Certificate Management over CMS (CMC): Transport Protocols
RFC 5273
Document | Type |
RFC - Proposed Standard
(June 2008; Errata)
Updated by RFC 6402
|
|
---|---|---|---|
Authors | Michael Myers , Jim Schaad | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5273 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Tim Polk | ||
Send notices to | (None) |
Network Working Group J. Schaad Request for Comments: 5273 Soaring Hawk Consulting Category: Standards Track M. Myers TraceRoute Security, Inc. June 2008 Certificate Management over CMS (CMC): Transport Protocols Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This document defines a number of transport mechanisms that are used to move CMC (Certificate Management over CMS (Cryptographic Message Syntax)) messages. The transport mechanisms described in this document are HTTP, file, mail, and TCP. 1. Overview This document defines a number of transport methods that are used to move CMC messages (defined in [CMC-STRUCT]). The transport mechanisms described in this document are HTTP, file, mail, and TCP. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [MUST]. 2. File-Based Protocol Enrollment messages and responses may be transferred between clients and servers using file-system-based mechanisms, such as when enrollment is performed for an off-line client. When files are used to transport binary, Full PKI Request or Full PKI Response messages, there MUST be only one instance of a request or response message in a single file. The following file type extensions SHOULD be used: Schaad & Myers Standards Track [Page 1] RFC 5273 CMC: Transport Protocols June 2008 +---------------------+----------------+ | Message Type | File Extension | +---------------------+----------------+ | Simple PKI Request | .p10 | | Full PKI Request | .crq | | Simple PKI Response | .p7c | | Full PKI Response | .crp | +---------------------+----------------+ File PKI Request/Response Identification 3. Mail-Based Protocol MIME wrapping is defined for those environments that are MIME native. The basic mime wrapping in this section is taken from [SMIMEV3]. When using a mail-based protocol, MIME wrapping between the layers of CMS wrapping is optional. Note that this is different from the standard S/MIME (Secure MIME) message. Simple enrollment requests are encoded using the "application/pkcs10" content type. A file name MUST be included either in a content-type or a content-disposition statement. The extension for the file MUST be ".p10". Simple enrollment response messages MUST be encoded as content type "application/pkcs7-mime". An smime-type parameter MUST be on the content-type statement with a value of "certs-only". A file name with the ".p7c" extension MUST be specified as part of the content- type or content-disposition statement. Full enrollment request messages MUST be encoded as content type "application/pkcs7-mime". The smime-type parameter MUST be included with a value of "CMC-Request". A file name with the ".p7m" extension MUST be specified as part of the content-type or content-disposition statement. Full enrollment response messages MUST be encoded as content type "application/pkcs7-mime". The smime-type parameter MUST be included with a value of "CMC-response". A file name with the ".p7m" extension MUST be specified as part of the content-type or content- disposition statement. Schaad & Myers Standards Track [Page 2] RFC 5273 CMC: Transport Protocols June 2008 +--------------+------------------------+------------+--------------+ | Item | MIME Type | File | SMIME Type | | | | Extension | | +--------------+------------------------+------------+--------------+ | Simple PKI | application/pkcs10 | .p10 | N/A | | Request | | | | | Full PKI | application/pkcs7-mime | .p7m | CMC-request | | Request | | | | | Simple PKI | application/pkcs7-mime | .p7c | certs-only | | Response | | | |Show full document text