Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted
RFC 1847

Document Type RFC - Proposed Standard (October 1995; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 1847 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          J. Galvin
Request For Comments: 1847                                     S. Murphy
Category: Standards Track                    Trusted Information Systems
                                                              S. Crocker
                                                         CyberCash, Inc.
                                                                N. Freed
                                            Innosoft International, Inc.
                                                            October 1995

                     Security Multiparts for MIME:
                Multipart/Signed and Multipart/Encrypted

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   This document defines a framework within which security services may
   be applied to MIME body parts.  MIME, an acronym for "Multipurpose
   Internet Mail Extensions", defines the format of the contents of
   Internet mail messages and provides for multi-part textual and non-
   textual message bodies.  The new content types are subtypes of
   multipart: signed and encrypted.  Each will contain two body parts:
   one for the protected data and one for the control information
   necessary to remove the protection.  The type and contents of the
   control information body parts are determined by the value of the
   protocol parameter of the enclosing multipart/signed or
   multipart/encrypted content type, which is required to be present.

Table of Contents

   1.  Introduction ..............................................    2
   2.  Definition of Security Subtypes of Multipart ..............    2
   2.1   Definition of Multipart/Signed ..........................    3
   2.2   Definition of Multipart/Encrypted .......................    6
   3.  Definition of Control Information Content Types ...........    9
   4.  Definition of Key Management Content Types ................    9
   5.  Security Considerations ...................................   10
   6.  Acknowledgements ..........................................   10
   7.  References ................................................   10
   8.  Authors' Addresses ........................................   11

Galvin, et al               Standards Track                     [Page 1]
RFC 1847                  Security Multiparts               October 1995

1.  Introduction

   An Internet electronic mail message consists of two parts: the
   headers and the body.  The headers form a collection of field/value
   pairs structured according to STD 11, RFC 822 [1], whilst the body,
   if structured, is defined according to MIME [2].  The basic MIME
   specification does not provide specific security protection.

   This document defines a framework whereby security protection
   provided by other protocols may be used with MIME in a complementary
   fashion.  By itself, it does not specify security protection.  A MIME
   agent must include support for both the framework defined here and a
   mechanism to interact with a security protocol defined in a separate
   document.  The resulting combined service provides security for
   single-part and multi-part textual and non-textual messages.

   The framework is provided by defining two new security subtypes of
   the MIME multipart content type: signed and encrypted.  In each of
   the security subtypes, there are exactly two related body parts: one
   for the protected data and one for the control information.  The type
   and contents of the control information body parts are determined by
   the value of the protocol parameter of the enclosing multipart/signed
   or multipart/encrypted content type, which is required to be present.
   By registering new values for the required protocol parameter, the
   framework is easily extended to accommodate a variety of protocols.

   A MIME agent that includes support for this framework will be able to
   recognize a security multipart body part and to identify its
   protected data and control information body parts.  If the value of
   the protocol parameter is unrecognized the MIME agent will not be
   able to process the security multipart.  However, a MIME agent may
   continue to process any other body parts that may be present.

2.  Definition of Security Subtypes of Multipart

   The multipart/signed content type specifies how to support
   authentication and integrity services via digital signature.  The
   control information is carried in the second of the two required body
   parts.

   The multipart/encrypted content type specifies how to support
   confidentiality via encryption.  The control information is carried
Show full document text