1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
|
<pre>Internet Engineering Task Force (IETF) S. Turner
Request for Comments: 7193 IECA
Category: Informational R. Housley
ISSN: 2070-1721 Vigil Security
J. Schaad
Soaring Hawk Consulting
April 2014
<span class="h1">The application/cms Media Type</span>
Abstract
This document registers the application/cms media type for use with
the corresponding CMS (Cryptographic Message Syntax) content types.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc7193">http://www.rfc-editor.org/info/rfc7193</a>.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
<span class="grey">Turner, et al. Informational [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
[<a id="ref-RFC5751">RFC5751</a>] registered the application/pkc7-mime media type. That
document defined five optional smime-type parameters. The smime-type
parameter originally conveyed details about the security applied to
the data content type, indicating whether it was signed or enveloped,
as well as the name of the data content; it was later expanded to
indicate whether the data content is compressed and whether the data
content contained a certs-only message. This document does not
affect those registrations as this document places no requirements on
S/MIME (Secure Multipurpose Internet Mail Extensions) agents.
The registration done by the S/MIME documents was done assuming that
there would be a MIME (Multipurpose Internet Mail Extensions)
wrapping layer around each of the different enveloping contents;
thus, there was no need to include more than one item in each smime-
type. This is no longer the case with some of the more advanced
enveloping types. Some protocols such as the CMC (Certificate
Management over Cryptographic Message Syntax) [<a href="./rfc5273" title=""Certificate Management over CMS (CMC): Transport Protocols"">RFC5273</a>] have defined
additional S/MIME types. New protocols that intend to wrap MIME
content should continue to define a smime-type string; however, new
protocols that intend to wrap non-MIME types should use this
mechanism instead.
CMS (Cryptographic Message Syntax) [<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>] associates a content
type identifier (OID) with specific content; CMS content types have
been widely used to define contents that can be enveloped using other
CMS content types and to define enveloping content types some of
which provide security services. CMS protecting content types, those
that provide security services, include: Signed-Data [<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>],
Enveloped-Data [<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>], Digested-Data [<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>], Encrypted-Data
[<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>], Authenticated-Data [<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>], Authenticated-Enveloped-Data
[<a href="./rfc5083" title=""Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type"">RFC5083</a>], and Encrypted Key Package [<a href="./rfc6032" title=""Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type"">RFC6032</a>]. CMS non-protecting
content types, those that provide no security services but
encapsulate other CMS content types, include: Content Information
[<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>], Compressed Data [<a href="./rfc3274" title=""Compressed Data Content Type for Cryptographic Message Syntax (CMS)"">RFC3274</a>], Content Collection [<a href="./rfc4073" title=""Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)"">RFC4073</a>],
and Content With Attributes [<a href="./rfc4073" title=""Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)"">RFC4073</a>]. Then, there are the innermost
content types that include: Data [<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>], Asymmetric Key Package
[<a href="./rfc5958" title=""Asymmetric Key Packages"">RFC5958</a>], Symmetric Key Package [<a href="./rfc6031" title=""Cryptographic Message Syntax (CMS) Symmetric Key Package Content Type"">RFC6031</a>], Firmware Package
[<a href="./rfc4108" title=""Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages"">RFC4108</a>], Firmware Package Load Receipt [<a href="./rfc4108" title=""Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages"">RFC4108</a>], Firmware Package
Load Error [<a href="./rfc4108" title=""Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages"">RFC4108</a>], Trust Anchor List [<a href="./rfc5914" title=""Trust Anchor Format"">RFC5914</a>], TAMP Status Query,
TAMP Status Response, TAMP Update, TAMP Update Confirm, TAMP Apex
Update, TAMP Apex Update Confirmation, TAMP Community Update, TAMP
Community Update Confirm, TAMP Sequence Adjust, TAMP Sequence Adjust
Confirmation, TAMP Error [<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>], Key Package Error, and Key
Package Receipt [<a href="./rfc7191" title=""Cryptographic Message Syntax (CMS) Key Package Receipt and Error Content Types"">RFC7191</a>].
<span class="grey">Turner, et al. Informational [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
To support conveying CMS content types, this document defines a media
type and parameters that indicate the enveloping and embedded CMS
content types.
