draft-ietf-lamps-header-protection-05.txt   draft-ietf-lamps-header-protection-06.txt 
LAMPS Working Group D.K. Gillmor LAMPS Working Group D.K. Gillmor
Internet-Draft American Civil Liberties Union Internet-Draft American Civil Liberties Union
Intended status: Standards Track B. Hoeneisen Intended status: Standards Track B. Hoeneisen
Expires: 28 November 2021 pEp Foundation Expires: 27 January 2022 pEp Foundation
A. Melnikov A. Melnikov
Isode Ltd Isode Ltd
27 May 2021 26 July 2021
Header Protection for S/MIME Header Protection for S/MIME
draft-ietf-lamps-header-protection-05 draft-ietf-lamps-header-protection-06
Abstract Abstract
S/MIME version 3.1 has introduced a feasible standardized option to S/MIME version 3.1 has introduced a feasible standardized option to
accomplish Header Protection. However, few implementations generate accomplish Header Protection. However, few implementations generate
messages using this structure, and several legacy and non-legacy messages using this structure, and several legacy and non-legacy
implementations have revealed rendering issues at the receiving side. implementations have revealed rendering issues at the receiving side.
Clearer specifications regarding message processing, particularly Clearer specifications regarding message processing, particularly
with respect to header sections, are needed in order to resolve these with respect to header sections, are needed in order to resolve these
rendering issues. Some mail user agents are also sending and rendering issues. Some mail user agents are also sending and
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 28 November 2021. This Internet-Draft will expire on 27 January 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 25 skipping to change at page 2, line 25
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1. Two Schemes of Protected Headers . . . . . . . . . . . . 5 1.1. Two Schemes of Protected Headers . . . . . . . . . . . . 5
1.2. Problems with Wrapped Messages . . . . . . . . . . . . . 6 1.2. Problems with Wrapped Messages . . . . . . . . . . . . . 6
1.3. Problems with Injected Headers . . . . . . . . . . . . . 6 1.3. Problems with Injected Headers . . . . . . . . . . . . . 6
1.4. Motivation . . . . . . . . . . . . . . . . . . . . . . . 6 1.4. Motivation . . . . . . . . . . . . . . . . . . . . . . . 7
1.5. Other Protocols to Protect Email Headers . . . . . . . . 7 1.5. Other Protocols to Protect Email Headers . . . . . . . . 7
1.6. Requirements Language . . . . . . . . . . . . . . . . . . 7 1.6. Requirements Language . . . . . . . . . . . . . . . . . . 7
1.7. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.7. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 10 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 10
2.1. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.1. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.2. Security . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2. Security . . . . . . . . . . . . . . . . . . . . . . . . 11
2.3. Usability . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3. Usability . . . . . . . . . . . . . . . . . . . . . . . . 11
2.4. Interoperability . . . . . . . . . . . . . . . . . . . . 11 2.4. Interoperability . . . . . . . . . . . . . . . . . . . . 11
3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1. Interactions . . . . . . . . . . . . . . . . . . . . . . 11 3.1. Interactions . . . . . . . . . . . . . . . . . . . . . . 11
3.1.1. Main Use Case . . . . . . . . . . . . . . . . . . . . 11 3.1.1. Main Use Case . . . . . . . . . . . . . . . . . . . . 12
3.1.2. Backward Compatibility Use Cases . . . . . . . . . . 11 3.1.2. Backward Compatibility Use Cases . . . . . . . . . . 12
3.2. Protection Levels . . . . . . . . . . . . . . . . . . . . 13 3.2. Protection Levels . . . . . . . . . . . . . . . . . . . . 13
3.2.1. In-Scope . . . . . . . . . . . . . . . . . . . . . . 13 3.2.1. In-Scope . . . . . . . . . . . . . . . . . . . . . . 13
3.2.2. Out-of-Scope . . . . . . . . . . . . . . . . . . . . 13 3.2.2. Out-of-Scope . . . . . . . . . . . . . . . . . . . . 13
4. Specification . . . . . . . . . . . . . . . . . . . . . . . . 13 4. Specification . . . . . . . . . . . . . . . . . . . . . . . . 14
4.1. Main Use Case . . . . . . . . . . . . . . . . . . . . . . 14 4.1. Main Use Case . . . . . . . . . . . . . . . . . . . . . . 14
4.1.1. MIME Format . . . . . . . . . . . . . . . . . . . . . 14 4.1.1. MIME Format . . . . . . . . . . . . . . . . . . . . . 15
4.1.2. Sending Side . . . . . . . . . . . . . . . . . . . . 17 4.1.2. Sending Side . . . . . . . . . . . . . . . . . . . . 17
4.1.3. Default Header Confidentiality Policy . . . . . . . . 22 4.1.3. Default Header Confidentiality Policy . . . . . . . . 22
4.1.4. Receiving Side . . . . . . . . . . . . . . . . . . . 23 4.1.4. Receiving Side . . . . . . . . . . . . . . . . . . . 23
4.2. Backward Compatibility Use Cases . . . . . . . . . . . . 31 4.2. Backward Compatibility Use Cases . . . . . . . . . . . . 31
4.2.1. Receiving Side MIME-Conformant . . . . . . . . . . . 32 4.2.1. Receiving Side MIME-Conformant . . . . . . . . . . . 32
4.2.2. Receiving Side Not MIME-Conformant . . . . . . . . . 32 4.2.2. Receiving Side Not MIME-Conformant . . . . . . . . . 32
5. Usability Considerations . . . . . . . . . . . . . . . . . . 33 5. Usability Considerations . . . . . . . . . . . . . . . . . . 33
5.1. Mixed Protections Within a Message Are Hard To 5.1. Mixed Protections Within a Message Are Hard To
Understand . . . . . . . . . . . . . . . . . . . . . . . 33 Understand . . . . . . . . . . . . . . . . . . . . . . . 33
5.2. Users Should Not Have To Choose a Header Confidentiality 5.2. Users Should Not Have To Choose a Header Confidentiality
Policy . . . . . . . . . . . . . . . . . . . . . . . . . 33 Policy . . . . . . . . . . . . . . . . . . . . . . . . . 33
6. Security Considerations . . . . . . . . . . . . . . . . . . . 33 6. Security Considerations . . . . . . . . . . . . . . . . . . . 33
7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 33 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 33
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 33
10.1. Normative References . . . . . . . . . . . . . . . . . . 33 10.1. Normative References . . . . . . . . . . . . . . . . . . 33
10.2. Informative References . . . . . . . . . . . . . . . . . 34 10.2. Informative References . . . . . . . . . . . . . . . . . 34
Appendix A. Test Vectors . . . . . . . . . . . . . . . . . . . . 36 Appendix A. Possible Problems with some Legacy Clients . . . . . 36
A.1. Baseline Messages . . . . . . . . . . . . . . . . . . . . 36 A.1. Problems Reviewing signed+encrypted Messages in List
A.1.1. No cryptographic protections over a simple message . 36 View . . . . . . . . . . . . . . . . . . . . . . . . . . 36
A.1.2. S/MIME signed-only signedData over a simple message, No A.2. Problems when Rendering a signed+encrypted Message . . . 36
Header Protection . . . . . . . . . . . . . . . . . . 37 A.3. Problems when Replying to a signed+encrypted Message . . 37
A.1.3. S/MIME signed-only multipart/signed over a simple A.4. Problems Reviewing signed-only Messages in List View . . 38
message, No Header Protection . . . . . . . . . . . . 39 A.5. Problems when Rendering a signed-only Message . . . . . . 38
A.1.4. S/MIME encrypted and signed over a simple message, No A.6. Problems when Replying to a signed-only Message . . . . . 39
Header Protection . . . . . . . . . . . . . . . . . . 41 Appendix B. Test Vectors . . . . . . . . . . . . . . . . . . . . 39
A.1.5. No cryptographic protections over a complex B.1. Baseline Messages . . . . . . . . . . . . . . . . . . . . 39
message . . . . . . . . . . . . . . . . . . . . . . . 44 B.1.1. No cryptographic protections over a simple message . 40
A.1.6. S/MIME signed-only signedData over a complex message, B.1.2. S/MIME signed-only signedData over a simple message, No
No Header Protection . . . . . . . . . . . . . . . . 45 Header Protection . . . . . . . . . . . . . . . . . . 40
A.1.7. S/MIME signed-only multipart/signed over a complex B.1.3. S/MIME signed-only multipart/signed over a simple
message, No Header Protection . . . . . . . . . . . . 47 message, No Header Protection . . . . . . . . . . . . 42
A.1.8. S/MIME encrypted and signed over a complex message, No B.1.4. S/MIME encrypted and signed over a simple message, No
Header Protection . . . . . . . . . . . . . . . . . . 50 Header Protection . . . . . . . . . . . . . . . . . . 44
A.2. Signed-only Messages . . . . . . . . . . . . . . . . . . 54 B.1.5. No cryptographic protections over a complex
A.2.1. S/MIME signed-only signedData over a simple message, message . . . . . . . . . . . . . . . . . . . . . . . 47
Wrapped Message . . . . . . . . . . . . . . . . . . . 54 B.1.6. S/MIME signed-only signedData over a complex message,
A.2.2. S/MIME signed-only multipart/signed over a simple No Header Protection . . . . . . . . . . . . . . . . 48
message, Wrapped Message . . . . . . . . . . . . . . 56 B.1.7. S/MIME signed-only multipart/signed over a complex
A.2.3. S/MIME signed-only signedData over a simple message, message, No Header Protection . . . . . . . . . . . . 51
Injected Headers . . . . . . . . . . . . . . . . . . 58 B.1.8. S/MIME encrypted and signed over a complex message, No
A.2.4. S/MIME signed-only multipart/signed over a simple Header Protection . . . . . . . . . . . . . . . . . . 54
message, Injected Headers . . . . . . . . . . . . . . 60 B.2. Signed-only Messages . . . . . . . . . . . . . . . . . . 57
A.2.5. S/MIME signed-only signedData over a complex message, B.2.1. S/MIME signed-only signedData over a simple message,
Wrapped Message . . . . . . . . . . . . . . . . . . . 62 Wrapped Message . . . . . . . . . . . . . . . . . . . 57
A.2.6. S/MIME signed-only multipart/signed over a complex B.2.2. S/MIME signed-only multipart/signed over a simple
message, Wrapped Message . . . . . . . . . . . . . . 64 message, Wrapped Message . . . . . . . . . . . . . . 59
A.2.7. S/MIME signed-only signedData over a complex message, B.2.3. S/MIME signed-only signedData over a simple message,
Injected Headers . . . . . . . . . . . . . . . . . . 67 Injected Headers . . . . . . . . . . . . . . . . . . 62
A.2.8. S/MIME signed-only multipart/signed over a complex B.2.4. S/MIME signed-only multipart/signed over a simple
message, Injected Headers . . . . . . . . . . . . . . 70 message, Injected Headers . . . . . . . . . . . . . . 63
A.3. Encrypted-and-signed Messages . . . . . . . . . . . . . . 73 B.2.5. S/MIME signed-only signedData over a complex message,
A.3.1. S/MIME encrypted and signed over a simple message, Wrapped Message . . . . . . . . . . . . . . . . . . . 66
Wrapped Message with hcp_minimal . . . . . . . . . . 73 B.2.6. S/MIME signed-only multipart/signed over a complex
A.3.2. S/MIME encrypted and signed over a simple message, message, Wrapped Message . . . . . . . . . . . . . . 68
Injected Headers with hcp_minimal . . . . . . . . . . 76
A.3.3. S/MIME encrypted and signed over a simple message, B.2.7. S/MIME signed-only signedData over a complex message,
Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Injected Headers . . . . . . . . . . . . . . . . . . 71
A.3.4. S/MIME encrypted and signed over a simple message, B.2.8. S/MIME signed-only multipart/signed over a complex
Wrapped Message with hcp_strong . . . . . . . . . . . 82 message, Injected Headers . . . . . . . . . . . . . . 74
A.3.5. S/MIME encrypted and signed over a simple message, B.3. Encrypted-and-signed Messages . . . . . . . . . . . . . . 77
Injected Headers with hcp_strong . . . . . . . . . . 85 B.3.1. S/MIME encrypted and signed over a simple message,
A.3.6. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_minimal . . . . . . . . . . 77
Injected Headers with hcp_strong (+ Legacy Display) . 88 B.3.2. S/MIME encrypted and signed over a simple message,
A.3.7. S/MIME encrypted and signed reply over a simple Injected Headers with hcp_minimal . . . . . . . . . . 80
message, Wrapped Message with hcp_minimal . . . . . . 91 B.3.3. S/MIME encrypted and signed over a simple message,
A.3.8. S/MIME encrypted and signed reply over a simple Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
message, Injected Headers with hcp_minimal . . . . . 94 B.3.4. S/MIME encrypted and signed over a simple message,
A.3.9. S/MIME encrypted and signed reply over a simple Wrapped Message with hcp_strong . . . . . . . . . . . 86
B.3.5. S/MIME encrypted and signed over a simple message,
Injected Headers with hcp_strong . . . . . . . . . . 89
B.3.6. S/MIME encrypted and signed over a simple message,
Injected Headers with hcp_strong (+ Legacy Display) . 92
B.3.7. S/MIME encrypted and signed reply over a simple
message, Wrapped Message with hcp_minimal . . . . . . 95
B.3.8. S/MIME encrypted and signed reply over a simple
message, Injected Headers with hcp_minimal . . . . . 98
B.3.9. S/MIME encrypted and signed reply over a simple
message, Injected Headers with hcp_minimal (+ Legacy message, Injected Headers with hcp_minimal (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 97 Display) . . . . . . . . . . . . . . . . . . . . . . 101
A.3.10. S/MIME encrypted and signed reply over a simple B.3.10. S/MIME encrypted and signed reply over a simple
message, Wrapped Message with hcp_strong . . . . . . 101 message, Wrapped Message with hcp_strong . . . . . . 105
A.3.11. S/MIME encrypted and signed reply over a simple B.3.11. S/MIME encrypted and signed reply over a simple
message, Injected Headers with hcp_strong . . . . . . 104 message, Injected Headers with hcp_strong . . . . . . 108
A.3.12. S/MIME encrypted and signed reply over a simple B.3.12. S/MIME encrypted and signed reply over a simple
message, Injected Headers with hcp_strong (+ Legacy message, Injected Headers with hcp_strong (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 107 Display) . . . . . . . . . . . . . . . . . . . . . . 111
A.3.13. S/MIME encrypted and signed over a complex message, B.3.13. S/MIME encrypted and signed over a complex message,
Wrapped Message with hcp_minimal . . . . . . . . . . 110 Wrapped Message with hcp_minimal . . . . . . . . . . 114
A.3.14. S/MIME encrypted and signed over a complex message, B.3.14. S/MIME encrypted and signed over a complex message,
Injected Headers with hcp_minimal . . . . . . . . . . 114 Injected Headers with hcp_minimal . . . . . . . . . . 118
A.3.15. S/MIME encrypted and signed over a complex message, B.3.15. S/MIME encrypted and signed over a complex message,
Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
A.3.16. S/MIME encrypted and signed over a complex message, B.3.16. S/MIME encrypted and signed over a complex message,
Wrapped Message with hcp_strong . . . . . . . . . . . 122 Wrapped Message with hcp_strong . . . . . . . . . . . 126
A.3.17. S/MIME encrypted and signed over a complex message, B.3.17. S/MIME encrypted and signed over a complex message,
Injected Headers with hcp_strong . . . . . . . . . . 125 Injected Headers with hcp_strong . . . . . . . . . . 129
A.3.18. S/MIME encrypted and signed over a complex message, B.3.18. S/MIME encrypted and signed over a complex message,
Injected Headers with hcp_strong (+ Legacy Display) . 129 Injected Headers with hcp_strong (+ Legacy Display) . 133
A.3.19. S/MIME encrypted and signed reply over a complex B.3.19. S/MIME encrypted and signed reply over a complex
message, Wrapped Message with hcp_minimal . . . . . . 133 message, Wrapped Message with hcp_minimal . . . . . . 137
A.3.20. S/MIME encrypted and signed reply over a complex B.3.20. S/MIME encrypted and signed reply over a complex
message, Injected Headers with hcp_minimal . . . . . 137 message, Injected Headers with hcp_minimal . . . . . 141
A.3.21. S/MIME encrypted and signed reply over a complex
B.3.21. S/MIME encrypted and signed reply over a complex
message, Injected Headers with hcp_minimal (+ Legacy message, Injected Headers with hcp_minimal (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 141 Display) . . . . . . . . . . . . . . . . . . . . . . 145
A.3.22. S/MIME encrypted and signed reply over a complex B.3.22. S/MIME encrypted and signed reply over a complex
message, Wrapped Message with hcp_strong . . . . . . 145 message, Wrapped Message with hcp_strong . . . . . . 149
A.3.23. S/MIME encrypted and signed reply over a complex B.3.23. S/MIME encrypted and signed reply over a complex
message, Injected Headers with hcp_strong . . . . . . 149 message, Injected Headers with hcp_strong . . . . . . 153
A.3.24. S/MIME encrypted and signed reply over a complex B.3.24. S/MIME encrypted and signed reply over a complex
message, Injected Headers with hcp_strong (+ Legacy message, Injected Headers with hcp_strong (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 153 Display) . . . . . . . . . . . . . . . . . . . . . . 157
Appendix C. Additional information . . . . . . . . . . . . . . . 161
Appendix B. Additional information . . . . . . . . . . . . . . . 157 C.1. Stored Variants of Messages with Bcc . . . . . . . . . . 161
B.1. Stored Variants of Messages with Bcc . . . . . . . . . . 157 Appendix D. Text Moved from Above . . . . . . . . . . . . . . . 162
Appendix C. Text Moved from Above . . . . . . . . . . . . . . . 158 D.1. MIME Format . . . . . . . . . . . . . . . . . . . . . . . 162
C.1. MIME Format . . . . . . . . . . . . . . . . . . . . . . . 158 D.1.1. S/MIME Specification . . . . . . . . . . . . . . . . 163
C.1.1. S/MIME Specification . . . . . . . . . . . . . . . . 159 D.1.2. Sending Side . . . . . . . . . . . . . . . . . . . . 165
C.1.2. Sending Side . . . . . . . . . . . . . . . . . . . . 161 Appendix E. Document Considerations . . . . . . . . . . . . . . 169
Appendix D. Document Considerations . . . . . . . . . . . . . . 165 Appendix F. Document Changelog . . . . . . . . . . . . . . . . . 170
Appendix E. Document Changelog . . . . . . . . . . . . . . . . . 166 Appendix G. Open Issues . . . . . . . . . . . . . . . . . . . . 171
Appendix F. Open Issues . . . . . . . . . . . . . . . . . . . . 167 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 172
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 168
1. Introduction 1. Introduction
Privacy and security issues regarding email Header Protection in S/ Privacy and security issues regarding email Header Protection in S/
MIME have been identified for some time. Most current MIME have been identified for some time. Most current
implementations of cryptographically-protected electronic mail implementations of cryptographically-protected electronic mail
protect only the body of the message, which leaves significant room protect only the body of the message, which leaves significant room
for attacks against otherwise-protected messages. For example, lack for attacks against otherwise-protected messages. For example, lack
of header protection allows an attacker to substitute the message of header protection allows an attacker to substitute the message
subject and/or author. subject and/or author.
skipping to change at page 8, line 45 skipping to change at page 9, line 12
entity [RFC2045], in particular the MIME structure. Each MIME entity [RFC2045], in particular the MIME structure. Each MIME
Header Field name starts with "Content-" prefix. Header Field name starts with "Content-" prefix.
* MIME Header Section (part): The collection of MIME Header Fields. * MIME Header Section (part): The collection of MIME Header Fields.
"MIME Header Section" refers to a Header Sections that contains "MIME Header Section" refers to a Header Sections that contains
only MIME Header Fields, whereas "MIME Header Section part" refers only MIME Header Fields, whereas "MIME Header Section part" refers
to the MIME Header Fields of a Header Section that - in addition to the MIME Header Fields of a Header Section that - in addition
to MIME Header Fields - also contains non-MIME Header Fields. to MIME Header Fields - also contains non-MIME Header Fields.
* Essential Header Fields (EHF): The minimum set of Header Fields an * Essential Header Fields (EHF): The minimum set of Header Fields an
Outer Message Header Section SHOULD contain; cf. Appendix C.1.2.5. Outer Message Header Section SHOULD contain; cf. Appendix D.1.2.5.
* Header Protection (HP): cryptographic protection of email Header * Header Protection (HP): cryptographic protection of email Header
Sections (or parts of it) for signatures and/or encryption Sections (or parts of it) for signatures and/or encryption
* Protection Levels (PL): The level of protection applied to a * Protection Levels (PL): The level of protection applied to a
Message, e.g. 'signature and encryption' or 'signature only' (cf. Message, e.g. 'signature and encryption' or 'signature only' (cf.
Section 3.2). Section 3.2).
* Protected: Portions of a message that have had any Protection * Protected: Portions of a message that have had any Protection
Levels applied. Levels applied.
skipping to change at page 17, line 8 skipping to change at page 17, line 8
"forwarded=no" followed by an empty line. "forwarded=no" followed by an empty line.
