Internet Engineering Task Force (IETF)                         S. Turner
Request for Comments: 7193                                          IECA
Category: Informational                                       R. Housley
ISSN: 2070-1721                                           Vigil Security
                                                               J. Schaad
                                                 Soaring Hawk Consulting
                                                              April 2014
        
Internet Engineering Task Force (IETF)                         S. Turner
Request for Comments: 7193                                          IECA
Category: Informational                                       R. Housley
ISSN: 2070-1721                                           Vigil Security
                                                               J. Schaad
                                                 Soaring Hawk Consulting
                                                              April 2014
        

The application/cms Media Type

应用程序/cms媒体类型

Abstract

摘要

This document registers the application/cms media type for use with the corresponding CMS (Cryptographic Message Syntax) content types.

本文档注册应用程序/cms媒体类型,以便与相应的cms(加密消息语法)内容类型一起使用。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7193.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7193.

Copyright Notice

版权公告

Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2014 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

1. Introduction
1. 介绍

[RFC5751] registered the application/pkc7-mime media type. That document defined five optional smime-type parameters. The smime-type parameter originally conveyed details about the security applied to the data content type, indicating whether it was signed or enveloped, as well as the name of the data content; it was later expanded to indicate whether the data content is compressed and whether the data content contained a certs-only message. This document does not affect those registrations as this document places no requirements on S/MIME (Secure Multipurpose Internet Mail Extensions) agents.

[RFC5751]已注册应用程序/pkc7 mime媒体类型。该文档定义了五个可选的smime类型参数。smime type参数最初传递了有关应用于数据内容类型的安全性的详细信息,指示该类型是经过签名还是封装的,以及数据内容的名称;它后来被扩展以指示数据内容是否被压缩,以及数据内容是否包含仅限证书的消息。本文档不影响这些注册,因为本文档对S/MIME(安全多用途Internet邮件扩展)代理没有任何要求。

The registration done by the S/MIME documents was done assuming that there would be a MIME (Multipurpose Internet Mail Extensions) wrapping layer around each of the different enveloping contents; thus, there was no need to include more than one item in each smime-type. This is no longer the case with some of the more advanced enveloping types. Some protocols such as the CMC (Certificate Management over Cryptographic Message Syntax) [RFC5273] have defined additional S/MIME types. New protocols that intend to wrap MIME content should continue to define a smime-type string; however, new protocols that intend to wrap non-MIME types should use this mechanism instead.

S/MIME文档完成的注册是假设在每个不同的信封内容周围都有一个MIME(多用途互联网邮件扩展)包装层;因此,每个smime类型中不需要包含多个项。某些更高级的包络类型不再是这种情况。某些协议,如CMC(加密消息语法上的证书管理)[RFC5273]定义了其他S/MIME类型。打算包装MIME内容的新协议应该继续定义smime类型的字符串;然而,打算包装非MIME类型的新协议应该使用这种机制。

   CMS (Cryptographic Message Syntax) [RFC5652] associates a content
   type identifier (OID) with specific content; CMS content types have
   been widely used to define contents that can be enveloped using other
   CMS content types and to define enveloping content types some of
   which provide security services.  CMS protecting content types, those
   that provide security services, include: Signed-Data [RFC5652],
   Enveloped-Data [RFC5652], Digested-Data [RFC5652], Encrypted-Data
   [RFC5652], Authenticated-Data [RFC5652], Authenticated-Enveloped-Data
   [RFC5083], and Encrypted Key Package [RFC6032].  CMS non-protecting
   content types, those that provide no security services but
   encapsulate other CMS content types, include: Content Information
   [RFC5652], Compressed Data [RFC3274], Content Collection [RFC4073],
   and Content With Attributes [RFC4073].  Then, there are the innermost
   content types that include: Data [RFC5652], Asymmetric Key Package
   [RFC5958], Symmetric Key Package [RFC6031], Firmware Package
   [RFC4108], Firmware Package Load Receipt [RFC4108], Firmware Package
   Load Error [RFC4108], Trust Anchor List [RFC5914], TAMP Status Query,
   TAMP Status Response, TAMP Update, TAMP Update Confirm, TAMP Apex
   Update, TAMP Apex Update Confirmation, TAMP Community Update, TAMP
   Community Update Confirm, TAMP Sequence Adjust, TAMP Sequence Adjust
   Confirmation, TAMP Error [RFC5934], Key Package Error, and Key
   Package Receipt [RFC7191].
        