New CMS content types should be affirmative in defining the string
that identifies the new content type and should additionally define
if the new content type is expected to appear in the
encapsulatedContent or innerContent parameter.
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Requirements Terminology</span>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>].
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. CMS Media Type Registration Applications</span>
This section provides the media type registration application for the
application/cms media type (see <a href="./rfc6838#section-5.6">[RFC6838], Section 5.6</a>).
Type name: application
Subtype name: cms
Required parameters: None.
Optional parameters:
encapsulatingContent=y; where y is one or more CMS ECT
(Encapsulating Content Type) identifiers; multiple values are
encapsulated in quotes and separated by a folding-whitespace, a
comma, and folding-whitespace. ECT values are based on content
types found in [<a href="./rfc3274" title=""Compressed Data Content Type for Cryptographic Message Syntax (CMS)"">RFC3274</a>], [<a href="./rfc4073" title=""Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)"">RFC4073</a>], [<a href="./rfc5083" title=""Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type"">RFC5083</a>], [<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>], and
[<a href="./rfc6032" title=""Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type"">RFC6032</a>]. This list can later be extended; see <a href="#section-4">Section 4</a>.
authData
compressedData
contentCollection
contentInfo
contentWithAttrs
authEnvelopedData
encryptedKeyPkg
digestData
encryptedData
envelopedData
signedData
<span class="grey">Turner, et al. Informational [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
innerContent=x; where x is one or more CMS ICT (Inner Content Type)
identifiers; multiple values encapsulated in quotes and are separated
by a folding-whitespace, a comma, and folding-whitespace. ICT values
are based on content types found in [<a href="./rfc4108" title=""Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages"">RFC4108</a>], [<a href="./rfc5914" title=""Trust Anchor Format"">RFC5914</a>], [<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>],
[<a href="./rfc5958" title=""Asymmetric Key Packages"">RFC5958</a>], [<a href="./rfc6031" title=""Cryptographic Message Syntax (CMS) Symmetric Key Package Content Type"">RFC6031</a>], and [<a href="./rfc7191" title=""Cryptographic Message Syntax (CMS) Key Package Receipt and Error Content Types"">RFC7191</a>]. This list can later be
extended; see <a href="#section-4">Section 4</a>.
firmwarePackage
firmwareLoadReceipt
firmwareLoadError
aKeyPackage
sKeyPackage
trustAnchorList
TAMP-statusQuery
TAMP-statusResponse
TAMP-update
TAMP-updateConfirm
TAMP-apexUpdate
TAMP-apexUpdateConfirm
TAMP-communityUpdate
TAMP-communityUpdateConfirm
TAMP-seqNumAdjust
TAMP-seqNumAdjustConfirm
TAMP-error
keyPackageReceipt
keyPackageError
The optional parameters are case sensitive.
Encoding considerations:
Binary.
[<a id="ref-RFC5652">RFC5652</a>] requires that the outermost encapsulation be
ContentInfo.