If the source is an Original (message/rfc822) Message, the Inner If the source is an Original (message/rfc822) Message, the Inner
Message Header Section is typically the same as (or a subset of) the Message Header Section is typically the same as (or a subset of) the
Original Message Header Section, and the Inner Message Body is Original Message Header Section, and the Inner Message Body is
typically the same as the Original Message Body. typically the same as the Original Message Body.
The Inner Message itself may contain any MIME structure. The Inner Message itself may contain any MIME structure.
Note: It is still to be decided by the LAMPS WG whether or not to Note: It is still to be decided by the LAMPS WG whether or not to
recommend an alternative MIME format as described in Appendix C.1.1.1 recommend an alternative MIME format as described in Appendix D.1.1.1
(instead of the currently standardized and above defined format). (instead of the currently standardized and above defined format).
4.1.2. Sending Side 4.1.2. Sending Side
This section describes the process an MUA should use to apply This section describes the process an MUA should use to apply
cryptographic protection to an e-mail message with header protection. cryptographic protection to an e-mail message with header protection.
We start by describing the legacy message composition process as a We start by describing the legacy message composition process as a
baseline. baseline.
4.1.2.1. Composing a Cryptographically-Protected Message Without Header 4.1.2.1. Composing a Cryptographically-Protected Message Without Header
skipping to change at page 36, line 14 skipping to change at page 36, line 14
[RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized [RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized
Email Headers", RFC 6532, DOI 10.17487/RFC6532, February Email Headers", RFC 6532, DOI 10.17487/RFC6532, February
2012, <https://www.rfc-editor.org/info/rfc6532>. 2012, <https://www.rfc-editor.org/info/rfc6532>.
[RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based [RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based
Message Authentication, Reporting, and Conformance Message Authentication, Reporting, and Conformance
(DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015, (DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015,
<https://www.rfc-editor.org/info/rfc7489>. <https://www.rfc-editor.org/info/rfc7489>.
Appendix A. Test Vectors Appendix A. Possible Problems with some Legacy Clients
When an e-mail message with end-to-end cryptographic protection is
received by a mail user agent, the user might experience many
different possible problematic interactions. A message with header
protection may introduce new forms of user experience failure.
In this section, the authors enumerate different kinds of failures we
have observed when reviewing, rendering, and replying to messages
with different forms of header protection in different legacy MUAs.
Different legacy MUAs demonstrate different subsets of these
problems.
Hopefully, a non-legacy MUA would not exhibit any of these problems.
An implementer updating their legacy MUA to be compliant with this
specification should consider these concerns and try to avoid them.
A.1. Problems Reviewing signed+encrypted Messages in List View
* Unprotected Subject, Date, From, To are visible
* Threading is not visible
A.2. Problems when Rendering a signed+encrypted Message
* Unprotected Subject is visible
* Protected subject (on its own) is visible in the body
* Protected subject, date, from, to visible in the body
* User interaction needed to view whole message
* User interaction needed to view message body
* User interaction needed to view protected subject
* Impossible to view protected subject
* Nuisance alarms during user interaction
* Impossible to view message body
* Appears as a forwarded message
* Appears as an attachment
* Security indicators not visible
* User has multiple different methods to Reply: (e.g. reply to
outer, reply to inner)
* User sees english "Subject:" in body despite message itself being
in non-english
* Security indicators do not identify protection status of header
fields
* Headers in body render with local header fields (e.g. showing
"Betreff" instead of "Subject") and dates (TZ, locale)
A.3. Problems when Replying to a signed+encrypted Message
Note that the use case here is:
* User views message, to the point where they can read it.
* User then replies to message, and they are shown a message
composition window, which has some UI elements
* If the MUA has multiple different methods to Reply: to a message,
each way may need to be evaluated separately
This section also uses the shorthand UI:x to mean "the UI element
that the user can edit that they think of as x."
* protected subject is in UI:subject (and will leak)
* protected subject is quoted in UI:body
* protected subject is not anywhere in UI
* message body is _not_ visible/quoted in UI:body
* user cannot reply while viewing protected message
* reply is not encrypted by default (but is for normal S/MIME
sign+enc messages)
* unprotected From: is in UI:To
* User's locale (lang, TZ) leaks in quoted body
* Headers not protected (and in particular, Subject is not obscured)
by default
A.4. Problems Reviewing signed-only Messages in List View
* Unprotected Subject, Date, From, To are visible
* Threading is not visible
A.5. Problems when Rendering a signed-only Message
* Unprotected Subject is visible
* Protected subject (on its own) is visible in the body
* Protected subject, date, from, to visible in the body
* User interaction needed to view whole message
* User interaction needed to view message body
* User interaction needed to view protected subject
* Impossible to view protected subject
* Nuisance alarms during user interaction
* Impossible to view message body
* Appears as a forwarded message
* Appears as an attachment
* Security indicators not visible
* Security indicators do not identify protection status of headers
* User has multiple different methods to Reply: (e.g. reply to
outer, reply to inner)
* Headers in body render with local header fields (e.g. showing
"Betreff" instead of "Subject") and dates (TZ, locale)
A.6. Problems when Replying to a signed-only Message
This uses the same use case(s) and shorthand as Appendix A.3.
* Unprotected Subject: is in UI:subject
* Protected Subject: is quoted in UI:body
* Protected Subject: is not anywhere in UI
* Message body is not visible/quoted in UI:body
* User cannot reply while viewing protected message
* Unprotected From: is in UI:To
* User's locale (lang, TZ) leaks in quoted body
Appendix B. Test Vectors
This section contains sample messages using the different schemes This section contains sample messages using the different schemes
described in this document. Each sample contains a MIME object, a described in this document. Each sample contains a MIME object, a
textual and diagrammatic view of its structure, and examples of how textual and diagrammatic view of its structure, and examples of how
an MUA might render it. an MUA might render it.
The cryptographic protections used in this document use the S/MIME The cryptographic protections used in this document use the S/MIME
standard, and keying material and certificates come from standard, and keying material and certificates come from
[I-D.ietf-lamps-samples]. [I-D.ietf-lamps-samples].
These messages should be accessible to any IMAP client at These messages should be accessible to any IMAP client at
"imap://bob@header-protection.cmrg.net/" (any password should "imap://bob@header-protection.cmrg.net/" (any password should
authenticate to this read-only IMAP mailbox). authenticate to this read-only IMAP mailbox).
You can also download copies of these test vectors separately at You can also download copies of these test vectors separately at
"https://header-protection.cmrg.net". "https://header-protection.cmrg.net".
If any of the messages downloaded differ from those offered here, If any of the messages downloaded differ from those offered here,
this document is the canonical source. this document is the canonical source.
A.1. Baseline Messages B.1. Baseline Messages
These messages offer no header protection at all, and can be used as These messages offer no header protection at all, and can be used as
a baseline. They are provided in this document as a counterexample. a baseline. They are provided in this document as a counterexample.
An MUA implementer can use these messages to verify that the reported An MUA implementer can use these messages to verify that the reported
cryptographic summary of the message indicates no header protection. cryptographic summary of the message indicates no header protection.
A.1.1. No cryptographic protections over a simple message B.1.1. No cryptographic protections over a simple message
This message uses no cryptographic protection at all. Its body is a This message uses no cryptographic protection at all. Its body is a
text/plain message. text/plain message.
It has the following structure: It has the following structure:
└─╴text/plain 152 bytes └─╴text/plain 152 bytes
Its contents are: Its contents are:
skipping to change at page 37, line 23 skipping to change at page 40, line 34
This is the no-crypto message. This is the no-crypto message.
This message uses no cryptographic protection at all. Its body is a This message uses no cryptographic protection at all. Its body is a
text/plain message. text/plain message.
-- --
Alice Alice
alice@smime.example alice@smime.example
A.1.2. S/MIME signed-only signedData over a simple message, No Header B.1.2. S/MIME signed-only signedData over a simple message, No Header
Protection Protection
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses no header protection. payload is a text/plain message. It uses no header protection.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 3852 bytes └─╴application/pkcs7-mime [smime.p7m] 3852 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 204 bytes └─╴text/plain 204 bytes
skipping to change at page 39, line 10 skipping to change at page 42, line 26
MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTIxMDIyMDE1MDEwMlowLwYJKoZIhvcNAQkEMSIEIESMi+9/LUlD hvcNAQkFMQ8XDTIxMDIyMDE1MDEwMlowLwYJKoZIhvcNAQkEMSIEIESMi+9/LUlD
fGjj+6U50VNLFxbzvyVJ0wzwnTS114DyMA0GCSqGSIb3DQEBAQUABIIBACJHeayB fGjj+6U50VNLFxbzvyVJ0wzwnTS114DyMA0GCSqGSIb3DQEBAQUABIIBACJHeayB
UllC4GdcgdojTUjoeIy6UIbrSg/aKZgAkCB8Dwq0hdU10qiun6WKI/TxM5izpRvL UllC4GdcgdojTUjoeIy6UIbrSg/aKZgAkCB8Dwq0hdU10qiun6WKI/TxM5izpRvL
UsNBGmqknPBMFhvwX6KCrwFk0p0j5Y5DZqX30deiQiGTUv3NiwZGTrKJ3JkyymFO UsNBGmqknPBMFhvwX6KCrwFk0p0j5Y5DZqX30deiQiGTUv3NiwZGTrKJ3JkyymFO
HGbe5Thrq3inRLVfilEuIZewaJsnJhKfnEq9fS09icTJ5olPDAH6mZbW6hpYmU3F HGbe5Thrq3inRLVfilEuIZewaJsnJhKfnEq9fS09icTJ5olPDAH6mZbW6hpYmU3F
KBk2qJNqJX6bo60rCogu3wXDj0wxnqEXmeNDH5/+L9UVZur+EWzviUc8Ldd/kP3L KBk2qJNqJX6bo60rCogu3wXDj0wxnqEXmeNDH5/+L9UVZur+EWzviUc8Ldd/kP3L
DOO7ivs10bAWe8Tbw7NjuP8ZlVvzcvj3nXWzZzxh2ymDIOvyJA+t0LHQvsN/fbdW DOO7ivs10bAWe8Tbw7NjuP8ZlVvzcvj3nXWzZzxh2ymDIOvyJA+t0LHQvsN/fbdW
fC6Pm51fEkabbmw= fC6Pm51fEkabbmw=
A.1.3. S/MIME signed-only multipart/signed over a simple message, No B.1.3. S/MIME signed-only multipart/signed over a simple message, No
Header Protection Header Protection
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a text/plain message. It uses no (multipart/signed). The payload is a text/plain message. It uses no
header protection. header protection.
It has the following structure: It has the following structure:
└┬╴multipart/signed 4156 bytes └┬╴multipart/signed 4156 bytes
├─╴text/plain 224 bytes ├─╴text/plain 224 bytes
skipping to change at page 41, line 14 skipping to change at page 44, line 30
MC8GCSqGSIb3DQEJBDEiBCBBQlio2vX/u19qayJ1Cm1QL6VZY0fBeGz9o7nEzCRO MC8GCSqGSIb3DQEJBDEiBCBBQlio2vX/u19qayJ1Cm1QL6VZY0fBeGz9o7nEzCRO
+zANBgkqhkiG9w0BAQEFAASCAQARvwKQYbbPuADZ7KqyO9LuESdEfBxOF80sHKNz +zANBgkqhkiG9w0BAQEFAASCAQARvwKQYbbPuADZ7KqyO9LuESdEfBxOF80sHKNz
UXrHZo8JdKaKxr/cTAuzBvoTxsmqvzP3ItCBm+javqX22+tHTpqisz5jkoiWyNVS UXrHZo8JdKaKxr/cTAuzBvoTxsmqvzP3ItCBm+javqX22+tHTpqisz5jkoiWyNVS
e+F++YX8mXokgQpY26mZ+15Mv8pYYhptn6zdkRU1+QOwwlDCc6ykkCZeXyc+Hf7c e+F++YX8mXokgQpY26mZ+15Mv8pYYhptn6zdkRU1+QOwwlDCc6ykkCZeXyc+Hf7c
xqM6SqPMQ+G7wIF6P2jHCId8Xyl7sdbL0i6PjotesHU+7nQsCjgI/iVR/ubWUdFX xqM6SqPMQ+G7wIF6P2jHCId8Xyl7sdbL0i6PjotesHU+7nQsCjgI/iVR/ubWUdFX
CTg8HVy4p683V3Y9DoRNP4MlUdmon8JasHDvA0240JcXxhJn1zEYa4gOnwgu3kh9 CTg8HVy4p683V3Y9DoRNP4MlUdmon8JasHDvA0240JcXxhJn1zEYa4gOnwgu3kh9
3Y+NeucYCT0bXCBq2RLVQSpdNZfScXKL9QvZ3FtB0r6Bmtky 3Y+NeucYCT0bXCBq2RLVQSpdNZfScXKL9QvZ3FtB0r6Bmtky
--76c-- --76c--
A.1.4. S/MIME encrypted and signed over a simple message, No Header B.1.4. S/MIME encrypted and signed over a simple message, No Header
Protection Protection
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses no header protection. message. It uses no header protection.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 6720 bytes └─╴application/pkcs7-mime [smime.p7m] 6720 bytes
↧ (decrypts to) ↧ (decrypts to)
skipping to change at page 44, line 5 skipping to change at page 47, line 22
KJ4xXQXTzzUCDMnACFp6mBTd3g2ZbnfHKSyJdAvPigVbA+Qhy2eWUTYpi6yjTIyT KJ4xXQXTzzUCDMnACFp6mBTd3g2ZbnfHKSyJdAvPigVbA+Qhy2eWUTYpi6yjTIyT
eaQ2qafGppn85oLFkdgdmE3Ty1UxOpAsqLyNlNAa6YT3D/0Jl3VnfhFKlmywWIG6 eaQ2qafGppn85oLFkdgdmE3Ty1UxOpAsqLyNlNAa6YT3D/0Jl3VnfhFKlmywWIG6
Z2SLd0r07xoBUuAKHkFUuRauGYbVbU/Frmdylv6I9DhCqV/XEDa/tHOa/LWugvb+ Z2SLd0r07xoBUuAKHkFUuRauGYbVbU/Frmdylv6I9DhCqV/XEDa/tHOa/LWugvb+
x5A+g+kZiTiWRRLZYHungyjquAf/zeJsPYRoQEi4KHAQ30xCDk/dhWdhDBnUXT8P x5A+g+kZiTiWRRLZYHungyjquAf/zeJsPYRoQEi4KHAQ30xCDk/dhWdhDBnUXT8P
hzMj8VN3yjQA1vMNA5uefj2/+MIkLkz6+XPl/lJNLFHYi+EERgxJ2mFm/s02h9NF hzMj8VN3yjQA1vMNA5uefj2/+MIkLkz6+XPl/lJNLFHYi+EERgxJ2mFm/s02h9NF
NhyWBsBtsEwi+rVbfcRRBpVjR5MwUohNHMGxwgj7rzvUkDe47ueXDP74j+JclO68 NhyWBsBtsEwi+rVbfcRRBpVjR5MwUohNHMGxwgj7rzvUkDe47ueXDP74j+JclO68
r4jQ3sob123uSYryDHBZxZSbwjFU2ufE8W+XL/NGwTw04alHZfKsH4x4ZbGqwunf r4jQ3sob123uSYryDHBZxZSbwjFU2ufE8W+XL/NGwTw04alHZfKsH4x4ZbGqwunf
U4lkcOY/ijmuhL5mn2YYUE6w4oywZuLx5WCv2oAvQawMmNP9AeI1jcV9JiKa+8y0 U4lkcOY/ijmuhL5mn2YYUE6w4oywZuLx5WCv2oAvQawMmNP9AeI1jcV9JiKa+8y0
sAa1LzD78Dg4FKO8t3d13Q== sAa1LzD78Dg4FKO8t3d13Q==
A.1.5. No cryptographic protections over a complex message B.1.5. No cryptographic protections over a complex message
This message uses no cryptographic protection at all. Its body is a This message uses no cryptographic protection at all. Its body is a
multipart/alternative message with an inline image/png attachment. multipart/alternative message with an inline image/png attachment.
It has the following structure: It has the following structure:
└┬╴multipart/mixed 1357 bytes └┬╴multipart/mixed 1357 bytes
├┬╴multipart/alternative 780 bytes ├┬╴multipart/alternative 780 bytes
│├─╴text/plain 206 bytes │├─╴text/plain 206 bytes
│└─╴text/html 290 bytes │└─╴text/html 290 bytes
skipping to change at page 45, line 20 skipping to change at page 48, line 38
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--0f4-- --0f4--
A.1.6. S/MIME signed-only signedData over a complex message, No Header B.1.6. S/MIME signed-only signedData over a complex message, No Header
Protection Protection
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png payload is a multipart/alternative message with an inline image/png
attachment. It uses no header protection. attachment. It uses no header protection.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5229 bytes └─╴application/pkcs7-mime [smime.p7m] 5229 bytes
⇩ (unwraps to) ⇩ (unwraps to)
skipping to change at page 47, line 34 skipping to change at page 51, line 9
olw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN olw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAxMDJaMC8GCSqGSIb3DQEJBDEi AQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAxMDJaMC8GCSqGSIb3DQEJBDEi
BCCBo3TZITs9IUGlq1clkkamrYq1pC+qAOmbM6mBrJaWJDANBgkqhkiG9w0BAQEF BCCBo3TZITs9IUGlq1clkkamrYq1pC+qAOmbM6mBrJaWJDANBgkqhkiG9w0BAQEF
AASCAQARpMjNRbLD+Z682oraEKCbEbDsym9Mrdu6nkcZ+ivEj+AHTU9rt+LBdvTb AASCAQARpMjNRbLD+Z682oraEKCbEbDsym9Mrdu6nkcZ+ivEj+AHTU9rt+LBdvTb
gHEKrWW8/HJ8C9eybTU4XJlVzbvGLRFhLPrLNz23qygzUH9AJ3nONY9eGAHLRagc gHEKrWW8/HJ8C9eybTU4XJlVzbvGLRFhLPrLNz23qygzUH9AJ3nONY9eGAHLRagc
Ij3L+IAoRjfC3KO00s0/rLfb/l4EmMLCUDJlShrsqCrFfXQxKi9dWWvVZUzEsGqG Ij3L+IAoRjfC3KO00s0/rLfb/l4EmMLCUDJlShrsqCrFfXQxKi9dWWvVZUzEsGqG
lhkY58o+No6WN/0SsWTHNNXrg1RKql5PyaHfWtySsMZjUOCJrlQDMeKBSE7dpTjX lhkY58o+No6WN/0SsWTHNNXrg1RKql5PyaHfWtySsMZjUOCJrlQDMeKBSE7dpTjX
wA5N/m9eBDASJyzlxdLOHGfJ1uWn/VR0Lm4xbscAdVJEm5gaH9o4QKf7jXAl7O9n wA5N/m9eBDASJyzlxdLOHGfJ1uWn/VR0Lm4xbscAdVJEm5gaH9o4QKf7jXAl7O9n
yuP+ZEhRpnjHfJ3XjFKuHiZ36Yon yuP+ZEhRpnjHfJ3XjFKuHiZ36Yon
A.1.7. S/MIME signed-only multipart/signed over a complex message, No B.1.7. S/MIME signed-only multipart/signed over a complex message, No
Header Protection Header Protection
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses no header protection. with an inline image/png attachment. It uses no header protection.