   CMS (Cryptographic Message Syntax) [RFC5652] associates a content
   type identifier (OID) with specific content; CMS content types have
   been widely used to define contents that can be enveloped using other
   CMS content types and to define enveloping content types some of
   which provide security services.  CMS protecting content types, those
   that provide security services, include: Signed-Data [RFC5652],
   Enveloped-Data [RFC5652], Digested-Data [RFC5652], Encrypted-Data
   [RFC5652], Authenticated-Data [RFC5652], Authenticated-Enveloped-Data
   [RFC5083], and Encrypted Key Package [RFC6032].  CMS non-protecting
   content types, those that provide no security services but
   encapsulate other CMS content types, include: Content Information
   [RFC5652], Compressed Data [RFC3274], Content Collection [RFC4073],
   and Content With Attributes [RFC4073].  Then, there are the innermost
   content types that include: Data [RFC5652], Asymmetric Key Package
   [RFC5958], Symmetric Key Package [RFC6031], Firmware Package
   [RFC4108], Firmware Package Load Receipt [RFC4108], Firmware Package
   Load Error [RFC4108], Trust Anchor List [RFC5914], TAMP Status Query,
   TAMP Status Response, TAMP Update, TAMP Update Confirm, TAMP Apex
   Update, TAMP Apex Update Confirmation, TAMP Community Update, TAMP
   Community Update Confirm, TAMP Sequence Adjust, TAMP Sequence Adjust
   Confirmation, TAMP Error [RFC5934], Key Package Error, and Key
   Package Receipt [RFC7191].
        

To support conveying CMS content types, this document defines a media type and parameters that indicate the enveloping and embedded CMS content types.

为了支持传输CMS内容类型,本文档定义了一种媒体类型和参数,用于指示封装和嵌入的CMS内容类型。

New CMS content types should be affirmative in defining the string that identifies the new content type and should additionally define if the new content type is expected to appear in the encapsulatedContent or innerContent parameter.

在定义标识新内容类型的字符串时,新CMS内容类型应该是肯定的,并且应该另外定义新内容类型是否预期出现在封装内容或innerContent参数中。

1.1. Requirements Terminology
1.1. 需求术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。

2. CMS Media Type Registration Applications
2. CMS媒体类型注册应用程序

This section provides the media type registration application for the application/cms media type (see [RFC6838], Section 5.6).

本节提供应用程序/cms介质类型的介质类型注册应用程序(见[RFC6838],第5.6节)。

Type name: application

类型名称:应用程序

Subtype name: cms

子类型名称:cms

Required parameters: None.

所需参数:无。

Optional parameters:

可选参数:

encapsulatingContent=y; where y is one or more CMS ECT (Encapsulating Content Type) identifiers; multiple values are encapsulated in quotes and separated by a folding-whitespace, a comma, and folding-whitespace. ECT values are based on content types found in [RFC3274], [RFC4073], [RFC5083], [RFC5652], and [RFC6032]. This list can later be extended; see Section 4.

封装内容=y;其中y是一个或多个CMS ECT(封装内容类型)标识符;多个值封装在引号中,并由折叠空格、逗号和折叠空格分隔。ECT值基于[RFC3274]、[RFC4073]、[RFC5083]、[RFC5652]和[RFC6032]中的内容类型。该列表可在以后扩展;见第4节。

authData compressedData contentCollection contentInfo contentWithAttrs authEnvelopedData encryptedKeyPkg digestData encryptedData envelopedData signedData

authData compressedData contentCollection contentInfo contentWithAttrs authEnvelopedData encryptedKeyPkg digestData encryptedData envelopedData signedData

innerContent=x; where x is one or more CMS ICT (Inner Content Type) identifiers; multiple values encapsulated in quotes and are separated by a folding-whitespace, a comma, and folding-whitespace. ICT values are based on content types found in [RFC4108], [RFC5914], [RFC5934], [RFC5958], [RFC6031], and [RFC7191]. This list can later be extended; see Section 4.

innerContent=x;其中x是一个或多个CMS-ICT(内部内容类型)标识符;多个值封装在引号中,由折叠空格、逗号和折叠空格分隔。ICT值基于[RFC4108]、[RFC5914]、[RFC5934]、[RFC5958]、[RFC6031]和[RFC7191]中的内容类型。该列表可在以后扩展;见第4节。

firmwarePackage firmwareLoadReceipt firmwareLoadError aKeyPackage sKeyPackage trustAnchorList TAMP-statusQuery TAMP-statusResponse TAMP-update TAMP-updateConfirm TAMP-apexUpdate TAMP-apexUpdateConfirm TAMP-communityUpdate TAMP-communityUpdateConfirm TAMP-seqNumAdjust TAMP-seqNumAdjustConfirm TAMP-error keyPackageReceipt keyPackageError

firmwarePackage firmwareLoadReceipt firmwareLoader错误aKeyPackage sKeyPackage trusthor列表TAMP状态查询TAMP状态响应TAMP更新TAMP更新确认TAMP apex更新TAMP apex更新TAMP apex确认TAMP社区更新TAMP社区更新TAMP社区更新确认TAMP seq num仅TAMP seq num仅确认TAMP错误keyPackageReceipt keyPackageError

The optional parameters are case sensitive.

可选参数区分大小写。

Encoding considerations:

编码注意事项:

Binary.

二进制的

[RFC5652] requires that the outermost encapsulation be ContentInfo.

