RE: proposed addition to application/pkcs7-mime smime parameter

"Blake Ramsdell" <blake@brutesquadlabs.com> Fri, 20 June 2003 22:39 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA13283 for <smime-archive@lists.ietf.org>; Fri, 20 Jun 2003 18:39:10 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5KMCrrb004765 for <ietf-smime-bks@above.proper.com>; Fri, 20 Jun 2003 15:12:53 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h5KMCqbl004764 for ietf-smime-bks; Fri, 20 Jun 2003 15:12:52 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5KMCqrb004757 for <ietf-smime@imc.org>; Fri, 20 Jun 2003 15:12:52 -0700 (PDT) (envelope-from blake@brutesquadlabs.com)
Received: from DEXTER ([192.168.0.5]) by brutesquadlabs.com with ESMTP ; Fri, 20 Jun 2003 15:12:49 -0700
From: Blake Ramsdell <blake@brutesquadlabs.com>
To: BonattiC@ieca.com
Cc: 'Rohan Mahy' <rohan@cisco.com>, ietf-smime@imc.org
Subject: RE: proposed addition to application/pkcs7-mime smime parameter
Date: Fri, 20 Jun 2003 15:12:48 -0700
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARMPfbnbp50SwK3EZjypY2MKAAAAQAAAA0j3P3bJ8U02007FK5IQ5XQEAAAAA@brutesquadlabs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <003a01c33759$01dd8e60$0400a8c0@ieca.com>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

> -----Original Message-----
> From: owner-ietf-smime@mail.imc.org 
> [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Bonatti, Chris
> Sent: Friday, June 20, 2003 11:23 AM
> To: 'Blake Ramsdell'
> Cc: 'Rohan Mahy'; ietf-smime@imc.org
> Subject: RE: proposed addition to application/pkcs7-mime 
> smime parameter
> 
>   To me, this makes sense.  Even if it isn't required in an S/MIME
> message, it stands to reason that other CMS wrappers might be 
> used.  We
> don't actually prohibit their use in S/MIME do we?

2.4 of rfc2633bis says "only the Data, SignedData, EnvelopedData and
CompressedData content types are currently used for S/MIME."  These
types are deliberately constrained.

If we define all of the possible CMS types for the smime-type parameter
for application/pkcs7-mime, I don't want it to imply that they are all
allowable for this profile, which is currently not the case, and I don't
think it should be the case in the future.  It's my opinion that the
profile should be deliberately constrained to support a reasonable
subset of CMS types to support the application at hand, which I consider
to be primarily email, and to give some hope of creating a conforming
implementation.

We've got a specification that says that it is for using CMS with MIME
entities.  If we add in all of the known CMS types, we need to be clear
about their acceptable use in this profile, and that their definition in
the profile is informational only, and future profiles (such as the SIP
profile) may allow some of these constructs.  This falls somewhat into
the category of Paul's suggestion to include the micalg parameters for
sha-256 and sha-512, where they might be defined in the spec, but there
is no requirement that they be implemented.

And then we get into issues with messages that conform to the SIP
profile commingling with messages that conform to the MSG profile, and
what should happen there, if the SIP messages use types not allowed in
MSG (specifically AuthenticatedData).

I am leaning towards creating smime-type values that correspond to the
other CMS types, but APPS people might stand up and give an opinion, or
we might take it upon ourselves to find APPS folks (I think Rohan
suggested this) to weigh in.

Blake