Internet Engineering Task Force V. Moscaritolo, Ed. Internet-Draft PGP, part of Symantec Corporation Intended status: Informational March 11, 2011 Expires: September 12, 2011 MIME media type literal packet in OpenPGP draft-moscaritolo-openpgp-literal-00 Abstract This document describes an extension to the OpenPGP Message Format that allows a Multipurpose Internet Mail Extension (MIME) Media Typeto be associated with the encoded content. By providing more information beyond the existing binary and text formats this extension and can enable the automated selection of an appropriate media viewer for the decoded content. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 12, 2011. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as Moscaritolo Expires September 12, 2011 [Page 1] Internet-Draft Abbreviated Title March 2011 described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Literal Data packet . . . . . . . . . . . . . . . . . . . . . . 3 4. Example of literal packet taged with a MIME media type . . . . 4 5. OpenPGP Implementation Considerations. . . . . . . . . . . . . 4 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 5 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 9. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 10.1. Normative References . . . . . . . . . . . . . . . . . . . 5 10.2. Informative References . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 Moscaritolo Expires September 12, 2011 [Page 2] Internet-Draft Abbreviated Title March 2011 1. Introduction This document describes an extension to the OpenPGP Message Format that allows a Multipurpose Internet Mail Extension (MIME) Media Type (aka Intenet Media type) to be associated with the encoded content. By providing more information beyond the existing binary and text formats this extension and can enable the automated selection of an appropriate media viewer for the decoded content. 2. Terms o OpenPGP - This is a term for security software that uses PGP 5.x as a basis, formalized in RFC 4880 [RFC4880]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. Literal Data packet The OpenPGP RFC 4880 [RFC4880] currently specifies only a few formats for encoded content: text, binary and UTF-8. The format itself of the content is specified in section 5.9 as part of the Literal Data packet (Tag 11). In addition to the body of the message being encoded, this packet also contains a one-octet field that describes how the data is formatted. The current choices are 'b' (0x62), in which case the Literal packet contains binary data and 't' (0x74) which describes text data and 'u' (0x75) for UTF-8 Data. This field is followed by a file name as a string (one-octet length, followed by a file name). While not detailed in the RFC, most implementations of PGP also add a trailing null at the end of the file name but use the string length to skip to the next field. We propose to add a new formatting type of 'm' (0x6d) to describe that there is a RFC 2046 [RFC2046] MIME media type associated with the literal data. In the case of a 'm' format type, the MIME media type is appended to the end of the null terminated file name, while extending the file name length byte to accommodate this additional information. Moscaritolo Expires September 12, 2011 [Page 3] Internet-Draft Abbreviated Title March 2011 4. Example of literal packet taged with a MIME media type The following is an example of a Literal Data packet (Tag 11) that specifies the MIME media type format image/jpeg for a file named 'somedata.jpg' 0000 6d 17 73 6f 6d 65 64 61 74 61 2e 6a 70 67 00 69 |m.somedata.jpg.i| 0010 6d 61 67 65 2f 6a 70 65 67 |mage/jpeg | 5. OpenPGP Implementation Considerations. OpenPGP implementations supporting the MIME literal data packet format SHOULD use the MIME media type string to select the appropriate viewer for the encoded content. Implementations should consider the following possibilities: o As with the existing file name field, the string length can be zero bytes long, indicating that there is no file name or MIME media type specified. o There might be no null byte at the end of the file name, or no additional bytes specified in the file name string length, indicating that there is no MIME media type specified. o The file string could have bytes specified but start with a null byte, this indicates that no file name is specified but that this is a MIME media type associated with the content. o The MIME media type MAY have an OPTIONAL null byte termination. Any data that follows such a null byte should be discarded and not considered part of the MIME media type. o While the one-octet length of the file name field does limit the combined length of suggested file name and MIME media type, it does allow for some reasonable usage. In the case of combined length of suggested file name and MIME type string that exceeds 255 bytes, priority should be given to the MIME type string, and truncation of the filename is suggested. if such truncation should occur it is suggested that the file name extension be preserved. In the long run, a more correct method of associated MIME media type with content might employ one of the experimental tags mentioned in RFC 4880 [RFC4880] section 13.10. Moscaritolo Expires September 12, 2011 [Page 4] Internet-Draft Abbreviated Title March 2011 6. Acknowledgements The author would like to acknowledge the help of many individuals who helped in particular Derek Atkins, Jon Callas, Damon Cokenias, David Finkelstein, Hal Finney and Will Price. 7. Contributors Damon Cokenias, Derek Atkins and Jon Callas provided important criticism on compliance with OpenPGP RFC 4880 [RFC4880]. 8. IANA Considerations This memo includes no request to IANA. 9. Security Considerations o The addition of a MIME type string increases the possibility of truncation of a large file name field in the Literal Packet. o The addition of MIME type string after the file name string null termination does not add any hidden channels that didn't potentially exist in the OpenPGP protocol. o In order to prevent modification of the MIME type, encapsulating the Literal Data packet using the Symmetrically Encrypted Integrity Protected Data Packet (Tag 18) as specified in OpenPGP RFC 4880 [RFC4880] is highly recommended. 10. References 10.1. Normative References [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, November 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. Thayer, "OpenPGP Message Format", RFC 4880, November 2007. Moscaritolo Expires September 12, 2011 [Page 5] Internet-Draft Abbreviated Title March 2011 10.2. Informative References [I-D.narten-iana-considerations-rfc2434bis] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", draft-narten-iana-considerations-rfc2434bis-09 (work in progress), March 2008. [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, June 1999. [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, July 2003. Author's Address Vinnie Moscaritolo (editor) PGP, part of Symantec Corporation Mountain View, CA US Email: vinnie@pgp.com Moscaritolo Expires September 12, 2011 [Page 6]