It has the following structure: It has the following structure:
└┬╴multipart/signed 5185 bytes └┬╴multipart/signed 5185 bytes
├┬╴multipart/mixed 1330 bytes ├┬╴multipart/mixed 1330 bytes
skipping to change at page 50, line 25 skipping to change at page 54, line 5
MC8GCSqGSIb3DQEJBDEiBCCpaVCRppoO9Sw65TWLCDTpvw7N8HHyZsFXr4qP43kV MC8GCSqGSIb3DQEJBDEiBCCpaVCRppoO9Sw65TWLCDTpvw7N8HHyZsFXr4qP43kV
mjANBgkqhkiG9w0BAQEFAASCAQCW76eXVAXnm6vEII1CD4QNEh2kpQeBr4/NyspF mjANBgkqhkiG9w0BAQEFAASCAQCW76eXVAXnm6vEII1CD4QNEh2kpQeBr4/NyspF
5VopKxNrBRfQs000ewQ0y2n07BUJtVyZrZOdrP5cG6K9KByxVGgpRY2Uyllz6hUA 5VopKxNrBRfQs000ewQ0y2n07BUJtVyZrZOdrP5cG6K9KByxVGgpRY2Uyllz6hUA
K12zvtU3hU5oKTKVgNtDMh8qCMVqYdJzFSZ+exTGLIaN88bMNErzw9Id1F5TpJYF K12zvtU3hU5oKTKVgNtDMh8qCMVqYdJzFSZ+exTGLIaN88bMNErzw9Id1F5TpJYF
ISUP1mXY1+GpjuXo5WEM8c7cfFH2/uDw3PSFILmuXowedbBptFH7ccGhNg6huY2c ISUP1mXY1+GpjuXo5WEM8c7cfFH2/uDw3PSFILmuXowedbBptFH7ccGhNg6huY2c
AxIADVfW6YVG3SWVAaTHUM0QmvG9AyV4d0dce+p4aoZfhUfjAF6nWIRLcrfu18z5 AxIADVfW6YVG3SWVAaTHUM0QmvG9AyV4d0dce+p4aoZfhUfjAF6nWIRLcrfu18z5
FBxL02+VfWaYOg0d3TgScxQgE2vjAgdz+TqDbQpPriQXf/h7 FBxL02+VfWaYOg0d3TgScxQgE2vjAgdz+TqDbQpPriQXf/h7
--d66-- --d66--
A.1.8. S/MIME encrypted and signed over a complex message, No Header B.1.8. S/MIME encrypted and signed over a complex message, No Header
Protection Protection
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses no alternative message with an inline image/png attachment. It uses no
header protection. header protection.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8670 bytes └─╴application/pkcs7-mime [smime.p7m] 8670 bytes
skipping to change at page 54, line 5 skipping to change at page 57, line 26
vWUvX0tyAFfuIBkdyCKMFP6zhHVxZCCa+r3W/qrfON6GH/tJ3aLdilvjwC2zQy29 vWUvX0tyAFfuIBkdyCKMFP6zhHVxZCCa+r3W/qrfON6GH/tJ3aLdilvjwC2zQy29
iuNYYJoyAS3PCjC7CL41U0kAOBNJPka6Vqn6PwxpnxGaZZyFCSU2fpAvNyT2auOh iuNYYJoyAS3PCjC7CL41U0kAOBNJPka6Vqn6PwxpnxGaZZyFCSU2fpAvNyT2auOh
CmLz/P0tNE7z7l1JXqao62CoPa1dOQJ27NbEjsoR3GobhcGQQkYb3Zsss/y1QZaa CmLz/P0tNE7z7l1JXqao62CoPa1dOQJ27NbEjsoR3GobhcGQQkYb3Zsss/y1QZaa
9lkTdk02ZDXfPPyaIUY46+VA3VcHlmWxChZiiFpqOdV21aAt+f4PJLtspE2/OTEG 9lkTdk02ZDXfPPyaIUY46+VA3VcHlmWxChZiiFpqOdV21aAt+f4PJLtspE2/OTEG
GqHngtafmMV75z+MO8ExXvy5YrI5N+S2eArIteQxBjNs5DjXnsPjE3CGwb7GPx8T GqHngtafmMV75z+MO8ExXvy5YrI5N+S2eArIteQxBjNs5DjXnsPjE3CGwb7GPx8T
XMsEmWDQ7TDtqFSUzHAIb8EieTziP0LL2LOd9dpE8xDH1X0gDC82whSxUrZOa15Z XMsEmWDQ7TDtqFSUzHAIb8EieTziP0LL2LOd9dpE8xDH1X0gDC82whSxUrZOa15Z
iJ1sZkS1VRI/iq9/5zc8BX+218FfdN+rbHWZZAM02ge1IMyOsLF9qaaiR1K9ZQPJ iJ1sZkS1VRI/iq9/5zc8BX+218FfdN+rbHWZZAM02ge1IMyOsLF9qaaiR1K9ZQPJ
lYDLcCmnS6Q1oKA2JvDOiB8sbrpKLsLk31lcqCrVJ9eOIqnA4yAijsCNiUjI1DSC lYDLcCmnS6Q1oKA2JvDOiB8sbrpKLsLk31lcqCrVJ9eOIqnA4yAijsCNiUjI1DSC
TefQo1PVS8qAGhfkcA/4nw== TefQo1PVS8qAGhfkcA/4nw==
A.2. Signed-only Messages B.2. Signed-only Messages
These messages are signed-only, using different schemes of header These messages are signed-only, using different schemes of header
protection and different S/MIME structure. The use no Header protection and different S/MIME structure. The use no Header
Confidentiality Policy because the hcp is only relevant when a Confidentiality Policy because the hcp is only relevant when a
message is encrypted. message is encrypted.
A.2.1. S/MIME signed-only signedData over a simple message, Wrapped B.2.1. S/MIME signed-only signedData over a simple message, Wrapped
Message Message
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses the Wrapped Message header payload is a text/plain message. It uses the Wrapped Message header
protection scheme. protection scheme.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 4213 bytes └─╴application/pkcs7-mime [smime.p7m] 4213 bytes
⇩ (unwraps to) ⇩ (unwraps to)
skipping to change at page 56, line 6 skipping to change at page 59, line 31
dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA0 hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA0
MDJaMC8GCSqGSIb3DQEJBDEiBCCt+Ik56mZTd2mpSgOXM38dS7jM5alU2FDX9/58 MDJaMC8GCSqGSIb3DQEJBDEiBCCt+Ik56mZTd2mpSgOXM38dS7jM5alU2FDX9/58
cga1szANBgkqhkiG9w0BAQEFAASCAQCxKLkx5li14OIOcH2tcWqcsQilPLgQ30ck cga1szANBgkqhkiG9w0BAQEFAASCAQCxKLkx5li14OIOcH2tcWqcsQilPLgQ30ck
qhJL2X9/Cl22ibOGNwL8w3qSEBeG1a+WtHw3bSqJx1ciRYcLs16ms23no5QoZ0pU qhJL2X9/Cl22ibOGNwL8w3qSEBeG1a+WtHw3bSqJx1ciRYcLs16ms23no5QoZ0pU
fRLmQuTEgObCf+syiTGnWLj8e+2aRVP1L9yEIbin6+hFyp4s393zYhdMOPAP2ruI fRLmQuTEgObCf+syiTGnWLj8e+2aRVP1L9yEIbin6+hFyp4s393zYhdMOPAP2ruI
lg+BxoWXUjXso+8lPgqLawA+9KMI6tQZMnwI9LpGJmZfoSXdHWqWtjdotzZpqsKm lg+BxoWXUjXso+8lPgqLawA+9KMI6tQZMnwI9LpGJmZfoSXdHWqWtjdotzZpqsKm
Ihr8DBKtUetqgZ2zqDO3zo3W2L6EmNM05BJUmqwAt/cN+X9kws5dAqtHDQhPNTa1 Ihr8DBKtUetqgZ2zqDO3zo3W2L6EmNM05BJUmqwAt/cN+X9kws5dAqtHDQhPNTa1
WUX0oTTkMzn1RAlOxfowEStSnfDOOzIqg+L7LgiMw9jhIgP4/uB2 WUX0oTTkMzn1RAlOxfowEStSnfDOOzIqg+L7LgiMw9jhIgP4/uB2
A.2.2. S/MIME signed-only multipart/signed over a simple message, B.2.2. S/MIME signed-only multipart/signed over a simple message,
Wrapped Message Wrapped Message
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a text/plain message. It uses (multipart/signed). The payload is a text/plain message. It uses
the Wrapped Message header protection scheme. the Wrapped Message header protection scheme.
It has the following structure: It has the following structure:
└┬╴multipart/signed 4451 bytes └┬╴multipart/signed 4451 bytes
├┬╴message/rfc822 596 bytes ├┬╴message/rfc822 596 bytes
skipping to change at page 58, line 19 skipping to change at page 62, line 5
MC8GCSqGSIb3DQEJBDEiBCCcDIxr7wd3VCCz1VBG9nySvUJ/Fhzo26f78El/UUbj MC8GCSqGSIb3DQEJBDEiBCCcDIxr7wd3VCCz1VBG9nySvUJ/Fhzo26f78El/UUbj
jTANBgkqhkiG9w0BAQEFAASCAQBUmMGL40IZQmt3Nad/ymEUOLu3Dgfd/nYKuj6P jTANBgkqhkiG9w0BAQEFAASCAQBUmMGL40IZQmt3Nad/ymEUOLu3Dgfd/nYKuj6P
fjKYJFb9UhwtufZK9/WyVtytLsFJMYHZgUSWU3VbHk1L/cO0469Rbqo6CqlLRJPK fjKYJFb9UhwtufZK9/WyVtytLsFJMYHZgUSWU3VbHk1L/cO0469Rbqo6CqlLRJPK
uN2Eul2UCa+3ovMIQ8g0NBflXrdfR0OVRqvfO91hLFkTxLfCDUG8ziRWOLWucgZg uN2Eul2UCa+3ovMIQ8g0NBflXrdfR0OVRqvfO91hLFkTxLfCDUG8ziRWOLWucgZg
zkVXqEzvFyOtsSbr3GAY817wWgl1+PTFchO4XF+rg7cNysKqGLtjxP9lN3PcURYv zkVXqEzvFyOtsSbr3GAY817wWgl1+PTFchO4XF+rg7cNysKqGLtjxP9lN3PcURYv
TmooTPY46kheab7ZAzKqQI6go7somKmMqD7UsctMLSVZo+EX5/N9vq5znv7bfpoE TmooTPY46kheab7ZAzKqQI6go7somKmMqD7UsctMLSVZo+EX5/N9vq5znv7bfpoE
Rgd+NZNQD+VYDIOU1FI5ZjyjHpRmcFpywjvHNbTBGlYhv3q4 Rgd+NZNQD+VYDIOU1FI5ZjyjHpRmcFpywjvHNbTBGlYhv3q4
--20c-- --20c--
A.2.3. S/MIME signed-only signedData over a simple message, Injected B.2.3. S/MIME signed-only signedData over a simple message, Injected
Headers Headers
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses the Injected Headers header payload is a text/plain message. It uses the Injected Headers header
protection scheme. protection scheme.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 4185 bytes └─╴application/pkcs7-mime [smime.p7m] 4185 bytes
⇩ (unwraps to) ⇩ (unwraps to)
skipping to change at page 60, line 13 skipping to change at page 63, line 46
9Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB 9Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA2MDJaMC8GCSqGSIb3DQEJBDEiBCA7 MBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA2MDJaMC8GCSqGSIb3DQEJBDEiBCA7
4grfze+Y7DQEGFAYHyyvRpNkuuZFR0V+RvSTvu4FGDANBgkqhkiG9w0BAQEFAASC 4grfze+Y7DQEGFAYHyyvRpNkuuZFR0V+RvSTvu4FGDANBgkqhkiG9w0BAQEFAASC
AQB1KYVvQNZpe3EKeM0XhJrlJNxneVmZWFCEl5YFeRsO8FeIwJkV65YtFJKjOVVy AQB1KYVvQNZpe3EKeM0XhJrlJNxneVmZWFCEl5YFeRsO8FeIwJkV65YtFJKjOVVy
qYuZBGz4MsKaddXxAOXI/Q7cJ+70d9iOc1mL3PD2/U6DOwwhNfJoNSK7miYfMASV qYuZBGz4MsKaddXxAOXI/Q7cJ+70d9iOc1mL3PD2/U6DOwwhNfJoNSK7miYfMASV
42TMJWTt0T1ORJnvBitjkTuZDus1tp3xwxbrZTa4pyGaXEhBW/Fc4z6L+z8hpQv/ 42TMJWTt0T1ORJnvBitjkTuZDus1tp3xwxbrZTa4pyGaXEhBW/Fc4z6L+z8hpQv/
+6dw3+ORgfc67VTHVnsVVfb0UPrWvdxFdL5xYdqXxlhDsLMEms2ttHHzvjC003Kq +6dw3+ORgfc67VTHVnsVVfb0UPrWvdxFdL5xYdqXxlhDsLMEms2ttHHzvjC003Kq
As0xMHEmMpfdL5M69MAjvroOUv0SXETfQaxca7IKd+9xUNNRretZ9xz2kn2uD+k7 As0xMHEmMpfdL5M69MAjvroOUv0SXETfQaxca7IKd+9xUNNRretZ9xz2kn2uD+k7
unTEyVGeHrWmQMw/8MdvEac/ unTEyVGeHrWmQMw/8MdvEac/
A.2.4. S/MIME signed-only multipart/signed over a simple message, B.2.4. S/MIME signed-only multipart/signed over a simple message,
Injected Headers Injected Headers
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a text/plain message. It uses (multipart/signed). The payload is a text/plain message. It uses
the Injected Headers header protection scheme. the Injected Headers header protection scheme.
It has the following structure: It has the following structure:
└┬╴multipart/signed 4417 bytes └┬╴multipart/signed 4417 bytes
├─╴text/plain 258 bytes ├─╴text/plain 258 bytes
skipping to change at page 62, line 19 skipping to change at page 66, line 4
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa
MC8GCSqGSIb3DQEJBDEiBCCXRoUdgR7J+TnI6kw8MpGtWVJPCnoAB+XfkDf78dWi MC8GCSqGSIb3DQEJBDEiBCCXRoUdgR7J+TnI6kw8MpGtWVJPCnoAB+XfkDf78dWi
cTANBgkqhkiG9w0BAQEFAASCAQCitU3JsEMd9FhqUu87UxYScDI1pDfZnX1vjges cTANBgkqhkiG9w0BAQEFAASCAQCitU3JsEMd9FhqUu87UxYScDI1pDfZnX1vjges
xBmmSy5lq5vvs+axKK/hTOR7YLSuLJLNwxJgDCPEmHi1hV5Tpj5mLH8qEXu4c+kK xBmmSy5lq5vvs+axKK/hTOR7YLSuLJLNwxJgDCPEmHi1hV5Tpj5mLH8qEXu4c+kK
s9is53v0NvibhIvDEpnqNvL/kMVDAk2gTqYHCE2Ij7qcWWNhnGdweMJZsBvLy/Xi s9is53v0NvibhIvDEpnqNvL/kMVDAk2gTqYHCE2Ij7qcWWNhnGdweMJZsBvLy/Xi
BLaD2t4qHY9lPaeMugDrxThNWEhjoDIoI5f7NpBPYvJgB7b1cJhXqil5weYrJiGr BLaD2t4qHY9lPaeMugDrxThNWEhjoDIoI5f7NpBPYvJgB7b1cJhXqil5weYrJiGr
hyTr56lff+Xjs8qjgrrzdJ8HHeUsxDJulrX8auo+pIKudcu41U8Ben2M9nCiVbEG hyTr56lff+Xjs8qjgrrzdJ8HHeUsxDJulrX8auo+pIKudcu41U8Ben2M9nCiVbEG
aqbbPK7xip5c/YZEaZWYAs8w+dif68J8Eo7QO/kkr45Tt5pf aqbbPK7xip5c/YZEaZWYAs8w+dif68J8Eo7QO/kkr45Tt5pf
--12b-- --12b--
A.2.5. S/MIME signed-only signedData over a complex message, Wrapped B.2.5. S/MIME signed-only signedData over a complex message, Wrapped
Message Message
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png payload is a multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme. attachment. It uses the Wrapped Message header protection scheme.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5615 bytes └─╴application/pkcs7-mime [smime.p7m] 5615 bytes
⇩ (unwraps to) ⇩ (unwraps to)
skipping to change at page 64, line 43 skipping to change at page 68, line 27
as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMjEwMjIwMTcwNDAyWjAvBgkqhkiG9w0BCQQxIgQgGiss BgkqhkiG9w0BCQUxDxcNMjEwMjIwMTcwNDAyWjAvBgkqhkiG9w0BCQQxIgQgGiss
3bBs4a2FSojj2NVcmGx+Y2J2N13x7iIWxuaypk0wDQYJKoZIhvcNAQEBBQAEggEA 3bBs4a2FSojj2NVcmGx+Y2J2N13x7iIWxuaypk0wDQYJKoZIhvcNAQEBBQAEggEA
huOPBptjY2fcRzq9DPryHFCFCPa75LnQl2zLijpFMW7qyswoyR6BguvTEzV4kBPV huOPBptjY2fcRzq9DPryHFCFCPa75LnQl2zLijpFMW7qyswoyR6BguvTEzV4kBPV
D2Sbh86FibwmvNdgzzXc2PJzcj6jtYE0R58tdO/ks7qOeIbtZUgpZT3W/wlEpnmd D2Sbh86FibwmvNdgzzXc2PJzcj6jtYE0R58tdO/ks7qOeIbtZUgpZT3W/wlEpnmd
Pr7Df4oVEV9qS+vJh0iNASJspYwccPwIf5fKCPJf5H+xhQlSJ1rLIhw6Cu2ogkWB Pr7Df4oVEV9qS+vJh0iNASJspYwccPwIf5fKCPJf5H+xhQlSJ1rLIhw6Cu2ogkWB
bQDijNyjP5jM1X7Xo3mP4ReuauS4e0DnnRMH3pDGUaKAN5dnEVqdXG1C76+yOBwr bQDijNyjP5jM1X7Xo3mP4ReuauS4e0DnnRMH3pDGUaKAN5dnEVqdXG1C76+yOBwr
/foPN5vjE8RMtte3DtOKqGeWwsoEcjinU77z6d0kIWQqNYUNmqDHJ7O/yla0xG14 /foPN5vjE8RMtte3DtOKqGeWwsoEcjinU77z6d0kIWQqNYUNmqDHJ7O/yla0xG14
IPJnl/JphEWKl3FjI6iL4A== IPJnl/JphEWKl3FjI6iL4A==
A.2.6. S/MIME signed-only multipart/signed over a complex message, B.2.6. S/MIME signed-only multipart/signed over a complex message,
Wrapped Message Wrapped Message
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Wrapped Message with an inline image/png attachment. It uses the Wrapped Message
header protection scheme. header protection scheme.
It has the following structure: It has the following structure:
└┬╴multipart/signed 5528 bytes └┬╴multipart/signed 5528 bytes
skipping to change at page 67, line 45 skipping to change at page 71, line 35
MC8GCSqGSIb3DQEJBDEiBCAqHXFyYQoKOPnaQ8OYqY4ornV0eciFU8bWD8ky9iEo MC8GCSqGSIb3DQEJBDEiBCAqHXFyYQoKOPnaQ8OYqY4ornV0eciFU8bWD8ky9iEo
CjANBgkqhkiG9w0BAQEFAASCAQAPH0Gm13RZy3gpCgSpM94kN7gG0Qz7gYXsP10Y CjANBgkqhkiG9w0BAQEFAASCAQAPH0Gm13RZy3gpCgSpM94kN7gG0Qz7gYXsP10Y
+A4JB3xAPM1deb6TWBBbmoX8KktiMIIQQz+im/6ab96G5VlvSXpaAsHjTg8pkvMS +A4JB3xAPM1deb6TWBBbmoX8KktiMIIQQz+im/6ab96G5VlvSXpaAsHjTg8pkvMS
K220ePIQLYGMgbf/h/CDO6kXr4D74QPwhaRzo/DKErgwlvY+osiwrC/srFXyv6M8 K220ePIQLYGMgbf/h/CDO6kXr4D74QPwhaRzo/DKErgwlvY+osiwrC/srFXyv6M8
673VBGD5XXq8d8LSYQjiSpAQjyGu6Ddo4hZdRNzDQU6a6HRD6qYmaYszb9z6HMHL 673VBGD5XXq8d8LSYQjiSpAQjyGu6Ddo4hZdRNzDQU6a6HRD6qYmaYszb9z6HMHL
AR28J5t4YynW2Hr8/4HSZ5YMt+sXjm1nsGGqLsOdxo6VmgKSiC2nhx7QbJhqevQL AR28J5t4YynW2Hr8/4HSZ5YMt+sXjm1nsGGqLsOdxo6VmgKSiC2nhx7QbJhqevQL
CJWufMVWkvIX74TyfK6W0hl1x/pw0YfHnZMimppl69rRSEsF CJWufMVWkvIX74TyfK6W0hl1x/pw0YfHnZMimppl69rRSEsF
--932-- --932--
A.2.7. S/MIME signed-only signedData over a complex message, Injected B.2.7. S/MIME signed-only signedData over a complex message, Injected
Headers Headers
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png payload is a multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection scheme. attachment. It uses the Injected Headers header protection scheme.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5631 bytes └─╴application/pkcs7-mime [smime.p7m] 5631 bytes
⇩ (unwraps to) ⇩ (unwraps to)
skipping to change at page 70, line 17 skipping to change at page 74, line 7
QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzEL QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzEL
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDYwMlowLwYJKoZI BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDYwMlowLwYJKoZI
hvcNAQkEMSIEIEZJTcpCQRTwXEI88+nlLqN3b7JQ6wZ3y/JlosQRxxY4MA0GCSqG hvcNAQkEMSIEIEZJTcpCQRTwXEI88+nlLqN3b7JQ6wZ3y/JlosQRxxY4MA0GCSqG
SIb3DQEBAQUABIIBAEj1f7sJy7g9/S/3wXfUqyyg/3Sr/4H7n/Wyxg+FP74Bi0Km SIb3DQEBAQUABIIBAEj1f7sJy7g9/S/3wXfUqyyg/3Sr/4H7n/Wyxg+FP74Bi0Km
Z01zoauH8fpjsOg0fS/ll14j69FCkaFUqHYotT6kojdodBRM36IGMIHEPPYH6pAL Z01zoauH8fpjsOg0fS/ll14j69FCkaFUqHYotT6kojdodBRM36IGMIHEPPYH6pAL
4K4CPk62J9PWRwlX+6HYPr+WDfSjzGAL5mDTzYVAuu2aUn46SmTUVNDv3UBaxQCS 4K4CPk62J9PWRwlX+6HYPr+WDfSjzGAL5mDTzYVAuu2aUn46SmTUVNDv3UBaxQCS
sghtVe1snSHpJYz3LciIWyKrE+Kpw+g6cb9hVY/a4p9jHu11x7MfCQddVg2qjZsO sghtVe1snSHpJYz3LciIWyKrE+Kpw+g6cb9hVY/a4p9jHu11x7MfCQddVg2qjZsO
9TH1X9hfSzxV6bmFRZ39+MU/mOV2pxVYXyDnk6BX48PVx7C5tFWDtr+hB5dEQ93i 9TH1X9hfSzxV6bmFRZ39+MU/mOV2pxVYXyDnk6BX48PVx7C5tFWDtr+hB5dEQ93i
sQt3VRgv6NwEiyxqfxyQhHgpJY2+DqhoFgwbhkI= sQt3VRgv6NwEiyxqfxyQhHgpJY2+DqhoFgwbhkI=
A.2.8. S/MIME signed-only multipart/signed over a complex message, B.2.8. S/MIME signed-only multipart/signed over a complex message,
Injected Headers Injected Headers
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Injected Headers with an inline image/png attachment. It uses the Injected Headers
header protection scheme. header protection scheme.