<span class="grey">Turner, et al. Informational [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
Security considerations:
The following security considerations apply:
RFC | CMS Protecting Content Type and Algorithms
----------+-------------------------------------------
[<a href="./rfc3370" title=""Cryptographic Message Syntax (CMS) Algorithms"">RFC3370</a>] | signedData, envelopedData,
[<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>] | digestedData, encryptedData, and
[<a href="./rfc5753" title=""Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)"">RFC5753</a>] | authData
[<a href="./rfc5754" title=""Using SHA2 Algorithms with Cryptographic Message Syntax"">RFC5754</a>] |
----------+-------------------------------------------
[<a href="./rfc5958" title=""Asymmetric Key Packages"">RFC5958</a>] | aKeyPackage
[<a href="./rfc5959" title=""Algorithms for Asymmetric Key Package Content Type"">RFC5959</a>] |
[<a href="./rfc6162" title=""Elliptic Curve Algorithms for Cryptographic Message Syntax (CMS) Asymmetric Key Package Content Type"">RFC6162</a>] |
----------+-------------------------------------------
[<a href="./rfc6031" title=""Cryptographic Message Syntax (CMS) Symmetric Key Package Content Type"">RFC6031</a>] | sKeyPackage
[<a href="./rfc6160" title=""Algorithms for Cryptographic Message Syntax (CMS) Protection of Symmetric Key Package Content Types"">RFC6160</a>] |
----------+-------------------------------------------
[<a href="./rfc6032" title=""Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type"">RFC6032</a>] | encryptedKeyPkg
[<a href="./rfc6033" title=""Algorithms for Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type"">RFC6033</a>] |
[<a href="./rfc6161" title=""Elliptic Curve Algorithms for Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type"">RFC6161</a>] |
----------+-------------------------------------------
[<a href="./rfc5914" title=""Trust Anchor Format"">RFC5914</a>] | trustAnchorList
----------+-------------------------------------------
[<a href="./rfc3274" title=""Compressed Data Content Type for Cryptographic Message Syntax (CMS)"">RFC3274</a>] | compressedData
----------+-------------------------------------------
[<a href="./rfc5083" title=""Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type"">RFC5083</a>] | authEnvelopedData
[<a href="./rfc5084" title=""Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)"">RFC5084</a>] |
----------+-------------------------------------------
[<a href="./rfc4073" title=""Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)"">RFC4073</a>] | contentCollection and
| contentWithAttrs
----------+-------------------------------------------
[<a href="./rfc4108" title=""Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages"">RFC4108</a>] | firmwarePackage,
| firmwareLoadReceipt, and
| firmwareLoadError
----------+-------------------------------------------
[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | TAMP-statusQuery, TAMP-statusResponse,
| TAMP-update, TAMP-updateConfirm,
| TAMP-apexUpdate,
| TAMP-apexUpdateConfirm,
| TAMP-communityUpdate,
| TAMP-communityUpdateConfirm,
| TAMP-seqNumAdjust,
| TAMP-seqNumAdjustConfirm, and
| TAMP-error
----------+-------------------------------------------
[<a href="./rfc7191" title=""Cryptographic Message Syntax (CMS) Key Package Receipt and Error Content Types"">RFC7191</a>] |keyPackageReceipt and keyPackageError
----------+-------------------------------------------
<span class="grey">Turner, et al. Informational [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
In some circumstances, significant information can be leaked by
disclosing what the innermost ASN.1 structure is. In these cases,
it is acceptable to disclose the wrappers without disclosing the
inner content type.
ASN.1 encoding rules (e.g., DER and BER) have a type-length-value
structure, and it is easy to construct malicious content with
invalid length fields that can cause buffer overrun conditions.
ASN.1 encoding rules allows for arbitrary levels of nesting, which
may make it possible to construct malicious content that will
cause a stack overflow. Interpreters of ASN.1 structures should
be aware of these issues and should take appropriate measures to
guard against buffer overflows and stack overruns in particular
and malicious content in general.
Interoperability considerations:
See [<a href="./rfc3274" title=""Compressed Data Content Type for Cryptographic Message Syntax (CMS)"">RFC3274</a>], [<a href="./rfc4073" title=""Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)"">RFC4073</a>], [<a href="./rfc4108" title=""Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages"">RFC4108</a>], [<a href="./rfc5083" title=""Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type"">RFC5083</a>], [<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>],
[<a href="./rfc5914" title=""Trust Anchor Format"">RFC5914</a>], [<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>], [<a href="./rfc5958" title=""Asymmetric Key Packages"">RFC5958</a>], [<a href="./rfc6031" title=""Cryptographic Message Syntax (CMS) Symmetric Key Package Content Type"">RFC6031</a>], [<a href="./rfc6032" title=""Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type"">RFC6032</a>], and
[<a href="./rfc7191" title=""Cryptographic Message Syntax (CMS) Key Package Receipt and Error Content Types"">RFC7191</a>].
In all cases, CMS content types are encapsulated within
ContentInfo structures [<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>]; that is the outermost enveloping
structure is ContentInfo.
CMS [<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>] defines slightly different processing rules for
SignedData than does PKCS #7 [<a href="./rfc2315" title=""PKCS #7: Cryptographic Message Syntax Version 1.5"">RFC2315</a>]. This media type employs
the CMS processing rules.
