RFC 2311 (rfc2311) - Page 2 of 37
S/MIME Version 2 Message Specification
Alternative Format: Original Text Document
RFC 2311 S/MIME Version 2 Message Specification March 1998
Please note: The information in this document is historical material
being published for the public record. It is not an IETF standard.
The use of the word "standard" in this document indicates a standard
for adopters of S/MIME version 2, not an IETF standard.
1.1 Specification Overview
This document describes a protocol for adding cryptographic signature
and encryption services to MIME data. The MIME standard [MIME-SPEC]
provides a general structure for the content type of Internet
messages and allows extensions for new content type applications.
This memo defines how to create a MIME body part that has been
cryptographically enhanced according to PKCS #7 [PKCS-7]. This memo
also defines the application/pkcs7-mime MIME type that can be used to
transport those body parts. This memo also defines how to create
certification requests that conform to PKCS #10 [PKCS-10], and the
application/pkcs10 MIME type for transporting those requests.
This memo also discusses how to use the multipart/signed MIME type
defined in [MIME-SECURE] to transport S/MIME signed messages. This
memo also defines the application/pkcs7-signature MIME type, which is
also used to transport S/MIME signed messages. This specification is
compatible with PKCS #7 in that it uses the data types defined by
PKCS #7.
In order to create S/MIME messages, an agent has to follow
specifications in this memo, as well as some of the specifications
listed in the following documents:
- "PKCS #1: RSA Encryption", [PKCS-1]
- "PKCS #7: Cryptographic Message Syntax", [PKCS-7]
- "PKCS #10: Certification Request Syntax", [PKCS-10]
Throughout this memo, there are requirements and recommendations made
for how receiving agents handle incoming messages. There are separate
requirements and recommendations for how sending agents create
outgoing messages. In general, the best strategy is to "be liberal in
what you receive and conservative in what you send". Most of the
requirements are placed on the handling of incoming messages while
the recommendations are mostly on the creation of outgoing messages.
The separation for requirements on receiving agents and sending
agents also derives from the likelihood that there will be S/MIME
systems that involve software other than traditional Internet mail
clients. S/MIME can be used with any system that transports MIME
Dusse, et. al. Informational