Network Working Group                                         P. Gutmann
Request for Comments: 3274                        University of Auckland
Category: Standards Track                                      June 2002
        
Network Working Group                                         P. Gutmann
Request for Comments: 3274                        University of Auckland
Category: Standards Track                                      June 2002
        

Compressed Data Content Type for Cryptographic Message Syntax (CMS)

加密消息语法(CMS)的压缩数据内容类型

Status of this Memo

本备忘录的状况

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2002). All Rights Reserved.

版权所有(C)互联网协会(2002年)。版权所有。

Abstract

摘要

This document defines a format for using compressed data as a Cryptographic Message Syntax (CMS) content type. Compressing data before transmission provides a number of advantages, including the elimination of data redundancy which could help an attacker, speeding up processing by reducing the amount of data to be processed by later steps (such as signing or encryption), and reducing overall message size. Although there have been proposals for adding compression at other levels (for example at the MIME or SSL level), these don't address the problem of compression of CMS content unless the compression is supplied by an external means (for example by intermixing MIME and CMS).

本文档定义了将压缩数据用作加密消息语法(CMS)内容类型的格式。传输前压缩数据提供了许多优势,包括消除可能帮助攻击者的数据冗余,通过减少后续步骤(如签名或加密)要处理的数据量来加快处理速度,以及减少总体消息大小。尽管有人建议在其他级别(例如MIME或SSL级别)添加压缩,但这些建议并未解决CMS内容的压缩问题,除非通过外部方式(例如混合MIME和CMS)提供压缩。

1. Introduction
1. 介绍

This document describes a compressed data content type for CMS. This is implemented as a new ContentInfo type and is an extension to the types currently defined in CMS [RFC2630]. CMS implementations SHOULD include support for the CompressedData content type.

本文档描述了CMS的压缩数据内容类型。这是作为新的ContentInfo类型实现的,是CMS[RFC2630]中当前定义的类型的扩展。CMS实现应包括对CompressedData内容类型的支持。

The format of the messages are described in ASN.1 [ASN1].

ASN.1[ASN1]中描述了消息的格式。

The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应该”、“不应该”、“建议”、“可能”和“可选”应按照[RFC2119]中所述进行解释。

1.1 Compressed Data Content Type
1.1 压缩数据内容类型

The compressed-data content type consists of content of any type, compressed using a specified algorithm. The following object identifier identifies the compressed-data content type:

压缩数据内容类型由使用指定算法压缩的任何类型的内容组成。以下对象标识符标识压缩数据内容类型:

      id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 }
        
      id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 }
        

The compressed-data content type shall have ASN.1 type CompressedData:

压缩数据内容类型应具有ASN.1类型CompressedData:

      CompressedData ::= SEQUENCE {
        version CMSVersion,
        compressionAlgorithm CompressionAlgorithmIdentifier,
        encapContentInfo EncapsulatedContentInfo
        }
        
      CompressedData ::= SEQUENCE {
        version CMSVersion,
        compressionAlgorithm CompressionAlgorithmIdentifier,
        encapContentInfo EncapsulatedContentInfo
        }
        

The fields of type CompressedData have the following meanings:

CompressedData类型的字段具有以下含义:

version is the syntax version number. It MUST be 0. Details of the CMSVersion type are discussed in CMS [RFC2630], section 10.2.5.

version是语法版本号。它必须是0。CMS[RFC2630]第10.2.5节讨论了CMS版本类型的详细信息。

compressionAlgorithm is a compression algorithm identifier, as defined in section 2.

compressionAlgorithm是第2节中定义的压缩算法标识符。

encapContentInfo is the content which is compressed. Details of the EncapsulatedContentInfo type are discussed in CMS [RFC2630], section 5.2.

encapContentInfo是压缩的内容。CMS[RFC2630]第5.2节讨论了封装内容信息类型的详细信息。

Implementations SHOULD use the SMIMECapabilities attribute to indicate their ability to process compressed content types. Details of SMIMECapabilities are discussed in MSG [RFC2633], section 2.5.2.

