RE: proposed addition to application/pkcs7-mime smime parameter

"Bonatti, Chris" <BonattiC@ieca.com> Tue, 24 June 2003 21:48 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA12560 for <smime-archive@lists.ietf.org>; Tue, 24 Jun 2003 17:48:30 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5OLKJrb094126 for <ietf-smime-bks@above.proper.com>; Tue, 24 Jun 2003 14:20:19 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h5OLKJts094125 for ietf-smime-bks; Tue, 24 Jun 2003 14:20:19 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from smtp001.bizmail.yahoo.com (smtp001.bizmail.yahoo.com [216.136.172.125]) by above.proper.com (8.12.9/8.12.8) with SMTP id h5OLKJrb094120 for <ietf-smime@imc.org>; Tue, 24 Jun 2003 14:20:19 -0700 (PDT) (envelope-from BonattiC@ieca.com)
Received: from pcp833894pcs.nrockv01.md.comcast.net (HELO OMNI) (bonattic@ieca.com@68.50.112.83 with login) by smtp2.bm.vip.sc5.yahoo.com with SMTP; 24 Jun 2003 21:20:21 -0000
Reply-To: BonattiC@ieca.com
From: "Bonatti, Chris" <BonattiC@ieca.com>
To: 'Blake Ramsdell' <blake@brutesquadlabs.com>
Cc: 'Rohan Mahy' <rohan@cisco.com>, ietf-smime@imc.org
Subject: RE: proposed addition to application/pkcs7-mime smime parameter
Date: Tue, 24 Jun 2003 17:20:21 -0400
Organization: IECA, Inc.
Message-ID: <000201c33a96$6bd914c0$0400a8c0@ieca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARMPfbnbp50SwK3EZjypY2MKAAAAQAAAA0j3P3bJ8U02007FK5IQ5XQEAAAAA@brutesquadlabs.com>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h5OLKJrb094121
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit

Blake,

  I agree completely that the profile should continue to be restricted.
I also agree that it makes sense to poll the APPS folks.  Sounds like
we're pretty much on the same wavelength.

Chris


-----Original Message-----
From: owner-ietf-smime@mail.imc.org
[mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Blake Ramsdell
Sent: Friday, June 20, 2003 18:13
To: BonattiC@ieca.com
Cc: 'Rohan Mahy'; ietf-smime@imc.org
Subject: RE: proposed addition to application/pkcs7-mime smime parameter



> -----Original Message---- 
> From: owner-ietf-smime@mail.imc.org
> [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Bonatti, Chris
> Sent: Friday, June 20, 2003 11:23 AM
> To: 'Blake Ramsdell'
> Cc: 'Rohan Mahy'; ietf-smime@imc.org
> Subject: RE: proposed addition to application/pkcs7-mime 
> smime parameter
> 
>   To me, this makes sense.  Even if it isn't required in an S/MIME 
> message, it stands to reason that other CMS wrappers might be used.  
> We don't actually prohibit their use in S/MIME do we?

2.4 of rfc2633bis says "only the Data, SignedData, EnvelopedData and
CompressedData content types are currently used for S/MIME."  These
types are deliberately constrained.

If we define all of the possible CMS types for the smime-type parameter
for application/pkcs7-mime, I don't want it to imply that they are all
allowable for this profile, which is currently not the case, and I don't
think it should be the case in the future.  It's my opinion that the
profile should be deliberately constrained to support a reasonable
subset of CMS types to support the application at hand, which I consider
to be primarily email, and to give some hope of creating a conforming
implementation.

We've got a specification that says that it is for using CMS with MIME
entities.  If we add in all of the known CMS types, we need to be clear
about their acceptable use in this profile, and that their definition in
the profile is informational only, and future profiles (such as the SIP
profile) may allow some of these constructs.  This falls somewhat into
the category of Paul's suggestion to include the micalg parameters for
sha-256 and sha-512, where they might be defined in the spec, but there
is no requirement that they be implemented.

And then we get into issues with messages that conform to the SIP
profile commingling with messages that conform to the MSG profile, and
what should happen there, if the SIP messages use types not allowed in
MSG (specifically AuthenticatedData).

I am leaning towards creating smime-type values that correspond to the
other CMS types, but APPS people might stand up and give an opinion, or
we might take it upon ourselves to find APPS folks (I think Rohan
suggested this) to weigh in.

Blake