The Content-Type header field of all application/cms objects
SHOULD include the optional "encapsulatingContent" and
"innerContent" parameters.
The Content-Disposition header field [<a href="./rfc4021" title=""Registration of Mail and MIME Header Fields"">RFC4021</a>] can also be
included along with Content-Type's optional name parameter.
Published specification: This specification.
Applications that use this media type:
Applications that support CMS (Cryptographic Message Syntax)
content types.
Fragment identifier considerations: N/A
<span class="grey">Turner, et al. Informational [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
Additional information:
Magic number(s): None
File extension(s): .cmsc
Macintosh File Type Code(s):
Person & email address to contact for further information:
Sean Turner <turners@ieca.com>
Intended usage: COMMON
Restrictions on usage: none
Author: Sean Turner <turners@ieca.com>
Change controller: The IESG <iesg@ietf.org>
<span class="grey">Turner, et al. Informational [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Example</span>
The following is an example encrypted status response message:
MIME-Version: 1.0
Content-Type: application/cms; encapsulatingContent=encryptedData;
innerContent=TAMP-statusResponse; name=status.cmsc
Content-Transfer-Encoding: base64
MIIFLQYJKoZIhvcNAQcDoIIFHjCCBRoCAQAxggFhMIIBXQIBADBFMEAxC
zAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMD
ExMRAwDgYDVQQDEwdHb29kIENBAgEBMA0GCSqGSIb3DQEBAQUABIIBAEa
uaXQeVsOyZ7gz0pJikRQ6Jqr64k2dbHBE4SDZL/uErP9FJUIja9LaJrc5
S83EZ7wf3mODUBaDhGfQVKoPrNTsLmw98fE/O+wcdpI2XKaILOR62xDJR
emQQST+EPfMwZmCwgsImmY3AxefAgzp8hVgK7SDiXGXfa9ux9PMdCSjHP
IgcAUFHmTiqxYd72Gl08kLCMIXmn3g5RsYUggxooeFNHiFNR28TV5HctG
i6Ay5++iKUGrUQyXD+GlwakFToGFmFj3FMyZi7+kYV/X00BiBP3kpIgVJ
4jCj+nYtKWh6JXPoEqEsa39GmDEFGq4/58GEu70amWvW1DA++7kDP4gwg
gOuBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAECBBCH5yTQqZ4KYiTTeYdjoY
4sgIIDgArSpOcengKnZS4SCjfuQkMxB5wfSaud1thlZ+gUFCgzbFtkfYM
Qx/T7gnkneniyj2rwOmZxCQXpPlCDXH6mS83ngfrNN8ay3HrMPpVkEOmW
UMc5jI6oNObwqi8a3ezzhYRxF06jzdD2R/6SAPALz3Q4NU8eX+PnuekgR
oxo/INzhT4iGvokn9xVah6piSbjhPA+QZp1HgQrlWyyM3lG9jn4thchKl
FQqZEy/EBaCWq+sJG7LLxqS5k29CiAVx0JSItqAPvX1ZvLMY2aq//MQMw
0VFEx7Kt5aWNvKHTor9RUuuzwiZ5kwXt2vJt6bFiV7yS+EXofpFEmqyJP
VJzyAFIXJRTv4k007n0M1UpXQpGjywECI6DbIhfBL8CsNskTCjrsfU+Tw
RRkRKAbtJYughs9bDYkDu9UsKd/AE4zXk4prwo8/f1chpmzpHKOXiWzt+
xaCj648I4rOjdI9s4JP8J0qwVKoLEMGeiZlf2UlaiyMzZYzTOxI03PHp1
Whk6TXhnmMVPWGYjjelvE38gq/XynobbQRGEJdnnHzH7SrS27FmgRcnBO
3QQUPJChVn7iBHmdui++GAxpHoGdS6nSo4kQ6d5u5rL/Ctcnwu0k+s0Xi
ZMzOqp7L31xl1jvYUWIswLQYsIFoiejU3UTKzq/Cpd5MK+I8cwCM3aQ2c
D08URTPgu+U92pnYqm3auptywyjGAU/hkZ13XN7YRhLk/kuX8QXo3tZdj
dKA4f/uNf1DURpJK9004uCkxuAtu5HemMv7YPTTx9Ua2pZFW5O+k2Mf2Z
F/geOvtNw7UV8wOT1nokXu9lnIZ9Xcs1cGGmRYE7jW15F07uGnMi1s2Gt
LAST7t/PlTNZU6h0rVExErVa7T+VNidrgwGIke0YqYIwvTINRs+9VeJE3
AJeatDlQs+01jrqqFWWmGmmsEBTTRuoDQHK7YBFFy4xIwQqZGW0EVre39
OU5CL5LHIYiAVoV16YwiGd5WvFF8P1ZJK4ki8GFgYiMcPKmjQgP7DumqG
n7eQtMD5tezTQeC07ntV3bi5pdznZHVcF2Kqg+qHjJQlhUdK7Pew3kq7k
mfCdQV0BmQSYyjEAaTijaw4fAMxAbiw4OU0eNeU//zcpp04AuTFfJorIg
oZ+iCTYei8HMUA9/ysLFXA64wdsuCj0zXmNiYwosisuNg3TXfoBOzohKq
fkeXt
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. IANA Considerations</span>
IANA has registered the media type application/cms in the Standards
tree using the applications provided in <a href="#section-2">Section 2</a> of this document.
