LAMPS Working Group D. K. Gillmor Internet-Draft American Civil Liberties Union Intended status: Standards Track B. Hoeneisen Expires: 16 March 2024 pEp Foundation A. Melnikov Isode Ltd 13 September 2023 Header Protection for Cryptographically Protected E-mail draft-ietf-lamps-header-protection-16 Abstract S/MIME version 3.1 introduced a mechanism to provide end-to-end cryptographic protection of e-mail message headers. However, few implementations generate messages using this mechanism, and several legacy implementations have revealed rendering or security issues when handling such a message. This document updates the S/MIME specification to offer a different mechanism that provides the same cryptographic protections but with fewer downsides when handled by legacy clients. The header protection schemes described here are also applicable to messages with PGP/MIME cryptographic protections. Furthermore, this document offers more explicit guidance for clients when generating or handling e-mail messages with cryptographic protection of message headers. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://dkg.gitlab.io/lamps-header-protection/. Status information for this document may be found at https://datatracker.ietf.org/doc/ draft-ietf-lamps-header-protection/. Discussion of this document takes place on the LAMPS Working Group mailing list (mailto:spasm@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/spasm/. Subscribe at https://www.ietf.org/mailman/listinfo/spasm/. Source for this draft and an issue tracker can be found at https://gitlab.com/dkg/lamps-header-protection. Gillmor, et al. Expires 16 March 2024 [Page 1] Internet-Draft Cryptographic MIME Header Protection September 2023 Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 16 March 2024. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 6 1.1. Two Schemes of Header Protection . . . . . . . . . . . . 7 1.2. Problems with Wrapped Messages . . . . . . . . . . . . . 7 1.3. Problems with Injected Headers . . . . . . . . . . . . . 8 1.4. Motivation . . . . . . . . . . . . . . . . . . . . . . . 8 1.4.1. Backward Compatibility . . . . . . . . . . . . . . . 8 1.4.2. Deliverability . . . . . . . . . . . . . . . . . . . 9 1.5. Other Protocols to Protect E-Mail Header Fields . . . . . 9 1.6. Applicability to PGP/MIME . . . . . . . . . . . . . . . . 10 1.7. Requirements Language . . . . . . . . . . . . . . . . . . 10 1.8. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.9. Document Scope . . . . . . . . . . . . . . . . . . . . . 12 1.9.1. In Scope . . . . . . . . . . . . . . . . . . . . . . 12 1.9.2. Out of Scope . . . . . . . . . . . . . . . . . . . . 12 2. Specification . . . . . . . . . . . . . . . . . . . . . . . . 13 Gillmor, et al. Expires 16 March 2024 [Page 2] Internet-Draft Cryptographic MIME Header Protection September 2023 2.1. Injected Headers Scheme . . . . . . . . . . . . . . . . . 13 2.2. Wrapped Message Scheme . . . . . . . . . . . . . . . . . 13 2.3. Sending Side . . . . . . . . . . . . . . . . . . . . . . 14 2.3.1. Composing a Cryptographically-Protected Message Without Header Protection . . . . . . . . . . . . . . . . . . 14 2.3.2. Header Confidentiality Policy . . . . . . . . . . . . 15 2.3.3. Definition of HP-Removed and HP-Obscured header fields . . . . . . . . . . . . . . . . . . . . . . . 16 2.3.4. Composing with "Injected Headers" Header Protection . . . . . . . . . . . . . . . . . . . . . 17 2.3.5. Composing with "Wrapped Message" Header Protection . 22 2.3.6. Choosing Between Wrapped Message and Injected Headers . . . . . . . . . . . . . . . . . . . . . . . 24 2.4. Default Header Confidentiality Policy . . . . . . . . . . 24 2.4.1. Minimal Header Confidentiality Policy . . . . . . . . 24 2.4.2. Strong Header Confidentiality Policy . . . . . . . . 24 2.4.3. Null Header Confidentiality Policy . . . . . . . . . 25 2.4.4. Offering Stronger Header Confidentiality . . . . . . 25 2.5. Receiving Side . . . . . . . . . . . . . . . . . . . . . 26 2.5.1. Identifying that a Message has Header Protection . . 26 2.5.2. Updating the Cryptographic Summary . . . . . . . . . 27 2.5.3. Rendering a Message with Injected Headers . . . . . . 28 2.5.4. Rendering a Wrapped Message . . . . . . . . . . . . . 31 2.5.5. Guidance for Automated Message Handling . . . . . . . 32 2.5.6. Affordances for Debugging and Troubleshooting . . . . 34 2.5.7. Rendering Other Schemes . . . . . . . . . . . . . . . 34 2.5.8. Composing a Reply to an Encrypted Message with Header Protection . . . . . . . . . . . . . . . . . . . . . 34 2.5.9. Implicitly-rendered Header Fields . . . . . . . . . . 36 2.5.10. Unprotected Header Fields Added in Transit . . . . . 36 3. E-mail Ecosystem Evolution . . . . . . . . . . . . . . . . . 38 3.1. Dropping Legacy Display Elements . . . . . . . . . . . . 38 3.2. Stronger Default Header Confidentiality Policy . . . . . 39 3.3. Deprecation of Messages Without Header Protection . . . . 40 4. Usability Considerations . . . . . . . . . . . . . . . . . . 40 4.1. Mixed Protections Within a Message Are Hard To Understand . . . . . . . . . . . . . . . . . . . . . . . 40 4.2. Users Should Not Have To Choose a Header Confidentiality Policy . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.3. Users Should Not Have To Choose a Header Protection Scheme . . . . . . . . . . . . . . . . . . . . . . . . . 42 5. Security Considerations . . . . . . . . . . . . . . . . . . . 42 5.1. Caution about Composing with Legacy Display Elements . . 43 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 44 6.1. Encrypted Header Fields Are Not Always Private . . . . . 44 6.2. Header Fields Can Leak Unwanted Information to the Recipient . . . . . . . . . . . . . . . . . . . . . . . . 44 Gillmor, et al. Expires 16 March 2024 [Page 3] Internet-Draft Cryptographic MIME Header Protection September 2023 6.2.1. Encrypted Header Fields Can Be Inferred From External Metadata . . . . . . . . . . . . . . . . . . . . . . 45 6.2.2. HCP May Not Mask All Data in an Encrypted Header Field . . . . . . . . . . . . . . . . . . . . . . . . 45 6.2.3. A Naive Recipient May Overestimate the Cryptographic Status of a Header Field in an Encrypted Message . . 46 6.2.4. Summary and Implementation Guidance . . . . . . . . . 47 6.3. Privacy and Deliverability Risks with Bcc and Encrypted Messages . . . . . . . . . . . . . . . . . . . . . . . . 47 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 48 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 49 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 49 9.1. Normative References . . . . . . . . . . . . . . . . . . 49 9.2. Informative References . . . . . . . . . . . . . . . . . 50 Appendix A. Possible Problems with some Legacy Clients . . . . . 52 A.1. Problems Reviewing signed-and-encrypted Messages in List View . . . . . . . . . . . . . . . . . . . . . . . . . . 52 A.2. Problems when Rendering a signed-and-encrypted Message . 52 A.3. Problems when Replying to a signed-and-encrypted Message . . . . . . . . . . . . . . . . . . . . . . . . . 53 A.4. Problems Reviewing signed-only Messages in List View . . 54 A.5. Problems when Rendering a signed-only Message . . . . . . 54 A.6. Problems when Replying to a signed-only Message . . . . . 55 Appendix B. Test Vectors . . . . . . . . . . . . . . . . . . . . 55 B.1. Baseline Messages . . . . . . . . . . . . . . . . . . . . 56 B.1.1. No Cryptographic Protections Over a Simple Message . 56 B.1.2. S/MIME Signed-only signedData Over a Simple Message, No Header Protection . . . . . . . . . . . . . . . . . . 56 B.1.3. S/MIME Signed-only multipart/signed Over a Simple Message, No Header Protection . . . . . . . . . . . . 58 B.1.4. S/MIME Encrypted and Signed Over a Simple Message, No Header Protection . . . . . . . . . . . . . . . . . . 60 B.1.5. No Cryptographic Protections Over a Complex Message . . . . . . . . . . . . . . . . . . . . . . . 63 B.1.6. S/MIME Signed-only signedData Over a Complex Message, No Header Protection . . . . . . . . . . . . . . . . 65 B.1.7. S/MIME Signed-only multipart/signed Over a Complex Message, No Header Protection . . . . . . . . . . . . 67 B.1.8. S/MIME Encrypted and Signed Over a Complex Message, No Header Protection . . . . . . . . . . . . . . . . . . 70 B.2. Signed-only Messages . . . . . . . . . . . . . . . . . . 73 B.2.1. S/MIME Signed-only signedData Over a Simple Message, Wrapped Message . . . . . . . . . . . . . . . . . . . 73 B.2.2. S/MIME Signed-only multipart/signed Over a Simple Message, Wrapped Message . . . . . . . . . . . . . . 75 B.2.3. S/MIME Signed-only signedData Over a Simple Message, Injected Headers . . . . . . . . . . . . . . . . . . 78 Gillmor, et al. Expires 16 March 2024 [Page 4] Internet-Draft Cryptographic MIME Header Protection September 2023 B.2.4. S/MIME Signed-only multipart/signed Over a Simple Message, Injected Headers . . . . . . . . . . . . . . 80 B.2.5. S/MIME Signed-only signedData Over a Complex Message, Wrapped Message . . . . . . . . . . . . . . . . . . . 82 B.2.6. S/MIME Signed-only multipart/signed Over a Complex Message, Wrapped Message . . . . . . . . . . . . . . 84 B.2.7. S/MIME Signed-only signedData Over a Complex Message, Injected Headers . . . . . . . . . . . . . . . . . . 88 B.2.8. S/MIME Signed-only multipart/signed Over a Complex Message, Injected Headers . . . . . . . . . . . . . . 90 B.3. Encrypted-and-signed Messages . . . . . . . . . . . . . . 93 B.3.1. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_minimal . . . . . . . . . . 93 B.3.2. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal . . . . . . . . . . 96 B.3.3. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display) 99 B.3.4. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_strong . . . . . . . . . . . 102 B.3.5. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong . . . . . . . . . . 106 B.3.6. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display) . 109 B.3.7. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_minimal . . . . . . 112 B.3.8. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal . . . . . 115 B.3.9. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . 118 B.3.10. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_strong . . . . . . 121 B.3.11. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong . . . . . . 125 B.3.12. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . 128 B.3.13. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_minimal . . . . . . . . . . 131 B.3.14. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal . . . . . . . . . . 135 B.3.15. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display) 139 B.3.16. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_strong . . . . . . . . . . . 143 B.3.17. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong . . . . . . . . . . 147 Gillmor, et al. Expires 16 March 2024 [Page 5] Internet-Draft Cryptographic MIME Header Protection September 2023 B.3.18. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display) . 150 B.3.19. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_minimal . . . . . . 154 B.3.20. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal . . . . . 159 B.3.21. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . 163 B.3.22. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_strong . . . . . . 167 B.3.23. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong . . . . . . 171 B.3.24. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . 175 Appendix C. Composition Examples . . . . . . . . . . . . . . . . 179 C.1. New message composition . . . . . . . . . . . . . . . . . 179 C.1.1. Unprotected message . . . . . . . . . . . . . . . . . 180 C.1.2. Encrypted with hcp_minimal and Legacy Display . . . . 180 C.2. Composing a Reply . . . . . . . . . . . . . . . . . . . . 182 C.2.1. Unprotected message . . . . . . . . . . . . . . . . . 183 C.2.2. Encrypted with hcp_null and Legacy Display . . . . . 184 Appendix D. Rendering Examples . . . . . . . . . . . . . . . . . 186 D.1. Example text/plain Cryptographic Payload with Legacy Display Elements . . . . . . . . . . . . . . . . . . . . 187 D.2. Example text/html Cryptographic Payload with Legacy Display Elements . . . . . . . . . . . . . . . . . . . . . . . . 187 Appendix E. Document Changelog . . . . . . . . . . . . . . . . . 188 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 192 1. Introduction Privacy and security issues regarding e-mail Header Protection in S/ MIME and PGP/MIME have been identified for some time. Most current implementations of cryptographically-protected electronic mail protect only the body of the message, which leaves significant room for attacks against otherwise-protected messages. For example, lack of header protection allows an attacker to substitute the message subject and/or author. This document describes two different schemes for how message headers can be cryptographically protected, and provides guidance for implementers of MUAs that generate and interpret such messages. It uses the term "legacy MUA" to refer to a MUA that does not implement either scheme. This document takes particular care to ensure that messages interact reasonably well with legacy MUAs. Gillmor, et al. Expires 16 March 2024 [Page 6] Internet-Draft Cryptographic MIME Header Protection September 2023 1.1. Two Schemes of Header Protection This document addresses two different schemes for cryptographically protecting e-mail header sections or fields and provides guidance to implementers. One scheme ("Injected Headers") is more interoperable with legacy clients, and is mandatory to implement and interpret. The other, older scheme ("Wrapped Message") is described here to enable interpretation of archived messages. The older scheme was first specified in S/MIME 3.1 and later, and involves wrapping a message/rfc822 or message/global MIME object with a Cryptographic Envelope around the message to protect. This document calls this scheme "Wrapped Message", and it is documented in more detail in [RFC8551]. Experience has shown that this form does not interact well with some legacy MUAs (see Section 1.2). The more interoperable scheme of header protection is introduced in this document. In this scheme, the protected header fields are placed directly on the Cryptographic Payload, without using an intervening message/* MIME object. This document calls this scheme "Injected Headers", and it is documented in more detail in this document, in Section 2.3.4 and Section 2.5.3. 1.2. Problems with Wrapped Messages Several legacy MUAs have revealed rendering issues when dealing with a message that uses the Wrapped Message header protection scheme. In some cases, some mail user agents cannot render message/rfc822 message subparts at all, in violation of baseline MIME requirements as described on page 5 of [RFC2049]. This leaves all wrapped messages unreadable by any recipient using such a MUA. In other cases, the user sees an attachment suggesting a forwarded e-mail message, which -- in fact -- contains the protected e-mail message that should be rendered directly. In most of these cases, the user can click on the attachment to view the protected message. However, viewing the protected message as an attachment in isolation may strip it of any security indications, leaving the user unable to assess the cryptographic properties of the message. Worse, for encrypted messages, interacting with the protected message in isolation may leak contents of the cleartext, for example, if the reply is not also encrypted. Gillmor, et al. Expires 16 March 2024 [Page 7] Internet-Draft Cryptographic MIME Header Protection September 2023 1.3. Problems with Injected Headers A legacy MUA dealing with an encrypted message that has some header fields obscured using the Injected Headers scheme will not render the obscured header fields to the user at all. A workaround "legacy display" mechanism is provided in this document, which most legacy MUAs should render to the user, albeit not in the same location that the header fields would normally be rendered. 1.4. Motivation Users generally do not understand the distinction between message body and message header. When an e-mail message has cryptographic protections that cover the message body, but not the header fields, several attacks become possible. For example, a legacy signed message has a signature that covers the body but not the header fields. An attacker can therefore modify the header fields (including the Subject header) without invalidating the signature. Since most readers consider a message body in the context of the message's Subject header, the meaning of the message itself could change drastically (under the attacker's control) while still retaining the same cryptographic indicator of authenticity. In another example, a legacy encrypted message has its body effectively hidden from an adversary that snoops on the message. But if the header fields are not also encrypted, significant information about the message (such as the message Subject) will leak to the inspecting adversary. However, if the sending and receiving MUAs ensure that cryptographic protections cover the message headers as well as the message body, these attacks are defeated. 1.4.1. Backward Compatibility If the sending MUA is unwilling to generate such a fully-protected message due to the potential for rendering, usability, deliverability, or security issues, these defenses cannot be realized. The sender cannot know what MUA (or MUAs) the recipient will use to handle the message. Thus, an outbound message format that is backward-compatible with as many legacy implementations as possible is a more effective vehicle for providing the whole-message cryptographic protections described above. Gillmor, et al. Expires 16 March 2024 [Page 8] Internet-Draft Cryptographic MIME Header Protection September 2023 This document aims for backward compatibility with legacy clients to the extent possible. In some cases, like when a user-visible header like the Subject is cryptographically hidden, the message cannot behave entirely identically to a legacy client. But accommodations are described here that ensure a rough semantic equivalence for legacy clients even in these cases. 1.4.2. Deliverability A message with perfect cryptographic protections that cannot be delivered is less useful than a message with imperfect cryptographic protections that can be delivered. Senders want their messages to reach the intended recipients. Given the current state of the Internet mail ecosystem, encrypted messages in particular cannot shield all of their header fields from visibility and still be guaranteed delivery to their intended recipient. This document accounts for this concern by providing a mechanism (Section 2.3.2) that prioritizes initial deliverability (at the cost of some header leakage) while facilitating future message variants that shield more header metadata from casual inspection. 1.5. Other Protocols to Protect E-Mail Header Fields A separate pair of protocols also provides some cryptographic protection for the e-mail message header integrity: DomainKeys Identified Mail (DKIM) [RFC6376], as used in combination with Domain- based Message Authentication, Reporting, and Conformance (DMARC) [RFC7489]. This pair of protocols provides a domain-based reputation mechanism that can be used to mitigate some forms of unsolicited e-mail (spam). However, the DKIM+DMARC suite provides cryptographic protection at a different scope than the mechanisms described here. In particular, the message integrity and authentication signals provided by DKIM+DMARC correspond to the domain name of the sending e-mail address, not the sending address itself, so the DKIM+DMARC suite does not provide end-to-end protection. DKIM and DMARC are typically applied to messages by (and interpreted by) mail transfer agents, not mail user agents. The mechanisms in this document are typically applied to messages by (and interpreted by) mail user agents. Furthermore, the DKIM+DMARC suite only provides cryptographic integrity and authentication, not encryption. So cryptographic confidentiality is not available from that suite. Gillmor, et al. Expires 16 March 2024 [Page 9] Internet-Draft Cryptographic MIME Header Protection September 2023 The DKIM+DMARC suite can be used on any message, including messages formed as described in this document. There should be no conflict between these schemes. Though not strictly e-mail, similar protections have been in use on Usenet for signing and verification of message headers for years. See ([PGPCONTROL] and [PGPVERIFY-FORMAT] for more details. Like DKIM, these Usenet control protections offer only integrity and authentication, not encryption. 1.6. Applicability to PGP/MIME This document describes end-to-end cryptographic protections for e-mail messages in reference to S/MIME ([RFC8551]). Comparable end-to-end cryptographic protections can also be provided by PGP/MIME ([RFC3156]). The mechanisms in this document should be applicable in the PGP/MIME protections as well as S/MIME protections, but analysis and implementation in this document focuses on S/MIME. To the extent that any divergence from the mechanism described here is necessary for PGP/MIME, that divergence is out of scope for this document. 1.7. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.8. Terms The following terms are defined for the scope of this document: * S/MIME: Secure/Multipurpose Internet Mail Extensions (see [RFC8551]) * PGP/MIME: MIME Security with OpenPGP (see [RFC3156]) * Message: An E-Mail Message consisting of Header Fields (collectively called "the Header Section of the message") followed, optionally, by a Body; see [RFC5322]. Gillmor, et al. Expires 16 March 2024 [Page 10] Internet-Draft Cryptographic MIME Header Protection September 2023 Note: To avoid ambiguity, this document avoids using the terms "Header" or "Headers" in isolation, but instead always uses "Header Field" to refer to the individual field and "Header Section" to refer to the entire collection. * Header Field: A Header Field is a line beginning with a field name, followed by a colon (":"), followed by a field body (value), and terminated by CRLF; see [RFC5322]. * Header Section: The Header Section is a sequence of lines of characters with special syntax as defined in [RFC5322]. The Header Section of a Message contains the Header Fields associated with the Message itself. The Header Section of a MIME part (that is, a subpart of a message) typically contains Header Fields associated with that particular MIME part. * Body: The Body is the part of a Message that follows the Header Section and is separated from the Header Section by an empty line (i.e., a line with nothing preceding the CRLF); see [RFC5322]. It is the (bottom) section of Message containing the payload of a Message. Typically, the Body consists of a (possibly multipart) MIME [RFC2045] construct. * Header Protection (HP): cryptographic protection of e-mail Header Sections (or parts of it) for signatures and/or encryption * Cryptographic Layer, Cryptographic Payload, Cryptographic Envelope, Cryptographic Summary, Structural Headers, Main Body Part, User-Facing Headers, and MUA are all used as defined in [I-D.ietf-lamps-e2e-mail-guidance] * Legacy MUA: a MUA that does not understand header protection as described in this document. A Legacy Non-Crypto MUA is incapable of doing any end-to-end cryptographic operations. A Legacy Crypto MUA is capable of doing cryptographic operations, but does not understand or generate messages with header protection. * Wrapped Message: The header protection scheme that uses the mechanism described in [RFC8551], where the Cryptographic Payload is a message/rfc822 or message/global MIME object. (see Section 2.2). * Injected Headers: The header protection scheme that uses the mechanism described in this document (see Section 2.1), where the protected header fields are inserted on the Cryptographic Payload directly. Gillmor, et al. Expires 16 March 2024 [Page 11] Internet-Draft Cryptographic MIME Header Protection September 2023 * Header Confidentiality Policy: a functional specification of which header fields should be obscured when composing an encrypted message with header protection. See Section 2.3.2. 1.9. Document Scope This document describes sensible, simple behavior for a program that generates an e-mail message with standard end-to-end cryptographic protections, following the guidance in [I-D.ietf-lamps-e2e-mail-guidance]. An implementation conformant to this draft will produce messages that have cryptographic protection that covers the message's headers as well as its body. 1.9.1. In Scope This document also describes sensible, simple behavior for a program that interprets such a message, in a way that can take advantage of these protections covering the header fields as well as the body. The message generation guidance aims to minimize negative interactions with any legacy receiving client while providing actionable cryptographic properties for modern receiving clients. In particular, this document focuses on two standard types of cryptographic protection that cover the entire message: * A cleartext message with a single signature, and * An encrypted message that contains a single cryptographic signature. 1.9.2. Out of Scope The message composition guidance in this document (in Section 2.3.4) aims to provide minimal disruption for any legacy client that receives such a message. However, a legacy client by definition does not implement any of the guidance here. Therefore, the document does not attempt to provide guidance for legacy clients directly. Furthermore, this document does not explicitly contemplate other variants of cryptographic message protections, including any of these: * Encrypted-only message (without a cryptographic signature) * Triple-wrapped message * Signed message with multiple signatures Gillmor, et al. Expires 16 March 2024 [Page 12] Internet-Draft Cryptographic MIME Header Protection September 2023 * Encrypted message with a cryptographic signature outside the encryption. All such messages are out of scope of this document. 2. Specification As mentioned in Section 1.1, this document describes two ways to provide end-to-end cryptographic protection for an e-mail message that includes all header fields known to the sender at message composition time. A receiving MUA MUST be able to handle both header protection schemes, as described in Section 2.5. A sending MUA MUST be able to generate the Injected Headers scheme (Section 2.3.4), and MAY generate the Wrapped Message scheme (Section 2.3.5). 2.1. Injected Headers Scheme A message that uses the Injected Headers scheme has protected header fields in the header section of the Cryptographic Payload. For an encrypted message that has at least one user-visible header field omitted or obscured outside of the Cryptographic Payload, those header fields MAY also be duplicated into decorative copies in the Main Body MIME part of the Cryptographic Payload itself. These decorative copies within the message are known as "legacy display elements". Such a legacy display element can be useful for a legacy receiving MUA that doesn't yet understand how to interpret or display a cryptographically-protected confidential header. See Section 3.1 for more details about how the ecosystem could shift so that a sending MUA could avoid the need to generate any legacy display element. Composing a message with the Injected Headers scheme is described in Section 2.3.4. Rendering such a message is described in Section 2.5.3. 2.2. Wrapped Message Scheme A message that uses the Wrapped Message scheme has a Cryptographic Payload of a single message/rfc822 (or message/global) MIME object, which itself contains the original message (including the protected header section). Gillmor, et al. Expires 16 March 2024 [Page 13] Internet-Draft Cryptographic MIME Header Protection September 2023 Composing a message with the Wrapped Message scheme is described in Section 2.3.5. Rendering such a message is described in Section 2.5.4. 2.3. Sending Side This section describes the process an MUA should use to apply cryptographic protection to an e-mail message with header protection. We start by describing the legacy message composition process as a baseline. 2.3.1. Composing a Cryptographically-Protected Message Without Header Protection Section 5.1 of [I-D.ietf-lamps-e2e-mail-guidance] describes the typical process for a legacy crypto MUA to apply cryptographic protections to an e-mail message. That guidance and terminology is replicated here for reference: * origbody: the traditional unprotected message body as a well- formed MIME tree (possibly just a single MIME leaf part). As a well-formed MIME tree, origbody already has structural headers (Content-*) present. * origheaders: the intended non-structural headers for the message, represented here as a list of (h,v) pairs, where h is a header field name and v is the associated value. Note that these are header fields that the MUA intends to be visible to the recipient of the message. In particular, if the MUA uses the Bcc header during composition, but plans to omit it from the message (see section 3.6.3 of [RFC5322]), it will not be in origheaders. * crypto: The series of cryptographic protections to apply (for example, "sign with the secret key corresponding to X.509 certificate X, then encrypt to X.509 certificates X and Y"). This is a routine that accepts a MIME tree as input (the Cryptographic Payload), wraps the input in the appropriate Cryptographic Envelope, and returns the resultant MIME tree as output. The algorithm returns a MIME object that is ready to be injected into the mail system: * Apply crypto to origbody, yielding MIME tree output * For each header name and value (h,v) in origheaders: - Add header h of output with value v Gillmor, et al. Expires 16 March 2024 [Page 14] Internet-Draft Cryptographic MIME Header Protection September 2023 * Return output 2.3.2. Header Confidentiality Policy When composing an encrypted message with header protection, the composing MUA needs a Header Confidentiality Policy (HCP). In this document, we represent that Header Confidentiality Policy as a function hcp: * hcp(name, val_in) → val_out: this function takes a non-structural header field identified by name with initial value val_in as arguments, and returns a replacement header value val_out. If val_out is the special value null, it mean that the header field in question should be omitted from the set of header fields visible outside the Cryptographic Envelope. Note that hcp is only applied to non-structural header fields. When composing a message, structural header fields are dealt with separately, as described in Section 2.3.4 and Section 2.3.5. As an example, an MUA that obscures the Subject header field by replacing it with the literal string "[...]", hides all Cc'ed recipients, and does not offer confidentiality to any other header fields would be represented as (in pseudocode): hcp_example(name, val_in) → val_out: if name is 'Subject': return '[...]' else if name is 'Cc': return null else: return val_in Note that such a policy is only needed when the end-to-end protections include encryption (confidentiality). No comparable policy is needed for other end-to-end cryptographic protections (integrity and authenticity), as they are simply uniformly applied so that all header fields known by the sender have these protections. This asymmetry is an unfortunate consequence of complexities in message delivery systems, some of which may reject, drop, or delay messages where all header fields are removed from the top-level MIME object. This document does not mandate any particular Header Confidentiality Policy, though it offers guidance for MUA implementers in selecting one in Section 2.4. Future documents may recommend or mandate such a policy for an MUA with specific needs. Such a recommendation might Gillmor, et al. Expires 16 March 2024 [Page 15] Internet-Draft Cryptographic MIME Header Protection September 2023 be motivated by descriptions of metadata-derived attacks, or stem from research about message deliverability, or describe new signalling mechanisms, but these topics are out of scope for this document. 2.3.3. Definition of HP-Removed and HP-Obscured header fields This document defines 2 new header fields used for conveying the effect of sender's Header Confidentiality Policy: HP-Removed and HP- Obscured. These header fields enable the MUA receiving an encrypted message to reliably identify whether the sending MUA intended to make a header field confidential (see Section 6.2.3). An implementation that composes encrypted e-mail and hides any of the header fields as described in this document (for example, due to a non-null HCP) MUST include the appropriate HP-Removed or HP-Obscured headers in the Cryptographic Payload. These two MIME header fields should only ever appear directly within the header section of the Cryptographic Payload of a Cryptographic Envelope offering confidentiality. They MUST be ignored if they appear in other places. HP-Removed includes a comma separated list of header field names that were omitted from the outer header when the message with header protection was generated. The HP-Removed header field can appear at most once in the header section of a Cryptographic Payload. Each instance of HP-Obscured contains a header field name and the value that this header field was modified to in the outer header. The HP-Obscured header field can appear multiple times in the header section of a Cryptographic Payload. If a header field name A doesn't appear in an HP-Obscured header field value, then the header field A was either removed (and thus would appear in the HP-Removed header field) or it was copied without any modifications to the outer header. Syntax of these new header fields is defined using the following ABNF [RFC5234]: Gillmor, et al. Expires 16 March 2024 [Page 16] Internet-Draft Cryptographic MIME Header Protection September 2023 hp-removed = "HP-Removed:" field-name-list CRLF field-name-list = [FWS] field-name *([FWS] "," [FWS] field-name) [FWS] hp-obscured = "HP-Obscured:" [FWS] field-name ": " field-value CRLF field-value = unstructured 2.3.4. Composing with "Injected Headers" Header Protection The "Injected Headers" header protection scheme places the header fields to be protected directly on the Cryptographic Payload. Unlike in the "Wrapped Scheme" (see compose-wrapped-message), there is no wrapping of the message body in any additional message/* MIME part. This section describes how to generate such a message. To compose a message using "Injected Headers" header protection, the composing MUA needs one additional input in addition to the Header Confidentiality Policy hcp defined in Section 2.3.2. * legacy: a boolean value, indicating whether any recipient of the message is believed to have a legacy client. If all recipients are known to implement this draft, legacy should be set to false. (How a MUA determines the value of legacy is out of scope for this document; an initial implementation can simply set it to true) Enabling visibility of obscured header fields for decryption-capable legacy clients requires transforming a header list into a readable form and including it as a decorative "Legacy Display" element in specially-marked parts of the message. This document recommends two different mechanisms for such a decorative adjustment: one for a text/html Main Body part of the e-mail message, and one for a text/ plain Main Body part. This document does not recommend adding a Legacy Display element to any other part. Please see Section 7.1 of [I-D.ietf-lamps-e2e-mail-guidance] for guidance on identifying the parts of a message that are a Main Body Part. To build such a message, we replace the algorithm described in Section 2.3.1 with a more sophisticated approach. The the algorithm for applying "Injected Headers" cryptographic protection to a message is as follows: * if crypto contains encryption, and legacy is true: Gillmor, et al. Expires 16 March 2024 [Page 17] Internet-Draft Cryptographic MIME Header Protection September 2023 - Create ldlist, an empty list of (header, value) pairs - For each header field name and value (h,v) in origheaders: o If h is user-facing (see Section 1.1.2 of [I-D.ietf-lamps-e2e-mail-guidance]): + If hcp(h,v) is not v: * Append (h,v) to ldlist - If ldlist is not empty: o Identify each leaf MIME part of origbody that represents the "main body" of the message. o For each "Main Body Part" bodypart of type text/plain or text/html: + Insert Legacy Display element header list ldlist into the content of bodypart (see Section 2.3.4.1 for text/plain and Section 2.3.4.2 for text/html) + Add Content-Type parameter hp-legacy-display with value 1 to bodypart * For each header field name and value (h,v) in origheaders: - Add header field h to MIME part origbody with value v * Set the protected-headers parameter on the Content-Type of origbody to v1 * If crypto contains encryption: - Create new empty list of header field names and values newh - Let hpr be an empty comma-separated list of header field names - For header field name and value (h,v) in origheaders: o Let newval be hcp(h,v) o If newval is null: + Add the value h to hpr o Else (if newval is not null): Gillmor, et al. Expires 16 March 2024 [Page 18] Internet-Draft Cryptographic MIME Header Protection September 2023 + Add (h,newval) to newh + If newval is not v: * Let string record be the concatenation of h, a literal ":" (colon followed by space), and newval * Add header field "HP-Obscured" to MIME part origbody with value record - If hpr is not empty: o Add header field "HP-Removed" to MIME part origbody with value hpr - Set origheaders to newh * Apply crypto to origbody, producing MIME tree output * For each header field name and value (h,v) in origheaders: - Add header field h to output with value v * Return output Note that both new parameters (hcp and legacy) are effectively ignored if crypto does not contain encryption. This is by design, because they are irrelevant for signed-only cryptographic protections. 2.3.4.1. Adding a Legacy Display Element to a text/plain Part For a list of obscured header fields represented as (header, value) pairs, concatenate them as a set of lines, with one newline at the end of each pair. Add an additional trailing newline after the resultant text, and prepend the entire list to the body of the text/ plain part. For example, if the list of obscured header fields was [("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")], then a text/plain part that originally contained: I think we should skip the meeting. Would become: Gillmor, et al. Expires 16 March 2024 [Page 19] Internet-Draft Cryptographic MIME Header Protection September 2023 Subject: Thursday's meeting Cc: alice@example.net I think we should skip the meeting. 2.3.4.2. Adding a Legacy Display Element to a text/html Part Adding a Legacy Display Element to a text/html part is similar to how it is added to a text/plain part (see Section 2.3.4.1). Instead of adding the obscured header fields to a block of text delimited by a blank line, the composing MUA injects them in an HTML
element annotated with a class attribute of header-protection-legacy-display. The content and formatting of this decorative
have no strict requirements, but they SHOULD represent all the obscured header fields in a readable fashion. A simple approach is to assemble the text in the same way as Section 2.3.4.1, wrap it in a verbatim
   element, and put that element in the annotated 
. The annotated
should be placed as close to the start of the as possible, where it will be visible when viewed with a standard HTML renderer. For example, if the list of obscured header fields was [("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")], then a text/html part that originally contained:

I think we should skip the meeting.

Would become:
Subject: Thursday's meeting
   Cc: alice@example.net

I think we should skip the meeting.

Gillmor, et al. Expires 16 March 2024 [Page 20] Internet-Draft Cryptographic MIME Header Protection September 2023 2.3.4.2.1. Step-by-step Example for Inserting Legacy Display Element to text/html A composing MUA MAY insert the Legacy Display Element anywhere reasonable within the message as long as it prioritizes visibility for the reader using a legacy decryption-capable MUA. This decision may take into account special message-specific HTML formatting expectations if the MUA is aware of them. However, some MUAs may not have any special insight into the user's preferred HTML formatting, and still want to insert a legacy display element. This section offers a non-normative, simple, and minimal step-by-step approach for a composing MUA that has no other information or preferences to fall back on. The process below assumes that the MUA already has the full HTML object that it intends to send, including all of the text supplied by the user. * Assemble the text exactly as specified for text/plain (see Section 2.3.4.1). * Wrap that text in a verbatim
 element.

   *  Wrap that 
 element in a 
element annotated with the class header-protection-legacy-display. * Find the element of the full HTML object. * Insert the
element as the first child of the element. 2.3.4.3. Only Add a Legacy Display Element to Main Body Parts Some messages may contain a text/plain or text/html subpart that is _not_ a main body part. For example, an e-mail message might contain an attached text file or a downloaded webpage. Attached documents need to be preserved as intended in the transmission, without modification. The composing MUA MUST NOT add a Legacy Display element to any part of the message that is not a main body part. In particular, if a part is annotated with Content-Disposition: attachment, or if it does not descend via the first child of any of its multipart/mixed or multipart/related ancestors, it is not a main body part, and MUST NOT be modified. See Section 7.1 of [I-D.ietf-lamps-e2e-mail-guidance] for more guidance about common ways to distinguish main body parts from other MIME parts in a message. Gillmor, et al. Expires 16 March 2024 [Page 21] Internet-Draft Cryptographic MIME Header Protection September 2023 2.3.4.4. Do Not Add a Legacy Display Element to Other Content-Types The purpose of injecting a Legacy Display element into each Main Body MIME part is to enable rendering of otherwise obscured header fields in legacy clients that are capable of message decryption, but don't know how to follow the rest of the guidance in this document. The authors are unaware of any legacy client that would render any MIME part type other than text/plain and text/html as the Main Body. A generating MUA SHOULD NOT add a Legacy Display element to any MIME part with any other Content-Type. 2.3.5. Composing with "Wrapped Message" Header Protection The Wrapped Message header protection scheme is briefly documented in Section 3.1 [RFC8551]. This section provides a more detailed explanation of how to build such a message, and augments it with the protected-headers parameter with the value wrapped. It also recommends marking such a wrapped message as Content-Disposition: inline to encourage legacy MUAs to render the inner message directly rather than treating it as an attachment. To compose a message using "Wrapped Message" header protection, we use those inputs described in Section 2.3.1 plus the Header Confidentiality Policy hcp defined in Section 2.3.2. The new algorithm is: * For header field name and value (h,v) in origheaders: - Add header field h to origbody with value v * If crypto contains encryption: - Create new empty list of header field names and values newh - Let hpr be an empty comma-separated list of header field names - For header field name and value (h,v) in origheaders: o Let newval be hcp(h,v) o If newval is null: + Add the value h to hpr o Else (if newval is not null): + Append (h,newval) to newh Gillmor, et al. Expires 16 March 2024 [Page 22] Internet-Draft Cryptographic MIME Header Protection September 2023 + If newval is not v: * Let string record be the concatenation of h, a literal ":" (colon followed by a space), and newval * Add header field HP-Obscured to origbody with value record - If hpr is not empty: o Add header field "HP-Removed" to MIME part origbody with value hpr * If any of the header fields in origbody, including header fields in the nested internal MIME structure, contain any 8-bit UTF-8 characters (see section section 3.7 of [RFC6532]): - Let payload be a new MIME part with one header field: Content- Type: message/global; protected-headers=wrapped, and whose body is origbody. * Else: - Let payload be a new MIME part with one header field: Content- Type: message/rfc822; protected-headers=wrapped, and whose body is origbody. * Add a Content-Disposition header field to payload with value inline * Apply crypto to payload, yielding MIME tree output * If crypto contains encryption: - Set origheaders to newh * For header field name and value (h,v) in origheaders: - Add header field h to output with value v * Return output Note that the Header Confidentiality Policy hcp is ignored if crypto does not contain encryption. This is by design. Gillmor, et al. Expires 16 March 2024 [Page 23] Internet-Draft Cryptographic MIME Header Protection September 2023 2.3.6. Choosing Between Wrapped Message and Injected Headers When composing a message with end-to-end cryptographic protections, an MUA SHOULD protect the header fields of that message as well as the body, using one of the formats described here. A compatible MUA MUST be capable of generating a message with header protection using the Injected Headers Section 2.3.4 format. 2.4. Default Header Confidentiality Policy An MUA SHOULD have a sensible default Header Confidentiality Policy, and SHOULD NOT require the user to select one. At the time this document was written, a good choice for default HCP is the conservative approach described by hcp_minimal (Section 2.4.1). Any default Header Confidentiality Policy SHOULD provide confidentiality for the Subject header field by replacing it with the literal string "[...]". Most users treat the Subject of a message the same way that they treat the body, and they are surprised to find that the Subject of an encrypted message is visible. 2.4.1. Minimal Header Confidentiality Policy The most conservative recommended Header Confidentiality Policy only protects the Subject header field: hcp_minimal(name, val_in) → val_out: if name is 'Subject': return '[...]' else: return val_in hcp_minimal is the recommended default HCP for a new implementation, as it provides meaningful confidentiality protections, and is unlikely to cause deliverability or usability problems. 2.4.2. Strong Header Confidentiality Policy Alternately, a more aggressive (and therefore more privacy- preserving) Header Confidentiality Policy only leaks a handful of fields whose absence is known to increase rates of delivery failure, and simultaneously obscures the Message-ID behind a random new one: Gillmor, et al. Expires 16 March 2024 [Page 24] Internet-Draft Cryptographic MIME Header Protection September 2023 hcp_strong(name, val_in) → val_out: if name in ['From', 'To', 'Cc', 'Date']: return val_in else if name is 'Subject': return '[...]' else if name is 'Message-ID': return generate_new_message_id() else: return null The function generate_new_message_id() represents whatever process the MUA typically uses to generate a Message-ID for a new outbound message. hcp_strong is known to cause usability problems with message threading for many legacy MUAs, and is not recommended as a default HCP for new implementations. 2.4.3. Null Header Confidentiality Policy Legacy MUAs can be conceptualized as offering a null Header Confidentiality Policy, which offers no confidentiality protection to any header field: hcp_null(name, val_in) → val_out: return val_in A MUA offering header protection SHOULD NOT use hcp_null by default. 2.4.4. Offering Stronger Header Confidentiality A MUA MAY offer even stronger confidentiality for header fields of an encrypted message than described in Section 2.4.2. For example, it might implement an HCP that obfuscates the From field, or omits the Cc field, or ensures Date is represented in UTC (obscuring the local timezone). The authors of this document hope that implementers with deployment experience will document their chosen Header Confidentiality Policy and the rationale behind their choice. Gillmor, et al. Expires 16 March 2024 [Page 25] Internet-Draft Cryptographic MIME Header Protection September 2023 This document defines hcp_null, hcp_minimal, hcp_example, and hcp_strong as a way to compare and contrast different possible behavioral choices for a composing MUA. Since the HCP is not strictly a protocol element, there is currently no explicit registry of named Header Confidentiality Policies. However, the first Internet Draft that attempts to define another HCP as a possible recommendation for the public should ask IANA to establish such a registry to avoid potential future namespace confusion. 2.5. Receiving Side An MUA that receives a cryptographically-protected e-mail will render it for the user. The receiving MUA will render the message body, a selected subset of header fields, and (as described in Section 3 of [I-D.ietf-lamps-e2e-mail-guidance]) provide a summary of the cryptographic properties of the message. Most MUAs only render a subset of header fields by default. For example, few MUAs typically render Message-Id or Received header fields for the user, but most do render From, To, Cc, Date, and Subject. A MUA that knows how to handle a message with header protection makes the following two changes to its behavior when rendering a message: * If it detects that an incoming message had protected header fields, it renders header fields for the message from the protected header fields, ignoring the external (unprotected) header fields. * It includes information in the message's cryptographic summary to indicate the types of protection that applied to each rendered header field (if any). A MUA that handles a message with header protection does _not_ need to render any new header fields that it did not render before. 2.5.1. Identifying that a Message has Header Protection An incoming message can be identified as having header protection based on one of two signals: * The Cryptographic Payload has Content-Type: message/rfc822 or Content-Type: message/global and the parameter protected-headers has a value of wrapped. See Section 2.5.4 for rendering guidance. Gillmor, et al. Expires 16 March 2024 [Page 26] Internet-Draft Cryptographic MIME Header Protection September 2023 * The Cryptographic Payload has some other Content-Type and it has parameter protected-headers set to v1. See Section 2.5.3 for rendering guidance. Messages of both types exist in the wild, and a compliant MUA MUST be able to handle them both. They provide the same semantics and the same meaning. 2.5.2. Updating the Cryptographic Summary Regardless of whether a cryptographically-protected message has protected header fields, the cryptographic summary of the message should be modified to indicate what protections the header fields have. This field-by-field status is complex and isn't necessarily intended to be presented in full to the user. Rather, it represents the state of the message internally within the MUA, and may be used to influence behavior like replying to the message (see Section 2.5.8.1). Each header field individually has exactly one the following protections: * unprotected (this is the case for all header fields in messages that have no header protection) * signed-only (bound into the same validated signature as the enclosing message, but also visible in transit) * encrypted-only (only appears within the Cryptographic Payload; the corresponding external header field was either omitted or obfuscated) * signed-and-encrypted (same as encrypted-only, but additionally is under a validated signature) Note that while the message itself may be signed-and-encrypted, some header fields may be replicated on the outside of the message (e.g. Date). Those header fields would be signed-only, despite the message itself being signed-and-encrypted. Additionally, the data from some encrypted or signed-and-encrypted header fields may not be fully private (see Section 6.1 for more details). Rendering the cryptographic status of each header field is likely to be complex and messy --- users may not understand it. It is beyond the scope of this document to suggest any specific graphical affordances or user experience. Future work should include examples of successful rendering of this information. Gillmor, et al. Expires 16 March 2024 [Page 27] Internet-Draft Cryptographic MIME Header Protection September 2023 2.5.3. Rendering a Message with Injected Headers When the Cryptographic Payload does not have a Content-Type of message/rfc822 or message/global, and the parameter protected-headers is set to v1, the values of the protected header fields are drawn from the header fields of the Cryptographic Payload, and the body that is rendered is the Cryptographic Payload itself. 2.5.3.1. Example Signed-only Message with Injected Headers A └─╴application/pkcs7-mime; smime-type="signed-data" ⇩ (unwraps to) B └┬╴multipart/alternative [Cryptographic Payload + Rendered Body] C ├─╴text/plain D └─╴text/html The message body should be rendered the same way as this message: B └┬╴multipart/alternative C ├─╴text/plain D └─╴text/html It should render header fields taken from part B. Its cryptographic summary should indicate that the message was signed and all rendered header fields were included in the signature. The MUA should ignore header fields from part A for the purposes of rendering. Because this message is signed-only, none of its parts will have a Legacy Display Element. 2.5.3.2. Example Signed-and-Encrypted Message with Injected Headers Consider a message with this structure, where the MUA is able to validate the cryptographic signature: E └─╴application/pkcs7-mime; smime-type="enveloped-data" ↧ (decrypts to) F └─╴application/pkcs7-mime; smime-type="signed-data" ⇩ (unwraps to) G └┬╴multipart/alternative [Cryptographic Payload + Rendered Body] H ├─╴text/plain I └─╴text/html The message body should be rendered the same way as this message: Gillmor, et al. Expires 16 March 2024 [Page 28] Internet-Draft Cryptographic MIME Header Protection September 2023 G └┬╴multipart/alternative H ├─╴text/plain I └─╴text/html It should render header fields taken from part G. Its cryptographic summary should indicate that the message was signed and encrypted. Each rendered header field found in G should be considered against any HP-Removed header field found in G and all HP- Obscured header fields found in G. If the field's name is found in the list of header field names in HP-Removed, or if one of the HP- Obscured fields refers to the field name, then the header field should be marked as signed-and-encrypted. Otherwise, the header field should be marked as signed-only. If any of the user-facing headers are removed or obscured, the composer of this message MAY place Legacy Display Elements in parts H and I. The MUA should ignore header fields from part E for the purposes of rendering. 2.5.3.3. Do Not Render Legacy Display Elements As described in Section 2.1, a message with cryptographic confidentiality protection MAY include "Legacy Display" elements for backward-compatibility with legacy MUAs. These Legacy Display elements are strictly decorative, unambiguously identifiable, and will be discarded by compliant implementations. The receiving MUA SHOULD avoid rendering the identified Legacy Display elements to the user at all, since it is aware of header protection and can render the actual protected header fields. If a text/html or text/plain part within the Cryptographic Envelope is identified as containing Legacy Display elements, those elements SHOULD be hidden when rendering and SHOULD be dropped when generating a draft reply or inline forwarded message. Whenever a Message or MIME subtree is exported, downloaded or otherwise further processed, implementers should consider whether or not to drop the Legacy Display elements. 2.5.3.3.1. Identifying a Part with Legacy Display Elements A receiving MUA acting on a message that contains an encrypting Cryptographic Layer identifies a MIME subpart within the Cryptographic Payload as containing Legacy Display elements based on the Content-Type of the subpart. Gillmor, et al. Expires 16 March 2024 [Page 29] Internet-Draft Cryptographic MIME Header Protection September 2023 * The subpart's Content-Type contains a parameter hp-legacy-display with value set to 1 * The subpart's Content-Type is either text/html (see Section 2.5.3.3.3) or text/plain (see Section 2.5.3.3.2) Note that the term "subpart" above is used in the general sense: if the Cryptographic Payload is a single part, that part itself may contain a Legacy Display element if it is marked with the hp-legacy- display=1 parameter. 2.5.3.3.2. Omitting Legacy Display Elements from text/plain If a text/plain part within the Cryptographic Payload has the Content-Type parameter hp-legacy-display="1", it should be processed before rendering in the following fashion: * Discard the leading lines of the body of the part up to and including the first entirely blank line. Note that implementing this strategy is dependent on the charset used by the MIME part. See Appendix D.1 for an example. 2.5.3.3.3. Omitting Legacy Display Elements from text/html If a text/html part within the Cryptographic Payload has the Content- Type parameter hp-legacy-display="1", it should be processed before rendering in the following fashion: * If any element of the HTML is a
with class attribute header-protection-legacy-display, that entire element should be omitted. This cleanup could be done, for example, as a custom rule in the MUA's HTML sanitizer, if one exists. Another implementation strategy for an HTML-capable MUA would b to add an entry to the [CSS] stylesheet for such a part: body div.header-protection-legacy-display { display: none; } Gillmor, et al. Expires 16 March 2024 [Page 30] Internet-Draft Cryptographic MIME Header Protection September 2023 2.5.4. Rendering a Wrapped Message Some MUAs may compose and send a message with end-to-end cryptographic protections that offer header protection using the Wrapped Message scheme described in Section 3.1 of [RFC8551]. This section describes how a receiving MUA should identify and render such a message. When the Cryptographic Payload has Content-Type of message/rfc822 or message/global, and the parameter protected-headers is set to wrapped, the values of the protected header fields are drawn from the header fields of the Cryptographic Payload, and the body that is rendered is the body of the Cryptographic Payload. 2.5.4.1. Example Signed-Only Wrapped Message Consider a message with this structure, where the MUA is able to validate the cryptographic signature: J └─╴application/pkcs7-mime; smime-type="signed-data" ⇩ (unwraps to) K └┬╴message/rfc822 [Cryptographic Payload] L └┬╴multipart/alternative [Rendered Body] M ├─╴text/plain N └─╴text/html The message body should be rendered the same way as this message: L └┬╴multipart/alternative M ├─╴text/plain N └─╴text/html It should render header fields taken from part K. Its cryptographic summary should indicate that the message was signed and all rendered header fields were included in the signature. The MUA SHOULD ignore header fields from part J for the purposes of rendering. 2.5.4.2. Example Signed-and-Encrypted Wrapped Message Consider a message with this structure, where the MUA is able to validate the cryptographic signature: Gillmor, et al. Expires 16 March 2024 [Page 31] Internet-Draft Cryptographic MIME Header Protection September 2023 O └─╴application/pkcs7-mime; smime-type="enveloped-data" ↧ (decrypts to) P └─╴application/pkcs7-mime; smime-type="signed-data" ⇩ (unwraps to) Q └┬╴message/rfc822 [Cryptographic Payload] R └┬╴multipart/alternative [Rendered Body] S ├─╴text/plain T └─╴text/html The message body should be rendered the same way as this message: R └┬╴multipart/alternative S ├─╴text/plain T └─╴text/html It should render header fields taken from part Q. Its cryptographic summary should indicate that the message was signed and encrypted. As in Section 2.5.3.2, each rendered header field found in Q should be considered against any HP-Removed header field found in Q and all HP-Obscured header fields found in Q. If the field's name is found in the list of header field names in HP- Removed, or if one of the HP-Obscured fields refers to the field name, then the header field should be marked as signed-and-encrypted. Otherwise, the header field should be marked as signed-only. 2.5.5. Guidance for Automated Message Handling Some automated systems have a control channel that is operated by e-mail. For example, an incoming e-mail message could subscribe someone to a mailing list, initiate the purchase of a specific product, approve another message for redistribution, or adjust the state of some shared object. To the extent that such a system depends on end-to-end cryptographic guarantees about the e-mail control message, header protection as described in this document should improve the system's security. This section provides some specific guidance for systems that use e-mail messages as a control channel that want to benefit from these security improvements. 2.5.5.1. Interpret Only Protected Header Fields Consider the situation where an e-mail-based control channel depends on the message's cryptographic signature and the action taken depends on some header field of the message. Gillmor, et al. Expires 16 March 2024 [Page 32] Internet-Draft Cryptographic MIME Header Protection September 2023 In this case, the automated system MUST rely on information from the header field that is protected by the mechanism described in this document. It MUST NOT rely on any header field found outside the Cryptographic Payload. For example, consider an administrative interface for a mailing list manager that only accepts control messages that are signed by one of its administrators. When an inbound message for the list arrives, it is queued (waiting for administrative approval) and the system generates and listens for two distinct e-mail addresses related to the queued message -- one that approves the message, and one that rejects it. If an administrator sends a signed control message to the approval address, the mailing list verifies that the protected To: header field of the signed control message contains the approval address before approving the queued message for redistribution. If the protected To: header field does not contain that address, or there is no protected To: header field, then the mailing list logs or reports the error, and does not act on that control message. 2.5.5.2. Ignore Legacy Display Elements Consider the situation where an e-mail based control channel expects to receive an end-to-end encrypted message -- for example, where the control messages need confidentiality guarantees -- and where the action taken depends on the contents of some MIME part within message body. In this case, the automated system that decrypts the incoming messages and scans the relevant MIME part SHOULD identify when the MIME part contains a legacy display element (see Section 2.5.3.3.1), and it SHOULD parse the relevant MIME part with the legacy display element removed. For example, consider an administrative interface of a confidential issue tracking software. An authorized user can confidentially adjust the status of a tracked issue by a specially-formatted first line of the message body (for example, severity #183 serious). When the user's MUA encrypts a plain text control message to this issue tracker, depending on the MUA's HCP and its choice of legacy value, it may add a legacy display element. If it does so, then the first line of the message body will contain a decorative copy of the confidential Subject: header field. The issue tracking software decrypts the incoming control message, identifies that there is a legacy display element in the part (see Section 2.5.3.3.1), strips the legacy display lines (including the first blank line), and only then parses the remaining top line to look for the expected special formatting. Gillmor, et al. Expires 16 March 2024 [Page 33] Internet-Draft Cryptographic MIME Header Protection September 2023 2.5.6. Affordances for Debugging and Troubleshooting Note that advanced users of an MUA may need access to the original message, for example to troubleshoot problems with the rendering MUA itself, or problems with the SMTP transport path taken by the message. A MUA that applies these rendering guidelines SHOULD ensure that the full original source of the message as it was received remains available to such a user for debugging and troubleshooting. If a troubleshooting scenario demands information about the cryptographically-protected values of headers, and the message is encrypted, the debugging interface SHOULD also provide a "source" view of the Cryptographic Payload itself, alongside the full original source of the message as received. 2.5.7. Rendering Other Schemes Other MUAs may have generated different structures of messages that aim to offer end-to-end cryptographic protections that include header protection. While this document is not normative for those schemes, it offers guidance for how to identify and handle these other formats. In the following a list of systems that are known to generate e-mail messages with end-to-end cryptographic protections that include header protection using a different MIME scheme. 2.5.7.1. Pretty Easy Privacy (pEp) The pEp (pretty Easy privacy) [I-D.pep-general] project specifies MIME schemes for Signed-and-Encrypted e-mail messages that also provide header protection [I-D.pep-email]. Similar to the "Wrapped Messages" scheme described in Section 2.3.5 and Section 2.5.4, pEp e-mail messages are fully encapsulated in the Cryptographic Payload. More information can be found in [I-D.pep-email]. 2.5.8. Composing a Reply to an Encrypted Message with Header Protection When composing a reply to an encrypted message with header protection, the MUA is acting both as a receiving MUA and as a sending MUA. Special guidance applies here, as things can go wrong in at least two ways: leaking previously-confidential information, and replying to the wrong party. Gillmor, et al. Expires 16 March 2024 [Page 34] Internet-Draft Cryptographic MIME Header Protection September 2023 2.5.8.1. Avoid Leaking Encrypted Header Fields in Reply As noted in Section 5.4 of [I-D.ietf-lamps-e2e-mail-guidance], an MUA in this position MUST NOT leak previously-encrypted content in the clear in a follow-up message. The same is true for protected header fields. Values from any header field that was identified as either encrypted- only or signed-and-encrypted based on the steps outlined above MUST NOT be placed in cleartext output when generating a message. In particular, if Subject was encrypted, and it is copied into the draft encrypted reply, the replying MUA MUST obfuscate the unprotected (cleartext) Subject header field as described above. When crafting the headers for a reply message, the composing MUA can make use of the HP-Removed and HP-Obscured headers from within the Cryptographic Envelope of the reference message to ensure that headers derived from the reference message do not leak in the reply. Consider a header field in a reply message that is generated by derivation from a header field in the reference message. For example, the To header field is typically derived from the reference message's Reply-To or From header fields. When generating the outer copy of the header field, the composing MUA first applies its own header confidentiality policy. If the header field's value is changed by the HCP, then it is applied to the outside header and noted in the protected header section using HP-Removed or HP-Obscured as appropriate, as described in Section 2.3.3. Otherwise, if the header field's value is unchanged, the composing MUA re-generates the header field using the source header fields from the values within the Cryptographic Payload of the reference message, as modified by the HP-Obscured or HP-Removed headers. If that value is itself different than the protected value, then it is applied to the outside header and noted in the protected header section using HP-Obscured. If the value is the same as the protected value, then it is simply copied to the outside header directly. See Appendix C.2 for a simple worked example of this process. 2.5.8.2. Avoid Misdirected Replies to Encrypted Messages with Header Protection When replying to a message, the Composing MUA typically decides who to send the reply to based on: * the Reply-To, Mail-Followup-To, or From header fields Gillmor, et al. Expires 16 March 2024 [Page 35] Internet-Draft Cryptographic MIME Header Protection September 2023 * optionally, the other To or Cc header fields (if the user chose to "reply all") When a message has header protection, the replying MUA MUST populate the destination fields of the draft message using the protected header fields, and ignore any unprotected header fields. This mitigates against an attack where Mallory gets a copy of an encrypted message from Alice to Bob, and then replays the message to Bob with an additional Cc to Mallory's own e-mail address in the message's outer (unprotected) header section. If Bob knows Mallory's certificate already, and he replies to such a message without following the guidance in this section, it's likely that his MUA will encrypt the cleartext of the message directly to Mallory. 2.5.9. Implicitly-rendered Header Fields While From and To and Cc and Subject and Date are often explicitly rendered to the user, some header fields do affect message display, without being explicitly rendered. For example, Message-Id, References, and In-Reply-To header fields may collectively be used to place a message in a "thread" or series of messages. In another example, Section 2.5.8.2 observes that the value of the Reply-To field can influence the draft reply message. So while the user may never see the Reply-To header field directly, it is implicitly "rendered" when the user interacts with the message by replying to it. An MUA that depends on any implicitly-rendered header field in a message with header protection SHOULD use the value from the protected header field, and SHOULD NOT use any value found outside the cryptographic protection. 2.5.10. Unprotected Header Fields Added in Transit Some header fields are legitimately added in transit, and could not have been known to the sender at message composition time. The most common of these header fields are Received and DKIM- Signature, neither of which are typically rendered, either explicitly or implicitly. Gillmor, et al. Expires 16 March 2024 [Page 36] Internet-Draft Cryptographic MIME Header Protection September 2023 If a receiving MUA has specific knowledge about a given header field, including that: * the header field would not have been known to the original sender, and * the header field might be rendered explicitly or implicitly, then the MUA MAY decide to operate on the value of that header field from the unprotected header section, even though the message has header protection. The MUA MAY prefer to verify that the header fields in question have additional transit-derived cryptographic protections before rendering or acting on them. For example, the MUA could verify whether these header fields are covered by an appropriate and valid ARC- Authentication-Results (see [RFC8617]) or DKIM-Signature (see [RFC6376]) header field. Specific examples of user-meaningful header fields commonly added by transport agents appear below. 2.5.10.1. Mailing list header fields: List-* and Archived-At If the message arrives through a mailing list, the list manager itself may inject header fields (most of which start with List-) in the message: * List-Archive * List-Subscribe * List-Unsubscribe * List-Id * List-Help * List-Post * Archived-At For some MUAs, these header fields are implicitly rendered, by providing buttons for actions like "Subscribe", "View Archived Version", "Reply List", "List Info", etc. Gillmor, et al. Expires 16 March 2024 [Page 37] Internet-Draft Cryptographic MIME Header Protection September 2023 An MUA that receives a message with header protection that contains these header fields in the unprotected section, and that has reason to believe the message is coming through a mailing list MAY decide to render them to the user (explicitly or implicitly) even though they are not protected. 3. E-mail Ecosystem Evolution This document is intended to offer tooling needed to improve the state of the e-mail ecosystem in a way that can be deployed without significant disruption. Some elements of this specification are present for transitional purposes, but would not exist if the system were designed from scratch. This section describes these transitional mechanisms, as well as some suggestions for how they might eventually be phased out. 3.1. Dropping Legacy Display Elements Any decorative Legacy Display element added to an encrypted message that uses the Injected Header scheme is present strictly for enabling header field visibility (most importantly, the Subject header field) when the message is viewed with a decryption-capable legacy client. Eventually, the hope is that most decryption-capable MUAs will conform to this specification, and there will be no need for injection of Legacy Display elements in the message body. A survey of widely-used decryption-capable MUAs might be able to establish when most of them do support this specification. At that point, a composing MUA could make the legacy parameter described in {#compose-injected-headers} to false by default, or could even hard-code it to false, yielding a much simpler message construction set. Until that point, an end user might want to signal that their receiving MUAs are conformant to this draft so that a peer composing a message to them can set legacy to false. A signal indicating capability of handling messages with header protection might be placed in the user's cryptographic certificate, or in outbound messages. This draft doesn't attempt to define the syntax or semantics of such a signal. Gillmor, et al. Expires 16 March 2024 [Page 38] Internet-Draft Cryptographic MIME Header Protection September 2023 3.2. Stronger Default Header Confidentiality Policy This draft defines two different forms of Header Confidentiality Policy. A MUA implementing an HCP for the first time SHOULD deploy hcp_minimal as recommended in Section 2.4. This HCP offers the most commonly-expected protection (obscuring the Subject header field) without risking deliverability or rendering issues. The HCPs proposed in this draft are relatively conservative and still leak a significant amount of metadata for encrypted messages. This is largely done to ensure deliverability (see Section 1.4.2) and usability, as messages without some critical header fields are more likely to not reach their intended recipient. In the future, some mail transport systems may accept and deliver messages with even less publicly-visible metadata. Many MTA operators today would ask for additional guarantees about such a message to limit the risks associated with abusive or spammy mail. This specification offers the HCP formalism itself as a way for MUA developers and MTA operators to describe their expectations around message deliverability. MUA developers can propose a stronger default HCP, and ask MTA operators (or simply test) whether their MTAs would be likely to deliver or reject encrypted mail with that HCP applied. Proponents of a stronger HCP should explicitly document the HCP, and name it clearly and unambiguously to facilitate this kind of interoperability discussion. Reaching widespread consensus around a stronger global default HCP is a challenging problem of coordinating many different actors. A piecemeal approach might be more feasible, where some signalling mechanism allows a message recipient, MTA operator, or third-party clearinghouse to announce what kinds of HCPs are likely to be deliverable for a given recipient. In such a situation, the default HCP for a MUA might involve consulting the signalled acceptable HCPs for all recipients, and combining them (along with a default for when no signal is present) in some way. If such a signal were to reach widespread use, it could also be used to guide reasonable statistical default HCP choices for recipients with no signal. This draft doesn't attempt to define the syntax or semantics of such a signal. Gillmor, et al. Expires 16 March 2024 [Page 39] Internet-Draft Cryptographic MIME Header Protection September 2023 3.3. Deprecation of Messages Without Header Protection At some point, when the majority of MUA clients that can generate cryptographically protected messages with header protection, it should be possible to deprecate any cryptographically protected message that does not have header protection. For example, as noted in Section 4.1, it's possible for a MUA to decline to render a signed-only message that has no header protection the same as an unsigned message. And a signed-and-encrypted message without header protection could likewise be marked as not fully protected. These stricter rules could be adopted immediately for all messages. Or a MUA developer could roll them out immediately for any new message, but still treat an old message (based on the Date header field and cryptographic signature timestamp) more leniently. A decision like this by any popular receiving MUA could drive adoption of this standard for sending MUAs. 4. Usability Considerations This section describes concerns for MUAs that are interested in easy adoption of header protection by normal users. While they are not protocol-level artifacts, these concerns motivate the protocol features described in this document. See also the Usability commentary in Section 2 of [I-D.ietf-lamps-e2e-mail-guidance]. 4.1. Mixed Protections Within a Message Are Hard To Understand When rendering a message to the user, the ideal circumstance is to present a single cryptographic status for any given message. However, when message headers are present, some message headers do not have the same cryptographic protections as the main message. Representing such a mixed set of protection statuses is very difficult to do in a way that a normal user can understand without training. There are at least three scenarios that are likely to be common, and poorly understood: * A signed message with no header protection. * A signed-and-encrypted message with no header protection. Gillmor, et al. Expires 16 March 2024 [Page 40] Internet-Draft Cryptographic MIME Header Protection September 2023 * An signed-and-encrypted message with header protection as described in this document, where some user-facing headers have confidentiality but some do not. A MUA should have a reasonable strategy for clearly communicating each of these scenarios to the user. For example, a MUA operating in an environment where it expects most cryptographically-protected messages to have header protection could use the following rendering strategy: * When rendering a message with signed-only cryptographic status but no header protection, an MUA may decline to indicate a positive security status overall, and only indicate the cryptographic status to a user in a message properties or diagnostic view. That is, the message may appear identical to an unsigned message except if a user verifies the properties through a menu option. * When rendering a message with signed-and-encrypted or encrypted- only cryptographic status but no header protection, overlay a warning flag on the typical cryptographic status indicator. That is, if a typical signed-and-encrypted message displays a lock icon, display a lock icon with a warning sign (e.g., an exclamation point in a triangle) overlaid. See, for example, the graphics in [chrome-indicators]. * When rendering a message with signed-and-encrypted or encrypted- only cryptographic status, with header protection, but where the Subject header field has not been removed or obscured, place a warning sign on the on the Subject line. Other simple rendering strategies could also be reasonable. 4.2. Users Should Not Have To Choose a Header Confidentiality Policy This document defines the abstraction of a Header Confidentiality Policy object for the sake of communication between implementers and deployments. Most e-mail users are unlikely to understand the tradeoffs between different policies. In particular, the potential negative side effects (e.g. poor deliverability) may not be easily attributable by a normal user to a particular HCP. Therefore, MUA implementers should be conservative in their choice of default HCP, and should not require the ordinary user to make an incomprehensible choice that could cause unfixable, undiagnosable problems. The safest option is for the MUA developer to select a known, stable HCP (this document recommends hcp_minimal in Gillmor, et al. Expires 16 March 2024 [Page 41] Internet-Draft Cryptographic MIME Header Protection September 2023 Section 2.4) on the user's behalf. A MUA should not not expose the ordinary user to a configuration option where they are expected to manually select (let alone define) an HCP. In the event that a MUA implementer gets user complaints about problems with removed or obscured header fields due to the MUA's defined HCP, the implementer may offer the user an option to drop header confidentiality altogether for freshly composed messages (thereby reverting to hcp_null). But when handling such a scenario for a reply to a message with some header confidentiality policy in place, note the guidance in Section 2.5.8.1 to avoid accidental leakage. 4.3. Users Should Not Have To Choose a Header Protection Scheme This document also describes two different header protection schemes: Wrapped Messages in Section 2.2 and Injected Headers in Section 2.1. These distinct schemes are described for the sake of implementers who may have to deal with messages found in the wild, but their intended semantics are identical. They represent different tradeoffs in terms of rendering and user experience on the recipient's side, things that a given user writing a message is not prepared to select. When composing a message with cryptographic protections, the ordinary user should not be confronted with any choices about which header protection scheme to use. Rather, the MUA developer should use a single scheme for all outboud cryptographically-protected messages. This document recommends the Injected Headers scheme for generating messages with cryptographic protections, as described in Section 2. A MUA should not expose the ordinary user to any configuration option where they are expected to manually select, enable, or disable header protections for new cryptographically-protected messages. 5. Security Considerations This document describes a mechanism for improving the security of cryptographically-protected e-mail messages. Following the guidance in this document should improve security for users of these technologies by more directly aligning the underlying messages with user expectations about confidentiality, authenticity, and integrity. Gillmor, et al. Expires 16 March 2024 [Page 42] Internet-Draft Cryptographic MIME Header Protection September 2023 However, many existing messages with cryptographic protections will not have these protections, and MUAs encountering these messages will need to handle older forms (without header protection) for quite some time. An implementation that deals with legacy message archives will need to deal with all the various formats forever. Helping the user distinguish between cryptographic protections of various messages is a difficult job for message renderers. However, on the message generation side, the situation is much clearer: there is a standard form that a protected message can take, and an implementer can always generate the standard form. Generating the standard form also makes it more likely that any receiving implementation will be able to handle the generated message appropriately. 5.1. Caution about Composing with Legacy Display Elements When composing a message, it's possible for a Legacy Display Element to contain risky data that could trigger errors in a rendering client. For example, if the value for a header field to be included in a Legacy Display Element within a given body part contains folding whitespace, it should be "unfolded" before generating the Legacy Display Element: all contiguous folding whitespace should be replaced with a single space character. Likewise, if the header value was originally encoded with [RFC2047], it should be decoded first to a standard string and re-encoded using the charset appropriate to the target part. When including a Legacy Display Element in a text/plain part (see Section 2.3.4.1), if the decoded Subject header field contains a pair of newlines (e.g., if it is broken across multiple lines by encoded newlines), any newline MUST be stripped from the Legacy Display Element. If the pair of newlines is not stripped, a receiving MUA that follows the guidance in Section 2.5.3.3.2 might leave the later part of the Legacy Display Element in the rendered message. Gillmor, et al. Expires 16 March 2024 [Page 43] Internet-Draft Cryptographic MIME Header Protection September 2023 When including a Legacy Display Element in a text/html part (see Section 2.3.4.2), any material in the header values should be explicitly HTML escaped to avoid being rendered as part of the HTML. At a minimum, the characters <, >, and & should be escaped to <, >, and &, respectively (see for example [HTML-ESCAPES]). If unescaped characters from removed or obscured header values end up in the Legacy Display element, a receiving MUA that follows the guidance in Section 2.5.3.3.3 might fail to identify the boundaries of the Legacy Display Element, cutting out more than it should, or leaving remnants visible. And a legacy client parsing such a message might misrender the entire HTML stream, depending on the content of the removed or obscured header values. The Legacy Display Element is a decorative addition solely to enable visibility of obscured or removed header fields in legacy, decryption-capable MUAs. When it is produced, it should be generated conservatively and narrowly, to avoid damaging the rest of the message. 6. Privacy Considerations 6.1. Encrypted Header Fields Are Not Always Private For encrypted messages, depending on the sender's HCP, some header fields may appear both within the Cryptographic Envelope and on the outside of the message. Section 2.5.2 identifies those messages as signed-only. These header fields are clearly _not_ private at all, despite a copy being inside the Cryptographic Envelope. A header field whose name can be found in the HP-Removed or in any HP-Obscured header field from the same part will have encrypted-only or signed-and-encrypted status. But even header fields with these stronger levels of cryptographic confidentiality protection might not be as private as the user would like. 6.2. Header Fields Can Leak Unwanted Information to the Recipient For encrypted messages, even with a powerful HCP that successfully obscures most header fields from all transport agents, header fields will be ultimately visible to all intended recipients. This can be especially problematic for header fields that are not user-facing, which the sender may not expect to be injected by their MUA. Consider the three following examples: * The MUA may inject a User-Agent header field that describes itself to every recipient, even though the sender may not want the recipient to know the exact version of their OS, hardware platform, or MUA. Gillmor, et al. Expires 16 March 2024 [Page 44] Internet-Draft Cryptographic MIME Header Protection September 2023 * The MUA may have an idiosyncratic way of generating a Message-ID header, which could embed the choice of MUA, a timezone, a hostname, or other subtle information to a knowledgeable recipient. * The MUA may erroneously include a Bcc header field in the origheaders of a copy of a message sent to the named recipient, defeating the purpose of using Bcc instead of Cc (see Section 6.3 for more details about risks related to Bcc). Clearly, no end-to-end cryptographic protection of any header field as described in this document will hide such a sensitive field from the intended recipient. Instead, the composing MUA MUST judiciously populate the origheaders list for any outbound message with only information that the user reasonably intends the recipient to have access to. This is true for messages without any cryptographic protection as well, of course, and it is even worse there: such a leak is exposed to the transport agents as well as the recipient. An encrypted message with header protection and a strong header confidentiality policy avoid these leaks exposing information to the transport agents, but cannot defend against such a leak to the recipient. 6.2.1. Encrypted Header Fields Can Be Inferred From External Metadata For example, if the To: and Cc: header fields are omitted from the unprotected header section, the values in those fields might still be inferred with high probability by an adversary who looks at the message either in transit or at rest. If the message is found in, or being delivered to a mailbox for bob@example.org, it's likely that Bob was in either To: or Cc:. Additionally, an MTA that handles the message may add a Received: header field (or some other custom header field) that leaks some information about the nature of the delivery. 6.2.2. HCP May Not Mask All Data in an Encrypted Header Field In another example, if the HCP modifies the Date: header to mask out high-resolution time stamps (e.g. rounding to the most recent hour) and to convert the local timezone to UTC, some information about the date of delivery will still be attached to the e-mail. At the very least, the low resolution, global version of the date will be present on the message. Additionally, headers like Received that are added during message delivery might include higher-resolution timestamps. And if the message lands in a mailbox that is ordered by time of receipt, even its placement in the mailbox and the non-obscured Date: header fields of the surrounding messages could leak this information. Gillmor, et al. Expires 16 March 2024 [Page 45] Internet-Draft Cryptographic MIME Header Protection September 2023 Some fields like From: may be impossible to fully obscure, as many modern message delivery systems depend on at least domain information in the From: field for determining whether a message is coming from a domain with "good reputation" (that is, from a domain that is not known for leaking spam). So even if an aggressive HCP opts to remove the human-readable part from any From: header field, and to standardize/genericize the local part of the From: address, the domain will still leak. 6.2.3. A Naive Recipient May Overestimate the Cryptographic Status of a Header Field in an Encrypted Message When an encrypted (or signed-and-encrypted) message is in transit, an active intermediary can strip or tamper with any header field that appears outside the Cryptographic Envelope. A receiving MUA that naively infers cryptographic status from differences between the external header fields and those found in the Cryptographic Envelope could be tricked into overestimating the protections afforded to some header fields. For example, if the original sender's HCP passes through the Cc: header field unchanged, a cleanly-delivered message would indicate that the Cc: header field has a cryptographic status of signed. But if an intermediary attacker simply removes the header field from the unprotected header section before forwarding the message, then the naive recipient might believe that the field has a cryptographic status of signed-and-encrypted. This draft offers protection against such an attack by way of the HP- Obscured and HP-Removed header fields that can be found on the Cryptographic Payload. If a header field appears to have been obscured, but no HP-Obscured header matches it; or if the header field appears to have been removed, but the HP-Removed header does not include its field name, the receiving MUA can indicate to the user that the header field in question may not have been confidential. In such a case, a conservative MUA may render the header field in question as signed (because the sender did not hide it), but still treat it as signed-and-encrypted during reply, to avoid accidental leakage of the cleartext value in the reply message, as described in Section 2.5.8.1. Gillmor, et al. Expires 16 March 2024 [Page 46] Internet-Draft Cryptographic MIME Header Protection September 2023 6.2.4. Summary and Implementation Guidance In the abstract sense, the above concerns are of course also true for any encrypted data, including the body of the message: if the sender isn't careful, the message contents or session keys could leak in many different ways that are beyond the scope of this draft. The message recipient has no way in principle to tell whether the apparent confidentiality of any given piece of encrypted content has been broken via channels that they cannot perceive. And an active intermediary aware of the recipient's public key can always encrypt a cleartext message in transit to give the recipient a false sense of security. A receiving MUA should be cautious about how it represents the cryptographic status of encrypted-only and signed-and-encrypted header fields to the user, to avoid overpromising. However, the MUA should _also_ strive to avoid additional leakage of these header fields, as described in Section 2.5.8.1. 6.3. Privacy and Deliverability Risks with Bcc and Encrypted Messages As noted in Section 9.3 of [I-D.ietf-lamps-e2e-mail-guidance], handling Bcc when generating an encrypted e-mail message can be particularly tricky. With header protection, there is an additional wrinkle. When an encrypted e-mail message with header protection has a Bcc'ed recipient, and the composing MUA explicitly includes the Bcc'ed recipient's address in their copy of the message (see the "second method" in Section 3.6.3 of [RFC5322]), that Bcc header field will always be visible to the Bcc'ed recipient. In this scenario, though, the composing MUA has one additional choice: whether to hide the Bcc header field from intervening message transport agents, by returning null when the HCP is invoked for Bcc. If the composing MUA's rationale for including an explicit Bcc in the copy of the message sent to the Bcc recipient is to ensure deliverability via a message transport agent that inspects message headers, then stripping the Bcc field during encryption may cause the intervening transport agent to drop the message entirely. This is why Bcc is not explicitly stripped in hcp_minimal. If, on the other hand, deliverability to a Bcc'ed recipient is not a concern, the most privacy-preserving option is to simply omit the Bcc header field from the protected header section in the first place. A MUA that is capable of receiving and processing such a message can infer that since their user's address was not mentioned in any To or Cc header field, they were likely a Bcc recipient. Gillmor, et al. Expires 16 March 2024 [Page 47] Internet-Draft Cryptographic MIME Header Protection September 2023 Please also see Section 9.3 of [I-D.ietf-lamps-e2e-mail-guidance] for more discussion about Bcc and encrypted messages. 7. IANA Considerations This document requests IANA to register the following two header fields in the "Permanent Message Header Field Names" registry within "Message Headers" in accordance with [RFC3864]. +=============+========+========+========+===========+============+ | Header |Template|Protocol|Status | Reference | Author/ | | Field Name | | | | | Change | | | | | | | Controller | +=============+========+========+========+===========+============+ | HP-Removed | |mail |standard| Section | IETF | | | | | | 2.3.3 of | | | | | | | RFCXXXX | | +-------------+--------+--------+--------+-----------+------------+ | HP-Obscured | |mail |standard| Section | IETF | | | | | | 2.3.3 of | | | | | | | RFCXXXX | | +-------------+--------+--------+--------+-----------+------------+ Table 1: Additions to 'Permanent Message Header Field Names' registry This document also defines the Content-Type parameter known as protected-headers. There does not appear to be an IANA registry for parameters for Content-Type. In the absence of such a registry, the Content-Type row in the "Permanent Message Header Field Names" registry should add a reference to this RFC to its "References" column. That is, the current row: +===================+==========+==========+========+===========+ | Header Field Name | Template | Protocol | Status | Reference | +===================+==========+==========+========+===========+ | Content-Type | | MIME | | [RFC4021] | +-------------------+----------+----------+--------+-----------+ Table 2: Existing row in 'Permanent Message Header Field Names' registry Should be updated to have the following values: Gillmor, et al. Expires 16 March 2024 [Page 48] Internet-Draft Cryptographic MIME Header Protection September 2023 +===================+==========+==========+========+===========+ | Header Field Name | Template | Protocol | Status | Reference | +===================+==========+==========+========+===========+ | Content-Type | | MIME | | [RFC4021] | | | | | | [RFCXXXX] | +-------------------+----------+----------+--------+-----------+ Table 3: Replacement row in 'Permanent Message Header Field Names' registry If a registry of Content-Type parameters is created, the parameter protected-headers should refer to this document. Its possible values are v1 (meaning Injected Headers, see Section 2.1) and wrapped (meaning Wrapped Message, see Section 2.2). 8. Acknowledgments The authors would like to thank the following people who have provided helpful comments and suggestions for this document: Berna Alp, Bernhard E. Reiter, Carl Wallace, Claudio Luck, David Wilson, Hernani Marques, juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Nicolas Lidzborski, Robert Williams, Russ Housley, Sofia Balicka, Steve Kille, Volker Birk, and Wei Chuang. 9. References 9.1. Normative References [I-D.ietf-lamps-e2e-mail-guidance] Gillmor, D. K., Hoeneisen, B., and A. Melnikov, "Guidance on End-to-End E-mail Security", Work in Progress, Internet-Draft, draft-ietf-lamps-e2e-mail-guidance-11, 8 August 2023, . [I-D.ietf-lamps-header-protection-requirements] Melnikov, A. and B. Hoeneisen, "Problem Statement and Requirements for Header Protection", Work in Progress, Internet-Draft, draft-ietf-lamps-header-protection- requirements-01, 29 October 2019, . [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, . Gillmor, et al. Expires 16 March 2024 [Page 49] Internet-Draft Cryptographic MIME Header Protection September 2023 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration Procedures for Message Header Fields", BCP 90, RFC 3864, DOI 10.17487/RFC3864, September 2004, . [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, . [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, October 2008, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, April 2019, . 9.2. Informative References [chrome-indicators] Schechter, E., "Evolving Chrome's security indicators", May 2018, . [CSS] World Wide Web Consortium, "Cascading Style Sheets Level 2 Revision 2 (CSS 2.2) Specification", 12 April 2016, . [HTML-ESCAPES] W3C, "Using character escapes in markup and CSS", n.d., . Gillmor, et al. Expires 16 March 2024 [Page 50] Internet-Draft Cryptographic MIME Header Protection September 2023 [I-D.ietf-lamps-samples] Gillmor, D. K., "S/MIME Example Keys and Certificates", Work in Progress, Internet-Draft, draft-ietf-lamps- samples-08, 2 February 2022, . [I-D.pep-email] Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp): Email Formats and Protocols", Work in Progress, Internet- Draft, draft-pep-email-02, 16 December 2022, . [I-D.pep-general] Birk, V., Marques, H., and B. Hoeneisen, "pretty Easy privacy (pEp): Privacy by Default", Work in Progress, Internet-Draft, draft-pep-general-02, 16 December 2022, . [PGPCONTROL] UUNET Technologies, Inc., "Authentication of Usenet Group Changes", 27 October 2016, . [PGPVERIFY-FORMAT] Lawrence, D. C., "Signing Control Messages, Verifying Control Messages", n.d., . [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, DOI 10.17487/RFC2047, November 1996, . [RFC2049] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples", RFC 2049, DOI 10.17487/RFC2049, November 1996, . [RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler, "MIME Security with OpenPGP", RFC 3156, DOI 10.17487/RFC3156, August 2001, . Gillmor, et al. Expires 16 March 2024 [Page 51] Internet-Draft Cryptographic MIME Header Protection September 2023 [RFC4021] Klyne, G. and J. Palme, "Registration of Mail and MIME Header Fields", RFC 4021, DOI 10.17487/RFC4021, March 2005, . [RFC6376] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, DOI 10.17487/RFC6376, September 2011, . [RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized Email Headers", RFC 6532, DOI 10.17487/RFC6532, February 2012, . [RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015, . [RFC8617] Andersen, K., Long, B., Ed., Blank, S., Ed., and M. Kucherawy, Ed., "The Authenticated Received Chain (ARC) Protocol", RFC 8617, DOI 10.17487/RFC8617, July 2019, . Appendix A. Possible Problems with some Legacy Clients When an e-mail message with end-to-end cryptographic protection is received by a mail user agent, the user might experience many different possible problematic interactions. A message with header protection may introduce new forms of user experience failure. In this section, the authors enumerate different kinds of failures we have observed when reviewing, rendering, and replying to messages with different forms of header protection in different legacy MUAs. Different legacy MUAs demonstrate different subsets of these problems. Hopefully, a non-legacy MUA would not exhibit any of these problems. An implementer updating their legacy MUA to be compliant with this specification should consider these concerns and try to avoid them. A.1. Problems Reviewing signed-and-encrypted Messages in List View * Unprotected Subject, Date, From, To are visible * Threading is not visible A.2. Problems when Rendering a signed-and-encrypted Message Gillmor, et al. Expires 16 March 2024 [Page 52] Internet-Draft Cryptographic MIME Header Protection September 2023 * Unprotected Subject is visible * Protected subject (on its own) is visible in the body * Protected subject, date, from, to visible in the body * User interaction needed to view whole message * User interaction needed to view message body * User interaction needed to view protected subject * Impossible to view protected subject * Nuisance alarms during user interaction * Impossible to view message body * Appears as a forwarded message * Appears as an attachment * Security indicators not visible * User has multiple different methods to Reply: (e.g. reply to outer, reply to inner) * User sees English "Subject:" in body despite message itself being in non-English * Security indicators do not identify protection status of header fields * Header fields in body render with local header field names (e.g. showing "Betreff" instead of "Subject") and dates (TZ, locale) A.3. Problems when Replying to a signed-and-encrypted Message Note that the use case here is: * User views message, to the point where they can read it. * User then replies to message, and they are shown a message composition window, which has some UI elements * If the MUA has multiple different methods to Reply: to a message, each way may need to be evaluated separately Gillmor, et al. Expires 16 March 2024 [Page 53] Internet-Draft Cryptographic MIME Header Protection September 2023 This section also uses the shorthand UI:x to mean "the UI element that the user can edit that they think of as x." * protected subject is in UI:subject (and will leak) * protected subject is quoted in UI:body * protected subject is not anywhere in UI * message body is _not_ visible/quoted in UI:body * user cannot reply while viewing protected message * reply is not encrypted by default (but is for normal S/MIME sign+enc messages) * unprotected From: is in UI:To * User's locale (lang, TZ) leaks in quoted body * Header fields not protected (and in particular, Subject is not obscured) by default A.4. Problems Reviewing signed-only Messages in List View * Unprotected Subject, Date, From, To are visible * Threading is not visible A.5. Problems when Rendering a signed-only Message * Unprotected Subject is visible * Protected subject (on its own) is visible in the body * Protected subject, date, from, to visible in the body * User interaction needed to view whole message * User interaction needed to view message body * User interaction needed to view protected subject * Impossible to view protected subject * Nuisance alarms during user interaction * Impossible to view message body Gillmor, et al. Expires 16 March 2024 [Page 54] Internet-Draft Cryptographic MIME Header Protection September 2023 * Appears as a forwarded message * Appears as an attachment * Security indicators not visible * Security indicators do not identify protection status of header fields * User has multiple different methods to Reply: (e.g. reply to outer, reply to inner) * Header fields in body render with local header fields (e.g. showing "Betreff" instead of "Subject") and dates (TZ, locale) A.6. Problems when Replying to a signed-only Message This uses the same use case(s) and shorthand as Appendix A.3. * Unprotected Subject: is in UI:subject * Protected Subject: is quoted in UI:body * Protected Subject: is not anywhere in UI * Message body is not visible/quoted in UI:body * User cannot reply while viewing protected message * Unprotected From: is in UI:To * User's locale (lang, TZ) leaks in quoted body Appendix B. Test Vectors This section contains sample messages using the different schemes described in this document. Each sample contains a MIME object, a textual and diagrammatic view of its structure, and examples of how an MUA might render it. The cryptographic protections used in this document use the S/MIME standard, and keying material and certificates come from [I-D.ietf-lamps-samples]. These messages should be accessible to any IMAP client at imap://bob@header-protection.cmrg.net/ (any password should authenticate to this read-only IMAP mailbox). Gillmor, et al. Expires 16 March 2024 [Page 55] Internet-Draft Cryptographic MIME Header Protection September 2023 You can also download copies of these test vectors separately at https://header-protection.cmrg.net. If any of the messages downloaded differ from those offered here, this document is the canonical source. B.1. Baseline Messages These messages offer no header protection at all, and can be used as a baseline. They are provided in this document as a counterexample. An MUA implementer can use these messages to verify that the reported cryptographic summary of the message indicates no header protection. B.1.1. No Cryptographic Protections Over a Simple Message This message uses no cryptographic protection at all. Its body is a text/plain message. It has the following structure: └─╴text/plain 152 bytes Its contents are: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Subject: no-crypto Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:00:02 -0500 User-Agent: Sample MUA Version 1.0 This is the no-crypto message. This message uses no cryptographic protection at all. Its body is a text/plain message. -- Alice alice@smime.example B.1.2. S/MIME Signed-only signedData Over a Simple Message, No Header Protection This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses no header protection. Gillmor, et al. Expires 16 March 2024 [Page 56] Internet-Draft Cryptographic MIME Header Protection September 2023 It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 3852 bytes ⇩ (unwraps to) └─╴text/plain 204 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:01:02 -0500 User-Agent: Sample MUA Version 1.0 MIILFwYJKoZIhvcNAQcCoIILCDCCCwQCAQExDTALBglghkgBZQMEAgEwggFABgkq hkiG9w0BBwGgggExBIIBLU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydCBtZXNz YWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2Ugdmlh IFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFp biBtZXNzYWdlLiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0aW9uLg0KDQotLSAN CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgIT Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58 BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4 oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY 1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV Gillmor, et al. Expires 16 March 2024 [Page 57] Internet-Draft Cryptographic MIME Header Protection September 2023 BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr +E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj 0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt 9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5 2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4 DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI hvcNAQkFMQ8XDTIxMDIyMDE1MDEwMlowLwYJKoZIhvcNAQkEMSIEIESMi+9/LUlD fGjj+6U50VNLFxbzvyVJ0wzwnTS114DyMA0GCSqGSIb3DQEBAQUABIIBACJHeayB UllC4GdcgdojTUjoeIy6UIbrSg/aKZgAkCB8Dwq0hdU10qiun6WKI/TxM5izpRvL UsNBGmqknPBMFhvwX6KCrwFk0p0j5Y5DZqX30deiQiGTUv3NiwZGTrKJ3JkyymFO HGbe5Thrq3inRLVfilEuIZewaJsnJhKfnEq9fS09icTJ5olPDAH6mZbW6hpYmU3F KBk2qJNqJX6bo60rCogu3wXDj0wxnqEXmeNDH5/+L9UVZur+EWzviUc8Ldd/kP3L DOO7ivs10bAWe8Tbw7NjuP8ZlVvzcvj3nXWzZzxh2ymDIOvyJA+t0LHQvsN/fbdW fC6Pm51fEkabbmw= B.1.3. S/MIME Signed-only multipart/signed Over a Simple Message, No Header Protection This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses no header protection. It has the following structure: └┬╴multipart/signed 4191 bytes ├─╴text/plain 224 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: Gillmor, et al. Expires 16 March 2024 [Page 58] Internet-Draft Cryptographic MIME Header Protection September 2023 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="052"; micalg="sha-256" Subject: smime-multipart Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:02:02 -0500 User-Agent: Sample MUA Version 1.0 --052 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit This is the smime-multipart message. This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses no header protection. -- Alice alice@smime.example --052 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt Gillmor, et al. Expires 16 March 2024 [Page 59] Internet-Draft Cryptographic MIME Header Protection September 2023 jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa MC8GCSqGSIb3DQEJBDEiBCDAkJYhqVAHhprkzEWP6PweksoYhj5ULTLbcfQ9Tu3C zDANBgkqhkiG9w0BAQEFAASCAQCJe818STb4M4utvQsdcQEH0CZR7I38uL5TSZF3 llKmD9PuCDuV3GIkfdmZISKRuffBle1xaNc2av/0Qogr7OaFF485DAONVAEIQ7ah t94pwgAE4yvXXWKmFQkKid1tnMXbnHADKWU0YC+BQkgd/5J3zg4ESeMwOUm0+b3C GDaUBTIJhHfu9sqlt7jXa7PbzQEfemYZORPI14/uZSs86SLkPvNGUpWb4mN6olC0 2h/U4SCpq8Oy390oNM0VNpoa+nsTu5yOFc34pMIvjwCJyIOYPaDnvw9FYgr2oOp7 cdOgFcSJ8q7I+Tx2yg60VW8tAT7UBkifc37UUuVbnOsqeVB3 --052-- B.1.4. S/MIME Encrypted and Signed Over a Simple Message, No Header Protection This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses no header protection. It has the following structure: Gillmor, et al. Expires 16 March 2024 [Page 60] Internet-Draft Cryptographic MIME Header Protection September 2023 └─╴application/pkcs7-mime [smime.p7m] 6720 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 3960 bytes ⇩ (unwraps to) └─╴text/plain 239 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: smime-enc-signed Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:03:02 -0500 User-Agent: Sample MUA Version 1.0 MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAHmnSO2IdHZqhpStR4KWdgv3WQtCaxYUhXTJ AmWV0NBvy5u7gilyKnpgY7CcJ4T5bA68lWNos4i4D2bsiLDGtMAuEynCKejeKp+r rS6BU+iI3QAruW8v4xxFHmYtOdge1tV1uws7atc8fXnUlgcfpnOD+IvLOdwkrJBs o0AePTxqKmi3pUkSoZ4FVkfXJNkM3KKlXsqf5VFJV21r/AY+3w5V5sFkengnXv6e kAZWUVMZ5GiiLzCk54l2rGO3Wi5oC1cYqkbmnKndm2MvcwEosO48N6XTvW9geENp y9stPxv9pAp9HD4miuwWA2KlUPBVLh7l7XwjDwA08MGsRCzHP64wggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdOnjKorhe+/7PA3sZPAMGBA6 bQlRDw3HF8/5y4ld+ZCHw02YeGKvc4OT1TO4SsY8zdOhNBhJRaQqRkK+5HKOOPqV ADA6a90U36FAyNI0Zn8veG4rHlb/vWHVdxWbOW69Liymia3fBz65o/6E1yX/GAb8 m+KPtKx9cvSFCazv95M4C3Girn8LkAswtmwR+deEp7tYPdjHky7TOkdXpV/z0Ee9 HtjilLeqUD+mvV3CJkIbywsUBRsZ0iLA8B9WoIsvcpYDU1biaxMko0rWlUFh2VSd j6+TjlW90dSZM7xUF1YefRDd9XnF+HcRNbO58ucu8iIMxVJq+LNBEY4N70XmFjCC EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMyuzbDBN6Tv2WSNq2aSZ5WAghAA nq1HKlEGKfDdd9BKbpZgRqgsSUEEBdGSgAC4v0Ugu6eD+ukLBk+TZzGuLHFj1vB3 /Nk6mjv4xakp/x23yGk7zc6bzmHduR27avvu9zZf8fdeNMkwBeuB47WIXEnQKmlt y6I7vVEJJE4CEVF0VDIFH7B2wpo5pogs0N3vJt/Gr2vAO2NjRosgGuHTRDXybQlY KZKOCw2G0+vB1CYCP9YeM5gG7vQNirjQdVPJ0K+4NOEHy8JZHQZvu7dR2P02/QiS 5p8wcYPSRLsWRdaPaBDnfkDTWaaQYUcm909iydoYUI5Xg33LzjGh0UMDg0vouQ/1 Aqj7zwHXfHJVKJ38lSQC8fL88/TaCkouGMAw/dHCUQYOB5v4JlsSaYBo8ojaPIIk T6PYuFUo01ghi56h21sKNsuhnYSR8c8rZMq3jIKDkmdjOpNpn6kevulBHeNnH1wK WPBiMx4CAapizFjeVmbgnFbjNBdw2kO55bPqXrHMoG5/hHC85JV/IgCF0uvQgOY/ kG2eTl80pJ3dF3/iJnHsn6wB50UDPYAqXt9bpAgtNNd0iCyd5Gd3guQOCAfvpBOO IkMPH2K8xsvqk6cUncEtrbSColrldePnQhiTiwyAmJevan++mvjUuBRPN1grXH4v AeCR28K+htOxC/5SaONcLX6FhppX0MR09j4nlwlWvvXfmm0Bo3eyaYqLAatmId1/ ig17gk0JQBw2zzZHqEm1URQh50r/6DvStMj2ASjGgtsPPhBQKO+CaITceLhuRNyw Gillmor, et al. Expires 16 March 2024 [Page 61] Internet-Draft Cryptographic MIME Header Protection September 2023 cH3tSLeGmhMj0lDT6gmB/d3PFcLjUx8DwCwYsshDY3Z15GrzIq1jgZvmzjBxaCuA VPGA3jWMOwBdJtXhAP7uYCe5qjbTL9L6EqIo8RQl7zrXxP7etwSjbAFbTUKBxxik AZKPAGoTFsO3cVhUBmSzoMupgiUAieTOOS43iP9JeXLFHOnN+cAlo7iJx/gEcL68 1ENpSaWRV00NBtF6vjpNIEh7eN0MCA/fTipRR7Pz+g2oKQLUZPNkVxUTi7PjoSPb bfKpK0xbHqao40mJdNvX6lng73PsQnJGadYu6DnMvVG7oTibcsA3aoh3jreb1vLO mzpATxg4b1QFC0Cjxqd8FKRxQZlync5cO5E3EhYlVXW0pi17wW/a2Ca7S8iT3+Rw bVNd2A01JgS6r+NsvgIXQTjxA6RNzP3K1Iorkuhg6nNbqgJffskHz5uD72AXQc9J OfxGIFAgnIbNr9u+pvj3WVqJLZTHFdDvvXPGza5/D3tnoWb83j8Z9T8pxlTGK3m2 GVFm4CyJxdzDrOcfXznRO3lYkNeTA0lSySF0yhTHAzIOU8lYaUT/2P4y28Fc/79w ofFZSqVz+J2QCoGbZfbWsj8RbrcaPYzPj0cBWtUxPyCni0Mf/4if+GxLv1F8a7DI onHVJg5w+Lo1RKcvPpRIrq/w7wrwFOhEehyQr6a/8WbiAOSMMRsqj3+9atQViPFb QChAtGHq1TMWysVVGod4S3OhkiOsp1s6tOFCJb8QIL2DYlDSbg/wtnNbWA0BXytf tR1bhQRI0ytm7mhN01kfW+dWXOPqzofRG/zvaKIGoufnmqJpbk4RR4r+KHUZ3xDP 2URkSh5Qrf9yZ7wE791QKomGSZygvX1Tp8TzicUWpeTQB0IHXsCg2JBTykU3q3m/ SV1NYl6oP6oClvVAzRNxQgs6TQ8PEgGqPsE323VDCpgAnqsA5zq5zeZjjEK8p+Zy HWjcaWf1top6+l9Tt/5chnAmCk4wS120Lkisu7fOzB9M8UzQC0yVrJ4L1A/MD73Q KE1zP92o87ZfJnnNjpBb4A/EcBTmhVxbjSlC4cT6UR08pv0cfhSqFni9eMhImQmS 0XST/0NkVeqBmC6b72fATGQb09Iv02pyV/2w5W04gCNCvWBN8kmQQLEEhkDaOmZD OYxGkgfbT00RxsC2fa8VnRuc8FyRJwFO9qWn8OTNhnVHbd3DPfsoTHNl5v7dsGDz 0aOnVMmwSmAFfzQStA9qC+OPeBPXBCKNXd1Y7/7ruO0GpUW9hSHKkOc227QtbTAH LdUAW1bBIPA3gNJQDkmGQaefVFJDV8xn9v/lRuVxegh4N8QIK1U9IPz7+wec81S/ 4cXz/JT01u/oGpcSE86jzarGMh/ik3ovckGLvH7q7TdT5BdOYyZZa6PcinfkT1Tj rj/SMsHH3alXNipnSnb+5OdEIQUJksSgQYE1nFgV2M9PBONy3YA07Z2ArF/f0sEf hRKQw9YH9grv0beRA0C5182tvvKrZ5j0q6gttYZ8PacoD9DnaXJjNGKJ01jwNsmV vlPx7G8yOuxx2qUuTBbqr8jHg7XR9/UaYEuvmDslQZpnuDMOrxuRPufI1nWVZVd7 wxWd588fI3XOXmE9ZA2/kq5uq57xpoRLlPh/sVqVysj9ruYTU7uHz629jFeq5mF4 iIpa80hPVJyC4gDtKLqF8Jb8VVKb4kdbTph6+pcRwnqIj6pEZq4G8FvquntzNn0o 8ydpnyZVV/bu+Py7MYq8YtkcEVvIk70b9gBI3UhKEL1PfRj/t/q0XM2C63a+c93j YpMSCnb/wOlpy9Ws5VMCISKsDYQLdKwNjj/aYWiHfgyghXGSY8/KDLl8Yyzfqz2n zaOUaFMS7TMvHSjTe6Cv0zIYvht8P6gQmXVvEOLJ1VWUh+q3ccXnW5EHg4CgIbCI dm5iN3a+OlIejFQSZvFW4kB/RWNsOiyBextmOxxyAmu7xGayLZul/bzBFT5XrQwv sb524bGOYs6zcKA5zjnkQY215aGztAXFuMkI2nRiUsve5ARm/KQhbl2NGthQu++2 r807AnZGdjhGlz4h5XfR/VvmjuMF/LxdgIJG31VC37u/343lgNbIOWybUorzFaeg rVnSDvMrfzMdZ/KRLTBhVUC9KFjlhn4L7FdfpWz3LbcW5Kn+uIU6EsRkbdOwdRPN mEPhgjT/+PD+msMoxtC0kaPtgRgB39I5jnIgPBAO8iKtObHttmZoZeqD5+N2uTyK WB+tC1CctNGGYfCR+YAUMTojhou1FSwiJIBTTE7QmSueuLmrEuCYvxUdEuA7RtTd LO1Abt0S05WURWu0pNDFroYbYPEjX5vEoFbU5jHhzEZF5WQ3cy+/EqMkxk7/47dh ux/J9UXXJTyT4Sh8KNZOPh38lcVliqIO/Ms4Nn859zwafCAKBZxn6ZqFQbBmxZWu D8ejB8KfXUIUp9H6wSPWvxJ2XW8By01UuZFIE6vvZunm55eYvotkhjQFIag6CzOH CaUZfwJ6bEWreih4lWFghnRL1ZhRptnfQhnsKKVUqJW0jiaGZNZC+4jVCOr+36bo W9e6LYfkemtKEMer/nrdgvW9LXo2CaL4BNgReK+T4ZkQbyob/2/ADN3mYe+ETBF8 m7lbfEIx73e87xNY2mWhvNMA1/hZ04lIJQdPySNwi5V9YE2/cS+6UuLfOVIyxiNG DpixiwTJroJ6GeKOtBn/K5eCqxKoF3gKiH98DnH9NV1otBej74998NG6ATN5jpaZ C46LiTJpMZpTx91EyasuT6eDW+lEGa6EWylC7x7zjjjwaNlqD2mMlNpnSm8L1oB3 vvcwP60GoLgyu50+M0C+hYxrNuyCG2aoX6bvzdFrh9DyLl8LEErVdOPj9r/hOMtB PJzmiDqHIYaZv6+uyarrjfRG6dO+kCZDtzuAy/HEU+UXCuv27i99gkEyeMcasQSp DkRjvnVJQlO1fMx/ttIGyyUbTH/jlBmLQ0cc+hrBeGGTYyKM5N6eB5WCukYSkfva 6p7zGiKUER1py0ZmcO4BN3UqPR6P9pJbJ0cNhpCTx7/pKa9OgDpT8+Ma1RxanOLK Gillmor, et al. Expires 16 March 2024 [Page 62] Internet-Draft Cryptographic MIME Header Protection September 2023 mskKwQpnkJf+2ays9Rv0oYtbNfVzJJPrT8iVglD3aFwmCop0Ml/kW5sYFdPpFGsH byzTzq3Fjw0AQ5UOG5Qq8EpsAlAJ3hy/5Vv4OaVizAoJz2fZXnQ9Bw00lud/outL ZbRUEC72vJewbIAS1lzdJ7RLlpSMvB48/cA2dgeXqqfnvnAsMzgOIlaFlVID9H4m /KtMJfKPkagrka91wFwLECu207zihtHmRbkkWlrswqA4SyumWfR5AEGW/sZ8g9LA rugrt/sE6SpyYi5zzYL9/vNT61kQVy7UhUqcasQU+1CLVuaplAk4uvRso88wXYKn SSQXesmy5m6eYOIevOmyUMQzzfwKswT49j/7hrHsECtzpyCOP0/8zBgGH8f/wg1r /sZ/O+sZNu819qUaJhHSFIEx/CQKuHYv5ez6aT3BAtmPn0iWrFVzna3Ogo8XAL68 eDwN69Qm82ikDO2LFkKZrBzn/1dyZs/dT6lQYpsmhxJzoluZzW/sYFeOCX6fWs7n fcrz9yMIDKvj70JrZp5jPRghFKHmqo5xh39TmeTsQFp2B8UlGD9YK6YfgSEaGbyL 3BpUjZN/713jmWYHzGvEQfx7vP3SaZBMZ4GSCoeBT2grQoUDe575H7UDJsmRVJ04 bO7iTWPZ1LdIC+oifedAhGhCoum+tApUYj+3BHz1xIAZJMCGARqgyKcnvjw5WVu3 fDna+4xJdNs0YK1uBkr6N9FBDfmQIuneIsQHAM7lZfucd1FenZhy1zNreqgls9QO NncRNlltqmT2qmERXw8/HwcwNjR8FWrwbCCApsMgAZ0xWaRxpEct5lnGNbBpplEn BrMafVecUlQgwa1jchA5ZiOuaZxizi1Pr9/eoaX93aa2u+6OpsyPqdadxwDeV1Do 4dg2NrDqQMFo3I1IcADeZEcEqPx8PV0tYjEeFZYsE0k3Qmcti+RuRj/rNTaXQ2Xw VkgL1BG8POkxw0pVIKVyevcPtUD5tSlTxfp4qBFlEY/yrGCHy36q2mboBcRyYQry oBnsvoEfrIE8FEz1rOJVM+HN2udrKVJZzEPySflZvbDzxINcqDu09r3UO+L+ymW5 9/ncHCMyoa0KbQ08q9i8VsGchL2FF5Q66g7I8U9u7R7V4Fz8RvLOzs6bB/Oh7+Z9 0dTWreRYp9/82pQ0VSuvkWYiSPwiy37spaE8uALD5MvZOS3CqOwGI+o45uLBP/a6 dgalPv1kThe8/a25+FqiQP6boCsN9wgA+T3v3kRFibzFEtyqX8C6Vu795PpycZ14 /RGFTm2Df/U38DN/mlNhGgM6gMQr1YuSPieFJ+0/ctzGpSaS835d+DkQVvS3zT3/ 5EpybkOZrqf6erhNTVa8Onr3ZNdt9QyNUCmwxpYVvV2exwoVfcIjQgCxwehySLW5 UprvrRNgHo0OBMH+UmSggBfT7/omejxHgAJz5WCl/P+DiQ/dZcBK1OCRh1ZkocLB WVpunKTMuLyqSqNG87nzXAgFCLYQRWeCQNcItSbJ4aed+sJIYxmEm2UzyKAk9eXI dCZ/5fHOtmMDl645r/v9eSjeZd7Ed6MhGladuVlNm9Dl29sIzKcUu3zfZAqBlzFK 1RzPS3IUeM2VEJbK9AowEQ== B.1.5. No Cryptographic Protections Over a Complex Message This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment. It has the following structure: └┬╴multipart/mixed 1406 bytes ├┬╴multipart/alternative 794 bytes │├─╴text/plain 206 bytes │└─╴text/html 304 bytes └─╴image/png inline 232 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="c39" Subject: no-crypto-complex Message-ID: From: Alice To: Bob Gillmor, et al. Expires 16 March 2024 [Page 63] Internet-Draft Cryptographic MIME Header Protection September 2023 Date: Sat, 20 Feb 2021 12:00:02 -0500 User-Agent: Sample MUA Version 1.0 --c39 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="05a" --05a Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit This is the no-crypto-complex message. This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment. -- Alice alice@smime.example --05a Content-Type: text/html; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

