[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 12 RFC 5402

Internet Draft                                     Editor: Terry Harding
draft-ietf-ediint-compression-04.txt               Cyclone Commerce Inc.
February, 2005                                             February 2005
Expires August 2005
Target Category: Informational

                  Compressed Data for EDIINT

Status of this memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   By submitting this Internet-Draft, I certify that any applicable
   patent or other IPR claims of which I am aware have been disclosed,
   or will be disclosed, and any of which I become aware will be
   disclosed, in accordance with RFC 3668.


   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.


Abstract

   The intent of this document is to be placed on the RFC track as an
   Informational RFC.

   The EDIINT AS1 and AS2 message formats don't currently contain any
   transport neutral provisions for compressing data when utilizing
   S/MIME as the secure packaging standard. Compressing data before
   transmission provides a number of advantages including

   1. reducing data redundancy, and so reducing opportunities for
      attacks exploiting redundancy, and
   2. reducing the amount of data and so speeding up cryptographic
      processing such as signing, encryption, archiving, and
   3. reducing the overall transmitted message size, reducing both time
      and bandwidth needed for transport.


1. Introduction


Harding                                                        [Page 1]

INTERNET DRAFT         Compressed Data for EDIINT         February 2005

   This document describes an additional mime layer of compressed data
   utilizing a new ContentInfo type for S/MIME. This new compressed-data
   content type is defined in S/MIME 3.1, RFC RFC 3851. Further
   reference can be found in the reference section under
   [COMPRESSED-DATA]. The method of compression outlined in this
   document will support any type of business related media. Documents
   containing a large percentage of ASCII characters like xml, x12 or
   edifact will experience greater compression ratios than documents
   consisting largely of binary data. Ex: MSWord documents.


   The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
   "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
   interpreted as described in [RFC2119].

1.1 Compressed-Data Mime Wrapper

   The compressed-data cms object will encapsulate a mime wrapped
   business document. Implementors are to follow the appropriate
   specifications identified under "References" in [MIME-TYPES], for
   the type of object being transmitted. For example, to send an XML
   object, the MIME media type of application/xml is used in the
   Content-type MIME header and the specifications for enveloping the
   object are contained in [XMLTYPES];

   for example:

        Content-type: application/xml; charset="utf-8"

   The mime wrapped object will be compressed and placed inside a CMS
   compressed-data object as outlined in [COMPRESSED-DATA]. The
   compressed data object will be mime wrapped according to details
   outlined in [S/MIME3.1], RFC 3851, Section 3.5.

Working Example:

   Content-Type: application/pkcs7-mime; smime-type=compressed-data;
           name=smime.p7z
   Content-Transfer-Encoding: base64
   Content-Disposition: attachment; filename=smime.p7z

   MIAGCyqGSIb3DQEJEAEJoIAwgAIBADANBgsqhkiG9w0BCRADCDCABgkqhkiG9w0BBwGggCSABIIC
   Hnic7ZRdb9owFIbvK/k/5PqVYPFXGK12YYyboVFASSp1vQtZGiLRACZE49/XHoUW7S/0tXP8Efux
   fU5ivWnasml72XFb3gb5druui7ytN803M570nii7C5r8tfwR281hy/p/KSM3+jzH5s3+pbQ90xSb
   P3VT3QbLusnt8WPIuN5vN/vaA2+DulnXTXkXvNTr8j8ouZmkCmGI/UW+ZS/C8zP0bz2dz0zwLt+1
   UEk2M8mlaxjRMByAhZTj0RGYg4TvogiRASROsZgjpVcJCb1KV6QzQeDJ1XkoQ5Jm+C5PbOHZZGRi
   v+ORAcshOGeCcdFJyfgFxdtCdEcmOrbinc/+BBMzRThEYpwl+jEBpciSGWQkI0TSlREmD/eOHb2D
   SGLuESm/iKUFt1y4XHBO2a5oq0IKJKWLS9kUZTA7vC5LSxYmgVL46SIWxIfWBQd6AdrnjLmH94UT
   vGxVibLqRCtIpp4g2qpdtqK1LiOeolpVK5wVQ5P7+QjZAlrh0cePYTx/gNZuB9Vhndtgujl9T/tg
   W9ogK+3rnmg3YWygnTuF5GDS+Q/jIVLnCcYZFc6Kk/+c80wKwZjwdZIqDYWRH68MuBQSXLgXYXj2
   3CAaYOBNJMliTl0X7eV5DnoKIFSKYdj3cRpD/cK/JWTHJRe76MUXnfBW8m7Hd5zhQ4ri2NrVF/WL
   +kV1/3AGSlJ32bFPd2BsQD8uSzIx6lObkjdz95c0AAAAAAAAAAAAAAAA