It has the following structure: It has the following structure:
└┬╴multipart/signed 5496 bytes └┬╴multipart/signed 5496 bytes
skipping to change at page 73, line 13 skipping to change at page 77, line 4
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
MC8GCSqGSIb3DQEJBDEiBCA4lKOx9a084fB6gb7XvsxC6U70hVOXe3FjeF9sS6mN MC8GCSqGSIb3DQEJBDEiBCA4lKOx9a084fB6gb7XvsxC6U70hVOXe3FjeF9sS6mN
qDANBgkqhkiG9w0BAQEFAASCAQAfMFJgqp9Vb8dS34Kz4fZfKGA1SMbqun/XqC6S qDANBgkqhkiG9w0BAQEFAASCAQAfMFJgqp9Vb8dS34Kz4fZfKGA1SMbqun/XqC6S
9/+EpIiDL54Mw3qug01eU/ms0YoBlu8aV/9CbC2DlOdPrFCRuHTWyFClWgi2X5Mj 9/+EpIiDL54Mw3qug01eU/ms0YoBlu8aV/9CbC2DlOdPrFCRuHTWyFClWgi2X5Mj
fg57SXgGd1KJmhWAtcNuI11l1k6TeoI/pmU/R9tNKrF349tDVHZU/4GWUfuyiorK fg57SXgGd1KJmhWAtcNuI11l1k6TeoI/pmU/R9tNKrF349tDVHZU/4GWUfuyiorK
t6TQK0/Vf+JUySQVCUqnx+Zb+bhvWmKfKuX0CJDEOyD+kH21ar0HMNGLK9S9R3MJ t6TQK0/Vf+JUySQVCUqnx+Zb+bhvWmKfKuX0CJDEOyD+kH21ar0HMNGLK9S9R3MJ
dfL9+1PmXCXsTP7TIhmnwCJSpBJpmzzq345uu3N52/3SsJYrahIUkbPLnYxTAKDD dfL9+1PmXCXsTP7TIhmnwCJSpBJpmzzq345uu3N52/3SsJYrahIUkbPLnYxTAKDD
N1k0ijGbEofDEC9RtdwnoGPfv1UG95LK22Ys3tLqApQqkByY N1k0ijGbEofDEC9RtdwnoGPfv1UG95LK22Ys3tLqApQqkByY
--a23-- --a23--
A.3. Encrypted-and-signed Messages B.3. Encrypted-and-signed Messages
These messages are encrypted and signed. They use PKCS#7 signedData These messages are encrypted and signed. They use PKCS#7 signedData
inside envelopedData, with different header protection schemes and inside envelopedData, with different header protection schemes and
different Header Confidentiality Policies. different Header Confidentiality Policies.
A.3.1. S/MIME encrypted and signed over a simple message, Wrapped B.3.1. S/MIME encrypted and signed over a simple message, Wrapped
Message with hcp_minimal Message with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with message. It uses the Wrapped Message header protection scheme with
the hcp_minimal Header Confidentiality Policy. the hcp_minimal Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7345 bytes └─╴application/pkcs7-mime [smime.p7m] 7345 bytes
skipping to change at page 76, line 20 skipping to change at page 80, line 10
Flb9J+ydb3ENJlVnOaKGC/hyGhULNAUTDyg+pqz3Nu5lwejgFNgz3/W/KPNnIFnM Flb9J+ydb3ENJlVnOaKGC/hyGhULNAUTDyg+pqz3Nu5lwejgFNgz3/W/KPNnIFnM
6vJto9bEpNKATOOBLXW20ztJCjgH0DD7AvQAVTGu8208MBL8PueUDlUysqZduTay 6vJto9bEpNKATOOBLXW20ztJCjgH0DD7AvQAVTGu8208MBL8PueUDlUysqZduTay
f2aVXIcEfPFwXR8lzHtDe87Iu/RqKwPnkHy+nFRKUSVhyhQ3EgnWZpLRNzHgPxvf f2aVXIcEfPFwXR8lzHtDe87Iu/RqKwPnkHy+nFRKUSVhyhQ3EgnWZpLRNzHgPxvf
C74UbBFrBARWFRty28HGPqM75jNsOIsquad+9gxleRsuPE1klsjiXlvDTltrEYE/ C74UbBFrBARWFRty28HGPqM75jNsOIsquad+9gxleRsuPE1klsjiXlvDTltrEYE/
EF56h9hdn88C7SEO4KFMbI/6ae62JQdpO7CPgq+5YGHMVUZeQHJZkfLAQUVTCRQt EF56h9hdn88C7SEO4KFMbI/6ae62JQdpO7CPgq+5YGHMVUZeQHJZkfLAQUVTCRQt
cZH86BtnMyKPZeovEd0guyX0kv27gswviZXf1h0ey5voAGw0EH9j6+z5SN0sPhry cZH86BtnMyKPZeovEd0guyX0kv27gswviZXf1h0ey5voAGw0EH9j6+z5SN0sPhry
AzwG8mH27qDlrrGCn1gX5fOS39+xtuuseqAW+iQgDk9IGrqAstMQYRW1kRYXKQlg AzwG8mH27qDlrrGCn1gX5fOS39+xtuuseqAW+iQgDk9IGrqAstMQYRW1kRYXKQlg
y/1c1Q5/M6kyq5M2iI9ggd7hrqTcEh9Xy1dRBPdCljXyWZo2eTnp0n9whXZbMtLu y/1c1Q5/M6kyq5M2iI9ggd7hrqTcEh9Xy1dRBPdCljXyWZo2eTnp0n9whXZbMtLu
lIZc102dTwLWWXM7uLK3xDQS653AQKc8C46DW3GslHl5+jW00C5orPHh5xeLX9UO lIZc102dTwLWWXM7uLK3xDQS653AQKc8C46DW3GslHl5+jW00C5orPHh5xeLX9UO
A.3.2. S/MIME encrypted and signed over a simple message, Injected B.3.2. S/MIME encrypted and signed over a simple message, Injected
Headers with hcp_minimal Headers with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_minimal Header Confidentiality Policy. the hcp_minimal Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7305 bytes └─╴application/pkcs7-mime [smime.p7m] 7305 bytes
skipping to change at page 79, line 17 skipping to change at page 83, line 7
B1A2gBGUp3/OtsLsc5RZMSUyXYuqZ+qXjKkhEj8ApsB4sO8mEkho0KJRDqW0uu5o B1A2gBGUp3/OtsLsc5RZMSUyXYuqZ+qXjKkhEj8ApsB4sO8mEkho0KJRDqW0uu5o
yij7OfBY9kxe056y0xWee2Fw4O0SRscjAcuGkkiCZi8Beb9JriE5ddE9Hw9W5/Ai yij7OfBY9kxe056y0xWee2Fw4O0SRscjAcuGkkiCZi8Beb9JriE5ddE9Hw9W5/Ai
Xyxn3C7Mv4ozpFzvKgw/bukNYIKdDZ2nWeqpnRoSyAbuHJ0FFdayEvx/XSSPdq/t Xyxn3C7Mv4ozpFzvKgw/bukNYIKdDZ2nWeqpnRoSyAbuHJ0FFdayEvx/XSSPdq/t
g3V1bNrMbZMYr/QJkQqCvncusXK5OpFeOF/2jj+EnJrbubrOmTR+GzKAN88Qq67n g3V1bNrMbZMYr/QJkQqCvncusXK5OpFeOF/2jj+EnJrbubrOmTR+GzKAN88Qq67n
nMRrQVCOZ+3Wiq1ykBY7nrVLfHW/AF8BDW+xqr6uNIO5u084yZRpStkE611JMZVY nMRrQVCOZ+3Wiq1ykBY7nrVLfHW/AF8BDW+xqr6uNIO5u084yZRpStkE611JMZVY
MvTtm+Yb5trb/qUuzJbpgSRT40mlHynstp+vEEcM6ujVFSUEITFCQuaPKmZl/qHd MvTtm+Yb5trb/qUuzJbpgSRT40mlHynstp+vEEcM6ujVFSUEITFCQuaPKmZl/qHd
M+AqbdMRu6MLGBR1TX5rTVd6kIj2qDTmPbnV/6PK59T8Nv6Aekokdc5CtYgc4oKh M+AqbdMRu6MLGBR1TX5rTVd6kIj2qDTmPbnV/6PK59T8Nv6Aekokdc5CtYgc4oKh
ftDRa60EjpLGiJgCQzT7khzTrHZMN9YxdtrTDBr4fHitqlr5RjU+Aymx+NL0CXmX ftDRa60EjpLGiJgCQzT7khzTrHZMN9YxdtrTDBr4fHitqlr5RjU+Aymx+NL0CXmX
V+LiVvvQxHGpGiZEaV7onQ== V+LiVvvQxHGpGiZEaV7onQ==
A.3.3. S/MIME encrypted and signed over a simple message, Injected B.3.3. S/MIME encrypted and signed over a simple message, Injected
Headers with hcp_minimal (+ Legacy Display) Headers with hcp_minimal (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_minimal Header Confidentiality Policy with a "Legacy Display" the hcp_minimal Header Confidentiality Policy with a "Legacy Display"
part. part.
It has the following structure: It has the following structure:
skipping to change at page 82, line 26 skipping to change at page 86, line 16
gb0McWbNuvqkrqbtcjrSsgiYSyc3+8jXBZTF+Gzb0lcQocDCH6c5EVhgkvJ0ZK1q gb0McWbNuvqkrqbtcjrSsgiYSyc3+8jXBZTF+Gzb0lcQocDCH6c5EVhgkvJ0ZK1q
xotnpJ5KkmutQcEaxWyzl5CZZJvUatasOH+Hq4742stnIjtgec5S7Zz6YyzWL/uA xotnpJ5KkmutQcEaxWyzl5CZZJvUatasOH+Hq4742stnIjtgec5S7Zz6YyzWL/uA
PbskoDQW1FBEgzMBwREQ4M+UjPKSsO8CAIVSreGTeSYYS9JAmfe5iGSTx7HkFRft PbskoDQW1FBEgzMBwREQ4M+UjPKSsO8CAIVSreGTeSYYS9JAmfe5iGSTx7HkFRft
cP5KgEr1sm47epBnV7C9qAf6XVUWPpQMR0mbkn+1b+BYNE84NG3CCEDRl3JTs5fA cP5KgEr1sm47epBnV7C9qAf6XVUWPpQMR0mbkn+1b+BYNE84NG3CCEDRl3JTs5fA
7yLCnNJ13+jmqjtyCtcbYfGVFiZ3xnPMTB2fbO16oTShsTx6jDr7bC+a959XBxWn 7yLCnNJ13+jmqjtyCtcbYfGVFiZ3xnPMTB2fbO16oTShsTx6jDr7bC+a959XBxWn
WSwc47R27JurX3+t7BkP0IYiED6yydVbQ0Q41E0p3o2Kec9VXh0fjIEuC6Ttctgk WSwc47R27JurX3+t7BkP0IYiED6yydVbQ0Q41E0p3o2Kec9VXh0fjIEuC6Ttctgk
JyAEwUylj/APoa//GN4qqHQFXIMALaxfwj/1IvyqXWEE5E6WCIhUdV3GFkMhztul JyAEwUylj/APoa//GN4qqHQFXIMALaxfwj/1IvyqXWEE5E6WCIhUdV3GFkMhztul
d/X6IOqUgQyas/1WakdhSpRiHZC6MXI5WUA1Fj7DqwlckxWDar3Poy9VsvtmP47w d/X6IOqUgQyas/1WakdhSpRiHZC6MXI5WUA1Fj7DqwlckxWDar3Poy9VsvtmP47w
zh5cgHDbi1Kz65mGK0AjVH1D9UYbOgkW6nAU8yO5Bm0AhS8bDceC6GaQzhhS6a5m zh5cgHDbi1Kz65mGK0AjVH1D9UYbOgkW6nAU8yO5Bm0AhS8bDceC6GaQzhhS6a5m
A.3.4. S/MIME encrypted and signed over a simple message, Wrapped B.3.4. S/MIME encrypted and signed over a simple message, Wrapped
Message with hcp_strong Message with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with message. It uses the Wrapped Message header protection scheme with
the hcp_strong Header Confidentiality Policy. the hcp_strong Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7345 bytes └─╴application/pkcs7-mime [smime.p7m] 7345 bytes
skipping to change at page 85, line 24 skipping to change at page 89, line 14
Efcmnds0p3V5B4ZaXLfR6aHdtrDT+B8eNb1bB2wOP/IA7Up4NzVf9BtEzq2JKj18 Efcmnds0p3V5B4ZaXLfR6aHdtrDT+B8eNb1bB2wOP/IA7Up4NzVf9BtEzq2JKj18
mtSbNmSuhSGqYP3fKWV4inAgRQiDDw3bnazMh/mI17qMLa25lzP9IJ5RNDRRWCjf mtSbNmSuhSGqYP3fKWV4inAgRQiDDw3bnazMh/mI17qMLa25lzP9IJ5RNDRRWCjf
+mljnLpyYHb5RyZ4nqD4+w59YM9Q/v72C2cyL6WygYE4JVXIWdnrHPSTkjBBjoxD +mljnLpyYHb5RyZ4nqD4+w59YM9Q/v72C2cyL6WygYE4JVXIWdnrHPSTkjBBjoxD
P1WbthMP6DJcM5v9t8Rv8Mc8bPiUrKzMDCbXNcPJm1HDCnYrWXFYqOvUpKvWn6zt P1WbthMP6DJcM5v9t8Rv8Mc8bPiUrKzMDCbXNcPJm1HDCnYrWXFYqOvUpKvWn6zt
Q39rPppCdrHkNzFS20MsvWiw9KsWg2rb/ph+qh418ac8VdyXNcETVgkLeYHnue61 Q39rPppCdrHkNzFS20MsvWiw9KsWg2rb/ph+qh418ac8VdyXNcETVgkLeYHnue61
Rbb04HvCvu3bBNjy8D6yRlFVIVxH3Zy7+iz3fJ70VwlqqpmlnMsidx3v1ykAeK1t Rbb04HvCvu3bBNjy8D6yRlFVIVxH3Zy7+iz3fJ70VwlqqpmlnMsidx3v1ykAeK1t
uo42n/3t82Dx/5s3p9rZnhWXUdO0etjL88GpyzvdwtkYy3Nj/8afvB62iUwZ1fR5 uo42n/3t82Dx/5s3p9rZnhWXUdO0etjL88GpyzvdwtkYy3Nj/8afvB62iUwZ1fR5
rcnklWkphSq9HL6brXQsS3lODDHsy8xIJlu5RrGD2MOIOy/rbMxNT5WnGoZ6j/RJ rcnklWkphSq9HL6brXQsS3lODDHsy8xIJlu5RrGD2MOIOy/rbMxNT5WnGoZ6j/RJ
Spn1f944h2LkyVFFNgIlq1W6MLfTNBrZZ6kMpJ8X39iL5KmkrQ1me1rgJTtM4heK Spn1f944h2LkyVFFNgIlq1W6MLfTNBrZZ6kMpJ8X39iL5KmkrQ1me1rgJTtM4heK
A.3.5. S/MIME encrypted and signed over a simple message, Injected B.3.5. S/MIME encrypted and signed over a simple message, Injected
Headers with hcp_strong Headers with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_strong Header Confidentiality Policy. the hcp_strong Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7305 bytes └─╴application/pkcs7-mime [smime.p7m] 7305 bytes
skipping to change at page 88, line 21 skipping to change at page 92, line 11
tEPiR2f6oxgo+96zUxxpFAMU6+EZz01IeGYy61+NTJ0aAOhWvlmpff2uDBEJtdnu tEPiR2f6oxgo+96zUxxpFAMU6+EZz01IeGYy61+NTJ0aAOhWvlmpff2uDBEJtdnu
/i7WYT5qC6Pae0ZWIhseLGI1U/CUMfdY295pCfCQSTS8O16J93yHY5bWMwMyDw52 /i7WYT5qC6Pae0ZWIhseLGI1U/CUMfdY295pCfCQSTS8O16J93yHY5bWMwMyDw52
Vf584mGeE3a5/j9ju9qnjdl7Z5rjR7bc7oYKjCP+Pv+R3pOo7jhNhTKCbipvH2Ik Vf584mGeE3a5/j9ju9qnjdl7Z5rjR7bc7oYKjCP+Pv+R3pOo7jhNhTKCbipvH2Ik
xi+aa9nsTlYgNFMTmbFljhcsiTbPSOw6NpNfJmynWlduqM2Ra5ZSMOjdKtOEW5mL xi+aa9nsTlYgNFMTmbFljhcsiTbPSOw6NpNfJmynWlduqM2Ra5ZSMOjdKtOEW5mL
HKN7LhzMs5nWvxM2m6J26kzfbM3+d5W361BvgU6v9oCE8uSobGI/sSNP0kgGU9Cx HKN7LhzMs5nWvxM2m6J26kzfbM3+d5W361BvgU6v9oCE8uSobGI/sSNP0kgGU9Cx
A9kSrxMnhahtlC02aROS08PSeAcErUnyKJLOdrcACRM/T6iwROLI38Nn3E/PuqmF A9kSrxMnhahtlC02aROS08PSeAcErUnyKJLOdrcACRM/T6iwROLI38Nn3E/PuqmF
XDcN6aosfk5Gz0WhEuIe7o4bEDcHTKkeZ90/qNyJuCTwh99VUEeN9T6PovTSTYr2 XDcN6aosfk5Gz0WhEuIe7o4bEDcHTKkeZ90/qNyJuCTwh99VUEeN9T6PovTSTYr2
xpl2Dca+KXzEcdmT6bL3eyrBAMRW8HyfYTxAJntty0pLOgszHc9Im6q5Y+HvKOU2 xpl2Dca+KXzEcdmT6bL3eyrBAMRW8HyfYTxAJntty0pLOgszHc9Im6q5Y+HvKOU2
Jck3h1nygfBehDUwsLTWPg== Jck3h1nygfBehDUwsLTWPg==
A.3.6. S/MIME encrypted and signed over a simple message, Injected B.3.6. S/MIME encrypted and signed over a simple message, Injected
Headers with hcp_strong (+ Legacy Display) Headers with hcp_strong (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_strong Header Confidentiality Policy with a "Legacy Display" the hcp_strong Header Confidentiality Policy with a "Legacy Display"
part. part.
