idnits 2.17.1 

draft-ietf-smime-compression-06.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard

  == The page length should not exceed 58 lines per page, but there was 1
     longer page, the longest (page 1) being 243 lines


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.

  ** There are 2 instances of too long lines in the document, the longest one
     being 2 characters in excess of 72.

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords -- however, there's a paragraph with a matching beginning.
     Boilerplate error?

     RFC 2119 keyword, line 75: '...sion number.  It MUST be 0.  Details o...'
     RFC 2119 keyword, line 85: '...Implementations SHOULD use the SMIMECa...'
     RFC 2119 keyword, line 97: '...zlibCompression MUST be DER-encoded as...'
     RFC 2119 keyword, line 106: '...CMS implementations SHOULD include ZLIB [RFC1950] [RFC1951], which is...'
     RFC 2119 keyword, line 114: '...eters.  The parameters field SHOULD be...'
     (2 more instances...)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The "Author's Address" (or "Authors' Addresses") section title is
     misspelled.

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (February 2002) is 8105 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Missing reference section? 'RFC2630' on line 133 looks like a reference

  -- Missing reference section? 'ASN1' on line 50 looks like a reference

  -- Missing reference section? 'RFC2119' on line 55 looks like a reference

  -- Missing reference section? 'RFC2633' on line 87 looks like a reference

  -- Missing reference section? 'RFC1950' on line 106 looks like a reference

  -- Missing reference section? 'RFC1951' on line 106 looks like a reference


     Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 8 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	Internet Draft                                      Editor: Peter Gutmann
2	draft-ietf-smime-compression-06.txt                 University of Auckland
3	August 30, 2001
4	Expires February 2002

6	                  Compressed Data Content Type for CMS

8	Status of this memo

10	This document is an Internet-Draft and is in full conformance with all
11	provisions of Section 10 of RFC2026.

13	Internet-Drafts are working documents of the Internet Engineering Task
14	Force (IETF), its areas, and its working groups.  Note that other
15	groups may also distribute working documents as Internet-Drafts.

17	Internet-Drafts are draft documents valid for a maximum of six months
18	and may be updated, replaced, or obsoleted by other documents at any
19	time.  It is inappropriate to use Internet-Drafts as reference material
20	or to cite them other than as "work in progress."

22	The list of current Internet-Drafts can be accessed at
23	http://www.ietf.org/ietf/1id-abstracts.txt

25	The list of Internet-Draft Shadow Directories can be accessed at
26	http://www.ietf.org/shadow.html.

28	Abstract

30	The Cryptographic Message Syntax data format doesn't currently contain
31	any provisions for compressing data before processing it. Compressing
32	data before transmission provides a number of advantages including the
33	elimination of data redundancy which could help an attacker, speeding
34	up processing by reducing the amount of data to be processed by later
35	steps such as signing or encryption, and reducing overall message size.
36	Although there have been proposals for adding compression at other
37	levels (for example at the MIME or SSL level) these don't address the
38	problem of compression of CMS content unless the compression is
39	supplied by an external means (for example by intermixing MIME and
40	CMS).  This document defines a format for using compressed data as a
41	CMS content type.

43	1. Introduction

45	This document describes a compressed data content type for CMS.  This
46	is implemented as a new ContentInfo type and is an extension to the
47	types currently defined in CMS [RFC2630].  Future implementations of
48	CMS should include this extension.

50	The format of the messages are described in ASN.1 [ASN1].

52	The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
53	"RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
54	interpreted as described in [RFC2119].

56	1.1 Compressed Data Content Type

58	The compressed-data content type consists of content of any type
59	compressed using a specified algorithm.  The following object
60	identifier identifies the compressed-data content type:

62	  id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
63	    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 }

65	The compressed-data content type shall have ASN.1 type CompressedData:

67	  CompressedData ::= SEQUENCE {
68	    version CMSVersion,
69	    compressionAlgorithm CompressionAlgorithmIdentifier,
70	    encapContentInfo EncapsulatedContentInfo
71	    }

73	The fields of type CompressedData have the following meanings:

75	  version is the syntax version number.  It MUST be 0.  Details of the
76	  CMSVersion type are discussed in CMS [RFC2630], section 10.2.5.

78	  compressionAlgorithm is a compression algorithm identifier, as
79	  defined in section 2.

81	  encapContentInfo is the content which is compressed.  Details of the
82	  EncapsulatedContentInfo type are discussed in CMS [RFC2630], section
83	  5.2.

85	Implementations SHOULD use the SMIMECapabilities attribute to indicate
86	their ability to process compressed content types.  Details of
87	SMIMECapabilities are discussed in MSG [RFC2633], section 2.5.2

89	A compression SMIMECapability consists of the AlgorithmIdentifier for
90	the supported compression algorithm, in the case of the algorithm
91	specified in this document this is id-alg-zlibCompression as specified
92	in section 2.  Alternatively, the use of compression may be handled by
93	prior arrangement (for example as part of an interoperability profile).