[RFC5652]要求最外层的封装是ContentInfo。

Security considerations:

安全考虑:

The following security considerations apply:

以下安全注意事项适用:

      RFC       | CMS Protecting Content Type and Algorithms
      ----------+-------------------------------------------
      [RFC3370] | signedData, envelopedData,
      [RFC5652] | digestedData, encryptedData, and
      [RFC5753] | authData
      [RFC5754] |
      ----------+-------------------------------------------
      [RFC5958] | aKeyPackage
      [RFC5959] |
      [RFC6162] |
      ----------+-------------------------------------------
      [RFC6031] | sKeyPackage
      [RFC6160] |
      ----------+-------------------------------------------
      [RFC6032] | encryptedKeyPkg
      [RFC6033] |
      [RFC6161] |
      ----------+-------------------------------------------
      [RFC5914] | trustAnchorList
      ----------+-------------------------------------------
      [RFC3274] | compressedData
      ----------+-------------------------------------------
      [RFC5083] | authEnvelopedData
      [RFC5084] |
      ----------+-------------------------------------------
      [RFC4073] | contentCollection and
                | contentWithAttrs
      ----------+-------------------------------------------
      [RFC4108] | firmwarePackage,
                | firmwareLoadReceipt, and
                | firmwareLoadError
      ----------+-------------------------------------------
      [RFC5934] | TAMP-statusQuery, TAMP-statusResponse,
                | TAMP-update, TAMP-updateConfirm,
                | TAMP-apexUpdate,
                | TAMP-apexUpdateConfirm,
                | TAMP-communityUpdate,
                | TAMP-communityUpdateConfirm,
                | TAMP-seqNumAdjust,
                | TAMP-seqNumAdjustConfirm, and
                | TAMP-error
      ----------+-------------------------------------------
      [RFC7191] |keyPackageReceipt and keyPackageError
      ----------+-------------------------------------------
        
      RFC       | CMS Protecting Content Type and Algorithms
      ----------+-------------------------------------------
      [RFC3370] | signedData, envelopedData,
      [RFC5652] | digestedData, encryptedData, and
      [RFC5753] | authData
      [RFC5754] |
      ----------+-------------------------------------------
      [RFC5958] | aKeyPackage
      [RFC5959] |
      [RFC6162] |
      ----------+-------------------------------------------
      [RFC6031] | sKeyPackage
      [RFC6160] |
      ----------+-------------------------------------------
      [RFC6032] | encryptedKeyPkg
      [RFC6033] |
      [RFC6161] |
      ----------+-------------------------------------------
      [RFC5914] | trustAnchorList
      ----------+-------------------------------------------
      [RFC3274] | compressedData
      ----------+-------------------------------------------
      [RFC5083] | authEnvelopedData
      [RFC5084] |
      ----------+-------------------------------------------
      [RFC4073] | contentCollection and
                | contentWithAttrs
      ----------+-------------------------------------------
      [RFC4108] | firmwarePackage,
                | firmwareLoadReceipt, and
                | firmwareLoadError
      ----------+-------------------------------------------
      [RFC5934] | TAMP-statusQuery, TAMP-statusResponse,
                | TAMP-update, TAMP-updateConfirm,
                | TAMP-apexUpdate,
                | TAMP-apexUpdateConfirm,
                | TAMP-communityUpdate,
                | TAMP-communityUpdateConfirm,
                | TAMP-seqNumAdjust,
                | TAMP-seqNumAdjustConfirm, and
                | TAMP-error
      ----------+-------------------------------------------
      [RFC7191] |keyPackageReceipt and keyPackageError
      ----------+-------------------------------------------
        

In some circumstances, significant information can be leaked by disclosing what the innermost ASN.1 structure is. In these cases, it is acceptable to disclose the wrappers without disclosing the inner content type.

在某些情况下,通过披露最内部的ASN.1结构可能会泄露重要信息。在这些情况下,可以在不披露内部内容类型的情况下披露包装。

ASN.1 encoding rules (e.g., DER and BER) have a type-length-value structure, and it is easy to construct malicious content with invalid length fields that can cause buffer overrun conditions. ASN.1 encoding rules allows for arbitrary levels of nesting, which may make it possible to construct malicious content that will cause a stack overflow. Interpreters of ASN.1 structures should be aware of these issues and should take appropriate measures to guard against buffer overflows and stack overruns in particular and malicious content in general.

ASN.1编码规则(如DER和BER)具有类型-长度-值结构,很容易使用无效长度字段构造恶意内容,从而导致缓冲区溢出情况。ASN.1编码规则允许任意级别的嵌套,这可能导致构建恶意内容,从而导致堆栈溢出。ASN.1结构的解释器应了解这些问题,并应采取适当措施防止缓冲区溢出和堆栈溢出,尤其是恶意内容。

Interoperability considerations:

互操作性注意事项:

See [RFC3274], [RFC4073], [RFC4108], [RFC5083], [RFC5652], [RFC5914], [RFC5934], [RFC5958], [RFC6031], [RFC6032], and [RFC7191].

参见[RFC3274]、[RFC4073]、[RFC4108]、[RFC5083]、[RFC5652]、[RFC5914]、[RFC5934]、[RFC5958]、[RFC6031]、[RFC6032]和[RFC7191]。

In all cases, CMS content types are encapsulated within ContentInfo structures [RFC5652]; that is the outermost enveloping structure is ContentInfo.

