[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 12 RFC 5402

Internet Draft                                     Editor: Terry Harding
draft-ietf-ediint-compression-03.txt               Cyclone Commerce Inc.
December 1, 2003                                           December 2003
Expires June 2004
Target Category: Informational

                  Compressed Data for EDIINT

Status of this memo

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups.  Note that other
groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

Copyright (C) The Internet Society July 2001.  All Rights Reserved.

Abstract

The intent of this document is to be placed on the RFC track as an
Informational RFC.

The EDIINT AS1 and AS2 message formats don't currently contain any
transport neutral provisions for compressing data when utilizing S/MIME
as the secure packaging standard. Compressing data before transmission
provides a number of advantages including

1. reducing data redundancy, and so reducing opportunities for attacks
   exploiting redundancy, and
2. reducing the amount of data and so speeding up cryptographic
   processing such as signing, encryption, archiving, and
3. reducing the overall transmitted message size, reducing both time and
   bandwidth needed for transport.


1. Introduction

This document describes an additional mime layer of compressed data
utilizing a new ContentInfo type for S/MIME. This new compressed-data
content type is an extension to the types currently defined in
CMS[RFC2630]. Further reference can be found in the reference section

Harding                                                         [Page 1]

Compressed Data for EDIINT                              December 1, 2003

under [COMPRESSED-DATA]. The method of compression outlined in this
document will support any type of business related media. Documents
containing a large percentage of ASCII characters like xml, x12 or
edifact will experience greater compression ratios than documents
consisting largely of binary data. Ex: MSWord documents.


The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
"RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in [RFC2119].

1.1Compressed-Data Mime Wrapper

The compressed-data cms object will encapsulate a mime wrapped business
document. Implementors are to follow the appropriate specifications
identified under "References" in [MIME-TYPES], for the type of object
being transmitted. For example, to send an XML object, the MIME media
type of application/xml is used in the Content-type MIME header and the
specifications for enveloping the object are contained in [XMLTYPES];
for example:

        Content-type: application/xml; charset="utf-8"

The mime wrapped object will be compressed and placed inside a CMS
compressed-data object as outlined in [COMPRESSED-DATA]. The compressed
data object will be mime wrapped according to details outlined in
[S/MIMEBIS],Section 3.5.

Working Example:

Content-Type: application/pkcs7-mime; smime-type=compressed-data;
        name=smime.p7z
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7z

MIAGCyqGSIb3DQEJEAEJoIAwgAIBADANBgsqhkiG9w0BCRADCDCABgkqhkiG9w0BBwGggCSABIIC
Hnic7ZRdb9owFIbvK/k/5PqVYPFXGK12YYyboVFASSp1vQtZGiLRACZE49/XHoUW7S/0tXP8Efux
fU5ivWnasml72XFb3gb5druui7ytN803M570nii7C5r8tfwR281hy/p/KSM3+jzH5s3+pbQ90xSb
P3VT3QbLusnt8WPIuN5vN/vaA2+DulnXTXkXvNTr8j8ouZmkCmGI/UW+ZS/C8zP0bz2dz0zwLt+1
UEk2M8mlaxjRMByAhZTj0RGYg4TvogiRASROsZgjpVcJCb1KV6QzQeDJ1XkoQ5Jm+C5PbOHZZGRi
v+ORAcshOGeCcdFJyfgFxdtCdEcmOrbinc/+BBMzRThEYpwl+jEBpciSGWQkI0TSlREmD/eOHb2D
SGLuESm/iKUFt1y4XHBO2a5oq0IKJKWLS9kUZTA7vC5LSxYmgVL46SIWxIfWBQd6AdrnjLmH94UT
vGxVibLqRCtIpp4g2qpdtqK1LiOeolpVK5wVQ5P7+QjZAlrh0cePYTx/gNZuB9Vhndtgujl9T/tg
W9ogK+3rnmg3YWygnTuF5GDS+Q/jIVLnCcYZFc6Kk/+c80wKwZjwdZIqDYWRH68MuBQSXLgXYXj2
3CAaYOBNJMliTl0X7eV5DnoKIFSKYdj3cRpD/cK/JWTHJRe76MUXnfBW8m7Hd5zhQ4ri2NrVF/WL
+kV1/3AGSlJ32bFPd2BsQD8uSzIx6lObkjdz95c0AAAAAAAAAAAAAAAA


Note: Content-Transfer-Encoding would only be required if the mime
wrapped CMS object was transferred via SMTP and it was visible in the
outer layer of the mime message. If the compressed-data mime bodypart
was place inside of an encrypted mime bodypart,

Harding                                                         [Page 2]

Compressed Data for EDIINT                              December 1, 2003

content-transfer-encoding would not be required on the compressed-data
mime bodypart, but would be required on the encrypted mime bodypart.

1.2 Structure of an EDI MIME message utilizing compression

When compressing a document which will be signed, the application MAY
compress the inner most MIME body before signing, see Section
1.2.2.1and 1.2.4.1 or MAY compress the outer multipart/signed mime
body, see Section 1.2.2.2 and 1.2.4.2. but will not do both within
the same document. The receiving application MUST support both methods
of compression when unpackaging an inbound document.

