDnraYcnrbgbyT60fnC62XYHmKMTOeBz9qMbcW4aweo7odM0DLhMpBEiu1
   308VDGznIH+gPB8l77rECe+mXVIRO+sU7RvOUOurgm0Bh4Gwxbluqb6UF+yUB9a4
   4ItKElEhYRuxIkfHR1rCvAj4mlAFSXjKakcI7wX3kFRTODz0vQe2uX90n+U2N1rY
   ELTPpQhrnZqVSnQEPXEJPDjc87aIw2jkcsmdoKie+lt/PnoG99sF9Rf5qlNvG8rO
   jK5FzIRl6WRk/u8IgGuZKD1UjxuDuwXyyQJZOUq3xHF46YE/0iGTkpcMPBNDOMXj
   CSrcJiq5FOi+Tw/TUBYhjYf+TrR31+cLFGUttZl0af6mfMX2y4nhRkd5I1Sy8TMk
   +RrscOia0g+gWRWfpyDzpvmve5QEJxsLuXv8UC92y0EpR7/OKUeCujGRSU8iPePy
   dqQSJV1kh8z5mG+3ioZdfejkTvlfniCocY+yYecdOGCZEBRdZq3JxLEMInsIk8Th
   W3cULAtziM7gie06byCMBkUuUDswPHLcQJdJJwpZIlnKGv/vevR55tzUgdit8tvA
   oLnJQO/9OYna1PQbL1eUHE1ZhzH8hqve/3iSGn2M61EGi0ASRh74WM5Qrwflr/ax
   l6L3GIzHl/Vr6dLQz15nPwIjgVsl+lfGkagwpK1MX0veWj7WAGm11FJHH6amN/oI
   1pDtSGwlhzakM+QBTbPIQ3iWIpzA9xmiB9qXDfSInpogFMZVKHs8d9qpTAdSbXEH
   Y1F5XoKatqjyA2A2kqQnX3DZNrDgeYsOPpV+qBBtBmIzmWv5qXM1unwQuB5nFEzf
   ciq8LNboFTxM6Nb+2J8b84GNJH0RwQfjyDHU081z82HD1dFCCFbeFI8H4dg6vzQ2
   dRVFqX5wGijJI5ZsAafFLQaxiyViAfEcrnNwbTauiNsqCwzW8VsKLe/+RsvsjKZp
   QTgcJ/3DZVaqJGefNi2i5YErLizIRGA0UUFdPck5iDqWOo1GlR4kUxnQM1ttRxwj
   m0K69dDcqrz0lqCd+XlLE1VSuQ+m6W/p6nylVy0hwcNZK2Rd6V/8CztIKs5hcmVs
   m2YcrPtRB4ZNtMqiRHKFHqX6K/bI+YJSArfVkhJ+top8M4qW3jFvGbk/d9GA+Xql
   Oe4+5cN07qdC0OEHtcO61ZEdoyDjfoBE6y2LDXXVDc7vAUKh52vG5FWLmpgUhy9l
   brHdPnkrIo4hJEgbeTyhP0FSQkKKGv0h/PXBJWMkfYWztltBaUPhi22dV3/MSLBZ
   z7dyc5Ly9wAP72qL3Cd6Kwsz6kvBAMDcqzR5PWvdjkVv8plRuMWKv4UFazpM6sX6
   ruNNgLCAYraByH/DbYU4kDMhCnpcVstZC6InBfMveoTsfwcSh0Qeb118SeqNBoI8
   NjDIDwlwXR8fsWNj5Ek7POrmutwqhTj0aqsNRuXBo+iyUE32QAb+Erx+ukbWlFPf
   ECA/Um/vZyP6TCZEMLCaxes9Yx4XcCGxrKboDwwwKIeiosCzBRMZ+hg0zTqiwYPe
   uZIgWq3in1H3SPJhtNKbWvZwEpfkK/+soAQA6cNkKBemJxdjy0Cdvs4k+iWN8hVc
   YNOeo9wG70iy/xLfmc7QGnlasUAWBkzpuBmcPw0VCNIkTwu10OR/K9/mUUe1QYpq
   g5BR++U0cilgbBuh4MqdYBSmXraC/Sc8V0XF8HMXFqLf63VvymmXKXu0YdcsQmzg
   pLp/eA8DY3yEJqZYramSSUU5b2d9pBRhh/uiSX/KRNquVhIbyPmBr//C2E6CFSG6
   xDFJcYaZJPUIkh7SDDI8gIOshGoJpvQFfBZJtfoVtjP8gGk/pdCyqqCN4/4J5Lql
   HIfNXAqfeKobox3KJLLK4aKUcsElZ3ws7zH+0IDdtq2KTiIZxFaON7VfoYTpZCDZ
   Nf1XvkGeI6/iZ2TvpcE7R/+ueMUAhbOklIRm73tC3KNBjEcTmCd5ogHjnBU//FGL
   APCfDs6dql82nG97yAxLRRVK/Hf6K/wCPapULZ9T2fDc6uIy4ffE0DynmguoIhxH
   0U27dBn7m5FpaY1GP3+y0m6syw99RaV8o2NOpNtu+RPRD/V/V43s7f5S7BcGTdVB
   BZ3Q0ppHpU7UViCCSK6FnEEVYly37vF3uP8LRfJ3ZQ5N8957zXbF1OwUvBKW9eLl
   NJ8lI+d6Z+g4VZn0vKQkgjIp8xhtkUCjNzwdCCISNABMd1ja/N1R+aL/zUEZpM5+
   TC7KFqJdea7VB8LS5UJUINa7SuWuGCUNqAZ8h+2Q0LTCO81/DMQCMIUyUYMZjj3T
   qq0ZXr2KX1NfcjFx3J2Z46xLpIBx2Ui6psXapHrTZoORGGD6xg5PAYQoDfvo+u7X



Gillmor, et al.         Expires 8 September 2022              [Page 133]


Internet-Draft          Header Protection S/MIME              March 2022


   RMxTvYGR0xM3XX2XaxXQYzuFvY0Ksb7aa0WR2DJW5OTq7r1i2CUUYv8s6UUBNrtK
   wgTWi9HvExMKS1a6cZV07S3SDRXUf+ZGk3VROgtwX1OQfx4jPVs+Opp5YMQETKXQ
   qPT9zaEC6bVKlm7ODT4Hq1AA+fPbWDcmdEn3r3LRQaKUFkTHs1pb+IT0xR8N4TcY
   3BsKf4AQaNlcQd9Ewso+wztvmOLHPub5PXrop/1DHap4OR3WfgnVd/7kpboYYsQH
   bx2fHcuX154kCCZ5oajf5o99GDG1M83MJP9YOS1v9yff3ikVVNzvGgSCJhqNNxlI
   fJ5UW9jrSOh1MdCA4nDAZx14VcT7HA/RtvQYk6REMjhpMM/f2mKRT+LA7lx9Dd/R
   wS74z4b893+hIoI+FdQhnzbO9c7LhsJDyQO+e9RlEgZj4Iudic7LPaB4ibtEZfMW
   I2tiXcN7bjfpAimTxDcr7pHgXy7OiAzrKMkeH0VZQUxytxvCdOKqiGpa7Q9rlcOV
   YOv6Qc7L0XeZowibtXMLHQrh/atZqHLGD3RkMk4wPws80QHfvvtJeU6r3ORr6sR9
   +z5/FM9eOQpEV556J8VvLtIRI+NkqTAQ6vn3NVmVcn0W1//JEeixkeXSNg320lS+
   VtgnhKmDIrRtaEX2riy9FfYZha/P4L/NtZV5YTlzbZIz2wK8nUvC/pjWqR7bsGqx
   yVpPXgydzIFVSRdSBJp2kCRvqMVahTPBXq2FJ7D05FZjtpJ02fIiD4h7r2KG5E/p
   GlLueal+1kTw8F8ewXqg/kuX0UyMT3XuWCS59CirpPZfqWi7m5CJv0EMcJvmIqQ0
   wEQ4SxYhxcz61SJMMCcf2LKlRn5yUWOfElzAW+ORZeltXIBzQy6eGZjo1x0U02a4
   SiQvMf2UtMW/TukODEMGyBmfGdj+hTXsbntSh+y4LrTOEbDPMtaIkHVOQ8bPG7Ch
   XZkNkLS/zFMxeP8UMs9kkfQNWsjAYWPOMtLEQkn5DEHL7BIARnWPzzjSRd8+mB7T
   ss+B0SzA0FRMmWASR7an0j6H8LPGU/WRJieuPBUoOcrLj3uY9nUms+VWnv50eKIc
   dc89aR+ev6JTzre5hDYZ+uQ8KLx4XsL+8VTSfTGsVGa45fIgUOFgkJsNqLdb84WG
   85Y+7qkRt7/+NaXJ2e3JNdqpqA3uLCM8TcQrj3fb25AEos4rlFb5N/e083CLTlaf
   H9WcO12oFO8fXM1+uPFieLIjbkRshsWngD5G72GFgaLAAKe2xBRnh8bmQPiHeDe1
   dzs2+kj4LmroR1Kg8yrMTbbQpItzGhIosOXOx0uCWM6XDMrIZV4+QFmdVlQKmtpH
   JHF7KbltJ67EkfhKClaCZNJtSdrcFIRSn1Y7D6Mxain6sHM6EBUkmyL5zc6fmpXz
   8dTwMkebR8/c2mdvuZZv9cP0AVzOH5LIG3OQCkeCyRfwpX4briGu+1Nf2G2YthmY
   CN/UFvw11DQygRunTPMibMlC89pgLHsth3xrah4bqwyXQ9Kka/Oz/XLn5WIEEbFT
   n8pXpcU1zuH09WjBCEoz7kZAVYtov0fAbawJFhA8vyT/DnOdv4T5ZE3KSZAtgYZB
   Ua4DrBi/1b7eJ7ed31kFhKCxQIzglroeb23hMEzRLcrw+3zE8HKm4E3TQjlN8est
   nuiyV2KsUNtzRhQvvh1tlLMx1Kp6C6XOZar6JHwS4F7xGrxS3iVGMrIQzqbPacgv
   PD9w7N9jgnJ60R92OjYH0CveVCGiLO3DYjQOIJYSAqxtP0HN4nKO8gnJb+FLoofa
   4fLkjoe2K1gILv6weolQUvCtjycoYdiV5ivwpwRpuGyujUOIwc/ATZsKrS/NySmE
   /cVFfDNFDhjffynJuG+dS8Z502SGB8zmh3tbZDj/1uwlyqnzHzq7hHN+QdYmUIXr
   /AXXEXd1mgJ9SArtyGeBTrmt1ufT7wyetJ7Y4Uvu5TdLIRrHVuOwzQItsCB/xrny
   e9xD3J+ZZA+AffaE0nZtu4FMK0+gWO6oyZ6QuIXqZSaZtGMtTHCJ6ONu2nMWgifq
   Vm1NvNTebsAS7PZg7FlGGn2OFwzdZQN7TAZtxp0iYbGrOgO/lZc+yKbALzVTQuwo
   4P+1WK4FoVzgwtCUwswgJeCb0bDwYwJ5dmzQo4kxZIyxGYawoXoxvigJrkZqPOIY
   d1ah8s3xzQMHNRt1AXLGOS8moIcBPGXQQl3i64M43bytLOOwn4rJfZb1gWDKVcrj
   a5tVN0unSfHOcgrBSJuw8C4bNlzDwnQMeawjQctkEeDU2DexIq/GtYj9X8//TPTp
   boLHSFY0dcseVbHWw8O98ZCBU4Qd13JC3WLMF75aFvOcnuZZzJxh21R+espRC8ME
   7mNSr36wzwD7YLXxyjQJTHaS14A9GG3kHCvawTb06nSrwRgVOVSsfUw1Pglt/NV3
   WqeaQtUj9zn4nqPLHtEO7vCRR2d5P22ism08Nulu8mQN8JCNqH+qvK2RjOxESFEc
   wzo/AliWVkCROjaYivbfN08fXsN8mal3iL7L1tBeZ3dyNxRGksC7Q3jO7KfC9H25
   XeDRabFI4RmbFXHSdEcb5IZvVRspZps32VSjaFORMztIpqBy7ilNt03Xoa3ZAwqe
   NKdZpuSm70uwlQBVZSDQYKIL/RNbZ1c2uVko04gRvh5akoZMZHbPh62RLzWvDU5Y
   EEmeT8pS+B+Z+Ecy0tCuSUFfwe4IT4oO39SCWWymA+F6JMI+nnRzzbFLgoSK+FVd
   /nONHA59fN2Pfe3eP4GDWVgct78eHOgLU6QitnksyUXn5VdxdJjm4dPZeWEdVyhS
   xUj/RKd20pSQj9L/+i7s9HSFCP0u9fe3mluqOdKLyM7tvpQZBFRpiCDo9U+hKhZE
   RR5Bzw1viLObNtWbatUxLC2xwCfILdsXPzww5mWL5JxsZQrANYtZb9/Otc8QSV5t
   11/An0LYu8dlY42NUbw+Vo3cEUlqkq4ULCMDqQVEwsYaTiOJIFXXfa35Jhzq32mZ
   uBRQIUaac2nNVp9sWGbaRVV/g84g67uqK3ZTrOGmcPrBoinoe9nMC1gpgCq5ke0f



Gillmor, et al.         Expires 8 September 2022              [Page 134]


Internet-Draft          Header Protection S/MIME              March 2022


   Dqi09ofQK7HsQtimRa3oPqa4+auijzi8aeE0fYjUUOenF/YQgDOx0L3ObDd5UiUW
   5XqbObxCLr7ItG34aHjRsiGAml/jVSNCAGIjybVuB2r/XR95g24THvE+WIM0204O
   9v+GuSK8gkATcCnLeHEeolOvHBKYhJy0WC0TkJ16YTwXIC6NisObPeBoYa4sF02v
   a1vzVOx82uzKR+N9nIHtjZXNJ5QohQ1bduPYQcUU3tAOz33pk3tTCcs6hRYfUee1
   x9IsI5AGh4jUoU8CXETUKKjlSDEP8yU9KX5M08+7Opom4VncYgGrGtRRsStdNb08
   m+qa7Im2zgqMucz1A/PSuCwlGrfuSUhGFDmy1GXVHTrpvzx6DG7trSvmeO4WOLnK
   rFezgGiJZTagiQLomXiQg4MtqRAfNcOdkW/+ojy1jdpcukyou+4SMjarHJkCOPWH
   ToE428nTBq3ub4UaE3vMMoZlJZAru8nC1EE5qq/bIHdSVOjTXlw5elvSOUaBfm/8
   nSeQyBYHJtQcqp0qIPbSMMa+IavQPa+DjzNX+VzRay0XaffjspwwWwGg+cgnKL6D
   HKtsqWJNuahAlmYLe4ktql9WHIcJtQRPqrAKcwI9WGsaA5ckOvP91V0nIhIjLzup
   3aHFd8Fa7oKLCPksD2jFNldJL8i4utOs7+GyLraPmQZMfAULwevozQadYi/kV7Q3
   hI/WxFP+2bS+AJgerPrpixJOE5IQRdz3+d1RUP5pG51G6UL2VZQXcOhcta6yjuad
   nr1C3mEY0LEreGf0QMGsnkDc+xFD9vn7pQ7mNazjY8UPyoC8LdAfQXpZz0LpCpWM
   kBMj1VoMooH6FFu+1KQ6MGVB5ycl005mCvwtlqqVW2j337AsASvbulH2VK5PU7TR
   oEX94PUldZNGmEyQGbJGep4br+z4GOKKwlPhcCTKzS4QXCkPSLNluolt9OqDny81
   We6WpVBIZtUG9YU5JBsa0EYHenmV4VGtEx+GrXA624jI5ZPcYvHery3AAXb61SZ8
   HbjZoDyMpWCLiKb1SMpjYUrRISH0Qc4TJzYCchYp9DXp0thekCvj+JsYJuDzRJ14
   nRQKmFVLTKhk3tGDPsBEk15eE0gB0uni8oDkggDAVd4YcnnoIPQErL9Urq6zUYOb
   br5UNf20HmUUVfj6EN14dF1moBHwfKIe1yXaffJ91OkdLfJASZnAT6iWV+EMrTAY
   61tDu3ZmHdrokfuuCBUCb2m+Ruxiy8euVtvtyOy9Hz6QmkfDJzU/IUpszVbxkzI4
   KMopbWaCNq1+bwOq7Cm5KlsQ5hXWbKJcjAUFwp1f0T6KuzZQHXpuscVOHihk/MNP
   lRVqu9hYnYH4Pguyq+IwxJx/lr4BW1u0U5ad4tNpjNvHYNaH88rYxSMXKZmYB1oV
   WesNteubU9yZK6sVCv19xnUCmy/meLS3ZgPuI+AEvVGv39aWDrNTWG8ZE8pom5N3
   eHxqtdJgocgeFzzhAXeyH0k/c5pu1f6iFveSu1VPWRWPunAshICkpBlFIWVvHxS5
   54IwqzIVGmGV//xcYZrl7439S3H6+nCVGUdWJ39/j86LCzJlutdhVRcNNBKAMymR
   hgUeBFPb9cj41p6uSp9vQ3zKtwyRMAEPJjzTeEeOz4YroZi0nHnpQbU5aQ/6+Ex0
   AWXMC17zMPJ1aiqP0gFFjXUDUaC/OE84vok2Fr/1+VlBozORMDUNIv4UCmyZE0p5
   VeZ2SVI2dgS+2EeHM5L0lWTlXQOnj0CMU2w3W7mEGwQVb6su5R5Dze5o2+JhyWSJ
   gcXdY+dgoi5nje2gL6rSx8Ng9uoDKxkWzbqn2cwjNd7fMbGfDApuhKAsK1c35h6p
   n48Mlmlw2hIPSrp9/af/nJmLg6BowhIFJNh6DhdaArLJ4PziwBNDw+3yhzy14IXA
   CfSEin4hIHtri0cONIu8wRT8Zyzm23UzcOJ4hpmV0JQnDYqA/S3s54zU46cth4p+
   I04XQoR9nfN248dxmCUxovOCx8oKodRMg7OR0EUkQ/NhjY5bu3gaTbRD3R8JiiQg
   7sRBFrQAYPojJQ7bg5NsgPjOjfzhEdkW/ALVfSVb7yP2tSF9oVAxyUgMlfRSRg5B
   A1pYCKze3jaSjO5QZuxtohtwH9d4qpdyTMUPuGV7R9GolydLHTl94HeGJ4BwCktn
   Z8RAeSwMpqhi8wkeu+rw015OPYE6mndiIVQUKRuR5bWFSjm2CWXwQ4m7QvjIVjbd
   8lGFKgPnoyWNC1DVCEEc5jHk4V72X+U4mdG3Gm4vs3NzGi7aRpeGFXUWWuIBzu9B
   sT+3qcGlz9s7WQ6eiPEaERS9UMVN+FXUrdrI0xyIw8GxFcCgmLIo3OLJWadiOq/s
   +G+R6Q5AE1lt84szlmIrjyZsURpic43zojbjzFbcP9mXdkZRwaOHi1IGZm5JVOUb
   EkC67WMDgWg8fJ8+1C/X5cv2XnIHzQ0okcvFWmOWHhUkH997h13vLWMROW3lXldi
   UuN/+maQS2grBs30QPJzB8c1cF7hBELFfdIK+GyJk4+Rf5Mlsqo0mMDJRbeA8Fl+
   v2VzU0k+X1aRky/89JLRHWKAfJT1marsf4qIvGOQ0WKpJT//Olz95ONcjFHq2u1e
   OgxwxXeiIvNmPASjl8rx1jwj1FrbMcOAZfNi9j+3ygRK+Kk+g+5QYu8zkCbqoVD2
   MycPrv/fsRjrzojVnBDFRWMX1YIsO/sxYxTAZS67kz9YQDj7J5ulsHNLuc8bn7Rm








Gillmor, et al.         Expires 8 September 2022              [Page 135]


Internet-Draft          Header Protection S/MIME              March 2022


B.3.19.  S/MIME encrypted and signed reply over a complex message,
         Wrapped Message with hcp_minimal

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Wrapped Message header protection scheme with the hcp_minimal Header
   Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 9775 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6222 bytes
     ⇩ (unwraps to)
     └┬╴message/rfc822 1978 bytes
      └┬╴multipart/mixed 1914 bytes
       ├┬╴multipart/alternative 1144 bytes
       │├─╴text/plain 381 bytes
       │└─╴text/html 479 bytes
       └─╴image/png inline 232 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID:
    <smime-enc-signed-complex-wrapped-minimal-reply@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:14:02 -0500
   In-Reply-To:
    <smime-enc-signed-complex-wrapped-minimal@lhp.example>
   References:
    <smime-enc-signed-complex-wrapped-minimal@lhp.example>

   MIIcLAYJKoZIhvcNAQcDoIIcHTCCHBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAIJ1TSnodbIX+xsUfgRTABHJ9Cp7TJAEjB4Q
   8bJ2SJQsuXjbky2uXOISzL5ryCsv37l6n7W+MLKlTPvXIpRN5kkk9mlAlZkCprRC
   usJvS25o/h3x6yb+XnhWORi3hB+b87zo1ysoA7YcyF3Qq9YCe8bkrNrstnxe6uzW
   T+1EhIhPRzZRpaJzXKer4JjxKKJYn3o+pLdsD9/T1sAJu8ueGodVcn3cnDH5oW8j
   9BnAVIS7Bosh05moOD1jwg1taKZu02ycsVzIq7U1yQ/kXQbxMkdc3sCIJHSH7upn
   3/filDlwvHZynaQc5oIrGaXfja7+BlmCJJ3pvCwRg1BTs+2OkhgwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh



Gillmor, et al.         Expires 8 September 2022              [Page 136]


Internet-Draft          Header Protection S/MIME              March 2022


   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAJJ0GA1RKCaIpRJ/hSThEF8Kh
   MV66qx8SQ4zF77Q0N1rgxGmQagbwuJaWy50TKpbEet11elIl4pERnA7ySapuOE+e
   myif7rCxUr08+MyqSidsGm4wSUC9MwRfUC+t9CwwV55MG8ajowtd5WhCKPbStsup
   9MXn5yMTNCMJPMWOTVx8b3dcQIREcjMK06ZF8s0Tv0ecI+FaCP/38Tt5IxZ7rx1r
   3IlzBA5i1uHjkKGPlsF6iYoLafm36gWtCk36g++FRtROfmBa+PbRjX0HNU8efC8c
   W+WbS5fHnf6jx6wgtRgfNnwz/IKBp3OYBhpbURNMRoixDwTk8jTg6nWnFJPxfzCC
   GP4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC03a1ouHG0V1jk5l34aXauAghjQ
   BZBWseHe0tDuv9ziM/TuHvOjqmGw7teVs9nTLzfGBG3tZSAKlVuSbG4eJazVrwQO
   O0G7DWrAtcKbTZ1CiOxGlEUm4wddP9TkZTlZR0jrg6y4zxr45Q23+iE6Wtw74p2Q
   ZcRm90Zcv5Vq6rBThZdK946hmVdfNK6jB2ZQIfZ7ziemSrgxLO2cEx5dLNI0K3qC
   61ZdmJc7phl0+5sH/vMpzzQu93ju7f28dGa0A/fgSkfAGE5PL6kYXLJJK11vl6ph
   mhi8tHK4xGR3ELSu2LHapl+BMrI0L2RF2LJF5qgejVyaRx4NoFvd5ghSATDuzi0I
   h22efX7oFv7AwCgBjucQxgUtmCLyd4hJlzNwGQK0mJS/YyTccEtQ96HqD7+3aBnt
   LFSP91kzFg7n7mnyffqspUK4jxCj1AXohRL0t6EzroIeuNXNF806Q1RZutbv8GIF
   dkhSYvi/MC2AZmulbW3UgPz60Zm04QMVzKGZMNOzNn1ezPShXyTao8iSExrvU1F2
   9VVvOVYXE4+e62V6MYdRgfu8bpKyLvOYl877l8S6Hyua61S1/c06mUN2bQrtQK3m
   ctf44uHVhQ1gPuyrGCUrGzcVcQrvRiTGGJsDSA+kwefN5hWDY76MsTytKnMfqtsp
   59vVlOZJ5mQfCFyIhBttXHEaxUfaJH54aC3RT1Yt4yRS7qBikR9C97dwHbnsR1UX
   cgAsxBSq/lgiajK8cBy8ZL6yXVra4A358r4R0TPeh0r2BDbOyQKvr2kE3YZJfVOv
   9DxNoqf4Lma2NyQCwxvkP8D+na5df4RfmOPSnAWL1lxPkQEr84sHo6im28GNcWuJ
   2OThMF6zKzRxM5bjfdgqnUMJdSXKsb7Akz0dRcF1G/uYCi7mVPn3SCAcmUsfu4NI
   L1lLnwB6/EZf5mtVDe7O4iwmTss/75oYmy9jq62A1F07fsH/bN3CVERJufnKiTJI
   x4DzG1Ndb0QU8vSCCR/RjLMuAPO8y4BEF3wxVkJyhgVHlg4HncmkdWFRT866XRwl
   5BJNrpfOgUXgIwEPRCiA0v2dgCEfpcNkYH7kv1IVTsE7OPqul0hjl0LMVyRcWmfg
   9Ukg1fU8dsP7geg0PDcMt8UWYxynvqoPWYStSiuzTB9cOfmb4h5AUpBB1cnRge7L
   fzaddRtVqyl415a+BFS4YPkC5/+hO9TVpVVGMZ2y4jNXvYU5YK9Ju5ejy3Vgks6n
   kz0kykoimM9DBsrpMdTHnUQZZWLvUSJTJJuxQFhZiY8hsP6tMQcYr60RX7jK4nuy
   7wwBZ/30Ha1xaTDTcXWZbme50tqCJKemnZLOTUO7p0KVK8TWgV71rVZsht0xO+qJ
   CtkOUNN2DybBGIoBy1Kvfbtn6s3ithd3sQdB5oSigA3MAxvCQtM/whtwyooXLWmT
   5vuiPTiiRKzmFf4Hzt98/+tOeXtW64obDHACANFkLAG7dOy2sAOAOj4zG8ykW+Hp
   y9QpwYz5nI6rlps5LieciUSvujsonZRP1LpakSkpjYVFXAckoiw0Y/aD+ZrXXV2K
   qQulnRrvyrCIYT78XX5Z9v0OmmlLHAhmPAwvvjUKLC+A8dg76+JC3NFVAJQs4Fng
   TePrqCLB/qmvgK8EN+15eDZ2IiApNsFmiDJLcQoNaDcMFoGYy4KTNu6C0BsZ508j
   K4S6bZ7JjsXDPtNQWrCQVbmZDpHeksenvytw7pF5ITbfWQ1Jaz/BHYGoOr1ClsYo
   CTI3Hzf1geYFlNu8EpKLks/Aa2P/mu3zvIJ9Md14l0X836tNkYyQjumyIv9fFm6I
   Y3M9x7SGsvNXjg4mihyXgA/cULLcT8crrL4qxxDz2VPEghQLv6FzymcOurgYzwrL
   H9lG4JpJV9vdevlRTrM7oUdIHP/RdKZ3IC7RAHySPAcJZnYPbB/p9WmZfp84Co8G
   cSDH8TvaEiLmesuVnqGQIChqQhccjzHJL507GBXTIgyWUMcifDrtQ1fjS/gjUOwW
   EuwN/vJnH6n5eKiAySg/J8DuAyFt1Ij2aVBJgwZp07mK9jVgEQU4ko1fUyHm1WRb
   ontUaYxmWKARMVAmR9xUTUxOaXQ7G0XwPN/vu6n/r866Kk9bEqfArzIcxIq2IkRb
   A9NbKkCG5gPLBpnzk0tAxDkABfxBTPyIQZkFtzdUmuRKZY0RRwjeP9IUI+gbbKtP
   eVkV817JvVW6oSufkPdDrll++vH9fW4epVh7ToI2SqcSNsj7vBRVbB4KiYB/8fx9
   ZHcsCRZqxVcNpvia9WTfNZYdJCJCKwNKJg3EJ9hD+Gp0wqiRtZsikeMRMJ+M0B0g
   zK27TfSCmCs+cEdNhbefrTiObXEwabpGw2Jul1+djpA7xbtY34jFy/ZblISTYD5n
   6ejtrVMWGMyiRy7f84ib0U0RdPU06TkhLPjvoe7TWuP6jFEeZiZQHeNBVdtC9hE7
   iwfrqXQ4+AjEy89FERTszHE7eA8qisp3wMGot6dfJ8ColUGMzgU2B7J7C5TFLcKZ
   pJC+x/VjGpk2+kZ4lwP3GB3KN/ROgRsdoKqt5V2wmNXEOExs7WGCSLoC0WKZJk4g



Gillmor, et al.         Expires 8 September 2022              [Page 137]


Internet-Draft          Header Protection S/MIME              March 2022


   1OP2udKMTCvAUNqS6tbZK7amGEKvuEdPWqWEMQCa4DtURbrX/+r/0O3Kf/0MLrVv
   LaoyH/qiTl015FLYR5hHIx71DY0umkqtOdUxf3CRBeHD7OmH/wyhCDts2Krp5h7t
   HTEP6WTB10VglfAkmgVzTcgdP/Id1ObJZocu020qkZQeJBfbDcXM/E2FR4wZ2jqy
   mkbdRho5pGC2LFc0cH68jDQ++2QqtPoVYhV/k/eYU9DL+QXRx2VvCrliHQpoExEw
   o2ucVlbAo6TxPKvv01Al2AJkzKMpoEfyKWy0jHulNB08dcdFcLNG5glGaIqufAck
   nkoR7r32bweJ1r9hAgEX6cyoMxBW+318SeLr4Kkmk0wigq5bDTrXh7ahqZzmsxv3
   091DgmSzILxN1x7FK6K/yISo5FY2x8WUZqZNz++1tk0aApJU6ZFTaw2/Aj+GwK8g
   lS+OgI9obXun2mNyqEYZWaZ2Lo8zVhZ6rkZAsQwVL4Wz9OuL1Ko68fp5Hv8zFmul
   kS5bh53wG6qEIgAUg4P0E/vCy31KV2Nz96sN9/B2awyBQ0uVkhw0oAq+zOGUl9Tq
   uu5i1ps9R5iwsbF7oFsZDCg6Mp+I+kTAVvEX9Kt0/d3HqtXMZHsBZlbR3it5evm2
   dqxeY0djL/WExfZrnG/CH1AV493f0NpdgkYluiU7gX5gf9jadWjOdmC98XDtPJKt
   eFG6wXKv6O3FJuATpAKhLZDkFrtX34cdQmtxj76UwB+rCQQO+W8Ax0v0HmeEayeS
   HDSKJy0SbgWm3np98sH5N3pdpYQ21WD7p+0M328r7LLdLj65vP/vup58rfG6dSM9
   CCpNNHLF/qbmUhd+q00PoNmXPWvgqluCltafTWrBl2Ibu57yEzfePsoeoJAgVpCe
   X050lJphnl54RWeYHy6Y02Lb/aRDtu9m4IxtmcOHopKCgXZxiIhkmTPQlCeAmrmE
   EebmFvH88R3WcmU+QxTMmptpdUnXBJX3+8dSxojeTo646hFV5r0JkQSQLeSRb3R9
   OMm95sO+v7c1aArJZzT4xDnBppqlZshaa7ZuMl+pgmx/UEVuUyhyWvySjDQJMW85
   crFlSVGO2u6WT8LAUtUinMj+WolVniO3mdx+MS1g9MgnuvtM9vRLPaJ3el9g8jWt
   pAnJzlN6EYfDSg1B9+Nq9aGfagMc/6vRTmWT9AyG/DWW6CCSddK65FedsWzvpPej
   pVfjJP56fu9dH3jqWrLsvaQLyEpuc3ArCVzk3FaGStcjsQadQHkgYNAYaGmSK5PD
   N/cbht8G/GfBGpGAg8K2wZlk/VBn/uri2mTgtBVu9JJ/jojHxSmRNjrYrAFMSP3F
   Q8Z/iLrLzZxYuDn9KYFlv+OUfDDmriaHO4CIdQ1G3MUq9+OMdx+IRB1ZiXeI0m3U
   StFOVYb1nN6b5z1gW/ZwU1Wy9Vl/1AyHcuT/+m0TazayuRqhsSjuEkC/zpLwXCMv
   72phlTGLP6PrwqpUYF+ZSADFcrno+Ct2y1yEKRoWcqcT4++J9fQLNZKGkQTDSmI4
   KlzKx9G2T8xPFlmU8AT1pkWkSP4TT7yROEWplA+aS3VOZGDvI0HuPmEKh0ju2uWg
   O9OEGfOe1JeElOnXp9nLFPDyJzVRzbPgzBANSmNTIGtWOkTNZC6ACKv7wh9HHZn8
   pF0iugZ+O8N7O9qWj23ps0dQk7GSIGYLUII5WC7DLD6SUtruum9ddsZ5BVDNfg3v
   0Hf2gz0M8cGlKKR6wUW4qvK66METjvJoKLoZwQyJIYZKLVr+B9ZQtUBhmhllJ/ju
   8VTPIg9loc+X5tt8T/FKa6kvd8/ELN7UQ2gLoSdC0pX4vTQrU3pq5gs+O8NXieFy
   Pmt51AYkPPdqytfTrrsqAQHbeemxIZ4R8ZPHoM6ObRC0ciG08QVpSuR6vdOLM48P
   lI9AVIQk0U56KJ2NUIhzfBg42hk0pytEBwchIfbEU43fkVoEmfzucImO6DIU8WuA
   nL1NxrT2dLrFCQ1kSlsqvHMc5NuhU9BhUSC803rjGPcNA2U6DMYr0omT/A6dgMMX
   vKOl+f5ap76yzzQWNJmiVln9iOWj8W4ULXtOH9XmzagAD/2SNjbZarEWLDhN69RO
   LNaIW7QIPYHWCccvQMtEauxdmfJFDxCZSu4EY2TC4x2YdOOWNb/gjH9UIxz8dowN
   JDgcdo8F/eDg2hzpL1SlkOuA5s00AWZR3UNJgGRikZvqvadhbVlQs0o/g5Q7eU9P
   P9AO/U9HVEHJMShOO7NytGUVMilwn7V8yhPwoScLmusnPHVqAfUxhrXWY7jHYN8N
   Puhk5IYR9hpxQnab87i8A2HV6d2ezgFAk6CDMFwVFqfHN4v8TZHRfBIXGilXy8uy
   NmzQIi/4AYD7ZkgXB1p9mThbZoKZSErCO0opPPwjVGwjGBew2yoIPWwxRIrlHhka
   Y0QuWrLkiM+WYCKHwPuvW5mtyraBX4S++TmWSPCzpMjH7/TJUeYGGC+4hOaYPMCZ
   W/bd4htjpnxA3gQk3cUL4ZJvKRGdV26vS9JE8v/A5xXv5rALMSO15+XQDPYxBMu8
   ZQVAiqeu7kGyTd7ZqT2qwVmmyT+8R6fiRLouuwpl8q2EKpQL+Qec03o4Tl+aX3/w
   5kyCl1eXg3e9/TgcDxlwEvGKF3BJWbethR4HiX/J2/mTWk0qcq2GuqKEQ6USqA2u
   65isAb+WbfwRcdPmkDRhthOg4H7IwZdLiviBrEzxImQ0Q+XZrV8CAVxKJvg+hiD+
   wc9YfgK238F5vwIslHc0fdGFiuAJq51N+34k1lpx0uLS1x8dgHO5e9/dA+PXwvfp
   epqFhgNRdu/3NdBseYlohfGYA1db5R9BGnL0A51T36zX9tuo+5jtrAxIIV2QFOCQ
   mapV5wdB0kL7R9hA7sIv33e13nN03VAmKQoKITpynZ/giTCYdPpw3vyinwqkEbp9
   9rr6gafwig5d8uQ3FBv3vfFJYaOo7edP5HR0Qoae1VxbKV3uX4gLOMjxt57HDP0i
   KV50cSAQARRvrdHAiPh64z4/hSofrn6rwhWIqu9iiUHdgTPYZkb3pkknG8ljo00N



Gillmor, et al.         Expires 8 September 2022              [Page 138]


Internet-Draft          Header Protection S/MIME              March 2022


   1bL/42EH+6CW+JTYjjWx+vHUi/uXMYBbSbR6pT5rxVnHU+SnhZrka8JZ22gKSnqL
   lnWrB0RfW1dXnEfQCKTPhuZ3jbaLiFoxhjzRL/BkDvJw56NrOHGqzchNF2MvOGYq
   iXPx6Oa//5p5qe8+9ZJ0MwWPLbyXzQbwJp43r8027H1URNbBr+VY82FlpA/eIzwh
   M/al7XH4rCdo5n/mdjo/owmTOHEBvlslr0g7Lk7sJHHm/XWk6rquNPF+fzKtPyTA
   FMGMkMoHRausqq4PFgzGkYNwly/l05bLSnvkSE4R/fUW5tHtJsEsMNLjXQuHAHqR
   QuRtL327OMulL/GCguKpCZ3OIZYfrPk6DSkS8c6SujU3HOGKeo5w5F6QTnYamgvt
   T90AgoRGfDZle0bBv9LOeWFQsv0sOYSpuo94p7PRHefDL/MiU4KpnJBabj1dFrch
   3ztE8PbhbcKAhwPQ4pfciOPLaqWAZzfQUIKDqMtTYoWErWDcgZpQn6VyXIK35MD/
   j1qRb3FvMlU9yGqrHBuNMIPkSi17lvglGdO1yS+rSjvDo7yxRkr+obhNXghroxlW
   li3kZwRaj7n5TguEtnlFn24rdoHuO25fVmrynWZGnblQMl1mPqk4CPMeMC4GuvBF
   3mnwOjYYo0S4x3RpjR5Ack44X1PrRzo9kd2d8UuPYNokIrhSyFUnzUj3T/U6f6Ud
   VwEAS8QqdKStXyMnfGidkaF/O7PqdNxLYwqcOgVd4bln646z0+f6IhoqVNMJ3Nux
   ftycLJHKLFS29P8JM6up1OgAJMIt2MJA8U1MCKIuPTsTzKNdoiQJnPsF3JhsMkjn
   qSDOZTGcgjJLhL9x/E0kkcvHXMwdmteY+jfmNXsvUex4AneP4I2Qo7FiEFHYs+NO
   00VyiqOu83P5WoGgqP+UVbgdPMS6lkNTavqO1+xoZupgtUERmZW0ntGs+dzxBlpy
   jFPP5xP9PGcOkJ6vh8DDw8hqWE28hDPnf09Nz1YT2G8OkQOm6hbfzGVgig7aWWhP
   0wKAXmLPrG8kKBKzL94kqEuMP/V9T72lASLv6gs1pHJic7h7/vAqNyBVmZFCRluh
   C/KyDASVZoUovc3phQUOA9+5tptQ4rrPVtBJvq9vyIqpuO4ny/GL0q/QEIim+XSA
   YvRd+owkDCE/Vz78bt+oNbHjdEJDvNSe5yjykCiw99pB1xTrlRgs3hMzU+LCjHYE
   yZUGd7ufdF/EK27ofJWnJEOmQ2luNcIqTEeDEU6PIK0lfSV6GIk8tGx1HjhoSE90
   OGybZPh2W+Tm8xvOG/VRihnUxHgJop9naLiE6Rdx7Gaqi3hzX2PR/eMOHJ/ctpIh
   3sxUpQWpQTPmxTGTjtguuJiRnwAMFOVHHx5xuNrJAehpW/5blrDEwiisB3LjKEqN
   8zmT0JWJLcURAqT4dXT1z/JDfjNxRWv3T6cdLbntfTCgeb2CCXYM/BE4F7ZrKnhX
   ERVLUEuHASnFQhdCt95vtGKAODdCLrCyB7wt4Q40Mq/2/R+MFF0JKYoT7phsNJC5
   RT2X+04ljr2FiCnF34I5cmfkX1TuzcUCclCJmzKMwXbaTTlSBoo9vEUedA2+sBU0
   /hMdr70zJmy1eZyi0j7V5cwutEjsxUHBCXYBRRm1gZuD2/6uNF5SeMwqIB1W6epu
   fOcKlfHSij3NzdLaCeKnWMMgzJTfqq/TeMVrsgl755bfj7XrPl70r/Fbl7I0//sP
   TttmqPr6kGSfWk6RxWu1wVpTJrfYKLmcuKfNIte0PAsyYww5NZ2wfHm3ahnfPzvT
   sUU4s6FYWCL/GxrBrjyJ4rseMZ4W4uhFhXOd5+HefFM3IROX9JteuO+FGsHNl8ut
   85HOSiEP3ZpOGvmsge6tDtbUH0/VtVS3rxadPPLQcFlM6Y/7Qg7lzH7wDPc5Ra+S
   fHpw+vGoqRdS+ffYSn3zjjnlIrqZzKZU0HhDl7hUbgYcnX8KtpCqTkcDDIeGzYrf
   nFaie4ASWfljorX8DqWnZ3SzwCp5yxkPWC8bn3kmf5F/yWP2Ioau6aNAYXI2H0G/
   q5zz1A4V3NzPdvmGxgclq1JAEu3k+DXnVx9JXncAVn/QEfaXhcOnsPV4Jwp0KJ8t
   rI3AbNhuYQ2wGgPiphnrrA2W9dU3hZ0Nmc7cSNoegFb3Fqd+917t9hcGBq2AJkxW
   FeKuj8XvMhcLS8sWx48lHp73ZNrSKGPD1NBQC96iUjLnWJ6ZfWUJiErTHwnRqfa/
   4+AhmYuP0ibIddFCkfHI7pl1NlVUw5Gktb+86Si0QSqNcuIdNPa43VCvgGCFcwoF
   NuPHFtfkHzvOe+GV0RbZrOgOmByYxVcGVpJFD/mGil5nhSdr1PW0FZ5UovRW6d99
   P53zqoDgzKOAcIs3ykKkVtmWY1cnJtQanH9yE94cOHc4VJBO9kZK3SCRGw7OZPsp
   HeAh+cHqRKckLZASb5MMVZAhSp7AI7bimxJxDLsHWKgUqY8468ytrzeeKUCAEd/I
   ivpZOmNn6P2jxtk/EBKa/fRyfT/virU8ZWUp50TgGYSrD7MBOW2kW0sQODnjpxON
   FkelUOPPVaJ5cEeZuqRsg+vDOni2f0RBWdEgoCnn2MUN2bI3d7W15SqTYEZADOzz
   /YED5L68ReWwAO/8jJOiJ2ZKOYSSe2EatJzCA2nwMG528CtBNXpQILZjohg01l7O
   S80RHRpRB0VuPNQyXeSsL++1bPfbDe9GgYrExdCDaS1F44Pa1yID8pchIdQVAt64
   ticmexkGwt2so1ihPDfr4FTH0ZC5NYKB+1WOk22WbZ9VroGp8KHhwOQXjLiOw4QV
   QSa8PCulKbOEcx+uesAJjQ==