在所有情况下,CMS内容类型都封装在ContentInfo结构[RFC5652]中;也就是说,最外层的封装结构是ContentInfo。

CMS [RFC5652] defines slightly different processing rules for SignedData than does PKCS #7 [RFC2315]. This media type employs the CMS processing rules.

CMS[RFC5652]为SignedData定义的处理规则与PKCS#7[RFC2315]稍有不同。此媒体类型采用CMS处理规则。

The Content-Type header field of all application/cms objects SHOULD include the optional "encapsulatingContent" and "innerContent" parameters.

所有应用程序/cms对象的内容类型标题字段应包括可选的“封装内容”和“内部内容”参数。

The Content-Disposition header field [RFC4021] can also be included along with Content-Type's optional name parameter.

内容处置标题字段[RFC4021]也可以与内容类型的可选名称参数一起包含。

Published specification: This specification.

已发布规范:本规范。

Applications that use this media type:

使用此媒体类型的应用程序:

Applications that support CMS (Cryptographic Message Syntax) content types.

支持CMS(加密消息语法)内容类型的应用程序。

Fragment identifier considerations: N/A

片段标识符注意事项:不适用

Additional information:

其他信息:

Magic number(s): None File extension(s): .cmsc Macintosh File Type Code(s):

幻数:无文件扩展名:.cmsc Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

      Sean Turner <turners@ieca.com>
        
      Sean Turner <turners@ieca.com>
        

Intended usage: COMMON

预期用途:普通

Restrictions on usage: none

使用限制:无

   Author: Sean Turner <turners@ieca.com>
        
   Author: Sean Turner <turners@ieca.com>
        
   Change controller: The IESG <iesg@ietf.org>
        
   Change controller: The IESG <iesg@ietf.org>
        
3. Example
3. 实例

The following is an example encrypted status response message:

以下是加密状态响应消息的示例:

      MIME-Version: 1.0
      Content-Type: application/cms; encapsulatingContent=encryptedData;
                    innerContent=TAMP-statusResponse; name=status.cmsc
      Content-Transfer-Encoding: base64
        
      MIME-Version: 1.0
      Content-Type: application/cms; encapsulatingContent=encryptedData;
                    innerContent=TAMP-statusResponse; name=status.cmsc
      Content-Transfer-Encoding: base64
        
      MIIFLQYJKoZIhvcNAQcDoIIFHjCCBRoCAQAxggFhMIIBXQIBADBFMEAxC
      zAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMD
      ExMRAwDgYDVQQDEwdHb29kIENBAgEBMA0GCSqGSIb3DQEBAQUABIIBAEa
      uaXQeVsOyZ7gz0pJikRQ6Jqr64k2dbHBE4SDZL/uErP9FJUIja9LaJrc5
      S83EZ7wf3mODUBaDhGfQVKoPrNTsLmw98fE/O+wcdpI2XKaILOR62xDJR
      emQQST+EPfMwZmCwgsImmY3AxefAgzp8hVgK7SDiXGXfa9ux9PMdCSjHP
      IgcAUFHmTiqxYd72Gl08kLCMIXmn3g5RsYUggxooeFNHiFNR28TV5HctG
      i6Ay5++iKUGrUQyXD+GlwakFToGFmFj3FMyZi7+kYV/X00BiBP3kpIgVJ
      4jCj+nYtKWh6JXPoEqEsa39GmDEFGq4/58GEu70amWvW1DA++7kDP4gwg
      gOuBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAECBBCH5yTQqZ4KYiTTeYdjoY
      4sgIIDgArSpOcengKnZS4SCjfuQkMxB5wfSaud1thlZ+gUFCgzbFtkfYM
      Qx/T7gnkneniyj2rwOmZxCQXpPlCDXH6mS83ngfrNN8ay3HrMPpVkEOmW
      UMc5jI6oNObwqi8a3ezzhYRxF06jzdD2R/6SAPALz3Q4NU8eX+PnuekgR
      oxo/INzhT4iGvokn9xVah6piSbjhPA+QZp1HgQrlWyyM3lG9jn4thchKl
      FQqZEy/EBaCWq+sJG7LLxqS5k29CiAVx0JSItqAPvX1ZvLMY2aq//MQMw
      0VFEx7Kt5aWNvKHTor9RUuuzwiZ5kwXt2vJt6bFiV7yS+EXofpFEmqyJP
      VJzyAFIXJRTv4k007n0M1UpXQpGjywECI6DbIhfBL8CsNskTCjrsfU+Tw
      RRkRKAbtJYughs9bDYkDu9UsKd/AE4zXk4prwo8/f1chpmzpHKOXiWzt+
      xaCj648I4rOjdI9s4JP8J0qwVKoLEMGeiZlf2UlaiyMzZYzTOxI03PHp1
      Whk6TXhnmMVPWGYjjelvE38gq/XynobbQRGEJdnnHzH7SrS27FmgRcnBO
      3QQUPJChVn7iBHmdui++GAxpHoGdS6nSo4kQ6d5u5rL/Ctcnwu0k+s0Xi
      ZMzOqp7L31xl1jvYUWIswLQYsIFoiejU3UTKzq/Cpd5MK+I8cwCM3aQ2c
      D08URTPgu+U92pnYqm3auptywyjGAU/hkZ13XN7YRhLk/kuX8QXo3tZdj
      dKA4f/uNf1DURpJK9004uCkxuAtu5HemMv7YPTTx9Ua2pZFW5O+k2Mf2Z
      F/geOvtNw7UV8wOT1nokXu9lnIZ9Xcs1cGGmRYE7jW15F07uGnMi1s2Gt
      LAST7t/PlTNZU6h0rVExErVa7T+VNidrgwGIke0YqYIwvTINRs+9VeJE3
      AJeatDlQs+01jrqqFWWmGmmsEBTTRuoDQHK7YBFFy4xIwQqZGW0EVre39
      OU5CL5LHIYiAVoV16YwiGd5WvFF8P1ZJK4ki8GFgYiMcPKmjQgP7DumqG
      n7eQtMD5tezTQeC07ntV3bi5pdznZHVcF2Kqg+qHjJQlhUdK7Pew3kq7k
      mfCdQV0BmQSYyjEAaTijaw4fAMxAbiw4OU0eNeU//zcpp04AuTFfJorIg
      oZ+iCTYei8HMUA9/ysLFXA64wdsuCj0zXmNiYwosisuNg3TXfoBOzohKq
      fkeXt
        
