1

2

3

4

5

6

7Network Working Group J. Myers

8Request For Comments: 1864 Carnegie Mellon

9Obsoletes: 1544 M. Rose

10 Dover Beach Consulting, Inc.

11 October 1995

12

13

14 The Content-MD5 Header Field

15

16Status of this Memo

17

18 This document specifies an Internet standards track protocol for the

19 Internet community, and requests discussion and suggestions for

20 improvements. Please refer to the current edition of the "Internet

21 Official Protocol Standards" (STD 1) for the standardization state

22 and status of this protocol. Distribution of this memo is unlimited.

23

24Abstract

25

26 This memo specifies an optional header field, Content-MD5, for use

27 with MIME-conformant messages.

28

29Table of Contents

30

31 1. Introduction .............................................. 1

32 2. Generation of the Content-MD5 Field ....................... 2

33 3. Processing the Content-MD5 field .......................... 3

34 4. Security Considerations ................................... 3

35 5. Acknowledgements .......................................... 3

36 6. References ................................................ 3

37 7. Authors' Addresses ........................................ 4

38

391. Introduction

40

41 Despite all of the mechanisms provided by MIME [1] which attempt to

42 protect data from being damaged in the course of email transport, it

43 is still desirable to have a mechanism for verifying that the data,

44 once decoded, are intact. For this reason, this memo defines the use

45 of an optional header field, Content-MD5, which may be used as a

46 message integrity check (MIC), to verify that the decoded data are

47 the same data that were initially sent. The Content-MD5 header may

48 also be placed in the encapsulated headers of an object of type

49 message/external-body, to be used to verify that the retreived and

50 decoded data are the same data that were initially referenced.

51

52 MD5 is an algorithm for computing a 128 bit "digest" of arbitrary-

53 length data, with a high degree of confidence that any alterations in

54 the data will be reflected in alterations in the digest. The MD5

55

56

57

58Myers & Rose Standards Track [Page 1]

59

60RFC 1864 Content-MD5 Header Field October 1995

61

62

63 algorithm itself is defined in [2]. This memo specifies how the

64 algorithm may be used as an integrity check for MIME mail.

65

662. Generation of the Content-MD5 Field

67

68 The Content-MD5 field is generated by only an originating user agent.

69 Message relays and gateways are expressly forbidden from generating a

70 Content-MD5 field.

71

72 Use of the Content-MD5 field is completely optional, but its use is

73 recommended whenever data integrity is desired, but Privacy-Enhanced

74 Mail services [3] are not available. (Consult Section 4 for further

75 details.) The Content-MD5 field may only be added to MIME entities of

76 a `leaf' nature, i.e., the Content-MD5 field may be used with any

77 content type other than multipart or message/rfc822.

78

79 To generate the value of the Content-MD5 field, the MD5 algorithm is

80 computed on the canonical form of the MIME entity's object. In

81 particular, this means that the sender applies the MD5 algorithm on

82 the data immediately after conversion to canonical form, before

83 applying any content-transfer-encoding, and that the receiver also

84 applies the MD5 algorithm on the canonical form, after undoing any

85 content-transfer-encoding. For textual data, this means the MD5

86 algorithm must be computed on data in which the canonical form for

87 newlines applies, that is, in which each newline is represented by a

88 CR-LF pair. The canonical encoding model of MIME is described in

89 Appendix G of [1].

90

91 The output of the MD5 algorithm is a 128 bit digest. When viewed in

92 network byte order (big-endian order), this yields a sequence of 16

93 octets of binary data. These 16 octets are then encoded according to

94 the base64 algorithm in order to obtain the value that is placed in

95 the Content-MD5 field. Thus, if the application of the MD5 algorithm

96 over the raw data of a MIME entity results in a digest having the

97 (unlikely) value of "Check Integrity!", then that MIME entity's

98 header could contain the field

99

100 Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ==

101

102 Finally, as discussed in Appendix B of [1], textual data is regularly

103 altered in the normal delivery of mail. Because the addition or

104 deletion of trailing white space will result in a different digest,

105 either the quoted-printable or base64 algorithm should be employed as

106 a content-transfer-encoding when the Content-MD5 field is used.

107

108

109

110

111

112

113

114Myers & Rose Standards Track [Page 2]

115

116RFC 1864 Content-MD5 Header Field October 1995

117

118

1193. Processing the Content-MD5 field

120

121 If the Content-MD5 field is present, a recipient user agent may

122 choose to use it to verify that the contents of a MIME entity have

123 not been modified during transport. Message relays and gateways are

124 expressly forbidden to alter their processing based on the presence

125 of the Content-MD5 field. However, a message gateway is allowed to

126 remove the Content-MD5 field if the corresponding MIME entity is

127 translated into a different content-type.

128

1294. Security Considerations

130

131 This document specifies a data integrity service that protects data

132 from accidental modification while in transit from the sender to the

133 recipient. A secure data integrity service, such as that provided by

134 Privacy Enhanced Mail [3], is conjectured to protect data from all

135 modifications.

136

1375. Acknowledgements

138

139 This memo is based almost entirely on text originally written by

140 Nathaniel Borenstein of Bellcore. In addition, several improvements

141 were suggested by Keith Moore of the University of Tennessee,

142 Knoxville.

143

1446. References

145

146 [1] Borenstein, N., and N. Freed, "MIME (Multipurpose Internet Mail

147 Extensions) Part One: Mechanisms for Specifying and Describing

148 the Format of Internet Message Bodies", RFC 1521, Bellcore,

149 Innosoft, September 1993.

150

151 [2] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, MIT

152 Laboratory for Computer Science and RSA Data Security, Inc.,

153 April 1992.

154

155 [3] Linn, J., "Privacy Enhancement for Internet Electronic Mail, Part

156 I: Message Encryption and Authentication Procedures", RFC 1421,

157 IAB IRTF PSRG, IETF PEM WG, February 1993.

158

159

160

161

162

163

164

165

166

167

168

169

170Myers & Rose Standards Track [Page 3]

171

172RFC 1864 Content-MD5 Header Field October 1995

173

174

1757. Authors' Addresses

176

177 John G. Myers

178 Carnegie Mellon University

179

180 EMail: jgm+@cmu.edu

181

182

183 Marshall T. Rose

184 Dover Beach Consulting, Inc.

185

186 EMail: mrose@dbc.mtview.ca.us

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226Myers & Rose Standards Track [Page 4]

227

228