Internet Engineering Task Force (IETF) S. Turner Internet Draft IECA Intended Status: Informational R. Housley Expires: November 1, 2013 Vigil Security April 30, 2013 The application/firmware, application/firmware-receipt, and application/firmware-error media types draft-turner-application-firmware-media-types-00.txt Abstract This document registers the application/firmware, application/firmware-receipt and application/firmware-error media media types for use with the corresponding CMS (Cryptographic Message Syntax) content types defined in RFC 4108. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Turner and Housley Expires November 1, 2013 [Page 1] Internet-Draft Media Types for Firmware Packages April 30, 2013 1. Introduction [RFC4108] defined three CMS (Cryptographic Message Syntax) [RFC5652] content types for servers to distribute Firmware packages as well as clients to return receipts and errors. Three media types are defined in this document to support the transfer of firmware packages, firmware package receipts, and firmware package errors. Firmware packages, firmware package receipts, and firmware package errors are always encapsulated within ContentInfo structures [RFC4108]. Firmware packages are additionally encapsulated within a SignedData structure [RFC4108]. Firmware package receipts and errors can be digitally signed and to indicate this option an optional parameters is defined: protection=signed. 1.1. Requirements Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Media Type Registration Applications 2.1. Firmware Package Receipt This section provides the media type registration application for the application/firmware-receipt media type (see [RFC6838], Section 5.6). Type name: application Subtype name: firmware Required parameters: None Optional parameters: None Encoding considerations: binary. Security considerations: See [RFC4108]. Interoperability considerations: See [RFC4108]. Published specification: RFC 4108 and this specification. Applications which use this media type: Applications that support Firmware Package Receipts [RFC4108]. Turner and Housley Expires November 1, 2013 [Page 2] Internet-Draft Media Types for Firmware Packages April 30, 2013 Additional information: Magic number(s): None File extension(s): .fp Macintosh File Type Code(s): Person & email address to contact for further information: Sean Turner Restrictions on usage: none Author: Sean Turner Intended usage: COMMON Change controller: The IESG 2.2. Firmware Package Receipt This section provides the media type registration application for the application/firmware-receipt media type (see [RFC6838], Section 5.6). Type name: application Subtype name: firmware-receipt Required parameters: None Optional parameters: Implementations can indicate whether the firmware package was signed with the following parameter: protection=signed. Encoding considerations: binary. Security considerations: See [RFC4108]. Interoperability considerations: See [RFC4108]. Published specification: RFC 4108 and this specification. Applications which use this media type: Applications that support Firmware Package Receipts [RFC4108]. Turner and Housley Expires November 1, 2013 [Page 3] Internet-Draft Media Types for Firmware Packages April 30, 2013 Additional information: Magic number(s): None File extension(s): .fpr Macintosh File Type Code(s): Person & email address to contact for further information: Sean Turner Restrictions on usage: none Author: Sean Turner Intended usage: COMMON Change controller: The IESG 2.3. Firmware Package Errors This section provides the media type registration application for this media type (see [RFC6838], Section 5.6). Type name: application Subtype name: firmware-error Required parameters: None Optional parameters: Implementations can indicate whether the firmware package was signed with the following optional parameter: protection=signed. Encoding considerations: binary. Security considerations: See [RFC4108]. Interoperability considerations: See [RFC4108]. Published specification: RFC 4108 and this specification. Applications which use this media type: Applications that support Firmware Key Package Errors [RFC4108]. Additional information: Turner and Housley Expires November 1, 2013 [Page 4] Internet-Draft Media Types for Firmware Packages April 30, 2013 Magic number(s): None File extension(s): .fpe Macintosh File Type Code(s): Person & email address to contact for further information: Sean Turner Restrictions on usage: none Author: Sean Turner Intended usage: COMMON Change controller: The IESG 3. IANA Considerations IANA is asked to register the media type application/firmware, application/firmware-receipt, and application/firmware-error in the Standards tree using the applications provided in Section 2.1-2.3 of this document. 4. Security Considerations No new security considerations are introduced in additional those specified in [RFC4108]. 5. References 5.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages", RFC 4108, August 2005. [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, RFC 5652, September 2009. 5.2. Informative References None. Authors' Addresses Turner and Housley Expires November 1, 2013 [Page 5] Internet-Draft Media Types for Firmware Packages April 30, 2013 Sean Turner IECA, Inc. 3057 Nutley Street, Suite 106 Fairfax, VA 22031 USA EMail: turners@ieca.com Phone: +1.703.628.3180 Russell Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 USA EMail: housley@vigilsec.com Turner and Housley Expires November 1, 2013 [Page 6]