<span class="grey">Turner, et al. Informational [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
IANA has established two subtype registries called "CMS Encapsulating
Content Types" and "CMS Inner Content Types". Entries in these
registries are allocated by Expert Review [<a href="./rfc5226" title="">RFC5226</a>]. The Expert will
determine whether the content is an ECT or an ICT, where the rule is
that an ICT does not encapsulate another content type while an ECT
does encapsulate another content type.
Initial values are as follows:
CMS Encapsulating Content Types
Name | Document | Object Identifier
----------------------------+----------+---------------------------
authData |[<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>] | 1.2.840.113549.1.9.16.1.2
compressedData |[<a href="./rfc3274" title=""Compressed Data Content Type for Cryptographic Message Syntax (CMS)"">RFC3274</a>] | 1.2.840.113549.1.9.16.1.9
contentCollection |[<a href="./rfc4073" title=""Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)"">RFC4073</a>] | 1.2.840.113549.1.9.16.1.19
contentInfo |[<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>] | 1.2.840.113549.1.9.16.1.6
contentWithAttrs |[<a href="./rfc4073" title=""Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)"">RFC4073</a>] | 1.2.840.113549.1.9.16.1.20
authEnvelopedData |[<a href="./rfc5083" title=""Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type"">RFC5083</a>] | 1.2.840.113549.1.9.16.1.23
encryptedKeyPkg |[<a href="./rfc6032" title=""Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type"">RFC6032</a>] | 2.16.840.1.101.2.1.2.78.2
digestData |[<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>] | 1.2.840.113549.1.9.16.1.5
encryptedData |[<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>] | 1.2.840.113549.1.9.16.1.6
envelopedData |[<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>] | 1.2.840.113549.1.9.16.1.3
signedData |[<a href="./rfc5652" title=""Cryptographic Message Syntax (CMS)"">RFC5652</a>] | 1.2.840.113549.1.9.16.1.2
CMS Inner Content Types
Name | Document | Object Identifier
----------------------------+----------+---------------------------
firmwarePackage |[<a href="./rfc4108" title=""Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages"">RFC4108</a>] | 1.2.840.113549.1.9.16.1.16
firmwareLoadReceipt |[<a href="./rfc4108" title=""Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages"">RFC4108</a>] | 1.2.840.113549.1.9.16.1.17
firmwareLoadError |[<a href="./rfc4108" title=""Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages"">RFC4108</a>] | 1.2.840.113549.1.9.16.1.18
aKeyPackage |[<a href="./rfc5958" title=""Asymmetric Key Packages"">RFC5958</a>] | 2.16.840.1.101.2.1.2.78.5
sKeyPackage |[<a href="./rfc6031" title=""Cryptographic Message Syntax (CMS) Symmetric Key Package Content Type"">RFC6031</a>] | 1.2.840.113549.1.9.16.1.25
trustAnchorList |[<a href="./rfc5914" title=""Trust Anchor Format"">RFC5914</a>] | 1.2.840.113549.1.9.16.1.34
TAMP-statusQuery |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.1
TAMP-statusResponse |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.2
TAMP-update |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.3
TAMP-updateConfirm |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.4
TAMP-apexUpdate |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.5
TAMP-apexUpdateConfirm |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.6
TAMP-communityUpdate |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.7
TAMP-communityUpdateConfirm |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.8
TAMP-seqNumAdjust |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.10
TAMP-seqNumAdjustConfirm |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.11
TAMP-error |[<a href="./rfc5934" title=""Trust Anchor Management Protocol (TAMP)"">RFC5934</a>] | 2.16.840.1.101.2.1.2.77.9
keyPackageReceipt |[<a href="./rfc7191" title=""Cryptographic Message Syntax (CMS) Key Package Receipt and Error Content Types"">RFC7191</a>] | 2.16.840.1.101.2.1.2.78.3
keyPackageError |[<a href="./rfc7191" title=""Cryptographic Message Syntax (CMS) Key Package Receipt and Error Content Types"">RFC7191</a>] | 2.16.840.1.101.2.1.2.78.6
<span class="grey">Turner, et al. Informational [Page 9]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Security Considerations</span>
See the answer to the Security Considerations template questions in
<a href="#section-2">Section 2</a>.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Acknowledgments</span>
Special thanks to Carl Wallace for generating the example in
<a href="#section-3">Section 3</a>.
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. References</span>
<span class="h3"><a class="selflink" id="section-7.1" href="#section-7.1">7.1</a>. Normative References</span>
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-RFC3274">RFC3274</a>] Gutmann, P., "Compressed Data Content Type for
Cryptographic Message Syntax (CMS)", <a href="./rfc3274">RFC 3274</a>, June 2002.
[<a id="ref-RFC3370">RFC3370</a>] Housley, R., "Cryptographic Message Syntax (CMS)
Algorithms", <a href="./rfc3370">RFC 3370</a>, August 2002.
[<a id="ref-RFC4021">RFC4021</a>] Klyne, G. and J. Palme, "Registration of Mail and MIME
Header Fields", <a href="./rfc4021">RFC 4021</a>, March 2005.
[<a id="ref-RFC4073">RFC4073</a>] Housley, R., "Protecting Multiple Contents with the
Cryptographic Message Syntax (CMS)", <a href="./rfc4073">RFC 4073</a>, May 2005.
[<a id="ref-RFC4108">RFC4108</a>] Housley, R., "Using Cryptographic Message Syntax (CMS) to
Protect Firmware Packages", <a href="./rfc4108">RFC 4108</a>, August 2005.
[<a id="ref-RFC5083">RFC5083</a>] Housley, R., "Cryptographic Message Syntax (CMS)
Authenticated-Enveloped-Data Content Type", <a href="./rfc5083">RFC 5083</a>,
November 2007.
[<a id="ref-RFC5084">RFC5084</a>] Housley, R., "Using AES-CCM and AES-GCM Authenticated
Encryption in the Cryptographic Message Syntax (CMS)", <a href="./rfc5084">RFC</a>
<a href="./rfc5084">5084</a>, November 2007.
[<a id="ref-RFC5226">RFC5226</a>] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", <a href="https://www.rfc-editor.org/bcp/bcp26">BCP 26</a>, <a href="./rfc5226">RFC 5226</a>,
May 2008.
[<a id="ref-RFC5273">RFC5273</a>] Schaad, J. and M. Myers, "Certificate Management over CMS
(CMC): Transport Protocols", <a href="./rfc5273">RFC 5273</a>, June 2008.
<span class="grey">Turner, et al. Informational [Page 10]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
[<a id="ref-RFC5652">RFC5652</a>] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
<a href="./rfc5652">RFC 5652</a>, September 2009.
[<a id="ref-RFC5753">RFC5753</a>] Turner, S. and D. Brown, "Use of Elliptic Curve
Cryptography (ECC) Algorithms in Cryptographic Message
Syntax (CMS)", <a href="./rfc5753">RFC 5753</a>, January 2010.
