Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)
RFC 4073

Document Type RFC - Proposed Standard (May 2005; Errata)
Was draft-housley-contentcollection (individual in sec area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4073 (Proposed Standard)
Telechat date
Responsible AD Sam Hartman
Send notices to housley@vigilsec.com
Network Working Group                                        R. Housley
Request for Comments: 4073                               Vigil Security
Category: Standards Track                                      May 2005

                 Protecting Multiple Contents with the
                   Cryptographic Message Syntax (CMS)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes a convention for using the Cryptographic
   Message Syntax (CMS) to protect a content collection.  If desired,
   attributes can be associated with the content.

1.  Introduction

   This document describes a convention for using the Cryptographic
   Message Syntax (CMS) [CMS] to protect a content collection.  The
   content-collection content type is used to transfer one or more
   contents, each identified by a content type.  If desired, the
   content-with-attributes content type can be used to associate
   arbitrary attributes with the content.

   The convention described in this document is not needed when CMS is
   used with MIME [MSG].  MIME multipart [MIME] provides a
   straightforward and widely deployed mechanism for carrying more than
   one content item, each associated with a MIME type.

   However, CMS is not always used with MIME.  Sometimes CMS is used in
   an exclusively ASN.1 [ASN1] environment.  In this case, the content-
   collection content type is used to gather more than one content item,
   each with an object identifier to specify the content type.

   In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL are to be interpreted as
   described in [STDWORDS].

Housley                     Standards Track                     [Page 1]
RFC 4073       Protecting Multiple Contents with the CMS        May 2005

1.1.  Content Collection Example

   This section provides one simple example to illustrate the need for
   the content-collection content type.  Consider an art collector who
   wants to sell one of his pieces, an ancient Greek urn called an
   amphora.  The collector wants to compose a digitally signed offer for
   sale.  It includes three parts.  The first part contains the owner's
   offer for sale, including the asking price.  The second part contains
   a high-quality image of the amphora.  The final part contains an
   appraisal from a well-respected ceramics expert.  The final part is
   digitally signed by the expert.  Figure 1 illustrates the structure,
   and the CMS SignedData content type is used for the two digital
   signatures.

   +---------------------------------------------------------+
   |                                                         |
   | ContentInfo                                             |
   |                                                         |
   | +-----------------------------------------------------+ |
   | |                                                     | |
   | | SignedData                                          | |
   | |                                                     | |
   | | +-------------------------------------------------+ | |
   | | |                                                 | | |
   | | | ContentCollection                               | | |
   | | |                                                 | | |
   | | | +-----------+ +-----------+ +-----------------+ | | |
   | | | |           | |           | |                 | | | |
   | | | | Owner's   | | Image     | | SignedData      | | | |
   | | | | Offer to  | | of the    | |                 | | | |
   | | | | Sell the  | | Amphora   | | +-------------+ | | | |
   | | | | Amphora   | |           | | |             | | | | |
   | | | |           | |           | | | Appraisal   | | | | |
   | | | |           | |           | | | of Ceramics | | | | |
   | | | |           | |           | | | Expert      | | | | |
   | | | |           | |           | | |             | | | | |
   | | | |           | |           | | +-------------+ | | | |
   | | | |           | |           | |                 | | | |
   | | | +-----------+ +-----------+ +-----------------+ | | |
   | | |                                                 | | |
   | | +-------------------------------------------------+ | |
   | |                                                     | |
   | +-----------------------------------------------------+ |
   |                                                         |
Show full document text