RFC 1847 (rfc1847) - Page 2 of 11
Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted
Alternative Format: Original Text Document
RFC 1847 Security Multiparts October 1995
1. Introduction
An Internet electronic mail message consists of two parts: the
headers and the body. The headers form a collection of field/value
pairs structured according to STD 11, RFC 822 [1], whilst the body,
if structured, is defined according to MIME [2]. The basic MIME
specification does not provide specific security protection.
This document defines a framework whereby security protection
provided by other protocols may be used with MIME in a complementary
fashion. By itself, it does not specify security protection. A MIME
agent must include support for both the framework defined here and a
mechanism to interact with a security protocol defined in a separate
document. The resulting combined service provides security for
single-part and multi-part textual and non-textual messages.
The framework is provided by defining two new security subtypes of
the MIME multipart content type: signed and encrypted. In each of
the security subtypes, there are exactly two related body parts: one
for the protected data and one for the control information. The type
and contents of the control information body parts are determined by
the value of the protocol parameter of the enclosing multipart/signed
or multipart/encrypted content type, which is required to be present.
By registering new values for the required protocol parameter, the
framework is easily extended to accommodate a variety of protocols.
A MIME agent that includes support for this framework will be able to
recognize a security multipart body part and to identify its
protected data and control information body parts. If the value of
the protocol parameter is unrecognized the MIME agent will not be
able to process the security multipart. However, a MIME agent may
continue to process any other body parts that may be present.
2. Definition of Security Subtypes of Multipart
The multipart/signed content type specifies how to support
authentication and integrity services via digital signature. The
control information is carried in the second of the two required body
parts.
The multipart/encrypted content type specifies how to support
confidentiality via encryption. The control information is carried
in the first of the two required body parts.
A three-step process is described for the origination and reception
of the multipart/signed and multipart/encrypted contents. The
details of the processing performed during each step is left to be
specified by the security protocol being used.
Galvin, et al Standards Track