   Note: Content-Transfer-Encoding would only be required if the mime
   wrapped CMS object was transferred via a 7-bit protocol like SMTP

Harding                                                        [Page 2]

INTERNET DRAFT         Compressed Data for EDIINT         February 2005

   and it was visible in the outer layer of the mime message. If the
   compressed-data mime bodypart was place inside of an encrypted mime
   bodypart, content-transfer-encoding would not be required on the
   compressed-data mime bodypart, but would be required on the
   encrypted mime bodypart.

1.2 Structure of an EDI MIME message utilizing compression

   When compressing a document which will be signed, the application
   MAY compress the inner most MIME body before signing, see Section
   1.2.2.1and 1.2.4.1 or MAY compress the outer multipart/signed mime
   body, see Section 1.2.2.2 and 1.2.4.2. but MUST not do both within
   the same document. The receiving application MUST support both
   methods of compression when unpackaging an inbound document.

1.2.1 No encryption, no signature

   -RFC822/2045
     -[COMPRESSED-DATA](application/pkcs7-mime)
       -[MIME-TYPES](application/xxxxxxx)(compressed)

1.2.2

1.2.2.1 No encryption, signature

   -RFC822/2045
     -RFC1847 (multipart/signed)
       -[COMPRESSED-DATA](application/pkcs7-mime)
         -[MIME-TYPES](application/xxxxxxx)(compressed)
       -RFC2633 (application/pkcs7-signature)

1.2.2.2 No encryption, signature

   -RFC822/2045
     -[COMPRESSED-DATA](application/pkcs7-mime)
       -RFC1847 (multipart/signed)(compressed)
         -[MIME-TYPES](application/xxxxxxx)(compressed)
       -RFC2633 (application/pkcs7-signature)(compressed)

1.2.3 Encryption, no signature

   -RFC822/2045
     -RFC2633 (application/pkcs7-mime)
       -[COMPRESSED-DATA](application/pkcs7-mime) (encrypted)
         -[MIME-TYPES](application/xxxxxxx)(compressed)(encrypted)

1.2.4.1 Encryption, signature

   -RFC822/2045
     -RFC2633 (application/pkcs7-mime)
       -RFC1847 (multipart/signed) (encrypted)
         -[COMPRESSED-DATA](application/pkcs7-mime) (encrypted)
           -[MIME-TYPES](application/xxxxxxx) (compressed)(encrypted)
         -RFC2633 (application/pkcs7-signature) (encrypted)

1.2.4.2 Encryption, signature

Harding                                                        [Page 3]

INTERNET DRAFT         Compressed Data for EDIINT         February 2005


   -RFC822/2045
     -RFC2633 (application/pkcs7-mime)
       -[COMPRESSED-DATA](application/pkcs7-mime) (encrypted)
         -RFC1847 (multipart/signed) (compressed)(encrypted)
           -[MIME-TYPES](application/xxxxxxx) (compressed)(encrypted)
         -RFC2633 (application/pkcs7-signature) (compressed)(encrypted)


2. MIC Calculations For Compresed Messages Requesting Signed Receipts

   For any signed messages, the MIC to be returned is calculated over
   the same data that was signed in the original message as per AS1.

   For encrypted, unsigned messages, the MIC to be returned is
   calculated over the uncompressed data content including all
   mime headers and any applied Content-Transfer-Encoding.

