📄 rfc1421.txt
字号:
set.
2. Text lines, delimited by the character pair <CR><LF>, must
be no more than 1000 characters long.
3. Since the string <CR><LF>.<CR><LF> indicates the end of a
message, it must not occur in text prior to the end of a
message.
Although SMTP specifies a standard representation for line delimiters
(ASCII <CR><LF>), numerous systems in the Internet use a different
native representation to delimit lines. For example, the <CR><LF>
sequences delimiting lines in mail inbound to UNIX systems are
transformed to single <LF>s as mail is written into local mailbox
files. Lines in mail incoming to record-oriented systems (such as
VAX VMS) may be converted to appropriate records by the destination
SMTP server [3]. As a result, if the encryption process generated
<CR>s or <LF>s, those characters might not be accessible to a
recipient UA program at a destination which uses different line
delimiting conventions. It is also possible that conversion between
tabs and spaces may be performed in the course of mapping between
inter-SMTP and local format; this is a matter of local option. If
such transformations changed the form of transmitted ciphertext,
decryption would fail to regenerate the transmitted plaintext, and a
transmitted MIC would fail to compare with that computed at the
destination.
The conversion performed by an SMTP server at a system with EBCDIC as
a native character set has even more severe impact, since the
conversion from EBCDIC into ASCII is an information-losing
transformation. In principle, the transformation function mapping
between inter-SMTP canonical ASCII message representation and local
format could be moved from the SMTP server up to the UA, given a
means to direct that the SMTP server should no longer perform that
transformation. This approach has a major disadvantage: internal
file (e.g., mailbox) formats would be incompatible with the native
forms used on the systems where they reside. Further, it would
require modification to SMTP servers, as mail would be passed to SMTP
in a different representation than it is passed at present.
Linn [Page 11]
RFC 1421 Privacy Enhancement for Electronic Mail February 1993
4.3.2 Approach
Our approach to supporting PEM across an environment in which
intermediate conversions may occur defines an encoding for mail which
is uniformly representable across the set of PEM UAs regardless of
their systems' native character sets. This encoded form is used (for
specified PEM message types) to represent mail text in transit from
originator to recipient, but the encoding is not applied to enclosing
MTS headers or to encapsulated headers inserted to carry control
information between PEM UAs. The encoding's characteristics are such
that the transformations anticipated between originator and recipient
UAs will not prevent an encoded message from being decoded properly
at its destination.
Four transformation steps, described in the following four
subsections, apply to outbound PEM message processing:
4.3.2.1 Step 1: Local Form
This step is applicable to PEM message types ENCRYPTED, MIC-ONLY, and
MIC-CLEAR. The message text is created in the system's native
character set, with lines delimited in accordance with local
convention.
4.3.2.2 Step 2: Canonical Form
This step is applicable to PEM message types ENCRYPTED, MIC-ONLY, and
MIC-CLEAR. The message text is converted to a universal canonical
form, similar to the inter-SMTP representation [4] as defined in RFC
821 [2] and RFC 822 [5]. The procedures performed in order to
accomplish this conversion are dependent on the characteristics of
the local form and so are not specified in this RFC.
PEM canonicalization assures that the message text is represented
with the ASCII character set and "<CR><LF>" line delimiters, but does
not perform the dot-stuffing transformation discussed in RFC 821,
Section 4.5.2. Since a message is converted to a standard character
set and representation before encryption, a transferred PEM message
can be decrypted and its MIC can be validated at any type of
destination host computer. Decryption and MIC validation is
performed before any conversions which may be necessary to transform
the message into a destination-specific local form.
4.3.2.3 Step 3: Authentication and Encryption
Authentication processing is applicable to PEM message types
ENCRYPTED, MIC-ONLY, and MIC-CLEAR. The canonical form is input to
the selected MIC computation algorithm in order to compute an
Linn [Page 12]
RFC 1421 Privacy Enhancement for Electronic Mail February 1993
integrity check quantity for the message. No padding is added to the
canonical form before submission to the MIC computation algorithm,
although certain MIC algorithms will apply their own padding in the
course of computing a MIC.
Encryption processing is applicable only to PEM message type
ENCRYPTED. RFC 1423 defines the padding technique used to support
encryption of the canonically-encoded message text.
4.3.2.4 Step 4: Printable Encoding
This printable encoding step is applicable to PEM message types
ENCRYPTED and MIC-ONLY. The same processing is also employed in
representation of certain specifically identified PEM encapsulated
header field quantities as cited in Section 4.6. Proceeding from
left to right, the bit string resulting from step 3 is encoded into
characters which are universally representable at all sites, though
not necessarily with the same bit patterns (e.g., although the
character "E" is represented in an ASCII-based system as hexadecimal
45 and as hexadecimal C5 in an EBCDIC-based system, the local
significance of the two representations is equivalent).
A 64-character subset of International Alphabet IA5 is used, enabling
6 bits to be represented per printable character. (The proposed
subset of characters is represented identically in IA5 and ASCII.)
The character "=" signifies a special processing function used for
padding within the printable encoding procedure.
To represent the encapsulated text of a PEM message, the encoding
function's output is delimited into text lines (using local
conventions), with each line except the last containing exactly 64
printable characters and the final line containing 64 or fewer
printable characters. (This line length is easily printable and is
guaranteed to satisfy SMTP's 1000-character transmitted line length
limit.) This folding requirement does not apply when the encoding
procedure is used to represent PEM header field quantities; Section
4.6 discusses folding of PEM encapsulated header fields.