Gillmor, et al.         Expires 8 September 2022              [Page 139]


Internet-Draft          Header Protection S/MIME              March 2022


B.3.20.  S/MIME encrypted and signed reply over a complex message,
         Injected Headers with hcp_minimal

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Injected Headers header protection scheme with the hcp_minimal Header
   Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 9815 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6250 bytes
     ⇩ (unwraps to)
     └┬╴multipart/mixed 1946 bytes
      ├┬╴multipart/alternative 1148 bytes
      │├─╴text/plain 393 bytes
      │└─╴text/html 488 bytes
      └─╴image/png inline 236 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID:
    <smime-enc-signed-complex-injected-minimal-reply@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:15:02 -0500
   In-Reply-To:
    <smime-enc-signed-complex-injected-minimal@lhp.example>
   References:
    <smime-enc-signed-complex-injected-minimal@lhp.example>

   MIIcTAYJKoZIhvcNAQcDoIIcPTCCHDkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAABVM3TokL/MB1a9//O9TymFiSM57sFKquhq
   3EvwWIqXByQQ8Gfvfi6RyXmhXU4FV6FngXgNxgrBofyJLSvSvfsyDiAlREdaGgok
   6sDANNU7831pxijGUNWEw5vlE7ILrr/WH+bFuw/WM33gB7EVaOvdZ+O3mRLr1Mw+
   P13Q6oXTucozDJGmjVo4f2gmxnLbx6xRXeAunl31NU1V8Cxlo39a+nXLd3D9Yz58
   i7WUxFIEcm/2VDlKr/MzzN9T6C7Dlpx3O498umpq4hXvHx3l4vhJ+O13AuFqpnJe
   a05OWrBWkPX3UrMiuIttiHkTyJkH0ry6gN4/HlOVhMPgcspvC2UwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6



Gillmor, et al.         Expires 8 September 2022              [Page 140]


Internet-Draft          Header Protection S/MIME              March 2022


   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAI00unyTOrapnAw86gBmKRZ+M
   //uPCpz3/XHYlyyokmrZ7VGCt8RdGjsn9V7qQyTiSKboObYqYSTK+Sa5Dm5gg7GK
   B0Z4ulUg6da2v6ouyOliW0FWUf/cap/Q5nRxN1cKizfqr542GyCMYxHZVjwY+i4V
   yTfZoXezLkki6LHBlZh5jIw4wOZn6jAeAlN/geZ+u9ZDWNblRhFyjSj7298pi+ig
   o+E4SmVY3W+yE0lF7t9540Vfdq1JCjN3mljbCZlXqEdsMCSWf108NWRT/H9NH1r6
   DPFtHvXbUN2XTXma8Zq3EBsoJE2iPsVH90j/LCTk8RRwcr5xp7oeUs+8ms7npTCC
   GR4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELhRkgO+qcMaD7mw8JnmTf2Aghjw
   gIY1Z/Tmg0UvmhbF2WIlG3DqXoUB8tUJF0hUF6f8jq9/D0o8dbAAcK4UTUcFyHC5
   QMH/Em+i8wbbGtdnywdvENrv8/0vl3AuBhl38bugj2sUhI/vkcZiKB0FkiBQN6E9
   poX4a2SaH7CmfM1CuYdYYdi1wynVXHbPAX7OzCMVXEKvFaOxSO/Btc0qJhpedowP
   kwLWygXmVmpg47xqCM1G67pRa2bTGs35vFQq4iItBv7E1NcSgxIrnKJjxUGxUxwz
   sjd5ZpDmYfumgQKvud/xDrfFJIYJ7wrOH5aAC94T7evWcqQ59Iz0e9llr1wtnAFT
   625WYAWiPdcaIU4UAfi2MfyErXA4+QXUtWOBxrs48S8Git3i0OXvhIdFTBu5IUC/
   tsV8TtH25IFyqdJX0hSgU6ICQ5Atmbr/oEcU/7dT1KUvQCm7d8f/4m7diix2vGuo
   q773cAvSpUQ1fKcVrzzjVkHP3eY/AvU3/gz6238S7MSMaYEWpeTZSm8dof0kamDr
   DQcS4S7LHYNlIXCusWoqEStecMTbLeyVQeq/uLqUADmBZaRWTEmnGi9ojRynvzEa
   +9V/t0NSVGf8yav6jcB/1HO3p5T3K1otRWSQktfuEUuQbZw5hLiu9/lVQ3HlA0k+
   4ZHllrd6shUbihUktcsNlnYjNieeSHzoJlfnTVtjSakVmvgJNsCOvl9OW5+YZzXF
   whYgJ4/QpsbSXB5STxFJo0F/JDKjR78FT1ZDw1piFUvkW6WAXJftC3NmqwoNSSkU
   sVHk501VRxoadB0y4Kg3O7XrQSbQIqZocJnL2aYNeiwD1ej7NcRaZmB67ibEibZS
   7gWvsbOJyNZe0mG1tTjlhw1Z263GeaqJXkmU+odvMJwg/zPIFDxATORw2Bl4s3sC
   YRs+c8rv2CdgX2sKUfEcOztT9ZOOo84GirylS2LxuUsA1ctypzNPFdrLGP8OOxt3
   HLZ57Jamzx7I0AZwxqyh1eh24jyGlPsAqBPM6a+dK2HsZe2HgqAfQHS6lgPx3gAK
   c4ZacXIffNntFRUWVLbSQni8xT6kherHh/x4Jip/bSDWPuANpRx6QkOJCkHPjuoW
   i1Kveilu4X0Hm/G80Nwh+eQVk8RDPnhRBuqE7jLY1hVti/F0OZPLbyEdk8hIN1sv
   FMeKqumCMk4dIr8jP8NeMOhYT20QbvO3aU0w6x1MZgnDxnesvupxgPETygyNd5+j
   xKOUmCRaYmMU/TqGhkxYTN3LwSLZpeqztz9wxI4l/+fobTOFNBgcAhguLD8+NO83
   0ykPnfiK8yoRQKLeH4KdFpzSkzmZVdfZHlDJT/LITxUnEWABjtp3ozx74N6YJ394
   vme45v3uUmCJjcSzmQXPtg2Xdkh+xmF62Yb5n4NjUZ8ajxQqaYOE80RN+A7J4TWE
   c+NSg1nJYdUZnmnYlJxHNkI8iAwlLEir5Khi99Tc1dMCOKfoVzvb4drq8CQhEjPF
   ikP6skclyTthVmWx4EpyEKAws89MRooylF7DxpYigByznws2/6dithCOMsQ1UhlU
   ph4asCh5uuPIJ/9n/nCNCnC7j1wQkb97WjfgFrl5DWUcdTIw3LriyTBphW7A8JpV
   RkWiwtlVMVJiukGu7HsDgLTYDTDd5SPnaJxerrdgh6oUdaeLtgrEPJbGMmepHZbh
   STiqxKPYHzycYSz/imTHs6ziGlaVuVfK1U3+LGf39E3Xgjzy2Jgpd9sPAIYXuB7i
   +jW4lI93rkMg+RyUe4sNO9z0Ciw8XCQ09m6a0KhAG7TY+lAHfSeTbibAWXAOjqBt
   docVwG/zA0mGOPflMWPtTEQxk/xXP3opo1wlrEYdeVGNFwDK+byECjmS0cHw21AZ
   WPc0G1SbX9Gxd6MJmvDq3swf68SBWEkCUT6FzBHxl/tqx9jm/afuW792zsqXvzIs
   XfRpkDnHVBDqdgpkmfbjmE84MdpvY4Ia7rSQq1bYqgzpuXEEjNFR+6qO1siDKFEa
   hA8LPbCBr8YT86HGMWavJ2k0NmdDqKQJi/7QK5Dq6pN5lJZZkJFCcysJCYDW7WXo
   4HiX7QAXLRlfpaIxXsorcxidMODuXxDAh7YOgFisV5WzksggEsoZJrc21mlchFxX
   1MI9Ashp7pZVyspWA5GhKXjEOD52kEGaZM2F41JFOzMwF+S8jgmAYoxKehWhIZ/n
   /6nkBCxfe3N28PhGOs5UWiuwe1D16KBndxnnbjsaTiT/tXYaD2U/7OPOF4Jdngfw
   1zONBR2onlQneBnTp8uSsAx2K9IJ/kFchx3tJBFVzcWE9shyW8+KsArqe/HUEm0r
   LdIqiFnXXZsETa/8MLaIft0mX7k+m0Gpu5wH1jooJuopxARH61kNRKApdjqCodfV
   yNDO+pIKp1yBy/Ryu2S3ur/Raf3TuRxU3aJzUmeLRhkezJBycRbbyibWYTgkwSXc
   u8HnOaUv2D8Yr4OM4c1WQbOXozuwlIYq6jun+v6s+G0JSKHB2cyI+AG7gSDS/JEa
   VDVrcklkt+mat/BDHSidprTXa4DrTLWUzGZFYjjI6WI5k2F7Iy8wk9LBdl34tkT6
   okv503aW8U4e4XHDQ+Xqrx5NxTUV33nTChsLeS+cHYihaScLo4xQXTV8owWqPBZq



Gillmor, et al.         Expires 8 September 2022              [Page 141]


Internet-Draft          Header Protection S/MIME              March 2022


   jVAVBkfkq111DCp4Mpfe5nHWKqdXF3eUZYDpOsdPz0MPKHIcjifpxFlthtmkV/io
   L97zVJ1TN65cHSZOQHg256U2qvB6nmJhxFP1PhnVg79PEV5G1AdmNVwfxP+oXkGe
   JvP8I7FNBC4Si7l1tEyfRupEk4jajuJZTH2KS4UXGnfrHCeeacCGn0nacFvWUXSR
   mE4cvwYTI9A0bhdNPFn2QnTnazNWBkgXI1/A76x6H3Shzfs/bm5fPOnSyObWFamQ
   /te5QwG8W3segOlrKd5y2OJPdn8IXG945KrJ9htWRXlxihI+RRFSAwJvD5WrsS2j
   /LlobmLNEYcT3o1+mQKj9P5yJHtRfLzQiMzExSBw1SPG4uAnUhaG9bfXP8BbosZV
   Q5wXBA6QmkzjTB662M+8fUC8t3ictgC1Sp4abIUNlsVnNrn/7BbjGK8g/G9s8HXH
   mhPVUrMzOu6r74ZCj1ErciHW2ViJG9xaBp7cRerGeGORuQyIgbQSe1fb814D3Sz6
   dxtB9z6Pin08MDfD2eWsAnfpVs/6Hpv6z7BBjaOiisWMuX+eN0Pr766iwjpsgeLa
   fg/Pkmqy89cJ6kn5I37/lJrkYUl537G4VCPq68bHUatUTBSSrczNRv2D4ircEupi
   aHd2RiMiS1iUiYERGqzVXQG2cKzyolxVg1HzmDKJX6DtRV9WhvSfgrRDYR2/LGG2
   KDQ+JO1L+wwYjb04XGjmiP5Cu7zJ+r41GwSMGZS7MNNXkXpvoCdF5tyzbVCp/gSi
   fApUNNQILq2HyD3c4fkcH3hUpE99N4OmfeNizOrns9oJZL1DScma3eiR1bj9HVaY
   pkTdA4lkNeZhLGzg1leyYrKfq5OqP2JROOMtXQ6/QzlHowm2b+QAvVSME0a49mop
   YIQ06GBJljso76394bD/h9Xm/JshO8Gnlw+0w3QjINBnCtDzKNxYqbP3+APTWHjO
   qRyIaGd3StrluNjbNsW2fRojm1Nvc7eJlnDGpecnCfcimLCqBK5dy6Yg3IwUDeQ1
   iz4k2RzUM0R4NKzuVi/t9iZ/1jl7NTRgQRKGQ5KDjs5iVKDgCHi97iWWqaDSYYh+
   SS0jyzgxBDyLT54/cVYbPEBKaxFQrNV7caJm6ESjH/IZS4DKUaw6qlTgppL5KMhu
   wrdyv5sgT1gWTKQ7uihPK5sHCtk6pXkwLoKPtlK+hl2DHFjUFM0+/ZJeqflmYrDd
   VpkrSTATGYIRwm6xpmTZ9UJxyBL/LtUFWrzS1HhdRm0voZW5MmNtsvag/OYTjwrA
   rjUGUotkVX+RP97OjOOnsluJ3AjPKa8LwtfvqqfLYKXkm1hofkoh4CR2+bmh0iDv
   EzXj/rNsg/8IGUGxrAwmTzFMSiw0Ek2hdmfsyqNXY2yO1ixnd4uzQfNjMT3Sozeu
   hVy7GjtPshtut/MBPWvvpBSnLmBdqjF4S749iorKESScUSaECqXpip/ebdRLV7eD
   3FIApmFsgxYsLBEBRsN7Zs1gFEk9P26jE3b2GVvdlTT7QUz90Nsta6x4PopCOUTt
   EepMDpP+/gcjgZuks3rAdq4908+qX4i/O26C1FF/VyUIFVBpq9BlqXFhL5c2bq8C
   wky8hOs1hyi6vkbo6HF287EVAi99kIzloZNWOe4J2EX+a/OuVJqI+EI+wAPDlCMy
   ERB72QK0PDXqo8kpW7ZG2Y6bQJxnc1HyL2zu5vMcrWs8Wj2nRvuEpf72ScKVKgJE
   K6hwd4ms6LEtTXg/Eo0qT1HdbUTtvqzLZNp5aMfeh43+j15f6MiapGpwcC7ysoeA
   XnkS0w84nauOLsrCqXbmxHVBLPzqKbad5b2Spw68mqXu2n4ehKckkYfKJBhM+M3u
   lbQz8Hxpdp6qqZ8k0lQW5s2ICrSr2Ecs+pf7019WPOkbMQ/zCtX7u45jLHW5eoT4
   P4Q4QUH5x1Owi+3j12dqsd8TkVE07SsJ/WO8Nlvi1WInS4bpjnHXlX7Lze5U+sZy
   /hwzlg/AMBmYVFG1vpgDLGu+uK7qQe90dNlNqcF6JR8YZvcUc+KQApmXOJc7eyyg
   Mg0l1DaFWaOUPNFA8Px4+zWq6j4R9WDKAdX6WutMRfQUZdDY01mB/S2A2ASTBiIR
   Z7/6ss/Q8aAq7iFlOtWHD6KoupswIuAy6aPdUmSL1cwTiuvOppzazhv01RwC2JWN
   9hKOo+TQe7bZlSXDiPHEhh6TdRhEoChJJBSSwiA3wkfb5d2y8P1Gd3WZby+gySCb
   lgzOcu06tKesa2Bv+/YIK1h6X6FobFQDsBvfpleenUqNqH2SnrREV9GqU+40bZ/K
   rvrKuRaOq1ZHzlBStWiVQvfgjAw8PwvpS6BVLly1CtVD0u55MiTCadYxAJmHfF8K
   FE+Agt8f8JKpVFcu2DvsQ3tbU2Y85LFm+SNzEhZ2yaDmVvSU0zpMKDp8/uq/Y0H9
   08TLriiMt8eEqO8Zr7/02X6fCn3i7r2RtYzECBikY5LQJ9R9hIWRIYykEwKLDeEK
   YfGCqtKWnKVRH9dD0JfFYaok5jnJo5zrtazBipDT1wq/f5QAvEKapOXR6U/bdV8q
   ITyNJVXbXunZA2QHlopJu5PkH3Zf9R4awUpoozPwagjG7t3Odl+p7j1Wdn3ODTzD
   5jAkWoeEw8OAu4sjp7tCY8Oh4qcGqB6pdhdMOxbSqiuQ8DpM/frLnCn9AXgavnlf
   7QSEZte1qEWoguQ0ZhMHeFLf41D/CcjUQ6ZiNYTLMFjVgU5oKLrxC6YyADkEt84z
   X1vniPeE09HXD4AEkC4SZv0Td2pWLGvriWTXZQxZA66rbMVopPdbLh7R6S8DZNej
   FsUlTZmS4X7y4hfT9kG0daRgboLpS1PtniXSsbrRBxd5qSRtic/3zo/7BVkl+tn3
   lQO5dbcLpCWBlkugz/gawwa7saPJcy3H8DKKsguEetNDevwejSEazPt3drw8aYnk
   2eVKnpGmAOL4MjajHxea63UPKhA5mzEJGaqMvk6ZjTpkHMVpVsoEhcDIBgEMMTsm
   6MnXBW+uXWtiLi/ZaCRAyneogN1nhsPp/IiQ5iz6VHqeO8EwZe4OYoMTbfWSec33



Gillmor, et al.         Expires 8 September 2022              [Page 142]


Internet-Draft          Header Protection S/MIME              March 2022


   my2r8kJ6FdYNMQsi4RbDf25edVOzZCwiAUOk4VgHWThZKqbQ5PMgx6NpCgOEmS57
   5U1fXhdFXvhiC1f7YrPtaaDspWrD3RNYhmS6EUZ+rh2y7oU0Qrqt4TLowAeiODDm
   7r0ib2e6B+0EzeUsQuc4j4OK5lVuNoSHMROQvE/Vbd29nz6jlgw6IlTwOkCl/Uuq
   M9CywwguyPoThftSFUaTGKAjhnYhuLEOXI0iSNfIbcceLuSARpcwUZuGd82Rwf23
   17UvrNguK7U2HrHvMJ9DbVlELQIEJBEPkdIBbaejKLxLSVrwSskjZis9fnXcqSy7
   kAC8nfTr0aBVk5RaH28P4qRFEdROKY9SNKHrHnhi57scrzcToYVgB7pYykc0hgnh
   zBdSxXWOTgBvOPuk3OY+ob+ZSdQ4pEhs10U8AT5V7XKy+SvphZ5CT/LkcIvuWvku
   1RwgE1MFpAg+4BDqCAW41sGea5RPALHIwiEkDu1a217gMeOVFCN3QO34+/yYoTti
   W59mBgVUABv2rbmL4+8KUAXBVpx5XmE9SEH9w7jOaCIX589K+gn++ea1PZrbuaQC
   aSlUCTbV3tlJt8SNYVm3pzqs34GSKEz54cWAIVIKGOdPLiza5hc++HnDOpBbk0ss
   Fu4ertJzRwxsdIY6NkV+T3PKinYVOUhWaE9AfXVHl+U6Y0wV8TD5ZZmY6gYNGxAY
   +elu881wblovSNVfkka9rcVD0zyXaWVZ6bXNxzJiT/ctcUdsVdiCYWY67RiwCjRv
   Q4GE6JpIdviPsr+3WpVlggXDHUfhBdaRk6BqaYjEHJPwLC6Xcpp6tn6JUtajKBEv
   kw+ry74RXm0iPY4zzN1uo8jRdhMcRo3QM43B2ny1UZrA0gvts7jFzdbgCQSIjdxC
   PMZqLRrzoJtOrfBEtrT+Gc1Zv0XU/FWtdLguk8FeAiNQKHESoD56t43Vu337yo3C
   c6xXtOPMXb4Nov4nM4MBzYrlT0tk0JqjB+egAnskd4cNK5IJGaJWZLqAOKkEFPPb
   wMr/DFN7Sk0ilKYocrDTNI/5SZOvGzdW+TK3NwwnNEfuDKKvlIGoM5aDZmC9wUpJ
   INIVDIIWT/jtvimk6uHShOuoM8JFGRcfA6wXmxmEzGiBPkucBE37RLXjU5EGtZ1P
   OLwjYFevCtiWl+NhfzZAUxnf4Haowxao21hXZiwZ5Lj4N9VFiWaM6aW2SXhYOmUF
   T95mjF388hS5yMwC2Vd91uN39BN527R3VUKT/fKQOg0HwfERMfdGPsm0cvPfFh5J
   A2KK3zhIANF/hQh8LbIQesy3gCe2RYLwQYuouT0gh9sTx4Pn2LGxuSdO6Pm+Iuh3
   Ve9/tOxxFOcANPrMpS8W2cTMTCi2MxN2MpAu0ITu5VeUPkaptdHBJnM8YewRGHJB
   tuzGcPIkuPRDFtPu7vHTPJXZvpbH+MyvCyGKotSI3lbOBo7PXgMMfS2mR0sn1vb3
   gKPr2p8zMy5YcX6Tf9zecEr1GVNC9WXGzOrGz0N9jQbDZKbXVyI1sZh+AjIw+6x2
   ztqEbXNPb2uP/RSCqciSljodg+p+P/EAQAeT6C/AsNOsSkFtm5P+4//QQId+MdI4
   MufzVlVbtHwJOT+aNXwYKa/ahFwZeae2KXgSELroRoaoe/qoiOR+apq6uLG8FkM1
   OtA27JRz+S2leXCeX23BrKXYmi96dN/E7Gd+qUSDa8OGDnq7+Dq+SLKy2WwtTkLT
   0sSBPgZCoatFx2k4F8FnBr/USXQJJ+97iAWjqTVqbas/YvzdQKey4N/ZMrMq3oAy
   q3Ei5pEo3Z54zQ0qGeNYHl6OW68qU3fTlTPlqUOWRrJoalwxeLRRQijHa0IxwInj
   kwKKht5zbcACm4ExqUYKbsQzZBBp2HzIXiWYBRnWUFZtho8KME4rjkv2useTcTIb
   dLwr1gJj0fhB5vBSe3Zxc6ct7OI//SlUKClB265o+ocbQCyiLNLwMyLpfIkPPGUO
   R06Fw0gNEelvEuPwI12InP4sRTUOP/bH/MJFSDOE/hCQNp7RPtQ5Goa4kVAQvb9h
   ewEuo7Ky3k+LsTjNWynhVlwIM2vC49kVqE1D4sFZrCzjov1ufxhvOjlYwpL7P1Gw
   SZ4a4GGDiJr9weHvOD8Jgr98Ulr3UDPxF900Ucvr2289xC5Yoaq0vkAs0HOAusd9
   5Jws02rm1aE/xJgMoxDyWphpHvLXQMGvRdEdpwHDn6LgdXYUF8dMFOxFXRsJWRmR
   IhtW5b/GPamGHJrE/2967Ow0anuM/jzV6DddDaUlNj+saJa7SuZDQqs+n1XWjxH/
   NBPab+4Wrlr3eJJTNxHkg+p92zJVXQqpHkZ45Zry4k3mRByws8u9NWQ9Y+3oQyKS
   cDYd8gDc5yv4DHZXcVoqHrpPSdc1gtTDq8fdByeeM6B9Q1aUF7Pn3XeV9fNkApB6
   6fqbecdqyzoFyD5+zjbD64+XOgsxDRGO0GPdnj9cAsXVoD1sG/iu9yyWcRdIgfL2
   2U58BewyeOwnwdedNn/NiChYwJZpbL2G1y6IfZHrjXfbRsMNPuPi5ETWNzixs4TP
   jCiZ4Mcs6Hg8mTLcwMs30teCY7bJuy6g4AxsRWDgOhS3VS0uKJDXtkYYIsxor8/7
   o47xu+jpQaqXzpCjPs3NPKQCXhHcEQLgTKQ1XQ4iTZDDisBo0vbt/5M0no9ZqrGA
   x068PKdPRefVDHkGOTDDTYMJzDi0ZsSZk5fCgXf6IurWeWVpB5Y3cMf+hIwmJnMZ
   Hb5knGHlz5BRYXLFBvJTf5kGDxKa+najrOZrJD0CexsFWKVo1NhfHOOH6ba7srmw







