This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 3.2. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 3851. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by

This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." To learn the current status of any Internet-Draft, please check the "1id-abstracts.txt " listing contained in the Internet- Drafts Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). This document describes the Cryptographic Message Syntax. This syntax is used to digitally sign or encrypt arbitrary messages. The Cryptographic Message Syntax is derived from PKCS #7 version 1.5. Wherever possible, backward compatibility is preserved; however, changes were necessary to accomodate attribute certificate transfer and key agreement techniques for key management. This drfat obosletes the previously released <draft-housley-smimecms-00.txt>. This draft is being discussed on the ’’ietf-smime’ ’ mailing list. To subscribe, send a message to:

We describe the design and implementation of signed executables for Linux, which provide the following strong integrity guarantees: the inability to tamper with executables and the inability to add new unauthorized executables. Unlike other implementations, ours covers statically and dynamically linked executables as well as executable scripts. In addition, we reduced the overhead of signature veri cation to almost zero by caching the successful veri cation results. The negligible overhead enables signature veri cation to be used as a basic building block for other applications of which some are described in this paper.

Several security protocols (PGP, PEM, MOSS, S/MIME, PKCS#7, CMS, etc.) have been developed to provide confidentiality and authentication of electronic mail. These protocols are widely used and trusted for private communication over the Internet. We point out a potentially serious security hole in these protocols: any encrypted message can be decrypted using a one-message, adaptive chosen-ciphertext attack. Although such attacks have been formalized mainly for theoretical interest, we argue that they are feasible in the networked systems in which these e-mail protocols are used.

Abstract. The digital signature is one of the most important cryptographic primitives. It provides data integrity, message authentication and non-repudiation, which are required attributes in security critical services, such as electronic commerce, voting or health care. Whereas previous data formats for digital signatures concentrated on signing the entire document, the XML signature standard is feasible to secure complex workflows on a document with multiple signatures. In a proof of concept implementation we demonstrate that verifying and trustworthily displaying of signed documents is realizable in standard Web browsers. The focus of our work are multisigned XML documents that introduce new requirements particularly in the field of presentation.

Even though the theory behind digital signatures is fully understood and the related cryptographic methods have proved the efficiency in deploying security services, concrete application of digital signature to real electronic documents is still hindered by the lack of standards.

Syntax Notation 1 BER Basic Encoding Rules BLOB Binary Large Object CA Certification Authority CC Common Criteria CEN Comit Europen de Normalisation (European Committee for Standardization) CMS Cryptographic Message Syntax CPS Certification Practice Statement CRL Certificate Revocation List CRT Cathode Ray Tube CSP Certification Service Provider DER Distinguished Encoding Rules DOM Document Object Model DTD Document Type Declaration EESSI European Electronic Signature Standardization Initiative ETSI European Telecommunications Standards Institute FTP File Transfer Protocol HMAC Hash-based Message Authentication Code HTML HyperText Markup Language HTTP Hypertext Transport Protocol I/O Input/Output IAIK Institut fr Angewandte Informationsverarbeitung und Kommunikationstechnologie (Institute for Applied Information Processing and Communications) 106 ICTSB Information and Communications Technologies Standards Board IETF Internet Engineering Task Force ISSS Information Society Standardization System ITSEC Information Technology Security IT Information Technology JCA Java Cryptography Architecture JCE Java Cryptography Extension JPEG Joint Photographic Experts' Group JVM Java Virtual Machine MAC Message Authentication Code MD5 Message Digest 5 MIME Multipurpose Internet Mail Extensions OCSP Online Certificate Status Protocol PC Personal Computer PDA Personal Digital Assistant PIN Personal Identification Number PKCS Public-Key Cryptography Standards PKCS#7 Public-Key Cryptography Standards Number 7 PKI Public-Key Infrastructure RIPEMD-160 RACE Integrity Primitives Evaluation Message Digest 160-bit RSA Rivest, Shamir, Adleman RTF Rich Text Format S/MIME Secure/Multipurpose Internet Mail Extensions SCD Signature Creation Data SHA-1...

This memo specifies how to incorporate International Data Encryption Algorithm (IDEA) into CMS or S/MIME as an additional strong algorithm for symmetric encryption. For organizations who make use of IDEA for data security purposes it is of high interest that IDEA is also available in S/MIME. The intention of this memo is to provide the OIDs and algorithms required that IDEA can be included in S/MIME for symmetric content and key encryption.

Syntax Notation One, as defined in CCITT X.208.

This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content.