This is the no-crypto-complex message.

This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment.

--
Alice
alice@smime.example

--05a-- --c39 Content-Type: image/png Content-Transfer-Encoding: base64 Content-Disposition: inline iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== --c39-- Gillmor, et al. Expires 16 March 2024 [Page 64] Internet-Draft Cryptographic MIME Header Protection September 2023 B.1.6. S/MIME Signed-only signedData Over a Complex Message, No Header Protection This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 5249 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1288 bytes ├┬╴multipart/alternative 882 bytes │├─╴text/plain 258 bytes │└─╴text/html 353 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part-complex Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:01:02 -0500 User-Agent: Sample MUA Version 1.0 MIIPHwYJKoZIhvcNAQcCoIIPEDCCDwwCAQExDTALBglghkgBZQMEAgEwggVIBgkq hkiG9w0BBwGgggU5BIIFNU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjMzZSINCg0KLS0zM2UNCk1JTUUt VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2 ZTsgYm91bmRhcnk9ImUwYiINCg0KLS1lMGINCkNvbnRlbnQtVHlwZTogdGV4dC9w bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWlt ZS1vbmUtcGFydC1jb21wbGV4IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQt b25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUN CnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo IGFuIGlubGluZQ0KaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVh ZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w bGUNCi0tZTBiDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMt YXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNv ZGluZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+ PGJvZHk+DQo8cD5UaGlzIGlzIHRoZSA8Yj5zbWltZS1vbmUtcGFydC1jb21wbGV4 PC9iPiBtZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQg aXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu Gillmor, et al. Expires 16 March 2024 [Page 65] Internet-Draft Cryptographic MIME Header Protection September 2023 ZQ0KaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3Rl Y3Rpb24uPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1l LmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS1lMGItLQ0KDQotLTMz ZQ0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5j b2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlW Qk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNF bEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZ bkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpv MDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91 bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLTMz ZS0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkq hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+Rp wpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPK J2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ 2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3 lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMH bM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpq tQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw 546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG 9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXO SBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2M fbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHN aaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwD R6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459Cyq bqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXnt dX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRr jFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP9 68+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dK vIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCx qqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATK RGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNV HQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfx CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cb bmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVE DMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhs Gillmor, et al. Expires 16 March 2024 [Page 66] Internet-Draft Cryptographic MIME Header Protection September 2023 plrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnu mghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4 rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYx ggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y aXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3 DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDEwMlow LwYJKoZIhvcNAQkEMSIEIMhGVzAx/S4dUwqko0cb+oa+gXfmEqw2Iz+svSKpWzC+ MA0GCSqGSIb3DQEBAQUABIIBAGtNM3MMhWZVJdN1nlfSk3mhNk6E+LFoOqG4aiHz e+HEQjN6bKft5zulMCqh7NKRpRmDcEE9RXDGKGYQ9BKBf6Od/04lolBY/xpPu9G5 XnUTHN3MmqubrTSP3xxU5AozL8i7XmkB68VxKBQ2YpfcXBFGbuvlc6FXkbh2QtRX UgBZEp+GSxG7o0UVJRa97t6wblUdMwaQ1ONrtBsmrO46bThv4cgrlGBvz8tGfHwR 4HbS/Rp+6jNAS0K9fZ0PQxy2b4M4braYg3f1n4q3dDH8N0XiUcwG8FiB9XQo18+D fdkZwTVUoDHWjSVdIREobdPI2wdpnGxS/AB1VuiYpcebi4o= B.1.7. S/MIME Signed-only multipart/signed Over a Complex Message, No Header Protection This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection. It has the following structure: └┬╴multipart/signed 5234 bytes ├┬╴multipart/mixed 1344 bytes │├┬╴multipart/alternative 938 bytes ││├─╴text/plain 278 bytes ││└─╴text/html 376 bytes │└─╴image/png inline 232 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="452"; micalg="sha-256" Subject: smime-multipart-complex Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:02:02 -0500 User-Agent: Sample MUA Version 1.0 --452 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ac5" Gillmor, et al. Expires 16 March 2024 [Page 67] Internet-Draft Cryptographic MIME Header Protection September 2023 --ac5 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="813" --813 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit This is the smime-multipart-complex message. This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection. -- Alice alice@smime.example --813 Content-Type: text/html; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex message.

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

--
Alice
alice@smime.example

--813-- --ac5 Content-Type: image/png Content-Transfer-Encoding: base64 Content-Disposition: inline iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== --ac5-- --452 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" Gillmor, et al. Expires 16 March 2024 [Page 68] Internet-Draft Cryptographic MIME Header Protection September 2023 MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa MC8GCSqGSIb3DQEJBDEiBCBwnBPnNMORN+JxFvMbZIJ5PtqEBkyDbOtU1Ar5RuGl LjANBgkqhkiG9w0BAQEFAASCAQBRpXYXiiCEQ/lshkbhpH566H65wAf9rZbGn+r+ Gillmor, et al. Expires 16 March 2024 [Page 69] Internet-Draft Cryptographic MIME Header Protection September 2023 o8vLTFSs84ER/EAHGhePmVDiObJS+nXIC7Sa5Y+tUe8JitKPXBQ2oDq2+3tN7tY5 G398yv+LnmYMMf91dlnlyPnQujsEfPSLXYNToa0qBqp1DThm/pfn6RbbOqpZjYr9 fdcNdErDql5+CKaf8R/JDW+hiLyvD0KCpXucWLHb1okt1Jpld4kkaA4wu9Idh9fK GlN20s+dBXoytH/G6K8NhOh3Qaf3lMP1R60gkvJVJ3j9jIs3/ZG4qH5qWQJHLvi2 WLSxDhkYmZ+dYSCyfIauNkq7a0wauSpZj82elFA7HdyZmNp0 --452-- B.1.8. S/MIME Encrypted and Signed Over a Complex Message, No Header Protection This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses no header protection. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 8690 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 5426 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1356 bytes ├┬╴multipart/alternative 950 bytes │├─╴text/plain 293 bytes │└─╴text/html 388 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: smime-enc-signed-complex Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:03:02 -0500 User-Agent: Sample MUA Version 1.0 MIIZDAYJKoZIhvcNAQcDoIIY/TCCGPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAB5TXoiCIIIIxehywh5/tdFM72iw946N6OzE mkIj1x+ShPweKrmTgPxaZbNgZpMdyNetqSXTn5HlZwUAxOkE+EPp301kveWwxBAM /Umzr/ODGiYLHWORWh+cPwjo0OIHo8IJzmF9FWMr7CKYhvbSZn3AFuERRfEccwH9 xsbB+X5og5bu0Mn3y8KdX7XOFVbgAgFuqqWpj6mK2AsyWS0zRKnGNd72rELjEzCv RZqBFAecaxdJd2RXKKwLmJg5EL/VmKuyN6TgtmtwvzGCKc5YywdhVrP2IvQTye10 Gillmor, et al. Expires 16 March 2024 [Page 70] Internet-Draft Cryptographic MIME Header Protection September 2023 +paj8dFQb3W9AGOuCdw8r5CoawAZdYMvZ/v0ixYIkQid7fsOE+AwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAFLvnVkTKKAXPN6g5xLlw/7bO 5NQs0DVNxjuCAOXWm9zsyhH8tYGdNVvzktxXkn0JV4g19TEu4MisuhcIhqJyrSsh 4epi0ZxbyM/YTnhHvi4wttaZq07tNVF6eafyuecDKLV8/WF+AGSVWe0xPumEni3w GADvkwmcO2mDZO/ad/u7Jvl4jF//Id/IG/A0y/yBgrWq4pH7BPwp1W/rXbnwlEEm 8an56+5f/m8teqqXaiRMVQgMaKGCmXHyD3Ud21Rqc4jwsN0VCpzabK9DSDPcxwVl H+PPUtza/Ux7yNgJ1gm816e85luOjvpf+HliioHpNKCQ+eh6mH0BqLJKJkketjCC Fd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGaUNdPZs2K03fcnaJXCvfaAghWw qf0kEcGMlxiJegJu4TKQPvtUKje4+xRba0xUUSlTzhXrDk9tk2J8zdmnQglvRW54 r/xH0TLM7ny0unGI3ow8lpyUV7g/LFmW9kiaoTnhNcEe6qqSk09dEH1rEqIpQoQ9 1GjuFwlc7uf9vMzb72TdAEhFIOVwboM5hmLtoADvQeH4AsDKfbPvkrFPPNDB7Rj4 QCh2PilelLH+3+78XvJ0NdcZw5KyVFIAa29vlSYTjPNriFn+rKPzxjk/cQc/zHSH DLZ0CRHvJZKX6z+oIVAq/DYUJfhm4zz4LRSReQfdyChRHDVv4V1dFT2uaqtBPP5C 6c8Ad/SQUfk84wns2/+pKocqa69tVTIok3Y4+1nDcvg8jzkdPD0cednWdYjh0vQz 0qXaJYFlyVuQV8A3IUFV7uX7JCuo6m/PIQIiH23dE7fkGXCPiIwAl9BZj0O2bo10 ZbQgka+Csxk/S/lBiJ5hfdsU6tOk7JZwSNQXHgGrCp7lboSljxOEfiKQVjo+ynyE LmUM0zoZz2eUdsUILQtmFs9r0AvBrW8PcF79IIOQR+X4QEJ6Ztz3zAgj409q0Fmm fCrhJTUMcVZyeqLUTpyLWDBKqV+jm5dA7WR8CL5NqEsmtyQRTabkPv8a0DNpgMl7 fCN3bIs6VdsiQXdhwwH8U8pcdZSINvNb2nNbUrFWlU6ZOxl60DGQKm5KxuUd0Uzi xKe2v0DMl5TyjRekBPhoZC3Mwqf7Ud6vDoBk4Evhlxjv8MAKA5LOghtfvv4xP/eP L5i4V3EnZtRy4hnW060tcDOodWW2PXPYFPxN0z7UEdKk1hjomBGFlWt1QrPzMO5x 0/m4NezYVWJNWkqPmCUyz+bDzQgIdWXGXGAejNBJsssEvS8eHlRs7V27UfOQ9c2k /KqDn/Wf15RfoIiT1RfoU4FjBoiq6IXkerP1Km+SzHHnZozF15M684ulz/PPpo29 pziu9WRjDPsWYmS8RK/XzutHp1r7vDInwCdrManEI811C7z/3/FgwA7RJIJ6GNhn GVD+PUBULWxEIPHQU58y7KwBeXtNX/o9rPul3Nt2HOINyYhhLNgX5AyTpGlONrFJ TzP3rrqvgLSlmq644pBLfJagaxcAJENyoZ7GT9YgWrT6WzVM6t92VpfCo0Wy0SRy uy+l6De9bJWDvwPy+RciW5UyN7YuCWxe/vYcAiL55Lv2ZO0m3zmE101bJ7/ZgwtA k7yABCQqUQPRBc2EnchLv8JdYW1ACX9JIlG/dTmyI1OLNAGb20UGX0d76mGajwT+ a5OF6z+HYxd2KehL1+W7wYrUxfZ1Utk6rACIVD5b+36nE1mqTTnSOw9z9mAZ0+8+ hRcBQ9I0JOB3YMAi4lepbcGGvEAFh9kOSY+9bYy7Lri0HoQEaDZ0aQxf1/12UEAj P83AjqaswVVKBJNvFpqJnJeh6Y/sTr9eAYE2+Y1PGGH9Z8fzbD7+CqL78sbpaMCP 7cgM9UHRjLY8yOIEl3fME/JF1pR3NMG3LQ9dohsgvl8Z11JABy8+Zz81O3g5ZjBy xJXkWAXBdTYx2l0bdaIyoTQnWcN1OPaCatCv4P4P8L0SoCj3DrEb1rK9pCUIJloM pElAoPDJIgYrEPo2d3TunL2qJwAJEy0asaONMvvA3eSdC8kzM+NP5gYHl6gRFvDQ WbU2LRsCKwu4TtHRR92OqKW1r9x4ZgyZH7UvVnIZVGz2buta7ssQ+PLDwIXemtFh 3laYmNYrssJ7lnd3WwXvS5MxWa/OBwPpDS20IRwOOGmAYKWpQzgFJb/gWf4/rSiK KSeC0qIb9UXL31AX7eA++TR9mblzEoIrlBebF+MwX8EzQbYRtbvezL3xhXeu1TsS JUUBS0Z7qF/2AljMgrTjkIQGNuVLhLxexaQJr0GLAwlK2ijOxXK6bGh+JUW12HcT Ms71ef811J1fHrS7mTzqAAreAsUrUs30WBByMwsvRyMMqNuwRJr4Ax1jF/5HBNPI bdx9X6Dz51azBBQb78S2hxLwrGLffbheyYJO6CwMeM1epsV/VvCuKfakVGINs4yg i7DHBQrHXekU6XzCgCRARC288zwDpRSxqubQYGchpewg9ZBK/Syu1FRw/AjQowNS ONatikKD5N8UZAaf/iLznbZG+bXF4esrMpUm8MY1acow7A6IyQBioGEaAh6U05Ww sQz+6KO6RNneu5+PvGtl8rGGmVjdevtTZSTT//dlJyREItmsyHkY5cHMugzz8FAh Yy2ez/q7sbll2P7YFY6TXRc4FIIEVooK6LbsHggzwciBhc80Ue7bq+T6ouFYECBW lhNwzGLbtjkOlui/ljbqBRAYkbbqciWj337ZRjzbea8NeaoYYQo2ZHM9HKMK7mqS z6E0XGz++vz83pdsh/ZHF/i8l5OgvGZjG99KvpDy6zZ3PxSdASBOxx4O3wpUEd4B Gillmor, et al. Expires 16 March 2024 [Page 71] Internet-Draft Cryptographic MIME Header Protection September 2023 +8RB9N4I+9xPKmqBFQx2/gLY3jqLc8lWGp8oP1jZHDCYv4rMPnFZk4k+gpYu65r+ Iwy8HIYDzsUNJPxZwHo1GX9BQKt+/X4p0aqLE04G5gP10TrnsL5CM4WGyphpPz0U 3b69yGFwpL/Fj2NZ3LxD6b+fFsVccoqrEz70WPpgfB4NAVVVXLTjI4GkMCHApLhr 466UrQvoEGlVzAPbxVo/2qVa1+cTc8XvIY3s/kKLcHnsOvC6oICvKMlfNPQLv42s K+qg2NZpM3RHyeplbHe+rPzUeOIOmCSUluVQxp6HghEivLX9D4WU1Asaut747uMy fugR1lvaTmqVHpcO6Bdc/lO4TiyAXvZYYh+Uv9U8YZPckNZCHl5y4sJTVxQGQhLN KzQzFNX3mcqFYBW7xzr0fLSGaQxC1qQ6SPaOcUKp2jShAInPMB13i16MzOSOo9BW 9SgnXDcqaiGQWeM4VY1gHuuQmKj4WitLU0Ue5AizZDTPMN0JvUnh99brfVETjien gNHRtdvrXwt+N2baVRn0GFtj66ebu/rAzqTNZsA5p/F+APdUzxUDrPfh1WYrzzSQ 8DxlRmCTLLRzafCVXLV3xNbWnrfFPX4ilkT+roGTRjYqPv0yDUtvrIt7HKFnZoLl mLkk4auI/TQgJ72Ne3+wYYsMvOwrHbF8NLmsgyAJSEgWl+FUUBx653i9H6CiABOF 8YVvz7ShqSwhxGllroERl1wJLdXclLWgR65rvkCYvCH7bIHU7kvQoyIZXaLs1Anh rBNh185OH8RmBfNXNPbt6Hh+2KknmaPCkMxEWkNrLmGseoTJ1/okRunut+DW3FXI ashoguanB05zVngb+r+jzAwFRGVY3OCgeepb0gBwQDyeZBCCWD3Mr/1wXnB7S4Oh /zMURX7NtwZUOh2qcJ3Xlpi0S12mNvLSmIyxzZv2dYDolmPwJHptP7tBiKnsZoHM wbCEUA2lJsHRLDXXyC82AtttZv2auF1pO6Ne2H/en8Y+z8MRDG7gBI48IDGKq3Ej E0hlVdxVhWvEuavw83TVpvdKo0Q7rVRC1hHSttat1z8TxnKRxIRvxC+fJ2xGxlPv on1aYRq5tL/jIujIGVHHeSeqB81yiwJ2dFfYdlI3VaCSObVBwVbDKvRli1HskeSB WGT7hyhS0SDnh9MVHw0z30JWnxxXfg4dB0C0vQWLsTqZm0bncxxBZBR060kSY8RL S9mYpaSeHLl29h3OIKecjiXhhsA3UI60yIS7VS9dzLE9W53ttU5MLiHhXnYANy5U eqar+8l1uxtB90CjunOqtgkH0u4Ch+lnAUjdmz7cUPxLwgPgwr/WqJxORTnpGLlO hEumGFYF3h/XIuW3bNCqjAutco8B38s0kGBipd0XCg+Rr60S3lUS2//mnrqlE05K VtKVK+NxfcWkpzczLFOIxGLwHsSqg3He2QgGovkRRkCZE0/bBqhvbvAeZYZlOi2/ clB4eYdplZZJ7s3hKPwq678LBRXT3Fs4a9BpqEnvUot6WfgOsP/zsszS247EjWra w+OAKgdhSOILeuaxfpHRR2FEDYVU+yBdwJjHYzp3knXDDsEALaUmAbOIhZ3A79hY tCSmzEhXfHdOdpw0wqVoL8VpvumZna/GZE84U8uPEHbE5eeX/6BLNJx36o6FXkB8 waoUUNuiHpPMQbz3cLxZZxN2TGrmmUbpId9+CPfymRGQ9sqBTShxg+tZ7FzO3vSM WB7Vv+uxhCfBOy45MPX05vVAaxIENdQRabGPty7WqZepGXNdjwC5PaKDPuG699WD 22BOPA8sJ7TLqGj/yJ8Azkl0p15DUr+Kr5gDSwf+j8jt3hhzeFUpQ+9aFmxblIVf W0lKq5VXLVscZZl3J7hpbG62BmnlEMPy7pV6B+PkbxWkXaT8b+GW8OVSzW2uuOcl Fedl9AGzjYPlFPfRAtZkHqpMfqbtk6oSNkGx/9mjs5oYR90RCmy2PCKiMh3tPYCj iQnyJymV6x58UB1tRNbjaUD+rCiuea5hEUv04xdKB37XJ1OEcNT/Z8A+DQGLpLby u7GHTCTMzNLOwMibhfc2FRfC2q/MaZC4N/IrB0EWAXDIm7GDHlkUOaHL9ADc9vyg xz44m/CTcf5ETE4d/rEm7FEFnzVtBPbdlGhi3EXhQ7WCRy1ojRPoktdKNvePxSQl fVemwRsBA9jfLTwIzS/ASUTQohDpYaaqV97aUNn9psRuFblwgGUx0I/XuCUdbFxa zuM9a7jxDByOVyTn43GINFOlnK+/R3zX1cYm0CvF4+QUNZI0uEP0NvE9Cjb68SfH qAeV4HIRBg3/jU+8PRHTyUzlQf7vRXKiDM1nrT1belccJTWxUtybEKECersUX+zv Ybv2/w339RJrY0+Bc2VJt9uB6DX7p2HTQyfvaZTgN80ZLAkBJ/xk4WC6Vc+h7fm/ y5cqIjJJj0SES2VoyP0cu/rJ06+gg7v+OHHehmhkehuQNsLnXldAgGJyiFKcvw4C +NrQ2II8uJ54Q+ytrAMr8GDV7F6cHb9BuyTT1ubQEP1L5EwcEFWUESEv3A4quit9 t1r3jEuPBc3fqyIcmDNKP58qS0ZPO3m/fJEW1LX6yR0IEkrSxZD6PbUYgNT+qZD+ RhlNUJ6dIpd+xxA837NxUOnkrJQ3uvOvURBKVv20oOXzDVkRtAIEy8aVic6ZAxIX ZHqkikEiFxgNcMxiO4agsE7qwCKvpq6llM+xxXFs5Puqoj7vL1ihzCjoABqne5SE yBkYqU2OU7uoIvWSwVdtwqX1Ih/adN5t01nlHWcMHBooh04nfpMrhci8Oi/XYTA0 new3jLMwZXEBZhlkZ62ZZtlPA68K9f6XkSTaJ+bx+s3iV0K4RmLt7VC88+1Kspsn /pnDEBfBCQhGD07YeKUJBbJ3RPdRi6rsj54PRsZkOAi2MoQZJ6PnzfI6EHsQXNad PnYFB6ZGrse1ayA9QqibkRFMKGRSakkB+fq12M36RB8CeO766iMoc5qc8n5qz0oH BBlfTiAHTGU+6AhEGU5kifLZaehBcp5yDl2I5I5lc0X786Zjdm4oGbGq4q6Ieyu1 Gillmor, et al. Expires 16 March 2024 [Page 72] Internet-Draft Cryptographic MIME Header Protection September 2023 OLx8vkb9L3ZvkLgZAvn1r2dZKOxyNewjQwFG05ErbK7qpqD6TC5VZCiTLJKslN+B l3/UjwSwc0Lt3P7dep8oDySMgxKYDQJ0qNBFA6kwdZzTlaXRfQUFHukwn6fn10kX 1p/2K+oYUsA40E9qL0cWEMWcNmYRQyk0qpgWWIykrMl4efXkQxSddTqP0WfW/uxs pQB4rVeZStpzO9cie1E0tVcoipItpNvvQTENdC/p4Eg2bw2dW+Vd6NB/HwobsPY3 YRox1LGrfj0LH7Rg0qg3pI0D2u9qo3A7ZZ95vkGUtTtF0BYkIf9/SFoEwNSJARNp BOBA5lMrq3S9qwJEOYoA4KuFqLmpbmQg1K3bdi9M9aDK3hgQgLqWSGB4TF0OWuaG lkKQSPvZH0dZGtYxCjnNDth5Bp1MhVmS05mlr/uRKdVjdSq3MKj/2O/Nm7P28dRt O+w7rvRINTp5fWbstkwtBnheOkyX9usXU1qigTIUsAlXqlaG5g5qrDpG9Ijqya1i ShQJ7cLOtGFIJlkZgG/fT+jbJNSNke5uvMLF9/chmmR2SZEHou1tahe8J2/97H+H L6epMyb4QYeH9JTLDLEbyz8bvouA8ydhOHbMj6Vr8Ox9af+Uu1FhDtJs57goehgS /SBljJGQMwl0kHhLpK8qOk9i+NZOO5N+GiBlVgusHDyjsUHnxk3mM8hoRqqpkxAW 7mqZagmE09qk7PEctl1oAgrwdTSIB9WHIudg9cV1yFi1kkI2ktjEZPD/i8uZqO5n pd6v4w/XJuPopVn5nwJxOwQy1RKDNSOUaWRasZc3l+16D4eywDgDesSLaBmXUlUi dbbtKOi4OnAEwQ1iyE+Q7JABttILJ8aDSejBvP5gUvKPBliDLwAXMR98ruJeMdbE /6qCA6YAc5v/UxREKCZBqSYsOaEqD1YKZEIMhn64NDqpdiCX4gwe/sCawTcX1E5r XLgnSSpfLbIexggQ46Ma1BLGp9CbiGO2bw1IZmlGGOXqpQmKN6FP0OsSnwwq9D2J nquParO4ILWbL9aWBcA6EIkcer/C0fWGidtazmTj5MXkD83lY3cozRuC9dYLO+4R FXsWzvqQeXiauLz8iQsgxKUj2DcPT2k6j/qzSXz/M5xapj13Bk6VH9KoR194/smT gjGJvWOnYdZjv5J3i3oQOwCL9T/ZgdqIFW82jfmGvoe2zu/00XnV9FP4Lbr4rtv6 if54Hr/h8jqJoRnBGAh3doQIGdgLiZZDPt+GWMxreYAk16mbXpuqn49bP8G75ZKq 5Azp5xgNcm/rPGYEp+9iQJSggoz+dqGiQ0u37lK+i0/A0OzJ845NW82hoUye0C+X DB6OkbbYCgGmPou7bBVaUJNQQdRUTnGd/Yr1EaOQVScMZ09FN2hjx6V1zjdMUvTe XXpJ2C5Rl4kxHY6pw8mInAg9ja7jmY2e7xaNA4cwRNTjbH7J5uZFNEC2kSf4ZO7V k7MOX+zDe285FfVBS2+97yAlL3xalj1E4DZVFOw+3dKD+W2bg4r0Yhds/wxYH+M5 GU9zLrHEbw0GsPwUr50w9isSu+o9SKeOCfWrzHz1fJnH26woPOObWy+kkG2cunPN T5e+OPw9K3MgBkNZ9YG6Ce9ULqhO65f4LISdwDSsMGl3eNhgzMPLtCJZAP8K7dEt 8Oc3POY0NSB8lq1oyxDwHKJz0S/HMwrancUO5V9abkZuYhsOGW+1Kjswd+cPh5Y8 HoL3GF+OAopbYYesvIWgzh0/MtYYUoI3kPvUd4vdWNHEbtHlfSALDs5pukAE9ny8 0GhNtdoH04cVlvDmpyfbLcDTwi+UJ5tT1VQMGLuFo/CxDV9vWjXhJd7kSt+7+K1L YPzrT6ggMFrLA0kYRIa5K/n99wp2aYab7/DkwfpEjZI= B.2. Signed-only Messages These messages are signed-only, using different schemes of header protection and different S/MIME structure. The use no Header Confidentiality Policy because the hcp is only relevant when a message is encrypted. B.2.1. S/MIME Signed-only signedData Over a Simple Message, Wrapped Message This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme. It has the following structure: Gillmor, et al. Expires 16 March 2024 [Page 73] Internet-Draft Cryptographic MIME Header Protection September 2023 └─╴application/pkcs7-mime [smime.p7m] 4319 bytes ⇩ (unwraps to) └┬╴message/rfc822 inline 642 bytes └─╴text/plain 228 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:04:02 -0500 User-Agent: Sample MUA Version 1.0 MIIMcAYJKoZIhvcNAQcCoIIMYTCCDF0CAQExDTALBglghkgBZQMEAgEwggKZBgkq hkiG9w0BBwGgggKKBIIChk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 IG1lc3NhZ2UvcmZjODIyOyBwcm90ZWN0ZWQtaGVhZGVycz0id3JhcHBlZCINCkNv bnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQpNSU1FLVZlcnNpb246IDEuMApD b250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IgpDb250ZW50 LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0ClN1YmplY3Q6IHNtaW1lLW9uZS1wYXJ0 LXdyYXBwZWQKTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LXdyYXBwZWRAbGhw LmV4YW1wbGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzog Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAx MDowNDowMiAtMDUwMApVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4w CgpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC13cmFwcGVkIG1lc3NhZ2UuCgpU aGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBz aWduZWREYXRhLiAgVGhlCnBheWxvYWQgaXMgYSB0ZXh0L3BsYWluIG1lc3NhZ2Uu IEl0IHVzZXMgdGhlIFdyYXBwZWQgTWVzc2FnZQpoZWFkZXIgcHJvdGVjdGlvbiBz Y2hlbWUuCgotLSAKQWxpY2UKYWxpY2VAc21pbWUuZXhhbXBsZQqgggemMIIDzzCC AregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0w CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0 MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMI TEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeN SiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+Ithj LeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/N kug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSw qpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQ ury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwG A1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWB E2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0P AQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSME GDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4 oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIu Gillmor, et al. Expires 16 March 2024 [Page 74] Internet-Draft Cryptographic MIME Header Protection September 2023 s8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2 AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gz nbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqH rg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RH NrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcw DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/ T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5G Otz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnf itOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjG sgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/ N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ 45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIc l64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ KoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xii dfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2 lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh 2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2I JCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcB VyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUx DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/Qqmi XDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MDQwMlowLwYJKoZIhvcNAQkEMSIE IPno+5X5nFLPT0q5vegHgVP4OV2/uzd4xPnLWkqhqYIvMA0GCSqGSIb3DQEBAQUA BIIBAKG7Nq53TFMHU6ciIcQ9Tqq987YPEVAIJJ23U+60DXrXSrrmcZCqd2ZTyhJn f5Wc8vBoC9tzRBoQpl0WMS3WyQQkkWYY+ovPyDqcEt3iixC0aVRWIZoDiq5SiWR8 lB9CUcsKueu0IG1xmdvCmI/wrODkDEgiSV0Z+d2cs/I+OS1FSNVosffsd4JhkTxi 2dD5BMCfa0zaS96GPadv47p3oizmSO9u2TIBCceD94k6iIhG0jl9rdeUmOunTKlb Odz6Y1TlVrb+s+nYGQUtOWWGulO854oCYjWuTi2TwzlBI9NrrMM6xR+T8JAxIkXx vKwjA1ETt2Nvp0OqVR9izIeeiO0= B.2.2. S/MIME Signed-only multipart/signed Over a Simple Message, Wrapped Message This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Wrapped Message header protection scheme. It has the following structure: Gillmor, et al. Expires 16 March 2024 [Page 75] Internet-Draft Cryptographic MIME Header Protection September 2023 └┬╴multipart/signed 4562 bytes ├┬╴message/rfc822 inline 672 bytes │└─╴text/plain 256 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="8a8"; micalg="sha-256" Subject: smime-multipart-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:05:02 -0500 User-Agent: Sample MUA Version 1.0 --8a8 MIME-Version: 1.0 Content-Type: message/rfc822; protected-headers="wrapped" Content-Disposition: inline MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Subject: smime-multipart-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:05:02 -0500 User-Agent: Sample MUA Version 1.0 This is the smime-multipart-wrapped message. This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Wrapped Message header protection scheme. -- Alice alice@smime.example --8a8 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI Gillmor, et al. Expires 16 March 2024 [Page 76] Internet-Draft Cryptographic MIME Header Protection September 2023 hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA1MDJa MC8GCSqGSIb3DQEJBDEiBCALOMrQogvVsAh7w8dZ49veRaAFhTQ49VmGVz+1eTbz tjANBgkqhkiG9w0BAQEFAASCAQA/IjhMNkM+NpI3wGfQyDClEMkiUG5SQ88JC0zc Xaz46K27ncQh+PW9TChvi9V9VR9EvKx7sh0dBnjhogrMTH3V1mZPgyL2HdsfLvXa Gillmor, et al. Expires 16 March 2024 [Page 77] Internet-Draft Cryptographic MIME Header Protection September 2023 WHmHQmbTnsZH8+kqOLdOZG/zbQMgR3sSv992f6ShxZNdazwGSf5s7Hs6+an6yy24 VtJqhT5xHHvMfDLUVW4sXwRugWKohiW+cjZ16SQ5zP14KJBpriMWv8A/4sJv5aC2 ImraEATJ1gIse53X6XPDt/+9BsXOrvbIvXRIbgMJBK8gIz6aO72n/dvm1fHjdBXv 9t75zqN+O821RiUiSbBoaB3FP0sl3prsZ4QRr3Yv7vpv/HoR --8a8-- B.2.3. S/MIME Signed-only signedData Over a Simple Message, Injected Headers This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 4234 bytes ⇩ (unwraps to) └─╴text/plain 239 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:06:02 -0500 User-Agent: Sample MUA Version 1.0 MIIMMgYJKoZIhvcNAQcCoIIMIzCCDB8CAQExDTALBglghkgBZQMEAgEwggJbBgkq hkiG9w0BBwGgggJMBIICSE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1pbmpl Y3RlZA0KTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkQGxocC5l eGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg MTA6MDY6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAx LjANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOyBw cm90ZWN0ZWQtaGVhZGVycz0idjEiDQoNClRoaXMgaXMgdGhlIHNtaW1lLW9uZS1w YXJ0LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBT L01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxv YWQgaXMgYSB0ZXh0L3BsYWluIG1lc3NhZ2UuIEl0IHVzZXMgdGhlIEluamVjdGVk IEhlYWRlcnMNCmhlYWRlciBwcm90ZWN0aW9uIHNjaGVtZS4NCg0KLS0gDQpBbGlj ZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0R OZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy Gillmor, et al. Expires 16 March 2024 [Page 78] Internet-Draft Cryptographic MIME Header Protection September 2023 dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg 9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07 k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74 zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY 9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r 8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNV HQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfx CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRG zJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5 AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5U zpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGn UZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19o WZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgw ggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUA MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEy MDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYD VQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l 078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6 uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEO ls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBl fkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4Ku ElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8w gawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0R BBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAO BgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8G A1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IB AQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAo cCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoT WgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2z L3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF 07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSr JNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRG MREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglg hkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ BTEPFw0yMTAyMjAxNTA2MDJaMC8GCSqGSIb3DQEJBDEiBCBWJ1HsKaiXvrMR26xS /wrb+5CS85FLWuHRuKm85dkUFTANBgkqhkiG9w0BAQEFAASCAQBE/g/trAYogNeF 9oD6esBshX+oPQp8AhmTNr5mdEi+YCHauiO4z94lPIGHwPGGI220cly1C68bMsjT HPlaumv6zhotJym5OtJH1nD0cOxeqMSP+/htEgb/YmOTs1tGL5W6MRDE2Qpk+ZT+ skuKKBT98a/VQGEmyIZSTJV9SmiapvYDb9BA+KPuFZ0Yd/vMtTjq1dRBzadE9byX O10GDNMBiqOeDeVcfU2j/rb3UELfJqSpiTqEST/JIq1PvZHr+En2Z0PfMA7BKjTm Gillmor, et al. Expires 16 March 2024 [Page 79] Internet-Draft Cryptographic MIME Header Protection September 2023 sl/sczGLBObDAJztOOG7oU83zowcKn0JNse2cKU2eQMAENtuahfaXzVrmbfsW665 Mrfom9Z/ B.2.4. S/MIME Signed-only multipart/signed Over a Simple Message, Injected Headers This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Injected Headers header protection scheme. It has the following structure: └┬╴multipart/signed 4487 bytes ├─╴text/plain 258 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="f1e"; micalg="sha-256" Subject: smime-multipart-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:07:02 -0500 User-Agent: Sample MUA Version 1.0 --f1e MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: smime-multipart-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:07:02 -0500 User-Agent: Sample MUA Version 1.0 Content-Type: text/plain; charset="utf-8"; protected-headers="v1" This is the smime-multipart-injected message. This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Injected Headers header protection scheme. -- Alice Gillmor, et al. Expires 16 March 2024 [Page 80] Internet-Draft Cryptographic MIME Header Protection September 2023 alice@smime.example --f1e Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm Gillmor, et al. Expires 16 March 2024 [Page 81] Internet-Draft Cryptographic MIME Header Protection September 2023 MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa MC8GCSqGSIb3DQEJBDEiBCA6Rhu8s2iPcyWQk+TNKhP9ZHJ9+wulWjsMpAF1NXCE jDANBgkqhkiG9w0BAQEFAASCAQB4QMAYf42dnAelBRb2NotiixNgdjdSpVK75af6 oND3UjdCWcd4bPbrfTZMQKp0FBPoOft9lw2fWNgXwKbhD1cL3RWUmUq0zcNbI3XI 86vWp79p+KwM/+SyDdfgudIRGjbs/tmKaBvaH89a8SvuxhNxq/pxgDzpy/JWC8Er AUDTbKrNVsYD+MfzMy9B0TlK2YLKoQ6rV0N1n2nXbW0e+Ztv0a/getNKAEAP+5hE OQkq50RxUP9pI5kQ1NdU6zqCNhRjmd1wnMxn45K+hfY8cxwwemFn94PgDGpPG4mB yRXQPj+5oyduWiHRMLXG1+fs4tqxHZXN+WaUHvSIDqNXK3rj --f1e-- B.2.5. S/MIME Signed-only signedData Over a Complex Message, Wrapped Message This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 5737 bytes ⇩ (unwraps to) └┬╴message/rfc822 inline 1689 bytes └┬╴multipart/mixed 1584 bytes ├┬╴multipart/alternative 946 bytes │├─╴text/plain 282 bytes │└─╴text/html 380 bytes └─╴image/png inline 232 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part-complex-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:04:02 -0500 User-Agent: Sample MUA Version 1.0 MIIQhwYJKoZIhvcNAQcCoIIQeDCCEHQCAQExDTALBglghkgBZQMEAgEwggawBgkq hkiG9w0BBwGgggahBIIGnU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 IG1lc3NhZ2UvcmZjODIyOyBwcm90ZWN0ZWQtaGVhZGVycz0id3JhcHBlZCINCkNv bnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQpNSU1FLVZlcnNpb246IDEuMApD Gillmor, et al. Expires 16 March 2024 [Page 82] Internet-Draft Cryptographic MIME Header Protection September 2023 b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjFkNyIKU3Vi amVjdDogc21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkCk1lc3NhZ2UtSUQ6 IDxzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWRAbGhwLmV4YW1wbGU+CkZy b206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxib2JAc21p bWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowNDowMiAtMDUw MApVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wCgotLTFkNwpNSU1F LVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2 ZTsgYm91bmRhcnk9IjQxMyIKCi0tNDEzCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFp bjsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQt VHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKClRoaXMgaXMgdGhlIHNtaW1lLW9uZS1w YXJ0LWNvbXBsZXgtd3JhcHBlZCBtZXNzYWdlLgoKVGhpcyBpcyBhIHNpZ25lZC1v bmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRoZQpw YXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBh biBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIFdyYXBw ZWQgTWVzc2FnZSBoZWFkZXIKcHJvdGVjdGlvbiBzY2hlbWUuCgotLSAKQWxpY2UK YWxpY2VAc21pbWUuZXhhbXBsZQotLTQxMwpDb250ZW50LVR5cGU6IHRleHQvaHRt bDsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQt VHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKCjxodG1sPjxoZWFkPjx0aXRsZT48L3Rp dGxlPjwvaGVhZD48Ym9keT4KPHA+VGhpcyBpcyB0aGUgPGI+c21pbWUtb25lLXBh cnQtY29tcGxleC13cmFwcGVkPC9iPiBtZXNzYWdlLjwvcD4KPHA+VGhpcyBpcyBh IHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0 YS4gIFRoZQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3Nh Z2Ugd2l0aCBhbiBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMg dGhlIFdyYXBwZWQgTWVzc2FnZSBoZWFkZXIKcHJvdGVjdGlvbiBzY2hlbWUuPC9w Pgo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwv dHQ+PC9wPjwvYm9keT48L2h0bWw+Ci0tNDEzLS0KCi0tMWQ3CkNvbnRlbnQtVHlw ZTogaW1hZ2UvcG5nCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NApD b250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUKCmlWQk9SdzBLR2dvQUFBQU5TVWhF VWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0MnVWVE94YkEKTUFn UzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6 dDljaWRrRSs2S3drWgpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytPbkpIa0lo QWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpCnZkUGYxUVoya0REOXhwcGQ4 d0FBQUFCSlJVNUVya0pnZ2c9PQoKLS0xZDctLQqgggemMIIDzzCCAregAwIBAgIT Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58 BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl Gillmor, et al. Expires 16 March 2024 [Page 83] Internet-Draft Cryptographic MIME Header Protection September 2023 OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4 oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY 1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr +E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj 0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt 9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5 2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4 DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI hvcNAQkFMQ8XDTIxMDIyMDE3MDQwMlowLwYJKoZIhvcNAQkEMSIEICsRogMUJrtS GAERSFiPMhqWk+9misjv48XcSNJBKUj5MA0GCSqGSIb3DQEBAQUABIIBALJCpfEK FQ+M1YQIuTcVEHr/K/w/8ht4pOy4BmEE+q3yZUBAThT37DxdZUXRZjUB52FdsWed agkt3DjtFzJwRiDSteChrjrA/0jbFVOuV/9VBm0VGGfodRTovS+6wH+yJNAXHSW9 p1GXmPcDFAtN5wr69zBNCX5mKU6bwcaVX41S7/fmcDlBNSQ45fx+RrXRhMX/vG2A tgu01LuRSCvGgzh719968R5D3obEtZwUi8uSOpvl3XqThZC5Q4NMg68UNgNb//OT Puaq1MOvhWhSkTNKjbtv2P/MifHWXj9TYHkRc9l5k707LqWj3yWNFR7tpVO07n0+ hTEzoJRFKuxJlQ4= B.2.6. S/MIME Signed-only multipart/signed Over a Complex Message, Wrapped Message This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme. It has the following structure: Gillmor, et al. Expires 16 March 2024 [Page 84] Internet-Draft Cryptographic MIME Header Protection September 2023 └┬╴multipart/signed 5653 bytes ├┬╴message/rfc822 inline 1747 bytes │└┬╴multipart/mixed 1642 bytes │ ├┬╴multipart/alternative 1002 bytes │ │├─╴text/plain 310 bytes │ │└─╴text/html 408 bytes │ └─╴image/png inline 232 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="aa9"; micalg="sha-256" Subject: smime-multipart-complex-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:05:02 -0500 User-Agent: Sample MUA Version 1.0 --aa9 MIME-Version: 1.0 Content-Type: message/rfc822; protected-headers="wrapped" Content-Disposition: inline MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="a30" Subject: smime-multipart-complex-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:05:02 -0500 User-Agent: Sample MUA Version 1.0 --a30 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="844" --844 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit This is the smime-multipart-complex-wrapped message. This is a signed-only S/MIME message via PKCS#7 detached Gillmor, et al. Expires 16 March 2024 [Page 85] Internet-Draft Cryptographic MIME Header Protection September 2023 signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme. -- Alice alice@smime.example --844 Content-Type: text/html; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-wrapped message.

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

--
Alice
alice@smime.example

--844-- --a30 Content-Type: image/png Content-Transfer-Encoding: base64 Content-Disposition: inline iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== --a30-- --aa9 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gillmor, et al. Expires 16 March 2024 [Page 86] Internet-Draft Cryptographic MIME Header Protection September 2023 Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa MC8GCSqGSIb3DQEJBDEiBCDvCBOZJKngosmsBz3B3if2ErlYiRyR1KnTpWbe6AN0 fzANBgkqhkiG9w0BAQEFAASCAQB6Xc+YUIEUCqF3vqlZTP41u/jEG33O+bc5jw7D VLUbKQ+AI6c6602LAgMwX17VuBdbgHecf59trY2F47Wr8NlcbTcAq0jN54tqrhri 8cL4YzS8YGH0vLrDdwilChjs0N1+t5nQ8Rya+rdGqseE0TK38P/K28cnU3udgTjb 6E/QcopIlnLaaji+x5qjRHql0Yt9tbA5F1L9vgqgu7Zf9w55tZIe9cESnVZpud/1 +zqsKDfj4ndnMDFzrUtXztY2e1f/Y8EVjSIVtY+ZeYuldtGhPpvk/N3koxZ1yL2Z mrPQemZ0C2bIet7T1vv7lFCUtUObdyHoHBvXI7OhbCmGmak3 --aa9-- Gillmor, et al. Expires 16 March 2024 [Page 87] Internet-Draft Cryptographic MIME Header Protection September 2023 B.2.7. S/MIME Signed-only signedData Over a Complex Message, Injected Headers This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 5700 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1614 bytes ├┬╴multipart/alternative 950 bytes │├─╴text/plain 293 bytes │└─╴text/html 388 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part-complex-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:06:02 -0500 User-Agent: Sample MUA Version 1.0 MIIQbQYJKoZIhvcNAQcCoIIQXjCCEFoCAQExDTALBglghkgBZQMEAgEwggaWBgkq hkiG9w0BBwGgggaHBIIGg01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBsaHAuZXhhbXBsZT4NCkZyb206IEFs aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4 YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA2OjAyIC0wNTAwDQpV c2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpDb250ZW50LVR5cGU6 IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjM5NSI7IHByb3RlY3RlZC1oZWFk ZXJzPSJ2MSINCg0KLS0zOTUNCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5 cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9IjkwNyINCg0KLS05 MDcNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXMtYXNjaWki DQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzog N2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC1jb21wbGV4LWluamVj dGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVz c2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSBt dWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZQ0KaW1h Z2UvcG5nIGF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVjdGVkIEhlYWRlcnMg aGVhZGVyDQpwcm90ZWN0aW9uIHNjaGVtZS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VA c21pbWUuZXhhbXBsZQ0KLS05MDcNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBj Gillmor, et al. Expires 16 March 2024 [Page 88] Internet-Draft Cryptographic MIME Header Protection September 2023 aGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRy YW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3Rp dGxlPjwvaGVhZD48Ym9keT4NCjxwPlRoaXMgaXMgdGhlIDxiPnNtaW1lLW9uZS1w YXJ0LWNvbXBsZXgtaW5qZWN0ZWQ8L2I+IG1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBp cyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVk RGF0YS4gIFRoZQ0KcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBt ZXNzYWdlIHdpdGggYW4gaW5saW5lDQppbWFnZS9wbmcgYXR0YWNobWVudC4gSXQg dXNlcyB0aGUgSW5qZWN0ZWQgSGVhZGVycyBoZWFkZXINCnByb3RlY3Rpb24gc2No ZW1lLjwvcD4NCjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWltZS5l eGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tOTA3LS0NCg0KLS0zOTUN CkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29k aW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJP UncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxF UVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5D dGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0 NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxp DQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS0zOTUt LQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZI hvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAv BgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw IBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElF VEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKT g8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidm buZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmn x4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL 7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zN S2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUC AwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw ATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsG AQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeO r83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcN AQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgR yOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x 9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmk w1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0en ITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6h vrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/ QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAP BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1 NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UE AxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQ Ul5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evP gP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryC qeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqp o1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRi Gillmor, et al. Expires 16 March 2024 [Page 89] Internet-Draft Cryptographic MIME Header Protection September 2023 VokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNV HSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhh bXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0O BBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8Qko ZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25n Y/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzE f7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa 1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poI ccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKyp yQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYIC ADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0B CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA2MDJaMC8G CSqGSIb3DQEJBDEiBCC84gf/+no5va6ErXhHIk1xELMQNWg9BUh8E1M78W5u5TAN BgkqhkiG9w0BAQEFAASCAQB+q8buLwucKfPrBoXxKP7ZaJ/ifg8Y4Axf84AhNJXC +NWzThUSgq12Fn9cdSVO858oDrWDSndd/zwgab0TgQZ+64atwiQ7bVTDkG8qgeT+ I/R1I8jGOCUTpkKcK34tOYbmhkc7/2BLITc3qOAxuN+lrsWVL2NF8LFGh9RbfzRu WFVqAMyfAo9DRr1PeFDoDQnjAGti37M8/WvftXixxOAevVmFUWbpnFiwdvSwdrt0 CKquQ1NYbFAvxOawxLU0jFqhIgW10+fU4jqQDukUVSKFiw1/dK+7jlZC6sCXf3Ys oHRhxqY/bSsgXn1DUWSDjhae3HnlZuoVXLJDHGCd6oSR B.2.8. S/MIME Signed-only multipart/signed Over a Complex Message, Injected Headers This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme. It has the following structure: └┬╴multipart/signed 5580 bytes ├┬╴multipart/mixed 1672 bytes │├┬╴multipart/alternative 1006 bytes ││├─╴text/plain 312 bytes ││└─╴text/html 410 bytes │└─╴image/png inline 232 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="f91"; micalg="sha-256" Subject: smime-multipart-complex-injected Message-ID: Gillmor, et al. Expires 16 March 2024 [Page 90] Internet-Draft Cryptographic MIME Header Protection September 2023 From: Alice To: Bob Date: Sat, 20 Feb 2021 12:07:02 -0500 User-Agent: Sample MUA Version 1.0 --f91 MIME-Version: 1.0 Subject: smime-multipart-complex-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:07:02 -0500 User-Agent: Sample MUA Version 1.0 Content-Type: multipart/mixed; boundary="099"; protected-headers="v1" --099 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="9a5" --9a5 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit This is the smime-multipart-complex-injected message. This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme. -- Alice alice@smime.example --9a5 Content-Type: text/html; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-injected message.

