< draft-turner-application-pkcs10-media-type-00.txt   draft-turner-application-pkcs10-media-type-01.txt >
Network Working Group S. Turner Network Working Group S. Turner
Internet Draft IECA Internet Draft IECA
Intended Status: Informational Track February 3, 2010 Intended Status: Informational Track February 16, 2010
Updates: 2986 (once approved) Updates: 2986 (once approved)
Expires: August 3, 2010 Expires: August 16, 2010
The application/pkcs10 Media Type The application/pkcs10 Media Type
draft-turner-application-pkcs10-media-type-00.txt draft-turner-application-pkcs10-media-type-01.txt
Abstract Abstract
This document specifies a media type used to carry PKCS#10 This document specifies a media type used to carry PKCS#10
certification requests as defined in RFC 2986. certification requests as defined in RFC 2986. It carries over the
original specification from RFC 2311, which recently has been moved
to Historic state, and properly links it to RFC 2986.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to Process, except to format it for publication as an RFC or to
skipping to change at page 1, line 47 skipping to change at page 2, line 5
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 3, 2010. This Internet-Draft will expire on August 16, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
1. Introduction 1. Introduction
[RFC2311] first defined the application/pkcs10 media type. When [RFC2311] first defined the application/pkcs10 media type. When
[RFC2633] was published, the application/pkcs10 section was dropped, [RFC2633] was published, the application/pkcs10 section was dropped,
but for some reason the text was not incorporated in to PKCS#10 but for some reason the text was not incorporated into the PKCS#10
[RFC2986]. [RFC2311] was moved to historic status by [RFC5751]. To document [RFC2986]. [RFC2311] was moved to historic status by
ensure the IANA media type registration points to a non-historic [RFC5751]. To ensure the IANA media type registration points to a
document, this document updates [RFC2986] with the application/pkcs10 non-historic document, this document updates [RFC2986] with the
mime media type registration. definition of the application/pkcs10 media type and an IANA
registration based on [RFC4288].
The text for Section 2 is taken directly from Section 3.7 of The text for Section 2 is adapted from Section 3.7 of [RFC2311].
[RFC2311].
1.1. Requirements Terminology 1.1. Requirements Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Creating a Certification Request 2. Creating a Certification Request
A typical application which allows a user to generate cryptographic A typical application which allows a user to generate cryptographic
information has to submit that information to a certification information has to submit that information to a certification
authority, who transforms it into a certificate. PKCS #10 describes authority (CA), who transforms it into a certificate. PKCS #10
a syntax for certification requests. The application/pkcs10 body type [RFC2986] describes a syntax for certification requests. The
MUST be used to transfer a PKCS #10 certification request. application/pkcs10 media type MUST be used to transfer a PKCS #10
certification request.
The details of certification requests and the process of obtaining a The details of certification requests and the process of obtaining a
certificate are beyond the scope of this memo. Instead, only the certificate are beyond the scope of this memo. Instead, only the
format of data used in application/pkcs10 is defined. format of data used in application/pkcs10 is defined.
2.1. Format of the application/pkcs10 Body 2.1. Format of the application/pkcs10 Body
PKCS #10 defines the ASN.1 type CertificationRequest for use in PKCS #10 defines the ASN.1 type CertificationRequest for use in
submitting a certification request. Therefore, when the MIME content submitting a certification request. For transfer to a CA, this
type application/pkcs10 is used, the body MUST be a abstract syntax needs to be encoded and identified in a unique
CertificationRequest, encoded using the Basic Encoding Rules (BER) manner. When the media type application/pkcs10 is used, the body
[X.690]. MUST be a CertificationRequest, encoded using the Basic Encoding
Rules (BER) [X.690].
Although BER is specified, instead of the more restrictive DER Although BER is specified, instead of the more restrictive DER
[X.690], a typical application will use DER since the [X.690], a typical application will use DER since the
CertificationRequest's CertificationRequestInfo has to be DER-encoded CertificationRequest's CertificationRequestInfo has to be DER-encoded
in order to be signed. in order to be signed.
A robust application SHOULD output DER, but allow BER or DER on A robust application SHOULD output DER, but allow BER or DER on
input. input.