The encoding process represents 24-bit groups of input bits as output
strings of 4 encoded characters. Proceeding from left to right across
a 24-bit input group extracted from the output of step 3, each 6-bit
group is used as an index into an array of 64 printable characters.
The character referenced by the index is placed in the output string.
These characters, identified in Table 1, are selected so as to be
universally representable, and the set excludes characters with
particular significance to SMTP (e.g., ".", "<CR>", "<LF>").
Linn [Page 13]
RFC 1421 Privacy Enhancement for Electronic Mail February 1993
Special processing is performed if fewer than 24 bits are available
in an input group at the end of a message. A full encoding quantum
is always completed at the end of a message. When fewer than 24
input bits are available in an input group, zero bits are added (on
the right) to form an integral number of 6-bit groups. Output
character positions which are not required to represent actual input
data are set to the character "=". Since all canonically encoded
output is an integral number of octets, only the following cases can
arise: (1) the final quantum of encoding input is an integral
multiple of 24 bits; here, the final unit of encoded output will be
an integral multiple of 4 characters with no "=" padding, (2) the
final quantum of encoding input is exactly 8 bits; here, the final
unit of encoded output will be two characters followed by two "="
padding characters, or (3) the final quantum of encoding input is
exactly 16 bits; here, the final unit of encoded output will be three
characters followed by one "=" padding character.
Value Encoding Value Encoding Value Encoding Value Encoding
0 A 17 R 34 i 51 z
1 B 18 S 35 j 52 0
2 C 19 T 36 k 53 1
3 D 20 U 37 l 54 2
4 E 21 V 38 m 55 3
5 F 22 W 39 n 56 4
6 G 23 X 40 o 57 5
7 H 24 Y 41 p 58 6
8 I 25 Z 42 q 59 7
9 J 26 a 43 r 60 8
10 K 27 b 44 s 61 9
11 L 28 c 45 t 62 +
12 M 29 d 46 u 63 /
13 N 30 e 47 v
14 O 31 f 48 w (pad) =
15 P 32 g 49 x
16 Q 33 h 50 y
Printable Encoding Characters
Table 1
4.3.2.5 Summary of Transformations
In summary, the outbound message is subjected to the following
composition of transformations (or, for some PEM message types, a
subset thereof):
Transmit_Form = Encode(Encrypt(Canonicalize(Local_Form)))
Linn [Page 14]
RFC 1421 Privacy Enhancement for Electronic Mail February 1993
The inverse transformations are performed, in reverse order, to
process inbound PEM messages:
Local_Form = DeCanonicalize(Decipher(Decode(Transmit_Form)))
Note that the local form and the functions to transform messages to
and from canonical form may vary between the originator and recipient
systems without loss of information.
4.4 Encapsulation Mechanism
The encapsulation techniques defined in RFC-934 [6] are adopted for
encapsulation of PEM messages within separate enclosing MTS messages
carrying associated MTS headers. This approach offers a number of
advantages relative to a flat approach in which certain fields within
a single header are encrypted and/or carry cryptographic control
information. As far as the MTS is concerned, the entirety of a PEM
message will reside in an MTS message's text portion, not the MTS
message's header portion. Encapsulation provides generality and
segregates fields with user-to-user significance from those
transformed in transit. All fields inserted in the course of
encryption/authentication processing are placed in the encapsulated
header. This facilitates compatibility with mail handling programs
which accept only text, not header fields, from input files or from
other programs.
The encapsulation techniques defined in RFC-934 are consistent with
existing Internet mail forwarding and bursting mechanisms. These
techniques are designed so that they may be used in a nested manner.
The encapsulation techniques may be used to encapsulate one or more
PEM messages for forwarding to a third party, possibly in conjunction
with interspersed (non-PEM) text which serves to annotate the PEM
messages.
Two encapsulation boundaries (EB's) are defined for delimiting
encapsulated PEM messages and for distinguishing encapsulated PEM
messages from interspersed (non-PEM) text. The pre-EB is the string
"-----BEGIN PRIVACY-ENHANCED MESSAGE-----", indicating that an
encapsulated PEM message follows. The post-EB is either (1) another
pre-EB indicating that another encapsulated PEM message follows, or
(2) the string "-----END PRIVACY-ENHANCED MESSAGE-----" indicating
that any text that immediately follows is non-PEM text. A special
point must be noted for the case of MIC-CLEAR messages, the text
portions of which may contain lines which begin with the "-"
character and which are therefore subject to special processing per
RFC-934 forwarding procedures. When the string "- " must be
prepended to such a line in the course of a forwarding operation in
order to distinguish that line from an encapsulation boundary, MIC
Linn [Page 15]
RFC 1421 Privacy Enhancement for Electronic Mail February 1993
computation is to be performed prior to prepending the "- " string.
Figure 1 depicts the encapsulation of a single PEM message.
This RFC places no a priori limits on the depth to which such
encapsulation may be nested nor on the number of PEM messages which
may be grouped in this fashion at a single nesting level for
forwarding. A implementation compliant with this RFC must not
preclude a user from submitting or receiving PEM messages which
exploit this encapsulation capability. However, no specific
requirements are levied upon implementations with regard to how this
capability is made available to the user. Thus, for example, a
compliant PEM implementation is not required to automatically detect
and process encapsulated PEM messages.
In using this encapsulation facility, it is important to note that it
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -