RE: proposed addition to application/pkcs7-mime smime parameter

"Bonatti, Chris" <BonattiC@ieca.com> Fri, 20 June 2003 18:51 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA27032 for <smime-archive@lists.ietf.org>; Fri, 20 Jun 2003 14:51:41 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5KINBrb093900 for <ietf-smime-bks@above.proper.com>; Fri, 20 Jun 2003 11:23:11 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h5KINBYq093899 for ietf-smime-bks; Fri, 20 Jun 2003 11:23:11 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from smtp003.bizmail.yahoo.com (smtp003.bizmail.yahoo.com [216.136.130.195]) by above.proper.com (8.12.9/8.12.8) with SMTP id h5KINBrb093893 for <ietf-smime@imc.org>; Fri, 20 Jun 2003 11:23:11 -0700 (PDT) (envelope-from BonattiC@ieca.com)
Received: from pcp833894pcs.nrockv01.md.comcast.net (HELO OMNI) (bonattic@ieca.com@68.50.112.83 with login) by smtp2.bm.vip.sc5.yahoo.com with SMTP; 20 Jun 2003 18:23:12 -0000
Reply-To: BonattiC@ieca.com
From: "Bonatti, Chris" <BonattiC@ieca.com>
To: 'Blake Ramsdell' <blake@brutesquadlabs.com>
Cc: 'Rohan Mahy' <rohan@cisco.com>, ietf-smime@imc.org
Subject: RE: proposed addition to application/pkcs7-mime smime parameter
Date: Fri, 20 Jun 2003 14:23:10 -0400
Organization: IECA, Inc.
Message-ID: <003a01c33759$01dd8e60$0400a8c0@ieca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h5KINBrb093894
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit

Blake,

  To me, this makes sense.  Even if it isn't required in an S/MIME
message, it stands to reason that other CMS wrappers might be used.  We
don't actually prohibit their use in S/MIME do we?

  I'm wondering if this is starting to look like misplaced text.
Originally, it made sense to have MIME types in the message spec, but
now we also have them in the X.400 transport spec, and apparantly some
that don't fit neatly anywhere.  Maybe this should have been rolled back
into CMS.  (I know it's too late for that.)  Short of that perhaps the
best strategy is to repeat the whole list everywhere that it appears.

Regards,
Chris


On Thursday, June 19, 2003, at 8:14 PM, Rohan Mahy wrote:

> 
> On Thursday, June 19, 2003, at 03:50 PM, Blake Ramsdell wrote:
> 
> >> -----Original Message-----
> >> From: owner-ietf-smime@mail.imc.org 
> >> [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Rohan Mahy
> >> Sent: Friday, June 06, 2003 7:59 PM
> >> To: Blake Ramsdell
> >> Cc: ietf-smime@imc.org; rohan@cisco.com
> >> Subject: proposed addition to application/pkcs7-mime smime 
> parameter
> >>
> >> I have included some proposed text to add the other CMS 
> types to the 
> >> smime-type mime parameter.  Alternatively a new cms-type mime 
> >> parameter could be defined, but this seems a but pedantic to me.
> >
> > We are in a strange situation here, and I'd like to get feedback on 
> > this.  One side of me says that the "application/pkcs7-mime" means 
> > "MIME packaged in PKCS #7 (which then became CMS) for the 
> purpose of 
> > moving around secured MIME entities".  I don't know if it's 
> a better 
> > idea to
> > a)
> > overload the application/pkcs7-mime type to mean "CMS, possibly not 
> > wrapped in MIME", or b) introduce application/cms in a 
> separate draft, 
> > along with a cms-type parameter that explains the inner type.
> 
> I'm not sure what you mean "not wrapped in MIME" here.  In 
> all the SIP 
> cases at least, we are always talking about taking some MIME content, 
> performing some CMS operation on it, and putting the 
> resulting CMS blob 
> in a MIME body.  There are only three things different here:
> 
> - we are not restricted to out MIME bodies being 7-bit... they can be 
> binary, but they are still MIME.  I still need to have insure that my 
> --boundaries don't appear in my content for example.
> 
> - we can use attached signatures. since we have a negotiation 
> mechanism, if the UAS doesn't understand application/pkcs7-mime, its 
> can send a repairable error response (hey! I can't read this content 
> format) and the UAC will either send a different MIME type or give up.
> 
> - because some pairs of SIP entities already have shared secrets 
> (because of their digest legacy), we would like to used 
> AuthenticatedData instead of SignedData in some cases.  If email 
> clients already had shared secrets, you might have done that in email 
> too, so there is really nothing special about this.
> 
> I don't think any of these things change the semantics of the 
> MIME type.
> 
> I'll ping some friends who are active in the APPS Area as well, but I 
> don't think I am too out of line here.
> 
> thanks,
> -rohan
> 
> 
> 
> > I know that there was much discussion about application/xml in a
> > similar
> > context, and I don't know if there's anything we can learn 
> from that in
> > order to resolve this.  It seems that the application/xml semantic 
> > would
> > be very similar to the application/cms semantic, but I may not
> > understand it correctly.
> >
> > I'm going to release 2633bis-05 shortly, and if there's no 
> discussion
> > on
> > this topic I'm not going to include anything in that draft.  If it's
> > important, we should work through it.
> >
> > Blake
>