实现应该使用SMIMECapabilities属性来指示它们处理压缩内容类型的能力。SMIMECapability的详细信息在MSG[RFC2633]第2.5.2节中讨论。

A compression SMIMECapability consists of the AlgorithmIdentifier for the supported compression algorithm. In the case of the algorithm specified in this document, this is id-alg-zlibCompression, as specified in section 2. Alternatively, the use of compression may be handled by prior arrangement (for example as part of an interoperability profile).

压缩SMIMECapability由支持的压缩算法的算法标识符组成。对于本文件中指定的算法,这是第2节中指定的id alg zlibCompression。或者,可以通过事先安排(例如作为互操作性概要文件的一部分)来处理压缩的使用。

The SMIMECapability SEQUENCE representing the ability to process content compressed with the algorithm identified by id-alg-zlibCompression MUST be DER-encoded as the following hexadecimal string:

表示处理使用id alg zlibCompression标识的算法压缩的内容的能力的SMIMECapability序列必须按以下十六进制字符串进行DER编码:

30 0D 06 0B 2A 86 48 86 F7 0D 01 09 10 03 08

30 0D 06 0B 2A 86 48 86 F7 0D 01 09 10 03 08

(but see also the implementation note in section 2.1).

(另请参见第2.1节中的实施说明)。

2. Compression Types
2. 压缩类型

CMS implementations that support the CompressedData content type MUST include support for the ZLIB compression algorithm [RFC1950] [RFC1951], which has a freely-available, portable and efficient reference implementation. The following object identifier identifies ZLIB:

支持CompressedData内容类型的CMS实现必须包括对ZLIB压缩算法[RFC1950][RFC1951]的支持,该算法具有免费可用、可移植和高效的参考实现。以下对象标识符标识ZLIB:

      id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }
        
      id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }
        

This algorithm has no parameters. The parameters field SHOULD be encoded as omitted, but MAY be encoded as NULL (see the implementation note in section 2.1).

该算法没有参数。参数字段应编码为省略,但可编码为空(见第2.1节中的实施说明)。

2.1. Implementation notes
2.1. 实施说明

ZLIB allows for a number of compression levels ranging from good but slow compression, to less good but fast compression. The compression level is always compatible with the decompression algorithm, so there is no need to specify the compression level as an algorithm parameter.

ZLIB允许多种压缩级别,从良好但缓慢的压缩到较差但快速的压缩。压缩级别始终与解压缩算法兼容,因此无需将压缩级别指定为算法参数。

There are two possible encodings for the ZLIB null parameters field which arise from the fact that when the 1988 syntax for AlgorithmIdentifier was translated into the 1997 syntax, the OPTIONAL associated with the AlgorithmIdentifier parameters got lost. Later it was recovered via a defect report, but by then, everyone thought that algorithm parameters were mandatory. Because of this, some implementations will encode null parameters as an ASN.1 NULL element and some will omit them entirely (see for example section 12 of CMS [RFC2630]). Although the correct encoding is to omit the parameters field, implementations may encounter encodings which use an ASN.1 NULL element for the parameters.

ZLIB null parameters字段有两种可能的编码,这是因为当1988年AlgorithmIdentifier语法转换为1997年语法时,与AlgorithmIdentifier参数相关的可选代码丢失了。后来通过缺陷报告恢复,但到那时,每个人都认为算法参数是强制性的。因此,一些实现将空参数编码为ASN.1空元素,而一些实现将完全忽略它们(例如参见CMS[RFC2630]的第12节)。尽管正确的编码是省略参数字段,但实现可能会遇到使用ASN.1 NULL元素作为参数的编码。

3. Security Considerations
3. 安全考虑

This RFC is not concerned with security, except for the fact that compressing data before encryption can enhance the security provided by other processing steps by reducing the quantity of known plaintext available to an attacker. However, implementations should be aware of possible security threats of combining security sensitive material with possibly untrusted data before the compression and encryption. This is because information about the sensitive data may be inferred from knowing the untrusted data and the compression ratio.