      MIIFLQYJKoZIhvcNAQcDoIIFHjCCBRoCAQAxggFhMIIBXQIBADBFMEAxC
      zAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMD
      ExMRAwDgYDVQQDEwdHb29kIENBAgEBMA0GCSqGSIb3DQEBAQUABIIBAEa
      uaXQeVsOyZ7gz0pJikRQ6Jqr64k2dbHBE4SDZL/uErP9FJUIja9LaJrc5
      S83EZ7wf3mODUBaDhGfQVKoPrNTsLmw98fE/O+wcdpI2XKaILOR62xDJR
      emQQST+EPfMwZmCwgsImmY3AxefAgzp8hVgK7SDiXGXfa9ux9PMdCSjHP
      IgcAUFHmTiqxYd72Gl08kLCMIXmn3g5RsYUggxooeFNHiFNR28TV5HctG
      i6Ay5++iKUGrUQyXD+GlwakFToGFmFj3FMyZi7+kYV/X00BiBP3kpIgVJ
      4jCj+nYtKWh6JXPoEqEsa39GmDEFGq4/58GEu70amWvW1DA++7kDP4gwg
      gOuBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAECBBCH5yTQqZ4KYiTTeYdjoY
      4sgIIDgArSpOcengKnZS4SCjfuQkMxB5wfSaud1thlZ+gUFCgzbFtkfYM
      Qx/T7gnkneniyj2rwOmZxCQXpPlCDXH6mS83ngfrNN8ay3HrMPpVkEOmW
      UMc5jI6oNObwqi8a3ezzhYRxF06jzdD2R/6SAPALz3Q4NU8eX+PnuekgR
      oxo/INzhT4iGvokn9xVah6piSbjhPA+QZp1HgQrlWyyM3lG9jn4thchKl
      FQqZEy/EBaCWq+sJG7LLxqS5k29CiAVx0JSItqAPvX1ZvLMY2aq//MQMw
      0VFEx7Kt5aWNvKHTor9RUuuzwiZ5kwXt2vJt6bFiV7yS+EXofpFEmqyJP
      VJzyAFIXJRTv4k007n0M1UpXQpGjywECI6DbIhfBL8CsNskTCjrsfU+Tw
      RRkRKAbtJYughs9bDYkDu9UsKd/AE4zXk4prwo8/f1chpmzpHKOXiWzt+
      xaCj648I4rOjdI9s4JP8J0qwVKoLEMGeiZlf2UlaiyMzZYzTOxI03PHp1
      Whk6TXhnmMVPWGYjjelvE38gq/XynobbQRGEJdnnHzH7SrS27FmgRcnBO
      3QQUPJChVn7iBHmdui++GAxpHoGdS6nSo4kQ6d5u5rL/Ctcnwu0k+s0Xi
      ZMzOqp7L31xl1jvYUWIswLQYsIFoiejU3UTKzq/Cpd5MK+I8cwCM3aQ2c
      D08URTPgu+U92pnYqm3auptywyjGAU/hkZ13XN7YRhLk/kuX8QXo3tZdj
      dKA4f/uNf1DURpJK9004uCkxuAtu5HemMv7YPTTx9Ua2pZFW5O+k2Mf2Z
      F/geOvtNw7UV8wOT1nokXu9lnIZ9Xcs1cGGmRYE7jW15F07uGnMi1s2Gt
      LAST7t/PlTNZU6h0rVExErVa7T+VNidrgwGIke0YqYIwvTINRs+9VeJE3
      AJeatDlQs+01jrqqFWWmGmmsEBTTRuoDQHK7YBFFy4xIwQqZGW0EVre39
      OU5CL5LHIYiAVoV16YwiGd5WvFF8P1ZJK4ki8GFgYiMcPKmjQgP7DumqG
      n7eQtMD5tezTQeC07ntV3bi5pdznZHVcF2Kqg+qHjJQlhUdK7Pew3kq7k
      mfCdQV0BmQSYyjEAaTijaw4fAMxAbiw4OU0eNeU//zcpp04AuTFfJorIg
      oZ+iCTYei8HMUA9/ysLFXA64wdsuCj0zXmNiYwosisuNg3TXfoBOzohKq
      fkeXt
        