[<a id="ref-RFC5754">RFC5754</a>] Turner, S., "Using SHA2 Algorithms with Cryptographic
Message Syntax", <a href="./rfc5754">RFC 5754</a>, January 2010.
[<a id="ref-RFC5914">RFC5914</a>] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor
Format", <a href="./rfc5914">RFC 5914</a>, June 2010.
[<a id="ref-RFC5934">RFC5934</a>] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor
Management Protocol (TAMP)", <a href="./rfc5934">RFC 5934</a>, August 2010.
[<a id="ref-RFC5958">RFC5958</a>] Turner, S., "Asymmetric Key Packages", <a href="./rfc5958">RFC 5958</a>, August
2010.
[<a id="ref-RFC5959">RFC5959</a>] Turner, S., "Algorithms for Asymmetric Key Package Content
Type", <a href="./rfc5959">RFC 5959</a>, August 2010.
[<a id="ref-RFC6031">RFC6031</a>] Turner, S. and R. Housley, "Cryptographic Message Syntax
(CMS) Symmetric Key Package Content Type", <a href="./rfc6031">RFC 6031</a>,
December 2010.
[<a id="ref-RFC6032">RFC6032</a>] Turner, S. and R. Housley, "Cryptographic Message Syntax
(CMS) Encrypted Key Package Content Type", <a href="./rfc6032">RFC 6032</a>,
December 2010.
[<a id="ref-RFC6033">RFC6033</a>] Turner, S., "Algorithms for Cryptographic Message Syntax
(CMS) Encrypted Key Package Content Type", <a href="./rfc6033">RFC 6033</a>,
December 2010.
[<a id="ref-RFC6160">RFC6160</a>] Turner, S., "Algorithms for Cryptographic Message Syntax
(CMS) Protection of Symmetric Key Package Content Types",
<a href="./rfc6160">RFC 6160</a>, April 2011.
[<a id="ref-RFC6161">RFC6161</a>] Turner, S., "Elliptic Curve Algorithms for Cryptographic
Message Syntax (CMS) Encrypted Key Package Content Type",
<a href="./rfc6161">RFC 6161</a>, April 2011.
[<a id="ref-RFC6162">RFC6162</a>] Turner, S., "Elliptic Curve Algorithms for Cryptographic
Message Syntax (CMS) Asymmetric Key Package Content Type",
<a href="./rfc6162">RFC 6162</a>, April 2011.
<span class="grey">Turner, et al. Informational [Page 11]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span>
<span class="grey"><a href="./rfc7193">RFC 7193</a> application/cms Media Type April 2014</span>
[<a id="ref-RFC6838">RFC6838</a>] Freed, N., Klensin, J., and T. Hansen, "Media Type
Specifications and Registration Procedures", <a href="https://www.rfc-editor.org/bcp/bcp13">BCP 13</a>, <a href="./rfc6838">RFC</a>
<a href="./rfc6838">6838</a>, January 2013.
[<a id="ref-RFC7191">RFC7191</a>] Housley, R., "Cryptographic Message Syntax (CMS) Key
Package Receipt and Error Content Types", <a href="./rfc7191">RFC 7191</a>, April
2014.
<span class="h3"><a class="selflink" id="section-7.2" href="#section-7.2">7.2</a>. Informative References</span>
[<a id="ref-RFC2315">RFC2315</a>] Kaliski, B., "PKCS #7: Cryptographic Message Syntax
Version 1.5", <a href="./rfc2315">RFC 2315</a>, March 1998.
[<a id="ref-RFC5751">RFC5751</a>] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet
Mail Extensions (S/MIME) Version 3.2 Message
Specification", <a href="./rfc5751">RFC 5751</a>, January 2010.
Authors' Addresses
Sean Turner
IECA, Inc.
3057 Nutley Street, Suite 106
Fairfax, VA 22031
USA
EMail: turners@ieca.com
Phone: +1.703.628.3180
Russell Housley
Vigil Security, LLC
918 Spring Knoll Drive
Herndon, VA 20170
USA
EMail: housley@vigilsec.com
Jim Schaad
Soaring Hawk Consulting
EMail: ietf@augustcellars.com
Turner, et al. Informational [Page 12]
</pre>
|
