idnits 2.17.1 

draft-ietf-smime-compression-04.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard

  == The page length should not exceed 58 lines per page, but there was 1
     longer page, the longest (page 1) being 235 lines


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.

  ** There are 2 instances of too long lines in the document, the longest one
     being 2 characters in excess of 72.

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords -- however, there's a paragraph with a matching beginning.
     Boilerplate error?

     RFC 2119 keyword, line 48: '...of CMS SHOULD include this extension....'
     RFC 2119 keyword, line 75: '...sion number.  It MUST be 0.  Details o...'
     RFC 2119 keyword, line 86: '...Implementations SHOULD use the SMIMECa...'
     RFC 2119 keyword, line 99: '...zlibCompression MUST be DER-encoded as...'
     RFC 2119 keyword, line 108: '...CMS implementations SHOULD include ZLIB [RFC1950] [RFC1951], which is...'
     (1 more instance...)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The "Author's Address" (or "Authors' Addresses") section title is
     misspelled.

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (November 2001) is 8198 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Missing reference section? 'RFC2630' on line 134 looks like a reference

  -- Missing reference section? 'ASN1' on line 50 looks like a reference

  -- Missing reference section? 'RFC2119' on line 55 looks like a reference

  -- Missing reference section? 'RFC2633' on line 88 looks like a reference

  -- Missing reference section? 'RFC1950' on line 108 looks like a reference

  -- Missing reference section? 'RFC1951' on line 108 looks like a reference


     Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 8 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	Internet Draft                                      Editor: Peter Gutmann
2	draft-ietf-smime-compression-04.txt                 University of Auckland
3	May 8, 2001
4	Expires November 2001

6	                  Compressed Data Content Type for CMS

8	Status of this memo

10	This document is an Internet-Draft and is in full conformance with all
11	provisions of Section 10 of RFC2026.

13	Internet-Drafts are working documents of the Internet Engineering Task
14	Force (IETF), its areas, and its working groups.  Note that other
15	groups may also distribute working documents as Internet-Drafts.

17	Internet-Drafts are draft documents valid for a maximum of six months
18	and may be updated, replaced, or obsoleted by other documents at any
19	time.  It is inappropriate to use Internet-Drafts as reference
20	material or to cite them other than as "work in progress."

22	The list of current Internet-Drafts can be accessed at
23	http://www.ietf.org/ietf/1id-abstracts.txt

25	The list of Internet-Draft Shadow Directories can be accessed at
26	http://www.ietf.org/shadow.html.

28	Abstract

30	The Cryptographic Message Syntax data format doesn't currently contain
31	any provisions for compressing data before processing it. Compressing
32	data before transmission provides a number of advantages including the
33	elimination of data redundancy which could help an attacker, speeding
34	up processing by reducing the amount of data to be processed by later
35	steps such as signing or encryption, and reducing overall message
36	size. Although there have been proposals for adding compression at
37	other levels (for example at the MIME or SSL level) these don't
38	address the problem of compression of CMS content unless the
39	compression is supplied by an external means (for example by
40	intermixing MIME and CMS).  This document defines a format for using
41	compressed data as a CMS content type.

43	1. Introduction

45	This document describes a compressed data content type for S/MIME.
46	This is implemented as a new ContentInfo type and is an extension to
47	the types currently defined in CMS [RFC2630].  Future implementations
48	of CMS SHOULD include this extension.

50	The format of the messages are described in ASN.1 [ASN1].

52	The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
53	"RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
54	interpreted as described in [RFC2119].

56	1.1 Compressed Data Content Type

58	The compressed-data content type consists of content of any type
59	compressed using a specified algorithm.  The following object
60	identifier identifies the compressed-data content type:

62	  id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
63	    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 }

65	The compressed-data content type shall have ASN.1 type CompressedData:

67	  CompressedData ::= SEQUENCE {
68	    version CMSVersion,
69	    compressionAlgorithm CompressionAlgorithmIdentifier,
70	    encapContentInfo EncapsulatedContentInfo
71	    }

73	The fields of type CompressedData have the following meanings:

75	    version is the syntax version number.  It MUST be 0.  Details of
76	    the CMSVersion type are discussed in CMS [RFC2630], section
77	    10.2.5.

79	    compressionAlgorithm is a compression algorithm identifier, as
80	    defined in section 2.

82	    encapContentInfo is the content which is compressed.  Details of
83	    the EncapsulatedContentInfo type are discussed in CMS [RFC2630],
84	    section 5.2.

86	Implementations SHOULD use the SMIMECapabilities attribute to indicate
87	their ability to process compressed content types.  Details of
88	SMIMECapabilities are discussed in MSG [RFC2633], section 2.5.2

90	A compression SMIMECapability consists of the AlgorithmIdentifier for
91	the supported compression algorithm, in the case of the algorithm
92	specified in this document this is id-alg-zlibCompression as specified
93	in section 2.  Alternatively, the use of compression may be handled by
94	prior arrangement (for example as part of an interoperability
95	profile).

97	The SMIMECapability SEQUENCE representing the ability to process
98	content compressed with the algorithm identified by id-alg-
99	zlibCompression MUST be DER-encoded as the following hexadecimal
100	string:

102	    30 0D 06 0B 2A 86 48 86 F7 0D 01 09 10 03 08

104	(but see also the implementation note in section 2.1).

106	2. Compression Types

108	CMS implementations SHOULD include ZLIB [RFC1950] [RFC1951], which is
109	free of any intellectual property restrictions and has a freely-
110	available, portable and efficient reference implementation.  The
111	following object identifier identifies ZLIB:

113	  id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
114	    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }

116	This algorithm has null parameters (but see the implementation note in
117	section 2.1 for comments on this field).

119	2.1. Implementation notes

121	ZLIB allows for a number of compression levels ranging from good but
122	slow compression to less good but fast compression.  The compression
123	level is always compatible with the decompression algorithm, so there
124	is no need to specify the compression level as an algorithm parameter.

126	There are two possible encodings for the ZLIB null parameters field
127	which arise from the fact that when the 1988 syntax for
128	AlgorithmIdentifier was translated into the 1997 syntax, the OPTIONAL
129	associated with the AlgorithmIdentifier parameters got lost.  Later it
130	was recovered via a defect report, but by then everyone thought that
131	algorithm parameters were mandatory.  Because of this some
132	implementations will encode null parameters as an ASN.1 NULL element
133	and some will omit them entirely (see for example section 12 of CMS
134	[RFC2630]).  Although the correct encoding is to omit the parameters
135	field, implementations may encounter encodings which use an ASN.1
136	NULL element for the parameters.

138	3. Security Considerations

140	This RFC is not concerned with security, except for the fact that
141	compressing data before encryption can enhance the security provided
142	by other processing steps by reducing the quantity of known plaintext
143	available to an attacker.

145	Author Address

147	Peter Gutmann
148	University of Auckland
149	Private Bag 92019
150	Auckland, New Zealand
151	pgut001@cs.auckland.ac.nz

153	References

155	  ASN1  CCITT Recommendation X.208: Specification of Abstract Syntax
156	        Notation One (ASN.1), 1988.

158	  RFC2119 Key Words for Use in RFC's to Indicate Requirement Levels,
159	        S.Bradner, March 1997.

161	  RFC1950 ZLIB Compressed Data Format Specification version 3.3,
162	        P.Deutsch and J-L Gailly, May 1996.

164	  RFC1951 DEFLATE Compressed Data Format Specification version 1.3,
165	        P.Deutsch, May 1996.

167	  RFC2630 Cryptographic Message Syntax, R.Housley, June 1999.

169	  RFC2633 S/MIME Version 3 Message Specification, B.Ramsdell, June
170	        1999.

172	Appendix A: ASN.1 Module

174	CompressedDataContent
175	  { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
176	    smime(16) modules(0) compress(11) }

178	DEFINITIONS IMPLICIT TAGS ::=
179	BEGIN

181	IMPORTS
182	  CMSVersion, EncapsulatedContentInfo FROM CryptographicMessageSyntax
183	    { iso(1) member-body(2) us(840) rsadsi(113549)
184	      pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) },
185	  AlgorithmIdentifier FROM AuthenticationFramework
186	    { joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3 };

188	CompressedData ::= SEQUENCE {
189	  version CMSVersion,       -- Always set to 0
190	  compressionAlgorithm CompressionAlgorithmIdentifier,
191	  encapContentInfo EncapsulatedContentInfo
192	  }

194	CompressionAlgorithmIdentifer ::= AlgorithmIdentifier

196	-- Algorithm Identifiers

198	id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
199	    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }

201	-- Content Type Object Identifiers

203	id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
204	    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 }

206	END

208	Full Copyright Statement

210	Copyright (C) The Internet Society 2001.  All Rights Reserved.

212	This document and translations of it may be copied and furnished to
213	others, and derivative works that comment on or otherwise explain it
214	or assist in its implementation may be prepared, copied, published and
215	distributed, in whole or in part, without restriction of any kind,
216	provided that the above copyright notice and this paragraph are
217	included on all such copies and derivative works. However, this
218	document itself may not be modified in any way, such as by removing
219	the copyright notice or references to the Internet Society or other
220	Internet organizations, except as needed for the purpose of developing
221	Internet standards in which case the procedures for copyrights defined
222	in the Internet Standards process must be followed, or as required to
223	translate it into languages other than English.

225	The limited permissions granted above are perpetual and will not be
226	revoked by the Internet Society or its successors or assigns.

228	This document and the information contained herein is provided on an
229	"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
230	TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
231	NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
232	WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
233	MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.