File formats:

Also available: XML file for editing

 

Status:

PROPOSED STANDARD

Updates:

RFC 8551

Authors:

D. K. Gillmor
B. Hoeneisen
A. Melnikov

Stream:

IETF

Source:

lamps (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9788

Discuss this RFC: Send questions or comments to the mailing list spasm@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9788

Abstract

S/MIME version 3.1 introduced a mechanism to provide end-to-end cryptographic protection of email message headers. However, few implementations generate messages using this mechanism, and several legacy implementations have revealed rendering or security issues when handling such a message.

This document updates the S/MIME specification (RFC 8551) to offer a different mechanism that provides the same cryptographic protections but with fewer downsides when handled by legacy clients. Furthermore, it offers more explicit usability, privacy, and security guidance for clients when generating or handling email messages with cryptographic protection of message headers.

The Header Protection scheme defined here is also applicable to messages with PGP/MIME (Pretty Good Privacy with MIME) cryptographic protections.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.