RFC 2480 (rfc2480) - Page 1 of 6


Gateways and MIME Security Multiparts



Alternative Format: Original Text Document



Network Working Group                                        N. Freed
Request for Comments: 2480               Innosoft International, Inc.
Category: Standards Track                                January 1999


                 Gateways and MIME Security Multiparts

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

1.  Abstract

   This document examines the problems associated with use of MIME
   security multiparts and gateways to non-MIME environments. A set of
   requirements for gateway behavior are defined which provide
   facilities necessary to properly accomodate the transfer of security
   multiparts through gateways.

2.  Requirements Notation

   This document occasionally uses terms that appear in capital letters.
   When the terms "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
   appear capitalized, they are being used to indicate particular
   requirements of this specification. A discussion of the meanings of
   the terms "MUST", "SHOULD", and "MAY" appears in  RFC 1123 [2]; the
   terms "MUST NOT" and "SHOULD NOT" are logical extensions of this
   usage.

3.  The Problem

   Security multiparts [RFC-1847] provide an effective way to add
   integrity and confidentiality services to protocols that employ MIME
   objects [RFC-2045, RFC-2046]. Difficulties arise, however, in
   heterogeneous environments involving gateways to environments that
   don't support MIME. Specifically:

    (1)   Security services have to be applied to MIME objects in
          their entirety. Failure to do so can lead to security
          exposures.



Freed                       Standards Track