Data produced by BER or DER is 8-bit, but many transports are limited Data produced by BER or DER is 8-bit, but some transports are limited
to 7-bit data. Therefore, a suitable 7-bit Content-Transfer-Encoding to 7-bit data. In such cases, a suitable 7-bit transfer encoding MUST
SHOULD be applied. The base64 Content-Transfer-Encoding [RFC4648] be applied; in MIME-compatible transports, the base64 encoding
SHOULD be used with application/pkcs10, although any 7-bit transfer [RFC4648] SHOULD be used with application/pkcs10, although any 7-bit
encoding may work. transfer encoding may work.
2.2. Sending and Receiving an application/pkcs10 Body Part 2.2. Sending and Receiving an application/pkcs10 Body Part
For sending a certificate-signing request, the application/pkcs10 For sending a certificate-signing request, the application/pkcs10
message format MUST be used to convey a PKCS #10 certificate-signing message format MUST be used to convey a PKCS #10 certificate-signing
request. Note that for sending certificates and CRLs messages without request. Note that for sending certificates and CRLs without any
any signed content, the application/pkcs7-mime message format MUST be signed content, the application/pkcs7-mime message format MUST be
used to convey a degenerate PKCS #7 signedData "certs-only" message used to convey a degenerate PKCS #7 signedData "certs-only" message
[RFC5751]. [RFC5751].
To send an application/pkcs10 body, the application generates the To send an application/pkcs10 body, the application generates the
cryptographic information for the user. The details of the cryptographic information for the user. The details of the
cryptographic information are beyond the scope of this memo. cryptographic information are beyond the scope of this memo.
Step 1. The cryptographic information is placed within a PKCS #10 Step 1. The cryptographic information is placed within a PKCS #10
CertificationRequest. CertificationRequest.
Step 2. The CertificationRequest is encoded according to BER or DER Step 2. The CertificationRequest is encoded according to BER or DER
(typically, DER). (typically, DER).
Step 3. As a typical step, the DER-encoded CertificationRequest is Step 3. As a typical step, the DER-encoded CertificationRequest is
also base64 encoded so that it is 7-bit data suitable for transfer in also base64 encoded so that it is 7-bit data suitable for transfer in
SMTP. This then becomes the body of an application/pkcs10 body part. ESMTP. This then becomes the body of an application/pkcs10 body part.
The result might look like this: The result might look like this:
Content-Type: application/pkcs10; name=smime.p10 Content-Type: application/pkcs10; name=smime.p10
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p10 Content-Disposition: attachment; filename=smime.p10
rfvbnj756tbBghyHhHUujhJhjH77n8HHGT9HG4VQpfyF467GhIGfHfYT6 rfvbnj756tbBghyHhHUujhJhjH77n8HHGT9HG4VQpfyF467GhIGfHfYT6
7n8HHGghyHhHUujhJh4VQpfyF467GhIGfHfYGTrfvbnjT6jH7756tbB9H 7n8HHGghyHhHUujhJh4VQpfyF467GhIGfHfYGTrfvbnjT6jH7756tbB9H
f8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 f8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4
skipping to change at page 4, line 23 skipping to change at page 4, line 23
A typical application only needs to send a certification request. It A typical application only needs to send a certification request. It
is a certification authority that has to receive and process the is a certification authority that has to receive and process the
request. The steps for recovering the CertificationRequest from the request. The steps for recovering the CertificationRequest from the
message are straightforward but are not presented here. The message are straightforward but are not presented here. The
procedures for processing the certification request are beyond the procedures for processing the certification request are beyond the
scope of this document. scope of this document.
3. IANA Considerations 3. IANA Considerations
IANA is asked to update the registration for the application/pkc10
media type using the filled-in template from BCP 13 [RFC4288] given
below.
3.1. Registration of media type application/pkc10
The media type for a PKCS#10 certification request is The media type for a PKCS#10 certification request is
application/pkc10. application/pkc10.
Type name: application Type name: application
Subtype name: pkcs10 Subtype name: pkcs10
Required parameters: None Required parameters: None
Optional parameters: None Optional parameters: None
Encoding considerations: See Section 2. Encoding considerations:
This media type carries binary content and needs proper encoding
for non-8bit clear transports; See Section 2.
Security considerations: Security considerations:
Clients use a certification request to request that a Clients use a certification request to request that a
Certification Authority certify a public key. The certification Certification Authority certify a public key. The certification
request is digitally signed. request is digitally signed.
