IETF Logo Mail Archive

Re: [media-types] review requested: draft-turner-application-cms-media-type

Sean Turner <turners@ieca.com> Thu, 13 June 2013 13:14 UTC

Return-Path: <turners@ieca.com>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BFAC21F9ABA for <media-types@ietfa.amsl.com>; Thu, 13 Jun 2013 06:14:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.152
X-Spam-Level:
X-Spam-Status: No, score=-102.152 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TE7Cp-MPqxYV for <media-types@ietfa.amsl.com>; Thu, 13 Jun 2013 06:14:07 -0700 (PDT)
Received: from pechora8.dc.icann.org (pechora8.icann.org [IPv6:2620:0:2830:201::1:74]) by ietfa.amsl.com (Postfix) with ESMTP id 2225B21F9AB7 for <media-types@ietf.org>; Thu, 13 Jun 2013 06:13:53 -0700 (PDT)
Received: from gateway14.websitewelcome.com (gateway14.websitewelcome.com [69.93.154.35]) by pechora8.dc.icann.org (8.13.8/8.13.8) with ESMTP id r5DDDWIR004858 for <media-types@iana.org>; Thu, 13 Jun 2013 13:13:52 GMT
Received: by gateway14.websitewelcome.com (Postfix, from userid 5007) id D5391557E1981; Thu, 13 Jun 2013 08:13:26 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway14.websitewelcome.com (Postfix) with ESMTP id C599F557E193A for <media-types@iana.org>; Thu, 13 Jun 2013 08:13:26 -0500 (CDT)
Received: from [173.73.135.101] (port=57543 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <turners@ieca.com>) id 1Un7LH-0003sG-LO; Thu, 13 Jun 2013 08:13:31 -0500
Message-ID: <51B9C57A.4010804@ieca.com>
Date: Thu, 13 Jun 2013 09:13:30 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Bjoern Hoehrmann <derhoermi@gmx.net>
References: <51ACCEB0.5070402@ieca.com> <51B5DE9F.3000702@ieca.com> <hk7jr8hluoaqounvu7ljju2jdvminsk2e1@hive.bjoern.hoehrmann.de>
In-Reply-To: <hk7jr8hluoaqounvu7ljju2jdvminsk2e1@hive.bjoern.hoehrmann.de>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - iana.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (thunderfish.local) [173.73.135.101]:57543
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 1
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (pechora8.dc.icann.org [192.0.46.74]); Thu, 13 Jun 2013 13:13:52 +0000 (UTC)
Cc: media-types@iana.org
Subject: Re: [media-types] review requested: draft-turner-application-cms-media-type
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/media-types>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2013 13:14:13 -0000

On 6/13/13 6:34 AM, Bjoern Hoehrmann wrote:
> * Sean Turner wrote:
>> In case I'm just supposed to sending the template:
>> Optional parameters:
>>
>>    encapsulatedContent=y; where y is one or more CMS ECT
>>    (Encapsulating Content Types); multiple values are encapsulated in
>>    quotes and separated by a folding-whitespace comma folding-
>>    whitespace.  ECT values are based on content types found in
>>    [RFC3274], [RFC4073], [RFC5083], [RFC5652], and [RFC6032].  This
>>    list can later be extended see Section 3.
>
> I think the first "ECT" should be "ECTs"; I can't parse the part after
> the semicolon. There should probably be a comma before "see". Same for
> the next parameter.

Fixed.

>> Security considerations:
>>
>>    See [RFC3370], [RFC5652], [RFC5753], and [RFC5754] for id-
>>    signedData, id-envelopedData, id-digestData, id-encryptedData, id-
>>    ct-authData; see [RFC5958], [RFC5959], and [RFC6162] for id-ct-KP-
>>    aKeyPackage; see [RFC6031] and [RFC6160] for id-ct-KP- sKeyPackage;
>>    see [RFC6032], [RFC6033], and [RFC6161] for id-ct-KP-
>>    encryptedKeyPkg; see [RFC5914] for id-ct-trustAnchorList; see
>>    [RFC3274] for id-compressedData; see [RFC5083] and [RFC5084] for
>>    id-ct-authEnvelopedData; see [RFC4073] for id-ct-contentCollection
>>    and id-ct-contentWithAttrs; see [RFC4108] for id-ct-
>>    firmwarePackage, id-ct-firmwareLoadReceipt, id-ct-
>>    firmwareLoadError; see [ID.housley-keypackage-receipt-n-error] for
>>    id-ct-KP-keyPackageReceipt and id-ct-KP-keyPackageError.
>
> Editorially the above is quite horrible, maybe a table to map the values
> to the RFCs would be better. Also, there should be some prose to set the
> context here (why would one "see" all the referenced documents, and why
> are there no security considerations for the type right here, beyond the
> suggestion to look elsewhere).

These are a list of all the RFCs where these content types are defined 
plus the documents that define algorithms that can be used to protect 
the content types.  There was one additional consideration in the draft 
that didn't end up in the template so how about:

Security Considerations:

The following security considerations apply:

RFC       | CMS Protecting Content Type and Algorithms
----------+-------------------------------------------------
[RFC3370] | id-signedData, id-envelopedData, id-digestedData,
[RFC5652] | id-encryptedData, and id-ct-authData
[RFC5753] |
[RFC5754] |
----------+-------------------------------------------------
[RFC5958] | id-ct-KP-aKeyPackage
[RFC5959] |
[RFC6162] |
----------+-------------------------------------------------
[RFC6031] | id-ct-KP-sKeyPackage
[RFC6160] |
----------+-------------------------------------------------
[RFC6032] | id-ct-KP-encryptedKeyPkg
[RFC6033] |
[RFC6161] |
----------+-------------------------------------------------
[RFC5914] | id-ct-trustAnchorList
----------+-------------------------------------------------
[RFC3274] | id-compressedData
----------+-------------------------------------------------
[RFC5083] | id-ct-authEnvelopedData
[RFC5084] |
----------+-------------------------------------------------
[RFC4073] | id-ct-contentCollection and
           | id-ct-contentWithAttrs
----------+-------------------------------------------------
[RFC4108] | id-ct-firmwarePackage, id-ct-firmwareLoadReceipt,
           | and id-ct-firmwareLoadError
----------+-------------------------------------------------
[RFCTBD]  | id-ct-KP-keyPackageReceipt and
           | id-ct-KP-keyPackageError
----------+-------------------------------------------------

In some circumstances, significant information can be leaked by 
disclosing what the innermost ASN.1 structure is.  In these cases it is 
acceptable to disclose the wrappers without disclosing the inner content 
type.

v2.23.0 | Report a Bug | By Email