Gillmor, et al.         Expires 8 September 2022              [Page 143]


Internet-Draft          Header Protection S/MIME              March 2022


B.3.21.  S/MIME encrypted and signed reply over a complex message,
         Injected Headers with hcp_minimal (+ Legacy Display)

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Injected Headers header protection scheme with the hcp_minimal Header
   Confidentiality Policy with a "Legacy Display" part.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 10445 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6720 bytes
     ⇩ (unwraps to)
     └┬╴multipart/mixed 2283 bytes
      ├┬╴multipart/alternative 1455 bytes
      │├─╴text/plain 497 bytes
      │└─╴text/html 649 bytes
      └─╴image/png inline 236 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <smime-enc-signed-complex-injected-minimal-legacy-reply@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:16:02 -0500
   In-Reply-To:
    <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
   References:
    <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>

   MIIeHAYJKoZIhvcNAQcDoIIeDTCCHgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAHrX9uy/oQe7y+9tegYXxu2T9sAJqzKM2LCf
   sMR9WNLx5AZ1A8iQOHilviTas4EvYkPgJzfadPRq5lF98h1MGWaCpvYgKlbyVdu5
   ubwR2pIkRpttWRULid17OwadsTnbL539iRWWzWMakKPEh00oSsrDAUbE2INawzzs
   H/ajSTjtFZoeVtwRH+c7+WiTsK+LO2MnbqBLhrIUjPXq753QToNcUYbj4iFWtnku
   gUFfdkhrcwmzEzOmM66L9kwqvnfqjpCbx8A5QOsVYGZc4nuXzgY4F8PYKtrGwq7c
   tLX+CPJ4X2rqH3KoqhhRu+TfeVtVR4RQ1TOPlYyFdjlGDqHbAC0wggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAmCHkN9nwaIBtxA0yYkitWt8D



Gillmor, et al.         Expires 8 September 2022              [Page 144]


Internet-Draft          Header Protection S/MIME              March 2022


   lJ/Tj1uocqIubp1kShAIee33NF+5T0u7bNLseaqu5urdWlCk5z4Qh94iUA+En95C
   +kpTNvWtXyIoWgRX6C/TSup3ETM/DE6BpdKTM0VvzV3rNAkvIVzBocTYnULspM8L
   beO74Vkw1oJQzvVJlU3kDA0a9s7R999SnfYwO1MppzK7fjnKswLkaw7SpkfbR/4t
   9ogphGdg+GgskkFarJF3tJtXRik6M6HZGvvsognVKJCdVF1EgLDsyerBr6WhvJk9
   oHoXkwb8oXkJ/UNqq9Xu2Ymg3G2cL4bvgHqLOxTTtg0M4uYFrqkren7v07yzPTCC
   Gu4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJN4/uWhaPtLhndZalT20q2AghrA
   DzzcVJ/3c+0CpoBDEH/meyCF1mPrf3+qcrvGwbBABAlrKY6u/r2YSJskaJa+GEIV
   kMO+ImIqUfW1JtOHsT5xCOyU26TOkyFayWIPSdoewTsmUzbtv9jovXsuBAApDy9S
   jjKhe4Z+A9mJoWZj4vc0Kma8qvWY7gWJoKvi/62hiycutl2ppRGDpucRgTpSM4Sj
   n7GVlA1gSO9od9GxQ2lbLYRx1m7GQ7ChVQPEYoLOENESrlel4Hq8+0sCcNw6cP2J
   6wiblt0DfMkIHHa+ZJmKJJ+JeNmC+p4saEHIqsPm6QVQEuhpy7T5TEw+dBrm4i96
   PrsB3jO6ZoTBzih0Y0UBccnul26JMom7QCmo4voFnhu0ZTh0J9E4H7Kf/g6oe0H0
   NdtjqXvFwEmFyp+C+c1X9dJauWjNSvyq4mTbD25mtg4zKh0bHOtFP4fEi0vPRaJF
   x6N54uuJVAWSjmV68nb8POCEqPJqQKyMIxdWvfEOtd1FLrExkxh6S5D6IB01Opon
   7lrFDkHIAVvZycqZ34gItB0ElH+DEmIUr2d+/slzztYY5X1soQ2pkAPXugtYMq9j
   VGUFOdv9piFo5g53FpDJAZKSYFHtSuZblvc+8ws3Fa57CUFoTVSzSbGL+1dPTXCB
   50zvNXsmiMSpR0wLKCrSdi0fCwrKusHS7XOI/A5hoX8di28RGmR2gkp2zmPnbYyv
   1xLSGqQ+PAS8nNMrDNAVS7oMEab/avu+0LuZqcaQhADX+jwApOTA2MC1B+BxvRow
   iqdE/pYUh2BqZRePd81UffmR6PQQMCHe3HQDfalo5B5r6o5AIpkjoVw3bpWgKwTz
   SQMX5O9K/pjEkMc0nvdLxOJ/YIn6kfJmlc+Wn+8QrmTfejOMiO5Pp8TKAdGsIl58
   2bizDK857Fkxjz0dUz0Xi/5hCZxTiKIDbdGrUjlRL6PsM0w6NFgGxct08G9r0u3Q
   kfE48HI5EVs8Tvc/w9Gchy51CZ6zUWVXjuhkUHUT98teTvmLPRlDctrrfDcYD/kJ
   woptpWkI48LzRZMRfKrIP7MorWT6vcrZl7SRleAPGmd4Yjsn88oiPgsqKcd0P90R
   HnDJFpkHaFFl1ezy5+dk/sE4tY8xWRFxsPMVfp7tBYwQqN3x3BfuLFM6/7Afb4FN
   xGlIH9iGCBmfq1JPYk0XAL2oVy5Byz/xudIHqSqekP3+26l1MZ7kQ+3swrKXhx4+
   MVBvg5NUlKbCBCmIp+fGv0FDiTo/ytc3kQIF00QgQ+ZiZb85Us/JzHw5jfwhIkYz
   D/RKHPdhvbTzMX7+Ta+KthM2WbZhS953R7hWbTBL0lKJYleS6KPjnvlcGSouFAd8
   WP1WowObD4agmewE0AGJrXn99ZpzQaGyQnTBao78IkBrdqkMc//Q6SLGPbVRTWJm
   5Pyz0NEn8sKXN4xT0mbHM5rphnHUz8CcfQtGG2YfiloqBWrG80xY0WDKeXoU8Lp8
   nvbJL+ltLc3UdpqTuQPH9TtUTJHFPoiXD5ka4dGu9ciFv94h1UMGuqD3gueaHGLj
   Dyy5ctxAY2RVmC0VSgXrj9RMKNGSTTWPb9ysZegl5RJA9zioyPSz7lIukJm0MOD1
   j9UK6gTMlWxuFcaXZZK13dfkB6DsMmctP7G+M1bTCQ96beE8J4b7Wl1w89Yd2pgt
   c0Pa5xomT1c1sA5UTTXvetX+F+JDrkQT8A9jEZmFgW4R6xJ/17X1gYOg9YDqZUce
   nNqLBH1nwXJ15xrGNo778M2SR5sNCb3rKHOzT/xtCXqg6kbvuynAPwJfvur1CnsX
   mj7+2HHO83UJk0ol4BfUfXMZZLY6CdwVEqRgtVXTR9ImEUkcNj1N2hZjFND8CEad
   p4LfJ3N6YgEWqT5BsmJ1TqJ8ipZHSTpC6C10h9ejsAhs7MvMUDWVOTIzXuyqCNgD
   1L5BdMUR4NkLeAo+EDS/T34gJCBtwHg7MfD0ebVbMVmXdtq5JR29V0RauWSNbIfq
   oc+ophaLmAovD/HByZzdeDFr2tSKxQ76xohE42HugOlJDl4whXHbFRlvhM/j0bMA
   JJ4sYx+U4qRIYOlopa4uQTpLqbjd9xgWSR3eQvq1l5cpL6rH4pHYHHihoYmcy5b3
   v06Psq/uW4juVo5keQ+R1lyii/TMITHKdNZZvxfaA6CMC1aPZxS8dkhgWIf+OfV7
   VKX93zUvWUwOGNnir/JDPNqTtu4KqCve/pMM2WyATwvEwmwQnwfNOV2tgHTkGRV7
   CKMmteCyuOsaLOyj2HlIZhFg5i9573eMXQpAjJAVFJ6NccSjJ9USCeP74EL885m8
   cK/T3aTTyXs8w4jDIj4LkAyNnnc4RAY1lFfFLMaGVEmO4ELG9MepFIGeNV9ek15C
   M9JpvEoHHWboyzqvddT6az++vW/D4F1ZCQFCwVGgt0bgOokcL/5FBbP8x7QjzdfQ
   RBirgQr2hzSV944IU+x9nzhLPcs1y31BjjKkKCgK3bL5PsjRz1wd4CxBed/qkQfC
   5lgaX+mo7p9fxnP1g2ZUIImv79ERuqHo2EL/RmlmpKFtCHeAxdbcPaZNRLzhvWjO
   IN9XBlJqvEqP0PdjPcSPiZcp/RXVviRlCWa+GVFhJGymvKtn8a5pttqRBHQiYoni
   R5E+5jd/aLdS8+/rwmVjxou3QtYNHi7z+kR/4IE4l+Ih/Vemu/fyahAAqiYv837c



Gillmor, et al.         Expires 8 September 2022              [Page 145]


Internet-Draft          Header Protection S/MIME              March 2022


   Wmewk6Brnc9h1bIDwsngS1uGBSPHiIcK4wFRttqyl/0DkIukpoBjqyqTWsDu1Z3X
   k/lUrO+nP1cSzmD6FoYtag80yz7vqzSpk35b5oMf0oLxQB8nAEaQge4Jabxo1nuq
   H0NIm9l9yBC2RulsEibGcNT4u3nLyVSetpioIEN5q+HYuXVNeprsrfeMNmAFSfxg
   fWETq/iRyF8lTChlI/lgUFSYjd8toXthEcsbC/rABnMrNAslGlsVy5d/wE3J0er7
   mr5+vSh72veXZ7pvkk1lXu5Ued8jXHFJ5Z8tLKGs3oQrcx7TIa+23/R52uv1Nh84
   VaREBqQe8cGcAIQ8HcwhG9/xcc5LL/yuZnWbZaJe1NKEhP0jaRsxxXaT1pIUO46B
   L3LrvCuqfRVWklke31XzmkaR8JN0QyDGLRWDyTtap786x+XefWKoejbzCffSpnwY
   0cqGv1nfuf7BSE95cqhq1NS4be7EapwSe094iusmLrNsINSCDirmBmDc3yt9HwiL
   NdJl1Pwuubxgn7Wv6y4jhw+gcfO+jnkkPnlaf1Dw+EZj0R00028dbItWmdsMS9LT
   lvl/lhox6fO1ivULgwbD4UHawJpSZY1wg29Bh0+EyPUCGUZyCBGAfHAny12j9Wk2
   B/gZ6d5HGE0XwGTsguOnNnFP6xyJq/kRonyBfvukT0AQ6dCTquBnCwLFMfobN3mZ
   pwniDmCmlz9XfZ3PQy7nHp0MvQhFEePu+0r/SY3PsOOZaMsBgVt3tMurznmYRXx4
   sjrEyzQ7k8TAKhN7a2QmI66++OFp3HKIkOwwAAIqE3zer/cJZEu25GsOESlfZzE6
   9BYcQkelF8GGFjgL0DOu3B+ZNsEbE5+Arjjvy7joocRiaN75yFVwFzPwCIEHfzMs
   ts00Irmy0nhznA2bMt1lR4cjJZdfWQ3XTWf9/6+4ktE1erstISjvMBaCJdIrDTIC
   rgNOXHmLpj9D/EqNgtQHdSneFwIiq90xRdI+vDU8kkf00tG8PvT1DAcVXWPEMctk
   PP2SrEStVocHcrh9joSrvo/UcIYQMrE5DFJLkdSlfuTIG5F8KwEKWIx9++m//r1x
   5t18KTDQMLrM2VzSvyrjhuqRNAR7KjjPZjyFuMA6s9GMj3WR/HxKGgQ/R2+oyh91
   9Gykf7oCZJbVd9b7amMwUNahOTKs0UFAmdbeb06DwXIg29P5LM65IOSs75xRQDqz
   Yx5wgxrxLJeZmYsHZSzfFribNZ1IiKGWiY3qjPy+hHbRVS6yeRvMj3oHSo9p9feN
   rjFfR1K5icZf18Cyob414ampJqisPWpy8hy7muaSzNnFnIJ1MSpqwsLpGBahia8A
   5pwKqysj9Fh2PB1gSOuoqx40b+1eDp0ZpHUcbkWdXT7S8SX299ipeoOetAdSyoNf
   UIbf8dKF+kUHVzKjPx2whDjfgCxRgn3wm57m3ytJIEWJNIhRz4SOfnyBi+PJSHCF
   ZgLirMJ1LiXoXhps9XeuKyxW7uBGiGqWbpDmC1k3R7aEN7es3mxJ86ZBs73y1DMB
   RVp46c0ABaXYrMFCLKZ1y9Cy4Y51j6c6H3ClaC0yp90uERHUTrvO0bHsMwNDG+Yd
   s5UZXZPvj7/Gq2nStN32/1b0GZKxM9LOp/7pidZDDwALawHsasewceEDS3mNccVG
   DxBBcTw2tlzLNkGXKYdnPryyeBi7IvtRy0GbNGzaRmrDIP4wcwHutGBs2VZVp70X
   wAij44z1G8/tFCJ6FIYppK4WKs6Sa0LmkpAyXzZEa48CQ8VbgFWb5fuRw+mR3dVP
   GtJLTrTtqXe3SqD819fwaf98gWT6iNw5mQYVHwHkMEj0/39DVwqJsuylK6FKI8CE
   WHZaOmFrn+8tekEdwBVSBFFc8dYrNSSYSsAKR6Pt5w6yYq1mj4qcUy7mwlhGCVkU
   /MBZUtSxmt5xbMBOFhD5aOvFAr4dGUnE/vixJ0b8dJ9O9GGXCg7NQUMZhswH/CkI
   3Xzx0M6LudHZsYPwmAeYVVML0Ud4v2zUMRaJQw0mxQdCIeae+DcDr7z0hstApqFz
   w3gkrgc0rdiC/yCktzD3NtHXT6MEdsNoXkOTCFoyW24BiT2QvIZL7XK2K04tQmPg
   KR4YgOCK26KO6w3xs2bOlqHJvljZ0251w+O4DtJCFktBhwiUnB/BjcwrgD0wpqeM
   fUejPndVXg/SzM5XSAxO0kFZa5/UtR6gGHSJ4KYuA/LL+82pglGygefxL7OGAfyl
   VZz0Hj0RPMozUkkMOS8GKGKVNOPAMOtrd6MNU+2NryVpcu5mQ9ZCcIqtruhgS8NS
   QOfP8my2x93TF/1OX1N6S65sHpjFTVDh6h4W+q21f7R6Ri+M0qiuxKMUrLxlrbY+
   A7VsQX1ObqeS4uWt9WRlEZXFO6IAkYFUPMDQf5XOkX4h29G2+QBvd2tx0IcGU9b6
   kez4Peu1MkX/6fBReyso+PPmc2rcQQyKByDZskE7lYNGg1cPulIaq3oX2tVmVtB5
   kHjuLuFq4tw3UB7eYO2G0JnibQAC73+tKME+uA5+pyLi07C3RfVy+T5XJR+EQ1LY
   BNS20NxiU79Y0F6NF/uL5pbtqTJQEItvxQo1jSwKtvDBwLE/2uWfs2L2PPglKkC4
   Wi3myKYZR8j4U437sMF7XP7FyD475AYUu7xn6UpjuBXu2gTl8PRYHOmumaE1pL25
   MC1fUoiVyWjRZlIa35EsliR6GOrDhgt50rlCy5pQuOrzG0e5jj2sKkSkg33LQCKC
   rzm/YhJdnnGHarmPuR73Kj3YgDhvz0hGEUmeTFeqo/URfO1kKhcI8aajfLsHrbva
   yLduu1tV4Rz80ny9UHREdNkjV6kGeMDCqG0b0YKQmZ2U7lyo6qegNXTlvpURnnzq
   nbaVtyQqJugGvZA/9lbAxEka+xWLX2VeC9RVa/RaTuluRS4TRfF2EzPfz3s46uOr
   7cimaZ7oITiv5SygK2K4oM2a4OPCOmnK0GQ07suAVmMtspZxZW4zELOMP+xJnWgB
   JzXDIIWAOaIR3hEYhi98y0721G7o+WORYi53DjmfYaQYikx9IpIY2g1jIploNvVB



Gillmor, et al.         Expires 8 September 2022              [Page 146]