4. IANA Considerations
4. IANA考虑

IANA has registered the media type application/cms in the Standards tree using the applications provided in Section 2 of this document.

IANA已使用本文件第2节提供的应用程序在标准树中注册了媒体类型应用程序/cms。

IANA has established two subtype registries called "CMS Encapsulating Content Types" and "CMS Inner Content Types". Entries in these registries are allocated by Expert Review [RFC5226]. The Expert will determine whether the content is an ECT or an ICT, where the rule is that an ICT does not encapsulate another content type while an ECT does encapsulate another content type.

IANA建立了两个子类型注册中心,称为“CMS封装内容类型”和“CMS内部内容类型”。这些登记册中的条目由专家评审[RFC5226]分配。专家将确定内容是ECT还是ICT,其中的规则是ICT不封装另一种内容类型,而ECT封装另一种内容类型。

Initial values are as follows:

初始值如下所示:

CMS Encapsulating Content Types

CMS封装内容类型

   Name                        | Document | Object Identifier
   ----------------------------+----------+---------------------------
   authData                    |[RFC5652] | 1.2.840.113549.1.9.16.1.2
   compressedData              |[RFC3274] | 1.2.840.113549.1.9.16.1.9
   contentCollection           |[RFC4073] | 1.2.840.113549.1.9.16.1.19
   contentInfo                 |[RFC5652] | 1.2.840.113549.1.9.16.1.6
   contentWithAttrs            |[RFC4073] | 1.2.840.113549.1.9.16.1.20
   authEnvelopedData           |[RFC5083] | 1.2.840.113549.1.9.16.1.23
   encryptedKeyPkg             |[RFC6032] | 2.16.840.1.101.2.1.2.78.2
   digestData                  |[RFC5652] | 1.2.840.113549.1.9.16.1.5
   encryptedData               |[RFC5652] | 1.2.840.113549.1.9.16.1.6
   envelopedData               |[RFC5652] | 1.2.840.113549.1.9.16.1.3
   signedData                  |[RFC5652] | 1.2.840.113549.1.9.16.1.2
        
   Name                        | Document | Object Identifier
   ----------------------------+----------+---------------------------
   authData                    |[RFC5652] | 1.2.840.113549.1.9.16.1.2
   compressedData              |[RFC3274] | 1.2.840.113549.1.9.16.1.9
   contentCollection           |[RFC4073] | 1.2.840.113549.1.9.16.1.19
   contentInfo                 |[RFC5652] | 1.2.840.113549.1.9.16.1.6
   contentWithAttrs            |[RFC4073] | 1.2.840.113549.1.9.16.1.20
   authEnvelopedData           |[RFC5083] | 1.2.840.113549.1.9.16.1.23
   encryptedKeyPkg             |[RFC6032] | 2.16.840.1.101.2.1.2.78.2
   digestData                  |[RFC5652] | 1.2.840.113549.1.9.16.1.5
   encryptedData               |[RFC5652] | 1.2.840.113549.1.9.16.1.6
   envelopedData               |[RFC5652] | 1.2.840.113549.1.9.16.1.3
   signedData                  |[RFC5652] | 1.2.840.113549.1.9.16.1.2
        

CMS Inner Content Types

CMS内部内容类型

   Name                        | Document | Object Identifier
   ----------------------------+----------+---------------------------
   firmwarePackage             |[RFC4108] | 1.2.840.113549.1.9.16.1.16
   firmwareLoadReceipt         |[RFC4108] | 1.2.840.113549.1.9.16.1.17
   firmwareLoadError           |[RFC4108] | 1.2.840.113549.1.9.16.1.18
   aKeyPackage                 |[RFC5958] | 2.16.840.1.101.2.1.2.78.5
   sKeyPackage                 |[RFC6031] | 1.2.840.113549.1.9.16.1.25
   trustAnchorList             |[RFC5914] | 1.2.840.113549.1.9.16.1.34
   TAMP-statusQuery            |[RFC5934] | 2.16.840.1.101.2.1.2.77.1
   TAMP-statusResponse         |[RFC5934] | 2.16.840.1.101.2.1.2.77.2
   TAMP-update                 |[RFC5934] | 2.16.840.1.101.2.1.2.77.3
   TAMP-updateConfirm          |[RFC5934] | 2.16.840.1.101.2.1.2.77.4
   TAMP-apexUpdate             |[RFC5934] | 2.16.840.1.101.2.1.2.77.5
   TAMP-apexUpdateConfirm      |[RFC5934] | 2.16.840.1.101.2.1.2.77.6
   TAMP-communityUpdate        |[RFC5934] | 2.16.840.1.101.2.1.2.77.7
   TAMP-communityUpdateConfirm |[RFC5934] | 2.16.840.1.101.2.1.2.77.8
   TAMP-seqNumAdjust           |[RFC5934] | 2.16.840.1.101.2.1.2.77.10
   TAMP-seqNumAdjustConfirm    |[RFC5934] | 2.16.840.1.101.2.1.2.77.11
   TAMP-error                  |[RFC5934] | 2.16.840.1.101.2.1.2.77.9
   keyPackageReceipt           |[RFC7191] | 2.16.840.1.101.2.1.2.78.3
   keyPackageError             |[RFC7191] | 2.16.840.1.101.2.1.2.78.6
        