   For unsigned, unencrypted messages, the MIC is calculated
   over the uncompressed data content including all mime headers
   and any applied Content-Transfer-Encoding.

3. Error Disposition Modifier

   For a received message where a signed receipt has been requested
   and decompression fails, the following disposition modifier will be
   returned in the signed mdn.

    "Error: decompression-failed" - the receiver could not decompress

4. AS2 Version Header

   Any application that supports the compression methods outlined within
   this document MUST use a version identifier value of "1.1" or greater
   within the AS2 or AS3 Version header as describe in HTTP Transport
   for Secure Peer-to-Peer EDI over the Internet, see reference[AS2] and
   FTP Transport for Secure Peer-to-Peer EDI over the Internet,
   see reference[AS3].

5. Compression Formats

   Implementations SHOULD support ZLIB [RFC1950] which utilizes
   DEFLATE[RFC1951], and is free of any intellectual property
   restrictions and has a freely-available, portable and efficient
   reference implementation.

6. Security Considerations

   This document is not concerned with security, except for the fact
   that compressing data before encryption can enhance the security by
   reducing redundancy of the file. The lower the redundancy of the
   plaintext being encrypted, the more difficult the cryptanalysis, see
   reference[CRYPTANALYSIS].


Author Address

Harding                                                        [Page 4]

INTERNET DRAFT         Compressed Data for EDIINT         February 2005


   Terry Harding
   Cyclone Commerce Inc.
   Scottsdale, Arizona, USA
   tharding@cyclonecommerce.com

References

  [AS2] HTTP Transport for Secure Peer-to-Peer EDI over the Internet
        draft-ietf-ediint-as2-11.txt, 2002.

  [AS3] FTP Transport for Secure Peer-to-Peer EDI over the Internet
        draft-ietf-ediint-as3-03.txt, 2005.

  [ASN1]  CCITT Recommendation X.208: Specification of Abstract Syntax
        Notation One (ASN.1), 1988.

  [RFC2119] Key Words for Use in RFC's to Indicate Requirement Levels,
        S.Bradner, March 1997.

  [ZLIB] RFC1950 ZLIB Compressed Data Format Specification version 3.3,
        P.Deutsch and J-L Gailly, May 1996.

  [DEFLATE] RFC1951 DEFLATE Compressed Data Format Specification version
            1.3, P.Deutsch, May 1996.

  [CMS] RFC2630 Cryptographic Message Syntax, R.Housley, June 1999.

  [S/MIME]RFC2633 S/MIME Version 3 Message Specification, B.Ramsdell,
          June 1999.

  [S/MIME3.1]S/MIME Version 3.1 Message Specification, B.Ramsdell,
             July 2004. RFC 3851

  [MIME-TYPES]  "Media Types," http://www.isi.edu/in-
                notes/iana/assignments/media-types/media-types.

  [XMLTYPES]  E. Whitehead, M. Murata, "XML Media Types", RFC 2376,
              July 1998.

  [COMPRESSED-DATA]  P. Gutmann, "Compressed Data Content Type for CMS",
                     RFC 3274, June 2002.

  [CRYPTANALYSIS]  B. Schneier, "Self-Study Course in Block Cipher
 Cryptanalysis", http://www.counterpane.com/self-study.html, Jan 2000.


Acknowledgements

   A number of the members of the EDIINT Working Group have also worked
   very hard and contributed to this document. The following people
   have made direct contributions to this document.

   David Fischer, Dale Moberg, Robert Asis and everyone involved in the
   AS1, AS2 Interop testing during 2002.


Harding                                                        [Page 5]

INTERNET DRAFT         Compressed Data for EDIINT         February 2005


Copyright Statement

   Copyright (C) The Internet Society (year). This document is
   Subject to the rights, licenses and restrictions contained in BCP
   78, and except as set forth therein, the authors retain all their
   rights."

   This document and the information contained herein are provided on
   an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
   INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Harding                                                        [Page 6]


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/