Internet-Draft          Header Protection S/MIME              March 2022


   DWh1FuEk1pZ8jXyhNRAmbcMtSYmgptFcE+BDolDZhg3Zc4ps0Wjcg/c7A9sqNf87
   3lCKLoKP0UV6M6KRvat0AjLaVmwfNvQphUQzOGevQ+H0h+7WZJ2lCVd8DxH6c7Id
   m60ioaEHfr4OEZysB+sPqPbSYPNZo+oH/nIGhub1AQ/zcXSupFd0S2lDkStCKkK8
   9W2xTfgiB3pB6zf5n4T+S8/RXXX91xfvMk4NWvdlKDX7N7PPpE00N2A105SXQt2L
   pLauSBWVfb+YOIx072R7gHWo00ZogqG+M4HfQAGvUk2P5AN2FcEn4nn/z158xwJd
   YYWqWajg78qja6dLNhoY3mPupeQlLmHAru3NfdksCwpoyAnhEFAzzrzku1B1EZhT
   746Zfiu6nBF8KPW1Zxk8SqFwYJsbXe4UJHL/2Pn0UCoqI55YZDBT9xsWhwrHMvXf
   mMrvGQ7iKzMTqY54R8LqHF44NcyXIdaX8rP7IguHq7EVNTriJt3tW8k4kjaq4EsU
   PkPIpQabENvuHdRolaLRAnq9PXJvjZW5bcM29y9tR5sMrJ5pXDOHp3pLZQYeDVWo
   UzRwKRVZ+o3rraTNc4BVUZ1rGwfsbI4AG8AesgiVgc9z03xVKjNTLYOWZOq/wC9p
   enRMyKfTRteRx99FzrqVlyrkiYZ4Ol6DT1QorbUUzHArZG7mwedLIs4YyXaJTywD
   Qo0fjyfEkhnm5TvUX+K5FMJjzGlLs9N01sXDX5dkzBm8Gd/E0mSZ6wZ4cp8KvVmN
   XXgJyZQjhr5fuEahuLzfumxjrYS4yB6nrmfsMTLxfRd9CI29YntG+dyOrR8mlAu6
   QTgvfiZ4m4BZuznWoAvRPCmBYfOaoqOrZOWeVp0YPPFs4wDnuMXGqGtflZWEkIdJ
   HmJawnx5hzcRemznAAXQ5NTu0kUfXFxx74ar7bfPFm8CdnAfzEEVEjdfbJHm0uv9
   sTV7Yq1EB5thCy2ljjZ/3d6rkUp/oFvL6L0XRBApGAVFVQYj1M5XgsMRLZDz2VDy
   UyBUn2avhiAxcFEiuhrhrZOEWysP9VB6b89OBeNuC001yKB6YqcDaiLRIyKdTfAu
   87jH247gx/yX40/35ePBaSPjpSSdW0HB30cgFNfJguDcAAq2aPL8BnXCtQv+X6cd
   pKrFSXu+a6IJc+77rTCEJXCU7KANqQiRJZDjEzVsIt58K3jiYxx5bGsE9w4BTI3p
   7BwaeUn84WxI60Lnc4ggWQ6UEd0Wgsn7G0ISVkkVJFYL0y8floa8yucVPSyYn9Cz
   p5CtmpbMeY+fJ9+g3f2szBylmLy3whwC+Ac64U7PoQdIxTlJ2cRUefFLdwSmrdgH
   mu6KSA31FhANmEl06pnQ9A8/mRwVBEU8k3eg+UNZv+19JRaOib3uPzgZ+BeLP5nb
   wKg1054R0kLFafvTooXvXI2HWGZe8Qlw+gJtg4U+hAspgubGYCqQAcuh1taS2yC6
   7v+uhGluXu7z6CqjWSsRTytjLXngXQCvoJDxv4LX6Z44e+mw+S7BSi7Lr+eBxVYw
   5Dz1JUokGejWlF5qNT/l5dfB6nDZoYXYyG/Gu5w7siTu8+CPpC5cifiIfq2ttGH7
   s8nRZqZEOBKr77EhFCOUrQQCkYtiiGBldczWf8Oe1E75LpbXNxfWXSxH/Fs8gJPW
   17xridMMCR/wvMQX1SLtxwAP0BnkbtGLGDUZzH5CAv2+5PG7vbj7kWyNPnXWobps
   jzEd957txPQ+hHY/e7jwW5IpQBrwEPMaC8pZ+INDJMMzFnCWv/1YL4D1piMMuDmn
   r/bc6SdFGe0iwIu5/FQlRzc45abUlpwUOctnxGt39YmJhxc4PexJ661mY++9ZF55
   8mrlf2yB0O+0+RmS0HL/J9drHfowJak+pveva+wQpy6wLGaWZlByZoVwt7fod9Vu
   Moq5/gBGk7smRG0aOuV55I1YEMxSjNQcYMTqsI37TV9GHsCmdQfULk+J5IdTc8Bm
   MCSk5t03BR4OFAlr4OmQQvRvw7ed/TD7Xk6tjttJw+hrBzzy98F80J6sQW1aaOzx
   D+s0nq+e+JMzb3pGh+FqVaiDG0oEp5zgcY9SU7cNAx78VUtEZdqgxisPW88SknL8
   cyMPqmXrjlxd4XY4lwVh57RP2xiI8TU4bJj5LBRIiUXh3R5OHiFFSxxVHhvKQEuS
   vV91GIqkneNiB+xY9U3Yd4pGt/VShSVH6rj+s9l2uKLx82mexYo/Vh9OnqKVwIo/
   TGbGIbjAUrjOoAGsLwV9AvOTAqsALA5FLJmGm5PCfSamUpDR6ksuoM/eWywoYa9U
   lDqlIitNd7hPOmHaE6P0sBIg4+zWEB/7yV//xCXqafBWJPmfZg+HZw/nUGZ2B2XW
   0qFDl5ZTvgJ/V1I6D69QqZrptp923AlHsAkQt9PIG3vOac7M8EsUMGzSVxjbcR1C
   ZoKKzPI7f0WYpSz18mbQHbRuyLbyS4FCCiPUgIPcsJL3abSFDSgJTZpVXPD3ApLa
   mePL2wM4ETERs3M8adrXJTTU9I7ApThgMK0ZtzOBWOfVHItd1JunvBVyr9snQ+c+
   412hVUhi24LTl0UeqXH+KHclrZH43eBaS4UZk5pQMSHG1GmX/ctp8D++WiCt796D
   4ey4odj5TI02nA3BJNd4O89ZTgNkL8MAukgJG9kX+IDry+Nl8PkGzLF9W1/IMcqh
   QutsvU+/3BIz7ZT5GzgLkYhKSnlapoHOX2eevqozAlpQCDbPmBwkaf0kV3jxkIIF
   APK3119EiGPaqL5TCBXva7mG4dz0fAiF4eiG8D6VZbRZ+o6MscSIfDo+x4MpSD3Q
   dWoz3qPPwmHBL15sUQjbb3fMlOuY+10tjTF1zLjTbdmK2V4nVuu0vu1EGBij0/xq
   uOZZWD77iJ5EBZbjBowi8cq/HMGRvWMMA1BYmfUpdXj48WcQ8Ivlba8os0HhRBKG
   0iZIlizxkzVZXfGsBFQB5RWX0mxXnOobwn1QVYTxVtISxekyBOidef823n0n+Tpp
   H+Cd7IXiAvdttcUBto9zA0ILgt6VPIi+mXemGRsyUklMpU9vNx60UFS9KeJ2bPXA



Gillmor, et al.         Expires 8 September 2022              [Page 147]


Internet-Draft          Header Protection S/MIME              March 2022


   +/OkxdJfwCVc0i85JvCfVHVdeYTRgou5A5eTffCqau7YwRYPKi/56AUSB3hUfMjr
   ka2lxki6bwcrP/Vn3FEEn3g22U77+RcPe3wm4NKSSxrpaA0PZqIvKfqeTxn5MNI6
   5YT1l8+hLJva5dc/Yiss/fMRAPfd741cjkd0Vc6ezy9LYIljhenC8ut3oJiBvgcC
   7rm/ncD7aKXHMmlo48qTwus0ujNw8rHVDOMtGtXsRU/AoKGe+mv/XKV/owN8+sK7
   9IYXne5CD/jMn04I2sWzEyP3kP4mZnNcpQFOM0vIZNs=

B.3.22.  S/MIME encrypted and signed reply over a complex message,
         Wrapped Message with hcp_strong

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Wrapped Message header protection scheme with the hcp_strong Header
   Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 9750 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6210 bytes
     ⇩ (unwraps to)
     └┬╴message/rfc822 1970 bytes
      └┬╴multipart/mixed 1906 bytes
       ├┬╴multipart/alternative 1140 bytes
       │├─╴text/plain 379 bytes
       │└─╴text/html 477 bytes
       └─╴image/png inline 232 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <38a0b7ba-76e0-5351-93e9-f44877e20e6e@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:17:02 -0500

   MIIcHAYJKoZIhvcNAQcDoIIcDTCCHAkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBABoiuTpkWhhfblL1RCZbuwLzmGm3w9XY0fj+
   SDxw4qBddauIERLO6YUM7k29IGzo5RQXEr/+QU80QxKUEp2vjNSnGqGpLAj0VEy8
   TI52mFbeqCPJ5LxD7SWOgmI3i4tuUWcwhlIkwj73sYwqd5pOl41etK8yVIBDqN1D
   uOwTKe9j9zyxHO7gl7GtWB5HJ5jAYmsoGv2bbg1T6JxlbOUmFwgV1R4g+33YiMin
   sjuHAZ0EmoFH7o58au/9BOfaVrWjOgjAdn1bJps58tByZjaBYekx2FHjhW1+Zi4Y
   sF1FEt1eDjxZ0Bm2rpaWw6ZeCUz50YnkymOS5mC7AT9biJtw8mgwggGEAgEAMGww



Gillmor, et al.         Expires 8 September 2022              [Page 148]


Internet-Draft          Header Protection S/MIME              March 2022


   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAY2tgCqi1NB7E4JtYGs2o2huW
   iyP3292KYFjvg29uqV7CkkBAasq/ejnunH/LBQQOGZJ+lratSdSqrlTBUE7PVKO9
   pr3izAQpj7NLTbbT5ntI+17+I9SCf3gOiLXOq+f30/IAqXcLG+JgoSIBIiMitzUf
   6dsiRa7g5mDvnSd18mZo85Mf9tPs2rGvYo0dUzhlVbCcmUmW0qoGVvIFsimm5URh
   Z3o/hDSVhaD6n24mNEuQqLcppYhcGWK6PAF7lKsqspk4RUgtmK8GyqX2gM+qg1qy
   dklwTPrw84ZEi5ERcZI3mn+8gG3C7fUqvWYeikNuQjHRqm4cK3A4TQbWmBGUNDCC
   GO4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECWAFD4S4DqPDZVZGaRlOuKAghjA
   38c9JsS+smudhk2lgcqxGWgqxm6ZqJ6N5eg0EVWslLtBoO1B0Zc74xnKfB+zTMfS
   RQy/b0QNtFJWO5pYEjcT86o6AOoDUdNAT1mR0BlKCKyxvwxyQhACje0+DejbItz5
   Laj0abNLDFqyrXR1qlwXaTUFM+r7sBYq9RDM65/kjFvv0dcKJlQHvcsGG0k6XzWT
   1z18D5m43m5v52IQSMITBlGQmhFuI45+KTJ+U1E9Zs8EpHSvLNX0vTs3QaWsF3/8
   AWn7TxhH/zu9Qu0DykHkGOFNjRGWj7ufjC0ROQbjIaVIoUKvSKcM1DkPbQ7tNfo9
   T52RnWuJbExEwhwLXjoGjr5zwzMNWKIkYbGunRlPDrgq2fsd2ewlJu70URliKEQ2
   wS7BzRjb3JYnWCy830jRuVGpvLzo2WpQyqWxhSYzxuAl2oseGqfZ44P0eZy8YX7+
   09noeKem2F2+XFLDrV3mL3OSEGEYqiTg2aalRxFAIuPz2IMl58Exm3xV87F3oGrV
   /NsV2g1f8sjkwdQ4k2K6IC7Rplk5jUBixRGClFsFoXKWofoL9/r1RIS7fvKpWUBh
   SdQQ6VkxOTeBdXG8oPm+KZ24XnEPniJ1AduGFU5EPFo17MCGCPG4lSJtwZM9vx1b
   v3HV4zNDZAbUvST2YCDSgZSSH7hgt8r0MzuB72PUiCBrHXA35nuRACWKG7W+Hbnp
   7Dvw72vbdP4WJ9BPUyCENzmVLP/4le07FI1Llx90ieh+/abBC1FKsnITC2mo8OZs
   j7uYnZOKpJLyHPUATsyZ6qh/FdlElhiYJxmsROVUV7zuQDdXbcP7qmDNvifNwaIB
   AA88/wC58QAwLIvrQeOesAOqoWa6XA2FevLKkob4zcKBUv7zLEgHEEkMebx7T+EM
   13MeN6Nm0bit7+eZN+zZ9MuiUM8q1qbFj7dEMAnMMY9rbaH2d2AmXHhxVm74aLjE
   eX7vcYPsyFxTRheds9jpeYalct58v9UB2Db5f43gGx2jm6+hW1NEAuBhAlzdHJ/I
   yHzgGTwkaY5mu+1e07CNTgVes0hCmNqyekYxAkpJDzvWaJJSi6pqfNHGkil8q4Dg
   gr2jQqGWMzgQX0HBkDPioF6AK7lGIaOi+ME2/8x2/wFF9in1h+cKkayz1RTubYh+
   9ulTMlECKCCAg07MQSMqc0XBlYrUuOSZBOcu978xXqc4JnS3LVmNrvh6dhekr9H+
   X0ao6tIUOpR75d4hwCVUy1UlEPXekxAjG5Gp0eY/rAOh2JUMd23ScmSOIbsVNq8a
   8BKB35v2mGyOBnQ50JNM/4KTOB5EMJWAL0S36jpneZksgw/Xxi6rQC8wg3eFgBXw
   WFrNqzG/4HoILHbq4cbQZqymebjygCN9GCjmqKGPBbDxoiNOpGQKfCM2cyCm7eWy
   Zhy6/70p296ogFP6TfCGbr9ub4y1yxXJbs7hBqVEQAWqQRgT2d83Z+XcSYsPyz+D
   CSunKBKbLZlaAKcbYvSogrz5d/ANlKGHtE5SHMhI+X32ygZG/A7V98rOfskk0qaT
   NGkuZeQA/wOTjZLwwVMlhfDRGuBEbmedpU9lClMXHFw2KpDEH9oNDtc03cyQZ7Ov
   H3RceOTylTgEly26Mu295h9PBlxJjY667JKai9F58Bfn5KO37hj694CjiimFjcVk
   JhvoP3fVO1tnrGD4sq7soMJNyoeDSTBbuhjUZAwceWMnekAE/cpuBvf4brdLYKRa
   tWJuu3ZpYLJIU1kNh3udFdVWcRhVvRRiGWU47BzvM7G8ewbLWrZARMGm/e1fSTUr
   WSnRM8sujXFffCscjFUHvA7a2G26bH1pcFEFj/EjgAG82J3bQwtz6kS2+tdMas6b
   ry+hI0UVjKJN8umUP0agp6uFmpaCnU1tRu/9Zu+P9SOm4kuZCK0TEoFgPBrjxPG4
   kVtjAVlj8ELNPWdCPJzjaz5dwK0wPi1st3RC6kOsro4yzHSM3t6MY6Bun3KtXCiS
   koqqWaUx3vUvM7piART7Xv+gAsBcYu/MyDkVJKBFOlNGRx9ycEuVcnVohru96B2f
   R0SXF0B9WdG6sndF6SySzsU9f+Xq6LyvSSq0L5zVBQmswBx8DE/1S+oTWqFZz4ba
   SKMZU3AdT8NrglEuJ/OAoX+eCbYAP9EXC6itTXDGqJjYlqVbryurzNLO6Gz1ro8W
   dbtNjD+YDjMPT4VFslE+KGo+9J0YNLWVqU9HsRhj6/DsgSZYp4AKi8tu2P9YhRGL
   4wGK42ziR83Q9oBXSkh24etn5MBMBqwZo4nUbYKQTYg1cfYF3P5WiJUhr7OttCmq
   JtGiggPyGTX4AUfDb8bAEaisxiEZlMpj8/bsQWnQ8ghj0z1/Fr9isSMT4mpVH3PN
   94ElJ1eR4GC9P0zEFrPNosC21534F/xNWT6AHFV5HXlMyVyHFPFTS0x2pP8O9S8x
   mBpen3OjycqSsDogIDY3hsrTy5s33p16tNrvdsRxf+Wsb4bOB0XQ+VQrr+WhJWoD



Gillmor, et al.         Expires 8 September 2022              [Page 149]


Internet-Draft          Header Protection S/MIME              March 2022


   76raYeLbdcZ/R+C842FPz+lMeoQpb8zo5LQTIgjN/Z68u1Re+S/w2OaZXzDVs5ub
   HIFWswpy6z1gHwEGvRYC+thOO9p33IWMzEuSpgApmVj7UsKJ6iNaJwpGFZrzjMRT
   2LLAlvXST2XAmgWb8t+eWJ/ToWcizoqm6Cm3uZTnfIiqjInGbX0dNV3ZjHq5F9Ik
   eVnsRXS3U9Jutuah+2pUK1iVSZ1hQUkKcY2MovGcCRoFdQ8Vbvlr3sZ+QCkOe7Cn
   YF69COsOnpgtzPU0CfsyHRInzVkqdbM1DqCl7IBjHVoLyWN0TTcjxvxNDCD2ih19
   DY6QtVCeoYX6/sE3HE9Y4MmVqHdzq4hX68xujAhZry+9dP4c1z6imAIMakJAj9BE
   ZSDl0Cl1nk+tdz5qlzRopWkDdjNzyVsLbVuo9jkjHcGzX5LpLCqkFUzcaMR7mCpU
   Qg7AWlqF27B7HVuoCTy9U2/9+XrDlUSS+qWG6Oic1+FSxFD9bEy67VhN3205twID
   Xc/DtD0RP9JrNRqVHHl3Ciy7t6HJDukaMW2xYSlrVTT+gZXUqh9y1WHwDUTwlScb
   /K5Des8IvZnWIMseAjTSEeygp/EsLOc7yWkuNOZXu9pxZE6dDITLvGujDLCxaxl/
   dsbzXrtUjXffniZgkPAFnkWA165ligKu26yM5thczRFgQbH5vofHm73OT5JKzGNk
   j1q8qHRxkJiFy4S28Y5u7TJEAxwgeKN1/IPkU2iXuroKCgMWHJNUVCMYnRzYjkvl
   GVnNyuTYdu02aeKTe4JvO7cC9uC+PkDlnbB9el2t5Qul1It6wF85A5/jMPzPomU2
   Uxc4ZGaWM31zbPsUjWVOTf+DE23nVsrdklyBsNK52U63Zu6hEX1YD3NEmyGLmBdT
   b3nwAKZ/6s5tmTTy5QtqwoQ4snOnUWOuv8uXzy8HRIw10MHYkoAVMpui2qT6LxBu
   nSvEukN66qhV6XTMzSX6rKzh49zPNFvWjFwH30Qb/E6ekHKzrF8z2IeQ37q0aZmE
   a/RFmueAlLIhwm0ym4MRYgjoMHcnXRfTGj2QqQwCVtQZ6lmJUAqLN7y7BbqTeR8P
   K/oZxgd4pfDlAH2l47ewBQxYy0DLw2d0OPXQIqmXwh6MNLKyBvD0oRRFm/3lkh2C
   PYnWQNhKZ364zEVEsivpW1R5pBB3lNZPiKrRXEHRRAr6Sd2i2s+Md2mlhLvF0Pe8
   m0pVUR1QzZ5+apPRThgbZKj9iPhha1UNiOZd9HCSS08cvrV6WZq+n+KmmudxkE3O
   G9rMGFn16DCEYg3OcVOBG0FAphpir8RoLKpGU/Kw1nOzKiQNwXK7y5jfyyR6Q/cI
   hbwJ5XBKXtFaAsd72S+tgo7dNcmnIpGjI5QEDdvcskX50TUf9CAnkDGgpUkxfQ17
   zfvM39IDZir4dUTZnuI9fmmCrr4yzDp9pvmv8gXnquvUmv9i0HKOJXte6vwq9K68
   HaOmtYBT7EKkZFz2FmPkdvf9n3q8lLTM+L43xAKh8/vtREu8uqmrr07BOiqzBi/T
   mG8WbZCgo5zR0wnErf2sSGWpTlYX5GAtiMVees5k4z1Ya2kNDEwxbWkC11ymVjr7
   X4ktxrq+aUSFb5lw6NR4Y6Hoz/nR8CLvoes5/Q+cOeSd9atBNWXiyBcBjlCt9pTW
   ANQrde9jL0bz1zrJpz06poVw7SrcuqUU1GWPkScjaewysY38l1p39GqrnWfuOfI4
   y+BXxKikdQuanQOrxGE/P3Q3hM1pIc7lLPWMw4kWeIYYO42zgUqY6y28QhZDaiKe
   r7F6Ti1L/3or6LyH3TsT7W9m8P/9pab/odpm9/Hj5GD/vQTSrcEdw9rMTTbj9WlS
   X5X2hKactPQYqQLM2pJfQDVLBjnp7SHrM3Pb3PxQnxS3MdtYB0P1LaiXmlgNx+IY
   igQPeBKkzGpV3itLdGCSgqxEI33Tz3EF9sYdLhKYl7gHUXbbRMq2wir5DRbzDiOB
   sQp96CWHxqizf4bmpxjvM7J8BU8vsWt6PUdnYwAxsYoizvocscFv0sc+rwj6nNJY
   Himws1CETDr0HVkXQymqo+sNVGLkQh+Lp8tEIqKc4qZFeVtw/2YQec7tFZLp9KcJ
   3yDy/g9WDJ+54ezBz/s7kX14BwXynjylX6oBa7GKHMEcIhwJykVtym2iduR2yBYN
   ifpOBdHMjBwvxNei6+tpZJ8wvUJyrV+xCzyZpNHfztuPbNDU+XH0SKXpk9ltmyed
   B0e2WIl/+GtBOMubq/TEHNcEvMTwScaHidJ1bc8wkxpOdVoh6R1QGgD9KQ3VWecO
   IkNaiMCdUiCbRYtGj/u7ZDfF9GM2w6eJotswrRAcGqlqHForJX07MkTrECMOkL+c
   3t+YfiTEBOaud+vGoDkvnOU1yNL4p1YKASQIJaUdffOY9u9a3zRUXotvnZPa341R
   3nMPdZB03wOGY2aZ8DWrJZhUG5E+PqNeOV8yft21UTHxQxXy0uNbp4Z/LaVIREjz
   9xppWhO0CQ0Z+hQ6KkWpHKckRSLQ9uzDgrgKTy9ROt0Z+mB3Q0smMxFVk7xHpomT
   hAx3e8UBulOesksRLBbFMpGsduLJGQeu7itHjaY/FJCiqNtabh5+hjt4gby8rr7/
   +wP4UuaEl5nqx2KwtAYNe/qFWT339gN3co+yvWrIPYtbkJYpxNQQkEdOHDZMQLtz
   QwsgeiV2XBYlqnqb3kAiwwp3ilJ6Vh1Nivt9ULe5IQOyz6er+dP15HoDOx4j1SMN
   gl8Of16MDPdAynaBZplhHALSedNE9e4+P9O8AKfHgZBnKU+eK+2+I4u7NRYwXy6O
   AqiXD3RUC+SuPpUto5a/OTAMiOnEyxlSD631bB1mJieDNVgYoIyRlGuqMLDijdnA
   BJlCl3SOdj0e50MU/ik9uK/jv2ulYzkhbBZDwxDyp7GNKHRnwMeZrn+WyvFXiayx
   7B12tGr4qQWsUYhQX2jk1WNaD5/XXVp2xvGDDfrR64FLGWOTMkqNiuvOojJNs6Z3
   G5F/omCdHI9LFBnO833IoqRaT2Lkyqx7olsrMNO+NN7EP4220fZtffagcWdqXERB



Gillmor, et al.         Expires 8 September 2022              [Page 150]


Internet-Draft          Header Protection S/MIME              March 2022


   1KyjxvM0ppRSmyKFHEiIGMhpOO8xRku9m3s+F7L+D5mU4cR7fvA/qQy8/WEB0GYW
   HVD6fvxnEZ3GJhZOcYbk8G4eW7V6//XrEND5yoEG2mHqc3atZQEUCEPdEtdZeuk5
   HWyKqwZ9B/b8r2LLXEBnZPrbH6O47PQrzl9AOGr8F5W5act0DB35D7vSRHk16aJn
   OTDkat3EW881tFSRj3rjpmf6Uah+igycI7Ca1D+25BfbX5mSwxmskDTxAHIiOVHA
   MWmQEY2G/5OEsWGIa/45oBhZxfuBnyAXD2zRrNwNOQvwLdHZbC9fBSvQVPLttq4D
   t0p6q/mCY45JZUKF7YwOIKkIMvUJYFWKDcXYFCfktrZruKFs8BS1ZNKWFq+itIha
   0CtiEkHXWL7HFLJ2QvF1FJ6Jrv92w9jgUXy4tVAZkShOQMtTqm1Tj4XkgoSMYc6T
   KjBr3gQj2z9nIeehx1sQNNuw2fECAA3DZD5W1UacVUs9AJje+5tkko22HHg8To9O
   4rWFdKZR/LU/6Hkkialkxm1XI5dgWeGI0ZFxluG3pqDmRODK6Yzw01z2/3XcJ1dt
   CmMckfCkQFKICMMg+0R13F56NaKjVSeGb0mP3eH7OkL4vl3fKyeWxHL+OPRnz8nQ
   CQud6Bb0JztTPHdRTK/jT6w8F2R2/o4/qB5oDfj+w1rzkSvcAKUPsNbOpTWzFhGa
   kWdFZE51CWZVz08uYIBxd7gBcQnuoh5/aJwykUGNjlNv4e+fy38nBb0WMnp+GFuS
   zorlITl3Hx5PUgz4e7x4pHVNzwv93elwmPo8cdwmE6tJ8CyzRDGBBzRHKYgGYVUi
   XgLu/HmH4QOak8n2CX521DSRO//8FFGsBSRTP2yHX3yRou0y2D1OUpSOruO+4FK/
   APG0pzyouSOP+I3nLNuMEcvKOcA+s5D3+wcOqQLl3XaLeNpxlLPkhPYi43Xchfms
   E7Z10YalmEWXxuCurLmBjM6NQRU28t4XCfoIzlblJV1Vc7B4134r4erV4G02sbr/
   xTbLC848s8OFTYBf5GxqAmo2riVfsHOlY1d6AnIjaai63Tf9V1ktnPGwHgefyODN
   JdKZAtkJyTen/tEwD8LkVBzHEjMN2axaM1+sQBj3RLWyn9y/74GiPXfHiOa1OrI8
   HB+9F2in4+R7OWzdIj1MxwE2tTOWabZ+NxNpFt+iIrzH1ps9SYjFrf++ThfEWKjC
   AaoPlnoyP/sTcxCEJLGwjru8nDTMln3HWHVLle//yyFzSV6eeIaTDZhAdMFNd5Is
   gokg8DCkveJwsBlZZqWG11uuSKnzbwxGPOYzsPUrVTEeJaa7X7fTGNQhV0NHNhTR
   SWKzni0hohpklTtPSWlMXybyFjCjKk6ZZou34GE+O4l9jfcYYRMisU3+pgm0VJhy
   sAQvO5/VdAswT6rgjS05Gq5ipj4+binjkY7qpT+yPRkfqCvbPUnq+jJ8UCo99fye
   cfN8JK7zlqj/hF9IkeNwGZqSr6OFmMDj9yorE+j1ls0siwKbrfPdVrE5GZ7391G0
   efVYKql4IkBIStxUHIRjWe2MTn1FpIhFPibSTlmKPJH2purDDIesB68P4rcvn21t
   SesHG15q18PECPIB3AaVJEA4dat89Rt1PH8MO8WLjWgDZ6TOEsK5CjK+EYKL7Yjx
   JJO7u5QWY82oFy4ofWsWTqLdB7M09vPvjM6aeNm2noStTyf80rikW/KZpvj7UbSO
   tkmV0zccSLvG49PXt5TkJ4cv/moxzgqTUtBUzHzEfrQTMF3cMrOAKBew7UAQLJ6n
   icV4etOsqBNgiXg0jfvmkSZ+nJ1hnzaODhno/PeQ+YYUW73jKeu/ItMnr4OqZw4U
   AFRjavvXktsxwy9v+0/wgaIC4dAEgh1/i7wQFRiaJkZrYFulr6f9vebJwzudFS0F
   0qNn3WIJqsXJXE+skopVmmyuaOaMhy65BtehYJ9qOUcweAfZHJl01I6b0mtXbZNl
   Wm0Xu8GIW6hPA16/X9nb1Me13Ii/UOtI9+a5UaIdSivlT4CiWUMuQvHbkTAgyqG2
   wki/+pBwjZ9Rzx5L3jB/gYx+5kGoTMdkP8ECH33Ghd0yDhhIotlfTqSdxFxSemdb
   qKqen1/IOvk+0Dj1yMsVw+/WnvNuYg1lBcNp0jWjSE5NOavyrbs/5q+MG/QRFwZT
   B245IVLCgzvoacuEIvUKt1fgxuNisAzts1/xdMWdLa7gab+B9rm4LI1o7flTtosp
   3P4oNVFBuDGy51pQVzMobKUb3OUvBs1keTKf2G9A2tLTaOdCRXD0LN3QoE/qsOcW
   2VA+J+0xwmOOsGC4KCSbi7CrKcMg/FzhtdBfwyFUXX04wMZrETfDdd7vKDy9JJyc
   dfjxfi3gOWpzCTimLXa6bqjttcre7zOdu+fw033+Vc3iF6dRksSMvVJNFpnTOLgM
   a+NplsG/fVIK1q7Z/vOcH8roepjboBd+isHKwO9v8IWRx1gd8cBjFkieixnBlleY
   gwnlof+ZV4Way+5CG6hZw9mBvNXPPud8QZWu5K3cNSb9QkldF+ZvkJ+ACEAQDpEK
   xqINQvloKDt5dGPSCXwDlcCljVOadk2cQ6hE4ODlIGA1DdPXK9Rnx/BQAI2K1P0d
   BjFTc6OF11LhCATKqdQiWotLtPN8P79l0L6dqSXTJVojY5sPxY6aQts77PKggSQq
   2AtliQ7HmdnqHeZqAXKBM4bbHRr7PDIwgWw7t/ypE6gQ+M8p3CxZymaWFjvix+5Z
   ZqnTv7pRvpE3nmvBtOMUyPjGa2AJEE5nH/wN2vqBbRcZ6ZdFvC7zsFv5mpQym+1f
   dYZcgQ1KSCt4RjO6p/8R3pZFMwirr6hihe8YlHwTiv9FskZd6a1yiROyGwGLl+x0






Gillmor, et al.         Expires 8 September 2022              [Page 151]


Internet-Draft          Header Protection S/MIME              March 2022


B.3.23.  S/MIME encrypted and signed reply over a complex message,
         Injected Headers with hcp_strong

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Injected Headers header protection scheme with the hcp_strong Header
   Confidentiality Policy.

   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 9795 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6238 bytes
     ⇩ (unwraps to)
     └┬╴multipart/mixed 1938 bytes
      ├┬╴multipart/alternative 1144 bytes
      │├─╴text/plain 391 bytes
      │└─╴text/html 486 bytes
      └─╴image/png inline 236 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <c6774fdb-3ef5-5293-ab2d-eca8b66b4bbf@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:18:02 -0500

   MIIcPAYJKoZIhvcNAQcDoIIcLTCCHCkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAChSAmfqHyENXaa4Q2w2DOX1R3r9EC4cvYoT
   j19WfwiSgCZkQs08Aai9ARBMlXNRKV0NY9ocrCo+RAAv+2xgHyBbZAvZYGa2SmRT
   rSqdHUtXYXiWkBRjXHer7Yi+96T6zGZ5iUyz/aEJBc+DkFgkAkvIayyi5QH/uLz5
   tjd096w8lzj2s/2UsloUHw/oCs7KpleZzI9j/6MP0f+vpTElu5G1WYmumgKrF7MS
   68ABr7NlV+hkMkSXo2u1CzPamQjLqHRjxJco0LFubArK1Rknli1GcCb9dITJh/dI
   CPLaXPtgCNHE8ZL4b40reSbA9UEKTpxA03oNph5Qt2eZLdvwdr4wggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAAQkDtFs7ZNTe9O8FdkPkY3u/
   BoxJYAVFN+1/NdDaSSZbp3FL6Z4zdwVSIo379RUtPSLfaOjQ9vYpDZJs2DiFoftP
   lQbDV/+SQWeCLRSuU2MJTr+W+xvgvVRG6pAERbPZemHtGCVo2hY0JqVt6U9vw8oZ
   J96jh38tirDZ0688VjIBOVOwEJjXHPIf/xv5dek4EqDvqQ9SAg2f6YvL8Ipb5tlS
   xN7dEQyAk38FU19ubnjOpHuPsSYQl6TmwdJ6tkL2Jf5X+Jb0Zi7vTVgA8CVeWQW1



Gillmor, et al.         Expires 8 September 2022              [Page 152]


Internet-Draft          Header Protection S/MIME              March 2022


   ekLv0xrFrOgAxpY+mKs3etVDZJGXFNK1/aiwXcBtrmhzxxivA+yLrVGYCJvVBzCC
   GQ4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENrXasWjkevTOXaTor1IK6+Aghjg
   P741UlHNtIuPnFwDRMNU/sFhk4O0LG+v/6DUQ5W62l2BS61HgIRwI9sLmaUrwYCO
   Yk2Fz0uvtOYr7IltVsC0LSg89JCsMh55IaZ/7CV+VVffH0mSiA+ItCAwVdUcPWSI
   L/ppMzr/meOgS2KBv3qWPmtUkVVoIZHJbKO/C+MRd1EqcL9VqMAej/I/QWplvtQa
   cSmZD7g3loZ4FL/8OAVtc/baOv4b8/MKJ7MzVmVmUHaM/uHeVHMnj8oeNPzdP8fE
   AQLX91/Wdi1QUYmEcfMvkQ/dTcYWVDYy8TviIupGDHYW8YU/TgIUZn2d3DNx57eZ
   8USIuIcJgE0uY61ItMPFuRtQuxj0s2oBbEY2ncWtVQOA/CFyPwSWMFFR071wRzLY
   nOoLIlOhMmzZjGBoAKXEl+Py2aoKOa4nFXzKbYMtWB8ecVYfEXcl1oAwAa0lZw1S
   VoFZzt2NQ4AD45j9oCEXjuhW7X7eEJLMaghXPZPOUJ/B/HxZe4K1qmV3TmLyHRON
   fzZOvMfy9Qlq3SbdLWvJJ13I6/R+GKEdJnQlUSaq2BajucENyfuckvJIo7Gs/FSY
   AhC6w1vAuN8c+tKbiVQ3xbgkWeZ1BHcViaJ5XFGL0qejccj5X2n3kz79UZSgGEkN
   COdo6ahpLHqu3fECZv/yy8a34Km171+70PKOv7VUt073ajLq6e6/gxlbM5rfODV2
   n6yB9vT3JGzb8qjrreNshQp5TUjywgZcqFvJmNZ9dusXAPkHE3L29TZx51wtXmJv
   DvC4ZdzsZQq9T3H8Zs9uU3bJNM5yjTk2JXIX5J1uvbwy3F0cjlXqdU3iL6dxE8dQ
   eyS++mxO+yj7qXwx9ZWY+TAzcCGBaWXtL3vhgK4qkiKuHl7QIWrrEmDNq1EyQ7J1
   D9E1PZ5dMFCtRoYf9OIwGYRDiwhys2H5DWLOmQZwSfSYK30K9stbA3LgQ2GbAWJl
   vjTYH5yeWcAH5MA7SI+Sya7U3B4A0rz0YtHcVq8//QLb/h6Gfy70OmP5w6acuQ1Y
   aNlnwKK4OFBoh1jmVlBg4HL8zQKLAud5e8ObT9/KIn9rZQRcSg4wWwlTYPOOQbFK
   gKBmYBbIuU0z7Q1OGbglJ3iS8Gu/dCt7MZkyDwgEGKJuPLuN1omOiToDLs18jwUr
   Wt15bSsXfu3hCNpiFhm+ns5XrLPtBE/fLgzfZUFSNg4vKV/s5QzZnMroJnyan468
   UI83csnYxe+Gyf5YHjxLCflwhZP7PJnztOho7O72tIS21EZKPqIIeh8W/m/QuMzz
   ajEmEPV+NvLVPM390uS41J7paCIjoBRj3saGMf1WTZx8821b+QCZgjkvTfcAnFFO
   SP7iYopxJ3x2SK41sBHmic/PBCKbJcfUG6EJqntVdPz+/ZDMCAoMYwloM7417r+O
   9fuoH9zlmTR6TbT3X+e3N+8dQXRhuDeD7eJCb8gAD+c6Z/MZuAoAzlZK5t1+RybL
   hyJ8JEKTt27f+DXv02k5bwfcsmkbKecqDCjQv7ObNFTmDMS50ZTQzKC4QcOR/zfw
   UG8SCmbY7mlARW5xieWIUX3qDbG5MI3M3DyR928prPrT/eFjCY2iTsp/FGThwdCF
   I9HQ+9l0h+h50zkmm4Z4yyphWU89HOmhKiGCOye9je9D2IhoGr6885e0A/xklss6
   4EovfOu4KE4FB9lUXvFXTMK4tw9NS8Swi52dzhNNDkzX9jeSjcohoaUSnspO2G9G
   wgEOkKcGhtggc1/O91uIMG9MafDUAIuR8eUdF1KJVoxKl7B4ew5PwzyFqXX/CMZY
   lLcrC+gbE2dnYJbSGDChv1mFM3lat9A7qYfebrVgtnvZAJLsF6rXUZa0XU0X7rN6
   cN2omrfsUMqQqJfACQKcMVke9MRDvPPfLR4vTbsLwbOFj6OxE6Axsru3Vz1oC03a
   0RSozFfRq1ujIHJSTPJwMFnqR0pnvxBrHfYnOOqnXBBiT5rQgJvF56I2dYCPICQ0
   nZ2m8Jr4Ne8uL/NFUAIEgJrHzWrC/xdbDmk9/mQYsFLFXVqsjVzbCAHCPjGemwqH
   0ks8YgiiPaC8Ij0YOYu8XI7RCTs+pdWQZNntQPmicXP3zTbim9nzHRYXVEDVYS4h
   oDW/4UCbjkoSxnf8nP2dx9vhwrktfCDubBnBc7wHCJgloFNCeUnmxKd7T1ou6BF+
   NxUc7PVDq26Rv3rMepQ67YbjU94zp6cvlGAEBgXa2c+1q6m4BK09zGpUCfmRpVzz
   GY3bzBrjoswbOY1Nl9dlIWcqHD9A9RMCVIkpezwgyCHXvkLMwsWNfBGdDDM6ZJkw
   v1f0MW0GMMsQeQ8aTtty1UZrAibv5/uo8GJtKqDAn/D2c4IaLPjkkEO1xPlvaj4y
   dm+VEp5/PaidiKfSyLiBO3xw7OVH6/V8OlRCD5cd2C5zEVwWNzYC0ipjUhP4NaWV
   QKx37Zn32bR3NUqyV2tyAFGwksFMi7+xjXBd7l4NMGgExP744j7cWwlihetUaTOG
   QwVq1AFK7q2QVefSZ1bpEPyZAz5fLuwuZ1QgONbJhQyBLCkgobgrTVUYPGpRIbHh
   xMTfD6NtwWLA9ZGyzdNgbId2QJmaXwBZTwNNRClnBcCJkBj1MYgOGT7xtozAqlW/
   3SqfTTjNwFwXdEee+tgg2aL/BvJPnAzQzxptuSKhM0sLvi70ripJ5ODwSIiYRS6r
   me4vE85xUBbOXZ6EPo4YB0GoJsGG9kvDp1tUYhcPmHyFkEDgGjxCDPzIWAyPtNLi
   3L3x6jDRkJ/AqPqC4laOaA6t/qbumExEGkcSAPS2BdJ1Fduk5ae1nkUZ4obvGZfB
   zxraCTXp0SOZ2IdDVgzgLK0aEZa1VEiHyw8ikekAxoNcRqZNtpugCushSbdHFW6g
   OpaKf9fNWM2MdoyDDuUFqR+tFhvdgAqCpnhXG/AArLUw85OQoY920VnRFNqeBxBx



Gillmor, et al.         Expires 8 September 2022              [Page 153]


Internet-Draft          Header Protection S/MIME              March 2022


   osxBQWkhj2Msw7DgU1XhIXD5djfY5UQhpov/uxLMf4ti13LGC+xdjiX6Mh1ZeMNa
   gneEzmb3YCROwldNCr3spnULVqQIqubaSp4DO4WPN7GiWr04gwncQOPy/HEu3t1V
   +EzO6TIG3BB3EMU6dIolL7tq69pTQeOTQm3Gf7itpp7MSIjpAc9y4kmtXbD2r0qJ
   A5As6tiIchm8qHnP0iyCTv2TA+zkXMU/YDPj8KJJ2PWRoz9KTn2Cn8OMDcINnZle
   LMNOs3THxzRMvGsv2E5Z0+0SWZtz23SJQp+aaKdXbE84z6rLNnaRSwHdkwFQtLs8
   7P4kLJzaF1YxaC66+/Z6LR0WUg9wrx2lptK+0o3gvSFSkK/mFW1rIt2z67ebaHww
   KOk9XfI2683nxXFyCEBMBzuNVDs3aAb7biO61wkMD/1RqqxApZ8x+WSfXu1PZ0Z2
   ehc560tuM6c+ZZRwNUBCy02cALsEOVcQGbkQgiOwY0ubHqGBLyYLWyQTuX/TLmbe
   OXvWNbwuQbAXxRcDL92OAqgj4qBjRqT2J7DQlZnkw0jyxjde1hfd0er+X/X5s4M/
   PGapcQWQp3xacBld4K5STV6XLynqFgxe+cI+Gfye683wNWZtPRkonoFv9VnOKa08
   Q9K0E9Tv0WzDXH1B5nwFMW41d0j6JiwI22M/dSUwpLcbHml6XhfUgLg9rPYPElRa
   7tRxq/6MfSwOdy435zsxkUx6eB2Yt9rEcFWEmZjNTBIZ8Efa77cquLJzFv/oFfCB
   jHpTrVr5a2uDiv0migp7upYC65rmMlAhcAJioFfb575g2P6t+q+fMeLOX3sH6wVo
   fsTXpKwhFiWYp+MGUh83pqvYqngfNBDd55ITQveLl54h6EVuFuGuiC0oGCO19EHS
   jHrzf76ruy2EnojmXq1jXsGMUXHXLsxvo8XZM7Qr0bXEj5gt1bWUaaV7hIkCMTis
   pNVz5ZzsklqxF00+cTcPlrh9X7RLjMHkDgWR6k+mbOLexwmXUlKrlr2oGVFrArEW
   ACcAa3z40TIw3oAdRPmvY0THlInKc70fVaJW7SQU9qXXGH6iPSfjTVj8xjuPkyY8
   VobraL10ekLXrHOEx3o2ylYfLhS8sNuyE015lKuXbfucUFU7aELaa0FYQv1k75ma
   0Cb7+pJvZDXoGaGdjovnJktD140GqutOqBlf1Q7VAabgbI71vzJbIzmlVKJfW7ii
   L++lwuHQG2IYUsxTG9P2LM5LqIvD8uQyH4duCSKEY27JD3nR6fkayv7+EG68N2TF
   OdCtm3GEa1+HYCQGww2K7TROeY9B1GepsI0MraAUEwcJcmOJoRv117j1FNolgyxo
   Zr7EIAH84gKLPgK7j5WBGVVpAIGtztiD4j/7MYnNa4aOAqmtyLnMtnp+IQflkJXP
   71SBoL2nqMq52JEIuMW2Xfw075FcrFhTh/82U7jlojFsCsaiRvB0CWlt6d906nFM
   e8dTmK7rApCgdj2CTQjA8KlQw53qo82XyZeI8X+UZdk1pQzWIOrz0IR9XC7oWtv4
   /D0VtBpwp2m3Tswh+iX3Z/wUBiq+OcA2zCf2AEUNOQlb4gUPl/+WmdYt0OyhrA1T
   jvHV12pvycM59MEQfqzaffqPKOeQ0N7NSrq3Q4T4p8UkO1tAaA+K9GDOYthBQrKZ
   IyqN+t2nuaCOnQB0yZdPAzsKUQtDZlUVnE+1C7PM7hG63oKz/5QXoVAWB5jrXZ+f
   bhO9XP/wf3KD4ANaACVcGteJsECi8a9zCQU4Hwm184bc61jLXAAUAI2/RqF2FYR0
   ywq7PTI3LNH47WCimxjaCdULyBIBYhOgTQdeQ55W2lqTLUsNSwoOog6C0Ng/FfRY
   DgJb62ff1G8NrQCIldGgJKi3SGafe+4+2dheCyIS1TO+3OBbkj2wQxgvzht9Fmae
   MZdf2vJg9i35pieoEIQ5QHBONR4W4yoZuBv8GtnAuKYcPHAnSzJGla+omMCbaCcu
   gupCvuY9P+mR7ML8/vH9VaTW7u6M95PEcj9QiiRVZdVDUmBGipWr4oxMkfK+sCdv
   TqEmJ4HgzlOj5Z8HQrL8XZ/HwG356bs8e2tZF68IBFWDEFcZP4BZ3qV22kbo1fyO
   8E6hQqsnfJMXCymYkQIwEWOdj5mkAYErfjieuVJ2HgKWCUv/KKsbE7DkT9hHkjDy
   Hii8rmuAkWik6QA+lQnpK8x+oLYiiIcBYpEUYCBlryWAbYO2WBNj4YWl+do+AGgU
   whJj/yPGISuNTUHl0Gd3AbFplsgjlHKua8+7XLy5UDrRHXoQBzBujN70nbmRYXPs
   vOWNOSNnkLSxNDwsOlT0X6BmYv6qDg0u/hq0s1Bmn2aKW5JBr17MQqfPZ8pKDhNl
   ZBrILg6Fu2ThJyQUjWLVdmsNEaLzlGi8A4om0Vww8qhkPN4ar+B5tbJwakdYne03
   l0WDrZI+w7cNLMUB5u+BqtHm8UNsQF6mY1YLnGCmr8l4hv86yB91RwPcJUK5ua+w
   +JjE2DWb/zG/feWM9rgIyGz5TSmfzfyeWUFw4FV70n8EsKzTPGZpBxVK8Qp/S3uK
   NhSXczrlgmeHdF3lip1QaX61GV1s/IkoepnPLxzHA1oXQY8FUgT8Ib5+lGKFNbZ8
   bam2Fd1Lrm2Y7m9qd0oAjM5QII5vMpraulzDfxAZugVh2G0DC6cqBxdqtuzUswUj
   gzb6y3WZRCr9MZpsRTpe43HHm5t0U6JEpqxxjFwK3hDRCRSckRdqt6I3MnA0EnyX
   l1ByNr2o6cCaw2yK/sVz9GOuxBMFdyy4599ES1uKYFvSMA/8nJr0IXNa13mLz+am
   cvYemKIitkg/7aa/cVGKHWravWxN/kTdhb7cJ9Fu05TZYXZvIKFNt6qaUzyE9XwK
   WFwx1Alk4s0CjFdAu17vRR4wW8V1caD1GR8DZdAjFw7gu2+x+J2XW02Z6z7ulv0T
   Nf3byz3gU7pdXCvpF1Dkck8LpxpGMuPycwkwebrGedJ7HwwITBItheixm32+tXLo
   07TBiVKT2+NjswiToqMiLaymqDjmj4EGYFWpRwXQMkZm8qVAW5Y7jGogTIbD5a5u