It has the following structure: It has the following structure:
skipping to change at page 88, line 46 skipping to change at page 92, line 36
└┬╴multipart/mixed 918 bytes └┬╴multipart/mixed 918 bytes
├─╴text/plain 50 bytes ├─╴text/plain 50 bytes
└─╴text/plain 367 bytes └─╴text/plain 367 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <73a42f8e-8f5a-5c62-b982-82ace766fd32@lhp.example> Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500 Date: Sat, 20 Feb 2021 10:13:02 -0500
MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFlb0uw75g4ZCsNeHmu6cGBIrI1m84iH5M8Y Boq0MA0GCSqGSIb3DQEBAQUABIIBAFlb0uw75g4ZCsNeHmu6cGBIrI1m84iH5M8Y
h6VbVpYvAPA/KiFDEtYIW4jVzcWrLuDPIwDsb5rhP3fqOJVBb+aPueeX+1O9+3kF h6VbVpYvAPA/KiFDEtYIW4jVzcWrLuDPIwDsb5rhP3fqOJVBb+aPueeX+1O9+3kF
2cbvhTGXV4ypzmLnflRUDcvJc48uin2W9r5jwnz8Hcqzh/hpxkhyjQ+A43PrkNei 2cbvhTGXV4ypzmLnflRUDcvJc48uin2W9r5jwnz8Hcqzh/hpxkhyjQ+A43PrkNei
skipping to change at page 91, line 29 skipping to change at page 95, line 19
JtC469RvCKnlH/kILA6OatQGzYfD/R51QtW3e14LZaJBr102f7oQFFswj1K11Cag JtC469RvCKnlH/kILA6OatQGzYfD/R51QtW3e14LZaJBr102f7oQFFswj1K11Cag
ucIj54+UQTm4PEMW2SXsWBgwykfLfl1Aimbfp4BF4by3vqcd5pURCG8+B/++tL+n ucIj54+UQTm4PEMW2SXsWBgwykfLfl1Aimbfp4BF4by3vqcd5pURCG8+B/++tL+n
DLxf02+KnPHZz6GRhhoGRoB0P4I98hC0/SqHMzbyLvsqDnOWesGUpzpka+JH0aTL DLxf02+KnPHZz6GRhhoGRoB0P4I98hC0/SqHMzbyLvsqDnOWesGUpzpka+JH0aTL
jxuSDtfR3oyEz6E2v/k66E3Uj5UaRVatOeow8AFZ67WTFmg9v+8yl5wTsw7pllMC jxuSDtfR3oyEz6E2v/k66E3Uj5UaRVatOeow8AFZ67WTFmg9v+8yl5wTsw7pllMC
PNTy2aju5CZ2qP71LA7EprQLjrjc5rloXBGx71VvVgs1iSss/Irwy3WoaI20kXv/ PNTy2aju5CZ2qP71LA7EprQLjrjc5rloXBGx71VvVgs1iSss/Irwy3WoaI20kXv/
d4vvl8mGy6Euha2Il+z8l5xCinZgdpf01YTboVBVa4NVhnvWIDihBp2BAIFLWq3e d4vvl8mGy6Euha2Il+z8l5xCinZgdpf01YTboVBVa4NVhnvWIDihBp2BAIFLWq3e
I/jpu2+jfPBfPX/9oizqDpQayelhtUdXTL94RRMHR/z8NxdqfJ8X8xOlxLjEZsZ8 I/jpu2+jfPBfPX/9oizqDpQayelhtUdXTL94RRMHR/z8NxdqfJ8X8xOlxLjEZsZ8
llPcVF7NcqciQEFfMJ7agW/FT6JTBqnwCGr0xXUXc6pRvZKi6qst1ReT7AmNmJS2 llPcVF7NcqciQEFfMJ7agW/FT6JTBqnwCGr0xXUXc6pRvZKi6qst1ReT7AmNmJS2
QBF5Rc2fX0e0qQjQEjaXmRymhxiH/sHslb8QNHFzgyw= QBF5Rc2fX0e0qQjQEjaXmRymhxiH/sHslb8QNHFzgyw=
A.3.7. S/MIME encrypted and signed reply over a simple message, Wrapped B.3.7. S/MIME encrypted and signed reply over a simple message, Wrapped
Message with hcp_minimal Message with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with message. It uses the Wrapped Message header protection scheme with
the hcp_minimal Header Confidentiality Policy. the hcp_minimal Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7605 bytes └─╴application/pkcs7-mime [smime.p7m] 7605 bytes
skipping to change at page 94, line 37 skipping to change at page 98, line 23
uIZgeibQy5/3hW5keuHgB1Q7134DgYMSSjj0C4PBvHnpSnuTjYPqgE6+D7UrNnbX uIZgeibQy5/3hW5keuHgB1Q7134DgYMSSjj0C4PBvHnpSnuTjYPqgE6+D7UrNnbX
x6PbWeP0soJxQfy3i26+flQ2yPZcNIOSzSulQdK36RTeOR7C2XcQhsivgBbsM35Q x6PbWeP0soJxQfy3i26+flQ2yPZcNIOSzSulQdK36RTeOR7C2XcQhsivgBbsM35Q
3E29rbMMFDfUzCZmdJNivvf+kvHID5I8RtX2p51YIQVcyItTunQkR9P/avTMBqyN 3E29rbMMFDfUzCZmdJNivvf+kvHID5I8RtX2p51YIQVcyItTunQkR9P/avTMBqyN
28vQlzFk3RtJrpOuy8m0nOfNue4VpUV35u3FdYIa6RkqLB8ZBiLcSFoi559B9czW 28vQlzFk3RtJrpOuy8m0nOfNue4VpUV35u3FdYIa6RkqLB8ZBiLcSFoi559B9czW
C6zz4GlpoHMNJbPN+dNbNFIoTeSi0dE0vHlP++Xo3phOC3bBcRxNwEoIExYwxxBS C6zz4GlpoHMNJbPN+dNbNFIoTeSi0dE0vHlP++Xo3phOC3bBcRxNwEoIExYwxxBS
uWGQBDNIdRHsYOVYSSiEx9QE0bOinnitTHLthPcpcE0yMQkl+diABJe/J5IBPee8 uWGQBDNIdRHsYOVYSSiEx9QE0bOinnitTHLthPcpcE0yMQkl+diABJe/J5IBPee8
O9sicjpgeFcIozBDz26njPOgLMl5o0xtKDsJ1tKloM2g9NpA2kjXy/4uW1iru69E O9sicjpgeFcIozBDz26njPOgLMl5o0xtKDsJ1tKloM2g9NpA2kjXy/4uW1iru69E
c592xssBoY3eEzoKdAOE2OHUBVnmA2v+kJc51y1BkY3YYi9LICEDPZvR0PTDl72o c592xssBoY3eEzoKdAOE2OHUBVnmA2v+kJc51y1BkY3YYi9LICEDPZvR0PTDl72o
cJY2hGykCCDvfrTBjTuvIB5KeKgMfJRJDMtGAfzPESCXOZcDr4pXX4im1japeGUx cJY2hGykCCDvfrTBjTuvIB5KeKgMfJRJDMtGAfzPESCXOZcDr4pXX4im1japeGUx
A.3.8. S/MIME encrypted and signed reply over a simple message, B.3.8. S/MIME encrypted and signed reply over a simple message,
Injected Headers with hcp_minimal Injected Headers with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_minimal Header Confidentiality Policy. the hcp_minimal Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7585 bytes └─╴application/pkcs7-mime [smime.p7m] 7585 bytes
skipping to change at page 97, line 40 skipping to change at page 101, line 26
fho7SD9SeBOnCsSxq1cOKaeWPl10Y001wUfI061oTbSya/tbNGgaE+pXzIbhKCvv fho7SD9SeBOnCsSxq1cOKaeWPl10Y001wUfI061oTbSya/tbNGgaE+pXzIbhKCvv
wOTZ6t3+12dhZ0mx9Ozo1pxslASescGr4MDQePR6lecDPdgU6cJZMCzMiKrbZC1M wOTZ6t3+12dhZ0mx9Ozo1pxslASescGr4MDQePR6lecDPdgU6cJZMCzMiKrbZC1M
lFlApbM5HdkJOGOAVxHvbBP5u5SSfu5GGDcjiVp27A8kLGB1x1JkFr/ayVqyi0Zn lFlApbM5HdkJOGOAVxHvbBP5u5SSfu5GGDcjiVp27A8kLGB1x1JkFr/ayVqyi0Zn
7QUQu85CxW0nxqFFkYxXfvWVpPvbzorPySEntj+ZmwdqB6asqBuHoW+WEVf/U4Sp 7QUQu85CxW0nxqFFkYxXfvWVpPvbzorPySEntj+ZmwdqB6asqBuHoW+WEVf/U4Sp
7YZ5c4Q6mP9/HZV3J+1b+BaFuuROp8lwuvYuITRpobOncr3+U4Pr77vdBbzYFm65 7YZ5c4Q6mP9/HZV3J+1b+BaFuuROp8lwuvYuITRpobOncr3+U4Pr77vdBbzYFm65
kR5uZgS38rm3DX54qlUhb7AeWPnwqtEIaJA3soThkk+J4/GAIDM46cQaJdPfXikq kR5uZgS38rm3DX54qlUhb7AeWPnwqtEIaJA3soThkk+J4/GAIDM46cQaJdPfXikq
AuZkkSOqjH0qEQR2gprYNTTakISQXK3os+aSrdScZq87W55RQ4bW+1pwZjCnlEI5 AuZkkSOqjH0qEQR2gprYNTTakISQXK3os+aSrdScZq87W55RQ4bW+1pwZjCnlEI5
zTgzG2iWGCaPHZvoCV0cv+Ln14a+rplNBoRDHhDuN5Vxnd8R3QFz7iL6WOW8XPUW zTgzG2iWGCaPHZvoCV0cv+Ln14a+rplNBoRDHhDuN5Vxnd8R3QFz7iL6WOW8XPUW
Vfhi1ZMHR8/e0rgqlF7nEw8B8XYydKsPRpYDnrjWOUA= Vfhi1ZMHR8/e0rgqlF7nEw8B8XYydKsPRpYDnrjWOUA=
A.3.9. S/MIME encrypted and signed reply over a simple message, B.3.9. S/MIME encrypted and signed reply over a simple message,
Injected Headers with hcp_minimal (+ Legacy Display) Injected Headers with hcp_minimal (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_minimal Header Confidentiality Policy with a "Legacy Display" the hcp_minimal Header Confidentiality Policy with a "Legacy Display"
part. part.
It has the following structure: It has the following structure:
skipping to change at page 101, line 11 skipping to change at page 105, line 5
XtOjGt4nY2KSaCtN/FMElqUilj3VtTmRRBzrjB8T9NpnfHSLbIgW9xevNHUeCZwB XtOjGt4nY2KSaCtN/FMElqUilj3VtTmRRBzrjB8T9NpnfHSLbIgW9xevNHUeCZwB
fgkpW+CjkywygPuogLtdq6tuqb5gE0GT9KBDRMTIlQYgdICvBnwDxVnAQreJ3HPH fgkpW+CjkywygPuogLtdq6tuqb5gE0GT9KBDRMTIlQYgdICvBnwDxVnAQreJ3HPH
VhpRkJ5Yav/37Yq9YF8RSM7XqPuZm+YgZElNMMTHBVKfE5cW50fFWaZLzZHjjS1L VhpRkJ5Yav/37Yq9YF8RSM7XqPuZm+YgZElNMMTHBVKfE5cW50fFWaZLzZHjjS1L
75nd9FFceSjzhLMVC8sC7oWZqGdQBpcNg/BYBAn2Stf81ipSpz9WBoqQzNcO25Wb 75nd9FFceSjzhLMVC8sC7oWZqGdQBpcNg/BYBAn2Stf81ipSpz9WBoqQzNcO25Wb
qyGxUQfDvto9TVrJe+/7bCFqZbwx6RKZDUAnfgC4hs//PKm8Ts3+suSkwzfEpxN7 qyGxUQfDvto9TVrJe+/7bCFqZbwx6RKZDUAnfgC4hs//PKm8Ts3+suSkwzfEpxN7
0cESXR3yioZNbkubxRXWzemAJzGn1G+Dk7MjoYQ3h6Pgjv7FJ2MDnmTDoJlL0jLI 0cESXR3yioZNbkubxRXWzemAJzGn1G+Dk7MjoYQ3h6Pgjv7FJ2MDnmTDoJlL0jLI
zYNMz6izuerW2r5m3PXfkhffU7mlwn7Bo/6mbR6ztrsTOm6CbjdlkjjdSq4cMmX3 zYNMz6izuerW2r5m3PXfkhffU7mlwn7Bo/6mbR6ztrsTOm6CbjdlkjjdSq4cMmX3
ZeUnehbRY/W4cGu9zMxJtNVGRTFAGV4zXGqjL8mTEHzA87OHf2BSJjOCM/V545U+ ZeUnehbRY/W4cGu9zMxJtNVGRTFAGV4zXGqjL8mTEHzA87OHf2BSJjOCM/V545U+
Td8ulTmmLG6hyNn3E+cL5Tinka/j92yxTzzUA2TU1uE= Td8ulTmmLG6hyNn3E+cL5Tinka/j92yxTzzUA2TU1uE=
A.3.10. S/MIME encrypted and signed reply over a simple message, B.3.10. S/MIME encrypted and signed reply over a simple message,
Wrapped Message with hcp_strong Wrapped Message with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with message. It uses the Wrapped Message header protection scheme with
the hcp_strong Header Confidentiality Policy. the hcp_strong Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7605 bytes └─╴application/pkcs7-mime [smime.p7m] 7605 bytes
skipping to change at page 101, line 34 skipping to change at page 105, line 28
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴message/rfc822 810 bytes └┬╴message/rfc822 810 bytes
└─╴text/plain 325 bytes └─╴text/plain 325 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example> Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:17:02 -0500 Date: Sat, 20 Feb 2021 10:17:02 -0500
MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIEzSE7YJfWjy0TMQGEfYcrcBw2uruGZw+/k Boq0MA0GCSqGSIb3DQEBAQUABIIBAIEzSE7YJfWjy0TMQGEfYcrcBw2uruGZw+/k
QaHXEcEFdwDSaKvAzEFoNN0xMpZ090ybC5MHqteYMRpaax43TsCnes6XevL7o7FV QaHXEcEFdwDSaKvAzEFoNN0xMpZ090ybC5MHqteYMRpaax43TsCnes6XevL7o7FV
gSMI6CCnmVlY2Dvj+oGPHkl/ZkFRPz+Hsrnvl65Fs19thjbtQ7LX9uKE8TBODLRF gSMI6CCnmVlY2Dvj+oGPHkl/ZkFRPz+Hsrnvl65Fs19thjbtQ7LX9uKE8TBODLRF
skipping to change at page 104, line 13 skipping to change at page 108, line 6
RIrSLm+guqcYPQJgRhAOEx1owEGqJqYoR4rmps7w/kAW7TrTrdXeXHLBbvavGtwo RIrSLm+guqcYPQJgRhAOEx1owEGqJqYoR4rmps7w/kAW7TrTrdXeXHLBbvavGtwo
rt0mrTfHPhPmsYbQz/4T7Lsm2k60TjGbSm8tGgBRydJI5ly45U/FpNXVgykgXBMF rt0mrTfHPhPmsYbQz/4T7Lsm2k60TjGbSm8tGgBRydJI5ly45U/FpNXVgykgXBMF
P+hJLVMvKgHehLCoxn5sBE5Zzf8/PrgZ6c1iG/iBXgnbMW0+yKUQ8sVLvp92YpY7 P+hJLVMvKgHehLCoxn5sBE5Zzf8/PrgZ6c1iG/iBXgnbMW0+yKUQ8sVLvp92YpY7
hKplcj7RKJL3HBxzUeuUhFGfaiq7MgpKm18vgnFXJoc/NL5N4eKLzn3TD0q/Xhid hKplcj7RKJL3HBxzUeuUhFGfaiq7MgpKm18vgnFXJoc/NL5N4eKLzn3TD0q/Xhid
5lpZgm3+6c/mDgS4RUIqtHaALsVQhoMGdrK2Tr1bi2VoKIhEOng9UF2WxQJiDNhr 5lpZgm3+6c/mDgS4RUIqtHaALsVQhoMGdrK2Tr1bi2VoKIhEOng9UF2WxQJiDNhr
VM99rYy6aX8H9bj70xYG+KtlO1fEjp0+S1OEfxeLCEi/DShQjPrEwumCW2dKz0Q1 VM99rYy6aX8H9bj70xYG+KtlO1fEjp0+S1OEfxeLCEi/DShQjPrEwumCW2dKz0Q1
7G2u+qo6Zcml9eJp5ZX4GPHrlImX4+ngp27/cNDQML/pHZrTbT+h2HZiDObED3if 7G2u+qo6Zcml9eJp5ZX4GPHrlImX4+ngp27/cNDQML/pHZrTbT+h2HZiDObED3if
Lj/pAB43Snah9bg7XoUWOE5lNQoOq6uSG+bUFsuuprFeekcs850DtaryNWzpi+4/ Lj/pAB43Snah9bg7XoUWOE5lNQoOq6uSG+bUFsuuprFeekcs850DtaryNWzpi+4/
5bScqoMawu64YqNq/1pSCXImEEab9nXtn6q4aPjhKHEAhWD73YR0nP3kV6XUn1yF 5bScqoMawu64YqNq/1pSCXImEEab9nXtn6q4aPjhKHEAhWD73YR0nP3kV6XUn1yF
A.3.11. S/MIME encrypted and signed reply over a simple message, B.3.11. S/MIME encrypted and signed reply over a simple message,
Injected Headers with hcp_strong Injected Headers with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_strong Header Confidentiality Policy. the hcp_strong Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7565 bytes └─╴application/pkcs7-mime [smime.p7m] 7565 bytes
skipping to change at page 104, line 35 skipping to change at page 108, line 28
└─╴application/pkcs7-mime [smime.p7m] 4592 bytes └─╴application/pkcs7-mime [smime.p7m] 4592 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 337 bytes └─╴text/plain 337 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example> Message-ID: <0b3ea6dd-0e91-5a91-9bc0-3d553f892983@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:18:02 -0500 Date: Sat, 20 Feb 2021 10:18:02 -0500
MIIVzAYJKoZIhvcNAQcDoIIVvTCCFbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIVzAYJKoZIhvcNAQcDoIIVvTCCFbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAD2qfM1qd/wlIn5/weLGjTIvhLXq8DBtZlBx Boq0MA0GCSqGSIb3DQEBAQUABIIBAD2qfM1qd/wlIn5/weLGjTIvhLXq8DBtZlBx
74LEO41mLd1hgnRYsPIWC2PtjkC/seobOuZC+CV58bybhtZc98t+SPFhw/rCzvKD 74LEO41mLd1hgnRYsPIWC2PtjkC/seobOuZC+CV58bybhtZc98t+SPFhw/rCzvKD
r+TYWJWJ5klGojWrmZJXuXFUA6GW1KvNQYQV2xkntNjeOe0dUY/UwXDXnV2hwOSz r+TYWJWJ5klGojWrmZJXuXFUA6GW1KvNQYQV2xkntNjeOe0dUY/UwXDXnV2hwOSz
skipping to change at page 107, line 14 skipping to change at page 111, line 7
t+RvY9aZhTTr7sFFDHOSlhOnRndzfOVj5u0iiKmdmk4NDMf/gIMq1kQ6m2/vjAEu t+RvY9aZhTTr7sFFDHOSlhOnRndzfOVj5u0iiKmdmk4NDMf/gIMq1kQ6m2/vjAEu
2H1p8DJ6XNsLCIZ4nwdqU5326tFOaeylTAcwSXox4M/23zzEHW20+DCSXn+GAd3v 2H1p8DJ6XNsLCIZ4nwdqU5326tFOaeylTAcwSXox4M/23zzEHW20+DCSXn+GAd3v
U0iN+AKsss6pGPFxzwwBzaWBIpCdXmzV1w3JOoLiHQOx2IHkGXXEeaNPDBOa2PoY U0iN+AKsss6pGPFxzwwBzaWBIpCdXmzV1w3JOoLiHQOx2IHkGXXEeaNPDBOa2PoY
G/vQRsJCv3vgeYHuq+oKiOORye1rLkFakmuSZjgG2Wo05B5tapxMHoW4plyNDDPJ G/vQRsJCv3vgeYHuq+oKiOORye1rLkFakmuSZjgG2Wo05B5tapxMHoW4plyNDDPJ
0cezb1xnqbDkceXcHa+nTeCouRCqd/P6YVz5ocD4BIdSwrda5GX+6U0bl/e+IDoP 0cezb1xnqbDkceXcHa+nTeCouRCqd/P6YVz5ocD4BIdSwrda5GX+6U0bl/e+IDoP
pHWKijdsU3DAM+uCJrE9EwZHDrkW2qL/Spp9AhtbdMsugaIqVuuTQyCWhoK+wpz7 pHWKijdsU3DAM+uCJrE9EwZHDrkW2qL/Spp9AhtbdMsugaIqVuuTQyCWhoK+wpz7
wjCdyk1XEMoCfQ8PAS1RyaSUz7fYAsIk9P+FZ6qwyvM9zhmvFQcNoj3E5ObIq18H wjCdyk1XEMoCfQ8PAS1RyaSUz7fYAsIk9P+FZ6qwyvM9zhmvFQcNoj3E5ObIq18H
GezlvPOeoDwieqKamAHWkEwefrUb6X4IK9w8dBJrYQgCjnwPq9G0dWu+MbbP8xwE GezlvPOeoDwieqKamAHWkEwefrUb6X4IK9w8dBJrYQgCjnwPq9G0dWu+MbbP8xwE
w7LgVMRJKMMDllquSaKDrQ== w7LgVMRJKMMDllquSaKDrQ==
A.3.12. S/MIME encrypted and signed reply over a simple message, B.3.12. S/MIME encrypted and signed reply over a simple message,
Injected Headers with hcp_strong (+ Legacy Display) Injected Headers with hcp_strong (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_strong Header Confidentiality Policy with a "Legacy Display" the hcp_strong Header Confidentiality Policy with a "Legacy Display"
part. part.