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

--
Alice
alice@smime.example

Gillmor, et al. Expires 16 March 2024 [Page 91] Internet-Draft Cryptographic MIME Header Protection September 2023 --9a5-- --099 Content-Type: image/png Content-Transfer-Encoding: base64 Content-Disposition: inline iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== --099-- --f91 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 Gillmor, et al. Expires 16 March 2024 [Page 92] Internet-Draft Cryptographic MIME Header Protection September 2023 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa MC8GCSqGSIb3DQEJBDEiBCDzzjU9zkYamvSgC05wewF4LgTekLa4P8khUZ1HRNkO GzANBgkqhkiG9w0BAQEFAASCAQCFAaiW0MVy2tnagCpthNu6sAL22/BBu2BS5XY0 vTH4/MtLzU4lSokfcs8lgpXmE852prfBZfyoBiOtKZF6TkW59XPiEx4TfBZ+pFwb MaJbZ5Kil2GpqKib2sEKbaNHaUY0H+vixz3NP6lo2Izras33cw4Z7FE24qs3zTAA 1WYTF8rtPhXVW9rFLumBOF8LgGKPTh4mjWrAEcaqqmscisibxTJ5yp5DJhHMf9Xv /HVi9lOJJ5BlYOQOL/jWPxQorYJAP62HwEEzz7/GE24hm43pK8uHT5DPHiG+gZZL 35qcfe8j50JVLTG2wcRH/aKhat12MMnPFMqnJGwugLv4rwg5 --f91-- B.3. Encrypted-and-signed Messages These messages are encrypted and signed. They use PKCS#7 signedData inside envelopedData, with different header protection schemes and different Header Confidentiality Policies. B.3.1. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7540 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4580 bytes ⇩ (unwraps to) └┬╴message/rfc822 inline 783 bytes └─╴text/plain 321 bytes Gillmor, et al. Expires 16 March 2024 [Page 93] Internet-Draft Cryptographic MIME Header Protection September 2023 Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:08:02 -0500 User-Agent: Sample MUA Version 1.0 MIIVvAYJKoZIhvcNAQcDoIIVrTCCFakCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAH7NZ5T5anffqtWAgtooMtA/krAJvMnVSghb 3dWk15izranm5qH2EdFCxvdagu4bsboapU7GH2o8sZ+Hr7ExuiAFRSoQMS/wgOgW VtfwjKSoKYqQb0/jxCKMtDGqfz1p5qBgNAz7GLEkC/P+PqYNHJrwX2ddrlHJ1O0G 6ut7Qjgsv03UIxSO9IZ+KwsnxuPko5AuveAifbOyN5zNA/yNGWrdVsLFboz5sD1Q uyI/cWctTDCLvoyVtBRkIWRUJlHmgB8AlFoT2pBRmFCExx1NK0IG2xlDc/K8K2g3 LTFEoderXpcOY1S9WuXuEGWpYFu//Pqt0kmAacfbp8DbF/KL0k0wggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAPLsdF0Kyueyd/ofoyTKriNDH mh/Nr7KhbiqQDRZpJ40SL2QR5Tkt95RZ2FcHOmP8QVRoCMPDfIY7tXXVxdaCewju qBEW8TrDCSLsBa0NZ0hFvMUed1VgMLZuyj9RFumYCfg6MXjvS2yLskPCvdZJ6urd n7P1Q+Izs8yKSZzkYuxY3Zu94pA7uedClTP8hS3LB6JeZWSQIVA4ZLZ2/9JD+0Tn 0EX6Zx8fySJCZwcIoWewcn6KSmSekQ7XRevkOxj7FWvJ4UBlQeo/trWa25Y/oj4Q BoBvnOSiMm+64zARzVjmqIHTRmZ/HCZdeEcM6Ci/+OxRs7aO5pPEKCRtRtPQ5zCC Eo4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIdKwwRA9368qAMYmmSuOLqAghJg 05DvwW0FJ4IGaliquIe+CXt+Bh0UMV7FaAia3k+cV581Iq3yTmhX8bZpRLBqM2Hz yb65FDoCFqzmilBH2rirDi/ewj0y0rXunHq4WvNxl1a0a5meWec2kdG3vUir8BzX b9qVNGn2NNkOUWkPtrdOhalGjRVAfF+hzgdU3GTmBRsEtzaOqRKg0Bfxa8Fa8Q8n 1IjYA6HV4bGzWTg6Pd+nsjZHLvlLcoY5fHh6Z7ZFWJ/oxxRTXBCYurOqFz+YPtod p/0h7yiBEbOTFPCAvzQ+9dlK/SK43somDj66PlBwNm8gi5K6MlMxpXqXvJkGMYu2 X1sfp2NH3pzHe6raO//jdBoSnHN/qPeeyJeGpPe311/FJmBEWX+ZWlOb2Q9/hyvS sSkfEHkypV539+WK43ClMA8FCLC1zlZxv/oSBJS3CWz9OtpsXk1yXKJo8QZV96Gd pn0pzdDuEzx/xLrBDDkWMs3UW13xf/1gHznnU6Sv14VF/Q8Rmbx5wsveQunECnaT J7Ay+p3RuywANEfFBjzlMwW0zk1/zH2f5vdGyIjjUhJoHDDTs2xNe2KpCpc2ZvIw rgLXVb+lep+Qc53Un99tKCAAb0H3ApCa8lXpWVBZR1zfpike6Jc5T8EYpeEjLyDr w3jQcR4jAg/5dwiSXX88GzfwJQQg28CCTWX9moVevQAH/y8ZbALaiCHzfoGEXvNb I3r/e6ebWYf1JJkUEPGQeUU3IBUT4ZQY+S/ZPvPkhDUBho/2Gk5zIZiAS+YRRyXO IUOYkjpOBtnd+sKnqQYE1wCItzG9hOVcuJdU5uJjkXTSquf1DwIt5GYR+4EqW8nN vnrbeRvCUgiy6G0kPFEvFbFVyLD14ldVAJyjPOsP1G3QGTEhBtAi1RzEQU8jvtk4 IHm2aqYKntIFcC/wq9KGXjiKBfwhg9mFvyESYFaj8pJcIbgPzyez/+WSRTV6LdMd sbwiCXbeJVezAFlb5yd0aBjHCDE2q7KR4ccTksf0n4Z6Kt2WXir5yd2StKcJ4sLb 5P2MchRjPSDM609l/5sUOItLje1NgeVYUzvN494kV3s7rCNfuyyw0gRoM9HGWlj1 rvIdVGKZ0vJhaV/WjxznFKsZuOUG+zQzlka3LGriTQH1R6cVrSi7XmlCLrKDR70M Gillmor, et al. Expires 16 March 2024 [Page 94] Internet-Draft Cryptographic MIME Header Protection September 2023 mN5SlFq9Uw0TZ5K56IJQ6MIjUezIwONSFDwynw86LVLM33cvV21Fy7/4XlMkIRYU vSgwDSmvxLTrdaUNNThIamtC3LtTwZ91XjnjgmIXHdQ7JS3cX9cIsNTBGOYCT6V8 taxyzv33pjwL2GU+3C6GfTzGnPGOByOnAWpiKxbECz3fuUmG1EwyBYeyLcta7ZE3 y70fhpvFggdVt2Q2fpMFemnc6d5hdi3KBrTb2YpyFRgpE91HjtGoB/iB+StrTclS W2MeGn+p9EkJMpMq+JubFN3Vx0mLFvZLlFQFRv9emZmtWYJLkQz3c3PSge9QOrZP hEv4WgV1U3jz2Ll0xMMAqlvO65tqZIAuDVUOoVLE5busbp7/kk/boNimArS2pYlF 1IWIk7GR2c3i6QDrVf2FGLFJxmitYscRPyiyFS36dI+iWu5B+tbvEfp8ZjJgwA93 BueKKNalKOG5JbOAbBrErm0Ol8/g7auxPthuRWo3hax+Y7ESVNTf5tniEmluPj1B /A2wfORTi41sE4CQpMVqWufaOUZ+syc0Ow6Xu/JINvYGxpU2X9mMbSVzv3ZJ4pZ0 AVlCvEVLp7bt5XZR2kolPa3PXU21jCh1iWshgtlXxtdQSZFPYxItjcOVIJ7X6O8S ByN06PYQ/piOG6RaJ7DGK95xtz8sxbYKW5oDliU6IF3lEuVPCXfWKG2tks1aLfKL dXDiDw1P5ZmDMhLnyzsMzrjcdrlvj3hOE2rGb03ol/cfmAD7LWsetaXnSTOus18Y ksvaKwIffgFbu98nxLMbwXjLBAX/FTagi+3NJ88lKbnI+2ayPwPFqEQZsI5W5N/w IlrjcKDTxfZ/nvICwDdKnB813pJWoMk0/SM0NYEMANMmFexG2NfjRwhUAxLpy2Ma nTr2fRyco1z2VyoUmI5909NNDHrOtEtsBR/LcPOENy9tR1N7WbpoktjlZ1s9uYxJ ng5QDXtIN077yCdhzbPpdx5eEQEx8jUC4eqIuFiINusUILf+jzErtAS4Dr3P+HjH 1ZXU/klxwxngMgG9FdEPnO08O7JoYVYjpaZVaRZWwaKjkypcmehYxXq5fx9UIYxm gbTIMF7u8uK4SR0i28fEigIvInts2xEYfO9WFq1A2TgpTh7q/I3JyuW52KYCtFOk 40xiQuxiC+/58aZycbjLfP6e+pYsB1BQiBamlfJceZuCTW2vn5sjuVCdSqi5k02q hgzUSnlduCb1T7QqZ9KjDZlEIN2fgmA2RVxeaFZ5EXVxVjA6C1dL70yW/GlA4Pjm hojv+slDVfXxHoaFC0LutvBFxMf9I6efheihKbGM3mCXWplzMKcqWgl9KIJT9raf N9SrtHuhC2JwEqRvvn/XQN29NCr2GbhsCtmayGkmgD/c4vgN4noukUo1vuNVF4Wh 1GPwju657zAHJT6qRe1p7BqE81Cpf8aNeWWK1xBu/HlAryRMKKwRXm8x2baOs/L2 CokiV3GM7ip9Uf8hF5aML8fL0yNMMpHyk3h+rhsntjK0A/0sF4gysk8WyhBnD8Qw lhJdkVoc81NkGNxIrlgVFjQ79fScPfe3oIveHHrs7BpEABdcZDf4NSrCZVStw0AX YdQ9RjYbTiDHprs7sO7D9DV3VEVin1Ng3rMtoPqxb7HKv+Sa72+11QJeu+lzVQax Uy9EapOeTELAwOqsSSMxgn65VMaLgd3E7ThUr0Kp8RJwp+mEcJ0c6AzdYLnfpyD6 ic12ENgtL/Q8FG/0tahkp0Th7TkVcjpJzuVNpijvkIxhuA7d1xIkKaLHxjkxCiuw oVTfdW8Yt+R89SnkPcx81+ArlpkCaC8V4K9U6C2FIz9W40dHFUFajTnycgUWMybf A7D1UNAeJBNjRFEliSqPu1Yr2mooi4+hV2LIMjLxs/aHWKTMah3K3mTVyoltAwVt +2kMIaqtWKQi5xr3AwlP8GKEo9FlOsza4B1kWK3eDovCy2HGl7R3HJGgWnDxt02I KM/HTywrU13qMwxdkejYgV/4RWQeOI5FBBAemnwJNdquKrOOQiuHFxGxl4OY1jja l/sRUtS3pecm5x+CHCqYHSTlmAk+1kWL4ELwdAd4atsyrKn7SiVuZCgZ3/pi0kEd ZBkxh7WmzAn49FMg2lS1S68skCN14LH+315uxs2PiTtxtm+h8D+Fsc9G+Wnjp593 CyPHQxQo8xSqCrVupdxeuimn1I+ONn1JUpZh9O6VRS/Ld7A27xW0a9hkGx5V0ACQ J14i+gpcsW5jP3JVV2lplpgXqktR0gMbgUOU7Qvst3ZRQueiLJb9Ujdvhx4KcJS1 q6jrEldOXTHkz4N+RZyMn7JJAlwBB/gag5biDlHjvFYKWnrpLL+fBj5KPrfaDK8I AvKMhm3PdbsAw6qieAntacTzE/ivFsORPUvlZr9JFJ3C+E6ScztrMvBCCqK94Zst WVjcWVvKmd1ARSmPE1Q/SO9OzfHBTkMaFNXA9l6yUfQ1b1E8TNDHIDO+CS+6U2Pt oiPay22qExWsnkuU0mCUDkrzKUR0lMQlYPTf+zD1qHPZ0BCHHFsCNxcE3YKpK4s4 y4HdE8oCVwo3II/rpOHAqIb3qEM9lAH41jtX0Z6FfIhOi0nltPJCIEm1OElmVjpZ fiOYsXjTw4QgDiQF2w88sIV20ov/bvCydBTwd3Q0YgDLLmGfo99XJREaPhXeKKNf noNSNV/xR30PwOnWoWpTSPZnYioxFOY1knpUIRVEbqW48B9KMUoXrawIZPGSWO+U Ib3H1DxwlcWEpkC4GB/G7UYeZS0Z4XKcqStEdn5QSSkX0v7DwoqI7etmUhuspNGn Po/HL1PR4q9JF6jPtYqscKm0EjF4H4C6QR3Frdz8FQeIT0Mz+9/6rAgYjtCbaQN1 I2zn8qkKQfmbKC9jYTRgg/T+IGbSvZPuWVrkOmMrv6K8uQCySuDpfPS9KmIT/0Ln iGtUtycME+riNw4Tc4SjOP2VVoFEX4rfiGaybVy05BUcZVahbmL2CebxLyoT8uE/ D3/w196tyWYwNADDgYXdH6jSdws9FJvTNT6I60Z6fAiDspAlPO/wr/S/yTiFHDJw Gillmor, et al. Expires 16 March 2024 [Page 95] Internet-Draft Cryptographic MIME Header Protection September 2023 h3jzSj2GQtWGiDFmLuLXztFG6BTTDVdyqBhAg9AghLuPLHZctNvyFmIVNUxDjvzG 1ViFJVfkuoj3YLMeLwrD6vtATct5GUQfKK4sagGwZ80egMMSxb0yViB1SglEsrRd nQP5vA+1INUQrR2n/L4mG5ZdJL1Eh/dRpBbRn8szKMXtGIuLx0LIYVl5rnFCbBMN H1U4fbHFiHdX41FTOiurCxvya6dNboLwm/2qQY64dzbj5kTQpxz/UmBN/8AwdvOf NAkb97d3/CsE1i/soZowZMghezjWUKs/hhL7/KBIcXiTG+2aXKs3etryNJRiyCOW ehkEpOvhHA6IX4y9VmorT2v9vee7hlGaOWekbl62EpukuD+dCCay+FRLP1jU6wqD Q0Cqv/7kybANL4jcZI4Rf3joE/yB/mr8Ygd+5ATFHNmOVhdm+RKrOQchuy+lhrre 1mjLtoeQs4d8bUT6T/WcX+xGG1Z7krfiYwJQ90qHclVqAUsYFi3eQOtsHdliyOLm AW8Mr/aZSkSWgygqL7dd0KGC/aOO7GcryqAQeQtSFBIXvb3xR1S0HgownwgCTdZs IgWrM8BkESGpywMrSi3bsfkuKnTX0lFuso0q7Kn3VQE0kTCfSRUunOT8lNYLA+MV jsWgB7uYX8AXFhWM+MANGIuOFk+IeLwtCfWfk01YCLn47NUahQsMPo5/4N0CeiWa SFmwu8CY5UCLCPCW5tD+zP/mRtLM9Xd9joS8LXF2gRUAKEzOCJpy+qy9YkCuMgPd PNx1cq3rcLz1qMopCmrDO5xR/LkUuY3I0l7kf29Hb4HZ/nXil/p9tKlOJ+qOiQI9 zFRxqQoxLQsN5QxA7D/w/5mBSDuRda6am2yifmdvwjsARsZiSSY9CY8Q5yEc5C+H BhK6qMC0u82Yl58VjqrJRqvQalujMN8+CS8+4KiK3giZU6PE4mqoBMmNy9Mg4zQ7 zOjg0m/DYvPz5/AMk8Z/jRF8PQEffb0JcfE40ksKQyja8lNlTJsqJslvYQdITz1f ghmVxuDfcXURzz7vQLGcezLOe6cKbPtt6S7OoAvvtJjpJOrdwphSmJN94BG/9DYn fQoQz9hUbboUgfRVeUWfStMEr++fciSexJVyAj+kgObAaJrhstvjM871PFLLfY19 EZFMrV3ymygWYc/pLKWW7VFXKxmHjMAG2tm69LCpPWxsw/rmUaVBVe2jycb2FLHi 8sw3ecNWoFsCd9fucBGtmqPEiWr9nrIVj6I4mPd7tCXZQEhaN7sLz9hX6lTd9Ybg 3WO1YSWzaBZyxJDuxXbZ4Zd2t4T43PRJov6W1FAcatQO21xzOIq1u0oY1s0eMXHO FF554eor4J7SceENG0c0vlIarFDPYzPmNoMMthvb9+7N4qmgJTBJH/SwBalbeDBI 7yN/SZwHb8juuXOOlfmuBDofTWWS4nkPi3Z+vUMUVVElqP2Th4mlmP6f4H2aknSj OrMFPM3C97UY6Azyvb7RYb/VrUcnM7kiYjYM1irfRSYjD/vVYwxfGj1ruSFYw7Sb +iaVQ0+g9XDTVytovy4xr7302goBJcUK35kDlz/2E2CLeFBxEQu/PmYjOoSvpv3f YQvWsQsCqBfZIGAlYbQjPeHJIISVsJg8pa/BkKCCu1VgvnuyQoCAbawv81tMB6sh L66GdRK9zc8G4dcr1tjaxAp6/LW+taetP04yRNhBlXAjd10/6ldyaEkyLRk23dWN VMr38oup6w4rhFwWt8Py+b48djfqRzq1cdqrxx4B+qLsecEaojx3SgBriytofYhT a1zNXHzltqSPV52O2s2DPGkjQy9ZCIjX85WRW6KZ1e6aT9TXE3jzDJdtsAnp/jf7 0S0DZMAx0hh7ELKqrG0xP92IYh1sf+OhpubGIjuBAPo8L0JaQ0SmSWKUwfF8XrzX HCzu+MtnQ+6Lf7ctJ15XQJNEnSpEWsHPFpXGL2IRFdl/EgvIk75OC4JQ1kW3D1/s R93ikylznWBF7PDqWREq9Buo53ENUx/lBdsXxJ/AxF5hz8tFe5QnK5fZ+iYHbhPV B.3.2. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7435 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4498 bytes ⇩ (unwraps to) └─╴text/plain 333 bytes Gillmor, et al. Expires 16 March 2024 [Page 96] Internet-Draft Cryptographic MIME Header Protection September 2023 Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:09:02 -0500 User-Agent: Sample MUA Version 1.0 MIIVbAYJKoZIhvcNAQcDoIIVXTCCFVkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAE4jHFjgjvcL+vJbAAHC/TgYkD0lhFkLlWZh gSxqqlgjf4wieoJudnfk5t9FO9lLxUqqrqFCOoR7MTdQMJhgmcsb9G8ncJoWsNsO EZ5Fdt/rrxHgtjXJodVbrk0BOJ7L9GVfzQBPFdwKEg49vP6+sVp+CGmByXvdlA54 ueZCKs6SK2QMzodp1nJws4IXm7BIaJsvGu6huNEI5lNe+NSl9qAGej+oJn0i5vsa S/2H/0fxS81sIBfY/QYRr8AAb4lbFltWRWfQgix+kORhltIPP4A7Jo5a+fA92ZCT HpFER/cZBLpalp2M+HVBajOUgASwsA/Y30Y7Sj3kXqE37RvaO1IwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAEBy7Zg8b9DsTrdlACEAgiB5r w6FQ6Bugd6UDLrGOmyCSZ1KoCmPUxpb3veBdbYTrjSIuhkMYq0/ZUQ7JVS4jgFMe 4dHUshBT3CKj63FQj/fT4G7xFKuRnyfk7fpeaGBR/1UsvQ+OyViHQgf4JA6OGEk0 R7oyMOROcZznSFT/Em585/5Iq2dxsq2X+fQUPeHW9sSRRnDZQMmIhQGwo0tDI1vv OOlAGv2FP0p9iYQSzJ7VgJAViKHYoXDZTrGJnL9uygiIJea0gvw6f2jWLK4j04cl 1DNnQ4KYhWgIaPp5njGCKEiqssMGIj+TkkIYludeGy6dEK6f+Noqc7Lotfz7YDCC Ej4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPLJkiAiTOk6hJMM2eSXOzyAghIQ VZdGI8O0ZwU7vWIZenIr6HSnwSw6yJDWDd6K6bteA6qxZ4LMCFXNpNxH5VFIowK5 PqneUhXG3FUR88453uLLUDllY1ynMwvcbH0GGPOIn+tcP0VQHkFpmJk7qbmc1f5Y jOsWMVVdYDGqgiDMgBAPp2YdqNv6o3h+RYItALY6rebm/0FbQq1nSRduwh8oBlnX BOhV/LwC4CsqvRo8SigWxGOMMhrJeV2l27uuqEmOIA6fNpQ7yGiKJHxZ+eaVfDmy bhz9jPZCVH5gL+7cBE2LVTjDrF8H+JDpTC+uQ5YJzGCaxubDbHay2R66Y+qfSy1o EDXvli1/aX2yqXViRyxhkPteHBCt5Mtwqnfqai0krk76mx1JBeBQ7KrwPi8US0Hv LXnQxj8tVVts4btT9bNRh8WPAdnhc/elcokASMaEZIB/Oix6hvhR2/AxIIXEOn+5 HOHzJ96UhFBstBf71mIwMzwW/l27zYIzNGK9r90kUhK5psMMkR5Ul6evSDPMO3rT gKJJwfLH9nKvm12kp+Knn8QDoiHqAmjytzrBwgZrpklqgFFTG8Zz633BpPLwqb3s j3tSaGrNv0dfFG1HgGsgahfXtvvFpNFj4zR9zx7UNQASXTRXZ5lNVt69CnKkvuYp 45toocAZkYQhTGEnU9s+GD82vFxKYN6PL6oRyef3fvAZ9F9tYOw5xlyf8TZxoMIY GGM4Unaqsty6YmFqqMO4do+bF2G1bFXYI/2MXa34jz0tnExGOgZ6bsfi/5KYZIia +w26I0OOyv58j0Jy+CQ6Mfx57+9WOwhx2tOcYeyv1SM2ER6edH0j2bMgztGO9+UJ APUN6Hq/NUJ1uiBNq7e7nnDHFS9gyiHabq7GI2yilnEebZe32jw9OSyu0v/SyAsx 47m7OKZAukwI3h/9W4iS8L9cEShGUJtSKf5Bnp/m2iiX9B6lSdqT6nwVWEJ+67lv 6wonwAn2CDGDOsvXNoMTktDt4dBNb1lgLC/CgtupTXSosPovX8vgpb4VdzK2arCL ec8EIaJmGVRW0xyI/w+EkcYIzBAoUDIt+fAIHLz5OXKPFFs2rGHrmneOsWtToCcJ L3oqpz2QXV8/teUQ5vxF+11nF95vIBDeiZrEY2eAIPZwhdaCVc/EkzdxeE2Tx+cq Gillmor, et al. Expires 16 March 2024 [Page 97] Internet-Draft Cryptographic MIME Header Protection September 2023 JIoVTA/anwMUxmgIRPKdIEMevgiUe/te4pIm+aXhy3VTNlDk+AnGAHvJnh705Zx2 zmmhRUj2OL1sOLxHkC/bMz6E0vjMiE1WsIhxds3EW9booN06wCjZ6GUKnSvOj8S1 ac5kAAomzErAUisWkbsQ+lNCysqNGEowSWqOG4703CzjcCMDoAfwCv/K7JvpHxvv zosGC0LXLQHITM9qT2PMN4D5HPavNCGAxKQz5mJsovndj6BMJ7HqvhtPixWrLNK0 N4yQMc6NUUDn1J7h+PNquTtzRMqSURk/L/baNF5txyv5m6TgIHBfslnMrfRBEvuI 3sgpW+9aers/0vMh1LOLAW009kCf5+nkqQ/I8ZFaLIFvdRM+AkvbVaQN8li+Ew2z lef/Aeyo4X1ofNkmFTqxyP+F+ZrB3ZF3/Z2m0d27379QyCXviiNrBvOE1BXzadwd TqcyILwqQaqFlgEx2d4R/sdYoZLu95R9iLezeZmzYi2KLXmm/WGTzB2gzW0WINqE k0+b7Jqg4qVJJBeQ0UrRFBZvVwVDQ+cXfWZt3ij6jo8h0iHG+LXHlQ/sIKSmCZKK XV3U5Zz4iiOCCWEenuA69XN60VJON15QRBIiWtr5vjNUJ8AAg01qCygGZ5VkQzxi fh4YIBk0OY0nzVIbKKvei4mNDYNdv2rWWuSFSUp3MfqPf1Wt35sSapBXPgUNLujS 7J12ZGPeiV6iB7xibbLsIQQTjroktQrP7qgGvKpSu2Q6yQOsJd5zqrQmyVzzhKEo Vl1wAMYDEOO4vxNHSHpz6m4B0+ey7ltH8MpeXHk5cyQYAh+dn0u5uR96FWRjM6Fp G3gPC/0mS2PytJG7KfQOkOKE1w1zt/ypg/iAKsuaMBx70HLuVR+BiQYFTd3YO/72 y6c4u7BarWgn1FVLjnNQ4aodZyoDqh/DluEdkF5AkJb0jNjP8DQAp+78E+ZsO4OK C65HWQdfag2gNtTvm90RMtQjK7K4vXneBvWLahp74vouNNaZSS9mAAQQ/1YEDIdk rJxa5hnjgB4+m63U0IqZhO6Yzuv4AlkVtp+BdYcCjur10hvWyq4k2FwFslaROh0d idOlMirNC/rSnXcVagVonmS28Ykg61SE95r7CHtbUIKIGcsOe+AcSGX+mpJwLYqr 1qNV5PZZ/mFX69QwcDVRrzmDBLi0MW4iGQOup0f/S6RXTjW1nTvoJOmcm9J7/Bgn nRhkYcd8C/4g//H3XndKdxyojr7KV3UY7iL/KPHI6pIVI7h/HgPJTAuecdXIXWt9 Yr/Srk7R48cpqLxdFvaaDWe3Q30LtNeiL5czscnLubAT6LBstJPTeQE6vnag6N0J BU0Z0kiCLLIE6We1CUzwQjBzUAWVwHl2uTuFJZdPyVt94VpWeBEP3daeCwnJaOgF krgkYLC3qySMLK24Oy6X8wESNuJjTEPn30t6/D5CzLIF0SugIwd7GeswWfJvbql6 4Z7JiTCvpZ+M65LFmLn+2oPB4xh/hyzNe0qs+9Z1zd94M02TxZdk6LRaNwI2yne1 2Wv0Eg+JEjqilnIPljd5KhJLou9BwBKciZTGu6OgCeIWY8pKsfLFvMdxkUs41xvN o3FRhQ1UZPs1VzMabkP/NRb8D0pEedyPiY7v1PlefnU4jX6jP++Ejwbr8vT8K5NK zB3tC+1MfZa8YTb4zuEIz4ept++/At6oUaZ29DOzhPzckILTsHxoqdbudSpC/RQ/ djKYTYu3XM1EYCUf9fRDaowYjPTHjrNgFzqF/Gv7tAr/1EOT/5SeMNrKaDCngh27 BzE92JTTjgkIjyQKo39JT0DNbcxViUX41EIH17E7tzY7Kaaphousqdjo/mBm4SCu ncHK+mEBQ+2IGm8EaRlzTHqUqPXwwY5hsv4QMFezLQCFAlsgh1vA1/IpPIpESV+n EvIgZCr+RLFWnX4m9mEOKHjK+yTds+Gspc1BWBby3pQUqWFQa36zSfA6Lkm0vuFv 0C8YKHKDZdtIrhPTD7e1Gooz4yGZc9//xiUO18HruLHiCnsbQjSHaln+EFk9qzxj hRSI/4iyfn6mDqwFfqIt39GGA4Jk1eeb871bwTBhATbBkGwGhKVkeRT8xp+dRlCj S4IsUDbU30rS50SbJ/fRYpVB68nQQNCC8pE2Hg9TlopAnRY9kKiJ1pnMNWRMoRV7 axH3BppdTvAcqaOOXFAtTUJR1lSrJ2XzYQ4GzoaA6Y4VjEu21Vlapjg8Zd2ehtVf Xfjyc9vQSrv5AUuCRlQRdt26s5VveM0c9wODONxLgL5pimKUmPC1p/0oD6vWdSEn uGgxlXF/Y0qk92o0AIFjey7xiQELwIP0bl7ukxi6TBayeZMttq4y/OrVgMZMoM/p PWYnTHfoq+c6iuHc9HBcBlkUpK9crv1iKaNo9UgHvfIg87FkGkLRvol/c49VnRLb Vm2IImWCOS4TyQxWrdo+iBENltYA09vpCHw4wrz9qzCGEblfvHhFHSMn0V0TJA6r Rv3W7KrYhIYrLRouWtm6pR0yvXtsGK2b7w1Cn9afoWBsqOyxlAFfSwMpplXIA4rJ 6gbR0FIKgCA6XVGQQroYtdUihp+Ie9EmQuoesyzg3Of2T/ehNil9aZqmeh9rNuSM PkGIfa/qMaXYiX1pECSNgRaPeUkt655B424KedP4A1p5eDkKKAwHoAsPM5nZ3LIp WvK6pBZy4wy9ivoTR8WQUtyqf36yEOJLdVF8r5h+UjR2RGg2e0S/sbSyU95KWshp 2agwKQnzGBO08K8IP1ELlNP45stzpXYFcXxqezUwwRzyWqC+hK5RPNjP4CXjAd8j z0ex0sEoe+5laknet+MPWkQ1wGRqzkrgbiWbl5SFpbM1Qtfv56YUTe25h1gmu8ik cRBVoPVIi5As0Jpgc8cw/q/1mmC7ha73V22W5s97y2B2aSn457eXZjJ6tR0p6WPF q5PDDjjlvDliZP4NgM/uyllFbyi0gvW+TZiha7YQIWATaG3EF+0QTzBuHJADH+M3 4RfT92fV7Euya0+/nNxCh47H1ex6v8fxvN46aAuYLv+GVVKC5Sa/QQX3IwBqXBwa Gillmor, et al. Expires 16 March 2024 [Page 98] Internet-Draft Cryptographic MIME Header Protection September 2023 Vb/57a8+dqonQpvr6q8FjdymapGR4kCDVzXNdCgAuoqMRcuO6wJI+ZjgmvNHTwIx 03ASdCVgk8FZaR8hA0MKSDexs1iIvzEzWnckwVdGsuIszxlLmnhTiAxJZygh5GJ9 SYEV5exBe9E4tpAV2fKtzLK3b439ZK25JVCE4ZDY7M/4kPBQ9caFQzx5AiE5PuSB URZbMFLK4wldwmfM3B3lRsRlgHxr3D7X7fp7/92+fkcM7F6kGwoR3YZ+cXbVrdYP IJbepUoDIzoLXwC0/5KjivVlt/VVGrL5SKcQ+QEob9DlhP6l4jevV6KYq0QXEw7R r79EnzkKGqgb41HjP902y1agv8+RqLQnna4cpiySi4SX3de0ojbntyet06Rq2EDY O62yLHGAYRrOs+qxV3DPAWKnMbXa+Ae0C8D+MzJCk9ZJZNnNTRzeJ+bVBypVC5wO 0E4ouXA3i1tcgrjQqr3yg69l/aj9sPoT5ybE90+pdYccH0VO3beXOS+xZUUpcyqq VliZINAOxf4y+P7FgPh7+gvrfKYIh+SJMcxk1DxsO4zA4M/aE7QhxjivEpi7ngr9 +0v/VV6X+pCFPmFxia9TpEiiUG81LsdGCHSzedABgWFg0M7rsPuX/5gNN0s2rdti 7tZu39pRWZ4+HXwXgKnMPk3Kx6i5PMLEW0PlM7NV+pLLRiwS5C/8w0RWnzBlth6g nqX4mN3euezQmTrZAoFD0SEymLjLhOoMLIMEuDBp9k/4pQTE74VMW7ZwjYxz9cDS sAWa3+sk4c28sAmTdV8hNLtSey+NqA5hRj/bvVEiKNLvuilkbwlseIzqg4OHnrqq 6OgAaZ0bNxZ5PYbY5T2hVA2+tqja9FGJLCvFr0Dq7w76VeAui9hqmpQVmw9YrHmz TqYYYvCZRTn71eHmITO7j7MGTRnyfqcZNmM/o1Jya8vss8tiusS4DkGNiqq3J2Vk KjueAqBo+3uYmzqm5gKSbNfXrkDTZJCxj41ZYZto1dCCHUADSQ0vQ8QoZ7ICW7yN 4sMnoqOGL63m7oaqc4983iHk9sK1ZoB9rrkBqlQVNN+ZWE1SgE2ASfen+tnvFKeJ 72WWtgQtK7NhYVPfWF0pzOlMoBEwJaLoMVokYW3I1Cp2joriszqu2ALAmgGTUbC/ dafVABuvHuOErPhHmlp0yVcifF6496mspG2pRxEb3hhHkOmq1JwrVkk37qMUuMTJ Npr2r0galtYT+Hzmsw4ZMG42O9fUEyAvsNfF2VeanmBJRdxHslBwMHDEyxrkYvcE R+FMtAIvKNqyDTQZOWkdy3knwDgfz2TJ3M5guMPO9zdQLN1ckEDa7nn83lCtjJmw lujtT5N0RYIpkt0Xb9ZZKAsnxvn5LlSfz2dC9VFeoIn/amkVAVaZXZ9vWY8V5Ae4 UD6f19EhvZ2SbDCk4uRWCf/i5LcjKOyGwLOtTY2HCfqjmfpdaHDfNJKwikIx1Yly I5421BKwMlaQuVPYzBUgN3Abd5CaRn1etDax+i1N2jyg+dj+x5NQDBsWJ9IJUOXT nMDScnH1YW3CeuL+WBcBozVltZaO2RKSDCpm1z4TGTAGHYMoek8PGW8/ZBTIMqCh 7Y1gq54IRMIhO5JS+MTbp4MWaR570XxKrc/09PyDD1EzhIpixAOHqDf4LI97i8Pt M33AKEIwZjG7lmnCnURdu5YNA9Q1hBgjshd7tHAZI57I8UwdX/GrH/jGm3Zd0L38 xPfZpa9QSr2Fs/f54Zje/G+9vK543k5PY26PckeSxVFrAc1eLNRRXuP0DHVc5xxX pwj+ARVUo23qb2bn2j3Rk8u41Z+mtOq4YmLc5Q6a0M034HTqrc4jiHU0Hy2nekJV pBbOU/BFByUFHn+M1h6yRtgQjVKmC88O/aBb5u7MqrOsQ6cvNqHfs3A12HgjBxga +vBLwEHtHYgBOeZRdIeQwA== B.3.3. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7670 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4674 bytes ⇩ (unwraps to) └─╴text/plain 423 bytes Gillmor, et al. Expires 16 March 2024 [Page 99] Internet-Draft Cryptographic MIME Header Protection September 2023 Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:10:02 -0500 User-Agent: Sample MUA Version 1.0 MIIWHAYJKoZIhvcNAQcDoIIWDTCCFgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAA7foZVL0cKGxTAGMEqr24xmXk+R9+1tBvxo vVC0FR62j6F3bEqRPggJoL/HYhvhbCluNzS462O1GUESTn6dU0sFnAtHvpm/aggs ywFJsWc/fzzIyEN9wQ5X+2BWM9SofTEikdGaUUz/fub8KpV3ZHmpO+boNOMRWys5 gOR9GFt+iv5LEdqhvaymsdFs/qKAZBZo28ffE4DsanZEVmYufMriwoyRtyqnHD4A hmihNTH5ZCdeUUSZXb0w/UP9TWlQ9C3m663fywaS1zUNaol4gEpTcto76D/FohGk s9mZ4vFcBgGWzH7GJWJFWE4VRCQoNiWC4H8y+wIqfIDE9d4isEMwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEASY3CY6TZFO/11DvnkCjzRwpZ S+1JJ7S/t7cPtxZxd8ZVVAmNmVEvYkcXsCNbvUrTy2BlVFWYKuPOOvfXQVHhK4PP Yq23OYseIXVnsP7qlDMS/ZS+ptGBIXV2ZzqBt7I9jgMLC7f5i2NQwDns0720Slz1 MOIztq+Ccy8l31WlF5k40PlI6oy6PLv5RgM7v5CGr4RmGBZBiv2rQPYlfSSGvAQ+ Xn16CHji/70f9tEXfXGREJRzx/lIKFjz+JdROE4gptu/wXNjw6bTVTPx6FmfOhnD 8XUZA6oBjN14Hi3lLHzYlrhKQG+9owD4tsTcOcdIh7B8ZsMy2G8Mg0mWWHTWgTCC Eu4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFmrLeGX3dF7SOczv6nMLxWAghLA C3wQFKe2rnY/Rc4LgupEDeMq9p39XhDQIEYeYvcNiPuRC0ietAnYPfAegOQ1hsZh Nd87LpWCtj736OkRwUXhQyoVEdr8YJRIBBgOYC56WyHutkdWAFsCXrHhJAeHdq4y 5XAdOPX9McvqKmdeDCfanXMWNs28G/sVIfwA1o6Tg4COw7g1DXVJhYqyZnX2tvDH u5XM4EMVezY3F1dh7rs+NTNQ3ziFs/48dzIVPLmOZj/OX9o2pcnhzU2gyE2ciPtR t8p/hWw2bdllp5+ZH4Ma/Cmaz+48GrRn3TgQzSw1/QtI+x6h6RBGSVTRo/nTEvWQ t9SaoC1C+SxmEtHCPWtWLDnf979+I9ZGkqsrrjasoTKZAieq6KeTBB9Fya6eyyGj VdDEx7jmKtpJpGvb0pBvl8xxWKD7hjX2f3qbgFKrwuToayXLXCw1hYnX3UQ4L7cH t7h5T5m3pIehG8+HyNFOGvt1QaFTLzibQ1fgU8hdDQQkVhPDkPyCbLI3nFZ8HH9D V5dxxd6O2t6oNeBJQUKMAzOxnfsygBhw89fobdskQnOPOBvl7PCSLrzGMvvE1WUq wamSi94s7V6gFfUmbe7YYdZEl/VEEawzaw/eZ+wHbjVxQkpEZ388cFHMdHOnkhUG SFobdwBYQj8vV4hxRTuoM9V7ZaV58S1MuS4Z86MUkCf2V9Z/9+XgkvmZMu/G+G7A td574PqjRaFrOuLuEQHRRZgcgUP+5troXLRgcJJTYdZB6JKdfNg1ikBF6Bsl2Fv2 XxXU5o89L53X87Q6oyycSuZUUwhaVQbx4voWjnoR/Wcgo5bE9+moXhXHkFYOajDs UAORrQGVC+NaaVwpQMQujvZUOYQJJaRiZc5kALd8TZ8c2W9s3j4L4pDDmQcrgBp7 BVdBnNDh7rNwFqrsp5Tt9lJkaA7A3JcMhTnxvWQCbe3e8jbgj5oFfR0vIZju7md/ NwT5rzrSVOAHpgUGEalM6u+zN5YU1Am9aisFYy9s0d1j6uzGTP++UfSI6mJPX5HZ 7HHVExQmVCjVgQwpifT8sOA8GBWUb9w5i3+BXhJroFJkgELcna6RHiRasndr5fdK Gillmor, et al. Expires 16 March 2024 [Page 100] Internet-Draft Cryptographic MIME Header Protection September 2023 ssqW/DRjs+O5WlNfHhnXW6fBpXGeG7tUuaOj26Va00VWkpudP9jiH8qw/tc/ff4v 5aNwO8lMZ5XjKDnRNIkS4lSFTUsYDYhxpnQiIS4PRpbpr3GLKLm9d+vWsq+MV0xZ u4UM375UCi4ngrtagq/pgrQKdMW7zd6S019eRSm0QbGV97o3Cipr4+6uC+Hv/MHQ GTCxM/6+uTqESnsngQu5N85Zt/zs7HagRGSOozZwfakUuxpqyGQ3C5W7JMsbQ2HM KFwQuYh//C1mSX9AZU7Fp0i7sKPp6C211ErUeWUgyViDrwFRi6F2f0nDHNr5bmXy QCsJdvRIZxCQpWtz7/iFPlEP68dNsGZsz1nXjgwXycst36IRdPks4A3Wfx1H2Ifn BrLKqg1FUhJhE7dqo4KrvJ3zWIhMoyeQf6roKdxmcECrzigftrVRP5C7++3Jqj5U VFDeof6JedRUP1rXv0TYjzwta+PUhyGFbDIU6CskSQo8+Rj3U5uYGSUPsbv2bE6u luOPZYpYNKgBylPsoHZZIRbzmeTit4lDlehWANRFjCwsGjdMUTd8yca9zWr9l5sX qhWA3Vijz8CHW3DQMSO2obmvDwGnOmnHoxvjWWcexoTuT6AfTBw04XIIh5UAgexI e5FS/2RzsqbY9la2WhGerXdrB2EIWsO2xaQvExyuo6JJEyk+8IsBqmgRr7mS1lId H35SzbjwXkPK36si16vgsbDs/p0NIvrWE9bLCj9YZTagqyyUSkXNZssfQQdHGssE kX/pWS+8l1dXcbQxamf1XENYHuovkX96nTq7a8jxP62FR0fbz3CfcNSAmu3bdGGR CsQQfW996D18+xtbHuks801cJW4Lnnavjq+SCb7mZroFuDSeS96poK+g84uXPdMj 1TAPgXxHDuvf880nUeuwdnM4j5nA1nHGSnlB0U8ZPQTRn+MVGKHgMycl+Rh1Klkm DjwrzflGBkMbtiPqKLA1nsyHw9TnYfBqQ5MhlY+jnH4MaT8t3Fm3hzmki2m4u+3W AXeS5uznfU8p6Sbm5UvXJITRQbBowGD3/6cz04ymkjGwwAEyUyjUNOtlbjLa+8Lu g/zvJ8EWud3a0az7hFFVY0ZQTR4CympFQUNtT7lszCRL93lCa2RLD+LZst8wCoJ6 vdrHmCsuuXoNnoDE+Ox0CNGRZI9t6SleqzENwLpY//X3Gna/iLEdWzgo9V91DZQj WVxuPB6YLrlWYoClG4ZB8LANa1t3iGnLGSdzmWDY5ajrAEiaPDe/6ApPbHkuhB7/ fl6S11je2MijlHJn8x3NLamw7qGJeYdq9lnsr+5UbhU+3+xtIUScT+7ncvWgf0aZ Dib+Xv5ss/GIh3AwYdgx48mqd8/ERfgA9dbr1SiHk3KD/0R5t9cU8VFo449vbODy 1E9s2tyRU95zkArMudoHKvoiB5qBazMPnTEE3AKNbr6HDZwP9EAkpSkdc1ZXq5pW SvELQVvdVLtkG7Ujwr0GfDDasCMk/g2EFAROVPDhcPuAIivHx9Q2BMCX0ZePjeKc xOy/iTWnwCwtvlbadizD8McGqQRkFnIezjKnsGDkJkuTxuigBitDNM9m7hKR2N7r nbYcfPEJ+PorfaaeLIFThejzpBW38NqjPJay+APZ/r3fWNqb40Z/5pB4viBttLx4 ZHEqf/82CA/hNKoYDucEx9lJwB4CBniJDPE9j//Ncr20M0DJYziFgpb6g4+9KNsn Zz2HIkYvy2DLlgxzyCxqcZsmZIBahX2ID0zsGo8hZ524yyubAG82OCwKf6q1OcFv ONVGNtH4/GGzQ6PEjeaJiibzVYJJPBeaqpitJMiVdwu8Ar+yS7aO1p8RS5iXxBjV L770yo2DGgwU3J6BquWeuiO5BK+4AsKVSMhsQgz5q1krKZpMOUviGbO3lCx+SsNd pLevlECSZqkhjC/XaiHeoHRAuGd8Vo9LcntNjcfJKRXBE/gQ7H9nB1C7qIf2FngI y23th7XSrUA8R8xHi+AwWyHS8g+WeTx3w5yDh5ey4l1qOR5SpNvuYOgBgZhWxlsV agmPUcoULPsxeIyQYKQq42fcb60hJrtw+gYB4x7RPDQkX2bEA9TgaXIOYPnQnxen mkAlIIE7VSHKhPdDpQ6NBueQDmMwby3UbgjttiHXtffUmgZPTfE7G98Nfpq/8Stg RNPunCj0SUIbIrdMTUbyHOkLMq6kcH9EXu9NqdY7lBLDMo8da0edY28n/sdgrzDI 03GESEjBV6KYjs9gOzPGhUMNXM5t+pst2LbzFpVOA+rONMzyO2lbED8Vc0skQtGz H4Oliksszm1Cy2zFUXt2Y4kzmO8FCD+vfeTD/2QestE9geJOL3P0YQdGQntB/Wff 2T2J/ERLNLgwZzB+WQcBmH9rIgOEJ+LaWzHF7cJRqkH7b4wui4WsxpDlB1Tj3Xsv jVIfXsRSUrvCT7QBXcbHCEnCPo1ETMv6/owEysVPYEnym7zc6L5e9krLDoJCY0WR wENraaPluDZy7PA6NIiKknhAR/MxnpQE1XF5Bhil1l+1hW0KNooHjiJgHQrxkA38 oSrQRciYbzVsBSjiUEqZ+ksD0IeCQq4MzkwV+3WhQ2Y38pKeTNIDsRlweO5UsXXb c8c0nFaWoSsAP15G5TSqiywqOMEZ/K4sqb4H+FBrqXtAzxzRJmCWKW0su2WsM6o+ YEqxZ5xBL/GmTLVCMR+DIOV9Bd9fnKdjk1qvTbOWK/RFleAyMvWO1W79B+ZlRo36 0m5xGBns9m5Q6doBefeSJXmCBo3krhxznDD/RG85psnlxOugVJuAl8cWXnz8t8pZ uuyNZc59Sw67IQj1lvJlS5Ta90LcroATUGB5AFRkjqZAkvDF+9LaWeIaIkxFocqF UPCDVaxdupakvrw4+pLukG2C6e+GU0Dqv76Bnx8xfPrPSafG9whqi3wrzq3dWIah kUFnkhaE4tZH5ek1fOJYBneStouSN8Yf6M6qE0TsgFWo9EI0iUWASB9HhS6bfTCu Erg1bH0+JOKrf07HoKCScBx2cnlQJU06NET23bnUg4Zg2DDMdox/278ocQ8qmqum Gillmor, et al. Expires 16 March 2024 [Page 101] Internet-Draft Cryptographic MIME Header Protection September 2023 4cpayWMHvTMgFz1In1++n13n8EVBlKJE0NpNFs1YnRHYRk1z2x6jB1iYXbfPJxje pSx1qAL2w+hr/qi3NXnkKnz57h08weIgwFjf+cvF84sMThqf4Kr7r3iRdlXtY63C mmlYKZ3iJVZEULsRnCGXsOla6x9DVqP5a/EurYPWqlzvxXp5sCvqIxdfIc0IGIjg ncOXHSK4V0ezr0vRzL3rINxh8WOuvkcfqthJf1S9aeYS5S/8YEYTDdXf9BK/PcHt tN6SX8EPYpHDtPatkS5vHQG4cfdGQG57Z644DolSNs+bKsmjb2KFPMaEyoDCW5pN ue86Wkzk7ArN3HK6tq/HSqrSU4tUBObViI4trOxbNsPDFmcbJ3RIfcKKIVGkEjGD t0eh3ox4vdNkiW+5La75VAPGD7Ox40zqHT+6K2oNHfrAgRcecBBAbw9dCRuPPH8u +m5kNdTo8cvF3BR6pVOx4rYn2T2uZaZPZ6JhMsRRwHbYDsoMEWBmrhGcHMnrVXKa hnygPpIl0z5REFlWSliNMpX/35RG7dODm6TeK+Wtp16qdSLOso3Kd0BgcjEUbMlB DMefqY+0dE3Pts7J3UXPw8pn0H6ARrZn01euFeHVxMPJU3GPss/1B5Y+xtT2zrVh j+ouAdHOtXx7VnOwpYi5P91UEdlBOG4ez6eBc3BMVi5Mol1Qgp5Jr6eHrOUI1DEg +G2HD2jrl/ClhWcPUJSEZqqH3hkhQ25iJxBd0ol6F5W7NQ2MLaDeE2/xGZ5OBBPB stf0dFsoohdVtIM6laOIVeZ+TviAh4IlJoHZrmjMRjpZ7vGNlIdjg7z6xM4YYtCl piJl0n2/rr66+GS7pQcoVOuFAyBnblEg1HrJTfDBy6BAgA46Fe03npuCYpiBGoFR 4I791+nN85fE+JzuEuny182ui/qtR+PQWeNV/oiV8wmhCez8g2zDmuLwfNcAjJtI xQSOvH5PNt2XA4OjaJWv8YzHdnEHdSmV0gxm7g7TVeT8Ez866jn93fwOKo17shfZ 9Y7TyDCRIcg8hAi/kEM8eRL0G2/Lgb1jMH1HHTZuguE3DYf+LhGXkcvmmwzpAlZO vLSKYRWObJBU7ag95fr4LptxD0nVfzXyteyTYRyyjceeqcPNieg4c46mYxalmU9U BZ1p+2eM3AVLiW9+J/UmWE1M+oAjKiJ7C2OjNda2ap/eCLQUsvoHUNQKLz8uawn9 zVJiD40xcpahlF99YhzGTdkUf4vSSaoG7J2g1y12kto6eWS3SawEnm93qJAVDQFK I9lT7QKqJ305eN9WVuv9+uQBgZHBUfMgbaeGtlycTfasOD5P4y52hP536f7+jS9f bjyLRnXj2Pzpj+fr5XfkbsMU2tecChJsqoED7EhTeymOg0OOt252dORqQxb47Woy xRHi40jusIM+HWXCMMPRPYsHESSG2+Mu1IMl1ZN5ofSEUuswoFaboO/ssZaL/Xf+ 5rhPpG09YC+I9ZWYyotIl8HQbf1C6hylXTuWQo8bU2IsuXCNH6GdlMJIuTKhLGk+ +RAhVnCq9A1abcvuAYCDFnngY/b78DIENgq5cmSnC+1740SV3TdxVIVEmz8oCgrt 2UMbnsxrgmTW6qDLZdF0bda4854AI3SQ0G3UUUTTkq8+/E2HOVXKBsPKPKIMi9md mlRE/xKUvsb/Rtw2AoYjDEyciwi4jCc+nyv6ACbhWO17v9FpcHAb8QRD8BxTo2S9 bB5J72cU1BLec3z6p7ijYxn9G9GzyHb0R8kbTcwUnFsP8/LGhN9Lx911/2Y66t/2 7GtZkv6xcttKPN4xDfSdu6Ymvjh/2EjvyvitWTXCMmbVTrkLu4DXeBW3SUYawjxi 8UvT441E6oOK669K33yNnj9q+YtuUWm/vx9oIICcv8njy44W/tLS74wXasF6T9nB OdZB0NVb1cA5gCgkMyY96lBkTe0h0P5gQjU2cxuEsVc9FhEUsR6j5IGpPJAsmr66 HqUKznyG28I+Khru69SZnyewyvKMsnlCrMSMTsIDn7vfZmB7nDbwhSITm7t3ksfP /weh7b31c9dq1m6Pi89ZZ1hCCSA/VcjpLT0SwbjvG6s7Z0JXl0en7Yxr+09RxghB sfFSWHHhwXjuVC3uQyRMtF5PN4HGo5FI4tSqfWnK4ScVVEKXlSxKTIRJOkkyZTgn 4jyvnToOV6/ViCIEeub6qd/rU7H6I/01SIo60W+hjgqhO9CcHz98fH0lCoWK9+0a B.3.4. S/MIME Encrypted and Signed Over a Simple Message, Wrapped Message With hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: Gillmor, et al. Expires 16 March 2024 [Page 102] Internet-Draft Cryptographic MIME Header Protection September 2023 └─╴application/pkcs7-mime [smime.p7m] 7735 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4712 bytes ⇩ (unwraps to) └┬╴message/rfc822 inline 878 bytes └─╴text/plain 319 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <73a42f8e-8f5a-5c62-b982-82ace766fd32@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 10:11:02 -0500 MIIWTAYJKoZIhvcNAQcDoIIWPTCCFjkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAIYa3OenGvm2fxVDHCD1/mOK+G0pkvIp9vgH 9ie1Xt9FsGcfZkoi6msDh/Td2ZLZXWyP3RCOcqvwu3e0M6IEbbWhFVAdgkfJ4k1a wlfIpe+ECDsja7I4rP2Fle1lPelgQ0yw+pmG/epN9Ga9FVvfKhDTHm0Zr11mNjIO FRuTtU+G6A+hQJrCz+DVh/3ub7P1DBomlG+bL8PIcgSzVwigtc0Hh905uZWb8ypd CE7R4SzQfX6u2/I/9K7FgZ9pSp8zZpi5WvcBuJvSqeLgTL08mm+7AMAYHEld005y B5GFc9fTTV8ByI1eLzvFK4xl8EnFeQNVtcpoIuJ+BxAihm3OahwwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhCWApyit+JqyC6p1+Y2mE0rR LziSUeCZ72cLwSS2GXyl4YE86WTYQPgF5IHUymyTwtnqyjKZB2DUP4jOCqOOuHJQ cEVy+uO07cYIp/K1bZY3mKy5EQkdlo6qpOYJmIs03zoQfzYb/5FxBBIhudMqB5U0 t2kPTnlgFsLbo5c4FTnCzVBezJRyA1Gw/tQeZU2Rfe8xySkKEU00vUkIVI96X1RR UNPGVgO72/V4w/Yr0oF0ZT36RZdW54hhccAS1t7VZoiV8z09xsgS05xvs5d1eRzz DcaFCz+bvtACJsjt/UIf4PP1jar9bL9BYoKzI8ypqzxfsMJSYiQziKpEWoaJSDCC Ex4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEED3mqLx7mUQlV1YWlLnecdmAghLw +jeehq0xxQt5o5VAsKJcy0+00gqRre1nhO/2cQRsFmJHkOhTtWzY7H6P/0Ayw6iG KvSlATb7J+tV2lT4UJEzr9abvMIGwZ2wDNZAHuyWv7hKVuriVh/NLsDDFeJXGJVP XJ01saqeGsyx4UJmjV3alsjtqeEzcU8Dz0TA5l33v1FNXR+HB44Sejg3zHWLPw+2 MMc7WiNZeIcovrOKR8RAuBER74EawkBsNoAG+itMPIr+iTjXD1AJNOADfz2SBi7p zPMS5ypb70F0xnLwme3MS6QMSkV5Qg2llDVzDR4vfqgLWkjN/fUOei/90ERrY6Cx Dwt6x1oy+cIi6DmMKBiVnblM1UdWhGsgmaA6LV9ZKm4BFXPxZ9HJRq8JXgRwBXRO iH6xjdjkVzyPnB0jeGInCRBz5vPp4GFUhXPu1wJzuOjVdvMecqrciyF/sN/RfqGo KmZ2YO6iKAt0aijTPWeDprUeE3BgEQ0DWyjySWTsnAdqPBCT3XPpUV62nhb9Iu5/ P459Trn6R0LapKmeKdTSj6QC+pnDLe7dMIynjzirX+EfkFJVSiy/PgsnQlA8vRut 1CtmYTF3GAtBd4K58whmTBLBzyuJlXKNmmZ/OvfalVZ/+Zsz+vNdgvurE+Gev2kO PGn+OBtx35F7joWW/HVgzhySOztE9/erD/1mAc5Gi+YH5pv1iT7QLtow3x4srGHv TBugWvLVdIkzufB8k7IlDyMGYrAP70BK2ogKd2J4QqDot85YmwPephof+R9SzU2j Gillmor, et al. Expires 16 March 2024 [Page 103] Internet-Draft Cryptographic MIME Header Protection September 2023 PyahZr1xwg1Lbuw8Qhv7padO40Y+Af55ZVktcqV62T4PaYy3Qc+gTOSfcNf7BoR2 aIsaoX+OQVuL7SQol1tzETE1bliyZj5Z4DUWxyqmrz4fJHKm99YubT6qe4nlCTFs NrRcris570kqf2EjIs4VHzpN3bsbMG1Qwr5lb1KXT4EjBO7LFeNppze7Az9Vq3aM ZoLQ5YMG/OFDYOVIOHqjq9zgoRw2X5KaXC8Fzm/hiSqRVNtnQTXtQaVbSWUo3voP BX+0zL7U9EGyg3/ZwSLHsteGIoDGA59cFYaG75GTFeR6l8r97ETkjxmxsYbMTyRN 8HfSx3kQpm4ODyvWqaXZuWM+uzSQuTMXro84RtndNGUryVsQItzw8cCTzw1ejwj4 9MC92mTKgXkc5ShYU+TiKTchBUznGj27hklFmss4YC/V2Q2X5TzdFj6O1cuyP9QH zBlYkAgxl+wXuyr4Q8iYy2JN4eC+LQitnzH1EANrnQ06quwQPtDt4qyrF11u7VN5 wF84SvB7KsJaj6ft5FvsPjafdp5z8Yq585ytPwLQ8+os0fJC3GOsIzngpJPx/13d +4MV39BoENEB3AJe3UHtafueBqmwsZG1ps1gcX/Cnrrkrcywi8tfKEVXRaERzKw0 D41TD4R3Rlw5duqTfVJ8c8gSDR84UW+XZ8e9aXRKPkkQGSvfquuTDZ77ed+0Y5+g 2hse1k2svSQFnkH+OWAcGZy4RarI6CoovVbqaByGnwB3G6R3rzitT6g6b9kV+qpS sOnBanfi4yEoYUVw9eo3cqLnjo63eT61aOcl6DqDRo95D5VLZPCBt2xBh9D1KV+b 6kvyLOo8/HJDIQHPnsKwoGaQMXkg15kAx0aDxKp00IFxaUU42cxKMyEmrfzFx7Dj cXH/++jrGD51788PaAfS1L73WAlQafbExqQe4tii8gPrjCyVo3/XsIcciz1TJDW2 OOfINjUrCW53bLkxn5xA40FX7zOBGzwvNygBfhnUlPDEthU61q4MU25UY/tnFPqK 2GjtgQrOVpF1itYCjxWcFoEFWYCy774wU6juHT4nDuKpCLXuJcnyzRLbmRnQpO81 skocHI5mRHtDYfeyzioGlqGG8wC0c8JX3wrXHX8LSnjkQYf4mPiClzbZWXSA8Pe+ xwxV7EvU4maXQBIWUshvL85WdfXABKw+cvg/dt0OdCt8yz2vz44qf6BNt6z5jMJ3 SW7Bc/4FfH5W+uZV8uuXChFs7aWVW/rWAcB6saT5KoOm3EhrxXxdGJeeuOP05xJO UR8hsj95Icad4yP2mtnh7kKrTXtv7MsRsJKqLWrhaeSDf2XBvluolV31F/mFYmaZ gdvAyxbL6rY5dljH2moP4TxjvaA6V331FYCecnv/e5UZQBJLE4WEZYYAAuTwgn2p /B85JP1/yB5BP5pzmf4zM3ye64BKsmjN4xwsFkHuKg5whYiKQ+/BhL2x+Jsu8iY2 7y1OAwMhlBFADf5DjFsufeouIj8P3wpPMF3FVsv4hgkQH17zZiNtyaga9q+zSz7Q omgiUOJMcV3LSXnjkf8GhyqwEu1iZDmn1HBMy90ASC4bTIfHa9bBG5TJzDnNtUiC FHNcdERJw28fod0FPvZQaQuvN+sLJOtmaycsOnIkGUjqxu/GYRR2hBPo6QEuwxAG paGbRSmSLoMg65AEk4XKCsTrEQUWvejYnIi9G8J8fu5pLoHZ7HQUBttthmah3S/A s/yRcqqUz/83XOJuf/OybwGDGRGS4YO3Mnq9H6owu3F2h3BwASjK//nf1xm7AvpO RxskZ/s6dMLJjWA9+g/uacJozJa5d5Ey6yY2TKR8/Tl43/b3laJFj1rfRcXLPBJ/ AJQK60RoDNFmmJKIF66xB6g8wF2pumwve8XW/BK+c7baEInlSnMqHeqpoACrk9BZ Y+hM+2Pyq8kK2hvwr4eG5C14zlJSwrT55SNbSY28iJUEJNE5dAQzgy1f3vgO3Key pTCAyPZ1nZa/1ttJOkiHwdSq5ZdxxRWC5WZKv+9bHdgQqqmEyNgasTaIkdjeriZN pQMxHCVUBUggzpF90c/GOIx5F2P9f9cRVE5eHACIGn9noZgCrLsJ0VMtRWBy/dCa 3eSl++nDtO//2DHkUHLjdIZ1fcbqE/4BG9z071HZhOP/Lu9thTQOmutlW8s1r1XQ LYe9hz9oPTVDsVxNF28k8YKuivkBic+9tw12H4pFyBhJyj8+mhXm/dbkq2ivrRYJ 0tP8vrLfTbT5kocdUYzpauQR5K7PAM+pNfo6vpOLN+ODgVk9O3fOYoqk7GmfN0YU wXC3tPldjOSQhNCiH6YdMljREzY0lYf4u5hpBimeyS+WauFcNu2Misbo3e+4x3zA 3DyNYJKgj591NEbZA0Nd8pQ22qvBpsKyZTIav91dItnTsORY8XTvXmYj+wYt/0wB /l/G8jrnXetyASXo0gARxWK02+dpn+1waz4ml98luqyl3fwp6F5X3vimLQTSgIy0 RCgxOzZZBQxX7fFrT+erTGjtovMMXaLwepMqrB6aGAF611Ku6bQ0c9/RpYK+tegt R4ZqLYg4Acmam3X4mRmX9XZC7WJzYIFuJRQw7/vFPBz3dsrtt/F+j8ggLF+NLM2B yfZMUYJmrf+jU8PxL4mHI5UxLjKvhZ/LyNG3jbTXT9jQeK3AQ9HCUpXkFhbmrVRm LQMXiFq4gGWm9PgAweg3fY06TEyl1aIJyDNNeI1d9vWCiNG/tgH5NoczSUSbOPSw l1WCNMJRiJHAjWGHquAN/seBE3gCFftDU6UgZVAgHOwE3z6nVzAzrmfR/Lwe1kU4 T+WwUYBi0CMZn44ecVwA4n3GL1aWgGcKo+g66jUfTtng2IIn8dm84QtW7RDM4LKu iOfBOm42+RzL7IYOiZPqzAccfAOiFb/yOekTLaktqrksv5P8PkNkgGFBFDrMc5br VTOZVVDiZcvQZ6kvW1Hd0yHfoGSqM/YPcHvUGjof4khiq9XXzwFamWwlknjNR/Lx NwCDMKTzXEbiuGya/NZP6dKaZhSCHMmE1Y12TVgS9+q45eY3J0hHiKnjMrEQP/j/ Gillmor, et al. Expires 16 March 2024 [Page 104] Internet-Draft Cryptographic MIME Header Protection September 2023 txu2pgqDedURvXNsT6R+R/MIlcsUoRJag3zVxzTaJghdZdsw88WO/0IzTIIZmQwd v3nDIYOZwVwcL5QnjKgeMDK8Tr5BHBJDdV8QZOpVtki7/EgJ28ddySuaxqtzzYMX sb1eBNjSIjgx0a3k148jnf6V7PqVy5m/2OPcQmly/3qtl78b8N2cNBzBavyAKnUM 68dCfQ35iCnVUIfIwfnUVhNKiiKAGM1/6GBAN4aUgqdlLq4BBgJMU9aYRObiepXc YVKXWJOjsKOaHKTWWTjaWi2DEn3h6PkLidZm2ZMm5RJSwX5H5Qj4Sh7NcATBZNnS bBOgTrBj4ygNhnPWStTQOygKTVZ9beT+GLsJGD9xI6vejiro4j/Vw3sYTYuigmCM ufMS8n8P2IB/DjVU/GE2+dZ5mL33sUbjHIHJ6J6+1XISEI2F6YILoCK4x7gBp0Vr 5BacDYcAwfgbI45ZurXWaxY2ij7zHg9mupavujjwv6y9MuLfKHR163xEkFX67ZOz u4aCFQZ/8u4WiAVcyQKTypzfNxz117azpUwT7E2IEpPF/zDVpeo7K2W4fHgrG+lp lNc5f7flrrbr1O9/V7dMTmqocFjjaOmHOvpVV1kpKoscVEoEeSx41nMmyPyJkEDP INDak1B9tt/t3q+vEQkJKPKojFQlYzcHS4l+z4aJ+4ccU0+3K5tfrungA9LCevnY +R/RH+TIGxGMW9WwWjqmKIPlhoD8JmUK9tYC0JHWB0KL7hxf13sIqI/BpNGRZ1oG 40HdzmxYZW6HQvWQtUYFxDOa20ZtBp2rRxJmHuB2gK+Wd0t2/HXxQelJjaW0YQaF nNmee7PTMk1bCBYr4cJzmOCfTtHAdHNljrzY55BCHntWekYhk5GpzaMttu+4BsW2 lSrupr4xY1zrZkUYGNXLgU0/hmVCasYJSShypw/y8ZGpFI6uEzHY0gok0akWFLe7 7SN0PdxP3abKrRlROInFV5YC1hvjSnEStZZxk2Jv14j5q3dO0CWROB/y6+P16954 jSp+i1/FOp41IpAt22NZgwC1jMg89aTnK79THy+SSj4S5J/2h7QaS3v9XdGKmj0J msVwgavzK2amj4InTp5/dT5nMAA+GgvvF/8+W/NNc3yTSG/D3M5re7p2Jof7Ueo1 Kja5Sytmef5+Ot6fhwQhiI7nUZC0dgCXg4ZNKR7T4CHa9WB1YUOtNrGr+Xi2Y7F5 nJ16NC+K2jcYxfO27VTNA3xaOhtwg9pioeYaZmqErIRhm/8R26ganjVK8Zx9AmxK sn25U99AmTeiMNxwMRFFQC363YrcdX6kz/YV81DvEv9SeJ7psPYlCkTVJ+OUn9T+ PauBE+VH+Df/CAjF2yJyEMr+M+QZiXqxBI5pGC9lDRQvlEzkOKwbs0d1GlQroafw KbJh6WiJufkF0nInX8FFCIUKF7f3WoqrbGGXm+rgdGCthmxvv1T/vEuPSEhJyzX4 pA52Y6LUOg23VlibFqWZVtZ/SYG7gZ4mT4iYak7bA/g5NGLBi4DCstHKkWRB48OY bd/v/ix9ell8Pno0ximW9AI9vHbZqAmCpMjKMumYiSh3UuaxfN3Wv5dU6eUbQOzo W7yrSBHi4Ik8tbe1XjdKHg0Q90NHbxBMIZYO7NC8gTM/VRUNOR0wZkjo9yzmu/xN CDdNA2mBeFwoa6gkhUOahSLAgfCcHYKN0yv0JHTYULBkfGG7Dvp5Nlj5M0oDhJo5 0CP7VXrZUyYDUbGzZWS/JTH+VroILUH6exoyHIJzrwTRGqEZmEcAOv5/r6fGYQdx UMWrAAuh2/IEDketRdcfnRZLv9jmqJj24wFjcuaiqGzFlYj8VWvfjn1hZDUDpZOS aO0SEBBTr7Oi8iryKiT+fvaoo/SMm9fu+Rqatl47jO4FcZYHaDj0GE7KBEQe6FR8 S6jqCH+/IbfDXj/scyQAyE/PxCW2BJsihktnMXqz7D7+8C0JYiQpXw8VegGob60V R0fYbKp9R55mRpxI9th+PhEhggRqvM7sf1Byaw5Kl5s/+M43RPzL3hDdlgDRGFz5 jKEYDNArBSzxUCrRfGU8q/OrapWmIjAFdMcH9MSh73X6SmLMTsHjniSCQ1nmbZUQ uWND/WSArv0cT19TpVRWgPYZwQQFPE88x0DwcIaqz0DFpWgE/4ccx9uyQwfZeSb4 K2cp5yDrYxdTciH30Ha9+w+7/2XK/AfEgSBMtoYIkdN5yNggR7NLhjc3MzaHLhQx WGDSsxoEctMaRW2aXUTpzIvjwAM0z3Z/aF29DnihMhTWC88s+rizq5abnNNToDQ/ lRUfcGKmV48N5Qrtr6UstwDqEFyMqLGnqR3WNTQYZM+4EiAVeVecZyjOayQj7hF8 4vGVhj7am2+BDuVCY4r9wLu9n0VCniC2wOAfjm9ET7RmuhoebdVxm5DzogO07bAr lxhMnaxljhzQkS9T+wygwTBVedEJPb4H0EMa+E38XjO6l0XHh/F3Dp1yhW+RD3oU jwrH8KIx1e+RN0R3zmkr8I5RFaIWWY8lQk6YgJvbsKjgCSPg+/hQ4cL6uLaGxkJT gkBqMWgKsJFrcQst2zUg46wBjHJF+k1lcfkvp7dMQn/CbmiAZlkVTGMgHkrzBz46 Gillmor, et al. Expires 16 March 2024 [Page 105] Internet-Draft Cryptographic MIME Header Protection September 2023 B.3.5. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7605 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4630 bytes ⇩ (unwraps to) └─╴text/plain 331 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <27139e00-e05f-581d-a339-d2bd43bd0f42@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 10:12:02 -0500 MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAHDjf6b8nYADPvM7jm6fi20/h20vJSvpXabk JPChxwLJxY3a33r0vWwEanKZo/k1fbkxXa7w+FqMEEM/3EsktY3BgsTBDC+vN2Dx 1/hX9wBNi2D3emJnmwEv8vOmNxGeg+P+vZN7WjM6kqVrUgEyfyRkzMo1o8YNaFgB F/b9ss3PjYUEkN+k+Oi1Pyi3GIxPw1KoYyO4LXX4QQhTFOIje7b9UOZk6zeoz1qZ sBQjrOnh2bKeSENwgaS+61RvS1FKweluIyE1OuUUvx46WQXVJ4czZmdnSORW0+nD XbSo3Um6fzwO7Aqqbw82qHcg7sGhQWhbA4F2Ud2aM8p+zviUEn8wggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEARXtsiPCj7mfzszkuZ4d+30YF Q2pPbJbLfhl6xEI171WNKwmLMtWS10oQ4Ojmxw+W2/yJCMtUbIr1gXWOlkW07ln0 ATq9WCN99ipuScfQ7mfB1AsCelAoxbEzGtrNX3IInAk59oN21SKltH4hd3UCULlo So5A8AEJOdYnzb/Wq16ln1wOvAIIousVa335bEoAMco4rS4TitZKYdFnD4PS6tB/ 8hUlvet84cSYqoFT7Bxz7TfnP+JksrSGrUK6dqWiFPJbbQHtNKmzpSM25Vfm1gHV hPX7Z3HJiYpkGaYVmu89MbX52WeBrHj0BqMAk3ufG2exN0VxUI7j0burMpZ+tzCC Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPvMKX3d5Gy0duoR8bPf3G6AghKQ LqYpvTxH6buu+cekW2Pe2RA6jN+IBCcBJ+6cxCkvOPPnwwCJ69Zx1tMlcIVpUkuT 2TBdnTeSqCD68rvmVVJuwagJxQKiTOvRpxNTj+jUssmuMMiA0WIff/M5FFQAGJhq d0JadL7CjuJaHYu/4aw4Xk3Mmw26Ptp2DYCzr316UksQwHW+OnDPX+BEfsc4lQjj Gillmor, et al. Expires 16 March 2024 [Page 106] Internet-Draft Cryptographic MIME Header Protection September 2023 eup79OjAXl+11lwi1poPQrsB6TtxuIr2z8J99L6t4ZUT7WHmlUH6ukEeYmOjWIpD 9UD0VD7jZCAK5LE+YbDuoYuQ9vFjMnDmvZoyH5WAvSYsPSQSlM0oyVxEhKugQUIF aKcp/fgnqcmtN9ko8QmVCvZpR7Jju84Dhc3Bpf/Y0ma0Qzqpu5IYcPmrnany2x+k hDQaRsrJzkE/d0UJ7djUHuyeSucC9qj9Y7ch4RtWUjCKhsQs1BpFmAyCjd287CXh a03YYg1/Z3o8D8ZrghJ3xmmHt1hCH+1SOBQnPZrPCOSrDkU4+BAw/oGPVypqYUaI WJbk4xP4qi9EtLOHz8jOhMrgFlgMthbicK+kkHti3bA/xWM5I25N9mvDYjHHrhuj 0RcPBngxro6ZGrxvBYhXtSOGEn5RbxCeS7lZtAK5XcrAL5DV7mur+Ehp3NulTDj2 2GSNuneGWqYMMT8dvfG/UKmt5OdmOockk/x7UBMJ3TX0DQUxrJDFsUVUr1gbZwuE 5K16iZsNxoaZUi/cUaEv1ZHXN9GkM0wXNATMcbcHbbxxhd5+Zd/PJWmTbWK7Tde2 Bir54zdAo9Ojo/0AfT06nuQsVdM2LDr3PNEQ4aRLJzIDSA8IrQVZWB5wQBwS7Msf 2+CKkYwaWunIJ0DVUQVSg72bQ8xzT1NhuwfXIlekPECI2B8yaaZeLT31fctGzvMq jodeOtqynMwWQBrmHVw1yHlagtIJdjEXVL9Rc7jOWvlqlrHE4QmO3EObEmQwmUHs DA5W2ODPAuH373jS32Mq131XastFG407kZU6vHZ3HBtrBUmYHcK7Madx7/FYYEdi tUa6anlBEYunHFs6srH1tif3v1iIX9UCqoruSGyUfwlNSXpIxEE1bQMigNu9Vgmx 8nAq51UoxS7TALdy+xn9uG0JH4JbTptWJqhnaDJfUQfHWBKTNQmZLElIy+Dz+BvA GXT+V6Ay7dq0Zo34+NNVsnDa9rMqW/C8uDoCgADb4+JVQ2pwZgmki8FPHpXDKM7V HX19hK8WGNYPmFot2aNujTRIB9VWFJhUCNpjgc0xhzbTv3V5DTOmCuXkrQHe7JjB eR9BGvUs5KSjB2KegldfeFJSIz5zAEZYNeTkQVhAGd6r/OmYj0YJN63eXQCub0Lf q920ok8k65cBl71HZ96fJqTDAfjA3LKanV5RUAWaTQUCg0OjGgNc1E4pCXa2G3au VN9iES00s9wbsE2ZR8Hk7ysl1qFQklo2drqeKFH5pKI4bhmkMjeLIa2tzR6AxrnK jKxIO6fpCAAvWXf9mRpuJ5YrQBqChE97AqfaNwE2CeSOkO4FYIXeOm6iK4iCFlOG xG1R8uNt+OD/Z+6ODUGiogzH8GYjb1jDbLHn4q00hZaNiB9eCbP2Hx5ighKA72Wg nGaUCQTTwS2N+Xty/u9HGXKK9jDWBrqTo5YhT7TQ0MiwjRAZSqRii4VBjyAQAnTi ECS7wsAuljtRPChIW/JIaXlqDCTBg8hirddXSqgk1p9ZmClNmOtP7O7c8zxRhRii NcgZOwC3DG7asJZGXQWoje/df9XTOgI1ucxmndRwmID6y3BQ7qCge8TubbnDHbUl cAinpK16k327c3I0D54w1C+BNhwtRgtGTC3CXMsmEBqQ4fJDyvM+sLSNS+rxMhYR K0WrOlGT7I3oNHSTjUQ+T/vuOm+b1ur0ziYTNnLcWYtPYwV812hDkuHSkeEXb7p+ HBJE87WtIHoYpM5QZSqWBTFAuMTPD/+3n/w3UqFq+xsq58QyNFU4007+u33ttYda +UXtpu4iReGCHS4Ay151t57xFZMsXHVaTz7bQ3pBe6sEiXWP9uu2J1GZ7b0N7gWN HEWmJkp511T/OuhmilfxwdCQFM2oJvftqt8h3ex5qAn4hHgipUFI43AaSAj68LaD wQb67bSkJL2pMbGwTOFNkKb/Rf5O6ytV16S9CZJ+62Es002vE9b6c7uJQkqmdZW6 GQkKzxPR0ghsComJ0h81djW9BUg3qitlOz36GKDHU3PkmjyPlrTFamByceF1Bk7q FLASGnS22UQzPS0iPpNJrsHxr80e9LqvMB+ehs74gDeQiULdowlcnlLwRblJJTkc Qy3Cpoi5Vev/MTV+O2Kh3R5L86U/RSfBLXqby8dQISbEGUxIMe387kI2BjgDKV1R ypOOGUBTneqpeBkzh7WZ0l713a6BC4sunMqkd6GmrD12V0/AWcNDBU7S17W4IQyj sSNzMIeCE0gCVAQ4cJ5ANyqSFKwgbzcECBr7Ojbx3zsjOsXqSNvuZKzj4iQnbmvN rUhVnU0a1gDozNXT+jsRUctKu/OYwp+MnporZrdMktt4KZ/E3LPWnLY0tUBcWgen KY5ea9X7rPuons1LqMEMrLsn0GWQ3sDRw42vIPN+tmJUoeDTqfaW6knY9xvT7238 r1HcX6bqLLyQdBl5H9XOPEDiwH8dwYuHMlexpUw/oJ2q+qD1a4Mmboi7UYmaBTWn t1sFSUAmwKt+H5kT1ivROq72KwY9Katrj5WBcfZWdcPaP1ogsF1sb41UzVc6Nwrp MVjU+f4i6I1N13UXtAKcgwzUPR/QCQ1WfPC4oInSCeXnnmUFg/R7aM1uPVJOR370 5yoIy4T5p0H2I0jiuO1Nk7g5Mt4GulRXVx+mfDf8xytnh/QcQDmGER7HkFGPrHnf Ye0fjorSCNfoaJJkzwRe+S8I5MjT0KDsEJlHXhE5HYMv1OoYG3bbvp6l81FFhIqz EzkJKm6QSF4ucQFQBHhxoyPO0ck1o/XO2YSmEty76cNdgm0XDbqE5RY0dv6xX/Q7 oiNl7uNs+sCX/B5GXek4cSX4o4DpETAerxHSQ+RTt0uBGXdMa11MzXYzvVSwFu0w DZ5gk3U6ol3u4d2ybyXb6FdJE6Xa2HECqY+8rjtAp6kH2DWT3+ZI+c8nRd6c6qN9 pDQU1+IkggGB110TW+Y1l2fvOqdFar6K3sNHRby4dNG2o8KuEYT/8ugX0vubsioz puXFdGMGTtYdw1kDDH2jNot0LivJ83jCsHYHKho2tepBY03k5O/c5+/OUAeDDLeJ Gillmor, et al. Expires 16 March 2024 [Page 107] Internet-Draft Cryptographic MIME Header Protection September 2023 BKj18gSXmSuxbdoNd6bOcR+8Mavjb1Uj+FUJX5rfeYaam2hGe0EUzy7xUTFqIsFb 3FWos6oUdW6Je2nBEqitj9JmtpOK1pQV/+HtGQb52VZ+VrfEhQAhb7AaeHTo3s1E i9m6p+6lWTomxSefzXVKHayZ/M0VedRHba7aHrZoy6wq+QkpWGWzGmtr6RFoXJtg PloLaAGIMqRhpDJ1ltJMrbyY53Nn2GIQJKz5pzyx5Q3Q6RzHvYBb0g2n8wYsmV0H GzT/PMBUc6QcfWdNTIpQooRuIDL0p3iuNO+1CU4cDi5hiJ6MWKEyabsMqw9MWEX8 9YWG8j0fHOcyDaHh8L/kcv8kS7ZkeyULPrJg0LYGfCWUjhBuHRmjiAG1w/6XddgY MKeSedAqY1k6aWbfgz6P3R8q8tnooRT+SSgafEf6FTL1oRqhcpebR3Cxac0f27GY 6s5WyMCMpqS56o5eUExkDHlgcY7en+SvrgJ53FbgGiEtX06F0/OXSTn+zqiCmJAa nF1hCWkY7mqfFhlRfwBa8acf2zC6H8KVpohS4ysfpildCSvnl44YkXt0q4b1A1RF Dv8/7nY1Exe8PbAve8ZMWco/ymkk63Jd566Xc+wNToKRYWPA2Otwc2DADreliK6H Lh7rkX6ECjN3BouQjsSszZvKlUH3aUfGpXzR3QAPiLG7FBAI9VnRv6+xp1u7eSbV xPQvaCQL4wpvq1esafxBe382ortk1jN8QkPVBHaUWbg/MGrlB9AzaW4MoxdyTiSH 40lXVci3ed7dMCdOpQo4yXiYzRGqUCAbXbQt9uFjATfWNQfpYkEJ/Deqg6mEGmdC OYt8WhZ11YQGzOAtjbdjJtVbc8sqe9C4c9q04OUMQbBKeXCFn6BM60ZDam6AAUM4 gUf1zf/yuIuU13g4GJE8tQH4Apj3W/b6VDBcbqPkoSoq8Yeqq3qU/DVuKMdxUa4n Mus4uc41tp5oDHUOr+/85OIURWJrW8Kg5+uEduYAmw88k6s8EHdmEcr08mla9ayR m3pRnjAmN5vqrhq3Q403qXFv0ykwHjC2WOjmZIiK8cAmUG18H0JAbAcLyD5zHNIG PbQB45HCp0OGvPhD9psTA6eRkpGgtxhDzwvFwZqYOYrDTIURWvhyf01V9M4ic4wD coosKQViJ0GlpavFtNg5gD4sEbgfSfdwWr/91w+wewdfV9Jj2iOb12FcUSf2sqpv cB6m06b3ZyRlcWABdtI1YL6f/VVY1omR60muzBhIP2jZgVq19DNh4ybqAHkjhHex Z9EqQiKt1HmleD1sxtNKvWDkLMAIRmnxfrXkgWEsVw4kNSvx71kcjOd6nYUt5ye9 IIyIHxemsnbu7hEdWoaOba7pTmQy6I91CO65PcLvwUlC8aTP5m7IY7Uq+RUlreVS 1KcXieD/dXZ1k+TsC5UnCr4YjvCKLKhzSFJxEBDo72BrcHemHONC8gqvT68iOgny GwsFYI6H4m1ZDUvJvMq2AGNgK8P1p8gcvjBhZ5rTlci2PugR+MTkV+F8X55sCtHi NVZ8IcbctOf2OUd6hC29sKwc2T4mL2L1+aBxa+K69qO0ovkcoeEuQhp7Qq4GU7fF v1jGl8AQn3MgDjK1gz2EoRfpV/ldPutJj9AE/6HNJIJ+EA53GttHHHmTITkaMpfR RPRihuaXChirqsUj1oO/7/xSCh/N3YZqpfQjqsxVIUtYOaVvWXRRlKkZUByuc5dg rZ0xjjkZaZKEfvwfffsIl/bjUeROkAPPRrRDN90kOuRSa6jMqwEp2rUtqbJLiNrE Bd+WT9deckx1CA7KayNNnV4iaesg03rfB+D+vZq6NSvG64fBQR+Z3acg+EH/F349 2gqq5FU4XpaCtcP6u8/dDRKdXyhXy828ccNWJ376U3MGp0f2yv69hQxHZPoHH2Yf MnpzSL+rvM3W7lmdCCBe5R0H9EhU5cA3IgC9CqWnW9i1UJlhJ3YUaceTAU7maqAx AFEYkeFBrIXuFtPOJlpCF0hiKiv+ErAel8JsjbR4Uf2aQC7t7of3O555N577Kj5k e8ACBNxpQe1tSYgxPtFmCHZpvSoca9cls3dBXUlGhhhMtIqW0EfzMIb3Yal/J6Ex NS2hKchqPCdXTUbRg5N14Oyf3QLMaTFCNUj4F9QiKJF6GkYpbH7WWuiGAkZQ3Sfk VZYAoVx4Jpu2plETEqkpqP/y+ZCfYEj87aBCffr6KMZV5Dph2Prgk6lGWQGPxhlH b9yF43oTnrNhHvICmxveNRhRVNWNmGpCNqgTmzZYCsxEKauBaz6wE7RVC3/zrrjD lF97OwVw1JZzKXDWidcNhfZhRA0fYA4PwribzPsPQL0R3CjLoguFBg/O+rdjs55d 4O5UFNk7h2ClnpA8IN1dnmJtLCTd6o0QWLC9lS3lonmdYoBICIqbrrDW+1GiS4Ss pWHB9IgpnieX1+wbEGqtdPPe3+ePW/gOZTGnRvGvZeZbvHqrCUoGsqldBjwLBvD0 BAHwRFavH2mj9QTxr2bZMNtO35pfh0TnQ+cYnvtX60GuZFJM6LRydzWVurZXBlLo v1Q8PvIjPUEpAZx1k2qSRKreV97NQU1QknjdcXXxVQCef6J4g5Y86CvlDPzRE8Ou lxfNL1pfhQQyOQ7xjM2LCDkM2/o6HHjmqpyiH0F6sg/FklAYysK20loKgFQdi3dC lO9V8L/2Z0jZcA5gr0GWc0/Hu2T7cMeK8MNvOsRpI9dUQY5P1nQ2o3Ea/vj2qvPy Zlow1vZxNCYyml7+3AcsWG+W6Z70DJw1aOz2HAHiwPklH/U4VJtFqJ+Q000FmWeE tZkFcKcbivE2E/sBQ2fGnmf0ZF7fAx9D2CMXmoq38hJeoBasdfLCjIU3O+S1on1B IdVeW1nxpigFuyF198kJDuWcRxEIFJk5Bt8yG4KWyD+4R04NK/CPS56AyPoB/2CD lmLZUeWYYGrqFER375gyRnCgPDAircopx0XiEh5ZGox3ml7/QdkHXvV8kx55NLGz dNVeRNDadBm/1OIBkWpeQ2CMnuJHsIGDlfYtC6N4k9cBBIHfh8dItE6BYuDCzcas Gillmor, et al. Expires 16 March 2024 [Page 108] Internet-Draft Cryptographic MIME Header Protection September 2023 B.3.6. S/MIME Encrypted and Signed Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7845 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4806 bytes ⇩ (unwraps to) └─╴text/plain 420 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:13:02 -0500 MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAGXrH1WNm/k3nn8sEvr1NxWi6vN9dWkgNKBk uyHpuWbmQxgdsC4i0rQBk0W4XOaDdu5yYwt4uzqqfbIlgJQRnFfNt5Dj0tx+Wqxs /uK0Fp8oCFZ4pJQVyX4idSfWvbq6J3iTIA0cPHBogIE4y8mMuByXh97VK5IGKvXc RDYnE9vsYJY0Hpm//5ZUvUcNa7PeIJmrv/eJ0kjxAW7pa/64ni9T5qP8BKHgvcJm YFYS6zy4UMjRNEftjlGNZa6QElsy207BIZI3Vp3I1nvBCZI/Y6IHyN/Z3dKLG+Yp eRhvtvF+PO+YeOLjm+o76hCIkJx8qqg3EYLV8dbbthK1aDgNO2swggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAbVIWhJ9+bVLKFMdyq+QNi1mn qFxMKKidulH5s3NmRCYn9/nu82R8k+r4+FeVv+mrIIH90rG6v8pJZDFUDkG270Vj v+ZmqsJLTuV1xsS8p6sOi/1sdoHC/GBLUffalroOJhRJ90aoSYnM5b9h4hWxYFi2 ai+WG6mgK7A5/LN1OW5em+aWzWNjoDNDzLAcPapv7ZjeKA5loyIutbbl1Lgkta8t b+hBmyREyCb/Qh0xS5ikztPqgDO2n39erubT09E0YzvGo7RTmb1DwnH1kW44Sdlj wqVIwRlX4oIDLKMvPd717j7wEplmgAHCWVRMTs6E1cjNm+CezS3o9S+6CjkQSzCC E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECNM/iph7panVLTQtINOBe6AghNA Qo2zwm6jSmU3io3mCTlOe8vTtf9fspgytoop1I5ZqNb1lqgiz4jdvAbqYVo5nnw2 arDhE1C1ZaLGxTnRC0XQbC/b1tBmQepeQsOYizTIj+LdcZLN+M3AymhRPXWc0H5n Gillmor, et al. Expires 16 March 2024 [Page 109] Internet-Draft Cryptographic MIME Header Protection September 2023 wibbdCxS9+OPP0B+QGfH95bSynkzdmD5vIiNuVGFm4FQOPnN3ZuPxID/OpVTZLAf E9JN1SRdxiyZFDPNA1tduk3GVRuSt4Upb3X/jfTe6FhqDjFKCx4D1WypmTR9Ivba B/+DiM9xrEry0mv+5eauxR6Swoclp5NR1jSWHCbD7g8viF2dVA01qefOm4+WwMbu YbhjIDZtfWbNcYKtRnGOB33qSS6+K4Z0aPy0q/ACNzi/8srbxY+jRgIqimXxMCjW y2hmPPct8YYx8333wLs/psld/zLowShPRg7Fsnj0HxDP1AKYbW6ja72ER8sDONSl KpZ9JaHclqk9FWCBSZjqM+cChupgq74LYakwM+leXncSuNs8uMcaZYqrqM/nrigE gIQ0jYOPBVnmm2SAGOdLs1exex9K9B86w8zNJKYuZ17C7I0iicM1kEGl7UO+Wu4V XmYqLW1E9QmF+LFqXFQlhBbpfkRUu73us8VCyLN8aaM8Tkqean5cvvC02LFCySfp hhQIPKgNx7ccULAUatdK5si0RW1Hg94dZW5FBn87RqXKLoUYuck/NZs9r2tSkKCd VuE9o90GEQwhWvcZYiZz9OsPY4NkhMHQ2Mz8FeVPmqEmzRlnPJRBgt9ti1d8UfMa xzMfNZru7RRMP46WvpOy2iGvCUIDwaoz9tY2+Q/o6BYrOn3Fdd+HRIk3PxQERjnW UGcZtWCuaR3/ughENO7RkhD78sLGXe9Fzqj+CT6XxPRECtmd4SDSE9SpZTKB7rnr fK7+Y2wUf8Za0fZjiqtmfoLCjG+58fPGXlcrpqDbI+iLmXo/YaiEeLr40Ifa6R8Z pgx7Qni6iVHLFHV2xUurrYWQMqtysGlZV73kGMkIdfZuljygg2aytx5JvrKk4XlY nnS5+N7yX9lI7pDj+k7kFJpDG6zEDiHyMtOLgEARvI8a68+6+oI0/QTi/t4aE8jz xfQNWWBDxOqkJtvV7437P7D8RKJ5fKpoarCD9haO/WkZhI0zoCEO9Ii33x/Ww2n+ qbpfqiVl0FarBUwm2Ch2zCqF9n3xYHceJJz05UDqjn0i/obgYVYw0LHikI1Lg764 hy7xiuD8v24dOPpLBbVBqZnVTn++QsIy7UgkDOzCl3IexTSXIwCj73Jp2lNkyho0 NIZRo/SJ/otAG/qMzA6O/hip6tk1qo94Ku0/y2XtdTc2NyKGxwWN3lB8XnBIKDOo V3d/eCDvmDFm1oOkHBtaa5Zq7c4uy6b1V6tYbqOoQSS9DECTKMNcQh1aG3V/kyCy ddK8cKLDVPNXzjZVYYsL7/0ATa+iwjR6UpHzLEpU6BQWpPzkc6rgi6ornd5iYN1T 9DyxilBWz4lNVg4XyY+C8iFMiTcS1/+wocjrV4/rReyDX8/f7IMubpwtxC5Joe92 bwrkHg0imSBZv1oiZBVjORNv/QKD4jZhfjMDTbGTuMllowR6Qiyw0vgWXN1jbjP2 R/HcWFEej8HwYWTR9RUEB9GFnxPsDmv2EZEF944hp7Ic2JtI1M/eKc0r3VGnPIr7 q8L/4kMA1bE0bbyCKaSTskVD9+81+dNxWpPICArAutROOammgmwBQmjsyfdCRaCX Cu+P3HoDV11s+Nu6PfoZGjEBboaphvAkvRbboH5Zi6i5uw98EXbX/lsuBj+xpBeS 4ChlG/He6/z/et6zfnewQ7VVcmUwi3q5xIFMCMr6/w3uO31UgPuq6CqMZt7wSid4 78SPQ03EmUeAtottuaKyW38pUiyfzZ7ZpBVuPCE9MXR9H1B3ccuGNJdtUcPu6UBi ZZrkkg0ahBF25NNuTTtzx7reETt+LfQXQlljxYO7qfoNa1VkJy6ZUJ570ITorgoW sU3/W9sIujanCYHtJVHjnHnFYFasbzkS7XRi/mrPx/P3R2f0FQW/LBJ2CMcaFxMK JkpfZVBxHgHmv+g4UFnyECawrxDXoRuasd2F9AvB+YqkDLLxdHsbBiCnpjjetZyV DSv5Dlpr19jrfbgqb9OaQVigeCZxt1WXV2nx6UvU8ZVfmJPb2O2eBiPKl6GYyGNi cSdQYzy1KNR4Ge0sNliCYOipwAYrwcDmcT9S3A9EaTqy5qh9DeCuaHhMpQMrRdeI X7KKs5Q/8kSeLG2e3FqK+tX0HBDvJOXPV56NdwHWtuysW6p8I6HAmQZLG5e25MLQ UWkStjI9ot11X57ZbKxwyb5FLXR3dsg0RD2ooDQxIqxulErogz6QSgk413I3c4Lc YnE/ni5a0FjbSk/GozWoTfE/11FRKJETL25KwMSo7x6jZSnOQVKFR/z/gNdV0zsi MEpeExLkPt8PYVCLHJ3RNiLEGZBnWyYPtf2+SAZjNZ16GlUIbOXlCZxdJfQYP0M7 LNmRF0eBtydwhnyyjm3e/ub+BgtCDJCtYZZLntmZLbFIfFDoTUeLX2Yz8uwRvkKo tZY2yd42PYbiP3ShlxmIWrYllzlnmFRq8ack/ooosUxwmu3QOAC1k7Uzn0OqdC95 X0KZ5C2UMD9O/+/2v/bFohGg7FZH/kFjRUoJHgzG03dYS5fsr7sUQ2n4i8qmNWkF cQhNIsaCEYrXQcIaUOUYjn34GN2UcStjCxEN1N0LWvXc+ri72fTVFbO/oHEPdOLe gJUNg+HrBGZvDdjLvXh8+XaGYXhwD8sJR3ZnIjmL1N5ExrUztL6lY8Pxvi0TnntP AEXrJjxMX41WzZ4dGQiGko4GDmcQxz6XS9qRe6V06szDcD1WMo8K6XZYFSeogUvk Frw5z1occx5dw1GNI81ju6EjlfzJKyyEvbkSGFKh+KoSP24u+rNDR5pTXvgrZcTc 8iBC1dbgQrOfppXVfV8/PSjEM12J3a5BFK1WtHHqF4uvhUaYSc8/i26bW2Oe78Co bFqTac1us6O2iHkyd8a5rnA9TOzN/2lMh3Kxtlddg1bIAPvrHrAfMEp4LtBQqD6p ztbsFjaFJ38ErhFfyUNIFm8RpcLWFS51MTKHkhdq4hFgfYa3oD0QAHeTmtMydniy sB1VaSFiihGPdz0Jc5DH3ctkW5z5PoKcjGO+zInaT4ZQbIxQeXFofn2wOD6bEbk/ Gillmor, et al. Expires 16 March 2024 [Page 110] Internet-Draft Cryptographic MIME Header Protection September 2023 REar3MAKFvpYGVHrtRLnVhBtvzF5YBl6DDm7CA5uwdOuUlq3WZixz5T1N1IxQEwc 9giATZqkns5KMzd6HUzCrSCxRLK5pyDI+0wDg1kNEl/Zj5esdBV70XtBE/PwxM5/ WQJEhHmlBDokH4wFQ2P/MUg0l7DEZju64u8ecXqMMYV2IdLZUp4YqoStSIk8j7/6 hYBrI5LmC/Ix7h0UZzbJF68i7NgV15jrlraF12SEk/CCuAu28xtT8r74egOAwNbo zi/FeWIvtXL3Yhf8JH/ixoq7VIDucmaeFNTa67z3AZnLvpBluzevUU1n2/oHmgAD c9nGegB6z5oqYxuqQuSQgMbwwtcYw9aT3vu9Kp+gkxqDPfeegVTFPWSodXD+WBWg +wQD/alscbM9OET2jjYen1kbiwGbr1wYqPaLSlhm/PaSDCE7bAVjNhtm3m/PeThT C7OomaXsSiQGJYU3JcRGP1jHAA9WQMflsCimBfMFrv93VkJm0LdbeFeCunPeV/jA Jmvl0Cp0jBZMbFrng3P+kCJgqVMO5tOZzclvTFQu7FhgFOxAdC2S2RWyf4F7uYjD SfIize9a56bglabgNitpEQDnLMDcPEdPXUNve3aWTZxm/b6GsqDjw3xdXF7fHwHy 0H1HB5iZnKrIWEKEQ39v7kDdLxKN1S2QjOq67dK0BsJlfsqeXndO+aiVfX+Ba8V9 79w6+pbA3icZMxmE4NX7wwBDSH38ApMrlXxyi5RNSCT7IYa4cLxmHVHyWWm8TCtA N/vyBGrMGWZWavUUVdwk+LdU3PiuyOXR4KzegQan9N4FQk5UJtl7hyVfL8RSocom 3gqxb6kp1TSlVVi6jEBiMVaV3iIl+2L0MgLsoyfm1WD3RYkvh5+IMLXSotqyHRVf U4ba+gCxZl6vURbjl3xl4JMOOisTCXBKp9INr3eu0Q0PQ6rNbqx7Hp8GjJx4sXJK IgtRP7k1960vtSqMb8b8P3l/mwqvB78UlawDr7CPgxeEII5liB1zcXIULstXNjvK X4P073MAonSLwx7mNY9xKDRuPtDWULdgi5pXgs25MY0ihsN6STfI0B+TTC1WLQvT /5UVL3MitLxttN2Xx2m13KlM+hmeOihrqBKZhgZIRrxMSde5auXUlRqlcN9VOBrI kQDKJN7ep0p8O12R8Yqa6jeOvohm+GU0V/GjCxoilT9oCfhkAAB4xPpFCYEtPGyf 9JAe/NOkoTGE4LBzBvGERqBa058QXgQ0Bdt4tEVsZMdCdFWyBqjdic3smHV7TCNp 2UFw3fgFKGb1QetyuQkF1gdLCXf0U5PlKpA0G2jh7cerGQZsXZxnW47wf1Ndgw5s 9GR/NPdZgU0VZbJUN2mcFz4G9ZH529P6fDCpBdHNjytwEkk5PF5FGKiTbyufN9d4 rwNnswfum0xd+iDDVcw62233XsiABn7cTdIinAMgVFka5nyjer5rahKb1LbpTfoc M7UdiiC+v6jCeKAZ0LLeFcDzup+MiVZ42Ej7KELseu7DgSOz6H+D0irGKJYRFoy8 Kk005aNSSKW4MZJFKnFH+k6jbR7e2QBR1Ez5vZi1sll7VE8OfK/dig42iEe0QjCQ a2cq32gUJk9vx1XigKb1uXtnLrtgygNsmuTlwHaRZrJETIVUn/v+luj0Ork7eLSH ROuUdaYravWkRYwMbVSXP/Nien3DXvzaxH0Yg7cdWaFP9RTXsIe2N3SO6TzKgKgP cVZ3qwiFS6gt3oO4tXqkZYmnj1kpoxHRYCj/dtBywX+0V0oZznm/Sib3ldnHBnGR ucCCw37DDKxad8H5c2NSDOQ5s4slTuzaf/N1x4d1UoKzTCX5WecUJGIeAduYjdTm ZBrkkx+qPy6DvnzWVL8CaI3zfgBLoLuqPY5WRufCp9j9raLTg5XWFGabXFzQFR3Q a61HhRCp/PihuQjmzB9ptTYaAT8JdO3rNDM8Dp7gHC/KFkbZLvnrhZUBLWuP/YPD T1cKQst74EmxtqvkW8lG3h/NZZ7PoMRyL76Uq258RNkibjDhwGQKGWvHL/KhJXZq 7OZ8bdceHcz3uFYbV5gfPAbYWRgYtctF6Yg/OeMQBI7g0XTLzn9famG80pOiLGlV pfWUsjkiX5xP6tz6zyvS4d4QpT9e5/fB/PCp2XHEwEuIZLQz2uiqwuwnDnOmi8G7 I5cxhgPBZA7v73VBmLP5oJ71P5SmOWfAPB5xPXwmDkxhpg51s4OxDOqvEakQTU20 udBZsy4GSJyusTkeEy+GqXCcspEuJ8nEcJ7QlUTt1lsShzfiVaXa12+U5CB3kPen Tv44U5XkQpOB7Qny6VkmSy9C9FxSagQfsqhvS98xB+zZ+JFvSwpfFQ/1Z1wCkCvS FjkUBep2DtiqWBs0FW+UoQfo/hqYqEtYSyh+nmOJrozT1wfBdxLkSvH3QsC7p+Ia OaPsIpTl+8fwngzxE4CBOLHEuyQt8BrUrb5mvluTjATicxSe39A6sDqPK9HXjYbb 5eJfY2TT7PvH0S21hEdUK6KX2TPFgfam/KETn1wFZxFxf82jCd0PM5WQn+COYkFQ KbQgsiyDhd6zqS4o3gOF9gFyRAA6TtaTygaR64kTFsqWWFDA+V21fz85U5Wy0KA4 /s5Q11MJfrYHWIn2MsBYMi52Ac9JqK3Fm3uVltxRWtNCmOZCuoJoGePlVNUfA5/3 wK4Zs5XERUmVKEh1w8DMduuRbZfVvBmE4/8aCjDCVfbvxNz7s+Sm6mvTmDh3RYUF ycMXmp47bO78qgAj9hzCcYtJKzbYc0d6OvLKjesGXycWY8irkjwzbDxVcPghoYGZ xgverdClW38h52/Cb9jXtYFek/6ZTkG4tmzJdwxjqcvMsoZnmpNIYVRRb5bTLmRL JI3VBioAc8D5YsgaSmd97GnASRCaS2sR2zUfSE1mvXiJr94LrcDyfk86P/aHN5Ly 9VhHlyhjtILy3BOt+uArWFjnIEJ7LxHd7DknIYQ8JWnxYQyEJ+4zpIkS8weBs9bP BDxwfiN/gUVj+PbTueLVR8VgYzta/yc0PobG9liStSiQZdXoCzihjbctN7WbYb9a Gillmor, et al. Expires 16 March 2024 [Page 111] Internet-Draft Cryptographic MIME Header Protection September 2023 7O+E5GosuFO3VpWxchFXWSUziMnI3Rn9bjzK/xEHMgMe87ptvIp/J7dNwdHCYU2z dOi3aTvuK+9EcqUKl4k75wY+sysg/ljl+YrwZ6AFCOJ0q1R4Xpsu0GszFGAh/Pgc HR9+sS2JY1U32Pw6b3c+6PMohOZzb0i80GUOphN0SDH+bbKWejwca7Tqee6oKHRC w/zoutXWDDK8Wmd1JTScfF/z0DjHa771J+7ypwu+JcDhAhjqWWMYJ8G89fq9CkIL v53RWDv4IhiylEv0KDaVOKDVJ8OpOIc0I7SCiZDcn5c= B.3.7. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7800 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4770 bytes ⇩ (unwraps to) └┬╴message/rfc822 inline 920 bytes └─╴text/plain 327 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:14:02 -0500 User-Agent: Sample MUA Version 1.0 In-Reply-To: References: MIIWfAYJKoZIhvcNAQcDoIIWbTCCFmkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBADEgUQKlrg2+/XSX0UPb/Ei3BGHV9bPdcdb6 9Kb5AzgrFjXl62h75z9kr7n7laGQIEvqVHr/93cOMCfOrmF4Q1jiQC2HazguNuQW x9frIxOQqKnSf6rkeN/HeMp/z+ySEn2rAD/zJxQkqcX6vOLCR1O2whuQzkCkWSun vgWYeyOHcf7tbf3u/FTAZkBW4lfpA6vBgNXG9ntspArT1OIyI8sworBZho3nldHi Y7A/02cARB7jVoueV8YhcAs4QPGxNtpseWHfQn1ISTT+SYc+sBmmdznvWo3w9a+0 HrXHwYaayfJ9iH9gFLeiBGNC6yahQXMbgzxXHfFw6wl0LvGe2NQwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 Gillmor, et al. Expires 16 March 2024 [Page 112] Internet-Draft Cryptographic MIME Header Protection September 2023 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAjtCbyUK4xtTg8t0Bw1L16j24 DjRCQoOLLhszshjDrp9pnOh6s1QJv8VbzDevogdYjAqPWdrDmk1tuWch2OBIVjtv rUEXGs9+sBmZglM+6JKfXsvwXM38Yf8i4RRapMT1V8yY7j7QJCXZNh692flbhxUx yaxznpBTqRwT4x53QrqegkW5YWpDvAd0PjUTlPHJl+4ydqKvVxccndbagHi2Kr3N Eg7zWLgJJS/Qdmbo7J/ABG2iMGJy7BkfSI3Lb3sXtvzo34W92xyrQl5djXr4sdgn 6pAnDdadewJPjkKOCJyEMVdAIU9Esrr24u+3+M/JmBwK7n6GWJdZ24BU9OnIXzCC E04GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKsx8ZPSgjzn8vj4hZoLZmuAghMg iS17y/PtsB4ir0/csayKDxSY+QJi2gtR2PJiBXvcd5798sNfVd8v1gAXrRD7gEiG rc7epVre+xFxcPxPkPmvE1rINh7rKqqewi9tkfjHDslSuuMdpk8fxrzmMfBRP3Gf YaX68MIhEUPoP3IyaKSeGxmttqimF9r/5px/QHMu2F1jqMR2vTJvUs9Rdjg5C2Mf CGMf7Vq+nr3sfMAZCLHRJV7DpakDcI1uYHGAQr2v4Hy1eKpNl7MDWQtAB7/9+e7o HHw/wlfeulbduI9yZbQrHhVzRGzdVYSlOcQfqte4QP+wTr//Zos0O46bjxqFH6qx Sy9WZmLI65f2kJntJ8WLH+6Fwh0q0+n9vXSJZRKPIRE9Im3m+WyJgE21ONlaAr4t Xh3VetqpF2RpXduFf+h3Rwu9eNGI2WK+7/mkXizaCgo7MGh3xZo8vPW5RH0p0+qo FQRFYl33SI1EhfgUJylqZITamlC5ofheuGFaZusbIiqiwJzHAjGuXjEPNw19ATas Fxw1syLlYybYnxeXaPQ47mO+oHY22+5uy7o9/w9V+TmJeTzPoG+zjep3Ly11TJIG zVGFDT1boc2XbF4i3KtuouPppZ0Jwc9vL5VW6BWKDMpe1hDfTSuEJb/OPF/9cCNF m4ie91Ke26vk85Dl1rFKAiDXqTeoybboIQkxqJ9VX+9d+zkRIwZr6nDAfUicYZFS LSYZahUU7ynGZi9NCk0Hrun33G2dPkMsCWAhdI8/EbFZQW4r0UJup3/DfIBpS2rV Z+aZuBHUDR/VSdIJ/rWF3MvpfNBxPfkbts7Vir3inntwzEpw7LrVlU69pQQCq5mz VICUCuHYi+S6x7fcFQqDK059DlL4kj1bRiBdzWAE4iEFMjX3w1v9Gy5TGbWCXOxO JV8OQsyVKq4renCtVCZZ8+EsmuNsND4sQu7aiy1nBa0RCjerYLtoXQI7Mb7Q+JKF tQbxl4Olx+C1Y28HcUyLr4al5o3fc7Em2Ymvq8rfrGiI8RPAC+ILPSY5BjD/wUEn aUDG9H2IRvujrljKScWRhSFF7kC4cZTIvf2pSSb9HounYaL06fhn+ORkxqWsH/uw oeeC8WAfRb0wHciuPzXTCDxclNse2BbOOra+Py9fqFgD8JMxj3JvBLVOb2rgtawk z5j09zUQpXNudjsniOJgF9+gSIx0Bauh2Lvh9y/gQoEegrpixk9JYsMQRFLLPnfd jnp8V19NiAalG+Nb2JSMxtmiqCKOQnlOyi+zOXpPt1TVOpfF9z1dyIrJ9V7l/Fry xdak6KdpWa8OhZ1TCvFHg9qjRvqkMu5tsLo152pFxcFa5SVOgNgTyiAtlKAe8Ndx +2AMb2tEHmOEzKXSf4F92q3qI66KdMaUQjuwX7PjrJ7VVbv6lC1NM5ipgQd9OuMw eXeqwR8I52bpsdwWPcCHf4Yz+hcgGil9n0XPtbHEjSewRQ9Sbpmgv7eSDpLSdStD YKvIxlQ2ryp74wCMJvN4XfYpdi2wbRM7Gwth/65UADr2YFr4SvghWbMpJRZoQTGM r1ldQvlqL5GPz1XV+xegItPjCWNiylJmCKl/YEnntd9ZJTJpj4PE0f6yWwLwm0S0 yEWkZe/Glujp6G53HGJomLlJPYNGv85+wEmHkHF0au6K2LmNtdk1D8b2POiCI75w mlBF0CjkNnT6ThDsNvr7nc1UW7HOnCn5WmI02MTzEVPUCuZguB+txXNTtWuf6wRP eomizA+yRjQDjqBAvIEHJ1O3iTcMhcrcuBYFX6zAl20KHVsVadLS6KGcAxU9iYec 3TYoapsk/UQfBajAABRL+JEroUv1n4rUFkCjAoxHIgtwdeUlHvzGPAQPA9nZOKEw DIeyqfSvMiuiQ2lBO6jncosYYMFAmQShPAposPh+sSOEsm4qdyiKj57aukzHRwK3 Rvk0HKAPc86zgjVxycwmHqFZJQeQ+Wtn/F57FB4BgcGDG1jlkPBZjKSg6LwuWOGL wIb+INJGPjtgupHsxniigLnF3mpjS6TgRgXKxzXQExhdJP4LAWfGtYllk1b39Q/4 V6vDp3orU6LBaqPCkFSzm2RH3rFk9uWoKpfqE2gYTQn+Z/jNmjhlXXQ3AXi6205N 9GcA+cLN/Wzb4OyL1UgburhpV98dWoNFxwAUsRQDYklW73E1+7BG43xj2BR2Joiy WI5OqND9q5Ar4NdlqSNXKimbPKUs7rsmkX/4ZhGj6q7f2Ab3IOwlppriTiLNfuKh +0/pEL7ylcCYpfoweDGOHYkQyH5I//E2tZi0IPVVsB2XZYf89/Kx9kcpV3GTjOtq jDyg8cYBUIBEhk5iXvzN9qPQtKcYc21phk52AG2fKX4LJRcOO8i6Bt0AuDCOY1yo CmCou2RNUM6CeAvD1ByfJF1Ot5z1Z5vILqNwM5P0ceRYvr75IYOs1iwD9niVw4vz nrZF3p3st1AAqn0xU3+DGGkSCTG++Y6i+tUI+XG663dDgebHfG4hQO0uRjfwHkk1 mgxwuILvaKSnlu8RPPynmyBopwJzp42hlDsK/353KzW/fbNHBEVKdAdB6BWiqssR mynNSEB4OBiEtlHz+emLHAbXA2dQR0VzMErSu+pL7qGAMI0uYV0yGMdFwNkNz9Fl Gillmor, et al. Expires 16 March 2024 [Page 113] Internet-Draft Cryptographic MIME Header Protection September 2023 IMMZfN56MDXbVlupC4qOYV80o3JmFt9HP1Aym3gEcoTBqU9pywqtJ/ZKLQniP35o EGr83kjqRrZEWG9tkPHZ/goYnv7jkPny/Xl3VTzoeO+OYlwjfTLkVCeaZYZRjymO cRbwkDqoEceY3r+EzOu2EOczNwOpMmNGwEwTKjYQ3kCdfZOhOne/s5e07vwfttCv /Isj2aruUyiK5t3pVverelLUjrI/f7I3t61yBvIZ097k8oRfrzxtxGJCrfIL93hG xMwwYmBLePzSZJITPrjijQ3JeHWn1VjN8OY0hRvhCJDLK99ZjVEHY0qj2HHPQ3lX +xlyJM7Jyz3Npo73kfPBAjVxNRvX1dnMwz/ArIxdr04NDncJlKrkAfDGl2vhXvKp Iyg9tTWHs6pNeeZg7cNTdtHLI0TrCnlxYSp+A8iQGB2D8I8fVOX7XkqEO+WikEvs LXiTDGI59+tqZ0XeP+/i747NjJDkPfxC+1tDXxADkFBcm6+ANoo1o3DrmBCmn9O1 ckf6Mz0uZjT8l8E45Gfn8UBTqB+bzjqPBzfk/Ad19P9RhpK0j5mcUtz9qSPg1tTY wrwDro9fBLq0Z1fhJnHx3DGV7SZaMP6Uo60u2MO6NDVsnQXo+ocpU45CDsxgMvH7 elmYKhslSDSGRKAUvXv1VRtLB48q14Dgy93ElRmr491BmQTcgJIrlxJVmA/knZ57 4qY/jGQUarug3lCFcbiiEJJWMNoHO6Pe3JeYq5snveiH3tUwuHiJQ7awt8KJGQGP Nrw1dQuk2jhrYSsK9CTQJQ+7/pf9DP3EuB5S5lPLs6sgQ9ycVdJyZDkbUYXvQ9rl IjiIlKNMar/QswzUQSRGJmzrEPKP0lUFJY5YTVXunr1HaxQ9sFrt0VDbcTJL5Kty Y646gRnQbKXXMdS6EdLmvpCAS7idGSajo95kUHWLMl9YhOI2Nf5i1dNxz4EwIoQN 2dPTPDuBO+D528sXnKs8COg7Q/g8Jzr72dBWxk5SxcG4L8E+aX/XBIKe1eUB66mR bfrmdAuYy75WKrZjA88bzYg9hmVsJ8C5O37y6vSBOpPqfeus+IjIL5N37DjkUv+a Jbm1/hotI4RNSAUmtrqqbI/Jklf4wwk4/dH9+Tz0gfI7Y4UqExlV49zuAtSROv2t GjyuNOnIlpCZhvD5sIwfbUM3NxCNVwgQ/sHBnd42HDOLDlJwHrDTUH3pmIX1XYOt +HDxecBZB5r+vGmbpt4656gFqdmMikyJSNLfN/KSg+SccTFDoPVs2p7loNDDFXVD Nc2QR24d3Yn7oXTBXso/K4f0sFI3L+G3DVhnf4DyvkNErfYw5RBPgZq1SXqFSOCA ZCVIhoWYU5WtVKPp+tX2uy9Jq3Sv8XvV+ABvcimu9K105kcMMsB6EvACBj3yzZKE I3HyVjL/xsrBrMXhqH0liZt8XV87B0vzvGOACMrCzKamWLQgMjnAYPuSz9In886N c/AtcB6sd9MsIc7+eBx0ZrL0VLqc/OVSdmx2xZIHIRpM4xRKLkDpnQOBz7eeVtXd a0nqWLTlObFj79cqK3qZRTxBmsyT1U+EJpRhkRsTw2z3aGsTBgs0RRORRHNxoXr+ zMNlRpxeFllxFCEncKYlESBXh8O9hpNvauqQZEe5cSGAzxVBY5kJGl2NGtQ05emc JopRgZkk6NGhMomd7nSbC/Xm59uglu4kYFagCmcdx77hkQUYENdvC6VqzFuGSH+s 9VNLqk6XHsF7JMD5zX3lNIJEGL/1J6Xje0wHU35O3wxWpi3eQDvqMe61iWJmMWZI AkeoRYTe/AbWI8v6oRDOrYp70UL4oVbUj9u2XOZC3ileXlTJO8WNUdDYCFHhJxq2 9d8xiN0uKrSetmkXSIsWlkCK9WXIpu1XiWlkfa1G7lQPe7UzFuAMf5NfPVaLfiha pFFKZf9+8FiV0ITW1w17zRHppxxDlaAk3RAm/PtOJL879ZVEwMC/ojqcfMGHIHtG NzpGDh8/IJWfK4EP8TGJ+BRcgl402cEZNUBGlNINkPTT3+gPb9xqKal4vmyPxMxV QihLWp46rN+h09pWdfBUTcCu2i9pPduVaFQlBPhQNqQpldYGP3doV/0dAHijPMin 6z1Z4pH7rJ5lvNhbwsF6FgQJCx8nvblCVDHgaEKSnzffaLbNFe/Ino2Kcn8FyxQ9 bg1q52Tc/fg9OSqL7w0mtsCY1lXyP6Pe5JM84ZS05qbodmBiFJEuhXBWwbG70cGs YQXbas3elKzU+wXkiAhMZ6CE8tWKg4jg7cK0pFEquFdJywhyvcIB3ZcpF6YoYVMk 8rbp3tFrSPIZRysvYBaVWMwwVmtfh3Hm54j5l2HtQEsA/lD5Qj0IlW58kCvYKbOB wHdchLAjfquSyf3kRtf9fS/3YX4SyWKzqhw8Obwkh3bL76dI5AebhR4HWCQvW6r8 tggt4/qewNm2fg3MeKQ+Cf9AG6MWhu5NpZ7RPjiE9Vo+5NUwulIh1bFOnrbMTKWD dW0PveLdWdOVNVT6hnFTYYvmsmrhaDoVa0+Li8RuLhYsgVGahqOPxnmukSTTHcuR uZ5apKQhIgdcNZtNzynv+ruAVoSsf/b+TXGoLQ8ylbEY9tNki62wl+ZgZmUSbMxZ reoiBSlXIzLvNtoBpsbrB3hvp0v1+Iz1dXuEwOjwvEwwfq8+az/g1VA2iQRcDfzw uedZed6vGX9q89IBerou2y2Z7a+f2tILq6vUSWKR3ThY3dPBTDlCmVgcBvqC7u9l PMXh1SG7eGSlXvNapbDwZ3QU0Ztru7zefin7488j0qyv2Y8e8AjbxSpxl1Pgjn2d sTDTlm9TQ0N1Q2Z7JwmT/v5cVQeRqmmXHDYk6U56I2JRdLHavyNJe8G0pPmQX9f9 YeSL+2Zxfx+VJ7N4ia6xv8HOfMxhJxRVOcHEaAGBS8wSaWniyZTMq/CdD2/gLhI8 WF3HsSrzVjL4WzjrarXOGWrZEgn2H2y0mK3b52Flpvunm+TACpIhzfP6MkdvFLJS prCQH0fplNH/taeEMpcehv5qd+V1QHdAtx0Rt0Vx+j+gVyWtlA/bG8LtVDUX9kYr Gillmor, et al. Expires 16 March 2024 [Page 114] Internet-Draft Cryptographic MIME Header Protection September 2023 ngwyUZS1wKDz95Dz2I6KufzIftSxSJPWl2IoegVu7Eb7A/xWWdDojUv2cS/QxHiP NBplM6VCUQ9rXnhuM6wZQnUFboecqtxSBNmLgN9443vnRw+9xOUbdCQPVYDGS3MB 2t4X+TLBfJPadxtnD9YN+xpF2UZZbhTLBfw2gIlz5eg939BJ43WATFsrbXmvhVNm +5HB5zKZDqdydAy4fiGeF+xmQ83xA6x+bYBZdEyqDcNMgIjkoG5fit1dVkykgtls Iy58ittUjbA9wxVJVSazh/HTYpJ5qMLAFsq8zdcV9xVsB0SVuMRs4TtThSCej2lC rb89/BFQX/BHcvTEWgsUqjH1rjGxteE0kUPpbCWW4bFyY53ayBT/0p66TA36DNTB ddfbL26ptulZxKU4Gdlk1wR+GTaITVqEu7C+ZJWGUrf3BZyOqVJChr2ZwyKqUK9M 8wrvDU4eoDVqzT1z5Ttj/g0SGX8LjFv+Qznd3xt518MWiuguL/1FSSZeZPNGhFPJ nISe8wWDh9MLBCV8xy3ZHAVLjl1+cYvIHhn85T7ToO58X8YFL6ki7k5UPm4PYQsF HuSEWnQ2KZLPVUJw0ckbZAyWgzkwoR0SltIeaGvJ7nM/10WpLdxGQr3tnHk8e7PR r4rsLVQJvEfj8FLgki651UrcnKTEPtp1TChLZbhegBSSGkgOokLpDsR99hGdQtQT TCet+3Ol0Otq5uCRkncOGVDbrJO2yqONU4Sq0oksMt6ZQIEZM8150kh+bVxu/ixt 86+BxkTFfKo+yOL5/K0Qo0J2WK1ADN16IKZbrr3kQFuVOnHmKcZrt/kwttlO8iFj B.3.8. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7695 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4692 bytes ⇩ (unwraps to) └─╴text/plain 339 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:15:02 -0500 User-Agent: Sample MUA Version 1.0 In-Reply-To: References: MIIWLAYJKoZIhvcNAQcDoIIWHTCCFhkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Gillmor, et al. Expires 16 March 2024 [Page 115] Internet-Draft Cryptographic MIME Header Protection September 2023 Boq0MA0GCSqGSIb3DQEBAQUABIIBAFd0ZCRsgbltPZeKwiWXdgr2zAIdA97BVi70 qi2qyF9MtDCkjE1VWu9artXd4M220u4iJKEHTdBXZ7jbhI852ljKnn4JsClo7OqH S4F5NeZyaT8gX6LCnL/2z9SoWJrOIa28eSF7FO/vwxgzBYHtSQBtUzaXjimb6BQx TVq+GrpOiE+QaWzRTmip/sgOfiGPQBSJPRJiIzM0NIQhuc6ZeFpDyRz5/EK8Upuz kOaQZhpGBAq6QeP13CxmYYSk4jnnhD2AjxRGscnonaluELmP4moEnc/SOLAkVHwj 7wEdCG+PumR5Ni1Jf/nxeopZKGYNWva7zQDdTqGdMIIIzfLaA9AwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEALks1aYJrPOhzZXHz5t3vIx06 ssGmUbBL7qhD4quYbIx7rjyMPQ55uKOHih9F7PoSzE35IbnPLQgkDTs4ZtaVXcM7 PBVdS7qD5DpG8MG01KnAsJ4Jl0J69xinHszEmRHtAjKngqImWQGHJIFwqSyHijWu qDuVz8RajyLdLQ7hPFkAcZG/Z5jCr/yR1K/zZIntgHdm2d+TxTIJu2uLzkAZx6L0 H8/VXloYxDgzrZ1rRUoOwfr0VJMcOhaNBv0Jy5fSBItRA8j0D3YdWNX9obhn4trq mtm7HQ6G8fxu/pnMW3IaHZxzw1+HeZ7HoDzEmgmTjhlFmQwxxPJhxDJh3LaBVDCC Ev4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFUjt86MMy+RRwRy93mHvryAghLQ /QMIFUvM2LMdY5WoMKf0OvDUdxH0en9D0BFGuV7pAJ2MIc3jAdFF5dQyGKupr30P Bpoqle9nx+B/9yx8VNFzVX77ED8ilv4m4ljFpYSgPfLnxsqOYUz0QxfxzMRaipwY GE1YcqaoF5c+xx/nprdc9wBIAllzfgViI8uNe+sBU+uBHTfEU4/FAb1wc4YyiPAz QnIMQOThJoF1rPGj2Hyy0sDXub3rhylY1j80hv9t4gYZcfVsbMXL8nEPVl4pf5yU d8puc0TJfvL5hi8wX2TK7+iMXpsY8BJqs5i0LFlBUYN/DNDl/vm407xQqsH9ZfZs /HGlPUU5SK/7MYjDCGOkht/5nm2l7HgcnKPviwXmnFpsL5pBgyo/+OX0mJkJ6ogj YDvGkm44QctWqyaQnFxuQFTODSMsaK3bf+Pbpb3boL5Xe5c0uCb18H8q7ett4osn wMrSn3KWrfaOsR/TeinnfzL3GeXCAGeskFb0+yKW8maBPSo4z9TZ9TvadOGt+CTt jcAYA2WkU2DT2od17husRWjnyHZJr1xX7Rh6LjHuKm3CLF2OVsxP9gojEI3I0+Oj +YXlalQBv+9+t/lN6iz5zSKLXpluR1uEPzm4PyKhQkFMd4srFGRsa6BVMIHhjpXG kDrsdbX+xP1RPXRWsrAKsHoQ7xrzpyR4uSmW1US25FtYUg7G8z5Lo6pY1iFd+2RP XoVClVqvOS/F8J0mBR+DA3V3iCsKu9ZV3xtfe1gagTOGGAf8Gx/di4gzXts6SRZ3 9R5HWi6uYUYvdbJdPvH5skjSQ8K8RxvI5aVpaUKU7Bq+sok3nYZjY4sWvlOAMDui /NkD6AaUlklotIl8MjKPE3Sk4/TDUKL/jeT3Fj9r+6tgeROmjcQp0fG3q3VRbzjv t0M326Gse66+BjVJ0hEnvY0bHvi1mn5ig5U5xMglpvIQPgPezEXEj2w6LJULE3oV wuj4vdbOkTwDv1ZxZ08X6eaBXWihWQ91p4e+TtAC0SuYtaO6GeUBRBayPOuKNutE BwYV/BHExCGdu4S8e4aYElCzJKqLnKFhyfmQcdMk+s0EOu9Sc97Tyr2KvQQfoIqx vwsGOnMrDAx9BE1rQDB03ef5NwuB+sNZNL5afiJoRLMwsYUB0Epc/jliF6SveUGF 9shSHfMZjwwEtaZRu+bQP2u0RZOz8LVP2XqwHNinMJ0tHiBwagNYBAzuxGdTJZrY 271N0aevOLqjqY9XhiCfnddN9RVo/JI0+FB2Ac/UUXvhiz+d0/u+RK1lIig0VMUW YIEzvS9b7Km3WbbdjiLP1wGiozIhDiw4jEjiSEIhV467vtaOd+Okvb303E5MOL1z UbFo9wS1+aNvoT3SRRD73mFSzUlvjpXEsH2K062D7Q5wT6i/M7hJPbsSAAJeMSxO Aj+rJZQy40qWcPDYuXr/g+r9AjpjfnZTcbBMv31v++4GafzK4bPXmSmRpIWzaV7S JU+/7g3rmhEk2o30AMiOmm0TmyivruXSv02JSJIxwyW1U3xSWYNEu5izoHmLO/9D XrMxTVJiOhLKI0RTUQGOES6G+2vmprU0YE08pBLcI8ZRM8Wlbwbjg7tswLA+Huu7 PLpIv8pW/WhkHCISVcjG/xsWqPxnHafoN72Oboc1IJeDq+3j71qRJG27Gf4p6tEm KI2HTsDXqC+7q5cX8/d2OR8rw0W6oBNTiGjptNW11qFiEhrB40JKe+cH1lhDxn+H otfBlklHlTyR6U+ObJazcvm4i6F+f/pn3q77mF5BYakoE6L3TD5V9astEcS8pMQ/ IaU5vHiSndSPEj2pFBLmgdhGwhf40tCDoEECc5Ue7hX62dywRxjzPH+YuwESuaIx ZxLcrJ7o5j4TBBeswJ0txEOM82yJ+qeDtVFvQibY6PLiRuKjWa+biMk144lHS9+7 wPn/kOgreAq2FpFLJJlrCbEOqyORe0d1Jy6L2c6444aL699Tw7zOfPsXyilazfU1 51lS5d0uJhymls67PFYVjKDWejAB+2bQeE1HVj0pCmBDcn0fLWLPJnbeidYCrafm gi1YIyR7S+wIPmK5w5ofKNzpQaRX1JKQAYAR6PZF5c8Isj+1ipfi5bZyhwQRzl3g Gillmor, et al. Expires 16 March 2024 [Page 116] Internet-Draft Cryptographic MIME Header Protection September 2023 1E1VP/Eg4PFPfMmkOl62rPNzXQnm2iEixa7S2Rbzpcj0Lgu/h3PCccZnw9Gl2k4c DJoWmPdaOvOODW845ophWQCWNCDoEy9KJyJTz/vqC3Gyf0EYXH2SGNhL3tpZtgnO O1LfQJ2gu4dzBAMMgFxvfmza1se1xE+uhBeP+Fjpcfq7PNp4rc7fJu5JoVBcGMI0 EkchC9Q5fRNnyCwunYFGd6N7lsVtdDHDLKSykeEzSoGH32ZZbjkUXKyMkEcm5DDx k1FQSusYCMdFhS09n1+Q+A7gj3NxslrEPVrdkKW01aUgg4OxFuN4nV77NBE28qV7 hJOdl0jvZes+tqgl8nXgtqJ2cWaM3cspKT78fpwnqbg3rGkgQrgcpuUlVXO+sEk5 CDEQ9RAsCLW+A5VRXHMnggzobOmVnXAzLQ+M40LnyQTxn80NvFr5hC0uthnRAF4a 1Fu1CIaw2MMcrPHPRXR776hQGmMk11+1Qbr/XfG+D40vAVWulOLMw9vccahQqBjY G0Hv6whQPJEx66ubMBa8uRNdCTOJ9dJ1xYd/ETrswLw2OULJYtZtek8gwWQXgFNn X4WnSQSCbhN4hbaCmcnmXiCxQVHNruc5cR2YzGQkgSD9u0CPiVMHHVcJrXFjBKM+ //OmFwCteJaVwJS0fVZb+BeHibR48NZmALl614z8vGGAX7MTvtWd2KQSnKkDz7f6 /ktj8R1p7qLOMaGgUTX6zjTEY4mY/SkCuWeH3wrHHcvE5RBz9PbPU8QySOBEZTrN oCwBAivsGUEB0RbjLWuXoB0bx4Yzx0vRf69Aysweg75gAni6UXBOzp2hXMPZiCxS 1JhNiWJrGwY/q8Z6ATTMOdNfhKbN1JiwHKveTni9Dfsje6z4C1QR9p1fqwb4qGpw m6tVhn2G4cbOUThfELe/o2hv0WXqMj5ev7D48QZnR17Kp0tHvQqMYZ27n+e/haui 4O5F5HBuc8HCW/VwPRtprxK1ACi7jyfSQP9iQ/XOkYz0JpiyFZJJmSLlmFm3q6a7 JXkTdUPOsyihmaOQMZUaggBSX91HMjL1i7A8mCEK+wIEzLbQmsoHlaJ8SANoP268 6j8eCT+/DAXWWSGnqIsfB7c97m3ZkDZIFR66KUsvoebVWgVIuQSvDe5o+Oq16O06 3zB1xqC8z7LFmrX3P/IItA7R1DYMdaZdVh6Vgpgr1epfHDzy9hdvGV6Jzc6vAi8m TPS5xRdipf0OqwiHo9ohbOB6bFDCF9pKBHxzZkg2C4Ncjewa2wu/Kd2YlDhuVy2M 6xz8KrTPGd9TEBHL4VusO7xYgsdCIkdWUrHSAu0MdJAP42502bILxq2OFVLmjFDU /7lqHRYZll9Q7yv63A+91Sqndrb9MLzqX4cCcQryi0GKzKx2d2IZacSUViUoP09u ngg4T8DvUz51lGL1kbPSPnZJY2LEkUjemb9SZqGJmcguAqc91t2BAKZIoENUX66x IJpr8RprrolgomTGbAbX0rAqX1vyGp4T2iStwnNEtHmocetfGN5IdtmCEY3Xv+5a YJvFq4q49NAgz1mLXpskg2krz64Y5k/z7cYnsnsgWlLec9hcvSEyhF3wnt0j2ABe TK6dDOIcvy2JtucgyMOdsFTQSAxOvd0hmKG2/0zn/08j1d14yBZ16osCUzZTaH6t IYCAuPi8HfiYa9Ubmx4V9zoMN9c1kUqcwvFnu/6mUsMNJjvNukgH2bXTteckFM3S IfDi9yr3WohnQzt1vITL8c1g9iRxn1Avwh4C3X/CTpCNtAwTTQlD7ZWIJm7slgOy m0dk0coKGO87sYf0BECv4I7O5iyV20ILpsFC28RsFBJY/cxXFOCX5siu3HM9E5Z4 H+FaZJ5ToyAwhjvY9FWv4Ti6RSxz5OEDcQ3KJnNIynHKWihSg2Q7YpCXP1HlNgS8 T58rUJyJd0ny1RUDrxDOcNCx9KCsZS7K9k8O9BtPax6rUC1qnPExO0sKeNUzpBH9 vJhBq9ROFuVTACgHPJ9g8vFOAkdubhtKfUGHTFPkaGvSlV9ZrQ7j1jS6MT+Q+jQO DBjddj0VGTbdRxdkeK69fuUTP7rnngfE4lTzLCSFi5krqDAT6rJxKy77LwKi+qEZ o8YuPHciXH/gIoGnGgcOlKoEXMILHxWDFuuKNU771gvbbDoUqrRqsxUTxKeuSvHw Cc9cIvsoBHSlpK+wxmIOEBBSDfdeyvh8dpAtmrQHM8H20aYmc456+H+2TCTBpfcg g509oV7/W26AyC/0P7nIYV9Ar7sHgS6s78jHnfwv7weH9FB4iXXgoTkm5dT/vjsR uqgRxgFm84cAXmxgOcr4UrafMV5+PAXCzrZY+0xtCFDOr//Y/k67qTPZc0pmO5jE IxlPjxTkWvXe3oz3bOspcHjQwrIF0UpeQ7WL/uQskIzHkwkcu0zHnTKkZCQke80w xczH/bjD27nHOFzUWZkeUwjNd2MF7VXKwQtAPgj0T0f9TxGiyNQgKT1IdvSRS+s9 iiffpaOtdSlMiOiLRDL4CzQDy7Bz50DwzhrA1xJ65SIYL43R1vk4QIkSP5n9KkbV /AgJahlpkEdfqlhSa0i2BQW3VMyHSaLbnEtgcrnmNKcDDBS6XmM/KBuS/C1EsUBi 4k9+KQzY1CJcQH1Wy4fuz2su3P5uiHMbK2pm7td3GxAeqkzsqKFYgdCRMSLS0MLb jDUBmKWUOE8oqji1aswkk3DBxAKGh+uFNMsEGjK5uWGuJ5GzUZ480PBiyng0WdC0 VgihPWbHWDqvZcCspnl3ctcLeQNfnk1JbWdyYMvH5sIeYCjD6c8FZhgtaK37g8qV yWmXUVrflTnHMDVect+w1aJoAkCvDUcIJvqI/82xaC6uQHkixVsKu+etn7/FChpW 02+7TNMRKypX2uzpoXe7ac5mGAf63tUiRyMSSKbO1KRn/3yHCY4seFso3t+Qoo2w 830YLb5Zxhfb/Y5n3NQGVwWDjgyAmm9gNy0EJHDVKyxT9OH/leNVOQSJ9lpUSiw6 DCkNvxgQ27LBb8DEBC2jIZNc5Hc+ZWSHR38WCDj5EheuHZk1kbrkqWwGhzBfr2+F Gillmor, et al. Expires 16 March 2024 [Page 117] Internet-Draft Cryptographic MIME Header Protection September 2023 qQgLn9l7zVPX+UgQfntjz9Ob7SNGx+LJevZqEXLIk2kCmGy8lOdlwyaI0XMFcWlu d8xX3Yn4WL3rHiLHk2TvJ5cd4vtmjf+hymG1gUs+dX6HOapOyxUcS/Uy4CmabJ/O G1sWS2A1RBR6Zq1oqmWrHPrZ17ueDHLJMFh4EW0of5/hALa+8oZ4JqvqQVhxaIQZ f2/NanRIIbg/Gk8mS+xhmojHvBVWovqFxDj7pXKr5/WQnDFdp4Dn/cKGeO/uwwhL TKBwaGuxOfl+Wt1rliL61ccrFd5ig/WBcGUkHTOy5kXzNHzjf5LRj9V+R5AjWy1t FJDar2UKU/zYl3BKmesrL3CIqMfEiM6DBvj0vyI4E2eWceH6VCQGCEleHCGR7WO5 S1uhPIAvBbSFrA/lCSqirWwh+NYrWq29672fA00zm7so6xAIS0zPJquC/wI3VFM8 T19KG7zDj+O6iiY/kNyLqhLdGRcCerXNreYF5ECVDPvv24wDNYNEdHz5VViqP4p9 1RT5fozXiecBkaLZUAJFZ1xMHuU6xjFwsCKvnY1VNUvePDXsiYE0WXGj2EwTXRcN zUvFNX0a8nB4bEwiQ/YfTKXD0ddCNX5jwEhDdf2fe4cyvmuUJFxC+F8ZdydupSrH Qu/0XTCLEA+ijEDmc/7GXAQ3+P4lVn4RvdbwnO6Kn8aUPge5yzSk/XNjQ3G/eHP3 twEYCIhcWH1TWHx+yU51292CCb6nBvO+mNNlTTmTNEwmYMJPttkVAmMRIoxcOOK3 tdQtdnVty8ffhA15B06PwNuQ+EUSbvZxLZXrbDA9X2RMgfUqEJfyIWTIa9M57rsD 83EVdafKSbP++/EpkMImSvPVGMawSSxY0R6Xbz80ER0OvghegfR6Q6dv5NT9r8CW zmFtg0kmjYfcUR8/mt+EIFO2524dzqprmI/sfIW8OfOH6AJwSOGqFxzuM1KoLKXc bEr0mv5Sr89W1FdRxsH3zSLnPHacHx4GYO0tNh71eeu28Z6VejDlIVOf2wy0Mu2e DsjxExn8Jsp4SKVY6USRe8mWcr1HAdibmFNjvv97DA9+3sRp20x1rk/FGL504nvL ArvivC1f0t3LkTDhnXI+/Ae2jOdIolpJJnMOU9XXVnzs2A6v+Zke0ZfsS/SoPq+v vME37CehB9IHyjfYq7pikz7vLFdRn7JyIbPqExItB8611sXkKvJPsmeKJE6kzvJD KWZrv4qEgfqOMJHavYX2TQ== B.3.9. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_minimal (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7975 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4898 bytes ⇩ (unwraps to) └─╴text/plain 435 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Gillmor, et al. Expires 16 March 2024 [Page 118] Internet-Draft Cryptographic MIME Header Protection September 2023 Date: Sat, 20 Feb 2021 10:16:02 -0500 User-Agent: Sample MUA Version 1.0 In-Reply-To: References: MIIW/AYJKoZIhvcNAQcDoIIW7TCCFukCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAJDxg4GjNIIaOr9Kf4xVYzLZ9okfUMbBaiZn ecCbmpTZbaEOu7Lsxuw+MirounSBPZIeG3keg/uO0HHo9r+kHDt2wq97StpAQRTE Hb9sdS0xHiGYiH2vpgtIInNztCQQduzOHBzbGtQWa1KG+DoaGp3jzqLp3yaP+o4f BxcCLcNJIxn7I+H04wSWHE9jQpaguk/2SiGzUZxr+KMP+0HFuYT4l+72cOVcAAXY p73P8kiMMj27mf28SB3naBDB75+fwsgtcrfqOPHBCIXwyKnGpJ6vmKvFvEzAP9kM oFQGsi7dBTzi+MQBtg6EfxgHhJfGtcHfE25FlAJJj3o9SbGVEV0wggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAVQdgmLjOaxQWmpnLHXA3Y2Zk ZWxNCpmIwmiVM5jvuIjRsU07QcEkLYXVM1Jx6UbJ5A5olBUM9719poHGSPTP+bv+ E3U4Nx1u3D7tgJ6hyZNhn2mGfZmrHahQ3ZZvazhBOpxjIyXo8NmxHIoql8I+1loG WZIZ4lICZl/nR3Wb+2t8WGW0Wpbhqn5GJdngzvYcRzna36ug4UV+cdp23qceR33Z nD11PDV0Ss1cGjTH8qpL/45/wOjuLWb+8dOnsQZww1PiIA4XxJgsIjcwD+/Z6g4v ql91e8oFFZxa6QwoZKrX9x2mbzkZoIugF6sL2TQS87WiDd2SElT8xaqfgYhLDTCC E84GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGR32whnqKtvXU4g4YzKmm+AghOg 2lFfb92lcqqgkptJ/+rpubdQoPqjugHIPlnXT85kvzfd1dnun9BqrSYaT7KGeVqT +h+/4hHCwH0HVE3d/cnxFzXrr5a4KoQ98mwnSeDgPcRXUg/AX/ujo6ISFgLPMAbl XX30BDL3B5CamNf99TxPgTl74qeHHXpW32j3whi4kZ3O69YvwItHKFdfpgwa+gg7 /gQJeJUJ5PXF+RLOCA38aA1ttNNj8VJ1shQTarg5EcmTABp56sq7xtFFnBnTab9P ZEAvuaFUwYJajkmsydsmFNLHFrtoHsl7KC/VIgRP9OB4jiYs6FGUsxJJFUSXLH7U H1DM2i/L/AXCVKDvI9UKdfnroVFnYUN2B6IHp1ttX5McGsc88N1/rms5T8Meu5t4 JNBrlOMRzGAzdT4RcsJehRBHZHcBdVFM+ia2LQWNHqCAGjCqMxw48Yh4YwPFf+jL oOkQO/iodju2oUkgbHORifXs9NDSPA4Pt378dD/8UDbyYNnYStzbf4w8dCyP6Bzz 2tFeRao9Pmj58lIBvsD7KMHSeoQWVZSv9cz12tZ3S/44BLL7J/o3vQFfSCpsImsP LXf8pGzBlyoxtGlVlRucmIX8WqwjYx0ks1rTCLs8hd82kSTD42D4MCOC9Q5FP1lB t2P/mwryGVBH8nrd3AKqoGV0fs66nKow7PptKKF1rZt+6/GUe6w9tsmGY78Ttedh /NwhsA2gKoXMRefM84UTbV5bVdf3xEeS5spdUU/tgJkGULHutcJTuf3e/y7bXaeo 79y7TmuAImqltF3q/Ca/RCa+Dt8fjqNoeFW8PjB2e7+JniDtCzRFIHBTgc1eEGh7 IGGXl7p7C31HY2uC5dfZGiMgIehllnbMUELM1FXa7poslg4lxhv1Zjp4D2ik4YvA VMITUelZwn51gIs/ehhyfBKmSFML/X4Q9ORFUcogCi3kDjd5J5D1SMZGzLIuWLGY tUuLHOXGDiqxIoMoe+aANm27mcmHAJNN86lKeg6Uee4pAIQpOUIM7NL/qH8tZnbn lrZFXYTKcot6xU0bDaW5pnsKjRtmlsrHJ4ptM+10GeyMai+YGJE1bgdsHvbv36Pj 9yzxUoEY7LXDo7AQbpe/PLZoqXnTMQi24/+7jj0MRdxWtTNjbQRH7vYeh3mwDvNN gy7AXcYC+EM9Zo6O4ZJ9Ui+b8yzoI8oWJhi47dUA9RNxB4JOu6RV285d8pCR/pyR kKuTNojs5j3uHfCRwyriuVRGMsJnoUKbbQ9wJ8Jx0xamrXJBQfqp8yi2KLpxeYNi cyMlkErYBCBNuLX/q2xC2tNO4dUvE7kVt+bDOozxlQl4bRqZJAHptUWxEuzla9Mb Gs3M6j1d0fuXMjbC338aAdkcAkqWYJ3kOJuV5xwmsY6OKPxaQ/glvL41gGA0lbdb UFJDlNr5mftCfrDflCObU+Gkcf72xtGnlaF6QNSdreznJjlhOpHK/4IrCDcHWsbI Gillmor, et al. Expires 16 March 2024 [Page 119] Internet-Draft Cryptographic MIME Header Protection September 2023 JRO9kz4gBp0L4T20vsAjTq166fhrVZNU18mh4b//LIGHwp6pITvfA/7PsP/NBewS 1/OAagmiSYDKONByLYeSND4iMPv/XC07RR7+LqjZhEZoQDxGiA4Qxaz3D0wIBX// SQI1r7PA5xcLt03AWMbfoUX1IDpgoCL0joJqKQsRSCRvKS7tMqTq8R4jq3Bepx1h wY7clFUh875araXYrFP/Qodw3v1weVou7gkIMt3xYLJdPukMzovZuUYtFyUbug/k KdjZMslV7z/5zebF6vXdE2T26rJX/x2lnl+/6CNd5ouzYjVtYUD6keay5McDeWm/ jd4L1SWKIxIaP7g63Z7PfoESg3LfZSSQqEyoBQCjsIzovw44nji7g7hhntlRUYfW ansgLFyQjIoytcp7jSTdkUpDF7D5gVrzfRl3Y38ICQ2K/s6kUQshwg8+EOCIJgDw O1uW60Q3mK9m5KkGkb4gTHKhQ6EUEKiYzh0N8LZ6EuYh2U1FxVSVojscPXSOkUm0 MGGouE3Emh5oqvM7RZlUdZqCgZ8GEsXyVd6Btw6e244ScNa0PawcHxN1Y0NL8x1Z ZGjainNwNhIm7+Oh6310xmWAGQDHaaxuLq/IgCmjzykv/7EIclsAGx36HtroVBY2 hn2AvFBTd5jxgwRsQZB11ULfzFbJI4DN+3F7EgZJpHlhW3FDU53zGIMB8/PyDN4n w42R0kaoGxm1FMMfdfLEt9FVvraaA9cLcOlcpa3mUoyOUeaHnKzHnj6BuZ4XChjF v6PHxHopLPh481OdSKvbrj4E1wxwO0F6+cHqNf0laLkDopyk/WrklnFftJOEAOHC wJ/JfHBWputTFsxXqKbcX9sTijO98Ev/RoBUaGRZUgNFNQoZ/UpOhvu8OQeW3M7T 6qB+WbGsxS2yP/MHK/ndvJD1I+/lNxfBEve7A8uwMLTGVbpawNaOU9lm0H7tQhix Zs4yW8RSs8GtcvfkC5f+mvwTHKGAZGqR3RF0wSeqT5PrGHBJtPQYVoSbyj2PL0+C o03+/TPoxqt3GiqhPquawBCi9B2QfJS/G8H8naocVhCcxINMx9bhIZUIVbz+0Lo0 NSHpeok9++dHNMFiGsIpEHrXubh+829CI52WXZOp1tZXza9XVGgcBD3rH1FT2mYD f2dtO43MDcp0WYQtItFHV/CpmlK8ro2o1+G+ONhkNgRD7h9+2EU2ZVgSjQM6U6Ec Y90MHH2zi5UWzR2z/JPGRCif20pyzHziWWv5OW2t4IxU3CVfLbMTLe7LW5GULGk6 7RgazcpPHMCokgUxOggyIA/PAi/pYe7NOvrBbUUqK7a86V5vMAZkQuKXhHlhv1jc DFv68Xwt5AIazMGhmWx+sn3ZFNl7NU/ymWKXeDXEvgxuJjP6ZoFOXmm+TCcnOUel +TxQaF0VG7oVHnQTqJCRCjrP0Sg6IQ+m1gS6Tb0bDS5jeGM1uP4DDQHV3+lwk4x5 zhjPpc8VJuj/h4e/v6IxvlvnuBri+g8B9RwjAjqIYnMgTtrYKz2gRJuU5Vz4KEj9 ocO1dUyQRGF/uadBBnt0yQLlojLMkcZB+WzTmM9ie2NlHmIK+RmhJtOHCMn0h0Tm DKVVeatwpVcOV4aGsoeNrcmx8b/8tlT0ZHpsDmWCiNoKKlX88wZAINbI6W7ZRM61 yx5iXaxQu0PqtvqjoDUiObfBVn2/ndoZ8hZXnd4L7P0KnkakNuBzcRSXxdRXu9m/ OJruF0wtJjDynhk6wP9zk/x86Zt7/yVNGMrKlA7YjxTSzSi6hPow70atzw3TTnm6 MDJ6NlIvWVdO7lG9F2tQaH/3l5wflbzIBQQW6q3wKLf4nakWiBv4R5wZQDIUHsQH z0OnJT1cdZVPQhfHI/mgKdZWow+4E4PNnsDgzhdCsjeVJfAb0WxysyGBpxPs8DF3 0/aLzMoFTnoysbR6XjmeZE+fZr5lGxljessNjSC/64JBznZIcv7cNn8N2BhdKMxx y1hgRBBVqSRRUdJfWeYQ/70s9MKQMr0pFaIG9SOqnjTwRobuNSsVPlTeNvYSuC5j SKC4+UsqX+Yn9x6q82oCO0s3vDVF2FfmTE41i/TyAMUaWaKUm7GCLkJD3NPSDBso MG6X0eyUVnw00kNryFDRrkzZC1M3emVBsb9AJZdtVd36QiA1pC2k1vZymbVBaQul oRZiy3zXY0PRKXylj1PIXX/u5tExzIKy4aufl06ijj9B1LrQ3SAI/PYEisYWTZTG jPdqJb3yXpawXuFjYVeQHCNIjT63dlOtk7z9Jn581d6/T9sTraD+O6Y4CingybdU LmQ4LS3vEbjwIQiS2siCVG/NLkZK0UMie7NxDbFr0jIBu7SrbIamNU1fLPr3w1JJ fi5i6664AdPxP8myP6AGRiN9eP6UkTr7K1w7V6KVbYQ9dhSpssT9uxW9dYoDE96O 4pTI9xXtk8pAfRuZzIhZWMIvgBz9u2GByz6+sze7PDfjP0MXZd3ByPSFPgBCtU6t EIyEtZ9rYe3Jwm5ySdIeTZz2S2fSEBg2BxoR/aTj/2H2cD9+BD+DKoDrCAZTV3aL 8JEGkiC+h5HbI5bhye9vRxDY6zywDexbG9PSB3QAZSzYqJDye+21Gog3zStMpXEX UzrpFFfzOhr2hOZkAMFmMapnuzw3rvLVsiu3qCiUnG7r9/eJQ8MwNDy8nqT6TCLw 870KN72CRyuiKaXdm8VfPRdthwzbzBvUwex2DkX8F/0vSAYUc5ZHlWM3xPu1HPRM 7naUuSSv735oWvlN31HWbj2wHg44tXKmhEU0Yl6MfeEEkd0IkGypUNkGVysHVaPx AaVYrPTbsQMHyCpDeA6Xolu0rEUzPnc2SYTt1GRbPHDv0YmXVmDwEo/mOwDGj6C5 RGWSRcIDn3gp/ySu07C2JX8E4xredCAPq9Nb+bSjXvqQlQ0MchAEQKo8ePl8QLK1 InQ6+T2938i1iBg8iXbipkWsV+Ep7YBSicowe+rJJoCVzLafdQyj15qOSkJcHLsu MBNU3LcjN+BA0QB7+BJX4f9dNNMVive0FT49o32XzN/pEdntoDQKsZW5ZPW76kUe Gillmor, et al. Expires 16 March 2024 [Page 120] Internet-Draft Cryptographic MIME Header Protection September 2023 ctCGV2moGavodZVD9Ur/HWdHwYhRyrAeRWXy14YCeYD+K0S4GiaGYKuA3rMU+r1/ X91wYcdaC00Gli7JGP0ka+7HmoW6iDMHTbg024Iv4S4ot/iQM7L47OFraAJ05zId i68W8HRnZSMfbwC6r36mT1hLNZ1/PTYKEZNtZszM57dK2qEmdbI/BW530wwxQ7TQ JAzVEs1+EVNljJw6EIIVXK6q7uM0woFCBYLhrwzy7kJ8jsL+5ugyEYKPszJrcOCN f2aznRRq5m7qRACNhlppSv8ByS6OGAbG964j4fbUYtdcXQTKA6OZ6lwBd/2jprt5 OudG5QjqtSH4O4RYZS3F2KSbC2jXvhhhJh++/vCPIrhleP7xcdMLB7Vhffq0Sadf pSWqz2mavJqA4J2qTixNbZuef0Rc2zNBpYWTFaw2F9AIwYLAbzjQTbJw4BOdquze OWsY//12b1TUESK+Tw/8Lu4tEq6qqUzPwgRfW8FfTSX3DrVOWFIgJBdlqfvss5ta vDNin2vh3f3Rbl5p8bqw5w1QhEFYEB0YdZOM0IUFKsTrtC8+iAnuM6ngoXW+ldYu F1O6Z9kLacsMTZSBzC8SVjOvHEFTysH9uttHvNtBLF1HyRCNlaND53lNc3J39Ftq yiHm7xWQaCZSFcvoIgOaFTkt78H1PJAoQVTGwA6Frj0oTxPtQufSaqs58aHWzJ6G jjskZbSZP9g+gsa8tDiIxEpfiG/c0FG+bFDsVMOhHgtkfy1vEiT1v7fAghkZmT7d kiBII9WtYxfkpjyF4eSJyoLFSkRIys+v4Ki41Ys1SrbDmeBBdoYEnD8D70qVdGoV Gg1nlw+PBf9g3EgtwkxV66IvFACArHYzpyPzuzT0ICL6sjVmRFgNTU64Dra4uaaj nK7iUyHKxPPXMD5oTXE0aBKbW6H+fySrYcjiUKW6N5hk1aGzkui5tkE9L5Gn1ZkS J3sVajduSlL4fdejTFitqStbyr0YDp/iuaYUH6TA03YS6TxMk5uCgiLjZOohoeeF 9pm9SCTWKhIXiX9/vPl4ZqU8rCwt0520U6qK+hx2RVENYOY1LUQRUYucULc9FFdW wnD6bi3OMmMMPMvVbtbMKplN9gsBtDa9yBjRwvl7L0iV9OLc45pJpde6Xd3A2P/D 6mxXl94H+4FbvTmRn01JHHpgmJ5q4faFcj9o5XCUmRvX8rkp6uxGX3U+wDJSq9Bx 12CSAru2cJ8D5yBvnss8eOHPFb6VlcJw8FFMR3g1qezR9pg0z+K+ZSJTfeTQf2Tm 4HhFYOO1ZEGBGHHO7NiqP26Mj4EzbSSfUSEIgI0t6+w75uH6+dbiEyPm5tAwpk5C DLy9p8eVkXIz8H2GWQjULBYzO21dK46b79Sa1pudQ8bHyt/eVT/aMcs3nNWn9xO7 ZpddAqveyjwMf4CE+gt8zmAGls6WaZ74LTNJIdc+KNkLg2VpAID6UlCrpjzqPZv/ oDa2DbKyDHLU9T2AiTcGBkmGYXmoVLVfuHflXDeVSDyOPtpOdcEkzBqy/qRf34MI Kx/X42u/uOX8Eh9ivApezUoAp0J1FeB32wPtmmfN/Lmi1E3IGtMJsnKperFjVq78 rKQF5uf9w3CKdAqwWfoQBPKmjP5WI5q99TzMtvQcNiKW3f9plHbmVaEIvor2Btws B6rHqBxcvN3mTy27BDYzvJEGe7QK12kfeNGIRmWTGo/DT6xxmwYmVdHTboZmUDKI z129E2C4ITu4A7xvT1C0CScD3fVjDg7D2SVfcYSHzA/K3b0jkOYMg0/OiUlHOI// iYFURenOu70sXJXtT1ttz4cQEEkRgKN9SIiloi/TdbwDcz9Sg3+NnLkeEG1UlEz3 eFUbAsBCwJBVZQACGtAtyLGEElMEdNz2za+G6Mpb4MA0XTI3gENKu8SAKLzAU/DC Cns8/koY5tSTFlPbwA3cxrrFXVyvWLRbqCfEpa8/L/peuj870nOsjtr485s4+Gca t5YdE9k76pIC/JLfBA5GpTjY79wevaWEmsmKTry97cn+C73zzT4YxVFjpVeRuCBH 4Scq1sR5315HRzoP4mCkIe7hm7pbYSd9tk+uJJULCu0h0ZiUelbNtnZQiSp/zGqM MdCfVk66rAsqEdIY6iwhMos4tJHbn5xWrugyfjc2jKk= B.3.10. S/MIME Encrypted and Signed Reply Over a Simple Message, Wrapped Message With hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: Gillmor, et al. Expires 16 March 2024 [Page 121] Internet-Draft Cryptographic MIME Header Protection September 2023 └─╴application/pkcs7-mime [smime.p7m] 8020 