Gillmor, et al.         Expires 8 September 2022              [Page 154]


Internet-Draft          Header Protection S/MIME              March 2022


   uvdJQzGupuFcVphJUO5XUu1nuWc/qN4lym+UJsd0qZuqU2QhfirT6lYSQg/ELX82
   d9ekPyX5qS73C3qb1zgagY8FssaWdW60mmUsCmetOg8osqWFyVRb4KQxTbVT2U+9
   8kX08I3w/0Pjclz75I8kpbS/JSGMsUKCHvGDToF1nbBKUSA2ZkxPx5gujoXGxRl8
   UIefG+ACT2MdBBWjsFMZF/b/SPieVb7dnVOP6bdQYt3bn3OKxA4GGPvWmZhOUk3A
   8UV240yhvdgUFSCvfWjD+N/4JmHjOvx5Jniw2qi2sxkIA8Q6s872ktESgGG7eWh7
   +okS+UHITreV7auJBHgMGSNue79Wa7fJiVZXeVdVQJjAJXyFsT1ID6alM++9yOM4
   kO8o5juEMt6Gy210OJe5oupYuFj7zCmN9lnWQgSIqNlr4igslW99S22KXZN9OWpM
   M1+J7aG1b0BKSXA1KIFYMY+iCc0pUHBDeTIIUR7wQ8bDQdjwa97/iw0LEJT7yuuO
   1G0tAbZOBlRrJmoae+2Uz2bcilZGHTqVp+WhjNxXtBoCIxGCsP5YA4OIEfdgf9qq
   RKfQBVt6gBEg2PsR1SLCiJrETK41FHWvLHa+sxIVRbbkjQGvBiFY5PTF7m54DtOC
   3RIw0yso7Kx66fP9kBGIQUKM5MQmedw6/xju3f6IZdHFAmThBI/s7bZgUqIqYHXN
   Q56Rmu1qifF3H6IfGWVyQKvfEhKzW0W+mrrl1i2DxYQL5PZcqaTfJMNRvS2OMwYh
   SfUJ92V9bGw+NyJtAfoHpyO1DAXv9tGU6od1QsECCTY48Avs3F//cjuWnxgu1+Zl
   7PSnlVTpa+EbMWO5NHAnQkrPvaungyDsFja/bF+0iSSvGGSRarzXglH/TUbR7O8y
   NrK6GGwJXnV80lVelBXEbClpks0VbMCxtOY/VhCOq5iGtD2Ulwmz3OA/uXTcIoBq
   UmCEX21E+DeAV1cGLX4881Wx/W96qNEvYMBKANd+k7MYJQeKcVOBA7i0T9WYQ6Gg
   MEiQiFp9Fqep405VwLnvU+j1JCX79gKOr0IqXMu1LoVn0LvZusZhluUZg+LdcZm1
   Vs89SAuTz4EdRu7K/hxugECIPzizw3DGn5xnuMSdkGNoLHLtTZlefXqiG+0Ru066
   DA4cIoKYOCELWFnCIjXIuVc9PuiOljCmMPlNzTK34bzJFx10qa6fwqn8dpqYyDaQ
   viHoR9fcmuVWtHzinc0oW2DrCkzbENviMZaxCdQwGCfo4vVNPRLwrnk92OtcWrh8
   WBcWstpRe5y7V20GnCnfPARPAFxHkoU6SgyDds16t0aBlPoNf6/KLJ5e7fovnWuL
   vdqBzPlMECtWuEJaqr4B4zqrb1txNCNhR1f4laQxT1yPp2sP0CStOSI1y+9zCSwF
   41yIz70JLeT+0x4DmcVMkkdu0iwuVBzhx0cjjfcanELiT+f+ET9Gfac8MaEjTi9f
   IGmyra4O8a7ZnEcJgqY+H+uNW9AGneSqVQyuFnV2C18at6JfCckHVbIsMOAkRTwo
   a+l1odcyhIjnFQRaWf4y5Z+T3mWwQ6j6Gkbr6Qkqxq7L8AGEcXhjaLLHpUlrDzlA
   5vuMSkorZhgxV1OvicWzcqqNqffXE5ojF8GDhoYEAN4JHONI7uB2EMkON+XTp3OZ
   uYCDqzWj/3dEuaYpq1m9HBLp9TawR2gMRADCPNZVplcmjWbcQNRlZ7JqeGZKyyl6
   cYvcyKsR+g00/sQ/z/t8rzgP5O+n8GtqYKQoS6RMlNXTu5qrE4wmOr2nIWM9q2bh
   2H5WIUUEd0fExbIVYKIIuhWb7N7VAMwm5K4+fIfIVVCQJegNmvS/FUe4MbVxV6yQ
   XOEyaijhmv3amKe98fWQIqtIke71zvhCNbbsVOmRnBZfMdP9jkg/vNPuGRXDOL47
   liRD1XX0jp83F/UDsyiGHyy9HRortlhJFn0UOhdDaEszsTpxJjw80bRc5X8gmuiT
   QW8DtD5P5IjBDuctN9wC+BLOEuoLT72eyUxrtoqLjm45QpBqDA8c33I+5A4hwZs4
   BnEigRXIv/I2gfyagiRyAQlZTJrkB+T+DVsmxdfAqZxf5pGfYLE45Bid+vjB0DF4
   BSPUw8ILhQjw+LmtgtMia4i0IZgYHGGRU1EoLXF2jLadBqU+FRA8f0f3CCnCHsAm
   xQ64u1taZ/jen8ESHvxl9c0NDmGczJINqX4zWNX+loRENaU1fISuRGQ5jF1+SWmC
   81ixgMcuCIvGcuTnZHvwkSmcSpis9paO6pBZv7RieLBqlAcH58Mqur9P7zXTdNnO
   mNmk7k/ucs94XpGQiXImMric05OgVg/3kxthe/D3F+fHz4LZPLtqdIhkJdCnNp/e
   UbFF9A+6bvCyvMzEXZiOaI8fY8BekHIrr9QJ4meKPb2IpYFTlo9/EBGHoQs/VvA3
   3RQSFHsIYe7r2+h6JDgTwtB0zG8B63mNY6rxgWR3q5k=

B.3.24.  S/MIME encrypted and signed reply over a complex message,
         Injected Headers with hcp_strong (+ Legacy Display)

   This is a encrypted and signed S/MIME message using PKCS#7
   envelopedData around signedData.  The payload is a multipart/
   alternative message with an inline image/png attachment.  It uses the
   Injected Headers header protection scheme with the hcp_strong Header
   Confidentiality Policy with a "Legacy Display" part.



Gillmor, et al.         Expires 8 September 2022              [Page 155]


Internet-Draft          Header Protection S/MIME              March 2022


   It has the following structure:

   └─╴application/pkcs7-mime [smime.p7m] 10425 bytes
    ↧ (decrypts to)
    └─╴application/pkcs7-mime [smime.p7m] 6704 bytes
     ⇩ (unwraps to)
     └┬╴multipart/mixed 2273 bytes
      ├┬╴multipart/alternative 1449 bytes
      │├─╴text/plain 493 bytes
      │└─╴text/html 645 bytes
      └─╴image/png inline 236 bytes

   Its contents are:

   Content-Transfer-Encoding: base64
   Content-Type: application/pkcs7-mime; name="smime.p7m";
    smime-type="enveloped-data"
   Subject: [...]
   Message-ID: <acced3c9-111b-5a4f-bd80-34558da32b4d@lhp.example>
   From: Alice <alice@smime.example>
   To: Bob <bob@smime.example>
   Date: Sat, 20 Feb 2021 12:19:02 -0500

   MIIeDAYJKoZIhvcNAQcDoIId/TCCHfkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
   BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
   UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
   Boq0MA0GCSqGSIb3DQEBAQUABIIBAIz93W2Y+UAs5hfJv0FVshsVqpt+3nDEwVwW
   1CbA0ElWkeDUJEA3temKIObvlca8GuinuFRfBNobC6Qh74dtjjDjD2Vy3mi+VJ13
   ERB/OM1wdrMRtdJrwTwV7zPC0rfHhpenbvNQpKsdszIVitiiHeG7dG2oRrJ6Jyfq
   ceU313EXthbLhXNRBA17tWRd4DtpBH9Wk+3M9v7tGQLOFW5sLczK+Btqgmed+/ns
   mQNfl/8T+aA5ttkzwHYYJJ/Fj6GMxWaKWLpGkGtE1V00ED2NpDHLNwciWMG3MgUC
   tT2aF5yASW93vBhV3Wg/gdw1p5zTF6RXI7/Z0tSE5PjLpyqYrWkwggGEAgEAMGww
   VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
   bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
   HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAbcc4GVOP/kh6RDuyhTj+6aj4
   Vw/bzLNJYkgln3XsWd53MePIzQQ2m4/w2qMxeOFjCV0j0XA1FpKJH9XfUjeKKC9p
   WYYOLCu7zYgXD+9rsxA3EzG3EM0S6x1FI8l273MZ1mUNDFKWhl3e+PYyharTwa0N
   aRe+ZdxDT6nJfkE0Rj5AJIzk+mqZkyfJqmWINhNBlQZmUdJIBUJ2Fj2TjWO89fGf
   RCyTlW2TeC9L4D4g77ZZopfPLE5mUYzJds+pg4gvdujbdGWcj+L9r5MfoVVjy0hL
   AvgZUbgPbyFy9wovvXxgsjLrVG91D2yy0djtLJ30rIvG4QUdoOmGI3FwTWafzzCC
   Gt4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJiDLZUQgf3R+buYZMtlK/WAghqw
   ghkHRdlK8epExfgdOk0WgxpB5DMVZGINLxdkqNitRYZOEfZCL1+hs9S7JlfRggC6
   rGyhDGGxDGKzg4ACTv+WoGH/Ghz47DLQqgop/TbkOwr4aAS9HTfrHWuOAxdID1XS
   4C18yoQWJyWYmgEyqMTOq6A5ScnYnYitQoTzVgSm37/vkKZ35Q5PhkTwG5QtbQln
   56/oyWYYjB1dnSGtzAR6DLH3COiPS/b6mDJSHWhvqWlu5IjyMPqegZvIuNLA7Q+d
   StCCdpDF1pJx8B7knuGIuevf2vfXHYHOOntYmXH9WxV+UFBY3k3GMiCnpCdWszGv
   6FnlFOZMbUy2rk7k2zHTwluUdy5HbiQ+VrbBPI03WgGwA9l5B5oDeB8NZ0GdhXqS
   FxmjlpNkrDsxNTTv8+vHjLyI1GnstSDixjwvpJkcn8LUf6bfAllPv5ChAKhIEcLF



Gillmor, et al.         Expires 8 September 2022              [Page 156]


Internet-Draft          Header Protection S/MIME              March 2022


   yJJsav2uwXI7by0noyTd0x6/Bzut35DBhHxuiwfPp8QSE/bgHg+vT0nLZKTIuEkD
   66kpORIEciQxSfh7rhSrFYksA4wF64TjQBONWHfl8pFTRpqTLUaI0K9F+ib2abp4
   o8gk59yymY57ABKz6ZqE/6bn8cEcsREbpKaHkx1r3568Fy7ErBeldGs3DAn5DHoF
   FHCRGtUzpxzRXEd5efHf7NrFnN/qyNVxdzcRqqats71vjjOQRZtUJHKAyPdFF6mU
   ePcxW+iGTACvgpkvm2ZnTjID4li5Q57gmnslrywGpIE8BJePAfcH8+ccjyEhPGUD
   XS/DPT+w+bs9GV0nZFrKGMpLs7iheaAR9twp7EF47wPgSNVFlZWq2fdkUcBxrwj8
   cpbEI01eNwurQZGKz99aoaoMdYs6TUAxtI3/P9+Gu4M6DHjsnPeRrv/A4K79VNVp
   z4NdM/vy+fBpS0Ef3kIdFc7gv7CkqFr05FR2i7MP69MDsUvwulbl0jmeY37lEVhd
   NWHL6gBbuAgP05qjk0fk7ZsS6pHK1wocgRpeJtC9PPc/GtrB/hXCfgBLSL/xVCwu
   z9MSrgRsSHDIf8H5lfJKGkT/5DmghLE9U8lQPTTZe6pLF0i9k0mgxVS1aWXogvxi
   fM7yz7bHYLgeQR774mTP85h/ei3brsA92JJRCe162EBXExD8nBpUPDVXlvid6i5G
   dwKDJDwfTB1Gixfp4SRoU+QzclKyuKuJ40YoN0OPsOPmRHeL6r+A9QbCxz/+gv4c
   cgmzX17pczTW4MMo/TkhKstD75VySPwEHSdiJ2ETsCbF9/OCyeGzOEIN8csUSFyx
   PanRCmvP2E2ER58hnqQOJcTAck5qTl8hs+Vw+C9lBQ0noQfm7e9i1HMKaFEQoPWX
   JwHRkmPaz0FiEQTjhI7nZTWfpxa2sslnkERQ91SgsT1cYJOxQ3GeXWlPp5t7yfbQ
   UZyYkbHvqC4MczW5rmSdPqxJiFkZF2uX8+OwOdF8DIwT8AKAp4MS+/Lg2iuYeq/Q
   YVOMdXSaQkBxSaLiBIXYEypSNPIfc6+24NgxTMzEpyJwlCNb5iV4Va8erDaYhr80
   frClSk+xKC3nGNw8cnz5D1LFLz6px28dB7C7dSvYNU2YAR3xtDphOP2zZVydudI+
   Wa7FGFpWJHHfGPAtnBNebwcr5hffICVV2ATiNwHJG6I8IlW6b2UZo8V0v7sDj4EW
   9pcuh96H27VG54UoM9xZcdkMq8q1mH02nD602xc9MIacOGoLV/pQP56MvfYfr1Zf
   ysOUBaJW9BOlWsVEOyP4IkEovtlKaTvA2v+HMQlk2ok1EA2cYk8tcpnJg/fHmm3K
   LmTxldf0/2bfyBWlNYkcIsCxOjAoB7uoisPMNPCLRwniXfZgrspDt3yE4vzbXYMQ
   49I/BYdxdDJH1lfrDGqMyZ9OYS6aWoFQuSY1p3mI9IcrJu154SxeaALNaDnEX1h7
   wfBejR4aGfD9AjuoVXyVdLI39difUDggMITPbbqO4eFeZph6D9sdTyG5Li2k+WxL
   FQ+iVwj6/teLAiLyPgks13kbEP6CLIcMQ8wpleF888YG4BVC4HlBjgzVTwj58Whe
   E9zJSxPhewf2p8a4PPs/75+3GNriNDjwZM1jtERMn1t96UfO2DCkiC5RYs2J7s9t
   Cdguovv4PsN1pi0bD96Toe6yLDDeBa7Y50FRBpN/YW83HS7HInPCiFjFOzxc//JR
   rvtYVjXzHvWWl8mdua+0k4lE8WVCkk/pn6cA1g/+HnkNh7UTB+QYdFHVr4HSI9HB
   DPZ0H1zvGKG7jpx8AqgxLDItBq7JI7Kyo86fPQ7Gl5vjSZD53prvZz0tToR3j0dq
   uZ/oH4IWqW4GiwsK4fUweHfOB5qDqaQTdm4jz2Dv4JJNS+C0QJxh2Nb0sZXV42NR
   ITZIST8tS3MdUnxgH6KXV+AnvFWh0Tn51Dq1JVbWGRTGjw6qjnFNomU557ygDmMr
   CEYBxPcj37jYbd0D7mCHD6L6ztrDXxWsJms0X2oILzTJFIfVc8+5gPbzYgbn4CxD
   ZffnrHA89rZiKcWn8fhqHPjeeADP65ywVfTqGltw5VVt78+aBKCkXOLPZGzQ7R26
   zxUVtxIG51AK70JNN6EqWTtk+IMd/EIUjIVZN9TbQBXaTUaert5x5dziA0lf9eVG
   LmC3mkW9uQCzBxtwacxYUdw/VaV5VsbktA61md+7B/FKvzmIq4F6sKSTiYuEFfOO
   paFQf6FaftiIgqigpDu7ogNeR4YLl4ZQwZj+xTeYO1Kx4OxPxCAfMZz+sVoXGCnG
   qCvuppWQ1X+rZItB3YErkf2nf1k6J/XrSjVfr3mcmvw2QBsAmxK4Na4hLlo3mRT0
   JgbmKXqNlTfZT2qWhjDQNmC7mo9hKUOmnm4Dy1RNElQ1XMG//0G3oqKjFX21Gizy
   wv07CYHuTuBBsyyXXj1ZARsGuzGbOkX5EaBri42M+VVGTqG8g5uPbfY/8i+/BuDs
   08u1YlPBrvyzJOE7YbHOBdsJOGi546DSO57Bexrmfgs+yoPEpfmlDqAgppm00++Z
   agWFbj5JtLRMvO0vFYMBgQU1FkZLmcvNA2tAVNUwC5xbFcEXxg7/4xQGXTA/B2/A
   Oo/2kDsq3o9Gwfx+OmYE8Sb6rEyIiVBymM5AzlEpF0lVFMGLzmRN85cwldtBnKGF
   b/vP7caw7LBoJCHUSasGmY2Mg2k+jmfybs573h3x9XAtGfbAN9YAR9qtRmkj8Wvr
   4VpOSKGSV5zyfxWwdgNEShhH0HKFnj5hHKgcjgOmUWSEMX7+qDiF83uZ22xpyZnt
   Wckbw7AcxznIPON7HJMKasZ2Oy+nlWgQw//n1prdnlFv1YSuj5HUp0wp9D544s2t
   I/b9D/TAVEbBK8+m4mCf0PvqG1zuxrjt4A1pAwG9zVtNebdYw1YvxTwVVxdem7Bi
   qzXc2YsmHLEkCkRsyqOgjr3k4IN3vMWICv7YQBX58NzvqeIA35hlCUc/wM4lbH5O
   EaCuWzAIiKNeGJ9tTvcPb0WAM0crq+G3CQwZyCxPQkCmKZWNyweO6yxpMzfh80aq



Gillmor, et al.         Expires 8 September 2022              [Page 157]


Internet-Draft          Header Protection S/MIME              March 2022


   DBJIsYKOhyL+YZLu4i196BZY3wZ4Jh4rrHHA07NpsoS5ZLTh9+5OE6WkLR4sc0Kn
   4lfQZdFq7Lh1i2fD5A0l4zin+/1FY6FQ0iiBFBYOYhPB9WMbaO/T6HRsKfHS/2xU
   G9cS2xdrLP1MNXv72PEY5EDMegsd0owKk6HpwmfNNU8iOg0AougZ1hmm+R5OBEu7
   nJlccBRPusfZ4U2pG5MBwuo9ZQ/CetLMPtm/glixKoq+esl/ENTXoT7amGSA5nAN
   ivxH/kKsGHNe2oh9QVaXeYtVwEknn/fPYcuOu1RljqfnqqLS5pdTSSTOByJjImyA
   /KbmzyEOgZDXLup3pAC6PXYaV0Y8FNdqs2eAg+jQZZ67foGYQeXbZ07t4W5LH/qB
   Zt+78EN01NVBoHHdt1EdAcs57bzviVdbJw7GtjccwJhLEdJTxsDOOrTtI+wGJINp
   KjNDBnBRe1KyE7Us/ev5yRQWWqhoi+17Mias6eTXucKMNGz6mS9aNruTMDcQomjN
   pdyfeN0mYcYSwU5RcrxSoZRwo88soKJ+vwsC+kQj2CWWl5alOmdZKPQMcFuS5XTi
   SdXjZwckT9CcwoB4ElKxuni2mjLPODKwByYF1DV2fckV4P9oJRSD9400ZiwqI5KG
   a3yCtmNGW2AJKVRWuW9uXgNR/ouMGwxKbHhJJzeBJAebZspgxC2OAq4aZDQh3BQt
   b9vfySSPFRn6nu3z6qWfvMAmjQfcyrydW+NphJEISLjm58kKM5NAW55bo4Zo7we4
   eesbotmSaAVhpdDz+JbubsqGm0QhADLBp8A20Uj42jbgirqJ91AuuQik9ujDUjXy
   gPPVSYH//iL6iyP6/hlk+EfCet77i34ZR36mn0rKKdtWzmi0JHnlz7zzLhG8DueZ
   pqxYAUqFtkktrLOFjt4863P0U9i/aWM+TcLZXdYhTM+dZLZViUUCACsHkhSs3i4h
   9R6weSgV9WMOKn7ZhCAlWnnRuIFuN4+wzZtJlXk1m2T9Zq+1lBB9vQmJXquctdKG
   Y1qqNQwGs3y5lcs13FylU6H9iSDz2eXtyr2srHniRNC3XdQ/CQQ7csM60nKvPRSl
   agdyDj6ZWe6gdV1vrZuXyQHEoVYPCSXibqYTl6PsUHfwPfK16ZIJfkBT+gUWgfjP
   MxsBsRJoW4nA8hJjspaYXWj/+yyA+MELghFfCt1TVTOT7D4p//B8zUpVpFGirxJC
   LtuB7P82/o9gn1EgLBeypQc8uU/2L5gljkUr18zxTDnuu8uN5T+Dm7t9KhOzz4Nr
   MlamGKrFCZpDlkFQHRuZuCzD003fja+Z/TxbKkHT6tAS8KBpA4hkg6R/XZiSX2aX
   dZf+8snt0yRyHvIKLsLuVl/oz7TJm0E6WhBxnAaXQRBYL1Qf0Qw586/TxJMbgMKG
   bOOdHUqyyodGrLhdzO+aZIbcceXR8tVF2pHvwEUoi1KjlD+RrzHP2wYqckinh2ie
   sKzou6qmtfojHrZxv/hooe5UxuRQB5LoBY5tEPklx5CI/8MFtZg3Eb+uU3q+/TJG
   2KAUnkqJsyNiLoggMcKasWkbbLm3g7nyq3eewRSdGinxwicCXqiC9zX9A1Fp4jHN
   rLv0QtM0tbKjJbk/ttHqAafC4/+CQ0YnWeNxqzTrF/JCCnr1v1/grN14ei8wizb2
   Uby05vA5hUgbgWDUPGvr+2tjl18Q2Y+XGzl3b76ype0TPFk9g3d2SlNUIcakiup2
   e0PhHCXsVPIjxih+XiYUIeh0oxyWKAKnsZPhausQZ7R1ArI2GBdRGFJBQO4rhIlC
   2Bn1NUXf7IwH4Siza4mJvt+psd84SluVVBD1JYvFKJxrCQacY8OWNPZXqhy0aY0u
   IWnCDYHWuLOK17RUfDaAHaiNwZ3LpppCxjtRl9s1P4ujl7b1LPk030nu9k6qjlO9
   YYBSPq6wSqYvJ2vWYdebU0rLHm0R0MqZHKSscZfB+gypWgXi4dIKy5lS+DWKQQmr
   lS+pxCx/Gab/yNjGIAMklWHr1EB+8xc3Tt1BeCBj4YdJgxdFzvOg9jnDr9JlCLGu
   K9OkCAuzAqltaX6ot2KCWkzKNimmnd4i9p6pADukioRRBmftZf+cjk4LXoPGNPvp
   cX1OaXejZ1t+9SII2eoQQhDZzyromghHXKdi9Oq1WV4kDAZG8cNVWTiLs462AHum
   zSuI4Vk1WN1v1F7w1a1SX9/I5hL5pq2ldmyUCcANp7TWLr5lACPc11PEk5JdmAHa
   nrMW7wGgf6Tr8i8LX0s8jGljaRdDVHmIfKPbhitfBuYcM+S3NN3uin1ZnyKhE8RU
   KfiW4ZoQCExOhcO1Yjiqq7VUB9g4kEKVt7y3LkuP3d3VkGndYDEwrCtyUOoXymx9
   hpR/33z96eYICVKPxYEsCGAv802RcvviU48ZfDvkxDv0AdJLGU0BXANZKuJs0SAS
   3cm/vIMqBgjGZ18Je+d5yEXUqrv1IiWFJtA6rdYdbvg6zTUIdpTriWV6e6KjgvMh
   xCe2RPJn+vyEtmwwLMhs8pL1zqMAIS/cTxrQ73wyOgpI+i1kqUgfvfsJqrrHoQKt
   agXmgsbOb6a2XTLqmymLmkcJyWpwwuRZGBMwFPYtIpwzcxISrn/AR7m4fXoHzl3E
   UFCwKWYXV7PvcNgGlzdlqBesPNM0tiRAhNclp+Vsl8WLYaJfGCfDcclWoH6ApgmM
   HFaDEB51+UTNr1+lgemzs7E6Bq4vYFwIWQhCrSsv7UmQv554YOzqsqib+mGYa706
   w6NZxLI3KniU4GZoTHT0Z+3HnhBJr9zMV0LQ88XAmqbJFiEGV2OBn62qu9SECOI9
   UGYObQt1ZbsMAdI3GXbPIRlj4nyQgxxaDrzw2RSkr0t7lPe7GrjuWJPp0Chz4jqX
   FaAjxn3rWhqlDaSKe0kCsIh5bJ5dzfAfuTPYqNID3chp3SKn3PbfeIS8qf98NDT9
   sWFrAeQtwefreuKymaYDZo319W4KRzpS8eYJfJ5Li2bPn6j67i5kTwCm6C4qzWNB
   xncykXYsTZyc2+3Jy/0GKuG3twqA+lNehq9cq7vAbKNKM+GvZ2LP2rcK49oVsMJc



Gillmor, et al.         Expires 8 September 2022              [Page 158]


Internet-Draft          Header Protection S/MIME              March 2022


   Tp+iIZIoqC+2Ak8ZlEoV56oCzkVSFzJMmcN5PRUIeG4i69CdPTN1l4p/OxhuM1e6
   EaIoR4Vr2CdnFQS2ftv8Mukp1+aT8YT+6RiVeJWr4/G30fby7uuQUqS/Hr7eSAC8
   NxuVQooLc1y8dXtkpIrRMzojukX/1x2MALkq8w5V5v/Qw/Nz2PYa3UOAZ+p65ikY
   O/T7PHpfTjNt1D7m/3WQvrmHa85P9Z9ehvmT/H27WrEwN/eomv+Ozk5+1XuPlZmX
   PjnOBFIdbS0fFSu3zUJit0/uMx3vzDWVVqkh5L2xBcknrNt4yBz8Jt/FRgSmEebU
   caMYI3iMLz4nxjNYtwf/BOJF+4smrptS5LGm10IQdnxEgda8gfmRyJGFUYGzFj/o
   lctglZ7myHIAb5SaCEt2J1Vn/D+tEyv4p5aRnEuFN4rHfVeozrunN27voartSRCv
   fxA4GSH+kzSRhpEH1UUy7kWuHJaLAKZQDdGtTEv3yqhKJZOu6FQAFJMjrwacUYgq
   mErRvluDNllB4CCPpzaC7FHM7jIY+5pqYXU5wW2WIc9bhCuzbWPmGu/JIFpS1PWj
   xSV89+maQe4Q2bmTuSXMPof1DXRgB0dB+kzKlIyyv42NF9K2c5IS6Mqf3rRmpUL+
   7mFV5iBibV+ZYLQHKGN1ev2OQuYlTc0Zgal5xP4fNn61C0W+T1nl7K2jjRKDWDrX
   LvDexplV8no/dsm1FXub+eGlC+MKxj+v12Rb1k9W2pj8ui5X54CVfxT2Ol8jtgcr
   l9GTMH+9CyWpN/1qnrS2LV9MFnjv1mVJ9QBcHESFVIi3SK6M9KbW4iqoPzsed3Pv
   HbJ76KwLj0bcSLnLdXoqp5XQUUh50ULEZN2IYhx4FNKZABcf9Uyr3o/h7EqAejUi
   MR7qBOmjegXuji3X0lnIZSK6ds5LfXyb9hTa/O7CIO86BQpk+xZpWKU2oxRbAR66
   f79naAQwchYFDbIzc8XqFMT6TQHuk61DsWhQtyRpLkbuONYMqSuWp3i4DcoMhsNt
   SEHxUWf3qxkDO/cjGJ1QRP721TP9UFgRjh9gRpjL15yNSfPeNfUQfvAGs87K5xP+
   WPTEJRFIdTfzf5SHM4DA8+2eJSsm7ii8iq/bEubxwMc6mO9YfauvuOwyXuEw5En9
   kNszDnBgefWRanDIkwGQHZOjs77wm1i15Bf8ik8wpluWI4qtkeNmnHLmbCAkvv7w
   PXZc2hecs0rN0Ly0xsQtxBvD5psc/V3nm9N9DteCIOBJZNQeTGpY5cukWrN378Aq
   tOx0KItEZVVFklYVSdmiJsxaB/VF+8NvhjC4qtUNqRm2UIvFbGQnb272FL5tN6ow
   Bpg/wd9+26GPhZ9Xf1+pgGHMpQBOUqY+jVjJGsCm8CkSJ9btOVdak7JYzGHACWvK
   KtTve7W+HErYj2fiZbgXbpGitaa0lVr7tqpsO6bYqxFayDNLTlUwrU+i0CFLPwgD
   JJp7LrUkUbYNPWR4UDX5eoIMvLo3SMJkW3FYi8cp3mx7NYzFXbs4aq2CCZnOWFTl
   ZrY9cc5RTxaP8MGMsVS3EqxK2GmEs3oC/Ww9BBG9bQ2enxeBqseA2Tx6RkhgLDzS
   WegxW26LVLmtkk0e0sEc42vMXt96kTMrOKpq/sThDpif1XaMTOGiOasI/ArISJwi
   Z8B2W/io964PpAcDc6Qo5AKqAhjMxFQy3bVsAdCotMDXSYYOkHDJ8yKdssNumKOv
   9i2iNAgzcGUx085i0jerD3FiYmCw77X0gTeJ5S3EKcm8NN+X8WuwgsHTjIwWSkeG
   GhoYUB6PZY/NS7hKl2pV+ob+S5cDKI8I60buh1quEc2K5NpMrfIux6h+Rmd2AYb9
   WyBRA6uNeb8JZQkQdPzNnS9RGXPY19mPU617gmv0mNT5xuVbAYbwu64AOVL6au5U
   V6VauvPlDPeSQSDHCbtFfSd82zp8IRTQgo34EjzYQQhrX31KW4fkSkOIIY5xvM/9
   xVAW+8Svg+eYWb5ue7VHS/+n/PTdEi4kB6UPJ5gStfe7l6YeC+caOejkoCzvneBV
   MdAoR04DsRgdmIFNn/vS0k2RbEnVLusz3ZkaOT2ZF3SztXqSa764+OjXhFZQc8K7
   l4hFxmXaBgNmWT5vDQNEb86hBx3zkkhTlPZJLdJJgEJ0FiUJYThos+xCMPHtsHMz
   v7qaTE0YyukXFCKvxbByalL6CjduTJjZQXcxbIJBh67l0ZRjAN1rkU/WJTYlREo9
   2juia+Gg56gsjt/qM0VJjR+pYktjfvcFdUWYwZu+WTLdhEVm1sgjKdaHuastGnBE
   wEzTYffcbXAG/4pc8A5msfCJexqNBr4QNWLmhN2kpZCIOAJRfzci9hKd/xsI8AXa
   CY+q3wTzJDEzcGrG1Vh6PRKFtnuuk7MEjAHmz0Po/Suh7PPjCUABihvcac5rnDRA
   kdqDZ+jCgU/KgsmEzQdxxR8M/iAmvDrYFMKlDlC6zPw5JxYbSMh/tdrPjBdbpjQY
   pQf5xCsbK0kMJsf6ZAvrjg==

Appendix C.  Additional information

C.1.  Stored Variants of Messages with Bcc

   Messages containing at least one recipient address in the Bcc header
   field may appear in up to three different variants:




Gillmor, et al.         Expires 8 September 2022              [Page 159]


Internet-Draft          Header Protection S/MIME              March 2022


   1.  The Message for the recipient addresses listed in To or Cc header
       fields, which must not include the Bcc header field neither for
       signature calculation nor for encryption.

   2.  The Message(s) sent to the recipient addresses in the Bcc header
       field, which depends on the implementation:

       a) One Message for each recipient in the Bcc header field
       separately, with a Bcc header field containing only the address
       of the recipient it is sent to.

       b) The same Message for each recipient in the Bcc header field
       with a Bcc header field containing an indication such as
       "Undisclosed recipients", but no addresses.

       c) The same Message for each recipient in the Bcc header field
       which does not include a Bcc header field (this Message is
       identical to 1. / see above).

   3.  The Message stored in the 'Sent'-Folder of the sender, which
       usually contains the Bcc unchanged from the original Message,
       i.e., with all recipient addresses.

   The most privacy preserving method of the alternatives (2a, 2b, and
   2c) is to standardize 2a, as in the other cases (2b and 2c),
   information about hidden recipients is revealed via keys.  In any
   case, the Message has to be cloned and adjusted depending on the
   recipient.

Appendix D.  Examples

   This section offers example cryptographic payloads (the content
   within the cryptographic envelope) that contain Legacy Display
   elements.

D.1.  Example text/plain Cryptographic Payload with Legacy Display
      Elements

   Here is a simple one-part Cryptographic Payload (headers and body) of
   a message that includes Legacy Display elements:











Gillmor, et al.         Expires 8 September 2022              [Page 160]


Internet-Draft          Header Protection S/MIME              March 2022


   Date: Fri, 21 Jan 2022 20:40:48 -0500
   From: Alice <alice@example.net>
   To: Bob <bob@example.net>
   Subject: Dinner plans
   Message-ID: <text-plain-legacy-display@lhp.example>
   MIME-Version: 1.0
   Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
    protected-headers="v1"

   Subject: Dinner plans

   Let's meet at Rama's Roti Shop at 8pm and go to the park
   from there.

   A compatible MUA will recognize the hp-legacy-display="1" parameter
   and render the body of the message as:

   Let's meet at Rama's Roti Shop at 8pm and go to the park
   from there.

   A legacy decryption-capable MUA that is unaware of this mechanism
   will ignore the hp-legacy-display="1" parameter and instead render
   the body including the Legacy Display elements:

   Subject: Dinner plans

   Let's meet at Rama's Roti Shop at 8pm and go to the park
   from there.

D.2.  Example text/html Cryptographic Payload with Legacy Display
      Elements

   Here is a modern one-part Cryptographic Payload (headers and body) of
   a message that includes Legacy Display elements:

















Gillmor, et al.         Expires 8 September 2022              [Page 161]


Internet-Draft          Header Protection S/MIME              March 2022


   Date: Fri, 21 Jan 2022 20:40:48 -0500
   From: Alice <alice@example.net>
   To: Bob <bob@example.net>
   Subject: Dinner plans
   Message-ID: <text-html-legacy-display@lhp.example>
   MIME-Version: 1.0
   Content-Type: text/html; charset="us-ascii"; hp-legacy-display="1";
    protected-headers="v1"

   <html><head><title></title></head><body>
   <div class="header-protection-legacy-display">
   <pre>Subject: Dinner plans</pre>
   </div>
   <p>
   Let's meet at Rama's Roti Shop at 8pm and go to the park
   from there.
   </p>
   </body>
   </html>

   A compatible MUA will recognize the hp-legacy-display="1" parameter
   and mask out the Legacy Display div, rendering the body of the
   message as a simple paragraph:

   Let's meet at Rama's Roti Shop at 8pm and go to the park
   from there.

   A legacy decryption-capable MUA that is unaware of this mechanism
   will ignore the hp-legacy-display="1" parameter and instead render
   the body including the Legacy Display elements:

   Subject: Dinner plans

   Let's meet at Rama's Roti Shop at 8pm and go to the park
   from there.

Appendix E.  Document Considerations

   [[ RFC Editor: This section is to be removed before publication ]]

   This draft is built from markdown source, and its development is
   tracked in a git repository (https://gitlab.com/dkg/lamps-header-
   protection).

   You may also be interested in the latest editor's copy
   (https://dkg.gitlab.io/lamps-header-protection/).





Gillmor, et al.         Expires 8 September 2022              [Page 162]


Internet-Draft          Header Protection S/MIME              March 2022


   While minor editorial suggestions and nit-picks can be made as merge
   requests (https://gitlab.com/dkg/lamps-header-protection), please
   direct all substantive discussion to the LAMPS mailing list
   (https://www.ietf.org/mailman/listinfo/spasm) at spasm@ietf.org.

Appendix F.  Document Changelog

   [[ RFC Editor: This section is to be removed before publication ]]

   *  draft-ietf-lamps-header-protection-08

      -  MUST compose injected headers, MAY compose wrapped messages

      -  MUST parse both schemes

      -  cleanup and restructure document

   *  draft-ietf-lamps-header-protection-07

      -  move from legacy display MIME part to legacy display elements
         within main body part

   *  draft-ietf-lamps-header-protection-06

      -  document observed problems with legacy MUAs

      -  avoid duplicated outer Message-IDs in hcp_strong test vectors

   *  draft-ietf-lamps-header-protection-05

      -  fix multipart/signed wrapped test vectors

   *  draft-ietf-lamps-header-protection-04

      -  add test vectors

      -  add "problems with Injected Messages" subsection

   *  draft-ietf-lamps-header-protection-03

      -  dkg takes over from Bernie as primary author

      -  Add Usability section

      -  describe two distinct formats "Wrapped Message" and "Injected
         Headers"

      -  Introduce Header Confidentiality Policy model



Gillmor, et al.         Expires 8 September 2022              [Page 163]


Internet-Draft          Header Protection S/MIME              March 2022


      -  Overhaul message composition guidance

      -  Simplify document creation workflow, move public face to gitlab

   *  draft-ietf-lamps-header-protection-02

      -  editorial changes / improve language

   *  draft-ietf-lamps-header-protection-01

      -  Add DKG as co-author

      -  Partial Rewrite of Abstract and Introduction [HB/AM/DKG]

      -  Adding definitions for Cryptographic Layer, Cryptographic
         Payload, and Cryptographic Envelope (reference to
         [I-D.ietf-lamps-e2e-mail-guidance]) [DKG]

      -  Enhanced MITM Definition to include Machine- / Meddler-in-the-
         middle [HB]

      -  Relaxed definition of Original message, which may not be of
         type "message/rfc822" [HB]

      -  Move "memory hole" option to the Appendix (on request by Chair
         to only maintain one option in the specification) [HB]

      -  Updated Scope of Protection Levels according to WG discussion
         during IETF-108 [HB]

      -  Obfuscation recommendation only for Subject and Message-Id and
         distinguish between Encrypted and Unencrypted Messages [HB]

      -  Removed (commented out) Header Field Flow Figure (it appeared
         to be confusing as is was) [HB]

   *  draft-ietf-lamps-header-protection-00

      -  Initial version (text partially taken over from
         [I-D.ietf-lamps-header-protection-requirements]

Appendix G.  Open Issues

   [[ RFC Editor: This section should be empty and is to be removed
   before publication. ]]






Gillmor, et al.         Expires 8 September 2022              [Page 164]


Internet-Draft          Header Protection S/MIME              March 2022


   *  Ensure "protected header" (Ex-Memory-Hole) option is (fully)
      compliant with the MIME standard, in particular also [RFC2046],
      Section 5.1.  (Multipart Media Type).

   *  Decide on whether or not merge requirements from
      [I-D.ietf-lamps-header-protection-requirements] into this
      document.

   *  Decide on whether or not specification for more legacy HP
      requirements should be added to this document.

   *  Verify ability to distinguish between Messages with Header
      Protection as specified in this document and messages without
      header protection, and update receiving guidance accordingly.

   *  Privacy Considerations Section 6

   *  Security Considerations Section 5

Authors' Addresses

   Daniel Kahn Gillmor
   American Civil Liberties Union
   125 Broad St.
   New York, NY,  10004
   United States of America
   Email: dkg@fifthhorseman.net


   Bernie Hoeneisen
   pEp Foundation
   Oberer Graben 4
   CH- CH-8400 Winterthur
   Switzerland
   Email: bernie.hoeneisen@pep.foundation
   URI:   https://pep.foundation/


   Alexey Melnikov
   Isode Ltd
   14 Castle Mews
   Hampton, Middlesex
   TW12 2NP
   United Kingdom
   Email: alexey.melnikov@isode.com






Gillmor, et al.         Expires 8 September 2022              [Page 165]