95	The SMIMECapability SEQUENCE representing the ability to process
96	content compressed with the algorithm identified by id-alg-
97	zlibCompression MUST be DER-encoded as the following hexadecimal
98	string:

100	    30 0D 06 0B 2A 86 48 86 F7 0D 01 09 10 03 08

102	(but see also the implementation note in section 2.1).

104	2. Compression Types

106	CMS implementations SHOULD include ZLIB [RFC1950] [RFC1951], which is
107	free of any intellectual property restrictions and has a freely-
108	available, portable and efficient reference implementation.  The
109	following object identifier identifies ZLIB:

111	  id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
112	    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }

114	This algorithm has no parameters.  The parameters field SHOULD be
115	encoded as omitted, but MAY be encoded as NULL (see the implemenation
116	note in section 2.1).

118	2.1. Implementation notes

120	ZLIB allows for a number of compression levels ranging from good but
121	slow compression to less good but fast compression.  The compression
122	level is always compatible with the decompression algorithm, so there
123	is no need to specify the compression level as an algorithm parameter.

125	There are two possible encodings for the ZLIB null parameters field
126	which arise from the fact that when the 1988 syntax for
127	AlgorithmIdentifier was translated into the 1997 syntax, the OPTIONAL
128	associated with the AlgorithmIdentifier parameters got lost.  Later it
129	was recovered via a defect report, but by then everyone thought that
130	algorithm parameters were mandatory.  Because of this some
131	implementations will encode null parameters as an ASN.1 NULL element
132	and some will omit them entirely (see for example section 12 of CMS
133	[RFC2630]).  Although the correct encoding is to omit the parameters
134	field, implementations may encounter encodings which use an ASN.1 NULL
135	element for the parameters.

137	3. Security Considerations

139	This RFC is not concerned with security, except for the fact that
140	compressing data before encryption can enhance the security provided by
141	other processing steps by reducing the quantity of known plaintext
142	available to an attacker.

144	4. IANA Considerations

146	The CompressedData content type and compression algorithms are
147	identified by object identifiers (OIDs).  OIDs were assigned from an
148	arc contributed to the S/MIME Working Group by the RSA Security.
149	Should additional compression algorithms be introduced, the advocates
150	for such algorithms are expected to assign the necessary OIDs from
151	their own arcs.  No action by the IANA is necessary for this document
152	or any anticipated updates.

154	Author Address

156	Peter Gutmann
157	University of Auckland
158	Private Bag 92019
159	Auckland, New Zealand
160	pgut001@cs.auckland.ac.nz

162	References

164	  ASN1  CCITT Recommendation X.208: Specification of Abstract Syntax
165	        Notation One (ASN.1), 1988.

167	  RFC2119 Key Words for Use in RFC's to Indicate Requirement Levels,
168	        S.Bradner, March 1997.

170	  RFC1950 ZLIB Compressed Data Format Specification version 3.3,
171	        P.Deutsch and J-L Gailly, May 1996.

173	  RFC1951 DEFLATE Compressed Data Format Specification version 1.3,
174	        P.Deutsch, May 1996.

176	  RFC2630 Cryptographic Message Syntax, R.Housley, June 1999.

178	  RFC2633 S/MIME Version 3 Message Specification, B.Ramsdell, June
179	        1999.

181	Appendix A: ASN.1 Module

183	CompressedDataContent
184	  { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
185	    smime(16) modules(0) compress(11) }

187	DEFINITIONS IMPLICIT TAGS ::=
188	BEGIN

190	IMPORTS
191	  CMSVersion, EncapsulatedContentInfo FROM CryptographicMessageSyntax
192	    { iso(1) member-body(2) us(840) rsadsi(113549)
193	      pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) }
194	  AlgorithmIdentifier FROM AuthenticationFramework
195	    { joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3 };

197	CompressedData ::= SEQUENCE {
198	  version CMSVersion,       -- Always set to 0
199	  compressionAlgorithm CompressionAlgorithmIdentifier,
200	  encapContentInfo EncapsulatedContentInfo
201	  }

203	CompressionAlgorithmIdentifier ::= AlgorithmIdentifier

205	-- Algorithm Identifiers

207	id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
208	    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }

210	-- Content Type Object Identifiers

212	id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
213	    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 }

215	END

217	Full Copyright Statement

219	Copyright (C) The Internet Society 2001.  All Rights Reserved.

221	This document and translations of it may be copied and furnished to
222	others, and derivative works that comment on or otherwise explain it or
223	assist in its implementation may be prepared, copied, published and
224	distributed, in whole or in part, without restriction of any kind,
225	provided that the above copyright notice and this paragraph are
226	included on all such copies and derivative works. However, this
227	document itself may not be modified in any way, such as by removing the
228	copyright notice or references to the Internet Society or other
229	Internet organizations, except as needed for the purpose of developing
230	Internet standards in which case the procedures for copyrights defined
231	in the Internet Standards process must be followed, or as required to
232	translate it into languages other than English.

234	The limited permissions granted above are perpetual and will not be
235	revoked by the Internet Society or its successors or assigns.

237	This document and the information contained herein is provided on an
238	"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
239	TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
240	NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL
241	NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
242	FITNESS FOR A PARTICULAR PURPOSE.