Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)
RFC 4073
| Document | Type |
RFC - Proposed Standard
(May 2005; Errata)
Was draft-housley-contentcollection (individual in sec area)
|
|
|---|---|---|---|
| Author | Russ Housley | ||
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4073 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Sam Hartman | ||
| Send notices to | (None) | ||
Network Working Group R. Housley
Request for Comments: 4073 Vigil Security
Category: Standards Track May 2005
Protecting Multiple Contents with the
Cryptographic Message Syntax (CMS)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document describes a convention for using the Cryptographic
Message Syntax (CMS) to protect a content collection. If desired,
attributes can be associated with the content.
1. Introduction
This document describes a convention for using the Cryptographic
Message Syntax (CMS) [CMS] to protect a content collection. The
content-collection content type is used to transfer one or more
contents, each identified by a content type. If desired, the
content-with-attributes content type can be used to associate
arbitrary attributes with the content.
The convention described in this document is not needed when CMS is
used with MIME [MSG]. MIME multipart [MIME] provides a
straightforward and widely deployed mechanism for carrying more than
one content item, each associated with a MIME type.
However, CMS is not always used with MIME. Sometimes CMS is used in
an exclusively ASN.1 [ASN1] environment. In this case, the content-
collection content type is used to gather more than one content item,
each with an object identifier to specify the content type.
In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL are to be interpreted as
described in [STDWORDS].
Housley Standards Track [Page 1]
RFC 4073 Protecting Multiple Contents with the CMS May 2005
1.1. Content Collection Example
This section provides one simple example to illustrate the need for
the content-collection content type. Consider an art collector who
wants to sell one of his pieces, an ancient Greek urn called an
amphora. The collector wants to compose a digitally signed offer for
sale. It includes three parts. The first part contains the owner's
offer for sale, including the asking price. The second part contains
a high-quality image of the amphora. The final part contains an
appraisal from a well-respected ceramics expert. The final part is
digitally signed by the expert. Figure 1 illustrates the structure,
and the CMS SignedData content type is used for the two digital
signatures.
+---------------------------------------------------------+
| |
| ContentInfo |
| |
| +-----------------------------------------------------+ |
| | | |
| | SignedData | |
| | | |
| | +-------------------------------------------------+ | |
| | | | | |
| | | ContentCollection | | |
| | | | | |
| | | +-----------+ +-----------+ +-----------------+ | | |
| | | | | | | | | | | |
| | | | Owner's | | Image | | SignedData | | | |
| | | | Offer to | | of the | | | | | |
| | | | Sell the | | Amphora | | +-------------+ | | | |
| | | | Amphora | | | | | | | | | |
| | | | | | | | | Appraisal | | | | |
| | | | | | | | | of Ceramics | | | | |
| | | | | | | | | Expert | | | | |
| | | | | | | | | | | | | |
| | | | | | | | +-------------+ | | | |
| | | | | | | | | | | |
| | | +-----------+ +-----------+ +-----------------+ | | |
| | | | | |
| | +-------------------------------------------------+ | |
| | | |
| +-----------------------------------------------------+ |
| |
+---------------------------------------------------------+
Figure 1. Sample use of the ContentCollection Content Type
Show full document text