   Name                        | Document | Object Identifier
   ----------------------------+----------+---------------------------
   firmwarePackage             |[RFC4108] | 1.2.840.113549.1.9.16.1.16
   firmwareLoadReceipt         |[RFC4108] | 1.2.840.113549.1.9.16.1.17
   firmwareLoadError           |[RFC4108] | 1.2.840.113549.1.9.16.1.18
   aKeyPackage                 |[RFC5958] | 2.16.840.1.101.2.1.2.78.5
   sKeyPackage                 |[RFC6031] | 1.2.840.113549.1.9.16.1.25
   trustAnchorList             |[RFC5914] | 1.2.840.113549.1.9.16.1.34
   TAMP-statusQuery            |[RFC5934] | 2.16.840.1.101.2.1.2.77.1
   TAMP-statusResponse         |[RFC5934] | 2.16.840.1.101.2.1.2.77.2
   TAMP-update                 |[RFC5934] | 2.16.840.1.101.2.1.2.77.3
   TAMP-updateConfirm          |[RFC5934] | 2.16.840.1.101.2.1.2.77.4
   TAMP-apexUpdate             |[RFC5934] | 2.16.840.1.101.2.1.2.77.5
   TAMP-apexUpdateConfirm      |[RFC5934] | 2.16.840.1.101.2.1.2.77.6
   TAMP-communityUpdate        |[RFC5934] | 2.16.840.1.101.2.1.2.77.7
   TAMP-communityUpdateConfirm |[RFC5934] | 2.16.840.1.101.2.1.2.77.8
   TAMP-seqNumAdjust           |[RFC5934] | 2.16.840.1.101.2.1.2.77.10
   TAMP-seqNumAdjustConfirm    |[RFC5934] | 2.16.840.1.101.2.1.2.77.11
   TAMP-error                  |[RFC5934] | 2.16.840.1.101.2.1.2.77.9
   keyPackageReceipt           |[RFC7191] | 2.16.840.1.101.2.1.2.78.3
   keyPackageError             |[RFC7191] | 2.16.840.1.101.2.1.2.78.6
        
5. Security Considerations
5. 安全考虑

See the answer to the Security Considerations template questions in Section 2.

请参阅第2节中安全注意事项模板问题的答案。

6. Acknowledgments
6. 致谢

Special thanks to Carl Wallace for generating the example in Section 3.

特别感谢Carl Wallace在第3节中提供了示例。

7. References
7. 工具书类
7.1. Normative References
7.1. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC3274] Gutmann, P., "Compressed Data Content Type for Cryptographic Message Syntax (CMS)", RFC 3274, June 2002.

[RFC3274]Gutmann,P.,“加密消息语法(CMS)的压缩数据内容类型”,RFC 3274,2002年6月。

[RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, August 2002.

[RFC3370]Housley,R.,“加密消息语法(CMS)算法”,RFC3370,2002年8月。

[RFC4021] Klyne, G. and J. Palme, "Registration of Mail and MIME Header Fields", RFC 4021, March 2005.

[RFC4021]Klyne,G.和J.Palme,“邮件和MIME头字段的注册”,RFC4021,2005年3月。

[RFC4073] Housley, R., "Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)", RFC 4073, May 2005.

[RFC4073]Housley,R.,“使用加密消息语法(CMS)保护多个内容”,RFC 4073,2005年5月。

[RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages", RFC 4108, August 2005.

[RFC4108]Housley,R.“使用加密消息语法(CMS)保护固件包”,RFC 4108,2005年8月。

[RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type", RFC 5083, November 2007.

[RFC5083]Housley,R.,“加密消息语法(CMS)认证的信封数据内容类型”,RFC 5083,2007年11月。

[RFC5084] Housley, R., "Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)", RFC 5084, November 2007.

[RFC5084]Housley,R.,“在加密消息语法(CMS)中使用AES-CCM和AES-GCM认证加密”,RFC 5084,2007年11月。

[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.

[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,2008年5月。

[RFC5273] Schaad, J. and M. Myers, "Certificate Management over CMS (CMC): Transport Protocols", RFC 5273, June 2008.