此RFC与安全性无关,只是在加密之前压缩数据可以通过减少攻击者可用的已知明文数量来增强其他处理步骤提供的安全性。然而,在压缩和加密之前,实现应该意识到将安全敏感材料与可能不受信任的数据相结合可能带来的安全威胁。这是因为有关敏感数据的信息可以通过了解不受信任的数据和压缩比来推断。

4. IANA Considerations
4. IANA考虑

The CompressedData content type and compression algorithms are identified by object identifiers (OIDs). OIDs were assigned from an arc contributed to the S/MIME Working Group by RSA Security. Should additional compression algorithms be introduced, the advocates for such algorithms are expected to assign the necessary OIDs from their own arcs. No action by the IANA is necessary for this document or any anticipated updates.

CompressedData内容类型和压缩算法由对象标识符(OID)标识。OID是从RSA Security提供给S/MIME工作组的arc分配的。如果引入额外的压缩算法,这些算法的拥护者将从他们自己的弧中分配必要的OID。IANA无需对本文件或任何预期更新采取任何行动。

References

工具书类

[ASN1] CCITT Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1), 1988.

[ASN1]CCITT建议X.208:抽象语法符号1规范(ASN.1),1988年。

[RFC2119] Bradner, S., "Key Words for Use in RFC's to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC1950] Deutsch, P. and J-L Gailly, "ZLIB Compressed Data Format Specification version 3.3", RFC 1950, May 1996.

[RFC1950]Deutsch,P.和J-L Gailly,“ZLIB压缩数据格式规范3.3版”,RFC 1950,1996年5月。

[RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification version 1.3", RFC 1951, May 1996.

[RFC1951]Deutsch,P.,“DEFLATE压缩数据格式规范1.3版”,RFC1951,1996年5月。

[RFC2630] Housley, R., "Cryptographic Message Syntax", RFC 2630, June 1999.

[RFC2630]Housley,R.,“加密消息语法”,RFC2630,1999年6月。

[RFC2633] Rmasdell, B., "S/MIME Version 3 Message Specification", RFC 2633, June 1999.

[RFC2633]Rmasdell,B.,“S/MIME版本3消息规范”,RFC 2633,1999年6月。

Appendix A: ASN.1 Module

附录A:ASN.1模块

   CompressedDataContent
     { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
       smime(16) modules(0) compress(11) }
        
   CompressedDataContent
     { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
       smime(16) modules(0) compress(11) }
        
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
   IMPORTS
     CMSVersion, EncapsulatedContentInfo FROM CryptographicMessageSyntax
       { iso(1) member-body(2) us(840) rsadsi(113549)
         pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) }
     AlgorithmIdentifier FROM AuthenticationFramework
       { joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3 };
        
   IMPORTS
     CMSVersion, EncapsulatedContentInfo FROM CryptographicMessageSyntax
       { iso(1) member-body(2) us(840) rsadsi(113549)
         pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) }
     AlgorithmIdentifier FROM AuthenticationFramework
       { joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3 };
        
   CompressedData ::= SEQUENCE {
     version CMSVersion,       -- Always set to 0
     compressionAlgorithm CompressionAlgorithmIdentifier,
     encapContentInfo EncapsulatedContentInfo
     }
        
   CompressedData ::= SEQUENCE {
     version CMSVersion,       -- Always set to 0
     compressionAlgorithm CompressionAlgorithmIdentifier,
     encapContentInfo EncapsulatedContentInfo
     }
        
   CompressionAlgorithmIdentifier ::= AlgorithmIdentifier
        
   CompressionAlgorithmIdentifier ::= AlgorithmIdentifier
        

-- Algorithm Identifiers

--算法标识符

   id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
       us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }
        
   id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
       us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }
        

-- Content Type Object Identifiers

--内容类型对象标识符

   id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
       us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 }
        
   id-ct-compressedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
       us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 9 }
        

END

终止

Author Address

作者地址

Peter Gutmann University of Auckland Private Bag 92019 Auckland, New Zealand

彼得古特曼奥克兰大学私人袋92019奥克兰,新西兰

   EMail: pgut001@cs.auckland.ac.nz
        
   EMail: pgut001@cs.auckland.ac.nz
        

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2002). All Rights Reserved.

版权所有(C)互联网协会(2002年)。版权所有。

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.

上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。