It has the following structure: It has the following structure:
skipping to change at page 107, line 39 skipping to change at page 111, line 32
└┬╴multipart/mixed 1075 bytes └┬╴multipart/mixed 1075 bytes
├─╴text/plain 56 bytes ├─╴text/plain 56 bytes
└─╴text/plain 373 bytes └─╴text/plain 373 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <27139e00-e05f-581d-a339-d2bd43bd0f42@lhp.example> Message-ID: <b10dcc75-cf43-5fd7-9e48-f932a9d68fb5@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500 Date: Sat, 20 Feb 2021 10:19:02 -0500
MIIXfAYJKoZIhvcNAQcDoIIXbTCCF2kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIXfAYJKoZIhvcNAQcDoIIXbTCCF2kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGqHqgj1xSnDA+I9w1gM5jscfj+VbIfCbhnx Boq0MA0GCSqGSIb3DQEBAQUABIIBAGqHqgj1xSnDA+I9w1gM5jscfj+VbIfCbhnx
X0JP91o2lvOWKQP/faiuh+g/m0aWux3LmKbFTmeqI1GthooqMKdrsneFFPkq2YVr X0JP91o2lvOWKQP/faiuh+g/m0aWux3LmKbFTmeqI1GthooqMKdrsneFFPkq2YVr
t/bKwwt9r/BHWX7YmC4IaUEt58wY5EpJjyNgxTS6W5rYW0L7Or1u4VavRwDQy6UB t/bKwwt9r/BHWX7YmC4IaUEt58wY5EpJjyNgxTS6W5rYW0L7Or1u4VavRwDQy6UB
skipping to change at page 110, line 27 skipping to change at page 114, line 20
KBXW42iEw0ubD12cIKq3CuuTTYSQj+lIDxgNddD8T+WmPRWP+Oi7dLqGoJXRZyaT KBXW42iEw0ubD12cIKq3CuuTTYSQj+lIDxgNddD8T+WmPRWP+Oi7dLqGoJXRZyaT
RL0lj92WZ2h+/3P60RwV1+D4zc1x4ptNRG/KV5UVI9rjq801dLEZjayHDm4/Wnse RL0lj92WZ2h+/3P60RwV1+D4zc1x4ptNRG/KV5UVI9rjq801dLEZjayHDm4/Wnse
raZJV5bFsui/N+MyODq9WTDlHF5GgxAa8Lyc+muDOPOQffIccX+YfaL0aBueXemV raZJV5bFsui/N+MyODq9WTDlHF5GgxAa8Lyc+muDOPOQffIccX+YfaL0aBueXemV
TrVyq9wE+EXFj9V67c/9iGMVqhjT1Fvq0kCP7ROlPBnJIwO2SzMWKjQLpE0rLZ5g TrVyq9wE+EXFj9V67c/9iGMVqhjT1Fvq0kCP7ROlPBnJIwO2SzMWKjQLpE0rLZ5g
nmb6Ii3qM79NNCZHAPMkbdvRGkCfURrR+s/Yi0GXRcF0oT2h8eIwTR9xTFgDFtcT nmb6Ii3qM79NNCZHAPMkbdvRGkCfURrR+s/Yi0GXRcF0oT2h8eIwTR9xTFgDFtcT
lQgVNoS2UcJYJ5k/+q+WQRtRkX39ATSR0HuO2Xfi76p/TnLOqzIKVeesB1BIs4Fo lQgVNoS2UcJYJ5k/+q+WQRtRkX39ATSR0HuO2Xfi76p/TnLOqzIKVeesB1BIs4Fo
DYoG3nvcSItb/G3wLrkryWtRbktpBaEHIDtYrWtITkM2sx6qjQuBmk9NdRQtIfch DYoG3nvcSItb/G3wLrkryWtRbktpBaEHIDtYrWtITkM2sx6qjQuBmk9NdRQtIfch
u6MSTmNwqpKIj0rSJ4h/IV5pC9FGxrvF0bVqMU0+CzXHOjjfa+XQWPEZAT1ijOQA u6MSTmNwqpKIj0rSJ4h/IV5pC9FGxrvF0bVqMU0+CzXHOjjfa+XQWPEZAT1ijOQA
x8UuwNnS1G6MeJGd5oXIzA== x8UuwNnS1G6MeJGd5oXIzA==
A.3.13. S/MIME encrypted and signed over a complex message, Wrapped B.3.13. S/MIME encrypted and signed over a complex message, Wrapped
Message with hcp_minimal Message with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_minimal Header Wrapped Message header protection scheme with the hcp_minimal Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 114, line 17 skipping to change at page 118, line 9
efUOVSINU+FmK8s0hMsgbJ/hY1yWGkhkL41wrcfvYfkt+Iwv0wzH0Rpan+9zC953 efUOVSINU+FmK8s0hMsgbJ/hY1yWGkhkL41wrcfvYfkt+Iwv0wzH0Rpan+9zC953
/KIAvVqO6BK1BQfpYh5u/hOJ/tBC+wz7uReLT/q5qfZrP+bRvvQoApGKZHkWczif /KIAvVqO6BK1BQfpYh5u/hOJ/tBC+wz7uReLT/q5qfZrP+bRvvQoApGKZHkWczif
9wBhsM1cEPWfpDDIhTYdAsG7JFAaznlhb2II7n6g0CXiLP9pNktsLD50oJ9p9RVv 9wBhsM1cEPWfpDDIhTYdAsG7JFAaznlhb2II7n6g0CXiLP9pNktsLD50oJ9p9RVv
0bvGc9Ag9x9gTQBOiAqFeT8Ifk9gEfKKUpbpdHYlwiEKBNEvboJ5Q1KROb56OgaI 0bvGc9Ag9x9gTQBOiAqFeT8Ifk9gEfKKUpbpdHYlwiEKBNEvboJ5Q1KROb56OgaI
gm3i3+Q6lIibNQub39Xdka+zl8NVBf5id0zTjZpFt85/7TGvHGCNuGudW79Jl17p gm3i3+Q6lIibNQub39Xdka+zl8NVBf5id0zTjZpFt85/7TGvHGCNuGudW79Jl17p
TFXMattXtTHGEuAlWlqRKYoFPZpLMynTLsTT5z+gqHIAgURgTOMa9YY7+7QsNLXb TFXMattXtTHGEuAlWlqRKYoFPZpLMynTLsTT5z+gqHIAgURgTOMa9YY7+7QsNLXb
8et3eNsg5E/cAgzt0OJO/hpkQ0fL5k4dB6DTiJrwEMiedvp7cTeHPtlOdMa/KDge 8et3eNsg5E/cAgzt0OJO/hpkQ0fL5k4dB6DTiJrwEMiedvp7cTeHPtlOdMa/KDge
Mqk0daemNTOUbk3Vsj2s3SfS7BpDTnulb7/1U0Ti4oMF1Eerc7fb91dOhsKkh+13 Mqk0daemNTOUbk3Vsj2s3SfS7BpDTnulb7/1U0Ti4oMF1Eerc7fb91dOhsKkh+13
fRAIhT6rto+gbnDKGQffeQ== fRAIhT6rto+gbnDKGQffeQ==
A.3.14. S/MIME encrypted and signed over a complex message, Injected B.3.14. S/MIME encrypted and signed over a complex message, Injected
Headers with hcp_minimal Headers with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_minimal Header Injected Headers header protection scheme with the hcp_minimal Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 118, line 5 skipping to change at page 122, line 5
IrJ5U9LqJLoluggC/4wuxCziXCRXLz7nT4UhxYqG8ZoJ9rjHtf2t1EbmpmT00D+S IrJ5U9LqJLoluggC/4wuxCziXCRXLz7nT4UhxYqG8ZoJ9rjHtf2t1EbmpmT00D+S
71rAVNUg7Oep6ucSAR0gPQEA6T1sYehVYmIkz0QIJpQVP/Ls9ArZCkVpsmLoVhyu 71rAVNUg7Oep6ucSAR0gPQEA6T1sYehVYmIkz0QIJpQVP/Ls9ArZCkVpsmLoVhyu
+pU/HIn6mLmmnqSlAYl38M8F8xjNX8UsOEuJ1X62coaGREi0FWgmti6rnzzYx0DQ +pU/HIn6mLmmnqSlAYl38M8F8xjNX8UsOEuJ1X62coaGREi0FWgmti6rnzzYx0DQ
8dsaQCHtZR+7+tgxYGrBls6PWxpP2gjwk2u/5kDiirRfIMhvke1ZKLmwK/DvlhSI 8dsaQCHtZR+7+tgxYGrBls6PWxpP2gjwk2u/5kDiirRfIMhvke1ZKLmwK/DvlhSI
p25G88scGcwUoLhsIzPSfFHoYEIG9MPAS+CJgbiKqljpyhMZoKfsHXyHRdf9YrmZ p25G88scGcwUoLhsIzPSfFHoYEIG9MPAS+CJgbiKqljpyhMZoKfsHXyHRdf9YrmZ
bemiWCBmwQK5J9zAcR8l5ULfkVC3kxgkdHff4hXsf2U08D+oANABAxDhxZFNMIvy bemiWCBmwQK5J9zAcR8l5ULfkVC3kxgkdHff4hXsf2U08D+oANABAxDhxZFNMIvy
d6HCmDdxtzdeUNcHF9XTJ/YGme8gsU0PJ1dPBsMPS0lBw2TXJAkHmY01meT8/r0v d6HCmDdxtzdeUNcHF9XTJ/YGme8gsU0PJ1dPBsMPS0lBw2TXJAkHmY01meT8/r0v
r2uYdPt44EwrLtWonChUe1LwMWeK0D4soADI2Gc+cGxt/CWTFRFbULZF4BRc+1N9 r2uYdPt44EwrLtWonChUe1LwMWeK0D4soADI2Gc+cGxt/CWTFRFbULZF4BRc+1N9
xKgCvub2mwWSwCGP4tHGKWpAaoTX2b6uP5Kb7N7HDRE= xKgCvub2mwWSwCGP4tHGKWpAaoTX2b6uP5Kb7N7HDRE=
A.3.15. S/MIME encrypted and signed over a complex message, Injected B.3.15. S/MIME encrypted and signed over a complex message, Injected
Headers with hcp_minimal (+ Legacy Display) Headers with hcp_minimal (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_minimal Header Injected Headers header protection scheme with the hcp_minimal Header
Confidentiality Policy with a "Legacy Display" part. Confidentiality Policy with a "Legacy Display" part.
It has the following structure: It has the following structure:
skipping to change at page 122, line 5 skipping to change at page 126, line 5
jVnx7oQmlzeLpfpWcFZbJ3NmLBb/Y/QmMlmoEtYbakYkbLYgB2DMrBdM3hN7Bwi3 jVnx7oQmlzeLpfpWcFZbJ3NmLBb/Y/QmMlmoEtYbakYkbLYgB2DMrBdM3hN7Bwi3
8VM3WUes9gb1xvz3X4IEVL6Z2cAJDlxgyyFD6dtFlvfc/ONoZXF+pydrWQAalxQZ 8VM3WUes9gb1xvz3X4IEVL6Z2cAJDlxgyyFD6dtFlvfc/ONoZXF+pydrWQAalxQZ
uDZLKo+pdGkVZC5bHtHQd5tc2EmWiNawzK04KhEVkYTbO2KIYWQvwoN0aiDZEY40 uDZLKo+pdGkVZC5bHtHQd5tc2EmWiNawzK04KhEVkYTbO2KIYWQvwoN0aiDZEY40
Gb4Pf9kUUMCI0T/uG75DqVrjIvNooNPWOUvE5PuVN1sK7vK9sKxzhHgyElygOCRl Gb4Pf9kUUMCI0T/uG75DqVrjIvNooNPWOUvE5PuVN1sK7vK9sKxzhHgyElygOCRl
VOzHKuB787LgfyXrHlTfY2PEIOKCqa4FuYYT8WTG/NtgqVjDE2yCZsHu/qUXSe+9 VOzHKuB787LgfyXrHlTfY2PEIOKCqa4FuYYT8WTG/NtgqVjDE2yCZsHu/qUXSe+9
EwfhEUDwS3np2N9dwcMUNZKvefeOnc/7D57Z5xCvsioU2yns/NGMlbewMpbVaDjK EwfhEUDwS3np2N9dwcMUNZKvefeOnc/7D57Z5xCvsioU2yns/NGMlbewMpbVaDjK
08G9pfLq3EDTU0Jw7iAZgG2duaIouYgQS1uursITbg2npAD42JbQ5iebrRUE650s 08G9pfLq3EDTU0Jw7iAZgG2duaIouYgQS1uursITbg2npAD42JbQ5iebrRUE650s
z2rLkM+/7/tz6TWhUbcIJv1BbP5M+xvnWwCCzvm05Rm8CrLzgb+7jFbYHDIaaYPE z2rLkM+/7/tz6TWhUbcIJv1BbP5M+xvnWwCCzvm05Rm8CrLzgb+7jFbYHDIaaYPE
gfGxSiuIXxBYyTAWPj9iIiHuCwr1BBw71VY3U2gRqxk= gfGxSiuIXxBYyTAWPj9iIiHuCwr1BBw71VY3U2gRqxk=
A.3.16. S/MIME encrypted and signed over a complex message, Wrapped B.3.16. S/MIME encrypted and signed over a complex message, Wrapped
Message with hcp_strong Message with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_strong Header Wrapped Message header protection scheme with the hcp_strong Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 122, line 33 skipping to change at page 126, line 33
│├─╴text/plain 373 bytes │├─╴text/plain 373 bytes
│└─╴text/html 457 bytes │└─╴text/html 457 bytes
└─╴image/png inline 232 bytes └─╴image/png inline 232 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <0b3ea6dd-0e91-5a91-9bc0-3d553f892983@lhp.example> Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:11:02 -0500 Date: Sat, 20 Feb 2021 12:11:02 -0500
MIIbLAYJKoZIhvcNAQcDoIIbHTCCGxkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIbLAYJKoZIhvcNAQcDoIIbHTCCGxkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACjMzFIXlc3EbymBS0JPbwPNsuC8oupYKV2Z Boq0MA0GCSqGSIb3DQEBAQUABIIBACjMzFIXlc3EbymBS0JPbwPNsuC8oupYKV2Z
zEPTKjXpbK6gAq2DHXW+UN6VxRnuK5og8/5A6CH1qssj4VvZFE9BYmVtXBQzdSYg zEPTKjXpbK6gAq2DHXW+UN6VxRnuK5og8/5A6CH1qssj4VvZFE9BYmVtXBQzdSYg
UB1lOVwT16EfEhaHMPlw2rZ6F7hnMApYrpiH3oMNzDF3L3AOMRwwu4botbDl2ONY UB1lOVwT16EfEhaHMPlw2rZ6F7hnMApYrpiH3oMNzDF3L3AOMRwwu4botbDl2ONY
skipping to change at page 125, line 39 skipping to change at page 129, line 39
KwuRnMKbysO6rwIevDe1wa9JqBmqJFGteKqkdGzlaHMJTw9ehprhKrRAjf3aJ15C KwuRnMKbysO6rwIevDe1wa9JqBmqJFGteKqkdGzlaHMJTw9ehprhKrRAjf3aJ15C
xS3AiWc7guUeZiS/pN+DYpgX8HuFTuyf2FxEiDdLFFa0A6ozlq09CzQ3i6OYjQcO xS3AiWc7guUeZiS/pN+DYpgX8HuFTuyf2FxEiDdLFFa0A6ozlq09CzQ3i6OYjQcO
4fckHJD2PyoaQ3bbHdiEp/UNqq5OrAHSpVlqCCcN/gkTAZun5mNEZ96Yru16QrUw 4fckHJD2PyoaQ3bbHdiEp/UNqq5OrAHSpVlqCCcN/gkTAZun5mNEZ96Yru16QrUw
jwXRwRff4Fhtux5WQklxflspTTPkQWG33X3WELecjw0abCYo4gcpD1kTjb74LmhB jwXRwRff4Fhtux5WQklxflspTTPkQWG33X3WELecjw0abCYo4gcpD1kTjb74LmhB
eO9t8/YCMC0Di96YRHTvsux9qLFeYzI7J/hSeVm8G2ho7/McWU1q2jQMhdF4e1vv eO9t8/YCMC0Di96YRHTvsux9qLFeYzI7J/hSeVm8G2ho7/McWU1q2jQMhdF4e1vv
G/pjZpCRUj9jfSCGoA9Yu05C/ifkS6p41mt1z1SrE0ttXYGYYgTLZzCR/XsyCHSO G/pjZpCRUj9jfSCGoA9Yu05C/ifkS6p41mt1z1SrE0ttXYGYYgTLZzCR/XsyCHSO
rLxSXEp59N+Onc48lbgEpcpN3Z0Cf+bOPYIODGfLwRorwoqJpG+cv4UJQfj2ZX9A rLxSXEp59N+Onc48lbgEpcpN3Z0Cf+bOPYIODGfLwRorwoqJpG+cv4UJQfj2ZX9A
bhBfC4dD0ZlqMAhBjK1zvfDDjafmY/5CD3xfTqPDxKTDjW/UVShgxuLn/Ida0NAA bhBfC4dD0ZlqMAhBjK1zvfDDjafmY/5CD3xfTqPDxKTDjW/UVShgxuLn/Ida0NAA
pAcZk4SNuLYBM4uG+YEl6ddJfuzndZgKOb4MbCPu34rRIF9AWBNu8P1Gca5dlzuK pAcZk4SNuLYBM4uG+YEl6ddJfuzndZgKOb4MbCPu34rRIF9AWBNu8P1Gca5dlzuK
A.3.17. S/MIME encrypted and signed over a complex message, Injected B.3.17. S/MIME encrypted and signed over a complex message, Injected
Headers with hcp_strong Headers with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_strong Header Injected Headers header protection scheme with the hcp_strong Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 126, line 21 skipping to change at page 130, line 21
│├─╴text/plain 385 bytes │├─╴text/plain 385 bytes
│└─╴text/html 466 bytes │└─╴text/html 466 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <b10dcc75-cf43-5fd7-9e48-f932a9d68fb5@lhp.example> Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500 Date: Sat, 20 Feb 2021 12:12:02 -0500
MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACg5SAEbJdRyrU8Bf5P1nTcvjMySeblcbXsC Boq0MA0GCSqGSIb3DQEBAQUABIIBACg5SAEbJdRyrU8Bf5P1nTcvjMySeblcbXsC
SPaTgaVlplQQBJ8FmEBqzqelnX/JRwlJblVRu3LpDq0jaXSvJOnU0G9n1uuVbwIO SPaTgaVlplQQBJ8FmEBqzqelnX/JRwlJblVRu3LpDq0jaXSvJOnU0G9n1uuVbwIO
g2rKZmzj1nR3GUfnvVip5f7hfxCXtdIkTW2nxYrhrlMuOCSn8vhIg1vaZNKflzwl g2rKZmzj1nR3GUfnvVip5f7hfxCXtdIkTW2nxYrhrlMuOCSn8vhIg1vaZNKflzwl
skipping to change at page 129, line 28 skipping to change at page 133, line 28
LWWT4esu7njEbX7Ni4zIjhBlynqL+qecT5kB8ipGeql6+Js2iKNsi1HYQ+hTt4Xz LWWT4esu7njEbX7Ni4zIjhBlynqL+qecT5kB8ipGeql6+Js2iKNsi1HYQ+hTt4Xz
k/sEobzFVLp6yWNpa0ZqyY7RTLcb3OJUM+KCgSftZd6FWi7M1cPn7PUWG+Hdof/R k/sEobzFVLp6yWNpa0ZqyY7RTLcb3OJUM+KCgSftZd6FWi7M1cPn7PUWG+Hdof/R
dxOt/PaXDxNYEK9yrcVWP4yurQ1YS+0oXzpmuAMQIbWvQki+tr0JcpsKnUxcvvsH dxOt/PaXDxNYEK9yrcVWP4yurQ1YS+0oXzpmuAMQIbWvQki+tr0JcpsKnUxcvvsH
ZFxZ02bTi73DCFCSWK00j8j5IVbvrRBvtgkVOAl4c5WU34sh6nwJPPBTeO002wFE ZFxZ02bTi73DCFCSWK00j8j5IVbvrRBvtgkVOAl4c5WU34sh6nwJPPBTeO002wFE
VgO2F6dPTTys/6D9eOzd3yb3aEJ9PNFhpzY4uhS3TBWhEcuyJlpus8ximdQjwjlQ VgO2F6dPTTys/6D9eOzd3yb3aEJ9PNFhpzY4uhS3TBWhEcuyJlpus8ximdQjwjlQ
IgvT1ty1v2SRJLA8gVY8cmR6yn6KEL2lc2PsclF6zjYZd6khKSyrBBu7ZceIo78Q IgvT1ty1v2SRJLA8gVY8cmR6yn6KEL2lc2PsclF6zjYZd6khKSyrBBu7ZceIo78Q
bnPly68qrr8l7x/DxYHFJ6pwZ8LYPg8XkZb4k3TmLZrA4ys3a81R5RKHkwmc9qAI bnPly68qrr8l7x/DxYHFJ6pwZ8LYPg8XkZb4k3TmLZrA4ys3a81R5RKHkwmc9qAI
kyNSd6lJLMeD2IMC7rxCupV/dIJZ2cIjH/46ZTOTB4jADtrHN1SjeFWOqnHhjKr+ kyNSd6lJLMeD2IMC7rxCupV/dIJZ2cIjH/46ZTOTB4jADtrHN1SjeFWOqnHhjKr+
naZLCDk2EcSquYtna4J4BvyQXdcebEz8/zSNK6jS1v8= naZLCDk2EcSquYtna4J4BvyQXdcebEz8/zSNK6jS1v8=
A.3.18. S/MIME encrypted and signed over a complex message, Injected B.3.18. S/MIME encrypted and signed over a complex message, Injected
Headers with hcp_strong (+ Legacy Display) Headers with hcp_strong (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_strong Header Injected Headers header protection scheme with the hcp_strong Header
Confidentiality Policy with a "Legacy Display" part. Confidentiality Policy with a "Legacy Display" part.