[RFC5273]Schaad,J.和M.Myers,“CMS上的证书管理(CMC):传输协议”,RFC 5273,2008年6月。

[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, RFC 5652, September 2009.

[RFC5652]Housley,R.,“加密消息语法(CMS)”,STD 70,RFC 56522009年9月。

[RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)", RFC 5753, January 2010.

[RFC5753]Turner,S.和D.Brown,“加密消息语法(CMS)中椭圆曲线加密(ECC)算法的使用”,RFC 5753,2010年1月。

[RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic Message Syntax", RFC 5754, January 2010.

[RFC5754]Turner,S.,“将SHA2算法与加密消息语法结合使用”,RFC 5754,2010年1月。

[RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor Format", RFC 5914, June 2010.

[RFC5914]Housley,R.,Ashmore,S.,和C.Wallace,“信任锚格式”,RFC 59142010年6月。

[RFC5934] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor Management Protocol (TAMP)", RFC 5934, August 2010.

[RFC5934]Housley,R.,Ashmore,S.,和C.Wallace,“信任锚管理协议(TAMP)”,RFC 59342010年8月。

[RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, August 2010.

[RFC5958]Turner,S.,“非对称密钥包”,RFC 5958,2010年8月。

[RFC5959] Turner, S., "Algorithms for Asymmetric Key Package Content Type", RFC 5959, August 2010.

[RFC5959]Turner,S.“非对称密钥包内容类型的算法”,RFC 59592010年8月。

[RFC6031] Turner, S. and R. Housley, "Cryptographic Message Syntax (CMS) Symmetric Key Package Content Type", RFC 6031, December 2010.

[RFC6031]Turner,S.和R.Housley,“加密消息语法(CMS)对称密钥包内容类型”,RFC 60312010年12月。

[RFC6032] Turner, S. and R. Housley, "Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type", RFC 6032, December 2010.

[RFC6032]Turner,S.和R.Housley,“加密消息语法(CMS)加密密钥包内容类型”,RFC 60322010年12月。

[RFC6033] Turner, S., "Algorithms for Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type", RFC 6033, December 2010.

[RFC6033]Turner,S.,“加密消息语法(CMS)加密密钥包内容类型的算法”,RFC 6033,2010年12月。

[RFC6160] Turner, S., "Algorithms for Cryptographic Message Syntax (CMS) Protection of Symmetric Key Package Content Types", RFC 6160, April 2011.

[RFC6160]Turner,S.“对称密钥包内容类型的加密消息语法(CMS)保护算法”,RFC 61602011年4月。

[RFC6161] Turner, S., "Elliptic Curve Algorithms for Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type", RFC 6161, April 2011.

[RFC6161]Turner,S.“加密消息语法(CMS)加密密钥包内容类型的椭圆曲线算法”,RFC 61612011年4月。

[RFC6162] Turner, S., "Elliptic Curve Algorithms for Cryptographic Message Syntax (CMS) Asymmetric Key Package Content Type", RFC 6162, April 2011.

[RFC6162]Turner,S.“加密消息语法(CMS)非对称密钥包内容类型的椭圆曲线算法”,RFC 6162,2011年4月。

[RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type Specifications and Registration Procedures", BCP 13, RFC 6838, January 2013.

[RFC6838]Freed,N.,Klensin,J.和T.Hansen,“媒体类型规范和注册程序”,BCP 13,RFC 6838,2013年1月。

[RFC7191] Housley, R., "Cryptographic Message Syntax (CMS) Key Package Receipt and Error Content Types", RFC 7191, April 2014.

[RFC7191]Housley,R.,“加密消息语法(CMS)密钥包接收和错误内容类型”,RFC 71912014年4月。

7.2. Informative References
7.2. 资料性引用

[RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version 1.5", RFC 2315, March 1998.

[RFC2315]Kaliski,B.,“PKCS#7:加密消息语法版本1.5”,RFC 2315,1998年3月。

[RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification", RFC 5751, January 2010.

[RFC5751]Ramsdell,B.和S.Turner,“安全/多用途Internet邮件扩展(S/MIME)版本3.2消息规范”,RFC 57512010年1月。

Authors' Addresses

作者地址

Sean Turner IECA, Inc. 3057 Nutley Street, Suite 106 Fairfax, VA 22031 USA

Sean Turner IECA,Inc.美国弗吉尼亚州费尔法克斯市努特利街3057号106室,邮编22031

   EMail: turners@ieca.com
   Phone: +1.703.628.3180
        
   EMail: turners@ieca.com
   Phone: +1.703.628.3180
        

Russell Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 USA

Russell Housley Vigil Security,LLC 918 Spring Knoll Drive Herndon,弗吉尼亚州,邮编20170

   EMail: housley@vigilsec.com
        
   EMail: housley@vigilsec.com
        

Jim Schaad Soaring Hawk Consulting

吉姆·沙德·霍克咨询公司

   EMail: ietf@augustcellars.com
        
   EMail: ietf@augustcellars.com