Interoperability considerations: See Section 2. Interoperability considerations: See Section 2.
Published specification: RFC 2986 Published specification: RFC 2986
Applications which use this media type: Applications which use this media type:
The content type is used with MIME-complaint transport to The content type is used with MIME-compliant transport to
transfer PKCS#10 certification requests [PKCS#10]. transfer PKCS#10 certification requests [PKCS#10].
Additional information: Additional information:
Magic number(s): None Magic number(s): None
File extension(s): .p10 File extension(s): .p10
Macintosh File Type Code(s): none Macintosh File Type Code(s): none
Person & email address to contact for further information: Person & email address to contact for further information:
Sean Turner Sean Turner
skipping to change at page 5, line 25 skipping to change at page 5, line 34
Author: Author:
Sean Turner <turners@ieca.com> Sean Turner <turners@ieca.com>
Intended usage: COMMON Intended usage: COMMON
Change controller: Change controller:
The IESG <iesg@ietf.org> The IESG <iesg@ietf.org>
4. Security Considerations 4. Security Considerations
The security considerations of [RFC2986] and [RFC5751] apply; The security considerations of [RFC2986] and [RFC5751] apply; no new
however, no new security considerations are introduced by this security considerations are introduced by this document.
document.
5. References 5. Acknowledgements
5.1. Normative References I wish to thank the authors of RFC 2311, Steve Dusse, Paul Hoffman,
Blake Ramsdell, Laurence Lundblade, and Lisa Repka.
[RFC2986] Nystrom, M, and B. Kaliski, " PKCS #10: Certification 6. References
Request Syntax Specification Version 1.7", RFC 2986,
November 2000. 6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2986] Nystrom, M, and B. Kaliski, "PKCS #10: Certification
Request Syntax Specification Version 1.7", RFC 2986,
November 2000.
[RFC4288] Freed, N., and J. Klensin, "Media Type Specifications
and Registration Procedures, BCP 13, RFC 4288, December
2005.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006. Encodings", RFC 4648, October 2006.
[RFC5751] Turner, S. and B. Ramsdell, "Secure/Multipurpose
Internet Mail Extensions (S/MIME) Version 3.2 Message
Specification", RFC 5751, January 2010.
[X.690] ITU-T Recommendation X.690 (2002) | ISO/IEC 8825- [X.690] ITU-T Recommendation X.690 (2002) | ISO/IEC 8825-
1:2002. Information Technology - ASN.1 encoding rules: 1:2002. Information Technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER), Canonical Specification of Basic Encoding Rules (BER), Canonical
Encoding Rules (CER) and Distinguished Encoding Rules Encoding Rules (CER) and Distinguished Encoding Rules
(DER). (DER).
5.2. Informative References 6.2. Informative References
[RFC2311] Dusse, S., Hoffman, P., Ramsdell, B., Lundblade, L., [RFC2311] Dusse, S., Hoffman, P., Ramsdell, B., Lundblade, L.,
and L. Repka, "S/MIME Version 2 Message Specification", and L. Repka, "S/MIME Version 2 Message Specification",
RFC 2311, March 1998. RFC 2311, March 1998.
[RFC2633] Ramsdell, B., "S/MIME Version 3 Message Specification", [RFC2633] Ramsdell, B., "S/MIME Version 3 Message Specification",
RFC 2633, June 1999. RFC 2633, June 1999.
[RFC5751] Turner, S. and B. Ramsdell, "Secure/Multipurpose
Internet Mail Extensions (S/MIME) Version 3.2 Message
Specification", RFC 5751, January 2010.
Acknowledgements
I wish to thank the authors of RFC 2311, Steve Dusse, Paul Hoffman,
Blake Ramsdell, Laurence Lundblade, and Lisa Repka.
Authors' Addresses Authors' Addresses
Sean Turner Sean Turner
IECA, Inc. IECA, Inc.
3057 Nutley Street, Suite 106 3057 Nutley Street, Suite 106
Fairfax, VA 22031 Fairfax, VA 22031
USA USA
EMail: turners@ieca.com EMail: turners@ieca.com
 End of changes. 25 change blocks. 
49 lines changed or deleted 64 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/