1.2.1 No encryption, no signature

   -RFC822/2045
     -[COMPRESSED-DATA](application/pkcs7-mime)
       -[MIME-TYPES](application/xxxxxxx)(compressed)

1.2.2

1.2.2.1 No encryption, signature

   -RFC822/2045
     -RFC1847 (multipart/signed)
       -[COMPRESSED-DATA](application/pkcs7-mime)
         -[MIME-TYPES](application/xxxxxxx)(compressed)
       -RFC2633 (application/pkcs7-signature)

1.2.2.2 No encryption, signature

   -RFC822/2045
     -[COMPRESSED-DATA](application/pkcs7-mime)
       -RFC1847 (multipart/signed)(compressed)
         -[MIME-TYPES](application/xxxxxxx)(compressed)
       -RFC2633 (application/pkcs7-signature)(compressed)

1.2.3 Encryption, no signature

   -RFC822/2045
     -RFC2633 (application/pkcs7-mime)
       -[COMPRESSED-DATA](application/pkcs7-mime) (encrypted)
         -[MIME-TYPES](application/xxxxxxx)(compressed)(encrypted)

1.2.4.1 Encryption, signature

   -RFC822/2045
     -RFC2633 (application/pkcs7-mime)
       -RFC1847 (multipart/signed) (encrypted)
         -[COMPRESSED-DATA](application/pkcs7-mime) (encrypted)
           -[MIME-TYPES](application/xxxxxxx) (compressed)(encrypted)
         -RFC2633 (application/pkcs7-signature) (encrypted)

1.2.4.2 Encryption, signature


Harding                                                         [Page 3]

Compressed Data for EDIINT                              December 1, 2003

   -RFC822/2045
     -RFC2633 (application/pkcs7-mime)
       -[COMPRESSED-DATA](application/pkcs7-mime) (encrypted)
         -RFC1847 (multipart/signed) (compressed)(encrypted)
           -[MIME-TYPES](application/xxxxxxx) (compressed)(encrypted)
         -RFC2633 (application/pkcs7-signature) (compressed)(encrypted)


2. MIC Calculations For Compresed Messages Rsequesting Signed Receipts

For any signed messages, the MIC to be returned is calculated over
the same data that was signed in the original message as per AS1.

For encrypted, unsigned messages, the MIC to be returned is
calculated over the uncompressed data content including all
mime headers and any applied Content-Transfer-Encoding.

For unsigned, unencrypted messages, the MIC is calculated
over the uncompressed data content including all mime headers
and any applied Content-Transfer-Encoding.

3. Error Disposition Modifier

For a received message where a signed receipt has been requested
and decompression fails, the following disposition modifier will be
returned in the signed mdn.

    "Error: decompression-failed" - the receiver could not decompress

4. AS2 Version Header

Any application that supports the compression methods outlined within
this document MUST use a version identifier value of "1.1" or greater
within the AS2 Version header as describe in HTTP Transport for Secure
Peer-to-Peer EDI over the Internet, see reference[AS2].

5. Compression Formats

Implementations SHOULD support ZLIB [RFC1950] which utilizes
DEFLATE[RFC1951], and is free of any intellectual property
restrictions and has a freely-available, portable and efficient
reference implementation.

6. Security Considerations

This document is not concerned with security, except for the fact that
compressing data before encryption can enhance the security by reducing
redundancy of the file. The lower the redundancy of the plaintext being
encrypted, the more difficult the cryptanalysis, see
reference[CRYPTANALYSIS].





Harding                                                         [Page 4]

Compressed Data for EDIINT                              December 1, 2003


Author Address

Terry Harding
Cyclone Commerce Inc.
Scottsdale, Arizona, USA
tharding@cyclonecommerce.com

References

  [AS2] HTTP Transport for Secure Peer-to-Peer EDI over the Internet
        draft-ietf-ediint-as2-11.txt, 2002.

  [ASN1]  CCITT Recommendation X.208: Specification of Abstract Syntax
        Notation One (ASN.1), 1988.

  [RFC2119] Key Words for Use in RFC's to Indicate Requirement Levels,
        S.Bradner, March 1997.

  [ZLIB] RFC1950 ZLIB Compressed Data Format Specification version 3.3,
        P.Deutsch and J-L Gailly, May 1996.

  [DEFLATE] RFC1951 DEFLATE Compressed Data Format Specification version
            1.3, P.Deutsch, May 1996.

  [CMS] RFC2630 Cryptographic Message Syntax, R.Housley, June 1999.

  [S/MIME]RFC2633 S/MIME Version 3 Message Specification, B.Ramsdell,
          June 1999.

  [S/MIMEBIS]S/MIME Version 3.1 Message Specification, B.Ramsdell,
             January 2003. draft-ietf-smime-rfc2633bis-03.txt

  [MIME-TYPES]  "Media Types," http://www.isi.edu/in-
                notes/iana/assignments/media-types/media-types.

  [XMLTYPES]  E. Whitehead, M. Murata, "XML Media Types", RFC 2376,
              July 1998.

  [COMPRESSED-DATA]  P. Gutmann, "Compressed Data Content Type for CMS"
                     draft-ietf-smime-compression-05.txt, July 2001.

  [CRYPTANALYSIS]  B. Schneier, "Self-Study Course in Block Cipher
 Cryptanalysis", http://www.counterpane.com/self-study.html, Jan 2000.


Acknowledgements

   A number of the members of the EDIINT Working Group have also worked
   very hard and contributed to this document. The following people
   have made direct contributions to this document.

   David Fischer, Dale Moberg, Robert Asis and everyone envolved in the
   AS1, AS2 Interop testing during 2002.


Full Copyright Statement

Harding                                                         [Page 5]
Compressed Data for EDIINT                              December 1, 2003


Copyright (C) The Internet Society 2001.  All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing the
copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of developing
Internet standards in which case the procedures for copyrights defined
in the Internet Standards process must be followed, or as required to
translate it into languages other than English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/