RE: proposed addition to application/pkcs7-mime smime parameter

"Blake Ramsdell" <blake@brutesquadlabs.com> Fri, 20 June 2003 22:49 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA13604 for <smime-archive@lists.ietf.org>; Fri, 20 Jun 2003 18:49:56 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5KMNlrb005172 for <ietf-smime-bks@above.proper.com>; Fri, 20 Jun 2003 15:23:47 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h5KMNkHB005171 for ietf-smime-bks; Fri, 20 Jun 2003 15:23:46 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5KMNkrb005162 for <ietf-smime@imc.org>; Fri, 20 Jun 2003 15:23:46 -0700 (PDT) (envelope-from blake@brutesquadlabs.com)
Received: from DEXTER ([192.168.0.5]) by brutesquadlabs.com with ESMTP ; Fri, 20 Jun 2003 15:23:43 -0700
From: Blake Ramsdell <blake@brutesquadlabs.com>
To: 'Rohan Mahy' <rohan@cisco.com>
Cc: ietf-smime@imc.org
Subject: RE: proposed addition to application/pkcs7-mime smime parameter
Date: Fri, 20 Jun 2003 15:23:42 -0700
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARMPfbnbp50SwK3EZjypY2MKAAAAQAAAANMIrNsNJSUmbvYUGuyCmHgEAAAAA@brutesquadlabs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <1DA1D30C-A2B4-11D7-8E0D-0003938AF740@cisco.com>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

> -----Original Message-----
> From: owner-ietf-smime@mail.imc.org 
> [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Rohan Mahy
> Sent: Thursday, June 19, 2003 5:14 PM
> To: Blake Ramsdell
> Cc: ietf-smime@imc.org
> Subject: Re: proposed addition to application/pkcs7-mime 
> smime parameter
> 
> - we are not restricted to out MIME bodies being 7-bit... they can be 
> binary, but they are still MIME.  I still need to have insure that my 
> --boundaries don't appear in my content for example.

I believe that the latest rfc2633bis spec in section 3.1.2 addresses
this.  The bottom line is that binary is OK, but you should negotiate a
preference if you can.

> - we can use attached signatures. since we have a negotiation 
> mechanism, if the UAS doesn't understand application/pkcs7-mime, its 
> can send a repairable error response (hey! I can't read this content 
> format) and the UAC will either send a different MIME type or give up.

I'm not sure why the language is so soft about attached signatures
(SHOULD support both clear signed and opaque signed).  In any case, in
practice I am not aware of a receiving client that can't interpret
application/pkcs7-mime opaque SignedData objects.

> - because some pairs of SIP entities already have shared secrets 
> (because of their digest legacy), we would like to used 
> AuthenticatedData instead of SignedData in some cases.  If email 
> clients already had shared secrets, you might have done that in email 
> too, so there is really nothing special about this.

This is the one that's going to cause me kidney pain.  Basically, a
profile for CMS or even a profile for MSG is meant to constrain the
amount of stuff you have to implement.  So if SIP is a profile of MSG
(which seems reasonable), how likely is it that SIP objects are going to
end up hanging out with "base" MSG objects?

> I don't think any of these things change the semantics of the 
> MIME type.

I agree.  I forgot that you had already said that SIP used MIME objects,
so my earlier comments about "raw" CMS objects are not relevant.

> I'll ping some friends who are active in the APPS Area as well, but I 
> don't think I am too out of line here.

I think that we are indeed running into APPS-type concerns here.

As far as the best way to proceed, I am thinking that SIP ends up being
a profile of MSG, MSG defines the smime-type parameters as you have
suggested, but MSG does will not add any MUST/SHOULD recommendations
about other CMS types.

Blake