Certificate Management over CMS (CMC): Transport Protocols
RFC 5273
Document Type RFC - Proposed Standard (June 2008; Errata)
Updated by RFC 6402
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Reviews
SECDIR Early Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5273 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Tim Polk
Send notices to (None)
Email authors IPR References Referenced by Nits 
Network Working Group                                          J. Schaad
Request for Comments: 5273                       Soaring Hawk Consulting
Category: Standards Track                                       M. Myers
                                               TraceRoute Security, Inc.
                                                               June 2008

       Certificate Management over CMS (CMC): Transport Protocols

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   This document defines a number of transport mechanisms that are used
   to move CMC (Certificate Management over CMS (Cryptographic Message
   Syntax)) messages.  The transport mechanisms described in this
   document are HTTP, file, mail, and TCP.

1.  Overview

   This document defines a number of transport methods that are used to
   move CMC messages (defined in [CMC-STRUCT]).  The transport
   mechanisms described in this document are HTTP, file, mail, and TCP.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [MUST].

2.  File-Based Protocol

   Enrollment messages and responses may be transferred between clients
   and servers using file-system-based mechanisms, such as when
   enrollment is performed for an off-line client.  When files are used
   to transport binary, Full PKI Request or Full PKI Response messages,
   there MUST be only one instance of a request or response message in a
   single file.  The following file type extensions SHOULD be used:

Schaad & Myers              Standards Track                     [Page 1]
RFC 5273                CMC: Transport Protocols               June 2008

                 +---------------------+----------------+
                 | Message Type        | File Extension |
                 +---------------------+----------------+
                 | Simple PKI Request  | .p10           |
                 | Full PKI Request    | .crq           |
                 | Simple PKI Response | .p7c           |
                 | Full PKI Response   | .crp           |
                 +---------------------+----------------+

                 File PKI Request/Response Identification

3.  Mail-Based Protocol

   MIME wrapping is defined for those environments that are MIME native.
   The basic mime wrapping in this section is taken from [SMIMEV3].
   When using a mail-based protocol, MIME wrapping between the layers of
   CMS wrapping is optional.  Note that this is different from the
   standard S/MIME (Secure MIME) message.

   Simple enrollment requests are encoded using the "application/pkcs10"
   content type.  A file name MUST be included either in a content-type
   or a content-disposition statement.  The extension for the file MUST
   be ".p10".

   Simple enrollment response messages MUST be encoded as content type
   "application/pkcs7-mime".  An smime-type parameter MUST be on the
   content-type statement with a value of "certs-only".  A file name
   with the ".p7c" extension MUST be specified as part of the content-
   type or content-disposition statement.

   Full enrollment request messages MUST be encoded as content type
   "application/pkcs7-mime".  The smime-type parameter MUST be included
   with a value of "CMC-Request".  A file name with the ".p7m" extension
   MUST be specified as part of the content-type or content-disposition
   statement.

   Full enrollment response messages MUST be encoded as content type
   "application/pkcs7-mime".  The smime-type parameter MUST be included
   with a value of "CMC-response".  A file name with the ".p7m"
   extension MUST be specified as part of the content-type or content-
   disposition statement.

Schaad & Myers              Standards Track                     [Page 2]
RFC 5273                CMC: Transport Protocols               June 2008

   +--------------+------------------------+------------+--------------+
   | Item         | MIME Type              | File       | SMIME Type   |
   |              |                        | Extension  |              |
   +--------------+------------------------+------------+--------------+
   | Simple PKI   | application/pkcs10     | .p10       | N/A          |
   | Request      |                        |            |              |
   | Full PKI     | application/pkcs7-mime | .p7m       | CMC-request  |
   | Request      |                        |            |              |
   | Simple PKI   | application/pkcs7-mime | .p7c       | certs-only   |
   | Response     |                        |            |              |
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA