RFC 1848 (rfc1848) - Page 3 of 48


MIME Object Security Services



Alternative Format: Original Text Document

< Previous
Next >



RFC 1848             MIME Object Security Services          October 1995


1.  Introduction

   MIME [2], an acronym for "Multipurpose Internet Mail Extensions",
   defines the format of the contents of Internet mail messages and
   provides for multi-part textual and non-textual message bodies.  An
   Internet electronic mail message consists of two parts: the headers
   and the body.  The headers form a collection of field/value pairs
   structured according to STD 11, RFC 822 [1], whilst the body, if
   structured, is defined according to MIME.  MIME does not provide for
   the application of security services.

   PEM [3-6], an acronym for "Privacy Enhanced Mail", defines message
   encryption and message authentication procedures for text-based
   electronic mail messages using a certificate-based key management
   mechanism.  The specifications include several features that are
   easily and more naturally supported by MIME, for example, the
   transfer encoding operation, the Content-Domain header, and the
   support services specified by its Part IV [6].  The specification is
   limited by specifying the application of security services to text
   messages only.

   MOSS is based in large part on the PEM protocol as defined by RFC
   1421.  Many of PEMs features and most of its protocol specification
   are included here.  A comparison of MOSS and PEM may be found in
   Section 8.

   In order to make use of the MOSS services, a user (where user is not
   limited to being a human, e.g., it could be a process or a role) is
   required to have at least one public/private key pair.  The public
   key must be made available to other users with whom secure
   communication is desired.  The private key must not be disclosed to
   any other user.

   An originator's private key is used to digitally sign MIME objects; a
   recipient would use the originator's public key to verify the digital
   signature.  A recipient's public key is used to encrypt the data
   encrypting key that is used to encrypt the MIME object; a recipient
   would use the corresponding private key to decrypt the data
   encrypting key so that the MIME object can be decrypted.

   As long as the private keys are protected from disclosure, i.e., the
   private keys are accessible only to the user to whom they have been
   assigned, the recipient of a digitally signed message will know from
   whom the message was sent and the originator of an encrypted message
   will know that only the intended recipient is able to read it.  For
   assurance, the ownership of the public keys used in verifying digital
   signatures and encrypting messages should be verified.  A stored
   public key should be protected from modification.



Crocker, et al              Standards Track


< Previous
Next >


Web Standards & Support:

Link to and support eLook.org Powered by LoadedWeb Web Hosting
Valid XHTML 1.0! Valid CSS! eLook.org FireFox Extensions