It has the following structure: It has the following structure:
skipping to change at page 130, line 9 skipping to change at page 134, line 9
│├─╴text/plain 421 bytes │├─╴text/plain 421 bytes
│└─╴text/html 502 bytes │└─╴text/html 502 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example> Message-ID: <9cfcaae2-9fec-5aca-9a29-c98da35b262d@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500 Date: Sat, 20 Feb 2021 12:13:02 -0500
MIIdHAYJKoZIhvcNAQcDoIIdDTCCHQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIdHAYJKoZIhvcNAQcDoIIdDTCCHQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEWYkOXbozCgn9S8iXQC0gutDVG0YPIJVm7k Boq0MA0GCSqGSIb3DQEBAQUABIIBAEWYkOXbozCgn9S8iXQC0gutDVG0YPIJVm7k
oS/9bJiQJUvaRNUw+Nj5QB2RYBoyUkAYI2JX/1q8PUAHH9KfUR6EOHkMWMYjZNZD oS/9bJiQJUvaRNUw+Nj5QB2RYBoyUkAYI2JX/1q8PUAHH9KfUR6EOHkMWMYjZNZD
cEOKyz0lFkhUUL2hW4NtriRalYxcQoQb5lbQpBIm9sSSxSUPLOVfDCKWVtfezLtG cEOKyz0lFkhUUL2hW4NtriRalYxcQoQb5lbQpBIm9sSSxSUPLOVfDCKWVtfezLtG
skipping to change at page 133, line 26 skipping to change at page 137, line 26
XaaRuKREGzxvPqeTlg6jZu4XuPDwE3zb1vQudey71NDSy5iccWd1aqXDyVxvslwy XaaRuKREGzxvPqeTlg6jZu4XuPDwE3zb1vQudey71NDSy5iccWd1aqXDyVxvslwy
I2srfh1W8v/y6yIQuuwi90/3fD76LInAYUrrr8d12hNdq6sLmrm97vy8Bj1LgLKw I2srfh1W8v/y6yIQuuwi90/3fD76LInAYUrrr8d12hNdq6sLmrm97vy8Bj1LgLKw
WlNU15UOIJg3rQ58tfpPt0G2ViULWhYgzS8vQqCsyMExwODbnUUPz4x3RId1lYRh WlNU15UOIJg3rQ58tfpPt0G2ViULWhYgzS8vQqCsyMExwODbnUUPz4x3RId1lYRh
p0HIVCVIhJm0mA8IxdttmyD7uPdzaSNNtgHb42q3GhRUQuSDvRumJWastCC4d+bs p0HIVCVIhJm0mA8IxdttmyD7uPdzaSNNtgHb42q3GhRUQuSDvRumJWastCC4d+bs
mPjNST59uJgARWKQJXskVRPB0UUW4nmof/AFzI5hcmMsLTWDasaJdQkJlJjib/Mf mPjNST59uJgARWKQJXskVRPB0UUW4nmof/AFzI5hcmMsLTWDasaJdQkJlJjib/Mf
AUTEGQ728gzYwnD/NTvGr2NjcmCzI+O+MW76ACBWrNlLJNssqC0PQ4hDOhk5yRv1 AUTEGQ728gzYwnD/NTvGr2NjcmCzI+O+MW76ACBWrNlLJNssqC0PQ4hDOhk5yRv1
RMm7qU3RoJ7lRP5Jcv2q1Ttw5zd6FIHBwQmltm/Y6MKQkkPdto7boCm0Zom+xW/Y RMm7qU3RoJ7lRP5Jcv2q1Ttw5zd6FIHBwQmltm/Y6MKQkkPdto7boCm0Zom+xW/Y
+AnlYDu5cR07uOnX3sYcOp+hye6uWL+IwdDDjZ7aXA/rAj0c1X3A8PAJIkp+o7zs +AnlYDu5cR07uOnX3sYcOp+hye6uWL+IwdDDjZ7aXA/rAj0c1X3A8PAJIkp+o7zs
Gd0+hXYLrw1ooZzXU7ujig== Gd0+hXYLrw1ooZzXU7ujig==
A.3.19. S/MIME encrypted and signed reply over a complex message, B.3.19. S/MIME encrypted and signed reply over a complex message,
Wrapped Message with hcp_minimal Wrapped Message with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_minimal Header Wrapped Message header protection scheme with the hcp_minimal Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 137, line 25 skipping to change at page 141, line 25
ap+5+Uzl38mqbjwHq/SqhzOzdx0G0duvGc8sX5PWUOCyN8qDn5w7HJT/owvsCQa1 ap+5+Uzl38mqbjwHq/SqhzOzdx0G0duvGc8sX5PWUOCyN8qDn5w7HJT/owvsCQa1
Z5BQUwmHmnCskr6QzUnXKe2pK4f4udI2996Y0E1ka0OClffCsNAmVDd3QhjvOE3M Z5BQUwmHmnCskr6QzUnXKe2pK4f4udI2996Y0E1ka0OClffCsNAmVDd3QhjvOE3M
C3S09VCYNAjEdO5QsENSGfdp3+xtH2JhpQUaZPuQUVUUYn4bl2q0oyAdKYnjvGtj C3S09VCYNAjEdO5QsENSGfdp3+xtH2JhpQUaZPuQUVUUYn4bl2q0oyAdKYnjvGtj
ag3O8gXaBJB7yu45KE58jPOgokCapn1jykmKkg5iqNla68oUqW/4V4u8EJuzY2Xm ag3O8gXaBJB7yu45KE58jPOgokCapn1jykmKkg5iqNla68oUqW/4V4u8EJuzY2Xm
ZgLL1iOuHYsGGCktPwR3YpFPEd2/t/lmE5pEUyGWD0lRX689zahgvF1ez+sRkm9T ZgLL1iOuHYsGGCktPwR3YpFPEd2/t/lmE5pEUyGWD0lRX689zahgvF1ez+sRkm9T
/dqT/26HERXw+hzdM7PvTdL+9HBkJLO149x0o2WlYLQCo1yc6MWs1ucM5nWiggN+ /dqT/26HERXw+hzdM7PvTdL+9HBkJLO149x0o2WlYLQCo1yc6MWs1ucM5nWiggN+
rdYvFODbhCZKqJXf3L2n4yO9i87wPRQI7VAVRS8A9Yn9zbMT/7xPwdJzOet61O9a rdYvFODbhCZKqJXf3L2n4yO9i87wPRQI7VAVRS8A9Yn9zbMT/7xPwdJzOet61O9a
P6iBenWdJFJOurnLi4d3lq/Nce21G3eTLlBy3iNo/B/edQbl7L/K/GZ2hdGe3xqL P6iBenWdJFJOurnLi4d3lq/Nce21G3eTLlBy3iNo/B/edQbl7L/K/GZ2hdGe3xqL
EhuVvdmkaOS8RUjAg3ZR5ch7FBGgGFQDZgHdlBS9YNzIhMhLvBpdBaRD1uYX26s7 EhuVvdmkaOS8RUjAg3ZR5ch7FBGgGFQDZgHdlBS9YNzIhMhLvBpdBaRD1uYX26s7
A.3.20. S/MIME encrypted and signed reply over a complex message, B.3.20. S/MIME encrypted and signed reply over a complex message,
Injected Headers with hcp_minimal Injected Headers with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_minimal Header Injected Headers header protection scheme with the hcp_minimal Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 141, line 26 skipping to change at page 145, line 26
2dMW0WXIaHCmqPGvg7jEa6iuJI5aOlf0/4xJeqDGfCHR2Rgv5z5K3P7McigBW/ty 2dMW0WXIaHCmqPGvg7jEa6iuJI5aOlf0/4xJeqDGfCHR2Rgv5z5K3P7McigBW/ty
+HAMHnaCLkJ8D/mBDe3ss+INPxnWPti8Dgo4Xrot1hTrdTxopSw13iG5F3i7fXuL +HAMHnaCLkJ8D/mBDe3ss+INPxnWPti8Dgo4Xrot1hTrdTxopSw13iG5F3i7fXuL
8ZKQFnWbzFUnhg2ZD7ODrOpjI0/pEe0C6H/Xs2ZpZj4yyhjrA7bHvNXis4D3pF1r 8ZKQFnWbzFUnhg2ZD7ODrOpjI0/pEe0C6H/Xs2ZpZj4yyhjrA7bHvNXis4D3pF1r
XbfBYGttazBT8UpAMo1jrUqP4lQ79nBKaTn+nvLD8hpARG1IYiSUe/VMpRLyJ+1J XbfBYGttazBT8UpAMo1jrUqP4lQ79nBKaTn+nvLD8hpARG1IYiSUe/VMpRLyJ+1J
Tk+jwqMrD00wALSsoGM5pgA8CWWIAZGz6T5YXkZxI5ArGJd4bj0YR8g7kUI/TYfn Tk+jwqMrD00wALSsoGM5pgA8CWWIAZGz6T5YXkZxI5ArGJd4bj0YR8g7kUI/TYfn
sMZcROMB31ts24gfQJLWAqYbLI01rf0DH48FTzhE09ZHDDNO0kolViosU8i8HTI+ sMZcROMB31ts24gfQJLWAqYbLI01rf0DH48FTzhE09ZHDDNO0kolViosU8i8HTI+
xL8J3luyoECvcHSQKXXNLdV56bYrFm0p+KeclsKH8kE9rQlBfLaoO5TOhwgGZxgO xL8J3luyoECvcHSQKXXNLdV56bYrFm0p+KeclsKH8kE9rQlBfLaoO5TOhwgGZxgO
g3FFo5gLqwtlasf+hXU8ZJanCjUEh1WBjtZ+AwLqMjJtsDyswvxr+c9/WET+4z8H g3FFo5gLqwtlasf+hXU8ZJanCjUEh1WBjtZ+AwLqMjJtsDyswvxr+c9/WET+4z8H
BvdgLI+cdV+sKOi+2EJ3Vg== BvdgLI+cdV+sKOi+2EJ3Vg==
A.3.21. S/MIME encrypted and signed reply over a complex message, B.3.21. S/MIME encrypted and signed reply over a complex message,
Injected Headers with hcp_minimal (+ Legacy Display) Injected Headers with hcp_minimal (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_minimal Header Injected Headers header protection scheme with the hcp_minimal Header
Confidentiality Policy with a "Legacy Display" part. Confidentiality Policy with a "Legacy Display" part.
It has the following structure: It has the following structure:
skipping to change at page 145, line 35 skipping to change at page 149, line 35
q0LdDURt5qXmNDx5+GDiaK85QZ3KyKvhKkd1Bqn/GP87dAc4kk3T8fgTEnh3TOXq q0LdDURt5qXmNDx5+GDiaK85QZ3KyKvhKkd1Bqn/GP87dAc4kk3T8fgTEnh3TOXq
9ie1lpOQsUgrg6ad7jDku5N54QLEoJbKtw++9HtQhpjNWemYMnR+WK3Rh6ZGjij0 9ie1lpOQsUgrg6ad7jDku5N54QLEoJbKtw++9HtQhpjNWemYMnR+WK3Rh6ZGjij0
hulTG4WkDkLQJBf94j+F0e0AwAGPfR150U1w3fehnCMW6qdV3TQ2YqZ6aL0XoonH hulTG4WkDkLQJBf94j+F0e0AwAGPfR150U1w3fehnCMW6qdV3TQ2YqZ6aL0XoonH
5q37KcgoJk636h+qXkOKikxVCnwCvMcnaF+ZQE6IwmgiV8TUYVVbSCrtL0Dk+5W9 5q37KcgoJk636h+qXkOKikxVCnwCvMcnaF+ZQE6IwmgiV8TUYVVbSCrtL0Dk+5W9
T+ZGROgZe6Ro2g1rKYVGU/D/MpqYJodUNII9AOloc2eWXuIXdGd8CcJADmDJP6z5 T+ZGROgZe6Ro2g1rKYVGU/D/MpqYJodUNII9AOloc2eWXuIXdGd8CcJADmDJP6z5
bMoGLXudivQpm0hGScHvg0s7A5KUuSGYGJb3eGuKh1GARjkxW/pMbSwpMmob5oMR bMoGLXudivQpm0hGScHvg0s7A5KUuSGYGJb3eGuKh1GARjkxW/pMbSwpMmob5oMR
UCEA91EKlSWVsYT8utyarh+MHyzSruV2+6qC2n/WVUTQ4moeDRWWDaDiiu/TjVIU UCEA91EKlSWVsYT8utyarh+MHyzSruV2+6qC2n/WVUTQ4moeDRWWDaDiiu/TjVIU
WkscDMV9SU2BaXDlYG/ING15oGkjo/xFxXIF5/eFFXUo8PQNbI6iI/WVsuQGHBMQ WkscDMV9SU2BaXDlYG/ING15oGkjo/xFxXIF5/eFFXUo8PQNbI6iI/WVsuQGHBMQ
5RYRifuLhgL2N55990m3oajpGCQW/NODMbfK2aJqvcNsgs/5+hmuQBMPN/sbr/C5 5RYRifuLhgL2N55990m3oajpGCQW/NODMbfK2aJqvcNsgs/5+hmuQBMPN/sbr/C5
A.3.22. S/MIME encrypted and signed reply over a complex message, B.3.22. S/MIME encrypted and signed reply over a complex message,
Wrapped Message with hcp_strong Wrapped Message with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_strong Header Wrapped Message header protection scheme with the hcp_strong Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 146, line 22 skipping to change at page 150, line 22
│├─╴text/plain 379 bytes │├─╴text/plain 379 bytes
│└─╴text/html 463 bytes │└─╴text/html 463 bytes
└─╴image/png inline 232 bytes └─╴image/png inline 232 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example> Message-ID: <38a0b7ba-76e0-5351-93e9-f44877e20e6e@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:17:02 -0500 Date: Sat, 20 Feb 2021 12:17:02 -0500
MIIcDAYJKoZIhvcNAQcDoIIb/TCCG/kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIcDAYJKoZIhvcNAQcDoIIb/TCCG/kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABemnHHf75QhIl2ZGjel+3wmhpKAG/LVZP+0 Boq0MA0GCSqGSIb3DQEBAQUABIIBABemnHHf75QhIl2ZGjel+3wmhpKAG/LVZP+0
rQgw6ZvFFxGLNvTompRv0NrYzBGh7tJR3lr721cWSQKzBKtnpAind4NjL3EAO/bX rQgw6ZvFFxGLNvTompRv0NrYzBGh7tJR3lr721cWSQKzBKtnpAind4NjL3EAO/bX
4hICimMlE3HWS5LqmGefPGd8vhuxP9eAjXGh+RaGp9YJEQOCptHAEeHHYnGV0gOb 4hICimMlE3HWS5LqmGefPGd8vhuxP9eAjXGh+RaGp9YJEQOCptHAEeHHYnGV0gOb
skipping to change at page 149, line 33 skipping to change at page 153, line 33
mmU5qH8GnHbw7bhKwCFIVBd4FHS4DCSNVDqpxD/hI4k9mlRyIquhSacoWk6J3rH0 mmU5qH8GnHbw7bhKwCFIVBd4FHS4DCSNVDqpxD/hI4k9mlRyIquhSacoWk6J3rH0
ntIkWuAsjw4v8+arLCCXfutBqMYLrKtFlOED/6OidqsFRtCH83DsgivRTvwBw3G5 ntIkWuAsjw4v8+arLCCXfutBqMYLrKtFlOED/6OidqsFRtCH83DsgivRTvwBw3G5
ogcNF91U+tf7VN8ij3t11LhGaXIGdXUzb659IiSVCAmqzojCLBPmEPQOgeWnC8WY ogcNF91U+tf7VN8ij3t11LhGaXIGdXUzb659IiSVCAmqzojCLBPmEPQOgeWnC8WY
TkJnfZ7E01g3WkOiTheVE7sCVGy2oGQ8HzvzH+AVv4lNi55IxPVWVgLEFwbQhRvM TkJnfZ7E01g3WkOiTheVE7sCVGy2oGQ8HzvzH+AVv4lNi55IxPVWVgLEFwbQhRvM
MeRPidNChc78jREtwyVJPsxKm46gyN/eYquZG4cMnMbM+IzMid4tESznXMmiJJww MeRPidNChc78jREtwyVJPsxKm46gyN/eYquZG4cMnMbM+IzMid4tESznXMmiJJww
cZi/nN7mSSD/M64BqvsiZ1L81JdDQQxHvHJrTlWH2R9nozsGkSzr8IpbSienRF/F cZi/nN7mSSD/M64BqvsiZ1L81JdDQQxHvHJrTlWH2R9nozsGkSzr8IpbSienRF/F
iX7pNZXAq/L3mPo/4iC3XUPEPluweAVJfoa/irEZA1tu8eKFqIqQt0kGsFYO9Yf4 iX7pNZXAq/L3mPo/4iC3XUPEPluweAVJfoa/irEZA1tu8eKFqIqQt0kGsFYO9Yf4
LCXtun62PTxnZ8b9NfqdzWYR3lsJE494Hq8PwMChPCE+YxtVjJI5Wtx9A59otG2S LCXtun62PTxnZ8b9NfqdzWYR3lsJE494Hq8PwMChPCE+YxtVjJI5Wtx9A59otG2S
FhjPjS2KIEp6rONnbasJnAfb9JGqAd9l+yofLqbajiU= FhjPjS2KIEp6rONnbasJnAfb9JGqAd9l+yofLqbajiU=
A.3.23. S/MIME encrypted and signed reply over a complex message, B.3.23. S/MIME encrypted and signed reply over a complex message,
Injected Headers with hcp_strong Injected Headers with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_strong Header Injected Headers header protection scheme with the hcp_strong Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 150, line 21 skipping to change at page 154, line 21
│├─╴text/plain 391 bytes │├─╴text/plain 391 bytes
│└─╴text/html 472 bytes │└─╴text/html 472 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example> Message-ID: <c6774fdb-3ef5-5293-ab2d-eca8b66b4bbf@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:18:02 -0500 Date: Sat, 20 Feb 2021 12:18:02 -0500
MIIcLAYJKoZIhvcNAQcDoIIcHTCCHBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIcLAYJKoZIhvcNAQcDoIIcHTCCHBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGgB6GKG3BktdYx9b26f98xIYUpPO5jQYr8y Boq0MA0GCSqGSIb3DQEBAQUABIIBAGgB6GKG3BktdYx9b26f98xIYUpPO5jQYr8y
mu3jMU7EN5GwAY0Ip8BEEtWVO4kkV3HQXLjPR9kQ+v82Lsj0MX6+ByE29ESGUDhu mu3jMU7EN5GwAY0Ip8BEEtWVO4kkV3HQXLjPR9kQ+v82Lsj0MX6+ByE29ESGUDhu
xH5X4grXCpBo7QCwHRP3vMrvz2rnUwT3qmP+15eIT/mpSlCSn0nVe0yY9/awCKEY xH5X4grXCpBo7QCwHRP3vMrvz2rnUwT3qmP+15eIT/mpSlCSn0nVe0yY9/awCKEY
skipping to change at page 153, line 33 skipping to change at page 157, line 33
R/AxVLrepd5uW4wF/wpIYjhS8+72rkEx8e7P+Z7qWLWKpYtdYemoTmQxIHRt9bpX R/AxVLrepd5uW4wF/wpIYjhS8+72rkEx8e7P+Z7qWLWKpYtdYemoTmQxIHRt9bpX
TOU7LYJ/mYljf8EPJgsqKRciADk7vhTugpMkkQdHJCdAUbgt9RvZ3RVWLMJ8XzwG TOU7LYJ/mYljf8EPJgsqKRciADk7vhTugpMkkQdHJCdAUbgt9RvZ3RVWLMJ8XzwG
p0Eyrc8bqjEqa1TD7BXY2NgEBNvSQHCa+nikW1CXhx7p26ERd3sLbgU4Upsir/Sr p0Eyrc8bqjEqa1TD7BXY2NgEBNvSQHCa+nikW1CXhx7p26ERd3sLbgU4Upsir/Sr
hUt/oRt75UHlBuiHo3hPoKD8BlVbQ3P4unFMkP4E5viJvPIlvpimfU0QbQd1CTGD hUt/oRt75UHlBuiHo3hPoKD8BlVbQ3P4unFMkP4E5viJvPIlvpimfU0QbQd1CTGD
LCiwzxtY5VbUTJh8Bzmsk68W9XYOoFYM86C8eQiwT+iv6SEThhlJ97ZkbIx95jOn LCiwzxtY5VbUTJh8Bzmsk68W9XYOoFYM86C8eQiwT+iv6SEThhlJ97ZkbIx95jOn
h1HSVD4BG/VrP1sZHn4LDAoIBugbM5HpwUTVX8UvTkHbqIau4kzadGVHHfyKLw2H h1HSVD4BG/VrP1sZHn4LDAoIBugbM5HpwUTVX8UvTkHbqIau4kzadGVHHfyKLw2H
YfbatQCNwK/lHTMjGdwd76j+jUZ0QfBYD9e2SwhPF2qGok9gx1glZue65xEC8XM2 YfbatQCNwK/lHTMjGdwd76j+jUZ0QfBYD9e2SwhPF2qGok9gx1glZue65xEC8XM2
hvpBysW+9HrKwp+/SvJc7974MKCcFs76A+Q93/AnXq0lKcYZeDJtBJfjkbqCuvbP hvpBysW+9HrKwp+/SvJc7974MKCcFs76A+Q93/AnXq0lKcYZeDJtBJfjkbqCuvbP
dTYlFvjuVh2TudqGzxeP9g== dTYlFvjuVh2TudqGzxeP9g==
A.3.24. S/MIME encrypted and signed reply over a complex message, B.3.24. S/MIME encrypted and signed reply over a complex message,
Injected Headers with hcp_strong (+ Legacy Display) Injected Headers with hcp_strong (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_strong Header Injected Headers header protection scheme with the hcp_strong Header
Confidentiality Policy with a "Legacy Display" part. Confidentiality Policy with a "Legacy Display" part.
It has the following structure: It has the following structure:
skipping to change at page 154, line 23 skipping to change at page 158, line 23
│├─╴text/plain 427 bytes │├─╴text/plain 427 bytes
│└─╴text/html 508 bytes │└─╴text/html 508 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example> Message-ID: <acced3c9-111b-5a4f-bd80-34558da32b4d@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500 Date: Sat, 20 Feb 2021 12:19:02 -0500
MIIeHAYJKoZIhvcNAQcDoIIeDTCCHgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIeHAYJKoZIhvcNAQcDoIIeDTCCHgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAA0KmSPng+cWNJVCbPBeSpZbXks3myShz3E0 Boq0MA0GCSqGSIb3DQEBAQUABIIBAA0KmSPng+cWNJVCbPBeSpZbXks3myShz3E0
bUW2BwUhb1U0UxNgcFJyvDABOeYHXa6U3BHuJC6DwqwlEsFCpsCQuZqrBbsk6PgV bUW2BwUhb1U0UxNgcFJyvDABOeYHXa6U3BHuJC6DwqwlEsFCpsCQuZqrBbsk6PgV
VRKAltBb8K2+qArXTlSYg14dOhhZy/qBAJmyf6JBkzrTcNmndsZe04WK11b8BfJY VRKAltBb8K2+qArXTlSYg14dOhhZy/qBAJmyf6JBkzrTcNmndsZe04WK11b8BfJY
skipping to change at page 157, line 45 skipping to change at page 161, line 45
wE71YSl3b5vy7wOQaP9Jgps64bhf3iRAr1gSAkoT0rFW0fDJR7VV5rwSRaB/re7y wE71YSl3b5vy7wOQaP9Jgps64bhf3iRAr1gSAkoT0rFW0fDJR7VV5rwSRaB/re7y
dS8ddUx/0qIE+/iddSWKkPZIIDWiCQrcUxQqOjS5fxDnzoaaqll0umEDR1zy9KdX dS8ddUx/0qIE+/iddSWKkPZIIDWiCQrcUxQqOjS5fxDnzoaaqll0umEDR1zy9KdX
5UyWiNctfexihp8WuPGsO5WoqdaVUUHLBaa3ZzIEgbVmXW/OCReAxjIwZpsOUHWI 5UyWiNctfexihp8WuPGsO5WoqdaVUUHLBaa3ZzIEgbVmXW/OCReAxjIwZpsOUHWI
PilkacVmrYOp2Msg1Wqw74MekZZxf/v9oAP1kFkA12psIw5fnYXKiejtsrxOvXdI PilkacVmrYOp2Msg1Wqw74MekZZxf/v9oAP1kFkA12psIw5fnYXKiejtsrxOvXdI
0Uc55ruTMaMI/SqihEwu6CRjjSDCr6xaFMlKhsE/xAKiJZH0u80QaTm5yT42Cd47 0Uc55ruTMaMI/SqihEwu6CRjjSDCr6xaFMlKhsE/xAKiJZH0u80QaTm5yT42Cd47
2n6rCBQmKBoJBKELW+YzoN7v0Kcf1gogx8OXcA0UzZLx9/JLfaxlfUKt8dx8kPzZ 2n6rCBQmKBoJBKELW+YzoN7v0Kcf1gogx8OXcA0UzZLx9/JLfaxlfUKt8dx8kPzZ
UkEdz448mE/V90sUVHGPV1rSOZGSaxe+OKchRRUpYM12xcvldvbDxynLfRI6OUYQ UkEdz448mE/V90sUVHGPV1rSOZGSaxe+OKchRRUpYM12xcvldvbDxynLfRI6OUYQ
OC2cH0uJ4wCTCqlRKVvlpZBYRGmQZzfgtZNuFPXkGMfgJ/nMtKasqPNdqTglFubI OC2cH0uJ4wCTCqlRKVvlpZBYRGmQZzfgtZNuFPXkGMfgJ/nMtKasqPNdqTglFubI
jyUq8xdFzYuIeydv7m6Tf2jBawV8zHbQ/2ZkLl8WUPU= jyUq8xdFzYuIeydv7m6Tf2jBawV8zHbQ/2ZkLl8WUPU=
Appendix B. Additional information Appendix C. Additional information
B.1. Stored Variants of Messages with Bcc C.1. Stored Variants of Messages with Bcc
Messages containing at least one recipient address in the Bcc header Messages containing at least one recipient address in the Bcc header
field may appear in up to three different variants: field may appear in up to three different variants:
1. The Message for the recipient addresses listed in To or Cc header 1. The Message for the recipient addresses listed in To or Cc header
fields, which must not include the Bcc header field neither for fields, which must not include the Bcc header field neither for
signature calculation nor for encryption. signature calculation nor for encryption.
2. The Message(s) sent to the recipient addresses in the Bcc header 2. The Message(s) sent to the recipient addresses in the Bcc header
field, which depends on the implementation: field, which depends on the implementation:
skipping to change at page 158, line 34 skipping to change at page 162, line 34
3. The Message stored in the 'Sent'-Folder of the sender, which 3. The Message stored in the 'Sent'-Folder of the sender, which
usually contains the Bcc unchanged from the original Message, usually contains the Bcc unchanged from the original Message,
i.e., with all recipient addresses. i.e., with all recipient addresses.
The most privacy preserving method of the alternatives (2a, 2b, and The most privacy preserving method of the alternatives (2a, 2b, and
2c) is to standardize 2a, as in the other cases (2b and 2c), 2c) is to standardize 2a, as in the other cases (2b and 2c),
information about hidden recipients is revealed via keys. In any information about hidden recipients is revealed via keys. In any
case, the Message has to be cloned and adjusted depending on the case, the Message has to be cloned and adjusted depending on the
recipient. recipient.
Appendix C. Text Moved from Above Appendix D. Text Moved from Above
Note: Per an explicit request by the chair of the LAMPS WG to only Note: Per an explicit request by the chair of the LAMPS WG to only
present one option for the specification, the following text has been present one option for the specification, the following text has been
stripped from the main body of the draft. It is preserved in an stripped from the main body of the draft. It is preserved in an
Appendix for the time being and may be moved back to the main body or Appendix for the time being and may be moved back to the main body or
deleted, depending on the decision of the LAMPS WG. deleted, depending on the decision of the LAMPS WG.
C.1. MIME Format D.1. MIME Format
Currently there are two options in discussion: Currently there are two options in discussion:
1. The option according to the current S/MIME specification (cf. 1. The option according to the current S/MIME specification (cf.
[RFC8551]) [RFC8551])
2. An alternative option that is based on the former "memory hole" 2. An alternative option that is based on the former "memory hole"
approach (cf. [I-D.autocrypt-lamps-protected-headers]) approach (cf. [I-D.autocrypt-lamps-protected-headers])
C.1.1. S/MIME Specification D.1.1. S/MIME Specification
Note: This is currently described in the main part of this document. Note: This is currently described in the main part of this document.
C.1.1.1. Alternative Option Autocrypt "Protected Headers" (Ex-"Memory D.1.1.1. Alternative Option Autocrypt "Protected Headers" (Ex-"Memory
Hole") Hole")
An alternative option (based on the former autocrypt "Memory Hole" An alternative option (based on the former autocrypt "Memory Hole"
approach) to be considered, is described in approach) to be considered, is described in
[I-D.autocrypt-lamps-protected-headers]. [I-D.autocrypt-lamps-protected-headers].
Unlike the option described in Appendix C.1.1, this option does not Unlike the option described in Appendix D.1.1, this option does not
use a "message/RFC822" wrapper to unambiguously delimit the Inner use a "message/RFC822" wrapper to unambiguously delimit the Inner
Message. Message.
Before choosing this option, the following two issues must be Before choosing this option, the following two issues must be
assessed to ensure no interoperability issues result from it: assessed to ensure no interoperability issues result from it:
1. How current MIME parser implementations treat non-MIME Header 1. How current MIME parser implementations treat non-MIME Header
Fields, which are not part of the outermost MIME entity and not Fields, which are not part of the outermost MIME entity and not
part of a Message wrapped into a MIME entity of media type part of a Message wrapped into a MIME entity of media type
"message/rfc822", and how such Messages are rendered to the user. "message/rfc822", and how such Messages are rendered to the user.
skipping to change at page 161, line 46 skipping to change at page 165, line 46
(Outer Message Body) is protected. The Outer Message Body consists (Outer Message Body) is protected. The Outer Message Body consists
of the Inner Message (Header Section and Body). of the Inner Message (Header Section and Body).
The Inner Message Header Section is the same as (or a subset of) the The Inner Message Header Section is the same as (or a subset of) the
Original Message Header Section. Original Message Header Section.
The Inner Message Body is the same as the Original Message Body. The Inner Message Body is the same as the Original Message Body.
The Original Message itself may contain any MIME structure. The Original Message itself may contain any MIME structure.
C.1.2. Sending Side D.1.2. Sending Side
To ease explanation, the following describes the case where an To ease explanation, the following describes the case where an
Original (message/rfc822) Message to be protected is present. If Original (message/rfc822) Message to be protected is present. If
this is not the case, Original Message means the (virtual) Message this is not the case, Original Message means the (virtual) Message
that would be constructed for sending it as unprotected email. that would be constructed for sending it as unprotected email.
C.1.2.1. Inner Message Header Fields D.1.2.1. Inner Message Header Fields
It is RECOMMENDED that the Inner Message contains all Header Fields It is RECOMMENDED that the Inner Message contains all Header Fields
of the Original Message with the exception of the following Header of the Original Message with the exception of the following Header
Field, which MUST NOT be included within the Inner Message nor within Field, which MUST NOT be included within the Inner Message nor within
any other protected part of the Message: any other protected part of the Message:
* Bcc * Bcc
[[ TODO: Bcc handling needs to be further specified (see also [[ TODO: Bcc handling needs to be further specified (see also
Appendix B.1). Certain MUAs cannot properly decrypt Messages with Appendix C.1). Certain MUAs cannot properly decrypt Messages with
Bcc recipients. ]] Bcc recipients. ]]
C.1.2.2. Wrapper D.1.2.2. Wrapper
The wrapper is a simple MIME Header Section followed by an empty line The wrapper is a simple MIME Header Section followed by an empty line
preceding the Inner Message (inside the Outer Message Body). The preceding the Inner Message (inside the Outer Message Body). The
media type of the wrapper MUST be "message/RFC822" and MUST contain media type of the wrapper MUST be "message/RFC822" and MUST contain
the Content-Type header field parameter "forwarded=no" as defined in the Content-Type header field parameter "forwarded=no" as defined in
[I-D.melnikov-iana-reg-forwarded]. The wrapper unambiguously [I-D.melnikov-iana-reg-forwarded]. The wrapper unambiguously
delimits the Inner Message from the rest of the Message. delimits the Inner Message from the rest of the Message.
C.1.2.3. Cryptographic Layers / Envelope D.1.2.3. Cryptographic Layers / Envelope
[[ TODO: Basically refer to S/MIME standards ]] [[ TODO: Basically refer to S/MIME standards ]]
C.1.2.4. Sending Side Message Processing D.1.2.4. Sending Side Message Processing
For a protected Message the following steps are applied before a For a protected Message the following steps are applied before a
Message is handed over to the Submission Entity: Message is handed over to the Submission Entity:
C.1.2.4.1. Step 1: Decide on Protection Level and Information D.1.2.4.1. Step 1: Decide on Protection Level and Information
Disclosure Disclosure
The implementation which applies protection to a Message must decide: The implementation which applies protection to a Message must decide:
* Which Protection Level (signature and/or encryption) shall be * Which Protection Level (signature and/or encryption) shall be
applied to the Message? This depends on user request and/or local applied to the Message? This depends on user request and/or local
policy as well as availability of cryptographic keys. policy as well as availability of cryptographic keys.
* Which Header Fields of the Original Message shall be part of the * Which Header Fields of the Original Message shall be part of the
Outer Message Header Section? This typically depends on local Outer Message Header Section? This typically depends on local
policy. By default, the Essential Header Fields are part of the policy. By default, the Essential Header Fields are part of the
Outer Message Header Section; cf. Appendix C.1.2.5. Outer Message Header Section; cf. Appendix D.1.2.5.
* Which of these Header Fields are to be obfuscated? This depends * Which of these Header Fields are to be obfuscated? This depends
on local policy and/or specific Privacy requirements of the user. on local policy and/or specific Privacy requirements of the user.
By default only the Subject Header Field is obfuscated; cf. By default only the Subject Header Field is obfuscated; cf.
Appendix C.1.2.5. Appendix D.1.2.5.
C.1.2.4.2. Step 2: Compose the Outer Message Header Section D.1.2.4.2. Step 2: Compose the Outer Message Header Section
Depending on the decision in Appendix C.1.2.4.1, the implementation Depending on the decision in Appendix D.1.2.4.1, the implementation
shall compose the Outer Message Header Section. (Note that this also shall compose the Outer Message Header Section. (Note that this also
includes the necessary MIME Header Section part for the following includes the necessary MIME Header Section part for the following
protection layer.) protection layer.)
Outer Header Fields that are not obfuscated should contain the same Outer Header Fields that are not obfuscated should contain the same
values as in the Original Message (except for MIME Header values as in the Original Message (except for MIME Header
Section part, which depends on the Protection Level selected in Section part, which depends on the Protection Level selected in
Appendix C.1.2.4.1). Appendix D.1.2.4.1).
C.1.2.4.3. Step 3: Apply Protection to the Original Message D.1.2.4.3. Step 3: Apply Protection to the Original Message
Depending on the Protection Level selected in Appendix C.1.2.4.1, the Depending on the Protection Level selected in Appendix D.1.2.4.1, the
implementation applies signature and/or encryption to the Original implementation applies signature and/or encryption to the Original
Message, including the wrapper (as per [RFC8551]), and sets the Message, including the wrapper (as per [RFC8551]), and sets the
resulting package as the Outer Message Body. resulting package as the Outer Message Body.
The resulting (Outer) Message is then typically handed over to the The resulting (Outer) Message is then typically handed over to the
Submission Entity. Submission Entity.
[[ TODO: Example ]] [[ TODO: Example ]]
C.1.2.5. Outer Message Header Fields D.1.2.5. Outer Message Header Fields
C.1.2.5.1. Encrypted Messages D.1.2.5.1. Encrypted Messages
To maximize Privacy, it is strongly RECOMMENDED to follow the To maximize Privacy, it is strongly RECOMMENDED to follow the
principle of Data Minimization (cf. Section 2.1). principle of Data Minimization (cf. Section 2.1).
However, the Outer Message Header Section SHOULD contain the However, the Outer Message Header Section SHOULD contain the
Essential Header Fields and, in addition, MUST contain the Header Essential Header Fields and, in addition, MUST contain the Header
Fields of the MIME Header Section part to describe Cryptographic Fields of the MIME Header Section part to describe Cryptographic
Layer of the protected MIME subtree as per [RFC8551]. Layer of the protected MIME subtree as per [RFC8551].
The following Header Fields are defined as the Essential Header The following Header Fields are defined as the Essential Header
Fields: Fields:
* From * From
* To (if present in the Original Message) * To (if present in the Original Message)
* Cc (if present in the Original Message) * Cc (if present in the Original Message)
* Bcc (if present in the Original Message, see also Appendix B.1) * Bcc (if present in the Original Message, see also Appendix C.1)
* Date * Date
* Message-ID * Message-ID
* Subject * Subject
Further processing by the Submission Entity normally depends on part Further processing by the Submission Entity normally depends on part
of these Header Fields, e.g. From and Date HFs are required by of these Header Fields, e.g. From and Date HFs are required by
[RFC5322]. Furthermore, not including certain Header Fields may [RFC5322]. Furthermore, not including certain Header Fields may
skipping to change at page 165, line 34 skipping to change at page 169, line 34
Depending on the scenario, further Header Fields MAY be exposed in Depending on the scenario, further Header Fields MAY be exposed in
the Outer Message Header Section, which is NOT RECOMMENDED unless the Outer Message Header Section, which is NOT RECOMMENDED unless
justified. Such Header Fields may include e.g.: justified. Such Header Fields may include e.g.:
* References * References
* Reply-To * Reply-To
* In-Reply-To * In-Reply-To
C.1.2.5.2. Unencrypted Messages D.1.2.5.2. Unencrypted Messages
The Outer Message Header Section of unencrypted Messages SHOULD The Outer Message Header Section of unencrypted Messages SHOULD
contain at least the Essential Header Fields and, in addition, MUST contain at least the Essential Header Fields and, in addition, MUST
contain the Header Fields of the MIME Header Section part to describe contain the Header Fields of the MIME Header Section part to describe
Cryptographic Layer of the protected MIME subtree as per [RFC8551]. Cryptographic Layer of the protected MIME subtree as per [RFC8551].
It may contain further Header Fields, in particular those also It may contain further Header Fields, in particular those also
present in the Inner Message Header Section. present in the Inner Message Header Section.
Appendix D. Document Considerations Appendix E. Document Considerations
[[ RFC Editor: This section is to be removed before publication ]] [[ RFC Editor: This section is to be removed before publication ]]
This draft is built from markdown source, and its development is This draft is built from markdown source, and its development is
tracked in a git repository (https://gitlab.com/dkg/lamps-header- tracked in a git repository (https://gitlab.com/dkg/lamps-header-
protection). protection).
While minor editorial suggestions and nit-picks can be made as merge While minor editorial suggestions and nit-picks can be made as merge
requests (https://gitlab.com/dkg/lamps-header-protection), please requests (https://gitlab.com/dkg/lamps-header-protection), please
direct all substantive discussion to the LAMPS mailing list direct all substantive discussion to the LAMPS mailing list
(https://www.ietf.org/mailman/listinfo/spasm) at "spasm@ietf.org". (https://www.ietf.org/mailman/listinfo/spasm) at "spasm@ietf.org".
Appendix E. Document Changelog Appendix F. Document Changelog
[[ RFC Editor: This section is to be removed before publication ]] [[ RFC Editor: This section is to be removed before publication ]]
* draft-ietf-lamps-header-protection-06
- document observed problems with legacy MUAs
- avoid duplicated outer Message-IDs in hcp_strong test vectors
* draft-ietf-lamps-header-protection-05 * draft-ietf-lamps-header-protection-05
- fix multipart/signed wrapped test vectors - fix multipart/signed wrapped test vectors
* draft-ietf-lamps-header-protection-04 * draft-ietf-lamps-header-protection-04
- add test vectors - add test vectors
- add "problems with Injected Messages" subsection - add "problems with Injected Messages" subsection
skipping to change at page 167, line 28 skipping to change at page 171, line 33
distinguish between Encrypted and Unencrypted Messages [HB] distinguish between Encrypted and Unencrypted Messages [HB]
- Removed (commented out) Header Field Flow Figure (it appeared - Removed (commented out) Header Field Flow Figure (it appeared
to be confusing as is was) [HB] to be confusing as is was) [HB]
* draft-ietf-lamps-header-protection-00 * draft-ietf-lamps-header-protection-00
- Initial version (text partially taken over from - Initial version (text partially taken over from
[I-D.ietf-lamps-header-protection-requirements] [I-D.ietf-lamps-header-protection-requirements]
Appendix F. Open Issues Appendix G. Open Issues
[[ RFC Editor: This section should be empty and is to be removed [[ RFC Editor: This section should be empty and is to be removed
before publication. ]] before publication. ]]
* Ensure "protected header" (Ex-Memory-Hole) option is (fully) * Ensure "protected header" (Ex-Memory-Hole) option is (fully)
compliant with the MIME standard, in particular also [RFC2046], compliant with the MIME standard, in particular also [RFC2046],
Section 5.1. (Multipart Media Type) Appendix C.1.1.1. Section 5.1. (Multipart Media Type) Appendix D.1.1.1.
* Test Vectors! We can point to the relevant test vector in the * Test Vectors! We can point to the relevant test vector in the
main text by reference. We should also include in the test main text by reference. We should also include in the test
vectors an encrypted message that references another message, so vectors an encrypted message that references another message, so
we can observe the effect of the HCP on threading. we can observe the effect of the HCP on threading.
* Should Outer Message Header Section (as received) be preserved for * Should Outer Message Header Section (as received) be preserved for
the user? (Section 4.1.4.5) the user? (Section 4.1.4.5)
* Decide on whether or not merge requirements from * Decide on whether or not merge requirements from
 End of changes. 104 change blocks. 
192 lines changed or deleted 356 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/