Securing Header Fields with S/MIME
RFC 7508
| Document | Type |
RFC - Experimental
(April 2015; Errata)
Was draft-cailleux-secure-headers (individual)
|
|
|---|---|---|---|
| Authors | Laurent Cailleux , Chris Bonatti | ||
| Last updated | 2020-01-21 | ||
| Stream | ISE | ||
| Formats | plain text html pdf htmlized with errata bibtex | ||
| IETF conflict review | conflict-review-cailleux-secure-headers | ||
| Stream | ISE state | Published RFC | |
| Consensus Boilerplate | Unknown | ||
| Document shepherd | Adrian Farrel | ||
| Shepherd write-up | Show (last changed 2014-08-11) | ||
| IESG | IESG state | RFC 7508 (Experimental) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | RFC-Ed-Ack | ||
Independent Submission L. Cailleux
Request for Comments: 7508 DGA MI
Category: Experimental C. Bonatti
ISSN: 2070-1721 IECA
April 2015
Securing Header Fields with S/MIME
Abstract
This document describes how the S/MIME protocol can be extended in
order to secure message header fields defined in RFC 5322. This
technology provides security services such as data integrity, non-
repudiation, and confidentiality. This extension is referred to as
'Secure Headers'.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for examination, experimental implementation, and
evaluation.
This document defines an Experimental Protocol for the Internet
community. This is a contribution to the RFC Series, independently
of any other RFC stream. The RFC Editor has chosen to publish this
document at its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7508.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Cailleux & Bonatti Experimental [Page 1]
RFC 7508 Securing Header Fields with S/MIME April 2015
Table of Contents
1. Introduction ....................................................2
2. Terminology and Conventions Used in This Document ...............3
3. Context .........................................................4
4. Mechanisms to Secure Message Header Fields ......................6
4.1. ASN.1 Syntax of Secure Header Fields .......................7
4.2. Secure Header Fields Length and Format .....................8
4.3. Canonicalization Algorithm .................................8
4.4. Header Field Statuses ......................................8
4.5. Signature Process ..........................................9
4.5.1. Signature Generation Process ........................9
4.5.2. Signature Verification Process .....................10
4.6. Encryption and Decryption Processes .......................11
4.6.1. Encryption Process .................................11
4.6.2. Decryption Process .................................12
5. Case of Triple Wrapping ........................................13
6. Security Gateways ..............................................13
7. Security Considerations ........................................13
8. IANA Considerations ............................................14
9. References .....................................................14
9.1. Normative References ......................................14
9.2. Informative References ....................................15
Appendix A. Formal Syntax of Secure Header ........................16
Appendix B. Example of Secure Header Fields .......................18
Acknowledgements ..................................................19
Authors' Addresses ................................................19
1. Introduction
The S/MIME [RFC5751] standard defines a data encapsulation format for
the achievement of end-to-end security services such as integrity,
authentication, non-repudiation, and confidentiality. By default,
S/MIME secures message body parts, at the exclusion of the message
header fields.
S/MIME provides an alternative solution to secure header fields: "the
sending client MAY wrap a full MIME message in a message/rfc822
wrapper in order to apply S/MIME security services to header fields".
However, the S/MIME solution doesn't provide any guidance regarding
what subset of message header fields to secure, procedures for
clients to reconcile the "inner" and "outer" headers, or procedures
for client interpretation or display of any failures.
Several other security specifications supplement S/MIME features but
fail to address the target requirement set of this document. Such
other security specifications include DomainKeys Identified Mail
Show full document text