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4930 bytes ⇩ (unwraps to) └┬╴message/rfc822 inline 1038 bytes └─╴text/plain 325 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 10:17:02 -0500 MIIXHAYJKoZIhvcNAQcDoIIXDTCCFwkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBADm9A/Lp5jfk4RN5/fhwF4iuuVOef9Jr8ed4 zR65esdHuxyfoM+gBpdSnrLZQ/0uWwXFKh2ORkofXO+K1qm+UaYbOq5byHwddP+6 iNP86nopcRJpeUNqsbWCSWr+niLbjxfZyJX3brf3+ckwjgo5+gik4wePBK1c58Ks DmRWbl16bqYeCReIFAHJNXd9dpGcUkyI1NunHi9720uyDqOvmM11xarP0Qalz/Au /D24dDevouDo4V6YGvbQ0Xy1rJ7DeIowrlqAq3t5+NbuZZPgDDQ/NdmLdrQOlsEi 0v2M820B0uM9L/6nO3BrFw66CWOx+PSAwrTNRnWLP68+XVJaHBIwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAm/DOeCI+Z5umxSECDJc8oKbW cicXtQzeI2drFZVX0d0QNvwKLXKMM0Jt7MzEjnYG7J+LKI/VbVJJ1kGJ0rDEYNZe 6cb8HDEW3TJxhB4BMf/offnCpOgwlE6+w1p0h8vgAZsPW/dFSMQKpjU+p1VabchR Gu45855mlRhL+mlFR/ihLARYrecR8JCrmFr4dFCXcodVIHDjwGuKTk2yWYRPzHcu 3SwOW4QGCkyB7SiWzfFuNjoAmBnZA7qhI2CYuZH823xiDMuZ7c1uDYpXokDvq9Kv MPSKR22uK245maFCYuznTJ9Ytsx0ZD4k9u5R5vuQ/TW6NSEfOpXhBO4BXWR47TCC E+4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGtJ4Z+U4xbXftzqmsfU/U6AghPA p9ayt17k6B1aYmjgIIhLk/8MjagX8PWTBf8EyjvtPgSVHQtFagEUSz6qxqD8e+EF kgYXoxwqQ1jG2SqUkMiD6Cnvo5LTABgkStQe48hUtZGTHiNTzdjy20e20eZSbtr5 M3+nwb+z9ED5UChCqS75dfCpjwvtOFcoTn8EbARZuK0xChaOf6QjaAcVjmZEbChA hjPWg79eIYvpiNUqmtDd/FIc4SyqlI1WPcks8EHhJBdQyIEucsSxs34WMf434K3R wQ0Uj7CFc6NEptG1aYodQ+ln9nbo4LMz3fa7ZlYMYSskGn7zmGtsVbFCr4K0ZwSn M/NK6bAI5TFYi+gky3myxxV3S9nW9uFOMpRN16kDKoUdoScK3KWoNOVn4CxUlO1k hNzGhIHkbwj3qkqxtlQAcTvtIhb0nB4hMFIgT00Ei7Fd2UwsVPVDlVSg9P7D+OXg a6G4CzOCV9zLPY2/Sjb+J9saq91T00NyDVc2tyttc/HpxezzMDeDJ1A5f9yj6HK6 kg3c3E6q5u6z2+eyC9tkgAsOPUT7NFYHqfkvMClffbHPJqEm9nxRToqIEEgfNiy8 jx2iFOZN5kbYBzI8eJEjHXkRXEldgx1rHOkoUEgONs/D/a6sNk6x8TeXOK/e1h7B oESRWMKWlG9XsVvbIyTUELuE4NeQE/Dvh4ihOykkM0FqmMHPNYUcYvFQEtnnqCXX +L2sEMl5LR8P1Pkhi2nvVtQiNTNxcGh3JlzIEFaGa1tC5qmujuTsCpt+nirfTGTu Gillmor, et al. Expires 16 March 2024 [Page 122] Internet-Draft Cryptographic MIME Header Protection September 2023 RNe7iYjOiC1XnaMgJsMPDcwHsHdHot8T7ygUpKIPCGXCyfg8LKHv8k+ml/MvWMjg SkO86BNro1DutdQzXNHdkH6t5deKcbRuPe/bVOKNBavG+WYdAjHJkHTyWB4YdBey rvadVNQtI1qqpNhIanX6I/rJoyabAjyTs+pBAunzs5HUbrmYmIGN7INf5FDdQbDb zlbtZs4L42dwvJXGV8X8OHVzfEfskSSoSq1r6qf19T/uaX5OEXNWuNrI2k4i5Wy6 jDrleDBct0I/QDFtCaPuqfDRt6I5DuP32JebT8J5M7jX8kqjPUfB/ufyiZCNDCRd Q/S/HXRNF846LdRYfg254fwTfaN2LBKIfMS5veiDnWkHtYmlXKPkA8GPi56FZFvG M4zStmbWUyd9AkeWirtGwL+d6hqk5fHwWSWT2z39iYlDhwVjoE/ne4JkytM6O4ug 1AnIL2e8uz7PXI03gWSCrcafWZfYK1iHh8AMcYThwjNqN71MBIU26m9am4GvcXhR jhvBIlhkMU6JrgoDT5JqRC6gCI8AC8pIJX1C0uMSS60VbC+7XSVi+oWtuZCzUBqa 5klMzAH2NRRKXzs7mo7YuECRopaH0lOKQ5eCTMAzHA3VxJG2no8x+PTCNGNOC2Vn lzPMVnCJgDdpGpm84+KA4OSUSdIPmxuSkSfuEbdH06vBuOeu9NEjx1JiFobolGGG 7Dqv6O18ZRBlieCLXEk/JuL0yM2KZ4oEFx+iOPdiSNFuuupwSYHWw9HxGtTMZ81P +XE6KsoTR5laoTwBUbnI9GiAHRc0VRKaB5aPFJJ/lhkculb0vKZQQXgQrWcl9Tbd lKWzF1bP7j9bBFoPtyP23KwTwlae10ACagVbEc7+2ZWDcOMs3ypB5NwtZT5BCiYe xj/t0ZYDlKWN99XVIbRmmx7r0osHT20O+cjmgW9RbX9UPADtzGmlq2Pymj24Ohn2 ly7iM2td64JjWMSvW16HJJ6USOtl/6oZOUsow+3RoX13K3Bz0UmB8ZjTF3WQJI8a 8TJHckFf5RR5IBQiNTU3mM4dsuFXhr/mPQ+O5jNKyEaW4FWgH7z0rn6ksbhv6A2W U/ohnuKWOMj4is9yAxVnFMJMqAb7q1mSNA2IKi4lFyZuQnV+TxaxYQPppFx2x48e 1lZy1tPKuV1xg+1pwW3DBmawDOAAYIpU4bw6s1COIRMNup6hXLxULVegKIpiRu6d xLccRPyrhHhsUfmsaPOQqyZ71oTUPJ90OpVK2luY0l8aTR9EWW/Xk2bompBJfh4l Fzdpxvtd2mYKN8g0V68uFlcrnQCq3yvJk/21DFNL9fAtk4ey33vQ5Jv1peCe3hP/ rR2oBpYjdhsvIKv/gjdKgzneTpEGxfus/HlvcIgRC3/umwVeHB45jbGh68/dxcEU UtA6MTbEskhGDSV6uhdvQQ5jCeZyINKye1fWuna/wyVpDJ2b4N3uwj2bbPxVsPPo yd6wNdAkDxYc8IWY5I80t2U+Ncz2+DrrwFE9ZyMMykJJyDHp1RDQ1n66K8X1Hfa3 N/Q/uFqyxTBhMvvPZlGThSuJubC04KoaI/5XR3D7zmQFuINwZm1GHQEdH8r6tFuG hNJWno/X5BKiA5/+VC73O0ucPmPhsm/nEJ+y8+eIMEG3+yBQHL4nvEAbiNj6+aPV zTHqYoRnaZAlsbSHZ1KjGvZu7kuN8wrr+W1bWnzo89YXRmwa2UUcf8968i9fKP6n 26uM4WCJhUCloxGEio+6urXBq/htCSgdE5OPpxKxH2HDvmcNQzzxPjOQPkdbiflR IdiObHbA1MPOgTc8CzlqAKZFmoDjWoimkbWJOLU+Ft9Ft9ru0qrCeZXO3wtlxGTz 20omYEdvK3yUChTA7lBjzjMnfF+eoX4bHVGFcfmgqPufOjZ9bFNSTpuVv85umlNh gxzAuMp0gqzoHzUaCjorSNag0d5N8HJSC3iY+OJaI8fNfVcOugb+afnxjqRTxDnK dGMu9YyBnZB4iLzG0uIoT4zKmQDdxEJazCg++3qBW8b3P1KRyLrI62xXhPqi9cgM 2n/UreP5L4giCtwVM+u/nbV+jw4TbcMdhETOm7PC1M0fpc+lL2v7SaqThBZNAfa/ dQHlbCT+zC/sJZIrZCzJ7gHCc2P8Ssx9Ro26E/1L4pOzTBkSeW3v/4mwrrnrd/b/ 3sheutKzEBSmJCBMioV4EGLu6m7iQNgs3dZoWgWyvQVJ6nrKQ0gOjRlIx8yGYzt7 7X87m16KEHtZlAEkTI96QDw9kesWZlTMc35zW2cE34ks0//uqPUk6fQbUIXIIu76 YdXns6VZ7VZj2NE/CqI4zRbLIhygeyyMGeU66lRhlflzb2qJWXW/Nh2yc6pIm5O6 XEc2KqG/rXw4K3oTdz/y0CpgW0zBMoa8UAldo58EH1Olp181m0EmBjAg18yk0NGN lkoHNmWhDkOgwwYlFncx1VqGB46io9oWhk1DRGiJqL02MmYmdq/Xnu0HHQciIvH2 3T+/JQ3mYHrbHaqb5zKX8ZU8QASMtXtE/382cWfAQ1xB0l5t6lJA5z04IMZ90Whk NiMZVb9ExHFjwz0EGZLzg47mdR4APxSUjNEY8Z0f7Jdf/cQ6LLM0HphKocXU9v2u oFYV1XfL3uWq/EtU3PEX97NkQjdoSQ390BDWxWAde/PgOVsybOYHC7y/njkjj/Nu 3hSyhH77/j7iafINbyNudIKYftjzmibVKV+OKb+/ET/r0sYtPIoA//ydD5YjANsD 8Z8/WSD7ynvel5OSagRnC+b/FuXyKBXLXQgnf4MhbpzyVOMzuhgWCK4u5e5iMGjG Nnn8LVeQ11SuvgKlWx0BCymk3OWWCs1kPYxPxU+m5XQ7M1XTyUFAxV4MSskl8+O+ RXCTjMfOUE1rmKR75KaRgn8NpEpD8/PuzBF0EAB1dRX6AfrhMxjvxI+HzOvhVgR5 FjcCDmu34XlXdT3hWnVgp7iRJpkbMmF07K3ocKWBjtgHGFXL7nViJaY6z/58dCt6 6IfX4NDdUY4RTn5LQZK/ikoBIJV81ndz+iGq8H0KCynuuZEOrlAUuXDCOluQtZhM Gillmor, et al. Expires 16 March 2024 [Page 123] Internet-Draft Cryptographic MIME Header Protection September 2023 zJgLZY97SZapoSD51I/P5/e3J4cwU/3IS1+IZon7vWBVu/k5sBazKp1zmc0VrhAb i6qLPm0PT2hNA9zuzzOg+RVX8QvthJXeF3+wfRQKXqwF+7ksZWz+3w20qxaXIq2k lCiJ96p1pY7URCexuT8ojzu2NWjb2DHCr/zD0OoYYwtFQGN488p4W5y2GdZevC5F c4u1z4nYifn3P0lYeHboCnVNhnCG9gfvWMeoeFG1brRqXXQJFdDqWOjs4/c2sUHI nJu57c8QE99N9Ff+V4LwcDcOsPM27InXlBntFSyaIF7WVkCXSN3TG8jJ9HDtIo8Z tnTE3tgs1jrWzh8f/93XHf22e5ONRXaFCMFx8YTd420k92b0hiZUf10Of4iq7W/W YVzuBuBub6Qc0pH8bkQ9uPNY+LwsWwDXoWwQxTq2m9kQVyyZ86Kl5mgoNpO95BJk qyIUogq4sd6v8hsmesRbodZWLPdE+L4Cqk5VBJ9IEqd4ysmc5MrSn21hegQKlRnT UsCgWwEs2Tk7MYYH/suoXwjYBXF0hXWdEWsxHZE6LFDEFnMJJXRgdgjduEahO0Tl Ap1o+In9D6hbH7imH+aDERpfoiwpS8lJTmHc9JZijH0zJpWzulxpoowdJ2gu6uiR CkwRP7Cx+x0MMtMXWZmxNZi93FwGUE3VkTMev+VrnjOHrAHjrN4Sje9POQCW5ez+ ankMWvnqjJySSJEKKF2r1MY/bSrd3nadrm+DYQgKYoRKkZ7adqbhQBYW+y1qpy1d XtZ9R5RPozSNhuMRLuTdPgu/GLfTTcwLFj+hTpFFUwibzcpu/uOmnP8vOaxx+kAp NEZbxxla+OnidzH+DJ/atOeJGfiF3/c2W1apsSRDxFF3f0bIVTKX8nF90nICNhOj 3MU63gN2ZitDhpRdIejMeL++Ew6fJIvNbIJsQhCZNTXW8MvA0xkDdaTDah5RrkGV cd50F3IO5/vretTC+29bSEE2DTkBoa8MgYgqo1XikHfUpQ2MmshlK5w7dtDre34b zEBuOO9M4EBD59wxKnzpfbNwI/7i19GjqdJJs/kHcFsZ8ySsK1dW6idfrkKCeUF8 MhzEEJTmmrwveeTgrWHqB9gQXUiZoS/OkzCb0Ks2qQMf3ilQxtXS60Hsj5xy291S /jL9aQ101hDEpgeIyqE3tSkDKfCAd1SO3nmd0HEeLpz2ehxUiT2pfsvcHF39CoZ9 bQXFPfoZiZmJGRtXvlZE653IALcZaJJAQdjQOTaR3+MnBZ0BJ57zw6MtggBPnMHQ CnCS4EJ0OgHwZcNGC5DU/QqELmiCyuQwUtwdqLgJFFs3Fm/KnFZmuzc9eRkREwea hOzRdqFUYsLWPc79PO3T3abokv+YB9fHhlWIiR1qYhUTV5Pgc0DwZ+ra7rSi656E JhpFQFe4XmYTiMEYm3+TRV4NxbqoA0x/Apz3L7xCaHkCnszgV9RfmGtcNTb+J8BU Ivh+ENByU6lAkeCmud/aYIRsOZqVYNOTITXnJspOg4Eo7etLX+dng6RCqtYV/dzC +C+zL7iL52/WxFp9Hm7bzGaNQIQrP+TayH69yhJ5aVRoM+YDDaqwARv6AcxL06RS OTGEobPVtu1UFQOLsSWKulmw+E6YsuX7Pq3AN6dGefAmn7Aw/HVXoFyZ2pK9DKRt CFNh6q/kdY2nVzXQ+mCoWO6qysw5WNk+BmcUd+GVjq6jm+eOSS0U+VHcxFofz3l0 DptR/hDzjBhLn9wfclooN99hxKZhXH+aKZk9/AUjau3GU7yZGBNDa7NOJodjtXe3 j+SZ+nVcenPKuVewTHEOzDp1U8k0KwGW1+EW+Lk/z6OxyAh55d3cwRpHxYsuJSUU C2eNrgv+iKA1KY4KBmDH2T/U58k5+qXxeHpBPdRnk8yxvDTihIgFljLR37zhM4Td M7F30MyDGT44OBAHTEbPBhG0B5gZOj0mIyoBhoxPi/257AfLXXY72bZKm0swqmok PWMhH4J9/MfLnJ9uDNo3dIgCJ1kOkCx8XF/BSs4Fda2mfwmauTMRtk3BBoqfIYkB eAW2DADrliZEkL+SsapvFsN+9HmnVICsIB6gkOtZLCKyVwkIThwidhNBkNqj93EW yReer8xcaoldRfJN1uA5ck0A+f4hZxP9lo5fqMs8xa+sdc6fhpLUoj4RUAfmo1Ss P+4DPjHkpTGetlTf4t4cQe05ZQesVRt3Bis3nmKpVPV6jv22EumjmsEbRESsiddQ 3wnIADljTzyOXvAESQm/SiRQ7HyrHzzSWyOkO6MyuYYQZJVbQ3kBW2EmuBXP1WjP I62JN4S2vyMPuKIWxSUxoraWWIg67iK4rmK8PhiO2I6bfB1GayDw924X+xTUw9d/ nWO9+xuSQHZIk2ykPb4cjvPKxV5ZlzmfI+b5WmdTF32SKR0tPci8hcYsBgrfTv3+ UME/HraCoC0eHV3mzRff0puWyEu3v5Vrbip7Nz8QbYGkm2JRDfIip4ZD4ZBUIzJY qyAJHhkpx0rDgAnzV8kkfjdEAF3Ji6+RKNgrGHcKq6gyE6Gl797Vzof7MgzJy6en 3ertjNhzGjms0qAUSIsx1jQVF62XoLVyO1uZwU7PqxOgfJSe4JyE8a+ddcY8xF9O Dy2R1536+eeRmguF0XC1G9wd82w/OadV2yWMoOMpxAB8Ase+iU1WYz7YtVWlKGye LWfbtQqVSlFzQr+MWOMi1BT9+TPj+8EIqodap1PjmU8RLebZs0EcNaPv37djsIFn SycK9UBlEai7T0/lYr5h3f2/O4XsLqtjGwq553nnnk56WpIc5Muo1SSljiz5OX5F lpIdOuLXNQlG/+emflGTbcsPta38GX5VAwe9kF3vVjsWryw1SNPXYoOKAJVkBLq+ C0nuJO5Lu+dbA+wkaMCEBw== Gillmor, et al. Expires 16 March 2024 [Page 124] Internet-Draft Cryptographic MIME Header Protection September 2023 B.3.11. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7930 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4856 bytes ⇩ (unwraps to) └─╴text/plain 337 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <0b3ea6dd-0e91-5a91-9bc0-3d553f892983@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 10:18:02 -0500 MIIW3AYJKoZIhvcNAQcDoIIWzTCCFskCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAJcdIoUSpo1n7vGPkIbII5F90QJDgjFBWqN8 mrP3eorKCd/HmE614/YrIqI4MD0rcJBkd6xNbUeBl2z3wU9w0tyThZKAxZH8XkNw ZZu1aA3MRM+wqwCnxfJTSaZjkIMhsMe8U9ROY7InwRXqH2O0QRqRU4iJpIe5/DUH dn/70YqO5g0HOGjzWS+6IoQdiHf3eSU40AlqNyg0QQT5CP1OM7aRXxt006GWvqLW Lq52uimRL8AanDUkrEsOh1DggpFwsn/kTkOq9eBrjgNA8wHDA1BYfoLBHJQvn9yd ivkXnsjIqoaBcx/61TLrP97dn2v4STbiZd3LDe/8yBCdnOv08qkwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAZ09H8ZLLO2dMDjR2ysuZrqyi j3KqVh8Rq7uzjB+IKkzFfun3FxVZlUAvIwb1Pwrt3lFx20ekpF4PzC7x9sdbxWJ4 ZJKftmD6sMZ7DVeV5GABH3ClO+aY1MWs10Lq82S1TBzwcJZpKf5srR0QCuXaQq76 47owb3Dd9Ecn03AIPeJDy05EMNGLRJFqc8md08ykQEJwHFXeZOotDWDm3lBAmqn+ An31eGbsWMcYYwAXoz65melW788tJWCht708gsiVzGdY4Nd5gQAysf0/iCFhQQzg X+vrFmPwm8EJUmHPEX6I0V8ylyDXBt5qplJgku+51eH1BJtF7WWMVvI/1RSE+zCC E64GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPmUUHGHIyJ8IXE0zUFiAKOAghOA iBj5O1lKw12s28QbuFG9Tc0Ejhf/AcHUB2kdSeTBAKLACOsXNXcO/eDFttc+v3sJ eVAZIO3p97XjwZi7q4YWIInBEFjVrZilmFnkmWymEEuhpAx8eYBZ176CRtq4F48F DHekBraJgyEOpiuU/k0K0rsPu0/2W2vsy00QsefIBI/LN2+CxgPqcJ9+s3Veru6L Gillmor, et al. Expires 16 March 2024 [Page 125] Internet-Draft Cryptographic MIME Header Protection September 2023 VbHR0Ih2NoLj2RPi1czHvU7B/dQGIWw5e0ZWJFAiEujZ4l6Vp/9I0CN/Wwj5BO8Z B1cm/rrD6uM7VDJS5jPenm0O8JHd8TuJh2XBdscrw9sePmwyubHG11fViRotOw9r ux552Pq+8Vwx70+nZVvST8LzYfKT/GmRt5qP1cyg8lUgiNZyb1wScDff9BIXNKnA +8tZE7yi2VA3vaUMGPb1CWbpTm46mbhsfzRacyyB0pEK1mphHbPdU5pFYULJUhWu t8O5q7gWy3SeJxtmkTsSbMfRHxaWQyzfOuH8iWW9IPdpd8bcj1Z1pklDe/cy48zT TWUpSy1hnEOhuB/NLwycjT0pREGh007G04SvR46bH1t587B9Uy3qO04tn3NK8H5U +hi0SpMxO5Cjp25sOrNToE++zO7dUe6ZjnBDyO20o+a7ASKG1Ec1bJfa26O+TxoJ kW+R8eMHPF29QefDz8LIDozyulZ/telKPX/Y8pIaOPbnaqcWmO6I1k6kCWLeZAkd VCpdT3DHbLDdGswODw6iXAMpe31811knTKebGJyX8XTnPTu3HOWirdtoMvmhOlMm DqqSKR8+uxg3c0++pVGrXwCurOyYArWvkli7ZGy7Ve4ToAOq36hImlr+Zl+G8+Vw Jj26za6H82M8w3kmuZRwQwqH6YzAivjVxutOnwU8DTSp2b+eIzuyb8dMRqp/X4aQ CVGBDC5Uqrtccea1bs8pV9Q5t6KDh7jEgISAoTdhmrnwXWnXqcWDX4RCzlDWJiI1 DeMJ1DOQcxuMd1vO15qGRI8PLXa3FPrAABKQWg0zfV2UHqZP7kybbYCOQy++TDA/ dYdJ6SUccFfuYIfuUI+tJP7tYihnJZmD1JWPuDoIymjpnRk6t0J1ZRNkA9UaXWYD wC6sLn3yDvKsP7ZdiQDUt4OfqW8tY5NmaxTSVdwOMjkKB9JN4KxWKsox15ntar8e So/vSDBPzSLAjZbqOnP0RppwUAhm2eLiEPNmATCk08jx/F/bqhainHUZFmq/2D4m WsoQogJ01DtaVBvtzc+6GqknFATY2wZVpbNe0RY5T0vnFfDlg/S8BHKrGNX36tBA +2S/Lj6qM5B7Lk+BOqrJqhfquyUaNsmvyxFtGbzcdjmAYtOLEpaZ+QtdPBjaZGdd J1v5hErhQW9At52gT35iZP1kKMhMWFkC09VBQw0QHf9hv8plt3ugvYpmLn4fzKhe xytNCyLbaWooIDI0Tbpm2QZw9IJ2VyW71Qtqke0qlA5m4tkB9/PpIXu5xeC0OgPm orNz6IrEGtbbg1C7OFEsJTvRLE6zzmyT7KnR1CjTLXQ6cODPVduoFF/qISe1wKhO hsBHjdGdK4rcJbVzX5QkJbaqc09IsVnkpJfATyDBN4IGM6xzLbBXxHboK08928ZP PnDUYjzyArjKhWguHl0f82ioF/Y9miD+iohw1TpHci2aHo1TflXgLWtOLCOXxV19 V49w28dLoz4jPIi9P1OpdsVK2q8gag2vndmDPnIK3AXbiIKAYz7GHXnCIKChgBWZ TuGfWhVbmQ4yyS1izCmwdQ8ws0qCFethd0HaJUBMIKMYesmbwhw91QEg8T/cTpxW IsRfc0bVo6MScz4QG+mtU0HnutzA2R6LmFBoaf+25nWOA4bCosrlw9qHRok1AVCz f20uzQ5sTKU8rTXYwH7+9qzc+LDb47Y31s1xLNXGcGfOc15HXmx8EOUQrYeIyKle lupWdhk5woEwRCljgnyqsMG55NbLSjpKNmaRYISZBM9MFZRUwtNKt42DgCHXLdM7 oBEMJXlUzlzoSmFKZ/eZ1yjrrZSZaHrvr2H2ulXLXukLfPSWmRX/TY4e5x707ygj 2WVGxTYLCwDRGVR3/ugq3hfmi5jfUHuX+/0So8NVwgWfL74GYJT4Zx882lfvu9n2 gy2dXVFzQwGI4hYUx/SjztSGpheuAvUGf6tJLBGVQz7Z/2LiNWge9giNioE9M8e7 8Vwb1cWx6fdvGiaUvwqR7tt7y6kot9giYVgEtzDBv+owhubFa5LFx/U47smDVvIJ A6fElBOMSJZMU2Obp3ycYL/CEXtilbvX9nK3InWn5/ldG3JtUhWDSUGMxUonvcw4 BJkxZwAQUQieYYLUF5Q60qF8k5AIWHyp3dtQ+Yt1qwfBpm9ijgfJnxqmtVeUZyA2 dQh1cDhSd9UCodHm85pLfdIdqUcd06uqbR9TQh45Hpgoo9LM8HjeRXeHAYCiJqgs qAnRgvyQCnqUibhlsE5elrdQGHG0n8zzVBYoB2knm8AwfrlbrVD+nTvmgsGNmIlw 9KU/VMyfHzVQrlfkxUh5E5ILVNMHPp/4RtQ/l0NLPfYfrzrlxFaXbQyVR0N4gTWF o8OfmoNviIAAxp3Kbu5sc2k0hZHyw+ASxNB5y8s0gwvFZkIiow5VoGT9LWP7BKbe 1VdPq5M8/0ouuzwV+2L/KpqYNbOIUryuJJ/YJenj3g/xmlqcWmCybKIwXWqfawBB lBPquzSz41/rrjmkrqw8Jcf0MrC51275U2RN0FEOcBCFrNquHH3OzBQrUxHIeZMw mmzqsM4vW+7qz2ezpa7nPWGfahzqxtsJCs0DnZveLaIfiidQ1x9ePxuraXB8d07T OpayZXMmrNyaUkxA042EcB7w5IrIW9Gypkcm8AyA1NgLYbh9hiXy7MMbKOV6sTdR cC2cMoC1GMvH+NywpGWhc0WH0yZTbVH6ldT+wXz8C01pXCmpll0cjv8f7kwFVJLB MjQUZCsrNwFRyo84vHTEhkviLEM1DLoooTVdvqd6m3XkhkHfZLKFKHIKH5B1SskQ UPJszpZB2I1+OYuTPfTnbTIeQToxA2BB/HhXbj5eRx1LEQ56ZL6QGVQp6f14zGuO ZjNQb8lwumE5wUQrw4aye+lv8ObWe/0nNe0swGqhXXPOt51vjbXTbXIZ4j9mMnig 9fIMVSHkNWgA5KUHxlc0XRypWWm9iwsTFIoW8LssH5gtyHvJShUGxXM4WlerQwz8 EmGefrRxv112w0IIV4Lc0F8kSgM/yxBE6yW0PRhorcsbMU7wHPj51yRISntcHG3Y Gillmor, et al. Expires 16 March 2024 [Page 126] Internet-Draft Cryptographic MIME Header Protection September 2023 MHm28iiL+ztiEwlowne4R4xYGMT3aTHmXCXEYUI77jpocMP3rWLAjt19lsPAds1o I7PzN/3g+0EFPh7pJng3C7JZwYhDJ8pl5y3sUB8Or+gcm+4pk2aHYz7d2PlRMy0/ fPaAeoIOwi4Rv4YoaqxNMYf81DuLcY7rJl46PbNPcqHNpbGBaq8ZH0b6Fp7hvNp8 dCyC439vM1bEA9ttQaOcYDi4bGSB7Mg9NvLfcGjSEFvbwbl8sLYsNrvAetKXUDy7 AK5qGHaRykDTkERofBdCACtruRkvBAg6EXGXtQQtHstDBr6J5J7Mc4jdsBcYaLU5 ojWxPYnDo32c6+Z0qWfV6rKgS1epva4jxSe7TiK7rkgYf5JzF8rE0ZAOEox2UYER 3HDuERoK158ln0FnyD2khZNai0O3/SJfyvnk1x1FYhpsS/8z0TFDq4UmSz+eS5UF vqLVeJ5yJmcmXy1gSR29EDjeMI1fwzTPXF826D4WjZwGGecNt6KdaSP+PBqsTOIM mReUZsSlu6Dg6MiIIQptScZH/6XslwzlHbK55ElqYTs8KY/pVY4sjYrxNlobfWpL MJReUehfNwg3Ki39HUh9q7zYHxuIfqn+JmKKwnJNp4AOhIW1GoGCMuX3ncr4Yj2C pRHiXXB6/pOxf/UQMpxnBC7fmPeYq0hxMcx2M3VjUWnWxN61jXbPIGgcpzulbzej T5bs/C601iqgRWAV1Pr27DCW1VFPJARsuPb7Pg+USOHF+Vzjom6+TelVKgbQYQrD xo5M881NCPxyXWsbe9nmYhZpXBFU9wmHhOCf0VFyDDFIdS+X4if8JxQfcbHan+4Y +OdeWcCVnEzccKGc4K3sKhrhn68L4KESLKgVSm4bRWfWU5Wf4vahdOfGcczf40gS NtW2fBTR7EQ91csLXE3VJrETcylQcdLrIykLbrg0F7qzbvi7RVXpUDrvQGfIsCpv 68b9h45msj5nGLh9f5onwo/DUpU87fkuUNgjH5r4FkNAjdgQI04aYbDQ+KK+1c9G bsIcRhkIZ8fLQ4WtcqqlM+CVH7hkZwtMJXHXESB+n+iXn60tnHao2St9dtDwY1NV lUIeqHTqGxluMEL8ykS872P81rnPAyVZKg50TW7iE7aLlxTD2TPOfx/pATDVyHLb VzGaooYr8NHKwrGECZr1Mo0zb9nuhc3NHqDLj3gtwnT4LbVsgdIXwaQ9gEL7E+eR Y2YFrtz9AXeuEWpvM/DOZgmYXIQeHv4VPv/CSped5JZMMQ2ZnXrG0ptqNgI78Tdi xuHJDKVFsmLsHRDX0Q/DadNMcCjF05i5pQjKqRwVI7BF3vIajtMB1QQa/fYxK3ib 94PceJKlxDb430CZgzgW5+e2Gbo43lP4f4HDIzk7lbFtHxIZWdqB1gYHf9ZFXF6S 9kIqQS0plZUxv/4fqLFQ4gs/caAufbwtfeqfFODwecdVZwiAGfThrOLhowxJGhMf NIU3UiHcv+onKVNi0XODU2YQe9ONr/rK19W54EhpIDa6z/dkTTGCw6cRtvRN22cI KZEKfU61fllzaDV0ea3BOVY0mIrsTTQTk47vH/HYRXAubYgEmD4WXGFP20tDG0lI OAZ1h9w5La4O58urEk002ZJUEMxEZlBzjeTljb8rZoefeivEJ7Ns0gitHesLJv81 mWrqhx56HHzLIJ6RxW2ChEkZyMsjzYK9eXQ3duSAd7Ye12/dVQEKQVqmkO6UdQJB 76kbQum/jgmOIi2mHiFwCHeW76kzfnIqzxd0Wu8nwQj2OR9wHO7KoiI+/T6ur4s6 FP1VBvzfUXt0Qa9EaI9wMUYAVoZ2xNyZSzpLkQh9Yec1FycEjzkW9cjyBYkJSVwc WDVFDFDdjZUulonv0rmlz9i9fsK0tsDYcS4TDkimaDOKrGCtnxbxBzzUhEm8jN3W qoVoAWCnE3TgIbo4Vw1gkFMP37obVrw9ocSMklX3+Lrp1B+Rod2Ps1n6LbuyFXr5 lZsfFJr6eT1DFQ3JBIhm47uGURZrKAucCK63kh3Y1zjLlL4mVDrARMnHYZw+2hIA lFpuTp7Cu9DNSAsMTIykM0UGNU1XsOGRPo1HkmfxFLCHb8G9N9SAwGggAT4yg0n4 TZ9TbG98508vyMfRYSLODZ+63bvunv+RUtMH40WQE/tE0WNiykDJeQ5igkeLO1N9 SIsUXGsNZG/8UAZSvGxMsgPrjg+7dF2afmE4IHRKFBhElp2TkIaKzkbYgRftnnSC JYSueC9y9IwDEH01R2ZR8keYLGRG9cxJBWb0Ow2R04XmbarLyvFih6AZ8WnPdGPS mn84uHqyOupRaIDwvO65LDs07v/ArqkUZcy/ADw6F/2No9nju7zehWcnOYoX4k2x x00JPki8h7nQo0GH+qtIAwt4pAXorqTbGqyWKXgW/TBm7uwdg+ciIaUL1hStw8XV 3RWW2cmL1ew4DzG4auZOOpAPxkOkPq9gOj6NjlPbAz3g67v82Obv/YOzLwxa69jU MofBs5itg8XQf23gUVN8tC2zbJL8letTIKnKGvxelQHM96R83PxT4gUjfnKR63rs cyrtlqfU2+PKa4SByfb9NgaS/v4h2R95j6JGGtSW1Ua9rp3aFLVf1fACHiMz9EJP pbPFxUnT5GWxORbP5Y0vVU8RFgR0ArKRZhn1Mmyk9vRaJSrT+6K1c3igKDpDvcZJ AF8NHDUL65szSSWVc0b50wlwBfAIW5MgI55uqDrhTleip4lbbWNwxcd3a6yba9qv lu0ZAD6E+drFKgZu5B86BRnvcCYGaK90WaHA72ptEQcSKbAAe9Ox3IJ5Cl5aCr1m M+2nh0x5JbSuCP76n4PJEgrwYJUlSsHy2ga2xMc4wIvi/hkgvthWNLi3unev6A7C zF2AMR1vxDJYJV833JkA7oLEojGM9ykjmDBkV0QfD2WPyLAFRLR70BmVo2JB1Utx rb+g5Zav7wI/yusXsFMjEj9rEVhBvhNvpmsehl2ZnvOk6jUr1dNksxH0CdT5hHXP 4fEeZuIxv0mzkAbWntTAYy7HAhBp7i34Pe7c19c97UnP1ZYB8xCWu11ty9kydQQD Gillmor, et al. Expires 16 March 2024 [Page 127] Internet-Draft Cryptographic MIME Header Protection September 2023 9Ve8V2DvgTdgLrc3SHZn1BgtWwISf1jLRx3IWmB6kIRTKoqUND+Mh/bgblfnKy4o OTPmg2hFLvY64mJEnWC5ATZUx8IN71dsKa18CyDCVWjaq99H+DMbBB+DWk15nbke ZPwTyUM7CiHIlnpoMBu5Xc9H/2EtLsESNZ90tNbyQH1eCU/OaBM/5ivEZWE3VCnT 7VRke7s3JYbcBAkWMO1oRGj/s0HrPFR6ju7LHjZvWIjeZap1Zf4ldJpTyC6yRcs9 DjJIu9BUU1QE/t4uLOCPsCLlcmTzXtZpD+jV7+9wH8s+LZ0AE1GH+3FZyL9p3UA7 B.3.12. S/MIME Encrypted and Signed Reply Over a Simple Message, Injected Headers With hcp_strong (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 8190 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 5058 bytes ⇩ (unwraps to) └─╴text/plain 432 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:19:02 -0500 MIIXnAYJKoZIhvcNAQcDoIIXjTCCF4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBACIQq5gYVGjxS7N/umioYGQaBDzYuvtRP0wn 3/iHOuNThZd19MbrcaWCYkYZfrFFpAuqpVCPZ8mtxHrijYN47vAQUV6uOSDoZYft drJZYTnB3yuCJmfeS9zonrI+CYksfA9NwkFJdyl9b0ILw7tVf2QFEqX/5tU+6o6b NEoxlwp8I2+tICsm2oXq7rLZq9Wxw72pyV9OzNAwajOQML1nvPFyV7P1nB3EY6K6 3Mcx5TMplYEYEQ0sDzftTXfsau2fbQ756q1myA6aa344Y6j/oeUMeOuuUx/dQJMy BbvzzmA6bLmr1mBkuSJRher3NNZkY5BlYpziXXlzrdkZcClYAtcwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEADTrdvyR85I7Vq+f9+ow8LIO6 6OgE1Cs5YeDyvYgdYW5xpKbd/WKj8IbrUqN7ucVaFEyGjP9Iruf74Zw+MA9CO/iZ SDn+UiblUlWTqtiWx/4m8ZIkEkh0CgcBNHJT/ZqIF5WclQKqvxJGGUBlBQBhJSd5 Gillmor, et al. Expires 16 March 2024 [Page 128] Internet-Draft Cryptographic MIME Header Protection September 2023 snC6cKkTedQBfJ81GZT2ZmoX0dRLABvo/bu5k1h/5FtQibRcd/XGzIeeSSTsiCS4 8BsQKkx+mBDsEAocaLIzHA1Kmm2fDwPwDBDDcGAV4P0nnzZWK5Zdo17pJRpg9yLy OfUh/w7EqPopX8bHRQuyLIoFs9lzNgMTcGmIg7SL86SfkClkJ831EXg4zX6DlDCC FG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMJrzgXD5KffUisHbSEv+TWAghRA IybXhrlTywIGr1n5kLYPD1+FGUjGaKjKFAIK6MYGZur6Ba9G9y467ayUbv5tpU+G EF8VfYFZG5o3NL809/9vII0FG1ujgRN+t72UvIBuZTDMdP50+imi0G0La93BNdd/ bZ/9eWFM/RGEIoj+krdearRJ9xeb+Y755WcrvlyQBhgDwlTeEAdDbTj/3GFGjIYO jypfQPfUNofYhFLFi7QwrctHzP7qele64/i4ouHWk1ETw9vzgfxp3CuZVdmImuQR PSXHpBwwfMnqQXAV1keUPqCifrNWkVgEvWGPBgLoC1jhOK/lbJUBpvhEiFtbcywd gR7wg0LEsXe4zsEW6GJQy2wF8+L2nXAA3XlSCwpHPj1uAvL3spgOTKd4tSlQ9f9e 5DeRJ60FO4KIq7xG30bwBAguprf/8KzSl7xVntSslz6sp0YLk2OHcD8EC9ZkbkcJ w9qH487wyqWrl0gAMrxWyac4OsXJV/SfFvYjBMGpBrZXYPYO3Ay0ekLT6xFf31Bb OAa0hi/TNhOjwBpeEah+zgAyUYla0fsYrQGrJBzUmQxcSWATGfBtAvHGc3EVFSH8 gyP6B0k8tm8vz6Gkp74S/3BhudhO818GBM1RQ2JNwhdXyBmwiTUwYKjCrvoWcSp6 CgTC6c1bSn9u3zwkoenBs0pCarBGHMbL6TytfeUb5l1Dmtebv92C1F9i7x+nuOML ZVKjjGTISnWJX86Zj3bJRNQHN0j/dQMrGhnJmvIpdp2iayt2vR3yYTHIWMmI/H3d yeBNVb5pU/RWt9AfxkSNZjrEh/tiMXhawYChB7aHpGI8diS8N5mBGjvXMFQMtGqK 8oFwocldvtjpALqmlYPRaPbLyaZNQrjrCFRyLA94WyuflPT6EWwIycB4spSWTriv uN7aVVZwxis97frZ+qeavt5lIRSUwmkliIM9bwq1NYVjNXHweN5IBVHvIKl/sjdl FtmCf9eKCspXsEKSIRvN+AFTVnfP7VQB9xY9OMuBrgwzDoknaZKzJs5BvD6VDqvK 4N5eFGhmQqWZaaN/Jgyk/Bg2Hf25146/wsPsOTdRm1urQl9/G5QiAggZ9OdCPKJX qdmuO9Jg6DYckWE+MG83Q0gkoi5s+z9mZDtzPCIMU6wh8zwRXwAFVNCi2oNE6TMz WnLgYyYj/YioeKeYjgAXQeqlMOy47wXn84Za5XBOaNmYV5cr5MBD6heVcQauCHTM ofotrXaRsrqH77iEVsG3i0BaIagj6KwnlaCmy+xCMDR/WEIX/t1UQE6KOhNGHyFP zlGaxlIHlfnjWweHoyFntunZrY1MbTnmaSCA+xx/ii9lg5urxqhRPEtbUv49p0Bo CeSQ0YCTp/Yla4j80bPDB1eno5riUPDzR4UNsLpQ8Fms+qvJJk5e5rsA38Z6pOOi KZFlCOQqRw/loZgoiPEhYjnmyM6wZyLeZHzr2NJINYyB0ODP8AG71xbU0IFEBoOc orxAjpAS1giNwHPKdoSdCAwOainwCNvDuc9XSHH//sL9tHQK2o6h/USpxeYK8weC cmkQD06rqzZEXes2aHfuQo5hq19cSBodUqq48KBGlCF10oIIQkVw5X/PkKX/MrYk u6rk1NT19Eg3+HUXfp56X+qQvx/KSlC1qRzIZrq4x7p3ANQNSUM/C5h1stMD7Q9L WNj19BnTAJRJLnASVzBJn/TvdlD9ersXGjwpzPe8fAcXJWfPP3D6gsLdNP3imiac Etg6Vt6PJtvWO1jf2Gq8lZu4GX3SH15n4jkDOWQtJO9hEG16PCx4zT/5TqdVpYxO q8QA0QTXjL+zONDwCCgL395n9zW1VGVj3HXUCHo3vLRwRwEazmyllJf7z9nsGyW3 Ol2kMeLE9ddPYavLm8FCQSDq0g9W1w2mZDtRahx66kV9WtOXJdCKU1LPYRr1/gVH VKpC0NR5f/WNB1RcbCyFb0TqGVirR4tletjdUIbdY2nRov7PIV5hNH68WNS4pJrs ZNP1iYiohIvy59OyBzsz2mQR/ETCquOf82fJCXRxZ0wphAdXO2oy2o9Vky/njGFf Fz3EStlH7Z7EoyLkj5d5F+74a+1hWzShS4mw3aX3LmsNq9f5MWC0TuwzxDvSGPU3 PeVLog/vsCNt0fhrWold4Eazc9FmTsyVKtWgNopnXrDO/neQpy8ipcRzn+klpPmY 5g0R+BohkWzBP1aIWhF+b56ZL3Afkpqw5q5LkXmHCuSlYA6yMhR7govC1uFoGJ2c dP56jqn9y84MqKUMw1fhizhxTjvUKfltPk5398zwQTx2yKRH4bThluK82EFtnNC5 B6E7uTGHX4/x3nz6Q9hLf5zmhUdFJzo3bh0KZx17YFBEZMHFqdcv9jXMBQzy6aUp qVav9IzRx7h8uYGUwo2agvCoUCuBbujuJrm1tGy0Z3IMxy1w0KMKtkL4Q2uunLzm MI9KratRPCpqZ2yY0HoGoOUJUmua9CGxrmYSUCWZVdyMdGoUMPuUc+7hqqSvChgq LfJSqyYKk8TQXVycB+Zq8Q6GI4POGaorIJxqenAMQwqsNziX4/X/YRWSzaHf8PNq uHUGjv57I36gUl10ZKbsWrVTP0C2/DcilAdhHyJmynoYDpfkMMvmgPO8A66Z46// XTAtEipnx3Mp7KX2D2M8UyYq6h8c6yl0dPvgLAB8ZO/Ji7/XTTy0z8hG56+Jhslv Tcxgk72593Vqy9Q6Pqvbe7EiT8kAes14lP4kj+DlTJ0teWoc6dbndK94cE1fE1oO S7mlF9RiDK4Xq71EbKn5TINq0JsVBv2LHY7m3fPSMHAqrX077CEOy+Xi2PpNL+45 Gillmor, et al. Expires 16 March 2024 [Page 129] Internet-Draft Cryptographic MIME Header Protection September 2023 k2g7mTjU15dCOYWuXF/Ma9RiggjsR3fJ/KOu1IqAHkG402O8WF87Ku6wNZUy4bE2 QJYljwwnBwej2sMjSjLpr16fzvPm7hTx20Og4gMZB2qTPtL+VcQ8oPSVUWuEDuAV Ds/pIMaQUr9EMPSqQumDXpzehQMe4FGaDUu0AF5ynuTacYKNd0am8QAA0mT+zB7S 3Om176opyuGSbkVqff5EpOqKZzk/QTlWFutby/3y3mn4qmEQ5abZ74CYHVuFcQ7b vcYDHrhgNqGnMVqADM2LIEyl4+SWlrjekytTOr+I9s76C1TG7wu3q4elefZpGSjm z8DQG/TMK/pRFOyAiFk1PtqiD/VYcUxPQmaPMx6Mu1VArGjkvedqIVJcTF1OsMIy UJPYGI49Udgb6m4KHK7Q3g8ZMf5eNGfl7myC6mf1/PMSmb+19xI3cW1De4AJCrLn eiTrLL+kPYbsDjJLzwYAWa1N45ogcCFdKbRtVR6G4Se92b/CU/tdOEajhj19lFCm pR/oet/vj8C+EH2wgjbKP59YwVTQyaqknZQxhfQIZINt2TCwLF2VT05qGU+TPhTm UDxOgTObCpElThELwI8D8DHHV9VTrE8SbyuBO07+/6B8m/Qz9NgHkPIpc8Zs05XQ l5fzm+Ck0IEvY1pc76oazSqN2RtImopUnoB36IMZ1TghD5O+4ywZTAFpd/L/YNoU O2tqE+hiZ9/08f87g4jCGgNBbAEX+wiGUUkt38riDgrmXvI5PsA6LM4FY4p0PVBN G4YoqMypb/pU+CeI1yx50N1v4HWhgdkyHN/twWTJyNGESpVjKdlsXmAMonKrJZGg SSKYMb0T4vxG6PjT6Xg6F7mCZmMAMztXzaEAUNqjr/1taVW+RplkwzeP8JvOTGnl zOvt3DkVWZqvjXjLHxEptCy2ja9KlPzwvXTZ1KotdAdC755M41I1P0oQSHLCX15w WAjyfghMQOnpsK40K1wVLwvOW37vkxmh09R+2BMfNRdnXtIO7yKgeY1qsZrgmAzq nGTXthixWwsW2OHKLeZNBw31h16k1jDm+8twEqe2kYVUVwX0VRVHJE+zspuhsK38 HVt5vCJERCyXRSPYZmoUjgRKY8LpvzJ6U2rv8k+qo6FAIGY3o3sIF7baks05BM5r ME7dMGsPTqpkCNlJZA4V5JM7lzAwPu0IsXvIeNQw9EK/Flo/7WftoAQADZ5fLx8p 9XNA+/ycwSsCj6a776f0kfoL+Bx9bA7FRvZk3VY6nxT6USrcT4vrsYyANLc2xVDo nRWog6YpHLv2TtrLCqSqfltbeJxwHEez+0P2MDhVvJYpEeiyZdAAvov2YOF+PHyy FrAUaltnbuhem4aHs35aaMMmCGItXBV0/cVkW9dJn++8Q0ouM1TMBzFgEKdwVZRP LdP01nDyyh07WJFXK74f5y2ila2gjAVrg9VsuCuegKCmMb0SoxJ+10gFl9H/F+qn 3Hrx36LBy+tBj4EcRJS07q9m35hmZIRhE2zV7yfnpSYOWEHXsVxeL+aanx1dVIZ5 D6oKjPH252uV9WKZdbvRgPgg/l3gLAGTGXvPbPL+EwYeHZkDVCuU234l59t+Db5w orVZheuE5q9klV0SauNu+JawzU9UZg69m5QnJ9b5fyAMtAFVVNVlmTzZsonY0ovj KX6rj76Y4NcLjEKXwJzWDGJvZHv7D4KKgK+ptBpud1hAfmwlDWH3oFP2uelz/262 0sUDU3I3IZk2XDKbPkt1Z/3+WyEpbG+MSKeSvHKEENeqlHpRK56qBuid4QyfuhO1 cWgT2D+w/Nx4WQcz19h4LWYBecrUml8Wo53DQApeLJNMdUzNgeKKOFxs3an/y5/g NEJT4p+kCpgQfSHJ8sKujf0X8/HHoaxfH3Vd/V2wZrYCVf5IxECQ2xyO1lorvU0w YbK6euqf597puiFolZtRzOaSnuauUvVAQNthTwfOhUWswoUC/i+jaS9m/4GkIoUH S6zPE7/w7KBrEne/4gtqgpSOROl0YDnxOGNIFOMNUjZ1zlIKASa4AuU94hYtnix3 dxg6Y2g/v8GUe8Z+RKoLGdjzavyu0AVgZ5O2eH+u2BalxfpQpbQtVFxZEFCeHDLZ w1IbrXQdbtoks9WVtqjVSutiX1Yf07JQCK20WeGfaVfwvmd54VWBNypXSce1RRhZ Ek0uX5FGd71l59FYucHQ6TNPbS1fptvSfsiaCqPzU5Tqk1XLBMpdwHrJQU605usd T4no88uZnmoWE794m7CZ81ZpxhluRB3Dp67znf3gEYSFpTvtRvhRc/e7lBBmPWZH NY+bvMfrfnWwgkR57Y3wrKLMMcUfH/R1PcXQ1KbLA4FGkUUvc6lVW2u+wfHX1xX/ s3ht5TA4CJ1tubjVmaSFViifQDs5BHADZHVmSPdmpDVjogtBRYnDVNqIEZPWqdya eAlLLPLNjthzVWmnWF8bBew5sWsjlV5aw+Ly5tCC472KLLM+t2NcVB44OcBa/BSE p/vh3TEsoZ/m+UfK8EGLqNVs2vPZhuVW9i19cN/5ALp497jj7Pdq/LY19x8VIrjV EqbFPWIKeRDcBIvh4R1+0Z6nlHvILjv1NlNABnKqHwfjCQicvOaE7OlJ3QWWbBjC dtOkxhC9+gBqDlq1YWgwbEzDPcFVzcCmTPH9wHhshcmp25O7lxqSxONeNcGMKy17 yBSrKmaQr1escqeLJLH/yofTni7sb+xeohrz+YYJraXlcdLgSK6BzpF7wpWhMB7c Kyc5T3ReUPHrm8RIcaccjIwgxxyJ8YW3iCpH2s+vdaJnEC1Aa6D+53+0aCFg0/2g asqTZ/iLws+bFux6MrNs8cohuvtF8Y6A/++cp40kp+PtSN8G7+g1CmkdZZdMg5u5 9J8s8SIrSbVj3y8eH/DSWGQ0gMc+NYLaWBXNReVPndwWP7aqXjLysuRAVVgOFvJa zrwFU3JeUphCtGTht785hFePHTZ5IZBw+DAxvWHGX/5sIBokYH9E6l224r3ikUXU DApjB42XlcYwo386TU6OUzfE8xHaJ7o+nW09t6sWy99M+BYngsu5ghjqIz7EAZjU Gillmor, et al. Expires 16 March 2024 [Page 130] Internet-Draft Cryptographic MIME Header Protection September 2023 BEB4pDKLcVf5tXVKSOSeIA/nauOxb8y+xve2ZkY8UARMwrtt7mqgqYgB6/gLD7Ah Rw/Zs0+oQiNqv7XTY9clU/FfAQlRYiiz8o9fU783ccpsuw0PcgtnHWqyrw5I4vl4 fRHOIu+dIl3Bl8fbPQnoVJkxbLTvG9plaXf4fKPpYsR1zjIOSFSqimx/ogkNjlaq 4eG8h+lcyFIT2fmz4Pekl1uASudAGGQn4AGPu/d9FsM6LJv0loYzcQVI13F1ASgz Eo8/ks2dfhjeiMfHkGl5aFybZAmd1f/sEtbUX5rCGkf0REfa17TC2NpB+OVSIJKI V8sLYNVsZc9eiBJTli81ZWUPzNaFtyk8zRcmd1OzUIvpESNve8x/USztcqIpMIwX N2mlj8D1qwnFIOqgHEoMgWx3Dm9EMD5xjgCA9f1Q9dkD2WHVv62DnMUnSuYH3NKi 4fZ5EGXTNezry4SpXmgLiEOGpiXz/wSLP+/n4RvNfJ4DE0D27wiHchvTAyW8IJgo 9uJU/KuVEk+cmUVwAbqWimq2XpY4TyopHyVjSFy7a8iaYs/sd+u2E2EEfXiyVra5 UsJmo/RdgZSCt0yLcYAKsO3gpXW1KSthrAUFYbSDlg7g5nQ9y2JyLsZGhjM+c1/I 6fEhOucX0MBaqMWpS31pMw8LUKSKOdiMXS+OlKzALyg3X1ObR1yK6PNK4XWs7L0+ a8nAdbRwoasr6SrenKYuTPkuRhLEkj0k+V4B7ilY8xGYuYjiZkxYxpZBwB8AM07m ck4fGBGOOYdaGhraRy4DImP8SzVebtEj7i4wN7s+fHs3c8d7c6QuKOJhicyK6Hj+ spmo/oEd8vsvHieyu056IHduU4aeDkVoTYN2ks7itpuAv9wMOv6It2r4fob/aRSx ExuZeT+RW/qnFpLDiUXa/z5VYZH32Ea6W/MUjoLc6VqzfGScE0FKJte+XiasJ8BG yLuotJvLI5hCIz8gW8M4nSo8yly9VeyZ7Fn/DLsoJ32jQpYmhUjKjtNzqLcq6Wti B.3.13. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9665 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6148 bytes ⇩ (unwraps to) └┬╴message/rfc822 inline 1923 bytes └┬╴multipart/mixed 1818 bytes ├┬╴multipart/alternative 1132 bytes │├─╴text/plain 375 bytes │└─╴text/html 473 bytes └─╴image/png inline 232 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice Gillmor, et al. Expires 16 March 2024 [Page 131] Internet-Draft Cryptographic MIME Header Protection September 2023 To: Bob Date: Sat, 20 Feb 2021 12:08:02 -0500 User-Agent: Sample MUA Version 1.0 MIIb3AYJKoZIhvcNAQcDoIIbzTCCG8kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAHpthaX3pLTY1dQEpjs916ELlnCWjEQaqMJC b7U14ds6WpcbE+m7YotdmTDc6sMudcq8QWt13YfuveYJMPp88TnfLOJlmxvh16zM pBvxeDudVMaVk5AhRsIDeZy7XejbTUQbLvKNsfYaWpzcFQgw4pTbSj8adkH9ktJn BpOb9B1gknnHni97slF+6wc8y6UClQmwSV6M3rFRhdx/QIT1Y+JsO8Za7ByfwWzZ 8mgmKCW1WhQKutZUZes335ES6TFg/rXQwZfC/g3K2gDVWQJ2KOGoJfd+3gV8UhG7 XGwzJHn2H16D0+ryfmLqlEpdpH/n7lxL0etM9wJmyXGCbxNfODQwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAldsl+A7Bcif3coy6a1u5rzdj R5dLE46I2ScGw8LvTkwXyGnpR4KoNvWvkQLJ7kbXAYLg+Td3abYLDxibz4s9DqLs 6fMo45Sdrifv4TLZ3JyPl5Yc/ZjpjWcF6h35foI9SPuGOSeMD6nYX/d+Baa0Lxlm ncAHYq+KUWhmWmkw2xDmiY6QWQgo1+Og+XLtVhbgjiHGJ+bYeVQLuQgq9Tn1vIHi 8EcvqA6lXaP80AOPS1Tl3Dph1MQaU7yEySyasiRSVlYA45iEA96JiPdLvdneG/2D cLzhkZigGZHVvH+ZpPnr33S8BcTQG4W/ZHLwOmNB/To+JnAcSYoziSp78qs/7TCC GK4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPEfWWrJtkXQczxhrK23VBSAghiA aS2akkBo7J9AIkHtSGeZno2vqidZXAF44XYi6sQysoQgX9G4Ovywjq23qbXFxShT d9JP1tZcoL7KXlyCfHN+ua74NUetNTmykoElZY5A8dzmPkdITjZcUEeEYiWk2t+b VWP3qeCIFmL/NVAkIF9v8/VLns17uzop/bx/lbV0GRWkc1ipS/75ZIY7jzHpognM /6lpOKEJ6DYjOUJJS+cY7SfDy4dVudowyiFBrEPeUXJKUe95R4CmAiByVnO9oFf9 7g3HiiIEJI3IMjNGTgloeXTVINkoNIJu9FGRZn7W84mZ9J6mPTjtY1vSCZlkr/U5 eGA406ZJWU/y3ZijDfRdhQIScUjg9GhMovYHTYfAR4GF+HTbNHt+eRj7pqWRMetq febcQhuqnMMiossq6zTSnD5ayVbKeDJTdwnQjdR+Cyg1L+AVM202LlZwziW/Yetb 57/s/DR0KNjhwRhUYYNhQ65g128BoI7MuaySnkMAqtcmnmAfMhQb4R6reVFA9fLU sCuN1MKsFmFKgSJwNWbBehlofCp3gvdApXBXMwCNLZLIprA/n/6uzTe3+EsJeX0B vLlYVkNaS2/MwbbObqijmgjR2Y0l+hlwOUmXDTG2tFQkVEHcaEQogZ/Wf5Kamvny kzrxGZBdjUWQ78DOWhRWcmczTuhYR05IIb31y8r8wUoybRydTl3EdRCXy8OC3PS+ EeZ7H/2Pv0TnQySjAT1OP8LGliiRg0LWmROmaQ0CHr6HU8o6mQHyaC5J8Km3mSEW 7krJMqL1e6ecYCPXOi6Asur22Rh41pyHwo7dgtvuKf3IpP8KQOSSD1gUkC9WUTPp qP22f5R0JmE0tliw4h38DSLQC2M7uGmByCzXw4YSggF2paW54gQuDKEay229lpMX mXIbUTdjVDymXuOBv4R+t8rcV09x8YY/DbqoGBKkY8F/SVrx1vlENIba04MEUe1z xUkP+1cA6KdrPcTHjKAhR4Vq35XANyJG2T4NhF/kF+O9OQu4UupdB/wgjJZZ2HJc XjQlQxS+f/Y5KsPNdkax8lDMwf9aSOSQIpYpm5PqjjHxnA62n9ho/hwXnk++61c/ 3ZJWp0ck0pBqhx4rbQwMVlPcO8zl7qYK2LVDPVyhkvUB61EK0gToOE615MlmmUUE PC8NtmwjfC/rXFRIPI4gwYNCqn0BmGB91hXWTrmbNVT3H+wfshod48QuVr7bsvOf DAmtDZM6eYWoAIUrOgoAg8OcZ+sPg6OzeiMoe7VENTa3m0whXHOTLxGoe4VBtQuz 52PTK+4a26qICcnAZvx4C2AgEba/sdUOKDjg53kR+JsQPPqS6/JVuL31eki9tGeo UXnbhk5ZKUboXj+nQCWwrKkreNEgV5fsHgeZwY3/+FXm6pk9qQ+/f++S5cnBm/Se iSvKwkAXzcf9/lGSgM/EKg6AcX4/4Lyr7sNOtIyZhLaVfsceLAU1oprJ53hED4HC 6E2CuFllF+EwIYAaTQGpAvuJPfH/IiGy8qbaY9foYbO1WKjnumHdyoGwXHw5CdFf KiF0zW1a6fjvM+Z4ld7SeKv+TzRp/cjVr7GavRHEp4EG53EQc9CIXLqmz32Ep3ph kMsqm/REp/VswvSaoxG/YV82zgdK3POhTESIAB85awrPmfj6mCOu+ypnLYuua8mo Gillmor, et al. Expires 16 March 2024 [Page 132] Internet-Draft Cryptographic MIME Header Protection September 2023 ZNqIleDvcofTguOy68I5cI0QGLog8915R8umqPZcRPpA8I9gotIqkvUyPQHczLfL oIHnLKwe7WxHcQQdbQaKuz5YAIewUz3RF32g4qmr6d7C/MdkDGQi7+d9+wp9wbDX L5klauXJDzsNiz4E2wrpOrzuRF7vMrc6VoIxjSco4gkBI4ANZCwtqB+H+Ci8ubwT VUQ+jDIpt5q50EXMEfqnzdpQ0tBWgwNS0b7vguUec//5MzGNx69rnaw+06zkjzri JEmsTZiXPrwEhse3yu+N6xAHtCF2/CiYgeHio0/toJyXpmbRsC/MaeWtHgd07KXj LMC1fnTPUn30/aR17rISnLWhcezEHEv0h61K5mABH9VI/wUywoiQuigl34WCDHa/ Q0hpUc/wC/rFsHK34ZWSj5MAKtdXacbZT2ck8yK2HJRPda1lzRurZd/A+rCebXRn q/yHz8t/NYxz8n0mGRKpwu57Sdt+eASt7YJ9laLMYfSd7cJzO+8rhJKXxU0eSFdr NryDjHMvoN5nPle7UFcu1Rt1kfjRnTyjw92wiTxskGeG4/HLc+Zlg85YMXq9thhh +gtRMVrVsahRty8rRLglJmmZOXYT4/i2e+mqPTOgngCABmnU1CkAvfwo6QVAYpTN tTjEbS0dQ9FBPqppQ9Npyv2bpfPJPIf0tCTClO6JPCC+73agjOyQXT9zHvcQibNY WWsvh7ri3wm2RYEbsheP7cPePWS/raFKNdRIRBcyqTcpV3YIBgiY229EmJMXagKr 3Z4KgNT6RdSwrLMOxbdHU88yK6OMRMfHOgHrPinFT81j0oiw4uxnmFnXUqcWXaC0 gv9Vl/z8PvQE/YgY9uQNwbC/UEcZ7GttnxEZdVk8nuJeFYr4o4/wJAbVcMKWh8JM V21ERzWoTjv82VuBGSRFQw6KlLMUQAfZF0q+hnLzdTBjT945GXiRkeHcENxsdC1H br+HW2bg56ZTVerczUKODuHQtviQRl9oV+7uWv2BCEu5SwM05rEOjwKMIE04zgKc CWflGpudQKJXXs24iQiMzPU3ZCxokBgqz/eQxcQAPk1rFcmGJvvGj6oN+FsjcXtR jAZUnr+WumYu9f3GcTm1emtRqnnMALVzp0sJ6XDmIh0xhey7UCWDwodz0w7P+IhJ J8M4vvPwj5f7OsVx29lhsZV/hBXgS9WW8anSrLLHYH6+o1tiSHEQKgHFQ2MdPwzk xNtcmpGHeH9TJtiseGbU5hsYzeSJ8kbphKcHO6gL76h6XXOcZpXNywo0TYTDcH1C BNBIdskqGrL8gd6IoeP7fjG6f4syoeYjWhCM3RXgR2tNamFxD1P1lQeX/A1/WQ4p p5bRsC9itl/uiMjVM/fic6eslIJ6XOGpYACPjqrt6JoCOEP+e4fHW5tjajaVbk+F jl4aZ3e5/WvYwJzkUulTuywdp79Sejk9kil/RAzvSOS2v+40sWXoFFdr1TRtazlP gciRlOsTAT5y4uiL8Yi+IPO8SjS6C/mbpyAfIFgY4cWu309zo656GNlOyEqBQSVg bVYJEXeJ4dcix2LloMbNDoJfiFQz+pmyB2mPGYrktDG0hwV2w8CPHCOhEg4yCV8R JoZRLQiix/6WL4mTIy9dLsMruRq6CaQCauiu5XUB8P+aPVuilx0WxwVfWdEcX4if Ns57xmGj5mNaCjSrtaW++043bfXR9NQQr788cReltBMTdEZCVZdQJ6/K0idnWfaj CYiZ6kE9KUe2phZxbq2J7Rhk06dq4qicFYZAqvjXsxbOdJapQNWtM1HOE01MA6aQ uOgZq8CWvVwZMRE/KRF8RPYgrhVPnfB6TVUoTdGRLgnz4S7dqwz6q9H86Jd2Fz86 W212B+LIrBkZGWgmz6QNMT2g85LaC5GnqMLKwsSf/cBUWc2rBjwYk0xb8jEmZwv1 8mz5o8YJN80qMAKyeL4aDF4naa6RPoBUavZP0bLAX8YHasz+85D9lRPSrNWerI64 SqRRS2OQfQCASnpGv60IAGbLmNn3URRIcRfVP32kgLqk78cuSxlg/qhwvStNbdxL AkISRZdOd+ajyU+y1JFRFmcMRDlDef5gTtJ4vWNKWiThJy5qPyW29NkKxBkU/6F0 0Z90MjUznhx6v5DJhIuxKL/v2OZ8VB0oDfcMIdu6XC5x93NQoJmyxP6R8MHHiK+v WYeVVPHfWtDbfd6dfKhyVyXO7w3pk/8tpruc2vwoe0uG/f0fCTUG1xCpCahTGJYg Dm1/+X1gFWJUthK9NMZ6GouF+DJuNKaBBxQu9nJfHmUzzl+4eQf1bcKgQk9BjuVl 1zWXZeKNGXRIEaiVO2E87/m6fqRx9Yv9me9QIhlmVvt2687/eoV5CteRKzL7+RIW uMb9lNatVjX9pIv5ZZ9W9le1wJasoc4sqKYhG+GNuVl7cir1xwmjJcZD6rHgjF2D xCDwrKPudpbxkZL11eF7QYzvqylmgQx2v0cbshfIEovZAbD1zWzdqvpJSrWEDs5q sXPdN36TAWVF5Rod1fueIo7bv0tCGQ0zrYu4FHPDLe9a7uGWZs4kzAnQBSKGKrJR METU1btrMvybibgU+8/Z5JA+4hbQsxjGAvpwLitXcPmO5By0dULQBdRlHXXMd2mF Q8XuScWoGQDxeCqOj4VGgGAUZEj8iW2UyU/q6vuSfzA3TAMl0cu0dz7/WQxdqw+g hYQx4N26R3DG4c8B5plDcEENHZhBkkeEcAyCql7jDpPqwdxxaSHM4HjcibrgD/mN HDyVgwbyy+aiucg3aq6EfpZHM16DVA+uwHs0WN5cqByrJqAiI2AWa9/rCoiXtTkZ b/hJbDIXlNZ2b8s8wZzt/MOeqyMRaDuR3LiGuX18y79ImYk8qr4bAcsdsl5zlGHs +5Zuzs3K3MEAMW2ff9c6QUmfkMGmdKtMtG/hdiqFcpzbXlSmxgZVw4EM1/OLftTI Y/6k4QuE+TXh2OOeNl5VGEMYam6+AMjWPC9u1I/AtMy5y3yOcuouRXayBqpfy5Hg xbxzoQGhUqg7P+Pn0MPjUn5bQdbHfnbyK4kv5sGQrocQ4Oqtk7VODaEx0mcm0wN3 Gillmor, et al. Expires 16 March 2024 [Page 133] Internet-Draft Cryptographic MIME Header Protection September 2023 Zs7jzcVxRC6bZtH5yxR5zDdqzsH7qqXHRe8OZ4yhvc4mokrQrswiIL5kFt43gL3y h/cIlBp4KBX6pqf1IzoFuiO9scgFVRvtHygsgQ+UqWwuq8xMWgXFaHuy9jrrPUls iV2hQ96pKCkERQkt519xMKmT8/w7neq5rUUyOtCgLcT/E6NMwmpyZv4F8BQoHeAO 69PHQ7dg2uDeKAyy7szDr7EPA/1Jc/AiRRX30ohPEc6xqiYFO6U4Mc+Wrf15oW/2 SFuh5+2j09W1y0XVMSM9vXGfb1wiIp3QZqWUfavm4C0NyXLjfCkNg/M/rIjRFJXr sToHAyus3wrRT+UVN4ARzT4thfejIx65026NFyAE8qeZNd/cgqcCLOzX0Wuh2uI7 opkl0J2QCYuxsHHQf93VcnwuLhh8669HdPTuInw0poWzmy6nUTWifZ/MXIqq3WcG E8mkjQpsl2vGJfHPAsW43/cwJ83dI1LKzJA0XHaURU9C0yvzblaU8QO47t2q6Ne1 FLdOIHwGPSvBbhw292F14iT2oSe3CQ8QjfKRW3686zJMlsjjjRLL1JtnAUOeIyNX OwXB4pb6m2emOZWfp052z13bmAVc9/Ja5Ikgf8pCgL004WZpKF4kJ+7wuoIbwfsx mu5aD3C3+wzRZ5d8KEDuLGY6EgtSmhGw3jBUOS8hML62lYiuqAwiTZL1mmXjcmY/ nB/YncK44CBsJelOJyInx6trRM9Buwo3K9+Ul7e/QlZgri1Zph5InrB0d+vO+bSy iqYu3lF/lAQplxijK3siURdEUWXYwl0T2qbHRhJO3MwvSi/lHz2jFdl6llJTC40e vBPfwOt3wv47assyifSqlVL4wKGkpN69kjmvwQzfBO2oSxoYebosX0v1OCjHTpvz Eg6986NX5P7sXt9LlQ48xBmrSjaB2Nmh2Vwhxt0/nNd4yyMUHpaGC/Hht/pnUlU6 2fTGCqA1LOxmZT72lb8OSPkt6quZ+8xDbpX/183FsM9Bt3/m8x7Nxk6HRHj+GVsv Zo5epA+EX5gQNZ/EFg5FoNUuXu/j15AwMF5tl6XoLxuyjdIdT0TkJ2/fYXqAjmWq IV8IaPJpiJQ8jjuEPNean4Uu3UI5d14katc8yW9HvTd3ANXpAO6Jzl+ujhPkRsdr 9xSuV63fNXg60C2wrFU/B2E/rAf7fPllZ1atvIb6AksnwXHaR2+apyI4tgoBEqqN eHS5rqgr/vtEAYybOrz5bzQo9ZLBvqQ6Sy6ijaNbJJU72OMwlfNHdTUhYpeMcqy6 RhLOrFX/OwyRecOYtyJm+8N4/nmea2gg4bdN2ajET9GXbEuIwBLUxYEpg22XIrIu iC+Xqm7E+vcG0DynGLW5AR2HVRKnNFeUerCE0Mi3lns0tbpls8FH8cLIEzpU/6Jr 4+A711E2aY30HIbXcMhGVkFRFKawZllGSY/3A0/zuWcPLRfvfI9iIcO+73fDrXwg CUg2KoHBh81rwMDzx9HBEThByO++sY+8FdYPtC5EmMHS2gICDSfcmiI8dC5J2bla Zfv2s5rw8lFMWx3IjmAt84jPNjFvXoCm1bWJnhX2YZP3l2MZdVRq1RQWlSZ9eQFp WyYA4Dohp27izdz8Hk1l62EMEsyjumHHdFl8ZuYlGETLFyzJcJjJb4THJbi2S+yp Z+83HZoTX9OWYh2M3/Si5jUuVxs0KSM8odJDNE+zbRmzgKLih19EWkFRaEPGld1H q8uMXq0CHByd303MVR3z+WPQE+tZOxHjhtMVION/5cfKTqO4UWVTYup8pUYa8Ea0 4RvHlDc6V7HARTWo7lai6vm81p3U1oOvVqIX9j7mx5+WLmPznM7KcIFCIQihXANM Eu1/tbpFG6sOGgVacHsz84P3laZZuFe6i+gjlz+Xr2PjNgshZJOHzLtuTuWsBMdw l2AoUC0A+icf5564zgsyYJ6I5iqKvFdL00zoVMElSpFqCdEkA5IHYfPnIlwsAMnp oqjcoxfwoXnDKxKFjS2Qhae3Iqnn64YDxCD+gtxHPe9QMRFQvbM52yPxLGPwrayr 1YhDipe4Nh67gYRaNdsmG7hnVA6zlGhaEyPaP5AJ+YsuH85cMV7Ck11H19JFcx3l 7ZCjw5FQGx5ThOoZBJeEp24yO9YPRnlo8Sy9gAhIc34ZeBoFfx08F1hu/Ii55n+c yme3YGUazZhErIP8TwoSes0daEXzSn8oGwWspxRP282frfyUAhe8W9OUlKgLl2FI bRZiV9S/F/QgoDkpxo1T2z1rMoAsOQ95Oy/9XtNw7ywsbLJVIVXNv0KCK+S79eIY XxCvDW1ZSOLAxZKdstP9ZZiAqkC5bANpMFZlEUPxBSJCBEb1cav4k7NV4fTYNQ4V Niy8WS/OUMFWZHw5BITRjRx2bwmvaSEKuPPiGtZ4lQV8j/jguZyZp5oH6pkGlC2B AoixTqj4y9w6DbC5ruYke0o0px/nkH5V6NHGOdDzuyEPtkmYVkqMezNDnx1qynqV QrPZIvsHT97MYbzj58Y8DbTx/hBr/uJ+ya39MsR+N+vpBV9t3ubM9i9l906akTWg rBbNwdU0ayL0R4q/TlmDYVmSOc1xDwVe8kLD9vMiNcwobOkzxZK7J2Qcq4cromDf 8vNMzjYu4DmR7WaE9wfzUk3FpixeWJrhJpdNC9cUaZ3I6y7RSNl43mKdZF54x6JX AnSbwNE6dtuLKa07MutWuq2MbBDQDIgxattEmnRniwOjClKdQYKtJM4MOQVfUTy2 xubs/4wjIS+YOdmH1XGlnXP9N2SmFqE1puBJ/5hdp1BOIFGHUj7KUra7lN/TqtRU e3NjQlC5VbbYNIxvcSsKqaVBlESsxgEuC8pmJ4N8FBVclWekXo5kn1NevMFJphMO Fv9gyRo7NDCNRY7oY2yzyhnoZN1FHQr7GxeaeKseOtNc7kM1QMeCdhZ53wPyLJ81 lG4lCHDePQ1RtI/Kg3foHyNG4bvQ3vgPPt9s4T5fX7GStMQxh770i2Njo9OdNidJ 2+eyVuGFwwP4PNeEqEYe8iCGygDbGxh/I02zBPV3UgFpx/eWWx7Fwm9VBu8I3NYT Gillmor, et al. Expires 16 March 2024 [Page 134] Internet-Draft Cryptographic MIME Header Protection September 2023 0OAtTUB0KWDXFZ+02uwKwZ1+Z8FBStB+HLuP5c03Iwo4gDkWWbSP2SoIeDnC0fbF nAOHb8tHJ8AbeJGcnaE23nsgI+dal62PL623w72uvK6SFvPNS+q93uPxNNKmh7lu rq0hQiaDtBSgSYRa1oLuA8Cuh2+K+AUKIc5mnC3VRpje/QqISgU6q/3tQ7LE/bip qJONE7TiWw8hKRhOPgqRuLVDpYk8qaqujTt76rVZwY3Dd0rc5bXljTp7YZpMKeg+ 3YStlo2zgFrMc3niyYZsDPoNsZhxUJFLMIynBQO3+HpX1ve8WbyKJ5WqkS5E0Hl8 rHmLEJrQ4PYsu8yFosaRtfDDMfWA+pYSgnHSw9VAxlXS4Fs4uSPbprbuSNo+ARpY PlM97viQDUdxB4co3vcChQYRv+j5fzxE0nd2ceKTj9XJ3RrufrA5KhBB47OOXxVj HNp5W2ERPEBIRszF3p2J/V1HqRDd26MrORwfpZ4r5Jmv91NxKZyw+mnZqm+Sf0PF /X9g5MCZtCrPWFH1AiRB8S2XUvbQMjh2c4BWPExc1Dw= B.3.14. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9620 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6114 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1848 bytes ├┬╴multipart/alternative 1136 bytes │├─╴text/plain 387 bytes │└─╴text/html 482 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:09:02 -0500 User-Agent: Sample MUA Version 1.0 MIIbvAYJKoZIhvcNAQcDoIIbrTCCG6kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBADkVMpcJRfEa4tT386C5ia35Oz07sK9g9yn1 Gillmor, et al. Expires 16 March 2024 [Page 135] Internet-Draft Cryptographic MIME Header Protection September 2023 vdGRpk9pUDu1dIeio6wLIzCtwl4TtjfxJ3m9sEL0KDMSszkV0AANUZwxl576jpM7 qEl/7d2D+WXVGAI56Oe6ihINfrnPUJmk6BCj2Vk9918mX2FaDTtCQsVnrK/gDNu6 c8b8uJJbjeqbuDN8cyhATJA2+qSl/Fhoxieu2uiYU2CRjTfGELUOB5ReaksOxw9g ICfc55w7fuiIpTo7egwLaPaA3m4yUGoQSfoe+FZm4tCpsyIufBR3YXRVmPFMS2Qf k5G6ZQnLkxynZ3SEy+XjqO4q3HZS+3ylb3ikQlo+7umpZI/eQ3kwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAafaf6lhcWl9exMGYiSEijqEQ wFqMkjInWObOGS4Tng36oAAiGiLJ3JBV4QEgcjr/FhJ6A1HeN/LFxBMhYBXiMrqm d3HVnDtlWSNOcEoyECUeaAPQxVKbvXCPGgsts59nCtEZwE2Ct58RLkd43lBAEt03 TPqKfzo7u0wADP1KHfxSpzJwmpj6HP2pKNaVZNKN9w4ZTMHCwDRwR+3WXb+kwlp0 7ChjrmpLPuWRhRE1ljniRdx1tM8R6OlmbB/6rjtpRXbKZH6jTYBRmOnzHJg9wsMo WfGn/uYtvIegq4e2v/H5peA14Fp79u8ndV7c7xyPsGDbVjNARvy5hfYQF/m72jCC GI4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBxcSQvgHyVtT5BnVpnby6uAghhg I79rjVcQLwsmWeOaVCPz8zezMot4x7NhxWfX0RKueazhiW880A8ASrDW+77sbq83 HMur9uth951A3ICkuqZfb/Pj4GTxR2TNYDqiv5R79Wc0yf4gG2Gb/Kq7CE97/6pE /9U65LLuMDXIdL1Z73rlxjjtN7LVJ8HN8PuUgtT8gIEnw09IIp7aSh0T/xaV4F0L Bahsnd4oRINgxXYE0gJB/vO0rDpL5UxLwCoS4odsalPUY4M/03+IqoIuaJv8nakO qrzULjcy7XFNxQCvVP8UDntvjoTZ7+RB4sLmRNd5qIp9R56dXjUMY8zizE9qR0LI B4f4fp5IcCxU78UO+JRu7IPJYbD+0Xctx2pEOYwdl79cK3AErM2wSOf9xuQt//s2 CquqezZyeFs/i+WVqCjuSBJU0pnRS1gZvz3B6ulBPK/qehAGFpR5LHbulfjWelny 0svqhMcozSvTBm7xf9sIlSF0Xdl3G7cdHXHsyYc8v4huclggFvcd/5vXO+QCetkh H9vThqYQFd8tno4miPI1P7KvtypnLUeREpFt2pkuvy4pZl+Z2J6cZI3DaoKvjI/M 4Nhh5SiqtwrM4ZTweTwCojjvdr4iEWRLQ3KscA3X41AKm2XqoNNASzhLw45bj3t5 nJiAVobe4EiCefuqp0gq61Pz5WyePO2u/uG3mZKCsouebdQEl4xhRub/aHaq70nK cXLnAV8knPXcA38r7h3lAGgCc2ZB1CQiXs6ewaNz8oJPr+P5dd6TALhtev9Z8pz5 YeNWY95AmMMNAvsFWAq4SGALAp2hH3w2yJTu6F04Caacxouy9bB9MAanJfxS+i1/ gkU4dn/3Em+wM0tEPznYckcrsFi+bQMyE6/DWiya1ykCTr7IlTQGep71wsDaX5Qb mfnhBDo7vOzGkqvchMMAxgD6HKBPojdvnMCmFMVAv33jErGGGkLxV61QntInFt6P K9aGiS9EbU0v2spQQJZ8gXJRBwAP7E0c40EoDkSVnx2XBZD9CatzPnbgf7lgWdFS tCka7NXluuRUV/R1GWA2AArMHWpAECzTdVfkQ9nSNqkeyZbcPazgr7WUKXM6SNEb KgchxJTCfQ6dJC/+dD9MCJH8FNN7j4lCgJ/Uaf8FeSHnvGnAhPogjqrENYjJM/gh czK0XK2x3hzgq1f7If5CUqD41C0yzHAlfHolKZQprZHJXw9+QhjHzcJ+uKovp+3x mu5iWxhHpwF54Eo0OD97Z81UDdSeypk8OwazoIKgFXm99jeBgv9TDhXQYwUIfAF5 Qnpp/CR1d6mfyv6wAAw//K+/fwz0PwK4RuXSg0upbodg9dM9O+dFOAidpd5Ruu/t pGnP94ytVLIouSKq8rM/ZP0Gl51fLB56Ps7JjadBOFPz6nepHkMDwEZu5U8tqOq/ akx6ZakjqkTIVkhHC/HSypAC9d13AYm8XV/uAjOCpGiAZpLh9/lNqpVSadeQ/Zjl 8ZDJg6usgfxm9DPTvpxQ8+KuQMNY8vWJRrn6HCnoTh6eE44Om0ot94prlFOLLUuT BANmXOYxSHPJ7IAduMUUVh6h2JMIhiVkfP+mZj/4Sy9iBc/8DS0SgpVlc1etv7F3 fGkzsDrMrdMT3YwxpF5dX9k8rIabWYOl03YVHdfPUNK6r9sd1asvGqXVenMBANuv ZhHPs8NtYgdbRfOAfrtaEsE6SNubEUI1ndJiDZE6hOdfIbOQ92++95XmEneODZOl 6kXy1HeheBzeOCe1w6TXxhkTaSBPcr9GRBeXoTThiLev4jZG4LDjRU39hZiGKJQB 5hJBnL5DBfEy8uR9xNcHHZpcBSnWg7FWfSNOlywaCFmOKXrJp4oZjvVn3hdzWRP+ H50Wi7BNh83CSxqGEGuw3gnSrZtzcpnt3/pbNJOvBfIl4RE39eVZuDT3d3n/1Qho ae2X6PhEG0MMgSObXZzL7cYsQ0itfsLJUDLaoJXT7tTHhhyaxNUY6Aqk8R0d6FC+ 07T6EL5cZQ5pg9ERt24WLufIQrUGah/nE6+ebdjlGmc2DF+NM/+VGcLJ+3CSzu0e fCxi3lBhvGr6/62CFjPk5XMR3xRrnVlxgj/7A42/tFpOFiOQ7OI2Kp7xl4y1cdoP LmLP/6PgY498fadbyWqDEWnICOM60W5B+T12/p9d0U0MZOafSmSKLO+5TSzjT7Jc Gillmor, et al. Expires 16 March 2024 [Page 136] Internet-Draft Cryptographic MIME Header Protection September 2023 xptzejYn0T0t1/dwsYCsmvu8NRCsEAU7B02ZrTbzau98CrSOEQP51LJ0ploRv14w qXA5Qwm9prF9NS0u5pVN03iEqFGBYv2t/z1hWC8H2gJaV/0hqY6RcIsGWS9C6LHE qhX2OmpHao31ElBit6XdWq7iDtpjwtQPJv6USeFbCxuqk9xSGe6cBHeS1MQh3xBH 0z75ey41DSTO+B4IwWjzHQM+JS9/edI2wq/yezQGpF0U+mULZk9OOWTUXpacnx66 DbOyeglPiA8tYZPR47nHoNFEW4nGeF6gjHpWjse/a0c6Jx1ALd60QN6cpKrJfb+8 y/Lkn1V4xgFHcsG1C3GNyMDTvA7A3CDCdCALCdXD5vlOFHwLJIemygKspPIBZIP7 v2mXqheE4arG06MTu5sCAPYB8L220WjdpGy9Q5c9lay52DvH65JnnfsrtopkKSfU RuVo2eNrGKKSseL3wFUS/xjmSvYJDWDVScT/KNtRWi8FDuLw+lCq/eOC/CaQ95a/ X6rKyGuE1mUYLe1fiFJ86zZKhQ19+LOMjituykizW68szy+5axC62aBP/Q6Dv+Vm 2NlOVssZubRNnFvzq+Sx2Mr2GdnLC3wb/zFnYe3Ctm4WSJ72khpBfH66s6gzPZC9 RXJdghEHdV8HiQ1YR1YrLlQfwON28p7PpMcOIJ7cemv1V93L1/ysxppMA3CZIm4Q ROUIAG7s5pl/j1G3D6wHmkibNs3uUS4S5TuZT52assAMpQPJMl2tF+ubwEtRqhiA 6s2u4jNOqEWyzCDNitKGzjtw8ifBVm0PDHRGtI9WFemCWtlppNto4RlKf8NjOfPf lupXyISaAFEGggwbxx/o2WraNc9pOq7COjZZFAGw2DPA6eyC3yKcLT3GuiNGuDlp DrzlrEfo2thkAyqsyG5lMNkzooihi7InouvIgUCmshAEr1qrjwGeBrcsdVNKur0E kEQFLtI3PycbnBxC4q6V3VjyNHL5oscmbqxoFVaMIbK3ApXNzuWwl6hsMI1tHeTu zWAMuMnGlKbgL09iHUaTvUhzMaaKlR/dZWG1J420tB3L9aEud6lU4IhdEz1EjC1d 7VEti422OQzeYU16Tg5WiHU/MxmsqOQsB09A0kHbZ99nGeGsUNU5k9xfF2oVlfsD kKnNrdNq6xD+Bp3iFxjLxMsr6HzXNaAQTRjTB8EaqCAp4BgkT9j9xMsUIY185eFu SI7Jgze8WAGAHQ9WSY2QxVbjO5I0Slz8ZNy2Fv7JeDkCsePALuKCdDXNlPHRoxsa bcpXn1oiJAb+PM0V4AGYoR3jy9+NznK1KeHYGi8lFA4I8uI7ukS9VBm89BHNGYI0 ajV82mXIessCtaSClGjy5vWNIFrYyHKWNdxd/vQgwV09EAfbhD5Q3X1SiwvCvdvl hQRWAF9E3GMXAg7q93r23Q/cIQpkaDHzOK+p637fnaEawuSDU5pTANgz5NdNSAPe Df8unnMf1L7cwlO0ED9WO5JHa1TZBMZejB0G2+074YE2HzZm5omS6fomxsQ5Ldoe jaCAMDTFXy9SaM1H/0R45750cyD+2xrJAWtgzam7JUiSeeWdpXdnTgkt7nrrpE9T eHHbf3v79yWBnq6ov2N2bUii8uoyZmGrnT8pRC6/0814qwZWm3GxsB4WBv/0EmTr 20ARsnc9A/ve9EO4TcsMLzBBPV8P8PouFoqK6O01+QATE8cBY3GekqAXAir7r1Nv Vlnz8UKFQt+KoDyZakAyxk6/haJajS9vKnRfJFNs12w9Yp1lbQsQXwaLwu6y2EQP V1ph2IN6BH1+v52YtLQ6ntEIcX7wBEwlcJCcQAMILW9OSuwIrIYXSkDaQ3Sw+YDz oNRiHneHKaW7HevSOZY+Kk/A6XozbAXxeuJv/LeCWALBXbz7r1kd9p/0t7M69bJR ysTKvNcnBEbHgMK7eggzqd8saboT++vWnO0Ye5VV2Jcg2FOm4x1rgscniJZnxUUR 92619lqtfVNV/rjcDymU5mKGT1+lAU+LqS5/oT8adjEbAYyN1v92qSJPLQXeOBmJ McheNylR6WsAXo8oF8VJ8l8fwM3NptO439pKY9dXfVo0jH2FQXfCTyvlYZL4OhEF Y8Do9OPbiBaKtUllqH2hEUrogERXS7DLUloS0yA6jD78eDD8fGs0KYomHiaLws7L m6laUjiU3RglTQ44hZFhqlfM1zUgCXc94u0wXuRdpik2abxTmCqcWnzPZJFGK6Vk oF1vZLfve2b9fdG4EB7uuQ+Q9IVJrTui1bH5d9klS0A4fQ94Qo5Rcy2k9+xKU+Tn s7KUduEGalVl0BtzfCMpd1XbHLat2lnAlsspZwYY0UCfc5f6HNclyA0C+8fCCbnD f+tRvZ0KxpgGr2t6z6b+3dZNZUNNBQiEW9UIP+TOQEgdzR1YL9gg3BowpQlV+Koy dGFRKXcKDlyBPevC6jkf+GjE+ocDBtq12gCNlQlfE5mXQMtFi4uce0KThx98kx/L ZJEWOZvOoWSk7J+BhiWtbGt9yzeZJ6s29i+f8mtzyycmc85wJuzoPIv9dXmIyyXO NnnCNc2J3G6PydP/xNP4z5gcdVYwi96JC42Cc0uwRdZl8D5ONOLpZdLuEV4Y9vZu 86jLXnWdF5pIf2JqB8rDjrUtu61jptnqFWmcXOQonYmcjzyb+UUfo/cgAalZvK7W 4KzJ+NOdwZVLnYqlWA6XkQFmxKjVIm5TTYE905ylznpKfz6oeXRltKsxrzCJns3r WysdeDewoUczT3UbZ5X0S7AKtUI3By8+CHHzKWlU0ZWGk9+wZeJT4cJIDaRM6eUO v2YHnDxXyR8o5VhGlE/UxR9oC4iPrZYleAG7amMapIIKmb26ZOJYcyKuwjNg1Wlt mTzz0VI3tjsHXgPWHEMiZyI59esnDD1XucN86YfpT6W4PMHz3+LzTutcxMpx2Yhd OfMmDFITE7bkJ+6oQrLOa+BjScN6jRUQsxUegyrj0OYW2ze1o+gXAceznJzUX2hv V8C228zzHZUSNv6h+dRXdaztAu2QTtqPHFQawCqB3UX1u67Ulnlvxb7/JVshl2aS Gillmor, et al. Expires 16 March 2024 [Page 137] Internet-Draft Cryptographic MIME Header Protection September 2023 hkioncKVxXhHKSps9i9uZOGgzRwmCo3ih8WDkSDUeD8e4m8Sj9aCYvPEyNld442n HldVFGAnskP/hBeRYG56JJTN/W4Bzsy8b2K92ylQdZm1NVzwCBSp2r2k5eYGdPmO cOlwT5xUKkubKqQmpdAzBCeAJBhOUY9QuCtyP1CjZ6WVaFG/QVvaXbByiI/2OvIP Z5T0+lt8QB2kE05KXSYnWkxcyaelYHTkSdsTICUnmDgT6IyjGFuDfSguDtN0p6H9 1yCPKLElSNcL3z63fDngAivYZE0LyicVlnAGuKMzV5THg72IXU7V4N0WOff+dNDY 3jHsYCNYwYXW700r8golnfgZgBzzoEeUWGMhFHyubXoaJOBcZhRG3CPggPnUY8ij 20UXJYo2X2r7+pRRx6H7V1taYZA9os6VKoyM0i2V1cIYsOu1neXd3H+ejP1dzJYr 1blx2Cd2Fw4NmCUimekWxSFyhu5GPHcvqU00kA25Djktmsq9MKxZdtZ8WvNYnC4U sh5m8JjYPQqvELzvt+E1szengbK5sQUam7Iln1zT7/3cYTB8sAJkuLcAy9u/Y9+M y3xqq0VhH+4/joj2w4Vm1YB8FT8Hm9Mq62hYz4XHhQOS/D5r6dvnDUqSZOVxMNV+ pHPQhUrUFQ4fAFWzN9I06Pen2IfWDJKI9+ftVP/CwQxXFvG3lzJdua1Kbo2IvujN Nn05Gc01PHgQFIMBy5pVTUwq1y1r+RTBRnv22/paj3ih1r7iBpSKAqtlBEssB9HL E3Nwkd2P/zM8vccDdoxjsL6Ss/sjwe5yU21CncXDcvRd/hpN6OTXSWsw6VnlN5fh wE7NVmwQ+FQ2Hw0ro33zRiYsY/ZgIaslOedR/ybDho0BOcx5l7OIyEdowQpFaJKs W3NYVvaMtJZI7AANOHg7gxKx/TstLCkyzFsa4l0qnjjzLTVu5wyWQywERtjv5U/m 1CCXzV/q3pBARgEnMhmwdRb4Xfp6Ik/LFzRddG/t5z8iMKgrVKa8EJeiOqo6iGiy b6NJAvzaOb7SprYv0m0fow3nsWSCA3m0Vr4mEyCkQVeKZq/CEmWKD+XKV702YxiC W1vyaQITXt+s8Pi3GqoPTfTg3TE4KoGUQymE1cgBZqEJslMFXWzldvspyS4hpO0r LOwq/o4RkYhXHMfib1sAC39Dxxct0KHEJ6cFxaWf7ABIVwMk1EuKtm/QIlGh351q N064Qn4kwMhr5/glYjIFKIJLU1MMKWg/bkqLx0L2eIUpD+UFzSC2EjvpimPTAhNx RsZk4aWNscJI1lBgaeJpZ15ZojjBQ146+QGcri2isW6BkiJ/d0L4MbQT3q5Ejedx I8+xt3C6U4OIcf6gQD0Zr3AgOQGTIa42iuYhAK6I3ieJan051yv3PjfX9nxxdsos EUvn8b8jG5liQpwbJEbh1UhbXFppv8BXDC3Dphm9NIR/v4456Q7KwZ/IDD/zUI74 K6JUXolN4YuzDrXMZnMR6oHywLqvHmvXQd3F1KRpr8A9ofuQdO5J1+YLhNtrzquj 1wuU3soH+zNeM1dLjOpGust8sdezM+6maqI/ILZ+5GA43RGU61td7yyGpfbG49Ml SGBPSyMn6MhKyngbNMJp759xxTl9HeJ/pFg1BAvvQoCDJMEbl7V10LZIgD0Db/7I qUF/hkPg2siW/VctB0mgFZWLLOeh0s2zmzuZAFeTUmtvtulaO/R8YcujUEyw7nR/ 8SmT4nxvd1j2n4dLW48ukpkahCkULWVR248qmZr+1DWYPuz4P7OJsOSk2dois0sr ZH/EgSGHRtyHbv7NxchaEWITkKuH+koQMYCE8g7WoW/kcsrqRuuV50PYqKllmtZ8 5n7duXNnnO8hLhahIcA9rXYchQ1P1dIZCx3oI3VvRh94CQeyTjFzzlBCZOyESzWt /ajcNHM7gRo2oYUyGymikspuvvKozoAiRPS4rTK88un3ojvlI8+JLZyiNHaNuOGz uP5h/BuuwOcKY3eLCgtTsapMqAMvybQB4hZqxywoEwKvZUwCA/HJkoxuwSeuM2uH PmmxufmqWHndNg3BSCpN0xjc1f5/ZGQZGREjYTKwY5QsyeHItmHr3rCGM+Qbdm3H 4YoGwPh6sa/TVIkX1a4zlElVzDVlqN3+ecy34zJeZLfgn4f6cYJ1Qz8ga+WfTt67 QIq84sNMaKCaCnUldP2xVFDLwxzqMhHXrYEOrLGt3tGFRbxGJH7ecz02vHp8CWdq VhPyB05RPFgch57GAsu1IVNwhKUYlgvFb/9aECYgONcxqNcvOCKGSVgyRDWGV0Sh wPyluTaz+0QxSQGaYvU3THYzzQ852q09DbDhH8xR7QsDTpTbRr2Rk5CSNHw/gNsh OqgdYL44V+ryJA52q/zBESoP1oyZX3Yy9c8PbI0n49sm8Y0KWbHoBhsywREdtTsH 0hKK5j1XjgaZY/pTen2D34xSh8guGQIseDi4DMAkRMAhMCQCD8sbZKk3ZBujCB8J JQioHhcIk7wHbcBrtL/P+MZkp3StzSncn/zr+2gd9H+Gs1dS/gun5ZpspGcCk3xT tG7VqZxKyehEXeElCXgbNtwGKnsKOAgZ84MMNukFt3EIs1x9JR8358lB6tpYeY/j 7zYSdwnUlxvtt/ETW682XYqVRBHS86vKunHAnlEZvleRLd8Nd9WM+5LmRM1o77N9 x8n/1qvmJpzVu8g9sQzy/31rWtN+f35p6ISDRs+KHOX9EYvpqrh/dwVacsd/XBIJ T/La84y5fr9p6pNODlgBr0s9c3Vkw6isbZXNdYrSwYOAcRmzXJ/51Mxt4P8r4RQC HVaPR/tewyb8GF46BQ/gllVnc8eQK6GH2yw3FZba4hKJ6HdGEytfvMUSdoSF2Do9 XUYR9Fq5BEThAGYx1RFfVR9K+BdqLJpD3Fx1UzZ3fFrmyjE5+vxe86HOo4x6j3WI A4ljep6yAgRzIFJ7f//L2+5/7drzD8jhjnwH2CKQZiSoSqTMAVqNA81BSdR1o8X8 Vf0P11sV1zr7VwyLFJ4K/QB1nLAOnj2wcgGASli00ns7w5IJJV4HbZx/cyDwyekA Gillmor, et al. Expires 16 March 2024 [Page 138] Internet-Draft Cryptographic MIME Header Protection September 2023 B.3.15. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 10205 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6548 bytes ⇩ (unwraps to) └┬╴multipart/mixed 2157 bytes ├┬╴multipart/alternative 1431 bytes │├─╴text/plain 485 bytes │└─╴text/html 637 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:10:02 -0500 User-Agent: Sample MUA Version 1.0 MIIdbAYJKoZIhvcNAQcDoIIdXTCCHVkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAF3P8K//f2QuFu3CB1QYWA1UVOKdVUefYICd TG2PVFlsq76rPSChX/WA765rYh7rlp7cpKSvcuGYkLHxA28CXiR8i77ZCcoxFVVR vOqPGTZZ9eoNvpYa0qOai6KVhkRbGTwyXC6mi18N+Sy6tLCtR96jSLi8k4EDtKJs v4cCrA4QRDEpNFyzftj48yfjhKCBZSjnlPSeq6p5RWl32SFKGe81k72ez4VV/pzK idOG9ltviQ1ffeRFlI71VpEQov3fKCkkxCo/h1DilcFAo88o7TMc6U8DwiaMr8x4 rQXB5S8uBJBLNuhrdFiNIftRM2OJp3ij5DM3YRBoUvnDaKfiEMQwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAGuRE7UAzm9ElVleX0vu8IXiY vh/9cLBb2MVdmWGKIwHthSLxiZA5X64VxdGjFMlZzPanUhhexMLTZaP3ADx57dat SnmSfpT9XXbpkokCPBL+NBpA8e9vtWAOS7yIgfpwdJyBbfcYi0CHGqs1q/ctRsVF Gillmor, et al. Expires 16 March 2024 [Page 139] Internet-Draft Cryptographic MIME Header Protection September 2023 UyksjPX0dvJjqSM7Tnqd7F3FIToSdoe1ZtprDHh/opM/acJl++qovSgJyL8AZak7 mSU28HbTnBZD5iXxCppi0LH2wK6KfwPqSV3AG8wTpdlqF8vlIvjF2Sur9Jx+hwKZ 1kNPDKOH8G+PgnIA8O0gH2VDW4Husj64hxShEWzAXUFqNqHPwxFbf0h5Lu0S3DCC Gj4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEI0ER8I07SembW0J+kNg4yqAghoQ QCNckOUPTLID4uHVLA4bv4N9/bwWoKN68FQvcoXFHbicA+KkrxCMHO+nIrFVSNnC FtVXb5N90rVy82ACdT1MWQzC/npd1fKQB41F8f5owkRSGl01CZvxE/LqDhFNfLrV xHdPWi6djHNRKK96S8HDwhR0FtCrCt6kSP62AO/U4x/FUAcQxxc/ad0OwHACucFe IDeoHb8ne3fF3cyuh4Q1K5MdW9g9xp4Qw4nA6WUYYFY9V78X8jYvxwC15XRKiWaH rdeQCMdY78V56IvSXto85uCJDMgsvTs+xRyyQZpzm9dt6LWRMm4XNmkt8deoXn8g K8G5QenEWFqj3uPVN7MSVYwA8WCx/qgCDtjeNZkM70EGhX6SXm8JRhmj3QHS0wth rc6Tpc6mGZ8ZWBGXOVlGpL4JPB7jgewWM1qEnZOjofwyOLAQxhnqpPOEmTvfNSrm /yeDFBz9qPX4Q/Z9OUnPYybiVYoly8Flam5bJqnejR9XFUjv95E0rFkwzMv+ceLy WaicDNCPbXI71Kqj2KdT1NefcSSRLmtEYqn14aKeI0MWA0HHfCkmf8SMkLGY2Cq1 DdH4sf02yoiXpCa3iE1BaoPavMrkVzudyrzRXqIRIDci8ND4knhVdayLUfvyZ2yB aNomiQ9AMtya2CCGh3GJfTwz2U1IzEaZ0n7ZczW+2pWBCMatvgQfbtCDEhmXlQGN V2UGz26tMwf775yNhAoldYesgZZp+tnGlmlMnwGgbWIxyqM+FPO+Bmj7/g8/vKC+ zvuyYW9rwbU+VIMDQ+X6w1o6bzOYv/znSdKKl5UI8nSmfkbechyN1BN9o+kX3uJR Mw6gCShn+ouiA7PK7iy7PCaEAAPS8cRsT8XbYZoo83KcHZM2zaYZ5gGOPOnu1cOX GSmg27A1zRDjJcP0aEJ/StIwomT864lGe39dprTUlIj6L0pWWEa3x8M75HWMmA92 phMd2f7X+eht71Ix+ne/tc+0BGdKcWRRWJDMIrfpX9WeJZaZZmJhNzT+geR176CQ OPmmtsFaNt0toVbWDTquzcHJqRNFwRmwL9jOxz1USPPtKAXIvtqgYXdFshLDpx5O V3ETsmomoE1r0McwwHHB1rc3sVvNoP5cqjNdmtYu/2iX8lc7BjFPfUQmwfMdhKb1 mYMEyzrWT+ABCCSzf9iNjkx59oKSuVDi3oFHOFgu5F723QCw94nHfWjlfhsx05tR zaZpfuBwc+a2z1Pd9FCsu6KTLwdiUVR0AeFsgMl14+1AVVIeAsZt8p2el/f++W+7 T+OxYTpeN3/2sUr6tzJANWw+1dAmMmiPqlE+2XiSJ1HFqIyeHUSKJVRhjxkbZIxo e9tW6wU0pb5abx1A1E7rYiL4HlN9DoJStLEgRADxYBCf76QQAlOjR9JLmOFI4w1t alUkC3MRpJeFfHl2jdFeeHoABM6NaLhOzS7+MtokP+zQsFcLea5FmCmsSNdJVu8v esS4A1p2szK6fuwXOhsPRdOAuia1U0mc5zRolxW+VD7vB0JN+VxR7puh2b8/5qEd XJgEedzO8cDKRer7hSoLxDUsdJq7Ruidwvtsz8lpXeVF8ferw+weDNrM1diDSv3J kk7XOqvLwz5Ud5W5D1ffo2cl68LbejB6ZgUzV7QqCKIzEHfgOz7AmZ4rkw3L2qaN 7EmE6JC+JGsqQsAB+QQgmwmM/atuaDcUXnzKrRWHmNL1XJe8Cdpd3tmquKqp066C qEriBqD1qKbtSZmYA80YRrjfFRKk5hXuPimek9XJaXn3tOa6WwDniXvS+nE4+qyf by1qy3ALwm2NVMFkVAU7qFTLgK53sppEEmDMyR6bMoDX7zk9vR1Gipb4JrOtkuAT yZdVIgkW67kLHQtdyLSaGujNjA07tAMw8UTMzNWlxlT7KYHDrqoMMm6hvXKPhh1g PaHGTRFxDebmW7hQ7nmcLHs9ca4cjBgAfeNCZrNhm2BZ1D46gO6lNf56npjATYEL saJmeJBAXtrvgqC78CfngLG5SEAcZnKuUYHnpOB0mCUdqL4KHB15LmUg6jBRIUuQ 4aZQHx5gJDCwhvcQCI9uAxtnhwxcwJ/KUwGntfBeyh71UAbLpNqjF9oJ2UQfAEol j/qr9QQ56NJT4Re9obu9XWzR/l20chZp1Yy8W0cP1MZRQU1zq/Fp7eDuYv6qy6jo 1yZfWLLe/8u+zaL61XbgksEvDrR21Belq1vhJApw/LC7Ju5Qucsc5HTEtND+k5TW XUlQ4QI9Vf3/jRsoCuW2jpqgA1krLDAtxzHV4MkyDm9hqWHeFSSqLGguud0MxFel j6q/ubZsIxt8Ce3NuAQcQMZdkUM+0e/4KEHFJPPUnfh6JbdX5wWJieOPRWt+lceR CaIpvQKaCPKPiGMWEyI5xHcHJDJJDy3WVmSCTtm+gka/CpwZcI8+szy9JRuUnjyg LviXjnEQm/4l3QFgW5eV3oa7aUjjSEuh5+DvYWfB86ECneJhQCXG7c4ke+aIE4ub dx9dyOez2MjaY0eJmjy+xfNHYSfQfmDlMdarcPJv5oBdM2NFiDPAVBgRQte8tSmz rmjWb06jRzhn7LEMGjRZ7UGjgsIL+/+MO8KckFs32yjzEfz0QUXyhaxn0BVT/4QU lfQs3C3Perbudo5GXbhXIDIwkIoWLwbUyZee3O/Q0oNBpYsax7AAk/IuKNbdt5kz LssTIxrLDnpFirt5pPDBFbaQTJrslrPLTiIZIMwwJIOryGbP+P0N9g9XoQal0qPh Ub/O2CsSfragMboYltbhGMmSvPgnlC71dVztlpMJ9LZdoHHgdtH64WqBO30dSljg Gillmor, et al. Expires 16 March 2024 [Page 140] Internet-Draft Cryptographic MIME Header Protection September 2023 rb0kUNNAz0Sj72N2w5PM7RQ2wzbwNirC0eBrul2CmT4cPTGzQdeA3ygoAWvHYJ0U MYERTPUBHccQjOqicPZIPz2FEtw5+40jxzuJgyJOqRnt/teJH/MFCkDLIDC2iOGa JTljsSqTQMOjJBNb+3vAF607LVoRAFapgMjjbJNHRvfNzMk2+PAbQQemEe8zOVQM Ab3iyFIdJxQl1UiDrfh5/4myWu01BaFPZLCyJET64QX0lXfSUaeYisf7ebvvcCbp 4ChqhxZcomqfs6gKhZNevlv//8YDEwWvHwRaV7vxuGFhZycUsnXUS3JazFw1hUgb 3H3lKL3QGyWPkK3ogmMD2HfKLvFblPdNBMu++jeAef5n0Gvau0oWOHn9vhhZ++mq ZGbkhfD5HyxOzglF8/MrEQmFrs/ISemFKtSN07qeifzpxqAu5blrV3rdx+4aDK2J JaKBX/GSu2y6XkrZ8vHZ2leXDaBZzQ1K2cjZuzqWwNJhAg9n+xpOIR1GkLpgm+XJ hbHWef7y+g93cpVAEmMY9dmffRWFMDZdfNUgCuaV20JhWnqdRB4fPlbPobneyqLA zFt8R9DjsY0Xy1KXnY07X6yDnjurVLTd7h8dYMv7XM4JGHMRqOwMJvz9ou0KfE+m VbDkzN49wyy6lbuhVFhBsibXtKwladl9hapfGbDKm5/XG5FctRbfzTPIZ7vfbrxP JOKjfeTuvcX9igkNJdp0UbJWxdTCUw1or53jlGHZN6rQbjF7GlFkXiXGVgI3T9VC P48zTCqoHKmWkStKjtqFqO5vVFjOxmxLaLoDlwFtme3apTbbs0jedNav1tXjQNgw Xms+N9DnpcMsXaYLVB1J/8aVIFmAemuXcShVeu8cBynkRj9oM4q8Cf3nK498K7B/ WKv8qfCmzUUN0LVQWE3n9XV52lMhYDRpUox0D3RCC9WedWXT5IQgJliBR9B17taK pSRyEq+XzVqgIn8KkTSXinxMbXWyRCncYB8mUdHaEiULkw3QaxyQvODJyF+V4CWE v+T0EeqkT4QkVzH3AKdURw97F6FodhmJht6qT/F/WnoIvPSTq7OJQ/uzEs0aL0UP L4oy5jHYpYgKnQZp3fI7DQSbCf+Nw1Z2+Cn8mXf2iA5Ps31CVPObfPLQ1LG1Zc7o 6BkGub3bqmNp18/sgGHB/pEQT2gjT1TllJGGH5CoGE6+x6xqHssugo1pH4+NreWd O8EBjGAOEDy4vjGAcZAiIYgIJBzIeffDw61+R4Kl4Ljfehkmx6ANtXabGYI6NBs9 zOCIKNe611oHKZT5FuQiBCivdDyD6bLeoKtzHcfkBuTI2ZL9FtzolODBzv6FjMP3 VlNJRtZ4UnsT/nvJaeqZVofqAvVBL2CRIWo3IjfKskRothbvUNlZmLQ+RtWeA35G xjX54VlBAZxZcudbJ2kDUsAieSIrPWAPeywbvbWDvAme00PJXFUsTZ/S/aQXmg20 EBpACCUrGwYiybW3Q75cuTTwU0HTG9mQJsX+zDmNAafP120lzB+kvv+G9ieDWrie PGux3Fg6G5X4VXtUrEn6Hee4cDLBVbuVNX8vWO3cjvauzQZHq57wD7ixxcFyXk4f pPevmSEX+3aQDhEabRe5lNBzhH9DdzxG+Cfcyj1/02xDgVZIlqventjBkkA6Qfp1 Rxz4FHzqNMlbWM/P+CKHf5e/tojrhoIPsne4rVGFWPYMXigF9M29Pllut0KK4qDV RuJJB9ruG3Rs6sqN4x/m8WJxvGjsObwvvrbQh9yusV00pV6d7BswCBv50wnwrHWB Ka8s+Bo9Ax8uTsPKBM1Cxu5BMKjWtC+3yRxU0zSjFu0vpae4FvqHqHqAwKJTqkmY KBXnDbB72DTTLivTYYqgTrsx38AOpi2MwZJGdn4AEiaufo577rehC10lcCWUEmHN X/12qsTLo2Ym9oQySoSW313ZKFZdFrIbmPd4QcL2ecedk+ZjsEGyJ0yNJv5NDPI7 yASEOLCqzTmiei33MpN2B2N2V1bhx7+B0Dfi2gdguoGACqwqnIFRBrUK1cKPPAE5 zfIDDXp66XmUMvCwKEbCJPzND+6x8ypvKqyqbu5scS9xP6daSNY1QoDKSgLKIgm+ l424sl93XfOfotYJtZbpZANRfu/aUjV04Ptej3NosmScgp+mEoZbMC8HlUKUJE1Z g3LNZPYisTWNhHPtqjldPPr+4p1eX0+YBaAjfizeh3aLcOr8lgzKsfrxGVYs/oj8 JrY2oN3C6sHrdKJnL57AFzE0vF56/A45znvbfqSUQPI9ylahE706ABHpHqk5/zxF 2brwm2BWDD06T205PghrDKwGwVqmfI3ckcd4UNMT8Gqwd/sw3Uf4W3nPFLK7yD/Y j8uT3TrjI5yY2KvIj6m23hTCa35r7PEB7WcTOgsmFjTvWPOysOK0d5az3wbsV8DU xbKzsGPSOCWy+ykdW8eN5LtE6GBFitU1rbw2DIYQk5dKtdUoohaM/x6BmXIGvmp+ pTTLLVJHEYwuZTEEgzDBYPB4WVx2ziXGrfQiuBq71tBp587VNDpMkqpyoBUSCugj Cfe58nW5DBGA8Q5sjAKHtcGIO5AkHC8LDQDdvWDTMqw5+d6WbAsTRESsL8XRHxIO pDDcs0006LNcRIJo9zdEsADDZomRxsb4xRcSETKevgAhtPPD0s8qEl2I+V9o9dcu oFDBeALHR4KWaZ9xQDbhTw3w8QSwZbzbYOrPB22eudzmLxrOCCim9mYM4vp9Gan0 /bvTWcHJt8AkyqR5y08VjOjHH9UGJIaCG++2/H8ij+ya5UVY8+Gfewt6TLIk+3Hy y8HSNIBn+4G9DydfmUSd/j8x+L81YkRQlZ5S3/peWTOhJOXV8StXSXcQb7umRy87 45hrrDffcSZ6QeMHnVRv6ifh8ImIC5hCxMG9dfz4sMZR5tJRv+LDcL45OLZ5H+p4 TNxGHpDpkdDzrTMHb2r9oYMPjHvZygHlfWcpAtkDDy0fUCxvJZAKoVhKyW4IM3fp FrlxJ/614a4M46CIgDMH12FoZj/wUw2VKDf3okpusY7y/R93akMEm1BIDCXgGmUg Gillmor, et al. Expires 16 March 2024 [Page 141] Internet-Draft Cryptographic MIME Header Protection September 2023 dy2OQI2FGjeongJUo8Cn8XGfMD4eWShqBUDc0zEiZT40Nx8Ao+qbwfGgwegBpx1u xSWIM4eQ+YimqLpmMqN1qwk9cME3pKAHZnVBUwJ+8YxJZVz/R1CUmcjbJ6WKDk3e vbl2FQbV3Kas5vierHSTaNdFaRxZCwfCkFfhjShAHdbHYd3ftwdw4TG0Vo1j4bCJ DyVn4v+/aZ0O6cgRwsmIvbjHQzYKItzegcn/6mNGuz5i8doi//cwhm6ylr8oxebT d4CPHfNwL+rbtjV7nh3Px+8PZEcYOXOs+uvpdtGMSiao065lTFb5F5QBbtH6xODg HvjZ60bVzK3C9ZTIkuE/JNQRQjHhhMikeXuv2k/QPysAo8TQvox5Pcg1DXSMn2Lh MVj973B3mm/TXbBbagKFeQjcq/4nKiy3lDzGwR3rkVMEJzXcS7rgYkopzccH8XuW l7dSymO24h2J/7mFotR3SlhGn5jrDWLT9oCyh9caExf58KBKm4lmsmSyTKj70U0d 5gQRSWxDezz7AvWNJo9OZWjaEpBQdcjte3KZXlZxxv9scEsI4jDCQY3D++77vGon 8BcwQbQlLyzJnA7kSBW+QSo5DwceOU1DQqSa9/Kp0HANjy3mZxMp1Bg/+0uA+8nS UCxC7DqQVVa6xFECxaQwVA/fD/Y4NJhmFxvh1iBYC7iA34K4WOE8P++6fglm7gS6 XyYLVL+ExjjgJLn4xRC3556CGSr46XWyYLTEsqZVWan6ThcxTdYeybeUXW4JOUJx AlDIL3mM5447P5A6gmz9/VUuRkqPRQsdeOAd7YQfWAe89carf7gQTqdsG7CjD+x8 0ivGprQjfXi5cwfC+NOCowZsFC/qdlr4NciDjsgwZNpP7QW9trhol8evo6jsUiv+ +4kC2qdQ/Fm37xMcwtqTE5PEnsNX1302Qbhp6Pkbx7mrXsib4gTqz6Wyid5h07LW Afwkvju/p1sUV8gIWmRS1UnrmA9PepLt75pO6+u+7LDcYuHAOun/TC3N+AvC0ORE CtRIiyMFPDw5v5sSeRidVpoRX2AV5/2ZncYnXizGk8FIv8C8dj/Mtd/GnFFIot7x 9zvd3fX7PGdeIzpTPDSl81a1QbuvxUNiY/d+oaO80/HkbzkoA8VaTLlHRxLJveMH Snfa9GQFzHP1eOBuwPGNrTNHMLiREC4EQuHunyHyaZ7ut1eRwCXqDMYd5i9/Vclu K8yuMt1kCyfG110zuCfSFQ2COl1eN8K8DKIiVAzIVvQuG3yaVTSwtNX90mP2qRkn b6O8M+Xz3bOsrajjxa5ZN4eKROuu+1KA2JeC0OBu4r9wHIS6OtoBgyWzkhkHqjkC 2n6c+4YPcMMi2XgFKF6T99hEzRr3rWKTKsAJh/5dSVSQ19dH3Hwcy7C3WygiuupI qWkHmnpDMBUuuL+YkF+Fxm2wU7mKDB5ee3GTO0MD19qZSpbHvrSk/ATudlAbgYXd NGmHBF72S8VKdS6PVPnsTpuNbkYAHMat+AmfdezW/FEWV2Q3riL6KA3thnmayFxA GlCMQ0sm/4u9IL2RCMZF2V9/v5InTRTAYEzo8sSp+5Zu9I6Rb7mwHZTgLmLWOBQd kjcbxygVSiBLWvyofQ9WkP3iyUVjsB2mF5ABk4SWMeFiIld/aAi1QvbcnrcnjbKw b5jnYm6b6bKUJUZzoMGR2dzWi082TnFuO3j1Su1+1DxhOB2LgKypeJGPtMD0smZD jg2ZhpB8HAJCfqhoseln3lYN2roINWEC0kyTDIyHYZmmubd64Upe/wYbJWAAI2gm kj0B6+HBZatjHCdhFv7oR3+smnFUtfF59LQ4x9eI6DkJ/3r/Iwyd+5XyZKoDJYJp 5jiwD6pQKW+VuYzg4TxoTc3GXIb5s/22yQI30v3sYG3uSQHviYmStGQxp3pVBA0q +9xkOMpzp7nFrBA6C2obNabDpTofJeF2aItfPPmuiIrjQYpAc5o3542Sl2fQFmbQ G2LumyaiTdGuH8uqNBtYNnDQFUsWfnyqcDfIoyLairThbgkMcB8PLip2O6TEKwfV s3O4MG4vLdGYjBsus30axpSYXtS91JfYPgPcEZifkUR7yZw+sfb3JPAjeNelqs2H llcNEiMQzL50A8cOtzXftKbLU83H1DMhiCYnS49VqxgChYK8EPCnA0UoJ18CAahf oRmOoK8N+LMEohQV6VcVL58ggwnR5oFGY6ZuBIv8jJcCS9uXiFZnnoCY8bgkxxvK 7d0kASdiN/eFnzJkPfOVHnkVLUI8kSIY0799iw3kl9dYxShfrma18Xcq0r7BKM9n LChsKG4lP0RLLWKrTNyi7J6cX484j5FswT8MWOAayc5s51MPUkTn5OX+bWyGV2eV Th8QwyRTgo3DVcoqNWQ4+W12TEgXbiM8w7ZPxWiwfGTrL4vR+4y/H+BqKvJUjT7W za33W6iRkgh1bd0jhbehmno6yRcpw6Zcu7ndW+FdtlGBoOtiXjmqolBo00po2cdP 3ToOU8fHl/NExBG20S3Rqhl+IEtVq1Xrw5hVIF7FTF78CXeGpvjue4BAKoiR87Yo mHnesyBocxOaTxGgiEucDWJtMnJ1L9oh/Ob/UAPQVQngkWSK9HgP+cGiJDkt7e2I Ktd/Se7OjZa5Tj0Ry5+9akSpa0HWnn24GtauqUmgnotP3QFxrO2FR1KiG6LbsfGH 8NrUGUVymMDePLAGDb4duclasNJGJ2uSzS3GA5EKHqMdIV+VBjl8k1uEffwn55Hz h7lqzW039NOQ/WyEJbmZWg78l1CnW0dz8dD2ac/fWqpEmT3+pBsiJok+WxPKqv39 s7La32r0XAANEUcA3m79ExjUtD6YfN3kls83zlZt7rgoI5jTVMSEdtaUctJ5/GkT +ruh1fX05FpB8/8oq8hPLAvf5nLZcVtEBHcgKuIeFwPmqChyqPFxnRC6PjbzPVBH ugfpbVP45xx284ej8IpXSSXnFtmPhAzPkzNSTfYK3NG5I34qTSaksvCQWkPJIhUd Gillmor, et al. Expires 16 March 2024 [Page 142] Internet-Draft Cryptographic MIME Header Protection September 2023 B.3.16. S/MIME Encrypted and Signed Over a Complex Message, Wrapped Message With hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9840 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6276 bytes ⇩ (unwraps to) └┬╴message/rfc822 inline 2016 bytes └┬╴multipart/mixed 1911 bytes ├┬╴multipart/alternative 1128 bytes │├─╴text/plain 373 bytes │└─╴text/html 471 bytes └─╴image/png inline 232 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 12:11:02 -0500 MIIcXAYJKoZIhvcNAQcDoIIcTTCCHEkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAFa5urZzuujCF68lwqMjpt5q6ecCrubcxfRW ufCpLVF9IwsK5B8mBc/Y1Ao1Izm1ZLHe71vRftcPkO7APU/bkaJ0YtXyElF67P9c AvW8XQRf2oDHEYgVerva1KvWDxoCDgyBXIGfaD1wjaZKs2nAM4fnWfju+d6zcw5q uArKn+BbUI43ryuHTDiaurzBwBEUps64ZyXNjP73X3xSlYV58OfftHQSHOKoPHg3 zebVKPSqARhugLWk06GxDMXAEjYZZBqrrYEgKNANwQllu72bFkD4gCXm4kIc9ezU ZDNTctiFc1ShGZB4Kdmrrm66ogsxJ+Ecvw4YVAkWbJE4+eV2g5gwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKQ13b9qWHas/pyz/sKKJKkkz DMpP1zOvhEtFBfsUoKvSrgDwWgmKhO/V+B7abpEzibR7I4rAadHzgU1wfbNf30cb WqcCmyj+YA6w02rB0+y9X/SazD5+fmBwbDJnMWDXnggImy9xXrLjTl+7gII2J5Y0 JQXI96iSLWdFP6/Tq+Xj3HD/ZKL0+HgV6ncTNcpjkRPPuzm9vTMeU4qFVoNvTErI Gillmor, et al. Expires 16 March 2024 [Page 143] Internet-Draft Cryptographic MIME Header Protection September 2023 V5vvmzvJccr8E+oyloP/xbd4qv9OrxbfFn5SAZ+HkypGkE5NAy3peSRDwQ6qLEM/ tKuYIewKJdv3xjJO0JyQxPRcA0FCEQpOOvt/zPum3aJ5Rb+YPiJEVHhwd7gzgDCC GS4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEInoQ5WNoSAuuCSGvrpkRuCAghkA Retlz414Eo8kzcdBnIBWQ/HdAhaJ8anHqEqq+Cko8a3zBHxAD3QSJ/Agje+62Cj/ 1Mn64cw0oDarrIzkfzH7bqOjWOys7VmqEOX+v4WePKd0CoAzYO4J+ugOf7QcGPzj unj5pXTjPmj7RvklVxhPG4DfYaFwpjQBApLE6stWAV1Rdhv34LuIeKVJuG1114ZI Xi/0ilWgeRg1HdxXT3OrmrZpP8VAu5oH2tg1EkPHoKqeahyNLkA+fLqjGH3ODVOb mphub7wyBNRDH8yyXZBJKoet/jq2FQkNjworQgbL4YNYH6yysK8/rRwAldZGpKFU eeHZf4N4wwquwDAV3OgWJ2ugJIIvqIEB36JwQ5ocvWTZSUdGe/HwgoG+YUzL/53s Kyok994Lrrq9JQKYIkPIibF6ku46LAyMz8Jg1RMazE9zSWeqfyicqZk1bR9+r8dw E7PK5p8EAEEiL7MLCcBUbxkqZVHnNFPjGsQbMCwkRx8ErPM9hgvmpSRTh0X26ZDO rdTYZfkF6jfnMHXPSbsjx5nlpGV1c/VnxRJOKmEFFFDA3rOigz1kV8x1Ib0RlxDJ Spkyr3KVxFvHNOM3/GO1Pnaq9fngKPMaqANwp7TqHrGp3pU7aCg1Ol4LS2NPFFaW o+jRrCPgs2jBcIC3ySvWlUg32S4UH8eSFYvO9XbC5Yp0EZxhpzLST4Xk+VfDT5oS LFoSO+PAis9cEqeolVrSWnUdCkMyku8djSOR1OHUCd5XVnN4aXGDSlKF8YvwbDiK vvjwb6NO99AAMx9YMhETIKmUs2GHuROkegdjm5rLqgdZ0mXIaAtUM1vau+MBrcf6 JdyQYp6b1i070O5xb5gI0nS7GsSf/5iSaBRJwPz6s2wr1sG3hIOkqBaq2GBVNI4i 3wZcI7YvqFs0DO8hwJB40+I1lKHsu5+SlivBaOnMcu2Pzd6xXBZ7AdTKhSXrBdhH Ge/Ly/00AYv1cawWvhh/weWV47y9bSef4B+8PVMh3WT22z7FWUldPkeb4+Ovv2LZ MfgrhWZHeCqE1mrKBn5p3CmhP3B3NQyKfeB9PT3w4niTe+0HYZbrmunGUMXOJSah 3A+sRIlKDThxImwKy8D5EUEFICoNeUIAC2qv7KyLrIlRHBkZV1WAf3V4Day6ZtJX Q2/oUM/Z8rrUmveCkr5oXm0z2CqDSaUJEjR6VDc8wP35WqjR9LFL1DsRhCLwukQI RhdtVXu9gdhaDuov9QXKZCgkKhodE2IGMQ1W+fQf+39ZdsZvgSlHV1GSCFmb5Pet n3c7ECQVvQ7SwA6/IMej1D7lQ7LPNGVdR8mcX3+RW8duiFecerWDYakOWS+OnlSx sUh9FAEnNdK+YI5RvUfeS0Gii1D3SpaJ8OQwlvgTdCetw2ID5rvzFTA5OV5tpjI6 CTRK1q0JzV2gdSmRuKCTr5zoAti6NyI9v1qhvZr+zwpyWD4RrieaATjL4MaSNJUU mYE961MOVwIF8/Q/wXq5XPDrkiwbob/ak3iWSU9DUQuzPCUaOtw+Xo1GoAn0RxMW KucqrbZmfeCO7vlbdWxju2LSfh8LA56h+OCAZqOFLiXeRcFVsrRMf4OGvku7sWOH x5XsHZv8mqEsC3kP43Yceby64n2mxxX24b27xbk0J8RyqAOVGsPPIvLIW9R1zScd /iSe8/DyE625H7qMTezaRKaxbh5ylY3+cMJzlGvJLYewQdjHCLCTVbRmG8yRRPAD 7siN3po+WEMLbPX7LnZP02v3xicnwD0lNX2VQIw43WYf/9dbGBnxe7uz/GMt3yMb E92nayUAsBNfPJuIz0hwUS1C1eISG9UhBvH58caoQkMU3CTiMtvhr53GDdgK/cxX 1z6yN5peJPrMMLlRSNBVmFR1ZRVf/iwchvVdmJmQq1hRcIbkzWMmNtalkVCfBRcD s1k6lglZZc3kdpf0oOWNPcqp5BpVHP2znONgalrjyxUaHEh7dKrZluNDXmioUzTe pCEB3+IMVjpv5Hvs59XkeQRl1Lol3VIu2bwKHh6AjV2/6cOjcN+K9LDDbSorkG30 3q9paSowTBYlYiI0vFOECCXRxSCnUcEEwR6GAnr5kYjJQZXZLzkOBx6BiurpG+JF EOchCrk/Ob/SHgGqHpBS0l5TspZRyVFrLDbcr8JxTIn9LTmf67Gyb0R9jWMKX1ku 5dbscuLIfOVB0fR5iNOTE36AJdzPh3v+/Ws9EGxf/ptwIakmB1Kab04yUPvuxWeo NOvgDRVPAlA9jm1k1bHGJKNYOwuvo6rzeDIW4EhsxBr8kt9R2ElJWlA/TzzuEIBI ox2BaqT2u/txvIdpicpnuAOE8Ae1o+9Zm66oM3ODAcBxkHqk9GLh8jotY8Wt7o/M faZI/znUQ8bOyNXhxNriA1N8+sXZaNXs6enoRNovkY4mvNVevT3VmSSNTB++tMb0 whqgHyba3c+Bds5cymzWzDD9Lk81KR+40AkaE7j9CEGqAGpvYqcDcODtwuLQuScd OSyp00p49D/XTu+UCqw3gqCDDC/mM0xFaOviJv+8P6KerOCy4LOGpJxnPjg/o6FB LIFv3ihEJ4Pk0DMEPnWHHgY6NQcdXlgLPRsbBJvIuKAB4BvOrcH1Uexufy9Aiq3P B+QhhbU2nalxV7ITmWUENWm0hZkwkwQ1YDfFvIi9G+EhJ+3j077ACzF24IBkILTr VOyQOIty1iM24CcfuHtVmJ8St3RVFpv/xJ6hwmdGKxOzrPSNuqHhkLXGWXDt/xsP B2xbmu0HBkUxhPr6cgtNnZiVa+6sSXZa3GmB/vXh0FwGhU7F95z4+5tKTF5ZxjaR ItfRMxBsvxWjfrYvvECR9em0dxN0Anom//+PZHgt+2G0/tUqgow7nUfXy4DHRNUp Gillmor, et al. Expires 16 March 2024 [Page 144] Internet-Draft Cryptographic MIME Header Protection September 2023 Y98wavg3qQRZGSrnK0BTsjtEHN9au3arzZ5Xp69g7URznIP5OimdiYj+Yeo87tU5 EryHhybdIF4WVE+JoYxf6rDIc3trm/lr6J7obw5aQQRr0Vj8Gbh2XaaSFcyuWax5 FTwV87GDJ05XiLP5hk25q87j8zbM+UOUJV6LCFXBmL8yXucztCg9/GlznC83IadG VbzQNXF9TVEpq12SF3aCJNrrEHUxM56h4aio2jQIxo/v+nHVy5pYYWieY8mgF31x g8ZtrORYYV7szzHzETbz1i4MF6SOQh1B7q4ShOxrZfLbl1G6gUPOIgox0nK5dxnu DFcfYFiBerJJsvUIwpKAq5u3AJdunp7XQYgMKjV0xcMCuhR/1jpb5eSLNm9AauCK obq/JL7lDcL0Nr6XxhvDiqtnjFVd3OZdU8XpSl5S9LdU+c/PrWmM5lJlqg2lLNKq FAK1nXcNLFqVObOkJ6Wf/ZyXg9cXQzFVM6SbSI31yXfmi4ExNz0iBolp4v7v41yh VEfUCgVUAoYswcpSnw5gihnwz+V4hQJ7vLq4j3i9bZI7pIWCwlqI7wWgyXxsBS7b NZ37cthex2uleGyMZ9YCASqKRggUtFgYDQBoIK/aspPg56sgCMsubuvfRJHm1pE7 JBmHw6oHXOEwGQBuQPW8VPE1qeNxSTTiAToP1L/ohUkZ6lg5LSWbiDPSccAHv4EZ kJGibe1JTJK35hvpqFCZOLJ54psjr+XGgJ1juE0nyG0+b1tVZk/mlGaHVzBurltq Yvd708BkUIQ3Q2URK60iUi29j5dnS2t60Sf9+v6i3Fn9wVYyeMoQ3Vx+2ZcaNBSF zef+luDfHPRMakoe4pio0Z07wUqa8+oC9YSoxGBiJXVlew+NUnf/iCAQCUfIhEUE 1DhhyeVmduzHRQjroBxypREZDli0xANfdWjzgw5E1J6AB3iZhBZBTHFAJO4P1Qto yG346IVa3nbtOeeGw64/79zQR3/LH7IdJ5bVa2UbkRDeX5ApmsHs9uOQKGICY0AW Acg176FtnOZ5mIDCxYmP18wy9KQIi2iAz/b65sauY49ZtYcoKE6z4gsfnrgIKRaf f7taSiGf10nDIjnkkBeZ2+ZjdUKNc4r06SQ1SFyMKmqsgmGDOvckQKpzmizcwAXF MQEOX39G2FNtuVXp6yQ1Xux+qGjlyk7U7QW+Tj3Fwra+7weQXK4slU13EUnTfE1y 8jmEalkz/76brf3qCE79EC+HjkzxmRwkLcAKA4f0ihLUjHGZArEbYM6gAMqSkC8T 9C1ond51z9Tvg1xCqQsISZbP4o87T4TPzwXXc6Ut6cJkuILsgZwVDPgorvY8uS6u vACffeqKhsO8h/VVEHQ98CHVt77Z2dMKCCdKJsHsFmlo5FL9oQaX6LauE6sJEcq3 VJSNs0wSMkLZPDNg85VrO/8kHaAMfmLU41cjunocgqkLkIGvTo0ej4IiF0UrGpyw o1UNBcNJcy0IhIgJ0CiYj3tX5VaJFNWUY8AWe4sdYCO0WNmuqS88iTutRtuRnXWp SAZbLvFh0wGU58oc+S82bLD3vNMIq74n2QuyJlB2mq7nwuYzl1LE+UhlnasRw3Rj 3BMQK6aZNOT9uUyfwF3iWKlZRKOhDgozqN3mltVEvHOSjy1RlAvGW9V1ZudRsw9u vHGkeePZAwmC90aS3DEwzEvHYebTQGQ7en92357TOQDibUT21r6ZAJXqHyqD8uYx qAPtGRwNNspAFV5ad43e6FoL+muM3gyY12hhfbkf8r/6rJwRWt6/hL8OljP7DmfW vc2WPBTA/OZ84Ixu9I68w4ICrBSN+VqH2NkHQcUQALoTzyYBLdT5oEN+S8W6oNyJ tQ1+UcdjaBXMblf51/tFazIBwvZw9VYyas/N8zPRK2p6pPF8opsCRE5Kq/cuIrHZ fXgzoXH4VfIb/zGuzqEIZfCHgBW/ELX3u8l40rrP9m/EFKjdgd+/tA9zVEYVQW9+ M6E3gpLhddhZcuVfLxQYOgXU+jIm9K0VgGCsFFNpMP7DBDfTQ+M2QGJkj0b2a6Bc jgmiy9Zrn69p9sC+OmPOLv8c/lyV9HGSDqLAWQTeWYAkaeGk4/rhOh2i6/cUVWCu NSeHLnwPewb6OnSAIvQez/VAGlgYiSNJdMktfKSlv9Qi+FKEIy//14TU3Ce6VamE JcRE2QTHTr2hFBPSVM2nGgQfJJEK5093YZ2kLqb1GZf6JawN6Z4MMa2ukTCpNgeZ XXSft3CnJtUJ9DJ7SRlmh51wDwgS27YNF5SL4vn8HF/2c88Ig1o+1yJvXBI48ZR2 ra/aQ01dJRj4IB3Qzi1ByAC38xSmHMk/zxcH7j3Xxd9wvm/PNNxhcn4bfe4bseHO GiLE9e7eU/H7TeEfzN4CClJ1YWDOf6t7Jw2AXSfdq9r0pIg2/mVZeQ+PP1PwRzLx uMVJ8tgylHYd3gfMo8Sok3dA4/0pNTfJ0ggaM8+0KOl4+fScbm09JskmDhXW7pUN IhygGYLOPXCn1u6Yua3TpX9zTww8dKD8iVmwAVISrdD7EFlAD6MkQsA6Z/tFuRrR egyD1twvVSOGsykAnyuQfQ2YTi7nht/4wAyBGsD//iVZf6VQG869Ng4Dje4X6Bh1 sl17L4Rcl88LmgVeyhR1b/lRu2rJTn+eFWJRRn/uOJJF5479W/lKd0EMme1SJiyt EgQdT+S7Uve5onHYlbjHETKQ56nVhqu6BigLBW0zwb49JA2GUkLGJQnvyKEd7u4T d23K5bx4AqlP/w0UwfYV7qMS8vnhbhv+YOVaGTTQXnDLqvnMujb1+nuUL2jjDD+c syFkpm6uPbi45bzzuLuNEcuh2Q55mLrEMy0hVOYbRaZszGgv+AUrLIfoxzTZNwrX krP18o3/IYDtZc5LdKSM4wZdk2jMlE+2SxvsdP5gRXc8CVwZ/b3nOkXyGzvgFUb4 Z3rCZX4J3ZjXRkhjCx+ACp+ASuz5C7RSr5Uox4dEiWnUOYjS6P07x9OwYKjbX/U1 QfhTQBIEsRC6xrmG15zLT+6CnBF0GalLwcPbLxRTX4auRJMfy5Mn1HX7sQL6jEo3 Gillmor, et al. Expires 16 March 2024 [Page 145] Internet-Draft Cryptographic MIME Header Protection September 2023 c6hUtmfI2fcFotqVgwc5yciX4Yp38rqmRhUwFDRVrENyyApvk/uRSolCxnjiQca6 9GPC5brfg9PRgljlCSCZmhA6UrKy4xuKB/rGmKl2rnHeuL+98ldK4R+dvC067eyn pZjuwZ9PpGrCKsmib/rEuwoU9yB4g/ycnE4SG/C6NRjy6gILdckQN0LJtvHw+axy 3TlT2uaO4cX9dvxLtxPedO8s/j+1TJjcBjG2HskT2WuHHz5h0oPTSxTvqxfYwZT3 nb4QiIMxMTBzh6LXYA+gM9as0QNvJjKG+v5/s6AVzPL3/J6Hn2biG9hXRhA/TntH JwIW8Pg0Dp1vhhLqllXG8UFCsv1SY82sQpnZORkhBfLuznHYp4ZgMhRBR8BIOKto TwqaaoSuAxIhSFTXt387mLmJJMs55N79cFU4T6bJLhwLmW1TNeusli0vRJnN45Cx 6owQ5CDcxU0nNeyoz2HjTSD3EDIdRbMzQs8iE0vNVMlKIg1YTsTr20dFMTaE9TfN OeKML7L8cI3PTZt+fUg0Ezfy1YdAKHR0p/hVW7kzlQyti5P727yrxeqOQNGhiFig SYqI/OO/r8xtXjNG4nDJoUOpRPEasOYB9EZM/Gq+VewG7G+JG8pYU7azJpUjXCkQ jaq6IRUXnSuQlzmyEIcnCAZ77bKoLqe0cmY5NJ78T+R2cZFFLrxEjhYyGAd7O+LT sNzLqrrH41P6rta90BM4EslmLv7oJHchdKiFZYCXqZXyW4IwIubHzb4yNF7ntoki 4Yk6qadQrQVZjF6tlZz8xevPwyodUC6tNcqMT7PunPwUA1flXHfWksPqm/J4RqEp CgQZdkX//dWt5PW6/vKUK87BBcC1ISVM8NFpME+EuftXLNP/7GmSOeSu7qnS0+Qz yoLuC+4FFXxB1+ocpvHf4i0WWfme7qP737bCMwNpdBS3XwUMwG3U1krRnKUTL+rQ vSmW9vSX0Q/xDcJIX6d2Lb4i5qHV0/o/BtQiQrP3F7f+r1sI4EQiuUMCBxsi8Zab pC7wd/XWms1TED0yOsFRX/Nd8hXakrgC9XlRyoJ+mdMsI5fqsgIKIRhyhRmUejXN 9D3FAu2c8PyP+bWiy1w+0KrlTSFOT3FMLF6DKUDQYLplVm/stmREJFXJsw5+qxbm rtFI9hQHJiJNdxFvmxVcvurddJIt/D7PUEALkldIQ50/mIhTUBgwvj12705bJ8ju xFi/YkUlINhdbIEt2/we04QAuew6Y3mAp4CR46OeWNIEtQeGL1tSJ3nSl7lOX2L9 gsxwKtfHv/33n78w6XiK821wJTrRGfR94ZDLJAA0yoiOZdAg0RS8+HOdrOgMuOwL t27Zct6RzT8Ni+L8gjI86UIepUe6QVZJMYgDr/nisD+gegJhxxuHTkJXWYPuDkNh ACLgHS5iMh+0hnI2MLcoYO5shOLUVXahs1nJbeiJ2onEo/IG9EsUzzH+oIX+hGSo nzdTu7MyoBte+VEYtV/7QkTKuhUa51kTyUwM1vfqTU15wlOxAhfp+sPcHdAtdf+O xmaUqDurFcltQbvjHoU/bB8y/Bw5Ie8Q1ugu5EVSaIoavmrSgTCioF64z4wwqwDk o1sBx4NBtjkUl6m/CGW58geCIIioUCAXD6EpAllknha7gBdO18Je9fMM+Dr/URfJ AUv4cVByu0d0cHaPAwplNg6+CK2duL0uHg3LG8HIGuL6NHhM7G2D5/Ltw/Wi2t1O NqXI/OmdjwHXJ2Bnt1S0/cjO7shAgnWigp8PiTN7nQh8U6ZA6TWqPm2uDFcY+Voz 40PLNFLJ5akdKBZ1w9mjtx/U+Uhkba2GoKehjaVcc3B1uyk+wv5i8RrrIdO0S2Q2 SZBCSCOLjU1X/9t/MjhFNHduhUzTGKS2PUo1ez3Zpuxxh39tt7UuHp9YGHO/KwBL 1gKGVgHggeGt6fgk5yjAfpz9rRGfl2vA39y+Bi9sn7KP0CdJ158rt3qW2Ka8Z1Kc IVOjzoFecveQJ7NxVo18YTD1kyYmxDGXBuHWX7CdNWM+jzdHgoL4Q87WqKHticB0 Y+3d/RVb4oHMVXxNpxFXzX3Ogqp3Nr1Glz/nbqzFmyokBms0BeyPqzGkScdiazy+ w80USxqJR4KXl2xkkadNHaXkCvjgkbVQIi0nRuoZN1PrPczmszFrsBlUKa1xPG4g zij5kClWI5PvJYxEVKHNn4dCOYTli6rrPC2lB+RNIH2KXdjc8+8xKJ4QKkrJ5sou COsGRNtFRVyzVT30Xe5NKqjjsdjFWThXkSbIhDDMORY044NnKKvK0AzS0WHwrYel 4ZkrPY1Ta7lYMg+kOCEW8wKiFW34JWRq11hJlqJxolDwNy9oWkKtqUXuZ2rnxRWY knSvlFJuo01S2dQHAxO9bOJ+CCdWry/9UCnIB/4xwwezHU7NT9stBLCJgIflRtQ0 mRnjevYNQpB7W9HqVRoExm47+jTJInDIr6/fXm2kk+sonwyulCHhPJFRhkBdchc/ Ad+iZ5IK554dEI+e3JQesa5vKtTRtsmBdZiyEpkrXNA/Xm0AYWjEB0KDUVmr7TTE 3EUkKKEGHIMQy1GrVMcAiQ== Gillmor, et al. Expires 16 March 2024 [Page 146] Internet-Draft Cryptographic MIME Header Protection September 2023 B.3.17. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9795 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6246 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1941 bytes ├┬╴multipart/alternative 1132 bytes │├─╴text/plain 385 bytes │└─╴text/html 480 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 12:12:02 -0500 MIIcPAYJKoZIhvcNAQcDoIIcLTCCHCkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBADPyejv9Q41LGeGoBdDpNDv6uYtRx1aRJOfn f4sbWXr4O/34962uv8O3XkNQUPykKKYZ41bEXBUU3enu5MvV/CQIbHYBIxhYmAMD vrw41JyVFN+yH53wtubTwSC8poa2TtjNv2S4nBgbsDQBbN7IR/DHKqCbUK7Am5t1 uuSHgMWpZrcRkUmBlkkqYym/kYfK51FnZbMSODJESjwQOrdhXJqv1RJFG6T0kw2a GOTxsg7spf/dDxEyNMnqm5tLOArFLKOBOxcpbJBPTWumUyKh2P+d8D/8pSGW351u SVEfw5Zw4zX5klwBKLVowk07vI3oSlu5DKfQJ/5WOBucU0EqDGIwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKK12BJjTcV/7qS94clNAH+Nc slgE+RXD3UJ4VQM1fu/X4uszwrQtE8eWO/ToCVp/g+WSFZIzDRBfhbv/7rFDF1s2 oRVHpoZrO0sUrB6IQB7R+5WCueJomWRjJYbjbAcFSuff3WzC9sh6o+hu8p69lnJm 7/ht/8X4ObRHcno/68mPOu4UEl9jOphAxwAzVPc6DqAPztyBvTOIERp7JhfYUy9W r0lWxuYsVFF0Z5NI0ZRybPAJPuBQUM38S880am6CxgKgOR+QLy/s0HDiZQ63tbXG Gillmor, et al. Expires 16 March 2024 [Page 147] Internet-Draft Cryptographic MIME Header Protection September 2023 NcRsbWIHMrIC6xLWHl4cmq6VQdnSNGqoHVaQKAzlQjDgfwp4cQ9pFK3HaJJ3bTCC GQ4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENbAf5M2+FbI0Ai6GKC0Vf+Aghjg 88tKiODrMGsmUZonZvPq/tu/822mi0P1iqCEdG3Jby4dU+exxrgn3InoEZQI0QcL go7Qm0xpqdSPHFp0ZPf3qDAIJub62gC6/kvshuxVyWeHySYp9qn9nwwesP8JLGBJ iBqtQEjeRZPxl7A0oLLalGfe5C88Z/zM4QqL3H0HuJzBM55W5pCm5Vv2fvtAnnpW q4S+YYV9zO5elpo1x8dQQm8+D3RGp+Dlp5nd/yiSgMSolIBZhnxK+jkPZ6dicKXV CQwyIFfHB5k2J74wsGDYBqeZKIhGZuXEL2YQ9LwchmMv++AjoGOhXnoYdStCh7Lu zI7eZqnlMriXFXJ4rMdD58BXYByFrjDMoIiMXCD2dZF6wrCPDfECKtaEA4XFP32n hkLdX6o2r+9uDS7vJX3RvcYVocXdk6VnwxB9664vLWuczw6BueYitlxU50d1sU29 v7IpFTrcSYJOtqftglY38+L1fHGrfd0EKIeY1KeXv2TbT3ZDpiZOVe9KuC993XWl +5T+JGV02jiDWgDgkP55TRnz+F+i0cowve6gcRrDVM87ECP/4qC3mh/st1g/AkvY y6DFD45GTLkrMqeKcSHBo06jS3D+/BarpG4XO1tNUhUOgd5DVhURSMNQXrtVxA6y ro5iupYlJh/00sN8gHoCcwsq4v1Y20CwqmSrfY+8FhfZXBQA4sHP/apBVJDmIrgq MRBXrZUHNmSwEaL/kFVMzNDPrVjU8RPr2qgqufkelU6si9+sZptEEEraqNWUyWZi X6e62jWAxv8qOnuD/6zukqOx7tsQVpiJYPHDw+tVd76Yvefe5UCtp4/mBRFqZoz4 tZFm/nC52VuRNyDQ79h4YPQTryxvrgKaGEm5xDZLcM5MtJUy1o/sNiK0yoZHVEix d4DkM5/IbEOoJM1zhVp3fDh1qkkCEF1yKLsYV1HFamAN22U8ImlGsRSnZVmpLMM6 GuV78wRP/zwJJ0pYrwJf2SzyXI+K9vc6fZQUT9oLCV7mwRRuMN17HMJN/Qi64lq+ KaL9sTZKs84Nu8jAmjGLD1lKbvpAXJIr1nlnKoeoT356OIh0lRHfXmh12ZtTl6qc zUPROCNGcbDePcmKwpUrS+DPsN9VZnIFqWVsi2bsGFbA5pRxTiulA/rTgIT3/ToA M4gp2mANIG3dtxKYDnJskUn6LoX7Hsbf9ALSI2CFrA9Ma1o47ILNMhDZn8foho9e do6cIw1LY/lbaxjh5sRFe6IEYI8Bsc5whhRRX5s2cxYtQprYfr+HDYl1LwJTOEFl JDlwQ0yEBSmGFnE0wiZPM/iquwnfVsackMwFxg2eC1e0wcryRSH7qFtB69gZYJTr lGiHXr9TKeKduXVk7CpeiM/SQkgi3cA69dwezdb1HAKCcb8zjpGp4hjHWXAnTrwV kuf9s26nTCljU/z5XTJc3yP746MKHe+G46Qetn+h/DjvX612v5VKA+XEavB8eyex 5NYLFh0/JQ4zgvNB7DwW3T1+OXyQ+rqplaj3l8sMmH7Zkcvk8Zlbnl2TAHV1w0c5 GQnUCeoJV0guIC4KKjgneu0rNxhWUD7WczWwm5HIAvgq0bjZu9dzCIoZXK9UJ5UN hp5W/G5MLCqEzmweTXGidg9UBuOBRWjaAEoLsDZYr4E1ElQiIzY0VUoIRh9qt9tO DvB3YksC/788W5jJX3Q5G+MjX7kxm4Y5fcXWHU7BwqMLKkpvy2qCNYC4z3rBPaGL ftZ/sJdkR9uvClh9X5zU+JJNAE3R9LlDFW68cUIFxpw+bx43BCesis7r/p1hW/Vp 4JS1x8am2uChAKNMQTjHxeGuaxEvoBjOwTT2D21i1F2KJp+SxKZtb9bTbJZvt/fX /8nUUR6VdwSfgxmOEf+JCRI5U/z7V1Yv9O8BZ+wf0vvNbfGsFdR1UhEGusARNV1w gRO27cfkJ0lWDkqYWzWXXvwoTbTgVJ4i01GhA6nChdatU6m5nR8cXrUchXkZQ837 OsNAUN9sjSR11PA+bwM49kF1kysRRv7T1+uZ59hw3Plj/eN95+GNORsJMwUJfAZp bqx+8YdB2szVpBoFYy9eYmeAajdO6NYkzeXvYAoP739iFs+DQSYvoASUr6CxhBZi 6d3LO7c+OHsgGTiocgGtX8qcP7T3rHDd2njfPzhr980zHQbESJ7TaZOsSlYtsOB4 5rL4nWDXBFqtd5ugCfYmtbMdyWH8xuOTPB7yCUjUI9AdnTEFGPPZlcgo+YHHcQMd 7K7A6C58piH2qnz2NuFcOol+4uwVittRGS5ETrpEA3wPjiNtOl8wt72MbtsYgMec 36DWhQpUnnKOJ6l9jbQPooa14Gc/TlrSLtEpsOJEi5UHkXiuKEVTH2yjP9RdlRYI 7YWecLbK5Hvl+Tw45k81X9IIKMFtdPbQ4sUanD3ErzKGOvccIcEQH947ZI3BlVJT Uvah9ODsIdJ1a68GGJwFdyydJdHI0WUqBiQ7190/33x3CzxtOTlte9dRkJkP75lo V+vLRDQ5HHcHOSzWQ0VeGAsoNa4AFgrO9HMcMTH5VYeeHMVZBCtKGpuC08PKehu1 rxY+tQ3j1bYgPdL40IdyNFCVD4edYol1sDkYofsGEjcV5J3umLHWcfLOSdcXylcj OcGWIz1mAwSeOT8Qqk+8vM6fRKy2neC1QB5L4SFGrmnnVPg91KBEgaZt6E0OMmlP CwrbY5VET5Nf/w2jJWlhxnViPqlg6E2Zx9dRRTriGItd81FA87+dL7xZc+kt3Otk 2RhG9yLW6OlIpBQC9akLEAlqq/ikJWziVrerWKZ0XQ7IAh7c3Q9Au83eRYqL3jEb 1nXN94Di6dfwGXi29FwYqxzkgz2P21t6KcpvrRIBk378yKn7jLVgkil/TEzQ5vce quAinWS2WmF+iOaW7nhcIpYBO0HZK1DYSSLAraK0xvydsZTO5HdGkynJ6ddty0z9 Gillmor, et al. Expires 16 March 2024 [Page 148] Internet-Draft Cryptographic MIME Header Protection September 2023 j4KhE5VT7X6hrqIkOcfoGl2GNXjelhNDUJS0YKRYvda56b2hbn7ppThsaydOmdG1 HxTq+/9ENaBmASEqcgF0/RojJ5ZcLv8+fww6qmxkQI+GG7PLyseI0GA/Zy/THHoD uhikRUmY8eFAZNT10kL/4w1GFIG0Ik/ZGVHs7paRJhWeOcFhnGHqQ+4q6ocGcWMi AZGIgzD7A7sb0zKxtbeSWWrqvS9fhussCMA7avcDNi6WCVTxHSMnV1wCzM5CHemt rYQ6/kRKQ7mkJ7xWyHuKDb4e93+ZsBOomaM3AETVwagmeYiMKG8Ir7EswzuQLkau Pe5qh3i33Z3UcNE+4jaD+Pg01LUOHPMsGkTi9hJSADwC7bZpRsE52WtoJ7PoL0FJ I/SNdk9yzLnDLPiOziNQiY2i+rLI5H2BlRwGRspyZiRw4MthuP4A261dhCscP3fI TY+DQ9tV5NItvRVNa640EoX/CV/bwNIV8ciFrsGgpVrkAD7gmSdrK5IUsxUEUaYh v6LECYSmICQb1n0A+GxwCFrPWL3Ls59Q+8UxDjyqcPUA3A9jyz6GUGGAwN0YOqXp DXHHafrIKs8p5ixcjVili9Lz6Hni9XJGZClQ+nxZQm1C5h55jft+UD0b423beluT 2O+M+Wenck9OpxfbK7IPB9XOvBTj/WNQDWFbt2t2wzgYxZmGZ4x3ULMYHlyqGlu9 KpGu40w+3pAqtuF1fiXW2yBiv5exC+/vz/mfozBnW3PF7BpCmwqHXPp0IHwqcL5W qtmnF3rz3SxUiHGvIwDU/P0C6PExGixbP4xhmAyVH9kxYLOEK3Jil2QpL8UHh6w3 eXJwuztXaK4HUQhLI7a33lDRtI+fQ9JPfh1bXLJJsLw8Lor1oBgjV9CR3Dl9ESff NFUj96B5QPwu10KAA3G5jtrBoNa0U+PWxyw3CUhi4d7gsy7eXpGJCc0JNgY6P65t kXVIzY7RI6zGg+4RFES3uiaxG4oUyfIat4YYGq50ox5iwmOQgav6Y8CkGOQmZUmF 49CiEvsxVUxzUsmESGvvTXTeOsG550DX/XqyG44ieigPjCcMjRTQw2wO2CaNy1HC 8jMIMiteoLovVqThlAmHBnK03EqnOcRJ0isR5JHkv4WTpML0gU+oEkiDhjEKymqy UAgnKwdZN+2dc7wYFSj8U3oMnVKjtQzgpRVZsanuMmTGaT1hY7+HmSl5M4TjViqb IOJ+mJLVYyNr18zvp1hl/pAI1wepwoihSO4m3S0IjU+JWproQm6EtEPuW2VNfmIZ cggeDENMq6OqS8ZoX2wPUlhXge4OlFNSKHividiFYCqqW5SZ/obLqU6aetzZnSVT KLfpQDqib1Izp2wKJXvBiZgCfIp2gRLoushp7v57DoTlG48KBI8/a8b9xlCvxFVk 1Tx0irCIHSjcnI3OYSPURZQfZE/RZiiyxOrnMiloa2wP1lq+z8mDFikKcyqHNL7W do3FS2GDA/hj5GJFV9SEtV3vBUmdqjSxyA5skxAXMleHwHl9RlpoDmpAUq/4/hyJ 8NLVJ6GGOZFjbbfJzLdh75qTgjbCj/tW1W0ChzhnjXRN9U2d4YCR3UkE51Soo/Fw Jg5AZNo51cuygrvWAljeRgCmDfaHp67CYonsr4VuWy5JpuI9/lszIk/19C0U9qY9 wH23xyRz5rG/9NfWMbh6auVHRGypfQAGNwwjslF4hIFAAJ5WkmbPSRn+7SVMLDdW FYOpNc1iMbknfapvsU9cQiTxkRB7NJfgazVxd6A6h/1rOZNmSuUPou/8NB71F9Jm 1rYt1Op9TF95Z9D3oFwsmCjhRAZa/tlk7SicT8K+LJSGks+0yS0KvH9EbsoV9jMC vBMzfXEEVINk5qvHNe9O7T5iivAf52jnTYMwVP5UwvNnseR0/q5/Z0dseLwqYbqS BS3NRjHaV3c0Y8E+Koc4+1RrcE3w6mv0Fsu3IApwQj4AyKd7JDwsfzs2iv2Upe4v RMCzS7Tww4gY1SIejqlr27iXgi0kR4ehLChh+k9WbyewNYWQWfJqvqzfT39ormMg dTJDCQh08cUVmBflMKImg/Tf2ng+3SvbnD7fkb9mqfCHzfQlmSRrwp7amGRj3f5l CfMywN5Bo2si9UrKVgZMaMnl0pIXwziUbSqiGyE9/8SqdLtBtVR9/x/XFUL4eEEQ dUUCk/9qBkB3Ml5vquva6BUVj1hhiKFgnnpZ8eI9o4RL02UfBJRtgBzicI9IlGOB +Dfveo85TdQLZB3duuEo1RMrnSKre0Ki50xp7I80guRkie+++71s3wixp42GENXb pesxCaAZWreIJoVqFsqJLkpDHrh/C1VVc/DlMfYROf6rTKLdFsuJy1bxEEOXwlQ3 DkNIgPoy7x38a0TUj59t2H5xbfbQj3rRmbSuhVWIYgeGL9w/N4NXYmW0iXs9QxHz Yl5/X+cYWrOV9zLhHvjhYAA3z8pevd3v7HgYvyayHH9FAOQOzwtiNPlDijZ9zVQy XxDTlm9Y+rTdVxj36dzUd/EVAmuIgH7HA5TdC+2fwfcoMN+4cyFBNVw/FhnvhqY0 S788MBOudK6UPbTyPte9szSqkdVRLzTtjiURPGf3DACDPOVu7bzewbXN8f+KHjDK aSdLktQiFgbzdXFsCZPOYHQXbs9zvztTU/xC1iGjvsDK/A+exn8QuBuLnumKZzZ6 vW88zNPu1JdZIqdszjEQt5TrMnSVBgxcB3TeerA8GQCmgZ1gnN+Jy5PIQHTz4oLu mp8ZPBWd8DRsT59LltNwyKTDLCYTiN2Xx1YOmfpUQDKnnvmct7W5usjD8VntHWoY gJ3J+Rd8xPdQsnW4/HCX3uTjgp/mUTqCYP+J+226n0ac+jdfDmi/otRn2jE9zvKG 7gKpFu/gGfXZvY8OUSdNP/h8+VCtaUzbDqkbNkIIsyhArupkDBvSJCW5qxybXB/a k471+F9nug6jdyIi3Hqp0FvubcsSchYA1UP9EtUg0ae9hDB1tRY9GTlAaOBd2xbI zvvEBeEcV1TlzaY9B6XaTG3VIt40i8S1BrDlJh50jc/qG3B7X3Tk9Vvyn2N6otF5 Gillmor, et al. Expires 16 March 2024 [Page 149] Internet-Draft Cryptographic MIME Header Protection September 2023 nidTIwwJ+HLGt4h6c+YsV1WZlPZDta3n6/HNh/+pAdwSP/2t43PJMgJ1OlSlxR1I C/OUgu7gNndyg9sm0j8rpPUz7p5s7cTPIzGkyZ1VzEAcl9dv2RFB4TV6z9h/BLWI TUfx0RcH6Ny4mvPiQKUADuMHGNZoOHXEpsIQPvpqL/XDXeEZCgKIH7nZIaoirNWO OG7cJU3F7Ko0EejbSsrG2HJVrDd09Tlfr7HP6/4Tu3h6qoxlTuINjNCWs9wUqdxx 3HNzXc+0JAKE1xiuoat5Y/aGnfabVUVB29ad8yFPtG4cv3ftWHM/N87Uezeni6f4 vsZhKLoo6FcJ6xpmWD0Y0Hys1YtukQs8IhuKNYBBRTNFGrBlCqKJVn7MIsziVld4 NGgmDpVQ6sgIr8EbIVVsQC/0WgzON1hsfLvweYfd0I8AaVfPWd39Q/y8DSlLq/yq of7KgAyObSxxqumY+hJwW7lVufGFiRiZDYi1bdoRaVb0qVnRF5pU7YkXYwby6wzF 77olQUVcEoXMJvtWLnu7h3mI7fQ5F2F4a9bclLGXDcNMHsfh3JaIlhXkmUbEyrgF EBOuotyT8Jtz4a6rSG8vLCDEjfw/DKFm/2vtAg9CWb8u1Tj8Ir0j/0YP01VjNtKe dQmi+Grcts/5cYbhewOIaoaD00N2Hy+7MQLMDrHo/NFlrCHtLUT+B0I7acnjAdit v202eROGGQa9YDjmZ8tMhHVGYko46yepO8AWm5RR4vVd8b3CbvFbzJy8wIGIBlsE 5Ds5rvWqgzKcVVlxRneE5k9uJwY7CeL1DnVX5Sks4mZoxgabfQEcRl16SB5RFmSW y1CDnTwMg64WCGG8XCWMnjEydtEGK2JoI1b5Zikor9F5Wiqhq29Ropv+CjekM7MP F7lW0+C0iB9PaQsn47J5WuZhdt85RfLpCm56r57z9eMctbGfmhUl3YMth9J71xOB NZyBXUnAzQ7qIaOuFJ8ZxZT3V55hYAokF/Ph+6W/rHcSshEb1nzUQ8Yf4jqjLmcl S9I1cVf2xkwWTS+6+xOMoEuqeGK6TF3brI+s8qmnimIIxYsspnpznNun6fXcoXmh 6TOKCAoCHh3wWPk1ucj+JzK5LHDUhoBzccx1co1Vf4To9Lc3X07Svh5L9ZouJ2IM NHqP5tv7V3dCyPfiLo4R0LGfQ9o3x4vQq1Q9Tt8VPi++Z93H7SqIy9/XNYAMtp2b erh0i5Qc7p1zFgMN+oL7cO/r+jM3/Xt4uBdenLklWs9M9CC21Pg4vLvs7f5XNj9F nKSsAqo/zxxnqrwsfLCEir4nIZaOSmQvFATKAumiIq/Bmljy3yJaNFhNuo8k44mi 6C5rChBO59FkqFJI6s3s0BW/ARDMpRzwZzLqEiaYQxXrvh/YWatmzdMcOGjObivG R6cgEjJ3ycfymZ4cl/dQVqqeNGSfcuumI3eimiIg4txhUFaSQwkp8WIl9n0yBnFm ygdePhIuatf5n9yuKNLbTxamloG4Kd9m2iHGp9oYETf4xt9icTvNa1q6kEjkEj29 jAl7hx7ws5uArlNIu5Yo9dmgzQ9c5DToQr3TPsNM0SnNR3S4nujNc5zyAybkgD9N oirZ0yz3BMyWadhbVACK26hYMEjdM/eE6Va2M8yg2aLXU+d1H+hR/C4RN0v50u7L xnBmTU8y+AY/vbl4042v1TcvL5IC0vOG5moFRgUziCcsncVcE1h5EBbwcK52dvWt OCE0JR7HV323h/mBe2uMdCrsvRSdIO9/VqTU9PbVbl3xGwz/mXpQrRjf/HLk1Bxx 8PNZU6gLQP7Ktgo9RTKV4ZgEcbsFrg/np4m0wb+wQrI4d6XXlvHMPit0ofu6M/e4 FoyKwg0Jf2Bcfq33eCeTa9tioa4G7d0ML4NqZi6sxaGG94XMMzu9nD6ewUN8hlxa mhn+uLGFiE3y1EvhI3ICCeJnZNfbPU5bXq8zuwqp/YJUU1hoshBna+VO891W217v koo01YxZB5GE/BvngnYDUPY7cGyutF03uRofOHmc2Q76mWl9hgdc1tFfCO950nre d0cNqrMsmtryp7tJ7FpsD8QE2t/jWG5PlCk+m/8GbeRk2qimvkch0M2jSIEUhLTr ZNxIQ0dVtrMTtsLaATMTG1sH/AiY+Ajuzhbp10G8YVilyIYpxx6RSpRb6hpvLqC/ xZy4kBsoJfcppiODphgcRLyNg+8ogdHwg7LXqT8vHQ6t3wfASSVlwetnwCQvfB8J XjnBSSUXoTHhqhvpJ9SXxHRiA+XHgFYc6BOAepLYWMcuIzvxTweEsy6feQynVKWG p9DiKuvc/v2gqse50u2E+E5rPQuTj8/SLrGUbw12i1TkQhUIYZMI0HYBDFxu9pyD u1zx3DsnSlLWTzJr//wkr3lJd5L3WUerfEp4gAaq5hGCqkSZs4yC7YfnjiNyGWS2 FPFhOo2EhGBGLHCO+mSSYxMNkRi+sDUMzx8d1jVByeM= B.3.18. S/MIME Encrypted and Signed Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part. Gillmor, et al. Expires 16 March 2024 [Page 150] Internet-Draft Cryptographic MIME Header Protection September 2023 It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 10380 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6676 bytes ⇩ (unwraps to) └┬╴multipart/mixed 2248 bytes ├┬╴multipart/alternative 1425 bytes │├─╴text/plain 482 bytes │└─╴text/html 634 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <9cfcaae2-9fec-5aca-9a29-c98da35b262d@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 12:13:02 -0500 MIId7AYJKoZIhvcNAQcDoIId3TCCHdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAFyXL5Bdsrj47hCSCMZg5HssJuT0Wkfqzrt+ Uauk+xOG9fu/C2qZFlc6itV0sTYKogOf2UOEetIXbj4ad9TeExHOn3YdEbbKBp0a KnYn5zyuaRc2VmBGwCrAcPaGLHL59ul93+Quyvp6t6T7L+y+rvgtOh6tMsCH2yVp TGUj2FVg6FxB4kg63f1FB1ofpU10wSB8nn+dUzUqxD/Pwvt0yxhB89ea2+3C4ncH 36wQPHM71la9981grPRH7RHBcWdyvny0LPipQ8v9p8bweJyVQ4oDqLdByO4XuNzL XqZnTKmhXugkRs2pShYJa9P/YnVf6fPhc9mlzl2R0UXZ00ezMZYwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAiAf5NTfAC/vD/MMeOHO+9ciT ntt01b98dS2zwaGnUR9B567tVQjWS+hXSWYZ7BSdp4Mnt1QyeIsFadrHZp9RGnXS gxfzpCBQm640OPesyumvXNwJnjIsgFScVJ2cfyFhdH8DM8yKCdBZc1ueiaTDTHXb efDBndblmGaJESe99TIzSWu7dqltVm81u7NnPdY7yM1IHPp8Ij0mxrxm/5pXN9Nv ZK0QlvoE2pBgdQZS2gZIoevepePkveqNYsMk666ThBmSR3RAelucLaRhCdGJ1utn my00M75Rn6A9UlNAEUa6HXXqqIx4G3XeRFvwjEX3gW+sd2+qlzNaIOK5VKVPDzCC Gr4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOSKKKhbXhpNDoX/l0pLf+GAghqQ fImfWw1xwLL9IO5jrbrEB+Nwv/IEPx/eZR77kGkohfz/lD2J14obHrkGO8DF+6l0 d1cXUtVeJ4EJeQdugoF3Zf4lulAF+skxo/0kbTZuReffOaGENU3beequQ0fi8yzd UDGRc+HvYpmKFgy8YXdNexYYXaDGxBCvHx4WrPmczGeLE3KdnR8BR663OxU8zcV7 zmG9LH/7N8JimcVvphNpKpbgC0W4vck1wsJ4HsQ5/5XQ9bIrXvWxDLqCL7wNJhFy MDHc582aczLwOcb/RVr83VN1JDLGe+FR/snhhxpM+yFNblpXcZiDnzVwpr/kVE55 B8Z5P/9Vkhu+dG3opNmronOWOgoUdul0H4BaebYmIIRzvFFWetRSYmh1IZeJ2s4u dCc1GclveZBB0fmXWYRjFlmbEKdo5vVN/wbilQaIfjbm4iQ4YkZZBmRFhsSqv1pm Gillmor, et al. Expires 16 March 2024 [Page 151] Internet-Draft Cryptographic MIME Header Protection September 2023 GqTE5pm+A+4oscp+dnqMGDl0jzAWnyN7tlbkIW5vYlcnoDdRpT2r93ZRZ/sFggog pkooYY5q9d2Vw+ghVPS19wToG1RoL8GuQ6SRTq8FN+vuJjT1dfyNhsYp7ia9+ttq Y5KdR+3e4u6SmVLWudC9k4jsglndrKNqXvVyd6NBPQpmeGaXGXhtQkzy3FBBfcsq mjwgKUmkpqsY2a8YZqRce2PgCuDSsXeYZvVfs0EDj17XnPadzjIBdLl9oUGaaD+i 3q6j5y7xbyvjGc8T4TJCss7z50Louuxw/g5VBHHDz4huywugOR3SICAOFn665uTS zSXXuNi+jII1aLOtPttqmOmPa4KXHZhQFiT/F8D578Wnt5hGV6fwHXOjvvi1JrsJ k5X0Eid+vY3THdmE0e+IWOg5ViTK1j4Yc6I36CX/Ek8k6sjjLl1qKgKo0XXon2a3 2MdZxnNuSPvx0EZ7b3GE1okJyChNPguG3J3yxOLeb24pQ+jDLmka1X/pLALIEZtR HUks6pNQ35eYoULzB2Sc24t3Xk1C2As9dS6xVXCxpoC/2f+SDOMJzCDi+3Cig+dU SZcqHGNmKdp27ScsNmtgeGp4qKPB9EVBClSYHdWwuAlhj9bOuBC6zAEMfr4FnL1r bH/K7K1HyHjBwrIZmfvbEOMF3CYdX3kFwUnv71sqfwW863DrJpW6o0Fyzi9zecJS MHdj1mL3t5Yp3u0+z9+MVJpfgJfv3GDwoM+Cb4s2+kH/P101tUdZcAyohu8gcylq eJ1mfgRbBSILwrzLr0egML0guHdXWp1LncSswqYm52zcUWuo2M+gz2/vD+6t16OV Ax1GZQE4Vwwd+z765wfiQAv9OodQYhrdX0zblgdDSSUCrlI/rc8CE40qZQM2q+Bx ZVzvFLQI15SgQMZ59IjZRcNcOsunqtnN6VqUrbOvqrdYBFHjd9VI5qTL8CtvEcJW EBw5nsz2dPYXYjbZkQsxYGVxeEKiNyOt6XhFKAv2pFiiECi26XbnI1Pcq0BU+8iM KTv41Ku2lGp+DVFtSxaBY2ge/hyYpFp5zTPelPSvDw8VEnAZn4BzFd4L5Qb5nNGh MOsOg2nbU2CFZJg7515qTODfgdeCDJkAbDjG+3g9Tp9rMb4tNsZlj82OqoCHY4eE iHgw96FAF1vR3BSk7w0rNgAbCEt08fBKaDqp4XOivsNk6ows/3E3DyCuZdpW0hWN RZ+fdMWVgFaZa7hJAiiQxeX+b3ClbHBuEeRIPHns93uAA7Y9+Bicm+9lp5lMwefe yEW2wH9V/d1vOPUnUIV6VSe64vB1kdbfexY8/C6z3owe6KyLJHiDnLK8sA/wHOrP 3pXMZ9ldHweG4pPeUmWFfQWgYDufiH2uRWSe9qLImGdL01yuKvt5bV8OznIGhhdn wW8GGIwZtzpL9IfShYVk3RAAEfUVO1elB0C22fNaQZJZf0FAxByW3g/nkVxMW1nF 9IRkiMWWYXK8f73YVrxfCn/NpJKxfkm60r8UrJKapDbbqbQ/phLVPyEufA/12/Ql qKKlcxvTUIyJwnmMCUAv5P57QpWCmpJVhRzKJGgmquf2bjq2UKdtnuMJNcD5kVlz Xa+4oeSEFahhkDzoeJPCGrc8s/+OfObp69YMMLrlonrbaAOuiVyRL21tUpR4Nexu YVEwHRAkwM0L7qL9dMngEv/p65OqsiXXMuhn0oW2QaWP7YOJYCvrIZCDEsMiwzfW TgDArodbZ6Z+X4PLf9xLALXZEGanQwc3Z6nz40EnJAYN5FKodLjMGUyXAtYfkUTV zF0e2RqVSRQ03/0Sz0nQEjgo07UhHIytprIX3JKqNENqzQFp7TON9RpTTgykmxTT 6Drz1yn/daFZubp3am80Hg704V9CWHGKiO3E/Pm09UcQSb6cPbTe08QVZd3O74ne unrho139pO0UdBSiWAllRcAcBiH2Am4g4ILgXMX+E5JTTUWCxUbtMtK7QXX+YzYu BdwnmvzNr4nLgM24Tcq5c+lDqT+fxMc8jyOO6IegdtABgGUqGdW/0jfDWID+v9Un FTf82vMpYCwZmeCX7/N4BAdLHBa6tjWQdN0kAhZ8QWNXO6X5TGQStEtpW4zrSe3s QWjJNN051ajQKX58QY95z/PntOWUrTmWC+pJJZhxFVWBAFOFlNKNse0WB6OFzbqZ C1rN14gCb6twVR/F8nIJqICeOQHMBS9tFyl+FksXg5WwmrA4kflorihZ+I9AbhBL PD5jdJJagZeLYP8XlW0AaaSHa2p5V/cdDumDz/rnkzpbiA9VN8/pLy2aWsvQE1qE R3Fxb7N8bU+1c/FG+ekaiC+mzBfaOq7WimFqk7rKV0gfSeHXTQVolkNceeIowKDY 9YeodW61yVClzWyPfh4x/icE2xzD+0hjM/beUpfUOCWlehut9dwRmjujhwK7ZivL rC4ex1D5KrT9npqcB+cO0wy1ghr4xjn9xpiBIFmo4NJ+76777Puu4khUBuV/zYav fkupDpG7Ml9n0eX9x9oXQSLeEDagQXnqOVgxbOgCsJbssADsy9Q85mDqc4jJxc/Z MunEcErg0lNIEOeu9wx/yiNu2ioPoVvIUf9qRzh1i6cZzpZOVkpsfC7KaunfyU9a BlIuZaI5ZclbeuLxjC0O5tCCLzpltdLNBBXAQzQEDz0CNDExsXhvsmQ5oPWwbHbF IrTTyWl0UYhiqfzKqcqjL56sd4cPz0AEbxHRbi4TGWjG41lFkgtTjle4wRK+EGWm JtzZ8DwgU6szLrEc/R36Jc+vFNDI4+UE4tQxOioR7/yRlJeACjiWcliK3G20aM8h s0Yt90pHZc7C0c3v3ls5g4i8l15DL/qK+4Q8PJNotFG9ScytPiMd2SRNcHK0RAHz mgEe5+MJUKxRcTLM9kXYC5lcPnl9yjRoJYVB68kyaC5sxs1DqS2cTTN5h8LymUGx pM1PUGdmKF+AV6ovcV5lYTqm4FivtYFfYIDfC7wSfgC9trWeFZuhNIjzmWXzYuTs o80LVeeBRAfMgIbFS3fBQ9EiUs4IIuoVGoG64vg5HG4Fxpia1PHDdHJB8eT0CZ7i Gillmor, et al. Expires 16 March 2024 [Page 152] Internet-Draft Cryptographic MIME Header Protection September 2023 XAQK/ml/DHino+SE3bNUIArL27v/e59Fc/USW5BeII6hrsmRhJgmzDf90Aw641nS DKUdWYJVyMGAoS0hv8AGvxDDh93kSjAw1NUHieLCA2Ac6H8iv64napmdaeI4AOJx DyRjzUT/MWJijxmfnUlkszqQOIwq2ClFHKAO31P5T3e6CyGIp8H1wM6IvYIiGu59 w1CXpHbhCxMS/BeZX8SFq9mIMdyCu7HUQFaxkbpRh0uMkMJ8p7ej72XGbNY0v/Ur 1WrQyRdOUFPympv4tOXFygDc0rjOR/Kwnlh0Kxk3ocm51mDUvWXpTrraSfQNIG0W R1YUO+VCoD5D/F0MZ5cjPYBHF6EkKysfZ3sc1LkEarkW+iONWsOaJ2Ax77fz23ob NaG9SYBkHV9e+xsmVTMt41RgtTsF8ptFxmJPJQ5ERDp0Lh//nPtmXYqtIrzIs2qK 2AuPwR8QjqHZ+wjeo/xkjBsyHnQiB+nxfH2oQhwp8umEs9Kjan3qa68fITchKZ6f z6IzV9w4qn9EdLaM713n04ZizXpN6SKOYQfOsfDyv5uvSPKH/jeskupt3JBLpqLv aEXzY2DNZApFdvRmbjd17t2DuyX1zh9bs8tP2IpMaV+6T2cH8AiNVUumoVzCFJSG NFb0eWzhP+EFiLojHP8QfG7y8QX3YjbpGSfnapiXV3/nPg5xCaRZC6ryz1G/c1j0 7HDfOmMxdllF/hSAi+CbRmGAsp8WI7cYH2Q+lwGiSwOsOYU22t1ivqdRm6cNux/Y BeUDqWOfYPdGn/UM1FGxKWvdqCeyrA3j5k1PTFO1AeKY/+QGRnASsnDC8UUP003M VbiMD7Z0uB52J6tt/mpHcUXnZ2LkoLrAacFdi5wxbz/LnN5A++QP+rkh6TMg7puM FgfXQCg43+hYhbrkvwmiBFAJz1B91j1LSL2G0HzszyGcKNL1s9YoBKjb0xx8wIfw eEfuYuoQstu4Ea788+n7ozmNS7kFQ6hYtPhCmUPhjUuTrWtWV1F89Zf4JiFihrzF WUFj51aAjou8wzB0kf6peInRy5xJ4rpwZIizM9eJruIvDD+HmMwU2UGcYjjpXN9E yi50cJEQQZoP7JB7fw9Emjq/WGlODxRlezbmOHUfbqbbFVM/KP11iJ75OEQdKw1J M4iTZWZ24e/aEqoGZ/R87dfG9ZKuu8o7i3QxOvn2cm57ywdG4NQV9Xj74FdVrLoM U5nTKeimdkYc6BUhNDrWeoTzjfAWbGxBomgWoy2+mne6f4hVX08Kxv2YTG+yDeAn iGxK0LiUW+F9GkqUlHPqAejMoIH6Z2zTyuTVJVc8ig3gUQLfCO2AJz9c0/pQILgH npBgpq+4WdW0Yip+9lr3BP5KGU5mGHde1wxxmL3A7/p6tMaCOwOExhfIKIwUtE8c 1CXT+HUS9zjONA61tTVTPZkEY8KIMr6voINHuUCvbD62P4W9ZEbxWuSoucc+XHo+ Bqk5r4vFgR5G3emt7qGsFennb3siQu/aB+jENycjzN7RnlRCYiZvJAlqy3dLEeE9 S/M1IfCWSLijcJMHgMvm4akifigl+wCrNq+S15End4xTAet/Ur7rzh1VSfQHxRM9 OVP5rL3vLgbYnHNOnBWgM8FV4hDBzsfLy4CRvNUvYiJ0eyqv5Wsift+4sSj3nwLO COoNx7+oqX1ICOo7yiClW/DhakIVI5Ydm2TsBchKh9dSg+W/Ez6C2ph2v33x4ZBP ucurUokYNqz7U0VSSYEtB/lEzBCWAM21PXdMphtWAObQFtO5/8l6nDY3+QO+y0Au 81A5nhgzXIEoDwPafSjWJ5YUJf8tnftD/CiSH9KbmwQ1sTbvXAe49Jtdx28Jb+Rp 9E3QBexiFqpkkwAPi75CIb8yPVjauqBO8kJQcA0yookzBya/ouZC5uC1VmACNrYl 8BA35zxa+/f4kmffuvE0abmUCTGxwVwJOan6uvaVqVMIN5Hjlj2TZcNmdqZyCwMW JIAAldAI5bTEYkUdctqD3CrV0eqQL+b/LvlOJZD58R+1iaNsQaUGpdsycW2aBfUc XHiesdGlYCS/J2biGSDIrYYKho9ANkNRtMOXRAUR/dUaVikL8jMN2ka89RDyX4lN gdQH9OmUQP1oQcKImACQcB00QLl62WLlnEKoP2P3VemkyMGRSditD6QPkfutnOlf 6D8LCYRTb4/p91wzIxdov3XvpbaX//koMOWHWaDgDsBPK/MmRwPp8ym+yE+tuz+S JI3Nv8L5KkshFraFsEUpPcx41njBvQV0h7vP/hqwwnbFSJYPm380LK3Os4rD1g5G LNyaBIaNTPrc4j78SknD0lI0KhA1JXSKX2Ul5TMmgOOyuP5wGBUJjAHpYqvTnZ7C fUihEbg8mBx243NZP/XrHlOXtNzGv64BJdGNx8bmwW3guuo4fXG5aZ0AFzYlHMCi UfFtEWAlB//GVpj4uxZ5B5nd8zNiQrMGL7B/xYGilhAhDYN/JLwgnNkFWP2Uo8dU 2MPzCBuglZLvzqXQWBRl2M8JX17iyXKfKie+592lWocB32ZSclBCrpc9cr1vzWfm YJyC1GvHkAAY/b4XvRGrS4NmvDLgjzWNzkDCru5dEc9+oPvf+/rsyP7709Hsde0Q qAP2IwEF/YHJDIgVwqEIWdWHRbkfasLiqsEyXHZ6BGNFBaywfQCaZ4Y4dVUzryDC mtz4YgXwsvOHcaY8UvHLU4c3/+FwYM+0Xs1C5oYbk7D68KNeXxw1lui7WSBySa1f IGcm3OM2tZfwauLzXHwSRLy5gtIZj/RH3gfVQZ06ys4S1kzIbJgo81K6ysgyDIQl iHWzSxPnGUVz0GOJ2rHb1eYyPzPJlqqJkIgajvDh3Zdnb1HK+GkIJGgXhgQCaYdQ 1hwIJzHOX1R/usdFxyGA396uz7cSTejY7D9SN/taXdHUJp+TJi1vm20xMWwHvpkh uyjbjVJTmyM589Oj7dyTSBGbRFdRl9y6ekkMCdDi7Z6jYyEi9pMvMGUnWO42mHTL ehLtRFG0LX6vVF1HJocqMLvcs/yInAPWnfTtgBbe2O28/rfWpkFnVTEkmEobl1pP Gillmor, et al. Expires 16 March 2024 [Page 153] Internet-Draft Cryptographic MIME Header Protection September 2023 mhWSue/ldrOM9TL8TYtLF8+zF4+v/E11vEfBlBiRLZSA8+D+uG3gGMDq20Lg4XOV 9cv4I4x2KSYKivv4MnwJd9ih9IodTr4sdgeLLEd3CTl5/fziP5jb9vfD+2c8NhzY Qb7/0YPqtPZwgNrp5dB9n2qNm9y/cVhYf1C9pauNnLSdNIXBt5yXRu4kzNv/B56K FtbDalYVdfLbhSEcW50DqpBFDKPzbtGdpCsOP/+ViQE1mtNNuTJYwQW4eBtIGfiT 37N/PvZyKn+9uoVDJaNG6iTeKj1WB/kNz+zdmuag3yxlkttcljDpchMFqRlCUKDj +SPrKp+DqlGC0TpvO+3JiN567WDV9CvjdfttHJ5zpGPe31C4Muu0VYASuN3UrCXB eQLee1ty7rk61M/RlgIizC8JAntPx4hfBb6ujZnyrujGRowG/TLsdQNODvj3Fw8r i/huor6VwkJwC/FQxvjTNWcEL+MUu7cBv+O2Pd/gL70tyQP7eg0QENUcyUsZ5NXl f/BJLERQWEsr1O8fRTbkWLHN6/nowUZ/0c3AqC/SNHTuMky0Lcy5+33Xhlktb1rz 6TRBojUl9yjD+DnbmpGY5fDKhQeOUV+ydFSRUCu/1X5P8mkU5+kja8KIWP9HTRDu 3QtuUN/MGQ0iok8Hwr/3U9spCp1E5KsxWfxU+M/l0KIqKWPcyW1bX8JUZMRMmL5s qSiZIbkE7yuXFrZw+ubzDnoCZwNM37F685nJ08Wuk6giK6wl/q7tcKAv+mMmrq8+ 2iKIrT/oWIA5iHkEGI56VrvqetNLoWo0HKlf8ZjsBd3Xc8SIYn2eWticKy8cH5n1 LyI11qNjphhUCz0b7wSLOA7d51cZ7yCPgWs9uB7bMlHzefIjTGVNVT8ktRm9/4VK OqQugt+L5OOKRvZ6UpHXAz/Mkd0Y8lcM39nD/hlDfxA/oIoEM9Ze7NQS0sxD+PCG Pylc9Z61hys8KH1onuv7tyIZ1a2CITXJzPl1cIi/cqbrUdBK6XVNla9exfSxVH2l XJPUcB3UIvSl750KAXJXVT+Hh+63LCzhUZaVVwPR21tiYZI9exGKh3n2H+Mm+H8g ODkrO6y+WnmhCwGFZLGUKJA8f2qq2HfJcL2RGV6C71ACc5PGQG5zbqUxmEXidQmj cpykjsFcy7CsBWI/wmH5vX4A1TNl7FFE2Gutasn/JICUXE2yoeabr35F3SbFMnLa A+x4+MPbsq8eR1RK3/X9eGooP0fkQbuQDklJ8B9md0TlyXVn4DTDSSsxNBK+HRBM Q8GBkIVisBV5lAfEeqIDYN6rklhEwAEi4Ulc4Uv0IN24vMdaeX55wE5o7JjNFNcT c7qoChUxRP65LsjoTOxM1lE6Ra7302PwaJZK3dsmLIE+7jaqdm3w689tw6sr9Mzc hTK8nUWfkXWK0OiLplESVIUG4E14xARjYgQMltYlrA/wgFLoJkVBAEVMvVL6hRoL JOKUTBDqwU9jvu7ZhgaseyOQ48+yY8yPET3CM2XCDIyoGAbc58qIC7vn1meuL4+F otjxJW1xn2T6WoUtTUi6yCCRHHe+xcxlSvt1wr36M7i7IapqGlUdrRoKZsiPWHDP liEPqlY7105hK+pMZg58OmFB1eRkSZlrZDzRZwCPErT7vGnZX3InSRtNuhjx7uTB qN7yqv47r/xMPEPVshGj/KQpEu6+PtMZn8OmFlCqN69yPhc4OVtNwyQwWHBBZ43j Gx8v2IHL60HGy0yhdcSz5NdNdsBwhs0Yqn72xxMKYY/Ax/kVO4GP8kW1lF2mmvPq a93lxxKUnuKRY1Jwl1gPnJOmtLm4WjPqSXxgY0D9/vnDgfv/9PXjK4hNnDNvi+Ji qwwAW7nLMF4uVkirCndrt1dhIDEaq/Wju+gvo+pCl1ggRZJyuQhCwm2swB5jTuGh c7V8X0KEgunWe+QXzMMBddU0MAIoHddnA1d0KqNjIRfnIw0Eb93j9zYK5U3cDjF6 LKmD9of2rbA8mWc7DDSiN1ZglQQf+wwLzJ7yctHadK3dzNZdMiToQb41KtuKXdxM sTHmhXcbeC5cPIWzbr5tQA6AtbusfwgUFek+jh1b69cw3Ibm8nCu2okSbJ6DEaX0 7/Q6D/wQCWV1HSQRpzCV1BESRzg823D/VPK1Cnx5qjlFupXyPHlh1jlBEongTwwl 7LrfK3UGH4zgvr0aqlaMgDpOofQ36DvMge8Rmho1dlMRHqSuIzRhJVYL2zlAWaz6 unVy00hr5FlR+5FCynUNxu9XjofqNp4032Ihd+0IiOqORfObfPhFMLDFQgWCXnO3 W3LZR8epSit76AEYaw+6+FmrDPVmQGab0JgEOLctPNyYPm5XoVLM3/675GyKz/3E dx0HTSm6BLyrY4h4FMVaI/nCu+MkizmdZx8jDd4nSHya3NdNOjphJv5nW//WlEPO 6BOTjzVrI6YvHJuqkC3FssUY+VWZRC/+0iYlDYnaBWU= B.3.19. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy. Gillmor, et al. Expires 16 March 2024 [Page 154] Internet-Draft Cryptographic MIME Header Protection September 2023 It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9970 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6366 bytes ⇩ (unwraps to) └┬╴message/rfc822 inline 2082 bytes └┬╴multipart/mixed 1977 bytes ├┬╴multipart/alternative 1144 bytes │├─╴text/plain 381 bytes │└─╴text/html 479 bytes └─╴image/png inline 232 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:14:02 -0500 User-Agent: Sample MUA Version 1.0 In-Reply-To: References: MIIcvAYJKoZIhvcNAQcDoIIcrTCCHKkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBADCscHA3WYayfDB0SnAjLLRn3cTsjsbLknQh iSnryqFniP70VlHS0exfVjnkyz5YxHRCrqLuXfV7EB4GRaieVzIkQTUEnhfBB+oM jXJzEZWi3Q/O3b/5AMsV8vks+gCf3eND5y/dxgFuzgTrYbE+M3XsfkiI4f9MaK9G 96uzaT0E1PLOCwQYUuWtPCffle484roJwg4++H+jWYpGvWhM1fGUu7dbNX779ErA pAMmOS4cywx9W20uczJ2Vzaa7OAEbgXrSinji47uAMFNVb/g2toeXlm4bITvdjd1 JhBqQoxgIGdVLfmxG9aZzKIWWF9D62cEdnyCu/t7A2knMCPkAqUwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAedVmzC4JhhBlJEdXJ0NgpV+6 StlCpr1ktO3ukPWbOBwWuUoMKcyt8aCN+XHtdVUFNqSAqJPHtcTGjq9JC4qUn8TY tiH5BLyu5JDU1d1f9FvnFgbHpdbiiFKF3d2F8YRYEa6IrU//1qJdWisnlZBoYBKe t07G6mMgL/4cGfyMGGbWxIBLZDImhxr/JvPS93jGRJChTPDnNbYKtL4t0rMquM8e pE4ya8MpWXZwXZh3qGz4pcBrGPY7oEkho9pzOMmoHU/sD3CpmXyGewWHTOqZBqHQ wwZkg8DeJseAai2r5yUxlf1M4cZ9LTcgUQNFOu+vOLjEL5eiG1zgmNhx8axcvDCC GY4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDd1zb1BMvVv1ZjclFL6tSSAghlg Gillmor, et al. Expires 16 March 2024 [Page 155] Internet-Draft Cryptographic MIME Header Protection September 2023 XtLH7SSnyPyftXAjx/P8qkLeTa7PvaM2TOhUL9fQsc6oNeqG4tLomIbN32XajG2N kxPAX9J8ywwHaFjs+OIXgBGKdyYDmdjRAnfI91lo52ywxkldXkiYJV5mfpKkIAp5 NBwYkfgyLSf3Qed0+6FGdLBXwBrNdv9yn4zn90qwkGRRzG8MQOlMXVGJnqzqClZ9 CkHSPpeKS5vUH0WGlJOtRoEjadmLXG9dJyYHdFm2v/Y65mvOhmCnIfzieGydzTxS kBXRFttXEsPoxOjR6jX271KbVu1O5hAr3xxrO8qtrFUZ6ug9VvqMfwpTupsYiVV/ NSqB1KBHxpocubCF+84BUBlN6nE1qZFdc23gVaDcqDd59QETfiCj6cvkuI2vrZYm 6RSK3s4mt50glry85o7TqAKqZXuGqRgEHMx1mBlXQcVzoiXai4NR0AwKTVrm0J5h tSqs6zbd8asTjJo9+CcykzxVcx29O0z0mRDb1z1dAFlTFAQsvmY/TfKj0kiAl9MC Tc6To0SUagvUV4G/2Sghh0zdDihTK55dSG9jygVOjVsnRtg36A4bYef7lA4jNUbk dz8AsP6JVgHwysQs0n8JVkNMEs1i1hR0Z/05BE3PqMHhKSzlKh55zb6MoBJquyqr 7RF3w1mXb+tsM6yUR9WimlOgIon/GTxR0LHKkYeLX2wDhQCr2PBcIbAGIP+W20Bb qjvjPxcjfOAQzfxsTYGUr/mTcaLZYvVN9L3wg2u60pqZ+67KszKn3U3Efib/+6aT 8QV1weqEfjZRyc8o+S3g6JES/zPhCxykoo5DmxltrvTOhK4+0V7U5SrUbC+S/oie hQZd+pk3AVS6x0ojtAQWoBWKDZvPSQ3VXPVN1wCnt3muq/xV540MqKtZ2XRkuCwy Cez3s4AyhdX1Ko/8lsJ8isSWsqG51iT0DRGjooFMFMz4NXmNZXE5ink2Ba6w80XS CPmVQ3SKnuKaUGmknH5mAQfUrzCZrSqwppTuWNZ9xTTrz//kSiBSv7aAz5GVcm+5 fzLWdMoMoWWn8lnhEU0jX8vmZ17I5onAO1UjLNBTyomiZqz7PD/iIvEPm1XqgZpe mJBYmIZI9cSB1lQFlI4R5GBhBTBT3fyPAT6iNkVmgWgL4KGOK32tz9XAJ+UJP4z/ pAqPyMKXcKsIq19YLJzFgi8ACRtuAC5tQI61vkd3N96oHZxJ2T7QQ+n3skFXXcud v3buX1+N8M40VBFybsx3dAxUPuAtkb/tiYcXHL+9ivc+ncXZWm1j53tPMiodDEvR zBb2s02cCX0+k3mdrCgLMvw1xN/874+CJ8C98XDijhclLL+/vfe6VfH9iJhoW/Hu 5SLt+bTcr1bcmbgBkFwUO75vp/9YIwFW1MQDa99PiwVYzM7GDkWtFZRGS8RUXaHh BoCi9O8wzibGTjskFvu42xccfqpOjYrFLktMp31G9JMyZvaIHxcY1dJLIrB7m4fp Mx5/mxfxmbjwJziG3Y0uTOupzJtzb94GogLA4VyG3D4EzQyUWLMsvwSrJXSWuMHY ZTgb7qqjb7DVK9YVpmmqAb2JhVJbPRSlUc9yOSSr23KqrJ9Z+z8/8BJWEc//kMZ2 91NnMsZ9X9rPAuuQOjylvqBR3Gy6Wm+dRnqyPp1/NWnYJTKrbdM61VzuMlNFtxKn d6eZqj94N0BQxvTn++F229TILgz404kJSvKGZc4af6aE18v4VMe95pYdiD8vle5E mLbAo/5jMu6EnlVz//U+0AiCa1oZlBUNXweK6PNHSAUKF7RY1d3eMBqVDaIiYJJf dKkMtK2bGUsrTMbWhA2l0p8q0Iz7LNpCjXBYzDevLdWzn4vZq4obaja3x/YOe8jT iqxC4CZ6drM4eHKRjgHjTqnxKXZF3/++w3JpdNnUYe19nCQTCid3DLQKYtrmuoSJ SsJJKFqkEC/lnI4Hopo4MQG1KDgaHBps06IVvAm9TFzd4IErtQSjgRYZkp4i+SfU TLYzVQP/Up96jphXuQGmv9veks7oNiFATyGzsUB/iCW7ysoNpcHN7vrXv4+3KyDZ 1d82+dqbYTk7HiFgAt9UtKoNRazBLF2E5xcax8TjEHsLNAN9nX4hwIjgyJMqgXcR 9H+v3WHYsgyCHHGxE15b9/PLwuBDiYAKOQHCjHqujotRSpWqmiFP7D/QQUCGvsEg RhtyC8KjJNtFmd/4PVGbct1mTEyMuk1Phxg/+uj+iEr8cHmdKvL6aT0VQ4dp11E2 jCzdqos0uW0ssSBJHfWDG9Y3NtZz+AeToty53LZGT1gYWHIWSjIMHoQSFcp/9UEp rzoT8YxaNUjXs3IKzvfwDdtdVm2hmukVZaRcp0qMNAlZNnbznq0u7Pw8jeBSc36g HhsPJUgWLzlW5xr/BpduJwrmxFz100MXZKV9FFJXVXM0UMJ2P2FrZRqnaPAifmS6 l2GBGfBcgTv0b3cAussB+lEjaeZuqQMwThMuKotaWY5UKqhvSKJIp07NOBS5kQQ6 8SoXh5ekYcesMwVTzx4btEEJw0VgKFli4S+eFAtOy9tcBv4A9aIzdYZ8blIMAg4p 5+uVv++0G7OuS2FB1x7ANX1gsXG2HJ+IbwfUTmpn7XsI8e/dNe9P+F2h28390So2 Yp8YdobE4Kw/G2E9VQ9mvRK3BLs4nTcyYouHzcz41GoVQkB7MQrW4iiVY14BBCSW TLVklqRXNQsw5yN67YRGmmFPGnIvsOzswlGOwzBu15sHXTFCN7p1jEkI2udfdoWe j1Z/RgMOvLOV5H1Han0Kxsqx8IPcw7szf4Ccd1JGKHEVPkD0Vviga9oD6dC/vftu nxM7l8ResIQuLIxTpgL6p1ZUxbGhsShurTdHb9fuPDaSv4SBeYXV+mWyNSA1ydv4 6sjVDSUCPiTm/fmq6XFHQwi8DC839RkrEls/YpHKJ2xuhSr+FvqMkh8UVuFyxMiv OXnbBkHLAd9jnRjy6TgSU8EafYg7pAmqcBcyVmrz1WYATaIodA84xeCctSpT34Du +z6lsLddbwkgK/SyFKLjrSPNmoeJjHtRe+LL0yO9ZbbR6YunaGnKIEWS1CSBVVNR Gillmor, et al. Expires 16 March 2024 [Page 156] Internet-Draft Cryptographic MIME Header Protection September 2023 fV8Fb6XAMHPbH/xVSBqy+slqT4IbcLlBAytHkgNzCYgUKx8RQLFUbiEcrN0TMbBt OKQUvQHoJXY8pbwHRgPCgUyNQwLEYdVuJBnWt4bUOg6hcsLfM0tfhvxSMgWF4phh ZOwP9rq/8LRik9zw59PF6rIxFuZ3WtXfRcLMGDq/hLJ/VNN7eCqQyTO/DIzPM2cO EBOP04JVcYqcTy9FuaiJNE45+lBotjA1HdDwTPWyWFv8foLSwwgG8clN7Z6LiOT3 PoBIBvNhT2McZ/GhOMXMr12T7I3zHtpvh3XecfmOlGsNijZU3yxcygRkisHDbNTn fAYo1U1TdgtTvqy/XuWFOdK/+/t7sT4owjrLHYXeeZgTszYqL0gZdTJh7vhZ7nnN p70NLf0bi+eIUbCHhy6rTawucjnxOoc0SI7q64GU2dHSlNYb/7wNSAm2DjcobNrq iIVyWNd9g6a8JQOMBfBQtrbGGwfDfcCiFW63V+2KGWS+Wghq5mB+aXWocUoRgv02 yrQNuRUwSZbjTDgNsSE+5aCLCVIppoKwGU+LY5oNXfE7NTERx7zKfgv1G2y9df5p 2rSimOUEgLFJO7r74BzcTysTOpqF1PsRYZgxiwGHFgyKqP8YlvZLeMkdDYwUtu9v Rlfru/e137/rlvlEKPfGoKPVTwsM0S6Ur95AZSr9O/chy1xSp2wLaoaTY20crx3H G7DDYH+Ldx6fWw1T6oJzNYq3Y5Oxfir22F3QVwsXs1WhrQhjHs5qgG1ucSJ8kh4V nCW8kkdrvAs7H5wuTmxR9hatO73vnpBNWOoAmWO2kLLuVs8y/2KLPPjpRP/u8ol4 o7rHFsestbznvbcPaoAtKFsEyUbMJewR3ApTuR2pubpZ95cdJqtc1ZHYyPl83W+5 zbyNqwmmcDQXvTocOqYh1TpxS0UjXwHgSCxjKbq1kiR9YqCiMR8ZlTm0oCm0LV09 xm/sArkY7g5NDZdLIpjTxlBtwSWe9KDuTHWv+58CDPeXyDz/429g9A6TzJ9mqS+S WtmU9uh1pxs7yqlYAWSDUPY+uCAO2DFett6tO6RqUbmXEYail3Z4wc8qdzgkf5+R TGlnB9lDIN81rUmhGGGpWuhHKQ7YC+n3hijDWNyUbbhSYQGXZgzOz/p5eO8GAvZP wbf76FgkjFBKykXx15lPQn6WJHRlS1KjjgJepf2jf5zBt35mSW82ngOrv0R1Ey5o WafAkxvdx3Ouoax5IAdb7/gl5Po6fvsFQ71GFTY2/skYJMIltZa32M/4qPkdIIa0 urUs7R42M/46LASI4+e08inNtun0we42AWlqYDwuFPfxE3ZIZVzkc7+26Lj0oGGK QrViXejF2czzJowh9FQDHMZ9DQZOrksGev147v+vfnRULMWkCGEUEbuunDFJiO2J cL2wtqrf4H67YJ5lwkn95OLoCqHu34eXz24jMjVyVDBMJS9wH/jIfk+7Yn8Llbab Fv7AMxx+iOePwwF2ZNTIXLvwRqgtN7FpbOtCkoQZkDILEjLS22bCOzGt6eCwOv+I KoP9nl6KjEutLUmU133RWyW8BcyImgDUzaVo8CsjarznJLFizNYS/lwWSIzj0Eyb ZnlZ+f7AAqwM+hE96lOhALUhReVYQfyxwAMxN1Ik1cmuFsuG2gFgRr0CaYCQOYff RyphlYLKlxMyuEM9b4UCZlCIfFXwDnjx1ukJjVXuujVWE01DVsA4pSzIupCiq9Y6 pA2ywyaD2nS8vLvrydpG3elvkXaSp8wTJzJgOxJ7McPtZWNnaRt7Vb203hn318R7 Qe5NiZwmBFtSdSCIeEvmZ4l2ewKSc6wDaJJyvK6C6/0ism2cyU6n2bmESxt0oD4L gYSfQa6yhoks9O0Q+vmALnw3ocupHg4CkI6+9Y3eLsx8U2NqAYVnWSuFxQ/E/tuc 7fAcsJouG/u38MSE4eB+4Yrfn4Nh7trE87HrwtOZPn8fWosPY1g0Qn1k6vg4IxY7 d0iFtCJmjnsxa339pl28C1EmOi0Z0wcwHJKrMh9Axzk/pQtYP2Vl/ggMh+lBE+It PV/Et9pjlzsPBNvKOu2C0t1jQMo5TsEGX/fg1IVYNcobDxls1tWWu7xWkREUOQmu Oz4jWzU61G4Oo8VOeYquV68onBYIWCxsiZMTdwpPkxK3rtc+LIdFByDac7QPWJ1F NXNsr/9pF3viYyD3wcmKng4X5gtC/adM3OJUkAacrH4nPEjtCSPKLceeJFVlZchq yeZsZJBE6X2CvIcUIIRGrSIaFHOPvzwlk8jgN/2FDKNvFhVxtB0KNasckImhZGUY TF2oWkq1IVQQeZzCZezX5yqaq9G7RmiegBL8k6/CJaQs1VJ2t+gc17Wb3JR3uatx ukfZE//8iOWuFvJXDiKgkLryJev4v6e39nmF/myEKjmM1YLG3WnE2lrCKkwkZVq6 HJqJ7sflZ+zzeBPQTFsaccuOPxF8wpXFzNNTNA/a2W+gjbSXZQTJkIVujtaE9wNz /TnybvsgGsTi0tGMAJXfCJL+yTp/EnRDM0F9Gdt98p1c5Jay9N6tNyMitxCo2QQZ vjp0SBc8y0QUef09TUDnwQCb9M/aw3J2f4HtzLjdyPFRKAVLBvwEp2J+IZ9hpBPS 03yftnWko5nBKAzK2NVlsWjiq/A6Pgev4XOi8HRsJvZzVDuDLioeStB52XguORr7 qVbMYwUg+BcSwPLrVH3wLoRq2UV7cXvB6WomYNh3/Iv1DLdrVhhVd++P8jznG22W F8l7vfIuSOgzzM9PYWyLDfYEh9XiKiJAWpDr4QKx/K41rRIc/+UNNhnbLR4QK/Zb Y6JIyh6H8ZWq8es8aaWKYE9PhL06gMGZyf7gw0jHZLo/5GyI+tAhPMIDdeT/aHRs klisHJ67A8WsNrHWXft7jNTKnVm310XIR9tAv5TTWYXntA0ZO87f0YEwrywYKNHf w5icQ1Up0wWRjNATgW4887N2yKqPdLNgxHaMdYxn0eKKvbhkJNadA4A+vGKcnVYm I5ZdUp+AHaVArDf4oH8xmrP8o9Ty9e7boxLZGzBHTif3UzuAvD5B5rZNnJVSZ56W Gillmor, et al. Expires 16 March 2024 [Page 157] Internet-Draft Cryptographic MIME Header Protection September 2023 VXoz6LxuD/NMGElVUptqxCr6miaxeHC4Lc2CV+5FxGKTy0Jpi6098crFfngKr7Tv WEgWHbsjb3JdKT3rarCoxxxC0ccqI5hlJJ55UvCn1rZAVxBla4z4eG/UlIfmy3iR 76kNbWNqrG1T5rr7OwtxqhxBSrTRXC0AW6j1HM9YkvVcqoKgS/Mj7+hDVUdq1BtW /DEyeBgAeQTekmMj1N0eclRqMmP2VhPjgKvXdsHvi5HRVI/sLELkBXfnZIIyiVR8 4EM9sJyJWrB7zrK/ZSjR8eY/xYi36iS24GKufZKkIg+q7+P4lSBN9xGp998DzT6g /31E9y/7n1Zb8sQZtN6wa2KV0Aov1t9YWPkQ1xdouaTp4MCJwPpPbD/vXrgXwcdM fX05EGSuyqyyU7CDEG88P/xyBikToGRygfNKjagD4Yw9PW/1KswtjaFFIqtIPh3B IeILYznxYvIp+FKAyFESPJioM9cI2/ge5u/SyVNK3PZ5rfkZmX5EjNdbDUGmQBCA XjYgyEEjAfVptQ/rqdnkedOXnkdmsk7I6xX3QkM9jnhcNgzGWXsFwa9smwXubWfL eW89gdes3PFXps5gn+VZNr3POJnvcd74q8cVuGDvCat8B1AdEeTDsX7BtEvMd/9+ EfqJ+pQIhbvU6NIy6+9suDFhzJIpncPMZ1oLAC+bdqjmRM5eg/7okLMlFXDZtqzs zAX94ijUP+6IwzISHWlmoMc1vZ4zA6Z3HfFtdY+uAA5rRutmqtejv5FsKWENpq4D fW2IFljoOOBkq7AAKds13kFR3UmG5Cw016+EQ1mUPYIpaZyD9SPxlXZ7djtRE8OV aOdilENelpwX3WGUY6rQo57iKWa+7hMw/rkdFxC5Op6wyGyazUKSk0QDlS/7MR9q R3kKRrdSaVq7X6pRXsJJQsGQd2zjFXBM09i+ClRgjBWWP+8eSdhBk0xEoVyiHuM3 3ieTp/uPStDzz1UJZVYrd2rtF/VHVA+M17mrIkgA2eofShiezCw3JhIV2GN0cnI4 kfNo4wKuH0lsJVu+CYWw1gEaoH+nB2//H9R+fxZ/Luh/fakxB1KfIFe96YIVfc9m AW6XsEVfnQqhTWuCU4evFM7m0pjZS3MH4eL+usAB47MpFZqCPFJTMA12KxxOaAuk AaHg7cmiCtpQGMdlY+YUNBac4d47szdRhvDnGRyJpGwCYiJRQp3DZKvtwoodJKW3 YW3K/MTdnDRPwuGhVKb2AwcPwSC7kw0azROvVY0nTH0tRkOkNBWhtXhHYORaxSZR 0hUAe6X28GGPaObt3cvduQJDW/eEbG6z5x1bvCvim9qhj8ahoWm2eLoSgmeJLa9X p6L5JFGTLVaC9L0nIJraVcr70RGEN7DhubGufRQe2AViaJ7DNRUuNmbIOVumP1Q3 gnta0wo8bhUTEpZDLRJQWfbZxtwi2hXgzEqMNZS52yFAexyRvqZN+0rVVAAKbV6/ aJ/nwEK3jIApSCvgUOu+BzHGp6Xq3xcCcA9gRWWYbxuXWmgPgcRNiFU1Mg/HrEiy y8YWqwF4FwzmZ9sJGQVHkJSzIbxa89JGX7QpjhPov70b4wD/JU8vBgXDHDHkR1vK aEqRdFbcv2G5i4hTl7y5pxXYvJaLM7BnGDBvo3bbQhHYtBqlC2VkHexvUpmLRVR2 nTcexYO0MssxeYPvSaLQCWO2NZ+0LwFKx/0wXA3zcUsQnRQmghHsjessCCsBXEng wpJcU2qCG1G1Nkz3dnAeTyzNI/h8hpauW07yZA4tas5l7z6j5vSSwMD4m1XHKBPc MHQxE+GaHiMZe2FxtA5GQgkggstNxn3W8UcCNqSDkPKUNmHzPKlKL7MvM6g5Hidz HGKj7NY/LzSQftcu5h31i2YfA1ImptcUVZVhOf8T/halWo9Gp3F9+6TUvhvP9dVP T33eCEPxBkz3RwUZSEmZXRuJbh3SSiFtFwn5RA9p8XZai/wurfOZsp55ma7r0M3C 2fomu+tcQ4BZJzMRRWvzHd084jIrY6gHcWK7PpelEgWDFSIcU/istOXimAxATUBY k8RXxpbTVu7csDQBFsKEbdqsCy9QKwjOGObJYThkAvTfVFDutEiT6VlTN9kVIpQE L8qjyRLqEAnBssW7z4JE+qINP/BDb1TM7lK1lSH86e4U8I/DzEA5OAx8ujATeVmN Fqz/blzI5ggbe6R0pFtRD4sGPn0azCNyM1ks47czVaSjI3cEN+yU7GBXfAWriRcb 2sQs7tzqmILnTXfytItquZTBPvsOIIM4TGIzzQ3yLdIp01nzzBZ7zWeYNZFbesTw /r/tl+q/aU4an5q3sgw1mN7ZEjp2+bc62mRJ/cC90mVJvXpPfG/wuzWdOBi680Na DUGS2zNJPDLnLwQZKaN8HcB6FiXhMNrVIF4bgPoPoiRoAiU/psIaa26CKdso51Jp y9DdzQLMM/7PZT1w9uRk6lWBHGnUJXqGJMoZpJVblhFAKUZwUa6MREZMBqNbYszH e/YMYKXibjeYXgEA8ln+Pw== Gillmor, et al. Expires 16 March 2024 [Page 158] Internet-Draft Cryptographic MIME Header Protection September 2023 B.3.20. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9925 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6342 bytes ⇩ (unwraps to) └┬╴multipart/mixed 2009 bytes ├┬╴multipart/alternative 1148 bytes │├─╴text/plain 393 bytes │└─╴text/html 488 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:15:02 -0500 User-Agent: Sample MUA Version 1.0 In-Reply-To: References: MIIcnAYJKoZIhvcNAQcDoIIcjTCCHIkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBADE6mU323yt3WjthHoiqYZZ7xRs0RSluUkr5 I1v1OlSNq5YQ95dD5vNuhMvjt/EtfgCJ7AO3aJNaldxCo/jIwbq5I6odTQZ7aEWN BkZ1KMHtu+gDoczq+jPyGvpYXl4x4yUtSwbp0I8nm2VMoYvNY9nBaqaXuraOLnGE VeqcJ0lh+hkyb0rcx9cxLk92xMk71/HQK4lYD2uMSnec26UemFmvSbijnBoJqqhi wDG/iUN6/7yO5UYnku7+66Ub9Jj4pdtjMXAyF7LvVBNcQ4L+aXMFJQQTJ0K6Rfh7 bgogVv/ijZtSRmB6jKJZ0wHruSgKIGFi3GdUhFxf7URV+Xc6/QUwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh Gillmor, et al. Expires 16 March 2024 [Page 159] Internet-Draft Cryptographic MIME Header Protection September 2023 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAc8xsqG6RvJzmyeWC4l7tECW7 cLRsPjr0ZP+NZ9j5BjhHOOA8KUh8deF6zC99DixeMVHxTWgYETK/yAKR6VASWglZ jT/PXeV3uwjFKFj+VfMzJ7OZmToXAJN5d1PzYeWeLjN7qRxo0/DvyjmvNcfwXI1/ uwiTkdmokX8dyMk93E5Y1wwQ3fKQMiRIt4gngU8r4+qMZzpy7oPWQ72EukdIySkv wga+KasO7PeTLj8KS/dQ7DxQ7BLMjVF+1zbQ1vTujOPQmQ13u7+sNe7YbsIpMEmN R9CHHVfml2QdRm7KQhKJ0TMC2YeW/alCrLGnJ9eK9QzlBfcUtJn9hWVsivj9fTCC GW4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBQNnirHKPkL4TpSNOfBt7iAghlA yX9nf2uy06ybPSZFJaD/uxbWjJNQfItZY7VyFAQBImHBg6MOT21WdzkvQA2njMSF xQx2zKxBaPtnRUKQCYyHaEygqrCT/cUcJx6nVSoEntZQcTTrgSiDL6TxHgSyp8O9 d+VfULsu82GGbdylE6wesW6wZxJUCuD1DJnfonJZUf/Zl2Lvif0ol2csXjaYpbTc 13GtrcWDVDg+uqb57moD6y1inulseA1viro9dBUT9mki6073hZAO99/kbDfgSdTU KJ9qIZ19sjifNaoDN5noumSWzUiUSjIT03RE/iATAyjnrhW9Mwzbe4PtxzfHJujE m5hgiQHyk1h5wv1Qi2vJ16joL8nSmU1871i92+x8S6dFBhpo9l8+mFSvWPCO+ZaS 4TPoqFfY27sAjL+s0h0mHE+AzkQ2aSK23uowh1vTyFxY4VANikyVIJWNW3ULA5Uv iNirhafgxPwS5p4xiymX2ymqM/t7V9//sePvuVDzQolEzO260iOlsFqTd0tun4Aj P3j0FrvkXv9BDEbq/alL1qkH7+9CyQtoRb0/hjCe+ZClWU9T6b4Z7bvsOsibnwPB koEXLPuPMzxQMe1Q4P5jOdcTukoDJMX5nVjhHbQwZ6P+SSaKRntO+uJcGnUCeyG/ MM3PHMzQOP3QcZUgpZxG1wxNQHmDlG8OnLS+VNWU5HQlaKg9xkgZi/ru7a0uPRLq GWI6EYurZRSBOfjdqi/dAwsYSAmekybCdBYPMDhNK3MnI2alBh6YQ2ML2KHDfLXm 9sHgMA/0CTP1AbVgp49G4QhjfPK5XMEKqTqoBXILeGxwMABWV/QntYrdcj4oShx9 wHz/47YxRSALjvS2ZBATEavEzkIVSm0Mhvjv8mSPjkDoth/UvMIeiIKavyqpZPJC b6NVrnkYhiINruDUheOU/N4pPr6yF7Q+DdoJfmgRmIry4G8vj5j/36GDqs21hllK rtNsC6A8hqBK1XvLobN+WSmVjolH9xjHbJ/TtAlb6DGPr4n5lsPx3vHU8pSc6vR6 Bz9OT7wm8UYvRdyRUWbl6jQW0FhO2jgsnKEXMuu+5JUR1J2els32hfPjBrr7B4px MYnh3O7OXTjyx/ES8tsOdukPqbFfBlLYbdvTNVjyvkJA1aek4+3o/XeC6Iuzuook EECWH+JSArJpgH7n75dnpmQTGRu/ZnhqhCHrXUnIsKIIXpThI0WOuzXCrufxz+2Z NtAjJhfrJCxK0+miSLeZv2bsxN8Fb5YKNNYpzTqH+6nFHqbZg1spkQMvDFuo3jP7 LYrcE0I/WwbcQE/xIC3QgtimfkPodf74l+2ZsNarHX2SB9ys3DoQZ1e0ryX7HeL4 WImseW9kY/89f4Hbya3Q1MoASes8pZcoxcGaQM0lDXVYwRszcpgD8OxMA5BY7z7T r38uATXNDwecqCb649/MYQMCvRX1OyUQvApPVY1hf9N7LKlawCJPMLPWEuHPEs3z cp9K+zVWmne3o7uZ/Rxo/YwQoLt5lBT991YtjZ8b2AWRAuzfLu8C+sugpE3WDBlk SdYxzACoUonQRa0QAPx4O9P7s/HKprk1JpzmciaNVV7qL0YVm1S3RPp9wI0HidgC CSKcHq33Qq23do2+mKU1eZ6QQIm8ZLwgGuAnqSz1wo/SGSGF7FuCURzVjSabITsa vYlb2Sey0OodZyFyjoc8suyDbv3qUDRusFck1yAbAJithEuzwh9slgVhP+QCLOGp ga4rgZgb/mVIUqfBuqzv20+IKfeE7Aj0ETpokFjW43Vaf688NhdPqtYVYle7aHpm VZWx5dRr1Cp/sV/82MuTgpI6fdxi6oOOoITeOB/xOYVaYROSPxG2g8d+gxI5fMUP isKIGVPdgfH/oyJ330J+rO8eH5bdwQ4ZLJx8VNNZ5DQeJ1deeG3g/KLDKDXaUi3c wmIRLwZ9ORAsirq3GQuVqgV0h5WRpxE9trhtLBUuuNyxC1lMcvwZPQUfWqNLImQ3 z/5kNguw/qmuzVcd0Zu66X/PiOyhIJINvlbrGtGQm5PVlZc80XAtxz/UjwZaf6yv +tukIzP8XHo1NSYi0I8qyro/DY3CUSdZZm0e0AbTSbX6GwDLvo4jqg2ZjJMI/aqa w+lbBrVSVvS8LsUGviRYCIjQTq4q7rGBS5DDcdO9YGjdLn8swV+kZQ+Q6HORy3FI CNq/9f9GLn8On1bKFLDmRR3eA0dCP/FcMa+20/tfhweawpFcw4RQEVt5qWxSTwRu 1lBghRZ1VMyvz/c8Jtk1bTavZcF96jliuqRnU3svEV60fiiTkvMemb5kReBnH1m0 F2rgLSsgdPzLZX7jNnvZlojlciEOVfqZU6ieS+yEfEDG5DKEZZ9bMUYVUUyM/PbI uVTl4NuNHc0VkNz5D68iICSXZFEugGH12xb812GRpU73qve+Vwe1CapVxrXCnOP0 MEYCu/ENIBTy/LTrfOE+kJPhWj56LZq2eJ7wTHwd/fx1Rjsvth/1qMLpWBbWWdPd IKcskR1SLU3VgYOoE4Ph1gaQpd4IjGFFfBbgypjmBUA7DlaQlBzwbHCpetKTWDcc Gillmor, et al. Expires 16 March 2024 [Page 160] Internet-Draft Cryptographic MIME Header Protection September 2023 3CeCEn7AuFzFIL5PdFRbWZzR+Yoqlz+Z15cznBEwyU37fwNWIpUrFPbRp7j3fh5e j44Zz4yHkCB4iIvszmOO+PGIVvQW2PIZB9JPsyQ7mzONb9S3qxD9VHs3+UCmTD91 IpJWdQBCcosDWgIGSsl+Xi8ty4rp/Q9ec5v4u3fOxqUX2s65N5eRwup2pfNwexyc H6qsqFVkP9Y/bth6PdrO8qYDxYAP5iwKvQqh7/5vaHdJGOdnm1zJuiajmYTXKjMu hOEssRlZdT2d/ivnZnSQyCKkKxSIUIIyWb+UrDoIe+GSUWtplaoVG8mTc3NfxBa2 wPyJ6lpIEkNQABO8OJPfj1QXvqBnr6fln365yIKoG9G8va0MDgjGFYHk8ZFfxO8t MgpPS+W5jlL56+i1qb8V3dixzZxTD8prgd/xBU+fn5559La9faudpl+U9TwJZJBm Q/WH4V8Ql2sd0qATT6XUccYu0CX524eGUh7bHELejrjO5EW2W9N9hBiNy1InsPbP UsCBCUujCF+VEe4oN1UuMqqbDOkVgd4d2AcPuhjfYpg7BJSwdxaTBtkJHXYTpvmG 7XhlPj9YCZio+mU9wmHwD8Fv3S/V01tBYrboQtFu9Z+q4hJ0sY+ZE5qtmOpb07lM TFq26vAwGAOFFtx3xvf9feM8yLL09PigGmKg15RwlVovasdEPajMy74UwhnMMaQl P8XQldV0YUIaGT1uvoMGs98gXJogJ+1WObrglKhFVsPl0wGyPEHfhnZ4HX+4IMvd wiolUltWUtdMY2rsgsz6Hp6Gc7+Dke3OzvVaL25RCwyHX1D9Nm1ohY/8dSTcr3/9 DtvBTypw9GZofsmErjJuig4UCUZe3llsLXzqxuaWlYd9qOUJaXugCNtmkctc8Xsa dXMfxAZc2igIMDDT0pVCufCm7DoA5zsnocDXWXTTf4Dza9Dk/EqyK4brFecXq/sE Fq5csMWmyHysJAjEswhBxPKz2oIvVhRSOLpPIdlvrg17i4UasneOxMptLRWMLC0K D6x6o9R74e5QydItuawdeQ7VaHcPdOcmJfKqW3RgOo4qyPUxUnnYYMmMTcH9p8/d FKJhhr11ECw6hp7g8IwFsYV04pqv0lgAN5wfwu1C/VRf2n9zA1m+lCfRCldfvbtk W7N0qD61af13Mt5HdcuTCUNNg7chnDPAMQ5PIl/x1slZtigWaAigxIGmVn9eAW2e YLv/ckPed6ovZlEnqw5qb3b+JBf80hVLjekgzYI5OE1kAiEs8fDhH9UIOGN2rv3o V7gn1Aux9h8mBJKvr4KvWu2fouP1cQXJ1X77Thdj3asxyd4q7UrnAhzLNWGXYS+h 0jwLb496fameKx7qovgnCEPp2TUbJunP9kk/aZloVgunNe+W6c74lw3X7a0a73oq LTdPZ/fNkWdpj6tEw2ufJ5Ez5TZ1RtNCdh9H+uk+tbiki61qmCSjwZ6wgZF0P9QA VkO6aMCl+8oXIsTbP8R5YRq8YTr+Tkft3WmUGRY9ssBweUJWJZCt4nMWMzzZ3M1E YOOhhZnreEVxo3Hn1RAF3VUGHrkrR2k47jF6lFI6GMvMZBqYW7vGeSOjZW/gfOoZ QGn2AFBLAMH8oCJoVBT6N2MMyIQxKBQrk2nQ09a4DbZeLn3IBJgiTYsv6w/Wrr0H qTGflN1O8OHaCcBGqRE7lx8OwKkltPOkYcQBITV6Ha+c0wT4xV4FY6SB+Q7wRh0z 5t2FuqHaoIjvLnGPip/93GEnpFiS3qDoROFiN3xDkOM60CENAd1Bh+h4ajDm7eTa b8wqsBqU9X2j1LOJYepG81MadrDvMvYnEPqJ7zPY0MZYfL5pRKA78+DHdeYuCikJ ELq81GjJboHOI4ZLTH2smh3cBDcI5dqv0ZTo387037NnOKT3KEfimaP6cQbEWDmN L48gAVsGndEOQiea2j5nas7VszypAH4XlCZ/AYgQP80IzKZp888D4tMTw/lx8be5 EMU96NzWvJciyw5aQ33c1qJrF5UB7JJINYhQ3b3iVrPWScv3GqHYrgZrNO4Mvbq4 jS9wFUMGc1oAbd5p5RnJ5ewZxOJDncuhAG9GejZbJ87Dgd2IP0dqn9DtHVjuVb0E XzuNNxhuBpKk+dwTDRQ6vNdC10fQg1lyZiiwzahsR9bqHtpbWQD7+8MGS6Kh1Yg7 r4uc+MNjuJvc9pMLAilzq1ejKb9JZcWa3v1Yxlf+8AmF80ZaDgiLKKxEb1oQlhIt WYd5b8S75fGrQugw0up4268p/X97GKLmkJQz5YeSSEKRA9ycHpxB84nmFd9hMFNX U4m91cwpxSkrkf9pDGaZJ9R6kYigj1tvlDuNtGHxLDJXELHr9IVP8shWsQwQUipT wZ0sBWwNpp14/OlIvbfErvBe/pCUPMiQhjLsgFEKcCLt2hs0iWW8yfTcCTEKS8m3 7aNOZJjkjKvm4/KYO2kvqx4sXt85fXxfCbrGWUFGGXgugklcKo9jMC2WzY/iEcsB 0pkzkOLLAlYxfPc2HWmIK3jz69hoQwYz0DAbwtQQoChb/bbueyM/gwJxUuor4BYP bWKXSfcdWDLBUFNK316JHb1nZ1VDxMz3Miqtc6vZrW9zfa0Gj6KRooDTd+TzprGc uzdj2WJKJusQcU4PK0SiPCF+hMpFzvcnH/8d5JwD9BhJTn8ITFL7zHc+ju5k0Vtu 2c/ascRhbbnm6roX/SeZzoDs4kcYzQioE4GaDxyuzfbEbNt0We5I0pzdiV/lpd9Y NqdrIRm1D1NjuBpDQSZGkEwCtd3y0RuYpR1LcQg1HI6hvhu5Ov6r3cBMXsQPycOn mvjzTOZb4uv3Hd6uck1fGIqarFfhfoLPuqIvwVXJZJXFxkPEi77GbaVGcRHCGZC5 aMn+VjvRJSiAs0IESspjH/bQTIjP2hnrqQoYsd33v9dre4enTrOgzRQyo1GXE0FO MsNT1r7QThBw4LdjPV1h1IchoebmOAixwh+HY9ahXkUoPl84z2d6P31ruUpbd40p l8i3THpExutzeAPfQfsOhU7K6USyHT8M1a7NacGVqRISBGbMVg3QZEj/b49c5h+M Gillmor, et al. Expires 16 March 2024 [Page 161] Internet-Draft Cryptographic MIME Header Protection September 2023 ymml2xXYejmQFVGLiM+3FnwAX9o+k93MZdICMi3UQHCVFdCb7fRqxrzrRLagLuXI oW/M8CD1CLem2/wMINJwzpITtFRRZzB+op4ghtnLuIeOCIOtdRIrBTpOK5XQY+U0 fSmY1FfQ+FEBlyh4UNwarnSBdaTtAs6jyXzkDqtU6FYL9PxqilbTruI9Mk+7zOXe p9N3hHMZwNvN40PnzQgN2Bw4clcbbqPHhozVfmbWsAFINw15FrrFzyAgeBfF1hQU k3D/Rdq6H/07XDqshc1fjgZZmev78S9Oj4cNC0lxnxihU3/KA09fnBMHSYp4J1RN +Chdh6sIm6tObJgKEzm+e988A3AgFzcYKVWhTX2nJ7qlvx/zb5RqCD2vVaBhS3Vf 0S5HrkC5r19alwLbsL1LbGNw8dkcL5lnhufvb3zbqS9k0JejpJfs5JEM5bM9jcDr bQxz6W9YWClAHnHDNB6K5aZx4r0y17cO4QVbUSAzULYQnCfJ5qyUvJ8/j3f7eNRZ dmdj4Hkqda+Ct6tTJ/KPvefpL7Ci8QdiuSJN+P6pbO4s/9Z6PQjNnobj4StX+hA5 hxXc5dIQZ4Xdin8A8ujAbj0VjhbsBbu8bAIrfldPOfHbAG8onYF34gtzLLyC1o3g PWOpqGcmGZkXzxwN3N9YfPEZ+VZI24EEE191fKQKyz2UE2/FiCa4cGdtrDrrfw4Y RK9Eer1KY6nvqF01VzyeI1qxUv1ciTi7jd7Rpn+q92CGVkquO1PHOgMkBtWBiBHw ep3X/eZGdV5WWZm+qnaloOd/TxqiG9vymJkPzycrrxds7LgYlK5pLijT9fJUAyfL JCnVsFVx10YiUDmWmwSmRp59M4cTI+0hz5T7m8VIxB57bWmhkXEg79rQm/EczvoV zvO6tj4B5kFtxKKuAcYrgpZqdN1CQln0ae73eCdIZl6goNWty7N5wLaMhf6RsB+t m6Zga36Ka98a+y6J46ttp1tvpW7wWpUMsDN0LRRgdCflYQAWM78YTuK6Aob4DMlV kgeDqA0ESmLbgB0c/mah50uNEPQD+/X41i8jV51wj3LV0nxyyzf3ehne16jvMu1m Im+2vGokh9POvMPhIRJmPGt8QaoW7QyUDVo5G+n8t8WyHQBT8ZpCS1wg0MIuSMIZ eHP2dr1uSkiNIQ9fwnQRO0qQgL0K2iALtGCLE3BBYy1tKxDyv2K9jgxGvEkpOfsB CBajFmYED6+/Ox0wTnT2bHzzy7p49vqE+EkQRVH08z0jzLa7KNEAMoku+27oyWWO fPqiMZv6yoOkpG3LRgg9tHmPbCvqWIxZufAzZJuv4/W04+Kq2Zq4uicGtIQyx7Hy KyksxWIAVi18/bwt3MzjZTU3cav/kP2FLDos55ioXC0ZAC1dqqrMDZ/OqP5GsjZB WKJQpgi2L+zs0SiXbHdLmJTEDUQp4FsQSFE8HFlAAnHd/xx79VEOJPwubSWVXDda dfGweNmFhaqacc7LMFraCty6uAjFRGeBuRc4nlISbhfPbAr0AgOmUduGXh/QtmMs hpcs5QNGNWeuFMhKDimpGe530DpPXWZtf6ERioKuacZVCEzmBkmHLTz8K+zml5yf lHwx6n8s/hP95EsHZpQLl66mrWpIowCODCyHAgrtCqLMRtxO2f1O5KqCGPRXvxzm He6Tiq/O4Eiz2NrE1GsykFIkXaoB/uKNEXYU4MYG3hglCoPN4BdQrPhkwf03ApF4 aRZ7qbZzkiuKGAVMC8oFGWS26yIwoyxDP9OaLuzake3NLqVV/RwhDLAQtJDD9Qbc i0q+ACKRSlXxEKRLj8u/8zw+MAPE/zcVg+tiPH7dS9sfERMa0PKlfvWhfVVEiCAP 2j64xuWMAHgPMTleDsvLk/fvpVLfPo2qp/tC2ybmH+obUAgA3aD/repVvtH1BDLV x+r5pDZCpfTCgZKTYzSoWYCOfHw1L1DLbBe4lMUCSWPIQtOxLTTctv1qISuxMq0W 5JyRfNaZ5OXYgqIhUwpZckycThFt4q2IfJ3cS06rqgGu47kCVmFytVWLNSuczkhE PDBGhv6uMVk8r0vk+Ojf8wJh/wL5evIY77qXPUIyufVPfoWJhy85oVVnJFqbDwX0 eoDk1VYGvi+0yhe+gQKMmXWE6GsHHPhRfWDkNnAPPRJ8xQqqtVC4cIHZ3KOHofFr vYG8JnwCpdy2vkv4PtCLds+/jDIRLRvuCWD/HVk9Ove4eQH7Bjcs559eInQ+JSgd Tq60srKAY1feM1cm3XeVOlFJst1VGq+5DzD/XUIVjVzbEPMHKhgwZj/Dznt6AeK9 KNj8apWhYaYA4jt4wYA2tHyU3UuKvPEIr8+BOf7YLwDAWamXmlS/94454XUJHuHh DQ6loKR0cuX2BY6Ze7J/WVyyUQM/qt1Q3RlTQwd5Hb+3MG8kFvn9EW2vnkr41jLY AOzr+fMQyX5H4g/Vf6g/Ek6KmNAiNVgW7exsz7ZQXlraK0CExJkPDzo9Q1e++0qh O2XX2kr2FICjb5S8QoS80Z1Mwpcc+J8dAztfk+hLj+vN1t3gz2F2O/rB1XGXkVlK XAtfo7GngbrG5PnKE2Yh7x8nTYdOdmWXDRnrvfwgo+q4mxeCiJbiZW+gohm2iV9T FkwZ/AS7MDpR8pCDpvQfRyoTu68BmuVCuc/9VaiRz/icIg9jnLAYMyfCc5LhYUxy spUrMiLp33LvsTd2GhmNnMXh4mWnIZ0Hj3HnizJrRzBhOrA0V87w0wUcDUzWfdf/ UNFtOX4IzMcaSTDxAjDbDCkem+z6QugMYQ55x2FEmMLGjP0QsBZp9ESbpfJmqWJS Ak7nYxqVtdJzFWSlG2btA13H5i6yynX335T7tlEm1cAtVcraXRijWOWz7ZoLtgZ0 MzgK0bU8ViUqT1G3bmwP1qFyjM75X8AS2rx7olard3CV9l8zGppn9ljQHcW5LByi zYHKnN97GVhKnRExnsrTQIe6OrvtrkKtOoz0rPG0gSY= Gillmor, et al. Expires 16 March 2024 [Page 162] Internet-Draft Cryptographic MIME Header Protection September 2023 B.3.21. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_minimal (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 10510 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6766 bytes ⇩ (unwraps to) └┬╴multipart/mixed 2314 bytes ├┬╴multipart/alternative 1435 bytes │├─╴text/plain 487 bytes │└─╴text/html 639 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:16:02 -0500 User-Agent: Sample MUA Version 1.0 In-Reply-To: References: MIIeTAYJKoZIhvcNAQcDoIIePTCCHjkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAGR5655q11dQrEn1+qj1lo1Gr+bLsb6vwGIH YA/sZqZfUPrdFQZRoIqGr+mw9OFYhsaTjR+ZiK/19IZJUDSXOIqAN02kCRaLbe1R 822KrjNTYSKYNUI8mEMu1s8Mm/J3Rf6LDss3ZgcKKxDg5XqDtBG39VFTXgHVq5p5 xYKt88FM1CHe6oMOBVnCEKLu9aNm6iaQx/1IPGUYpQfEY1VEFHEyJeD9UenyYR+f O7UYzlXOk0l79OlIxspqqbRbehwsCVirzy9XfDzWFc1Al4GTtMp8n+7wm7BchMX/ 7S86+FiypOQFv/nHoeEgE5Z4Cfm/m464/q86fJ80tv4iTNQ7mGIwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh Gillmor, et al. Expires 16 March 2024 [Page 163] Internet-Draft Cryptographic MIME Header Protection September 2023 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAIK+kWhO1GQu8sKhJuZfl1zGB 7uDFNxt/SEB+I31lUgQJuK6BjfXoFhDy0j6Wwi5KFfCOGip5PdSd/UqLIdl0TJD9 R7/j4ZIVZL2WBKNY5aFEoiy4v6/RAXRYY7VNony/vSeH0ZTHyC2zC2mn5R4BU5Ry pcNTni458AedkjLZGhyh9qbf4XOBMWT7Se3P//h8a00rJsPpguLEr9eYk+SEmdor s/dvtN2Fa/c5sgf8Ha2j8zFEET0fe5727t3b4TPhLamne94RF2Ban2hYKyGthaOd E3slE24n/cJP9iUtz5FBFeL72Z87rQS6QKkRJUjyuutwsA2HzgqcRaizMRVhyzCC Gx4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIz0JLuCYpHS6PTGPdIo13qAghrw yOPDrc1OUUqt5eVulaxY+qP6Irw2lLxwF7HtbaDzcOiOv7rG7l22glmfKvUf3vYS k6c2jZYBxR/f4ngS0oTGiZaRnEbD75gEuKOpwlmQDOc8Yv/NqU1t8Iqx8fq75VaW 51SK+rw+BZ8AW/D+AIOKJxjqX89NFZaAkJEcohjAGTRz4wrUoLEpwFE5V6qzSqgF jJXm4SoDXH8ZAGmAlVyxxobZ5P04Agqn5CXxYkdLV5BoVhkzFizP6HtnKPdlmaMI Ct0AajBvWjdC+vZ11igU/txiyp9io4VLFUNQjROGzk5p9gFWwQ6tWIf3tpsqGU+n cqhiSLig6DvL8I0v4Tl5fYW8j09rOSiEIaBGRL6PsC4U6D5xeE7FosGOlK8HVxfq IIqoOFr4f7eq4+cRxuegtLn/podCkfmfKfMFb5Naqsarc5r/63GMSufptc5RKROZ 8ReYolOJzNzgYUUyMzerv2J6Qya6ybcVHBfLsK9j2XjGtfMG5MiXOHOb3gJEl5H8 yWsNtiew4FXhStzWLwFHWJjPwZEQExqJxMRRmlCfJroW3NqCE1S8AQCseTAb1jRm M9mVD78fG51p98iPe0JHYDrv3bsB0FaPhCaVhnxt5cdsqU42kblavmH6VPUqoygx QgKojyvQUllzyZ7udh/M70eWVag731BLa62h5zCQ8V3F9Jly8s6r67da9h09dq3K 5h3oxWUBcQh0rqKMWd23X1X2T5D46LoJAQIqOmb//askhoNr9BKL9y5K2gFQjI+T quMLP6ysZd+oszVbRtyNfKyFyJNmkS0s0NZ5FgeLLc5h3y/fOM0U559PZvET/fEP R89dIDTt4lCRrT7N90YESQ8N+e/hajahnQDS78VXlq6nnrIerI/WLXr8eKQIL0Fs Quw/A7YQ4DOytsxOLUENGRunIPBePzu/gF37Dd8lZdcviTIBToLylhIOPIMw2C0f vaqy+xwooSnwZNQMh+FifuBOOScbhHmHKUjaymT/Ybx+A/8saXRN+SfizVi8tLXb XI4faBkFoVbYvuQh4PYHogTz8W3UjWhyVtmCicL55kMk9TSksxu5SGn+PpIFovJF zuxSk0Xm+7it3gIisd++sZSRA2a/dYyFPOUnfOIBl5Nsq//H5sL7IYo9ynujUd2R AI1wtAyymPt/+stRjbSq31b39Ilb9A8rFyv2Dhi/p66Z6XLTSyM9gvCdBgxjvcp4 opNEUsriap5zFtvDC3YvPm1YaWo2jK94mDa/F7VmJ52R32NGrTPf3h1prs+ma+2c wJRT/P2gVip86VOxTb+KgJSEGbIHhdJ9+gFjTNq9y0dgwhLqvN3rWFwU8H/nTa3v ymRTNEi/CCxcKctLgSckRZ5mMCjEJMqtqF13tT5BdMtUSWd75Iqu/uambE1iJ1/i 9O3ZRB36f2uHGILpWfJTOyL4wsW3GqqteXmjBx6qyXhJ4pNc01y4HF0XIiWXKZEE 0dIY8Rpx9c0Tw056YP4qHXAc2t/jJqTM9M6hB8y7Pdnh5XIw4ltCc2qLXuZwKdqi uWHnMzCVmIykubDh87yZgzZb8BaWZbjYFnwXFsV+XgV7hiBGMBoQYRWFQQO5synd LzvG8WKcBdTDTawuwvz2riK4n0p0YVBNTnJZBXsvS3GG0Jhjto5c+pZ1rLmRAUnu eosO3ZOboZ6bZGt9goGHAydoIiOinUyMEtAEs9l0k334nCnTh79FZAd/aEInLupq dx2aNBzv0IdCPiERuWvMu6QLHQ7vyqoU7ibu0eLWcS/IhJsnMXLj//qxlCedax/5 rerO59X4kK33h4IY0Qlo9CF9Xs1CVhpVnVwuw9Hp3C5i/fTdq+yR3xdQ8CAJWJid UfZb/nIbU246OJAnRvNii7LFW4Wwywv6uDbC3zTeVR/KUJ4Zg2uIMcpLCUSVXK6U vTviCdljyuUxDoPjMPpf/s+4kCkR3ALqyZJMf6owMTBw8sQ6U3H75UNGertSkPEY A0sStLy/K5wtqoHbsANk8iUNFmlUdVh3yEAfzz1gNxuW8y7xCN4ihlaBF6UBJf3x PggNcA7802kUcJeAfQqC1k8WGodnaCy01XQA52xF45pdJ2HzGHRpKm2hqRYBjNOA 2kS/8eTiufFmqHvoaXVvNspEwNaH+aJrsk9Tm1Pk5m/lvjB3kYsGofuUp94MPYAv PG96GHJoPNs4/KRx8ECBQgjVruE9oZj062S4EeonEIQOipulAj6CXxYiQv5L1YO+ HOOgVlAKDa506Yf0rcQF1ys7IVDGokVScJqCEYzIOfubhrw413Y4Sl6ka+ZgLKq9 DLzuMXkNMqL7WqmkK4pLx2kHvLqqLP5XjynagJHWNm0zYO8JDgWHxjbQxmaoNf49 oIFXdzESzLnz3T+lK+OSyJjq32IJZbCWCzWcc8PX829b/KnO/a9VD/UCpMMz6E1E aSxE+ywyGo/gpW45d4ZRJxzWBTo0BVvhrUC6NYjseSoNLUorVmWbzkqpnfO92bfi L5Fu4YnKbh6VCxnEUOmAMaCzXIWOlLMg5Myep9JrNnVPb+PYKhQm9QwVpwhxKwsG Gillmor, et al. Expires 16 March 2024 [Page 164] Internet-Draft Cryptographic MIME Header Protection September 2023 +/MKZ0eOjMHd6jk9GZxNDV0VuCcmtiLPuBW9+AxcAxjU5h4GH9fmH1ZMJDsIBDaR qt/D1jTognJK26lx8KmQ7yI/zUAKzOlwALxBBnV3f26O0LQfqrA2MpTvdt0YKPCR brmXI8ROZjGX0H3HZ607P2NRum/9hJAQxl/ZR74gu7FpPUUIJjr3JEHQ3icNcS4h 9icI4wSS1oFngY3ONUdVH0tvCEYsMexrZo2rk7qasTFHoHTrbkjncbhw/dc0LXCX 79wCmue63UbkamFUz5827rDiRpEd7QwWg+RexkYeZ+b52Iloyti82ivolKeBKp+f vsF2Ni+mag0zUPrraO1g0QYmOklZiCm+GtYNp1t0ROT1Yhlcq0743B6qvRBkqSM5 wYqMR+zIVBbqK0Kme1+C9AfPF4K6vsGmJKnRPWHXdsEt0NzwGM06HhUhKXSKPYTN EKdsM2Et4dWFjHDYBiijVna47yQbHVCm0a/1l8tA7xQTETyZoDdxg8eoWS4NnYSM 0nUOny1bKIN+N7Qj4brWegRmOFDvxas9He/msMOoYNMVWXMoKc64UfLL4mRcq7fK YVY90E5YKanWsNDku0NSbK9zIlQTz9ASOuvohQniIPGBNGO/X9JAgIsg7hy5/z33 58b9JyBpufXxeCUP430eEm3HHQkNWk72BxsuBZKlNp28fdFgstOVsjDXFdmUpFtf 0jbiQ+GM+GwCCYkfX7mSV3kCAWdLHJLOCEVjlXZbhtK6y5o0G9YP81m5nQnqyvyM nG87JkhY1MpzPGKIKTxRHCPTKrGqxkVEIOVEmvZAqZ3fHXzM3cRvRYER6RB70KYU C0gvzTAgBr6W1OErYNKysjD+QG8FyfzbfYH/zXumG8jiiEqNKFU0YOAxoAKHIQYH a2Cz4Dzcbt9YdTf7V1FSFWWZspRivCGCmqsFD+pbz4Xc0REJf+fG6K4ytaIJFJqY fVkVe+Ecdt3oo7N+LL54jA2MBrbktXhpnHGmD3WAksG/JMorMTKpcKEM6JOou0AX q/TeKF1fUKP/6ig5fN4HwCHRwXxGNThBvFzg+gXUvZ8IddtYEqOpSqJ7z1PvD610 vqBFovrswn2E6hiLMgwS6n/P/o4HHbLXVBCca9w5sApMsnfAQK5DzLxKiUU3xUjP FIsFIVxWMJ0aCi9UulfTA5J7IOdCeo1dJ2j3BmAKfHsNcvN8MfuG3gHLX3w6n+Bi oXQVQqqD7plihfXccgxYk070CtCuxi8OMB0mWFvDm6BHWEJx6BNNoCOdpVFTiF36 g0Hb9aVIcO6pietUr45MgwlAGCB05Tj9VGOROnErdQZChEjOw7LsoZfNT1x5wAnz okTLIbvHcKKNUTz5Lb9WwEl5o1DRxmHfa8e0jYk8PrjDfJ5hSL2n/ug+SCb+w7dr hzFsIhhhAFPt5Ezv0vdad3LAG8aO8pgr+K+AbAtwth9Oa6ufLMMeUkR3AQrbTL4/ svQX+yVkQsbEp65SgN4h4g46ZJL1yY5i38yXi5a8nFusWbLH/gW5qHLCN6103FuZ NQP5L84K8HiBs7ykqVE0qdl+GsjtNKUND0LxV6IsAobLtcX4WoYUE8d2FnfY/I2a xII82SmhXgL2Chyymz6odQNf29zfBVY0NZS82NlJroHHMrwvI/ys5odtjNve9kT/ xKCjWAqj5X8rcnmch+kL24HNpFntNbddiPdfVcV3q5+Ma2V1A/ZH0BokPsjl5yrt CDFK3+4x5bRnFbNuMWUACVeORO0JlDHMWydG8jhqFv96lNsYnKrVQShJwjMWSifP I6VaR8kHo8ZJP93NNpXy7GnXeByF4hDTy+PDS97u1Zu2eXo9/5txg4Ted6ts2tVa L6nBR225Nne8tfasxOLnp4TyCOFbvAskPLQzFIAUv72Rh2iGxPq6S6300grFXD0J kiHNjwh+IxuZ+lp1GsK5oafrG+dAX09APDibR8X09iBhWtIJD9Rs7EsW1EX61/T8 y6kV5CGNSxbFjiYgkNWF28EdSy18ipmd6a1wczNJ/uqvfxef/Vn94KqwrHkOwuIq UwtXr2j/Xl8+0/RBVeLARpvILQM37pWKB9T7+/09QyAAEdyET375Zs0Hr9sYcSgf w/3vb9HX74/cAGQVtQz2qeqCr1cSgKBd8riVirakIvdgGI83DoIim/EcHD7rKh4B Uyb2Z0V5Mi70uncXn4MHsJwrpfiFZmgcXUfOKE35gNAqbTNi+m01z8bmQ+VO8qF8 Fj4hW8JJmfnLxwjfE/gh7RjYOYrQM+JEtY8PFY1x6A2iJ51TKsCOXFGO5oOObngv 01rRy8LFOLncR4f3syZhymcccrR6obIdqwdcz+l+zWDoLxoQsLQKrTqKnJez5GXC kRXQ4YNJ98Ly8M+wcAz5bZCeqoq3e5BCCB8Z4g+I0ryLKirnFvSbXxlQWCIqV7sG QDRFPve+moQkBjw9UfVdD2C+ofjPUZd8m87tlbKdxoz3lYSGVNy12b1McsNUtQRI Skyhri4OiIvcheXuaAEXZ4YCW787ABIyc54DLvlXSnb22Pr/OJGLSjGDLu/U7Fe8 3iE90fCDPsfUU6yAsfNLRr2LcZhNrw0F+siRcEHe/naDOuntYq3W3UB5Vji8k/bw 5kvLoTUEIEb/UJn05uHX2tco5qIqdTyR2WL8BCLekJdpvzg52M+e88BX4S4coJ+w MlgyXmG8TkSXT9GLGua+JEyE2qk5pG9dmhTO+K1CqKdrJX45N1CEh7C617sWC3rg rdc5CQFh2gYv10Z0WJ76wn+LA5gUTU7pvhgdeDCES3dTwyNHjCFYJedBH0jzFG4m oJrThIYxfMkPTBLa6htHIgutpdOG6GD9nP7mKimUXq1jP1iaJMHTaQkoRGYsvP7y 2O19eMvOQm6Ppm35lZOMpJnAO0UwHLMJJwH1WvTvhlvKjVKMWKscd79fybBk6XIt hFbWKRHQaVQ7YvPUDjYfuyAhnJt1016fRiRN1MApwTTHg3tVZE2QoTfkKfM4km9h +VQdyiUwkbpg5rfCVhQWI0+imqKFWoATjQm0+352eJB63jgvH7o9myg5RU+AK+6D Gillmor, et al. Expires 16 March 2024 [Page 165] Internet-Draft Cryptographic MIME Header Protection September 2023 ssSVGjhp9vgOC3KbGY81dHVhFjcWEApJ39REOxe4YkcCeaYTDMqhldlhzIUWNbPZ EdCnr1GaZlEGeMQeu+Q0mIBM60ur/Mwr712cwMtzmbasFiC8zARsbkZQZh8ujXep yMiWkXXGPKdYClal4pjoBmLrPaOXlrybD9K5mKZEOpbpDPGYzgE/C+tvPYCP8KpH MGmaHYUwWdLlIPI2YDOFL3WAW3fA8ugJUNdnYV7I2sRAOql9JOQZaYxeGby1VJZh EWRSybauamQJ7TUORdboivZOuJNoYKP0wJUIpEiK7ZgJR8pvP6HLEoSyXu8dgVTS gi39Nrfe34xH+TMpuDp7K2f1orTNMVe6WMryOonuTCln3KxD2nCXr5pT+AtUzmZm 4O1YzwDgIBlyNgSpxX9FML+mFqfT3mtfLm9Kt5YiF4/SXiEFi6Go9VV4xM/znwIg RlaORawjDtZ+CzPsRU9v8Dr78xHFhiAp0ohwrzmOVHGbZk4d9jtI8yHqLmPEpKHi mV8vvDNgBbzkpst2Z6ahBMa2hvOiI3JzE59PUXdg4GBQz20pieW6ghRaIyIVJVg7 Ot0cZ+wp+04X9pyUtKaEZMDfQMJO3F2Z/dvSP1538NsZieYj4PNuFlToGG3AbB6a Ccs3wK7TzG4bQtRnEUk5121U2zm5uxoUJTOrfS1iOKs5jGXN+mxow5H3D6QEGYgI nZbhB5BUuRoiAJe8uAbUnT4r7aSB/LFxV6NP4HaF0qJv2YCE5KdV2//2dHNgL47k pqL9CW53XRjr3xUnLO8+GjH5MWNfVwVLatSLBNgQrLSwk2IrbHjEHcECrN9Ctx76 P4/CkOcLqx7wSlFVu82Pm6UHQhb9Ke4K075tNRDAjIDJ5v88/zbsu641AyfVXxma ifHuNKgYhd9mklIEjXfTvJPouyI5a9FabSs7kK9S+awuENvyhSJ6PQ0+MC+J5eW0 yW5SJqcCIXSkIKNhUTdVLUmEgj1a7KRrbDjYF2u5GSa/sey7l92laHnoXWnC6W3/ rGt+BsbuJhf+MqZf24zVWUcFhMJW6t6a/jguD2QH7opt9d7NLvzLNNStARxR0NAQ 0hXx1dj3fk/6hrVO2IsuxPSAysG1TQhrwEuNsp8ff/cJhCjlXQ9JGoiWYP3+niaT ZrYoaTbPRA/N0ELG3Kmdsinzn8+EClAKsh8cy8EwtNdl4MGiZNr0tZVJ3Y1YPzFj wRr27iH7c1IzBfcK0V2oxvO/mEYhYxLffIUid5ph23QtSEa/4r2/m1HlLMD3ZlCx /6XOyeDx1bQBjnh0SEVoElS6ATwS14sGE/DrNdVhotrdDHEBv6u9vcOzob5o4us7 mWBGFo28ypruRWxRaQ++H3ysrW1GPZY7lOjLjm0BwRiMg4aY7LxbbzJU+tF3mRBm F5Brb0zRMKiniZtP5zKqIPTBIfvuymfQbrf8pEElVnSHgd8ZFWRUeBFgIFGHli3c VdL+n+tUTjXUXRSkGKgXc21AaS7sU3ziloPgi2mU0TsJY20F4kWznPtUFGn36zbm QM7sH18AFw+rskI6R9kO9vlBd/SqBMxPl6Egy0u+O92O3iNKbildpyiFSynhd4Yj oR0Tzr4KZf4KQlzyclbVgsrGNJKx0L6SmqYIchkwaP71VoZPdn+XYr37WSPM6U7l SkRkJMkxr++p8qqnY60BHXQW7u3ZBJgkSXuJk1zo1q/THVeNe/gDA99Qt2bC4YYZ JD/9naGv4a6hzT/oWXvCOLmcdp4iN9Q8Z7Oc7GrQDLq5GdBnIogVIIhCCUY3WBn0 XTlLv5tZMztOsIxYEA/UsxgtMU0C8kRX2PhYSWFFyRKiF+I1EwZ+7NjCDtRI+1+2 hIG6DvYiOxi3FBZtyZxkBaoggv5Ah3wOPf4URjdS7s6HjgvLdHMDJkuFL6q0dUsG fSn7+jRCAiJGkf/MCMBEHlbZQpnY1xT+LB93rguGV/PkoFFM5nZ0c9ZjPCVZ/ewv ItqkF2oXuidYmLd3STxoHlMF1P5/qNrucwYrAo/M7dJlWl2zMwE9Dr4+VJlOBZkw AUlSd14XGTI0Lfby+cCS6RhSMf8XqJ2d2hxUX1hNgOAizsVpl4HCTddKCuVfyp1z t/HlEZJnar4UsLIcWsgB7vYRMMMA0XAhIn4RMi3Y8HZga3/jLwHtGdPFYelfVwOc 6VVefVA+21vmXS4nKcOFgGWhLTQ/u+xhJMfY9mAzZSH5f74KK5FcNspC9/mOUQmv tDVcoIWIJdxoHVNWcSuSVW8+ISl+25wST0wShD3sKaTVhgFPuQGbej2wCgirZkPQ 82FCxLDkzhL+goh85EGV8FuxMoo6gb1krFTxDF7MGdEv6RwOyj0PxLEgG/ctyu0e Y46Peb435ScUFXTa5jU6yGOjHrzzjNN74wArI5FtFI5qgTDcd9DSwZFhl5Adbj8l TamIMutl3IE6n7v5kuTnqEAM2y4He5d0Vnv/Ms5+lal2LaPgwpykbz3WdScD1Kxc +oFUTNXGfsi9C6/DiWdAB7btcMmXVA0KaFPql1HtUAoP+qxrqwwL3aa3+rtC/wbX EqG9W+6U6eMBbPw/li++M1aiAWSq7e2Ny1T7i3wy1V1cpSSFhrn2EX10ISlVmPwn f9yzUwQ6yk3r5CaOXg+LmqWrebMnqXmYtHICGrzkk6c25sKY424S/d2ggJeCkUp7 MHhl2qWj0rUtei+DKx3SjkHXhct2O+t5E0zmaGQgGKL5C1HR8ODX/pmRH5qWILUs F1K8Uf+NP6Vwmf3sYpyWchMKWRm1AdDibSGfh1fMarEh9kpxEXuGdcvqxIXfWfHm ksitbzmnMzHhfXy6UtN6VTp5BfYma3rD9dgAQxmkgmGKhEkKnEu6RLq7MVXwh6Kq H63f1dMdx81Dphv6tcpD57BS2748MbIkGpVGekpwg/HQJb4YY9bPOPTpMKzrZ09w aWdf5qJ8NK638ZEpOYFxoq7lEAOjL5JrmRmhX9OuxyyIhbR89v1IfnCPnozN0s9D DRqTLEi63UbiVMfSYTJzO1Di0sFoQfMM14/8vqwh4NQU3blC9GcMf/hOQyezuKvx Gillmor, et al. Expires 16 March 2024 [Page 166] Internet-Draft Cryptographic MIME Header Protection September 2023 /UHnm64IeGuF2Q875R340q4T5xF/iQzMb6uBWAHCfVB3kDrETQ/nSGPu9qLWMkeG RkCBrotadhbkddytBqM9LaqIWPA2ROdr5W3PU0h6ZLUzh2hGRiF9pQ+wLj7lYmIX 5FXnT3n2KzCEVc6XHpU9c+6PAa2nYfIgcsli8I1yyxJERzDeIBNh7m2ihYHyFQ+1 GGkjF2pWvVIN2hB+KS961UAwm+1vvRN9wxl8YSpJ5T2BKNkg0pucDUYP7KYsiRd4 4TCHEqK0JeF3CzYYt9NvKHCulQMa49LARmcEndoKMS2975EqTpq0aP3TpnS/81Uc E94iZftUsFKhs0yttvYS/fw2OSp62hmT2JIab230p4jd2wpwP8GA1KHzWwjjbRjB F9vrhTYbWntat4k8AeEKj2ZjHJMOGmG3sSx33JcaBwWug69Pg7nEcxdP+GxbGyTZ fPCC/s5GOgxtUc+Xk/sv6wI7gbdlBYAQnBVs4wUVNMw= B.3.22. S/MIME Encrypted and Signed Reply Over a Complex Message, Wrapped Message With hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 10185 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6526 bytes ⇩ (unwraps to) └┬╴message/rfc822 inline 2198 bytes └┬╴multipart/mixed 2093 bytes ├┬╴multipart/alternative 1140 bytes │├─╴text/plain 379 bytes │└─╴text/html 477 bytes └─╴image/png inline 232 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <38a0b7ba-76e0-5351-93e9-f44877e20e6e@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 12:17:02 -0500 MIIdXAYJKoZIhvcNAQcDoIIdTTCCHUkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBABOfkRzWpe8+giahAB4aK4FyKBN6535VHc1c 4f+nf8otkhBtrdwQfFeOuErPGeHzRvmDmaMtJFf1J24hsbhV4RbQ+mbxJPxoqKT5 qOYSj218aZlRvM4E3Y5Cy8i6iFGDOKBVSc+RHv+UukIOs9MhLC3K/Tmf64MQKYL5 Gillmor, et al. Expires 16 March 2024 [Page 167] Internet-Draft Cryptographic MIME Header Protection September 2023 sGAepPWv36xSQR3VSrmioM5SuozXl892mtuk207bpPiTnXXs4LHCgZptWc85vq4S jtS2AKUMUQOcUvyOoK1qQsERyy5BfkXE9jkjB9O/ba/No5LUBnhfhyJpmnfEeU2F JB1dGcO7drxF3FQNHgvj49IJHYEXndC7L8LkDvL+vh3XSTvedLAwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAqPKO+X6DScUv9t34OnIzHRne LvUyO32lwpOwyvc6rFSLrBto/WGpAGS9NQBGFlk7roGzXH3BTMnzpF/sFj8rntQT jHHqm6Cqvam9gBlnyu5/tihN9eHBCjF8M6OYksj18TomW99tm3KADcoe3AvpEOEg 39AJIsiS8c+sayVKEG8gyeaDn/m6AK1AqeoWXJ4yZtVl3B5J/mC8Td9m1dPQe74r JuInHR5tM1DKLe8Lq79zs3SwcJgNZhKt9IH75ZxDTYEI7Bpqa2ZF4R31ElXrKR9A fRa+/fqrMjTKFm4/1jeqVD5owrjK9iv/T3caGpI8WwGUopeOqBaeyYeLkjo0GTCC Gi4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEP9IzMSducnaqC0xK5rxgoCAghoA ZXRVWTctm+0Vn4Pow0nRtA7FkfnVfUCkZNfwHuZPpjNFDLiFPRrl2UjvMLA20Wr5 8cISjkBlm/wWzoW0XAZStAlX2kvEluvdKTjS7ly/kexutYDc1f456v9+H+IQZkbI xTjniKhnD7NKlkkjvzRRcZ3D9MFfJMbS5ISvHL1055I+9vRzHJIbwExwL3ReRhHo lcjdrMRzs0sTsRYEFyf+xxQT7yCTfz6xglkzAfRq+kilCCMbcJCXZOH9lkv3HL6d oTWJ6RItWpALJQk34MlHJkHKU8yYnaIyKcDwu/b2wMgVhy3hcVzUIz1KoqUOfm5y gotJrpJOQqGqjfuBkzk7S/R30zLLlY0wAXbEhiJsCepYrINeYrizMB5rwGGS7wP0 JPGBRwWUkXjPTlzhAkGRwk8pmFaiBC5KzF3JJ/mXwNwCT4lfgu9MX4uqhpUUs/FK 16V+LjSonYGATec9K9405eSszRKTi3z8BYtlHI0ur/e/P/easCJcbO9zd3okONCC 83WKUaqw7VBLbxCkfVDYg3S1VmdpHXPnrFUqkn/NGAKTYhJS4Wdlq2rKF0FPiC1S 6qux09Kh+aYJYX8SjbcFDBFl+1UjmIBAhNMqzbUaYo1jtNIjxL5fqCP+Z6Wy4izt lg/zO3zVPP+ZGi7i0D5eBNYMBfHMZojJUSK+HqVvd80569khEGoQGwdm7SrjRLbf SKcPu93aAucALk8S5ur0xmR1nVbDpiu/VDYIgz4Vi4RFV4rjvU7aa4UV5rj4XJSS IpBM1GYJhZO29ZxPGC7e8Ji1sC1nYl7gnT8aMWeNKk4GN7ATWFZ0qoaENepGziUI yRr/ORn1umEmrTGjv3HZ7cbtovm0r58JtiUX/2CLaFAwfPjcp4GVfDqtosrKdUIy 9xk/rM0vJshXr0UoEhfuJa6yqiH8Fl/49UTCdDQgcKUEFkwza9OromsVngEFljzG AMTOPDVQRXcYc7DYaqzDiaIBXKYrt/zcdHpKeOYttHY707OKrzNEZTZ9y1q+k0jc F6XuXMHWWcFN+Ca64d45ABOyooyxgYWRwQGq0OKoWY6eVaub9b6O7eeTe7j8+HKb LPQCop80JFHFOFOhpGIaCWY0Oiv08tzFNbP5DNsktTd5ADOg9ZK7WqIhnIPzOG/A N32EEjnoMQIHVj9z0Vwthm02Ltnqw7buAj0B9gtua4ccM+taallZKHKBKIXdoAtr L+35BH2lJ+OFOhKnKG2nLooYdYPmsaApQboaGy0bEnu3FFICix9yn9ZbG1BD1IR4 GQthFIMiyxnkxSndAQCu6K4I8RGY3Tm45tlugAgvopmd2ze5SGnBWOVIG8/+LImJ mcP1JFMn0EUdkWG+ckNJE1Q86C7dVpOLAl7Kkp6QWBcjmN1+WQ76JdmTMEPox5dV cBY3xtbYLkOHHebwqmnbq6R5GGD3dB2mU+41JJHzOyx/gqco2Hb8MDhbOtx9sb8j zQlRc0NHrDzbrxRWZkuFlUPJq0OtxWqVOzqdII3eUHhV3gziuHW7k0XORJDqx2OR jm7+dve04VHmoKmCeeDU/iLcGlB4ukErq3b4s1uein7z59KFv5oQPY68zlPj40Jb J8bV/fL8vo7kEmsoDALXYSetTtQY9h1oZ1jymzcz7gJAu9JQmkq7f6G3rzhabNan el2tnTWLFJXOecpKtnOJzH8EzRWVZcelJKhgrUgzAwQeSazXXMCeRUDOe66EhMCT 0pBIzJKvuY0zs46nwzRdC/HxqfdX4aj80wMoKjxlB5rAdB9b9beZXiZXgdY7kupg 53UyKJOt7efeWiVrsrjk6quek6AuuZtgLbBHuRM8kIPtEil1cnGvZU19Z2igoNs+ F7U/Arn/COkl+OQmCCqLC2+nqf5UvpwSXsX+d3bZ7b2osYrGEU2iA3sW3ucJn11v Kf9thGwNgiqgGDkDhejtYUD2PVvmeBpsrkUK5BmHWlOu1hHvliL0KmZOg5xUCdLK wkUD2hntsMBoVw9A8KS22ZzIKm+3U3tUtrEcp6WG4kcK0EQH5rrEU5/m70+sbSOs TpXfe/0pOU4XounNi+K/LchIMe6VizL58vm450DW99JRKRvssJpjY1llXHVHr5uH joKs+9xTapfStY8WKwX/cd7J8B2yQfxU7iy0de6kGLfUZLgw0uur1xrbOzVkO4FR q5BWOWgFKX8GUC14SFKGbyxhQG1V2Up1o4UloLt7SNwA/Rd3Tcmxy9O4YDe0yHfL VM8JBR6dOBGhHvcYYjEd5+lITNFFkxLglq+MfFBi8eb0qfHzNexCShN2C0IRk/16 Gillmor, et al. Expires 16 March 2024 [Page 168] Internet-Draft Cryptographic MIME Header Protection September 2023 KX3OCOmrYZAusQXk/SlO/tdvUFaDwvmtiPBbuVaeTmiBIwMfLlqbkuphykeTSgWm dCU9uBNjhI0/95BexW7+ifLjVpksBbKiyAdHe6+lcnszoNrZWW5P9vzqoPLLUjR8 DDbmEeW3ud6QUGZ7V8qL6Q6cxBpSllDvqIp7Srf9ue0RTcmv39gIrhoEszybmhZS pMIInSaJhuYzYfXJS1rNMVIhms08DVO/6k7pm6QA7pMwAI8rntSEf9Z70Uzr5Wg1 eCSuOxHqL71pU49wNap8r3YYK2PuMUtGEzw+u9HBf+F86NyqDfhmVIEtl4Q35jQW /6gpJy+hibsPLpPi6ne8bnvkdNV3dxFoV0o/rD5aiQejLs0HvthxsMY7qpnV8LoU FW+fN154VyGg7znerTYHyoOlG7tmsxs/ejYaT0gG1rk2WE+9XAGpkZhapB1LUrCu Y3fF0CPaNfC5kYOy3oNAambJViYrZw5J2zjaL4wb0FRjE3dmpHU+M1ffRK86ke/S MGai7HW/uAVZA0QpUxUzxnN/zH1xHNISrgSTcFeYCnBcx1eMxoARVges7PPEYVKy QapYffxV2BKZag4215PkxQmppYwpO+gmCYg2fF/Ilu2PN42BmfTe40pPrWSejuDC CD3coLRnsgTydRsMIAB2XaApMepwEp6Bp6PyHU1BYRZBdqj+MuxVG2+MBfLYOSlR B4V6ZQ+AAlUFu++eOVC5umDr8oCisITepnc62S5eQKp/40iA+JUjD/SclWNrGGO4 Dy6/2MC05EgKhQxNB5TmUlq0Bn7/JZ0WI+zTBypsMzcHuiBHKylCAvB3FU+W6L0m XEuLZeokayYotg1J1fLOqZSZiX2RPfub2x3lEPer/NsXISfmfvaKa/2ZHPKQjmRW FC7447gHXyrU1SzBH4SHPAoplCZMAhA3N439zGM90brtlAq6XVeAxkiv1rOAhd40 BrAD7ScUBGhPPeKp5zY7p4HSe0hEYdIumVmKOKY6Jl6X7Lia1pj1us+Va7AEAhTv HWKDWr1ryafbj5ixrAxR0fKltFtqp84ywO9gUdf6Mam2nY/BFhktiyfmP4iBXDUD gAAciNotDXSVMwdA4rbCGDf3TdX+rJg4ny6mGNY57FljXK8SdnLpyhb0EEtyr/Ot 75LCcXgBPmPN6y69pRF85ezLeUMINmzmLUQqTVupRfU4rFA2NnEUnFtbpKp1AY/H pdKfuP6khZU/fCXRoogGeC2LkIsofCiIJA0hf3FShVH8z2hXhjsNRtx1aLUSFxee rYEG374iuRjwcPkZC6dxzrcSpWHfRwS9nsVLVvXFSkazr269OWfWiMDVUtm+XS1p YefZr/+SRGnRa4Xwj9F7b+CC7bHT+otFr3IAayy+RXVAifjHypRUpBVTpk64mp5H ux8FF/qhgbLjP1PN16ZB6LXVl/HD7dK7Gkqlsfu2GTmjpQwSFx/SMXbDv1bfiQT5 8tR/nY6ZvL46jp0BTxEgezwWX6+SvFaQc/AgMo1L5JdJIUCX3+QUOKE0hVP2PMaT GjVuRivkEyWzh6eKk9YJqdmB/oCptKFpdEOzh5yqgtPcmT6JQuJ6pJH7fA65E+i2 k9beHYlhd9pzcQiy5Tw7AcXsRX7SOQrdddg/ZK60kL9b6458jJLLTH1R57t89O69 qGiNl8bdrFenh9TiqpbwqTAcmLHIKU8Nc+zs9Wbk0eqeMLMpEU5R4TO8EI6ojrZt gN0hQw6jWCbA9a+plxiF2ShRYSaACdvUybC4hSfMH2fcG0s05cjchKvJbu8W8k09 tKedeNatpRXT3DJWAgKIHh/oWt0Lu3ulGCJxP1f7ip8E8l95wrnDFFfIx/0Plrjj vJpL7nmF1HoXqVLbTyreDAMLGBMYpXv1HH4ef5vrz1OA6r8jqoDwo0pcLQzzZC20 4rLCKSCgIC9+6Cy8cfD1tGkoMLb1BRM+8OFO7pUwpt3/B5fnMQ+WsHxOcVYbcs26 17zUgFWV4Aga3TpicWqc+EUAhYt7DEbQ3c773y08sRJFiHhacpBrI+7aDFJpbFkj SpCKzY5ReQxbdZiGcbxic1GGaUNQ/qFX28n/RvgIWgAOz7ytsme2pcEmp+jJLT9D JJ88hzFliK1qLGCRwj3iVjROpgnAjd/yPpwB8TNyoEc5UrDNOBoRlRX1djWQSkRF onCJ81DfXJOBNvttb0AABLwvqiA+jewXyRnD22gxx/m+uD/6jHJ+U587W/Yhr2Tg OKR2zhLxgz01Nc52ik8geeCH1KtvWaKWYsUg4CdINQTvtBhM0LtT76F0qW+AP0eO yrNlF3ZfynT67Leat25Zy8biHCLaO5ccNMG5SEfzugj1zGosW9w/g22cqZ4k3FUG uWagQYAZeaP7GZNGR+Mf2/x8YTkq2nUoeHt0Ehk3YQ8NMtgcE53T5Pa5op4sEQVZ Mr5+LscPIMKOP1Q35uNIkhYMXtZp8/VNuERa3UvMv53NjC3THU/TGjfO+Ye85wss sGmI68EltTkYDhB2GIdmd/CD68E6Y/u3xhShP9zDqBUh3hHHjJbFF8DYpA9ACBtl Ad4OVbllFXoAfY4ZtQ1UaOBgkAkXyQ4yROFNMpWhS3RbRUsez1ie1Sg8PKSLy1YE bbvvuQGkaYBIvNoJJhcdFc5ELqdz4F6vXHSljzMg0O7leyL6TSFs5nIjvXSa3MsF AFPGWuoKZAdjmwV3CbUgR7pzUJNBtJ1KlasPUd4sIAPKxP473AwUjYyfMX/2tWHt DQalwVph+pqad4n/GchKN3K4Pte6RTT7j2LG34+WOud0T+LILS7iVnw55PsP4P2a qh5Yt2Ed2/wSN+WnPBooJPIg35fhI4AiAocKjA9B01Rv85BaVi5UpyviB7YiZNxB sU7BCMYnMlSLqwQgL9HjaBlXzUNzPaU8zkzJVa+/qkah/61CkCp4FL7QNNnbcQgi sQW+C5Xi2QB5tDWNmRkRF9cwCwicpERhri/rQZqq/WV1BiDmbCEgujxfgOo4mCse 80XUNsOqfRz40UAMIPUyZwaDiLgl8jXjQ7JTyJ8SmOggvnC0CApua92rToZlM70m Gillmor, et al. Expires 16 March 2024 [Page 169] Internet-Draft Cryptographic MIME Header Protection September 2023 CPzt68j9JSfxpyrGqQpa2c5CP6qJi+eJGfUoLtmc25vt9sYilZTciekJmNDRMMyR 7zDppxLNGYuT5Ly4afWq30QOUsK/CsOxd8JNsZ5FFNbG7uh0996CxQjjFswah9KL 6Xp60mBNsYuD9ocaffelf2ShqF2KSJ/bkSeYcAIJ72mOl8EXPn+zKu5BDoanCRCt Y0A7rxp3N0Ga4T6JQNOrtN1w8mFfeUWSwi4PRYJFqDkb1VKvapN3oCovj3wqelwL K0p00yFDML9/SxrmbFjioKf1lKhIRV0IA6t2+n4wuJciyUY/lGQqnn6qQje1GtJm NpTAHHMgM7ejBJL6Zpmq6Nj4xnqiaoAuvd09GjqlKpfR38j5DW8BN1VfJ+0fPo0D nhLpYtWLA7cudQFWKBUNazW6YcfZeEzKExDdEab6CJ5bhzgbXEiw4Qde2snuVkZa MpqvXgCtKkT6Vvm8embkJrNWw3ge10MRZQHUoBnv7D+ai+CveXKEm2sBMLw+qN5p 93ZHIW9LDyeJn9Xc+nuZBzgKxoA5UXA7hkPfOt9BVgIOcaNlUeMtguYf1VjZdKCI LzXvK5Uz5ZKIUK0WuXmoZHXPcCFfH/3VSpME1LgRXxfWRi4pYyuxFFW0gRPNCizK MSHIUDYbyzdTPI7Ivp4I2vUTjLVuiQSjYKs4SFc0EKsP3jFxPQX1vDfu0sC2h2pm kV3Wl5903AEwsj7VXg5zUzLMJ+8Kkv6/dVvevpu8+mIpuBQ6nv6roYUl2QWeqPjh 18as6/TS919xm3ujanRQN7bxBJ8LBHUJPiuUe9iIj+2YqvlYQFj0GdKj1NTn4kSl KFTg1Q5tewpiCiHnDok48asnI1TDZQrcncQfi/bQmG0BUwZNij4v88DYhfQuxek7 hRWqcFqRziFxXInHI1+ABF0Vc1nwZeAiwwanRSgPlUzxMDRIkFWkmpnQC4NoDNaY ECsnUX34Ffh/0hx40cjbpVxpUcQuJpTiN9EIXtJs41DKbwk3wWe9VfQCjji1khsh X3KlX+lPY1/UvqHHfxHPaTPKNtrjYtWnASxLoVdF72olBWGSatd/QDCRy38oVNFl 9oV+WwH6ISalLQJugqrcO2uVyIzsiKwFnFR5zqb5N0MdYSu9hXZ+j7IvL+ixFSMh AKuGK1nNhKE91UfJq/rJojV2brpAa2PVuq5Kd1pY4MN6qEUY/UrocyPxV9cwpa5d IF/XPAfHFyBpXfV3lBiEOCvEpUc8TGNuIl97O0bifFTjPf8KolGp8X0Th6uGoj/b WWZyVRoOa8nx5W2q1abeKQlwaZoJee+HkLeuWqRklVb7kNsjVH6bJiX4zQErsyts Gyz1psT/kms1dHiclEFAUKvqYPm05t90d+sL9QoB7XxpM0mtsMtgC8n4XXdoCf7w iSsmnrQqIVPmGBKGUBimxvWyCN6mvWgi8ElgmBWtvdGlsPgAqr0nZrGs4gvd1wu1 Aw8mhxEE/brrjPs7o4BVl3Q24eAfr7ANJRQabPapOie4EWeXyUdaljkKsoLauboR s+CjiB3TdNdRv9zfSBJEocFnQ4MaMvdYXKDVZ6ayeYVkRPcBPlRCMpwHtr3KrBcH 1uHpRtsLV2SQcl6cn/EzQY5Lus6aGyB/KDSf+ONAuhv+BziNvh8ThGFB4L41xIYH 0nNdek9qtNOby1pJ+DAV/CSQRfdRrTMQuTKI+T5WqB8BVvvHCqQBP78YYz2Do3K3 2JjAVe03MdmMvDDMfDICdYmKt2Lc0p6oE60at1O51zB/WUvnGcPKTVuJHlCnTQls wI5QG7ALhT0MpoVmmJUstqgQElIeT1sQPKf1l3g6HpG1V+42V3Gp2Ne4oMGni7pr cssoAAMOeDMUJHObx2B87iWUUpKC6UnlaYFlgIixrbiqba4q4ZYrHdDxV6YWNNQR Dr1kw2XnPHdqRW7F0rvMCYITEP4Rc4DrzMhzTHI5Esp50K2657QkYinOWb07Ki65 fElI7MGkjkfc+ToLDUIz2J9irtdTCZSlQDIcgHISCHq7jfVYjdt73ffVhUS2Nsw7 dlL7RXl9TzmeyYTCpkqTsVsz1ncZruj0fUlj6m0RmFQynMmD9lzn8o5+HRbIfODy plaipknwoHZjhRYiHqooZo/0DOYHQXA+0vjkQqquJKz9rkDeannMedtBH2Uq0aFW jPT2PlEVsP59lVXjwWwo2jTjk6F9AOaSb0LW0cwYxJJ08Ev+/NWiD0WMEBwmoJ4m cLxub2XHm2XUdgiXz6EUYReMoMzBSKfehJAZ6rkUxV0i7ZYRLBi+nlRN0XIkTu+o 4UKMLReeTMcKW5yQ1x6e0aQcRxw39FLgcRjF8e+feny2rK9OGXUojgVU3+1LAj15 dQSi+dw+RqmvntcMqmeBhuEWf/KYbqvTiIRqMrPNnYE0CfRL+y0xS7QVv0GVr3YL WMOTTwJZ1wK+JDkrToS5UvoGolPNDzi+md3sYV93BYqbMvzXvzIGF1wq4+h8OwH6 0p7TMxaQK0nHVh36+FW0AZpWApF9NTDBMFXsUiWFENHs8wU13XBgwRBpDuoBqX0m AgLfBgtXspJq3Qv2qfX7/ltEhG3FP8pJT5iu95AKQD4zm5UaIxqpJLCIO0eagV4/ f26RrrdnNKJDpWuT6tkE7tD2bKg6d8HJXh7FthEODVu/47P1kS59flwTswKpUP5L Ye1gxEg+T+gzcvaoJK5Ymqo1bH5dCEfF4GhZddT8bGDJ3twRgUHir9mpqVtn3C/7 /ak9jF6gwK1MnJo2QD+OM57TmqhDIZfEvYRn1fiIaMte4As4msonmsSUlKG9i+uZ i5c0Q/1xIoUZ2AZGMGvYlGsAZomj7hxiEkfauxUESHU+BjrC6JiTzqt40oltn2YP q5FdnVsdCilp3vMwiH8K+vS570QDlU3Cd4qD9+Kv8UnFyJ5yc5wF8ryIcT+Dz+3G bRihn7DAjcklJohqpif/PnDzBQhUWkNc6Du/GE9llNGv6iEOJbRqeyli8WGMsJBj p2zTWxHy90xvXqpg9Jci9JDg/ZQOe58RS8hT1u129qRKPkupf+L1c6GZqomxZ4us Gillmor, et al. Expires 16 March 2024 [Page 170] Internet-Draft Cryptographic MIME Header Protection September 2023 h63bK4GMIjTOkYzWU5RrDm2Lo5EXizbVfUtKLgaZolxtVdPpbVNXcQNJXEPPjvrZ HxJUUu7gfacXyeJwqj4+9Mkh1FXZ4QEaueqe+ZwrwAXlS+cN5PNNAKcEmYXnjAD7 dDs75K+hx3/LtHe1lbmYPjG0WwyaWFV5Tpz84PSz7FR+tmFbjnalqwLxNBmCGDDp vClISYOwoWcJRmVxqZqTqWUqOAOggiz0VW1l+RO3z0TYbJLJsAci+AczKYRyzLGC W4LqUchjKmgzXr0Ul7ERgR9v6doa0p+ajGrPf1Ys+VJZE5Lb1hMO/E/nrFtjCIGS AAiD7/MLA5FRO0L72brj37aIXMrrZ9fWZMo5EwzRT+P7hzGMcICyH+l/52it05q5 K0r4TYYD3L9oTEpytBI7r3hmf6hr59aez9xbWhHaQYU= B.3.23. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 10140 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6502 bytes ⇩ (unwraps to) └┬╴multipart/mixed 2125 bytes ├┬╴multipart/alternative 1144 bytes │├─╴text/plain 391 bytes │└─╴text/html 486 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:18:02 -0500 MIIdPAYJKoZIhvcNAQcDoIIdLTCCHSkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAHw/91uDg1fJb003YLEnXot6ooUedmQUuwrV 0+AAMXpx+Ag22aGkQndo1Enr51SPudU674Rqcmd8GhOYv/SN7k2hJHcVJlNB1Bqk KBlndk8OZ3CmHiV04gDZUaH0CvHsXFS/SV2fixL4CuPjl/KolO1AFuOU336iRXTe cxiI6UL/n/feSVf0HNqSFgdnQs1/3pQIOA/33mSJBN9gLsZIohefKGYgzhjIO9EU T3PKk7A59hZhZiso1DMUSnuHOMRRHGbfPK1e9mMe3s/H8LXkqRXFeb9Dvme3R4pC Gillmor, et al. Expires 16 March 2024 [Page 171] Internet-Draft Cryptographic MIME Header Protection September 2023 GHEEsT4zJJqOTwYC2o1qn83v22k1Tych2daG/sMgDp+1nYV4KIQwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAPe52qnO+vt6h8MkYH5DP9GdZ UkyDSFBx4fkz1m1OivGHVrmeMAacHrU0EIthagq/gIoX3VL6+t0czMIm+l9svu3a tXUyCjDjOFS3gXmlwxg91rYWunzlMj7sMBRt3RjvZXUKhluL1kz3f10J77Y9GoG8 rDj+BnVM4GHuKknTTSaQDYsXnarJOFTLMHFTMefuAf4bSxn/WyNU720tNYG1M0/O pE+SZPEA+we615WjdMvjwsBZTlhQKxV8mFsAmsiukjWYAWHn5ZaPS0xA8W80NyEh GF68xjy1tYBwLExtii2NqD+4atl6aXj/odar1/FTLCG4fUJeBWH3/ea6keEr9DCC Gg4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGkoJQ9zwq8mv0aBdHyfuSKAghng Z6pgVbu/KHUwPthP3sxFazxNC2ZfrvCGWwuFAxAZQQr5D3WhHqUYWhWoMRP343rZ NjZzzBNA3KqDRoZ3Oj50M2ekjBb8d477Q2ytFz3wuC6+0jxFOl7y9OUQBZnlBI2z HdqO2YJhdmlaLKoRThsXHCdSzr1Jxlsp7fhkA83CcKAi7z3T890f4z8q7pu+AUvG v1MFYxQ+d63eZTucWXdjbbxgzN9iQGlP4kq21IeccX5Fr6gzwwoTRcQSxj/wyTRX pWjoVWfWedOoiMbAXsol20+idiam88MhdH0kSpxve/DAF51x14X7mMJJFogrsNao ebrrzg+hojwO9CMJvLFBNVlmy3EcdrFpeFsxUWKlXnc1UycAv5jNHkERmz5gK056 a1BQFGkD38VsiH028KT9uNbpInx1FNsvfJ0u1YMrA04kuYcOvbuBDnF/ha8Tdj+v d6No2bO5O+jf8OTBlIe1khM8jV/Cy3pYqixAm70gH+USuvVjvjLhBp/EJ2xWA/mv MbvbesuyVERZpnvoQlA3bayJAV3HyDZ1oJdmEM7/ynY6J1GpQaloTQcfvFbhUnYa ooV199V2kXAWIJ5cKEWFoLFHv3wgYQPK8lBpqxKlp4/ZqGpnjG6I7liFNxDc7mzU dNCK2fUu2XbSuXz1gz2XNML77LkD/0Bbv7clktiCQ6nNCd+Zhb2oeGO/WO1c1m/a 5ZFI3pW07vLNIAaOTQx1mBUOc7tvYi0PVmnj1k+6UshdT2MJyUagcz6yPRWJFtfg LaPNphyRVTYPCAoY7TmfBNoy9VssOAbbxq8JjJOL4aV7mS0J56BHzLUNH4GQMYso nEr6b75sRMoV1sYAinDf0fg2gAzWrdAOO6XjNQ6rdgrYbHPN7WqYhcstN+vTuGAP Ze42pN5L7ayKXKwrTIvHB2jliP5pKNat2jZ/MiLCzfzEvSgburwpYVqkk9t8ZvEE ICmsUK+vaF+GePy0LO3/G1bVBFPHGdFBTB3DAbo6R1hF+sys2/xR3Lc/8+mPJThO 3gAoMXTRRgBxF4pTgilTGF7JjYbSQybNZ8f4Yl3IOZ1uStTTXa0f85G0gYpTR3dI cCk+fTDU3UALldQEr8sBm/hdWxYJ6yL5kw34R84/vL7yZhs02z3rfVV1/WNfNF/i TX8Gl4PYT3IZo6AeSZ5Y01Z1/xx81D8t/azHhX+ln7LZVaZj2M/2/tqI22wWNjZb yiORjDSjeJ5TvyElqVIFXYw7dz8vK0GGzjDTx/OS50hlmVhJ1rfY/IWMrHNhSVAP H5vcjQ8duMhbPIWj1/w3bhOL6UWiI+X04lcElTeABE/ZLfgA09EoN4+kbXWGBJMM BYqWTsp8/tKqZQC1jWS6drh8v08jP7aMRNbLNcYS9ZG4fpMdTJ81onJgDeLdUks1 uSH1CpGop3XGbFvOHN1YS+m/ftSMRvfJUXKIixKHRLIhhclwaxKXWzvfn4Q4Tsli jKK8UeKOTXI2bdaNGkDGVW2Abo0YdiDqCe5v5lXHiPecPxoGvzU4TT3625sKlmfi 4f4X4f9X+E7e+6iSIf8bs5rJZDEnE7AwDLqGpupCYO618Oyuq/VDcnHFMCsgvvCJ yaBk9nRIYJfL7H0uJyn6tjlCqbu42m5zCM4ONiQ1GNl40SgJykTKe5opSy5nkDDy BMyBdnspo1Ql9HOdvLtL923VfPD1coS/MjSg7kRVPqOJdo7odN5sjUD9ldnFI6he 97w39ivE9zeGQkWMe9gQts0fy4QN6bLxrqSbtSKpLvd0afpbaE7/zyswtPu1yhsj AidFKrgOqyuiRdychkA06J1qSsbiBpvkOsFmeADqdKnG7lg4e3tmGME0rooIBfHq txCMG9QzMebaQVI6TqzA2xs/ta2OrokiN15YzjjHhLgwXN2Sr3eOXxUR3LNF5SZI HrzY+oBoamyDFSFEJLAHfOJABA/bruPwCzIzraXq7YtkOJNZGSK1CvMpk1orMVrx vdMcoGCT/UcGOLakk+3r6OeuHO0T4UWwO9/vEyxWWqUZusYiiR2hlZTgBae8F4nt QLhb+sZquSC0a7tf90228eK7nfmUjXyhk07wTZkFL6vdxPvdzfrAVDMTMsEOl9aw XcXgn7cMshA1qoY3GJwnFKvvHwZD+x81crpVEMXUblnN10nseH35EWm3DHvHJr4H ET+jbiQfXiRs/qEZAvPIzE2c4UUkEYyKPF3fFNKJ1/qWgAh6o3yURYD49ayP+7gW wJYQ4Y04aaGPxURZxBAXeVS3t7oK7ptTa93isM8fxGVJZofraeCX/I8VIgdTXzzC QI0smZydy+GKcQi60U2/S0eoQ0zmCd54Fh+Mg7YzJsyfxGhCoIVEkDknyP4rMBr3 71BZD05pxqWsFRoHun8Aw2nhb+TIUNAHK/6iBHqlRNljhEsfc5d7yEZDGvA1RVDX Gillmor, et al. Expires 16 March 2024 [Page 172] Internet-Draft Cryptographic MIME Header Protection September 2023 oZAhXBxcKz1GJGd1At/hzZDmj8MsxoIhRN6pCvBrN1x7OxJybtnp/6dKtE9A6VRM ek/zdWKIdHiZ0nNnp5SBnamRCx+pHECFtTuQyVmcvzbH2X/itmxrLPIAfdLk11tW Qv19Vo57I3MKfEWPVWVsMQs6gDk6n+hfSplhIKHS1jv49llB0RELdp8Av3ijCVae jjAqi23xwAFUE6EtniNwwGyFGKMdbHRRNgsNiaUS49VP44x/60ae4cfUQ0t1qLXW Z/fmGSB1LeQUqlnv1igfRW6u8bL0bRwrN+jOPWmxxAdS2ipjB3e8PIbNHDi+sYtW B8SRWcQ1pDUEtyY/hGl7pqRtxFBgRZWxAQWMXwVh3lcexasEd6j2cIRklCk/70rf H5zXVSw3LNDps90Xa0k9TnP5x1Yt1L89SDILylDUlfpzhwhsyS3V5fhoGCdxbilS qjA/pYvqjC4m1IS1ytjj3bMUvbP3x2etnqoVSGAtaH9ewHfCEndFIkMGIqlWee8i SC8hvNR8TcWIANzWxqlUF018EMQEN1OTAjE59K8sXa4gluyXjbN2K/DibdbZG7hL XY+oQxLsW8uJdlZvfiuqLnmu1sNogAgrJCvq0XTG6dx3MuaTC4UcijGpWvS0r1Xh FO+4qmScEs9tg5xXRqRRhbu5BXAJ/TRlZ6vaSKUoeLQ49MC7CeBO6XTKHSPPo6x5 Fjdyq189O62hnqKFa8MgMfwx+vpyyA4KSVPN36Wl8EPmYNABkTMlTbL1+SHwAMVX qhDuDNRZv7ol76CYrQrBqunwzGhV51vhkdT8uyqV9VtdfdpL3gpQHbqqIjSQT6/k iDfMI81QLdHXv028jFSNl/huldQ6GluOI7tPsBWVoIcaKCFOz63dHfOQzPupT4wO ZmDv/Yae7wLuhhDCFoe26A4mAWufXCkfdKouP7GygaLVzi4V2bYVmVWO36XDNDyI 6PETY9bQU+fOHEhMLKdMpkblLZiWTclv9PIoR4dwKnufsnncbZsgAPankJmBjP8p tHvDrctJvqYCZHSyTqT5IWgOAp3c8K/RxD9lwiFvCkEcA0uZBUqTLwZJ1bbKLxEM hLmtBn412q7ic+ud3zT5O2fAeuAw84tKKKbpT79jxiaz5EOATiBeEYmR6MNxux3u TDvBabBA6h6Sc6NbQB5QpU8knGmoGyJTm7nwNPsJtud7oQ0pjt//XIKAGE4xBLAT qB44uBhwJETObjkeWKqVV/Umnv/TYf7CZaKIA5udixJwglOLldPAXgNXRZVX2+2K ArZABmju+eEKLZGqF1LIXO/20BaIJUbpK+DSappBovKoTGdSTfr83OECfVuP0BNu +A2IkB74WzoVJm0orGRhzJZlJlC6X50Mqc0+RXTm2LBaa7kl8RfnUQpRrl4PPJ6Z JL93AmfFZgGLt9N8ITg657MHvt2rtZpTb8c4vBDsbg8kuDH/CMyZFt4CpG7TMhTC neVVRYNHwj/d7Kd+9T6UMly9LGMnJtP7yXPWu1dLGLv0qklwRQCfVN6ePHHLAW1O b4Or6tL2kURqCL0QkIVxmJx3Iypyq4mRSnWcZTJ16hvWVW9P6elXERXUSWf0GHRg 9JNFAENt+p+x8rocnrV4+AOg952uhH96f++0szz6T0aM37SKfUfAvJV8XdtZwyVj a3LAh8vJzhfV0WfRv110UxIZUVP4qM1K+cTpj304bE0hi1gQL6+26s34Vrv836SG Gae+hYTGX1NFjReMi9r/X4YY9EDpKC5eETSnnZYSkP50163vDsVtTmZfkSXyT3vY 7p1UaF6AvZTdhapMKCelEq0yMiOMNSIqXC3VX12bd4miHuP8Z6FgKIn8vtc2dNPc d+d3EA0+Gpt4L33lokogHAnEHokiiZkvWJHyw6UDunRmJ3p0AxR1zmgGbFGLeuYV BTPlXlyYHRHuWI+TVL+QVc6c77Q5QRvX6RVLxeqSW+drnkHCtGX4eWz082xy6lS+ SBoOxt2JVPYvyiCA5cTkALyVhlbak9dHMPVeO4U1f45c8mApm6xPT20l87vnVBxd gWwPxVaC90X1qXvaTvowO8yvgLQPE0+eISkRCm3X26Wfyck8W6HsMrUEl8Boa25H /Txq2TdRTjkIkaE8ek2YOMdv+JFnkxbgUEijJjRt5rYDzD8M7yTePkrq80chx2WX 0qUjD5dUkXYXsGAB0CyoE7RRwsHuzc39c3NMuMzKm6zBY2Q8jcC9N4ANzS22iq95 1nhN5/7dUkByuRMpXNqhKmkP6AA7h9H7YNeG8hdlmRB+3BeFIdezv9tlPGs/mtdZ lmsI7yfIPDTXF/7gF5KpcwAhWQ9uMySeTHBZwrLP8mNoTcoH/0r7PRGUOR5Uvf9A 5GnEH4BhgnMKf4MB/TbhkNMoCB1Jh2NFiQ+HlnJRxRoXXjZdIQj7wF7evcwHIZxE I/BSUSCrLeYOsO8QnOLOHbfiJZMlthyqFJC2Hc22zmeIu7wNRMAlyQZMv/0z8qAk Wd1MTpT2jFBn/uVFwuEBv6vbKC9Dm9NADBS9xg0P39FmhYtzCmrWuG/gQ+JP9RIe vuw9wwjqxH+VEUwSxNtSAOFPyHlm2ggWSQuTBRFflSfj95PUMn6kgNFwaIxzLpow quFfqhz5HIzdjLlAYFOzl+MepHXGGNm/H8UMAV8tO1MjBIUqbVjbGSkF1p2oSVqT +9q928fB8cDHy8rSFVUjEMiJT9uEQHBr7Xk3d2gOHBJA2iivjxcYe2yWa5qJZ1WB ObKTXaLVbLvHac5XdX1vNtzzF+qo5C5UGRng93IIbFYxw6V1kF6kQYJMusgceMLN 9aWDHsuVtdQR+mNP9FOKktTQ3GzYM/szBDi+ZaPmkswmnvA80Q4Qbrxp//TZFLKd HlTiqPTk4XgQwS7k4K4kv16K7Fn9snqqUBq9ODaxrEfvH8JS6pvuIvf+wvU0ID9H 23jaZ4wj1CkmzWj11G/jWBHiMhaXc8lvS6C6lOKyvVFoiJWOvSdhqM2jgm2TYBSS NI6hVgLpAQvFNgZuKopRgHJt/OQXfQBCUA0ijEBxBJ1ZDzk4xSxo5bsw+85W7Zz7 Gillmor, et al. Expires 16 March 2024 [Page 173] Internet-Draft Cryptographic MIME Header Protection September 2023 vzePF0LmT7Cy/qkGQW+RO4ID96w8Lq3+qX0aAi5oPwvA7G7Jtp+BhPucvehn3z5r bl/aMEcoIgTd49gpcYZLqDPaD0SsOYBicShs/CtwqdoYDgwkzi1WfQK3KIrsJxPd Us2VG1us7Els0zQKz0pJuFUzlxdyz0339tuh04Kc39DNPzv1acwkPHMVsYHjOqmD zeWxpxHpiVJYX1V/CEHaOCtQHu79WJZDHDWaiaXopVp9V96toArzz9nZffM+pSJL Gqv6P0DZbGxecnSXqQNw8nucoEK6pXSoofCpCCqWFo+xi29Mv3gA982UDEDubW7D zpc6b3luSYEw13p7VMqWsbWsitzjt9MBq9g354SWnTMoF5yabvRoZa4gj2j3Of8Z 9pEkpEgHO2cQHEgrHvpFuAiNHk2qBmFiIp0/MUIeUOXVsrD9mUzoTe2W9YYeIAu9 4yE1cT1apMhOoFGurW35lkxbRlGQ4zy+osgikbuK3kAsk0HHkibRR/sXLMrHgy9Z gdi3Kw2aU4nyzzMqueoK3rtC5u1IEfHMsRU1E76Q6TfS1gcITGDXwZJ1T9z3pfa5 lBet5lV9MCBpOpQkvxGt0OKvmVcqdXVSz1ZF3j15qkyz20pn7uyUWrl6r4ppqIPk KMkiOzlCKIIWfnnA3dDiF8a6otgX+bYGgBwxOoZ8GIzIhqLkrJNvF5ufeZGaGSCo iNT24WGBcnKJot6Zrr2K4mo/eNuvTrYv4dZt/rmWBUdEyug9VK0fiSGfYED9hUDA uxGpRXxIU1Fq5w0HlH1tNH4mzQRIIMdS9nw3xCbvPDIwOlodalk6KDXF2fy6Emgt xSCLb8AlWS8/S0VtaDornyN1ApTvXWX/tDSUa10swZpJBNB35vrYh8NOcK49j7Kb ldEnsuzSROZX7hPZvwc9z9jS8IqNuX0nPr0mNLi1gpxPOuW3UMDNr6gKBZnKqcGo HnWDll2Air849gN1EAXcGcORuWb4O5dOhu61csSvYKvaEj4Mct76vDaeFECb5Pzj yUQ4Z2UFpp/KsnP3B2CE1zdxu1AstDRdO/x2dcDWLJjUy3c2wM+U9nvHvbxTnM12 gx5UVlM21UHeM4kiwAhYKjOMsnpx/HnNk8kqP50OBlWwusS3JTr76tzBtzQfocqW HEOMvMy35x2Bh1ql1PRTSh9c3mgSpXIPut0l4xvNBtVKh5GG3rTZf44qJkMbwy3d C36hOWWkV/z7y5e0xERArT1CsFP+uDdGny3XGUPi0yj7jz/XFy3UnxzsKGVQPaO1 E90Ezi8eMNRtx/gBy0s9KwgUvam+3dG525ylGvbio2mrgLuTI2CKZiQBoTICXkP7 /A1RGp9W4wI23/Xt3hDW0XuBgvoJb6UxlNabXMBoV8MQF/KfWVJ7nnhqQDrRujuo ya9Id5L57bLdP4SEHCWLvPERMDzRk9wpeVgivKN29Q2hhAU5RCgO9KjXWd1moJku 4FAlTZErCqfkIHdLTN5GKeL+kYFIfUV8CVlr6D6MVwpN5QGzX2Y/+iat7iS4C4dY MZlHqMwkBRdxyjBBDYBiXGILjhgMGQ8HyzV/sJSYv3pDS4WfqhTW3mSNqQ5OcVz/ 3uGZeNe6ZkbE9EyGe/rRVCiBT5HkCpabG1l8Bj8MO+Rl9CM7ddVvO23WbaKt+Vw1 f+yzK+LAELR3XfAfqJPo7nK1UE2/QOLFDw0W4/uPbb61lRkp3lMW9NRznAQsUAuT HgLQT7Q9hn23wBTiQwiBS3kej4Gi6wVW2Cj4o/8EPR0qn6ne6nhGhgcYHpkw1Uz6 Ql9vjLyUFKjEOo0NWOu6pgyDcfW4uGNzvsdxcnvRQ4+qVyHeXLEM5d2EhAw+TzW9 vWDpgYTTa/ZIILvJv3f4iKNZYs5PeUJWLX1IPQbrPPKFevufJk3ld8K8QRuxtNvx aKp+scqFC36GXvCrGsRlHVaawBCGkCL6DYZVTDtaWIwztIvCXu0zOR9D6hnsbmFn t15MSUwr2B8GWm1I0yVgxp9U0tF4uTDUfo9BLnPpJ+2QYjUEPXvlBqjEaw3iQsBK h6XPNfRJqrRXJCbpCwZSiqSMKPgh88PB3F5Hjr6//UgVY4ZlwfYLSUgyZFIKBmKZ 8LAdeMKui2WTsIlHMlTv+yWcbf/6m1F6qx9Rbl11Q7OxGAP18JkfVBdNuFqu1iLm ir9x10Y+8j/GcaYOEwC/CHxduAqprr03sEz45oM0kSD8ZfhbHfuYH/QrbEdZQd87 FkCzNVdV3ZjGiaOI4o/0CpmBfhU5xN5G4tXY9cCfIXEpkqvO3/guoOlkbNWBHJJU WGLKvluSpoa6C9bfnaS9xr4YZjolD1W9odFC9uE6aHyMNFKTt71YT2sTMbVG9Ylo BWKv+DQAcai6BECVv1bvy9UyhicbzGLFXRmFS+/pGSi6h40eF7uEkUivmlZYnN/B yKL3yEqV7CqpUYrBmAC5RLj0pgWsBER6B9wf5gfRL8LMZp3lO6g/w3yjgH434L9H Su/VZmVjrCzZIOxE/ZG1GGMUc61+Z3D/9lQMeVdWs94YhoFT4nn5SREDVa4+4YWw sUokqK5i6los9mYlu/SJPxnwdCZxk/GyRRqH6Kk7IW2iWVXO8DEn2+n5szNLhv2E 7OazywsBB9jEH+CfJk1mgC2gL7RbN4TDguMZvNGmtK3y50or3wRDMsCBX2iWG4r2 9HYAChFcmbEWlCL3A3y5MGIFTrrfIYmKAWB8foM6hhWWFVVTTIxPqlvSZ6QXz0MA VA7VL5TVxltJotzLAbCKoYSRVmtJSEhsxTXHcWPX8YUpZvop0/dWsY6uJBkaadjv Xdp6MyF0WPqs3TYKFjZCHueaP8vq46vr6jP15h3tpxi5Jj+TWgqbOGmmn7reJKvx xNFpPHjydvLC3FbHoda/sE+cbjDup/bbjsUdZIVGulg67sMZc0Xk+eIIw3RIzcso f+c0AJz+6bGZ/k8xryPcGO1pud37J6F0nJZH9TrEAsjFJQtVmZoYbHDsZq0MVHw0 J0YksygeZn0aYHVA3gxfVcG2PbQpeXfnZyUsQtfjZOoEH9Wh1vh6bSFs+5TFbIUC Gillmor, et al. Expires 16 March 2024 [Page 174] Internet-Draft Cryptographic MIME Header Protection September 2023 Twxyn5ssf2yjxTrI+kCxlRfIe7r5/etsBUjQzpKju5VlXcg5msTqO2xj0QFKyjyZ wci7X/lzVJvf6T/v//ItTWzmUFEJ+Bux0vo1jqdxlsgg1wPyAEgKBoXVM4E4OJCL vjC3vLlb8Yl134JcymIrLk1D8etIJdhNMsoil6oy7yFtyxmqHjJ+9EqbJRhef1au JWP7++n1NNtheB5YoLlGoRfgxA8pIpDrFlUxdYKN3mBX+IdaTk4f+gXoNpTXbtRD B.3.24. S/MIME Encrypted and Signed Reply Over a Complex Message, Injected Headers With hcp_strong (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 10790 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6968 bytes ⇩ (unwraps to) └┬╴multipart/mixed 2460 bytes ├┬╴multipart/alternative 1449 bytes │├─╴text/plain 494 bytes │└─╴text/html 646 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:19:02 -0500 MIIfHAYJKoZIhvcNAQcDoIIfDTCCHwkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAAqBquNyGXBsi563D5scoeCEhSWiHeZcEBof 53CMvSnOVtdWust0R7xoMAJyq8ZDsQ/rIWOAvgm3xYi/8hVHowZtCe+dZozlkiG8 yLla7UpcJVoqRZfMKoHwgySP0vNK+1BhgSQSPO6z1ilT2HBMeMBwjJ+6y9/CwOnr hRXiQOWlBTBcLF/P+rpuAsFtv6jdxm/jzXEMgQe5j/aConPchgGzKHy9XiCc2YOz RZDJs5Zc7cmnefTA3f0IH0QaO41g6ST8EnqimWsec/eNaAEakZOZZJRYAhgLXciD 1qjuByWAAn4h9KnKXWg3VtZpX3I40YMPLw319TGAJGnP5kh+DScwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 Gillmor, et al. Expires 16 March 2024 [Page 175] Internet-Draft Cryptographic MIME Header Protection September 2023 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdhmdRrcVpFpMT38ZFuEl25Pt kTT7HYAcrOSov7Fuohjk7kukQyTQCG4y73sHeu/FZ1IPKzxkOU3kfBEbJunPykkc VuFJPQJmrDpk4j5dvSqikvqU9cP/GliakTrCBiLdb7DO5jsA/8o+3OmN4S8F4Mjw gA6BY0DOT97FeTKpMohtlGhGpTtrVe8cVe1C2QPD0rKBYEgwJ7t83mzyaaj8Yws1 sUAkjFY9hoTuwLspdiTqKbuUvEZaEaKrhO10WYqoTpLPjbl33KCo7fhtwj8zeVbR Gb/1JbKsc6y/raPG0sTZXrCMQRmAJzEaNiYAmYaP6qdL0VuBQNDhEEf2bPopuDCC G+4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECnSfmBIh5urf+GVWT5DQ9mAghvA jKFFJHAo+gcmKmrsfGJloYSxEavtMlOlVK8qttlITxGFRxoi2frbYzKjM0ELjKkE 0QSux6e/uGdvnBtx85/O0x+zECTF4jTU4u75oU+pXgAKDHkHQvn/SAeTaDMR2iKU W1KJXpL98HqBBmaKzXGpXXt0WNKG2fnNs9+xOqzC1TkyUTTNOG81N0fkosHCBmdx VY8Uslp+BjRKQ3DYIEHi3e0ktMCkSRh59s0J3rOpyAPeL8xtQF1SzjCSBociz/8H OOECaDJ9RyrhkD9E8t1oeTWF8PD1VMsGq11F/eWPSGnDvKL0fvHPmq5nA5KMb9i0 4wgwRigvIn4yadhughQigM+wveRj7EpCXzaGeMusjc5Gzfau78VguIoIVPnBInwk cYAm4hLR4SjksWjKctCREwCB5HhYmrCl1adob7AkLSfVbGEGW+wjcOByHSQtLeyX pjsImxrygb5WpczagBwIEt6AYk6kgWMsPtHF1FYtCHjdfv1Lr10zgVPuEHROM9gA 0kWUnfSEdckaLw+c+YAde2q2NCt52wq4c4hcAvhJnJP0x25HWG0DOsoCp74zx5jz DuUvv6q77RFZtD/+ykYLYXHhMysKNq7d+3jUuQ1I3LStZ0K1xxeHsKN5l5AGNK7V 3HT6LAo1W4oOUOBh/+bZRm6fPNMLsoTC+WHAiB4rOTUeljz7PEqTvpeDSbHbpORn Oh5UKUuwTEH6FmfFUCMSlbeqyJoSqhsa1F5ccEJKRzKVR/ujYRcLJPoxRTVEWUhG agsyQ5893TjSixMFyvB2ZFq+I1JdL/NU398OiwGWyg6FCck/UndwbV+DVrQ2pfgK s1e97pSnL3w0JjMXpxs5WLWsf9wy2eTajsVMA9RWaHKXKPcIgTmIC6M8q4jWxie7 i4ZfrIVAHTbKaDaL1bGn7Y6nL2aWj1pLke9kE/gngZpKWEiAuG+MjY27lAbNZB6x zJLl8Btd4VuzhmYnJCPBZ9q+YGV1TVtgbKeq5c9/O6T6QvkEzUlQHUwYKjXvZAEL ZbGGzDcXVuWoBbP1fbzzpWKuhzqrN8Jvof5e1SBuKe8nnQFUAKiHxzf2shWkQvG7 gPkhDJdcWXErpohhnnmEzE/deIGWRp2Kmh27/FWlFfKbF4s/UiYI2za6jNRmCSF8 FoTtHw0U23YdKfSqg+qx6Cr464wVlV7jUgBIfdMdHk9qx+lNb3vnBpYnhg2tVHkb aCUfOQxHN7FHySdDTMunZSJ4DLHpS+e4ufY6jEmUwdgz/j+qTTDon9mwH3liyisj o1nd0vA1ftBh4qfnjV5PQJ+C9vYhHU20V/uJt78jGdFP27qN3lZPj1Vq1/gPT/r6 BJzPXJx5FUqwhEkMUE6B5hD519hNNrrAltvS1jugJGsoGUwbw1qffE29nGxTJKch +pMJUOXRUDelO5a75M9ui4r2nFb5yUhJh/KwBxTgfsuzQ2kZVkSv1GRWzFOKeV/U SoAJXR7mmxpKqcf0O2XdQYQq1kO71iIGqxTQefTGNIsv+VSCK9VTjbD1RHBOOft2 lxW0GyLejwtfvRuFBozL268ZfyUI0xfqVRm/mjT27zBNoBDVsF3K8AGvuJRCIoVe Pw2akifn2+n8w9n3EDNkck4JDxkL9RQBULMYkxAcUwfxdXzPT/ixNHiEqj7VCu6k qTLPr7Yt7qLe/BbndIs8u/rDc5SVWmdjzX3s0po7uw7XiII3ZvxWVmBhi65rJUzD bx1pzA1+lrKGcnCetEPpnZuirmb33CKBrzLNXH5XTE1UfLr4g+kEWnFJL/ZvIwct VzxwIGkeWfrkpdR27chlbGwXyZGeqhR7SgwYoev9wvj55VKfGajWsb09Sw6l3FgS lQ9fmgKv536pYlSYClfFSshuQiB0FVDlagtnb45FNGA2HaNtZuT+IWfwBpj3O8zI fEGrm/NzhFFGnB/R8xqX3pB4nEQgbZ09Kbw7Bvd7XQ+2v6zQjHy82TP2Q2+vnDJN fwwwJJ2mzT9QPcTjUu84RAT9ritBJh9QqU/pskeJJ+LW9s37uCExICMnbaMT0btG h8JBUYpxJ92M95l1NSgv9pnex7PfUTdAq6CEyqnN2K5XFZQ9kVWYABucxCd++sO5 uLOTbepB3MRJopgKpMYThCHaqd/MCc+J3oO+Jw/g/zTwlq2tXiNw/smN1tsRO47x ec/I9fK9VkxzXa34HQ6uhjhbzw+pzNUimIlCCr/ZrAGGyUx+GqiAZjUWXuRtETFp iYUpzM4+0Dnv5ziQQNTWizAFWUTW++FmHpU8Nza4zqiVUkuxsFQC0I4zR9f1C6Ch 2oqRkuFIa2O3tf76D7h+BwoBKlNm0yWjZFDpb7lfbckQJZUQ9CbdpLdzYlSW1jyD rO9sRMtZeW0rE54k0XMyZ08MIUbvor1Xiif94QdhtWMFz2ne6rjBfgh4YF89QDtA zjRBS0UeHXzv2N5LnYLaArADFGbhm4bhZVmgdQeHiPW5EaUF9PbaiWXs1E2dz71O DIgZAaz5ij3mWgRdu2uqBio7Abibsfhd0D3ImyEoB1AwiisV3x8ucrTLjlm0Lt4f UX1tfF7hDqRnKrtgQFe94pruaA8aWD8hMhLyycnOWhpmBHbWEAe2KTh3xC3XpVbr Gillmor, et al. Expires 16 March 2024 [Page 176] Internet-Draft Cryptographic MIME Header Protection September 2023 V8IQdjSxY0AY1n5ktoAZG26Uoi1V34I6olmCyTTLKqbJv0KaO69Qszj3shoIJbtF k7WeKn8xgSuqjl5t+n/6F+pl0e4Tszh08+d2F11aBY27gGzxjf7HGBbXY6OhBZxg vvC4DtZj3iYmzFzXIRgbhgJLAjvtXRftxs90kHlHAfxlAgnrJWmUeVFzVIf2/d10 VmJw/yg/u/d+HhFDl8XXR8YRUHjCAsnewhs9F2I6B/abUpWELATTnL+SPYxdF0kC Ip/+ziCiOZ6uiwNwiecu+VjzrZ0iGVARGHHHZOjTxlPlOcIsryOPOrJ6vGMIusyr cS9GYERRszavcaAQqYv/SF8Zi9VcuJA3ymyIHT1MaAghJYYzVcrr7NHWrU6+qf/S zL3zJj3OGlUftX70tN41cJG9THfciWKIlFgn5AdKiqOhqR2r0WffWy4E3/A2tKBe AESRwu3p0K2UuCniE7UAg2P8C9jS/OdKQ7fepdUEwSCRJxb+jmm9o33NLvnkTItw 4jsHHjDfF4HxVx/vouoJ37SQqArYThgLcaEWHRrNtmx/vPtYf+MrYviKGdCDgncs ocBKiCb0Uzi0NYNjnMp3j3rr69jZfxOHI4WsmJlM3ANsyopuI9c5NeXEZIiB1Sne GAxPbcpIXERxd3HJ5gOB8+D7amyejIvJgqUpQIpBBYCYLFSIHukonEUt+Bj4HcfN lBct0KTFVaEZsjhPywdqKmzWUuPn6Y4IVoEeQnxP3cSkk5vhgwZq+pfVk6CMPnYx ihmcuEiuzddzFL9IqaqJ57qni6yduEbo7AqGbaSDE6ISXtMvwjQHXNbWEAMbnQSU BbmidJA0BYy+GzjeKDX2SF/wejnmucBvVGBVPDyZ8bhj0ZH1jSBRvoeqxCnP7JkT K3SFIWvTx4iulzpuqxyfQNIWFazRQRyrQqmVk1z/u0Ot1mlrozRKPVDhFA6CwN15 djcA+pBv7qMXDPSjNwgZLm4mhlwpuQM1m0frNdWjLjvo5X4k4B2SCLp2eRYLw/24 hi4Q0gs3yNSbV3VODnCj+VIpLFnwoOD1QyOH2GrEnREjJKSjqzCGbgBkXcvP03oE dSioL/OvppL4c5FbQY135rQ6YtN8Ibww4QgCt3BEgPjUL820Pod0u/Fs5nOmOd0Y /TAPlSUASRNoX3huZXPvPws4wHXtymYobUeiTz7O9iJGN1htySDhq6hHNBbzoIdh OBSI7/j1UwOFLE6gAGIkxqxBRCKur/xUEia5MLfWsIDkd+MiAqRdtyHLZuVx4J5K SgF08VucGPJNSkxMWpx3OM65CBMc9t7HR2EaMD230L5iF/maNyMH5X53OHib1Zg4 y8PaUdClk6eoJc5qVzDf7a6xtuSr2d1R5gymyzG/22dLIpIL7o0jwcfrsAZrMou1 LoDtYkWxf8gHHMD4AmsrXY61PBECvrvI/s4CQlMvr8pChdtQJcuSH+lvuGUqqtFO KnpdtecpSIAlh0Eemdhet53LcpT2EUVY7Ns6N7PMHCgtQHOTPLJMkKRw4c3FWxpH 230C19w3+Wvwnv+EDp6Eqza5QahCU7Yey1teE2EY+ljaOFqe+j1eTysemllwz46U wOS0M6X1zJhwNR1vqag7Ld4ZgtAUFjQjazR+Ko2IK9lx6x+gxXkRDBtsdtUrdnLA e0SVE8JdYQdJ55i7xhh46npC5ld5xX7igmlWFWpWj6V/5RoTKNYCdYo8UXK4NJ7B yLYfK5yHF9KnLd9dTBxUuvOKYvdvKzgasfDhCd+SFwxLlRO1JM8yDxmyy4rZEUwt f+Q9DTtlbINMcIowXtJCi7afhzQRsEnDy1bzuaCi72Dor6d266tnmDNTIQdLZ0jl AivVD66/kTLb6Pp09BzZRY9x9P6SBHZ5RI50uyVJjSrmlSFjAKxxH/KqkpS06b6f RBaSy1Jj/oBOFqgEehDZtyhFSKAftkd3qrfn9YhObhP1tDwgOrUtSXrSpazqSzcg kS/zcFjd9e5lwPH4mPEOrrZuRJzWwrC2G8iZtAsVR8z3Ns2AWxoSDRSbE8IWxJYo u9DbnvvJV4Ri39N0u1cfadWiNePn22TMT5bszIrcqA1XiAMobfKoklxmAgPWlnAK AaGhXgvumPCYp6+hNItX/PGIdO11iXyURVW9Jq/q9CotmaRM1j4q3JoHuleARjjW Uf/jgzmcEFBYYwftJJ6BJQtqhJ+HiBCVmJ1aFKNAXYcSfwBLaamN6SCQ8hXBuITe TDqnbMo98r7amvNaI1iwXtgYtz+FkfRZOwjgBDVJfrELmeoXbM8Ioj/zvnqUW8Yl cMQjkHetmeIqGU2Ay9GduVQW7xV9Gc7kkE7SIpnm/dQTL62rkPpA0qG17t5cPsBW FUSCjbJR2RSlL0UcgZ1z1X6peuCN7XZwA2AvPPaZ8u2IWEqhyneOyms/4Zp5cr1L ZfycEWokZ33zSGU7D8OPIXDkEcMas/a0hP7zYh+zQr7yazyxMOpncl6MNPJ4Ekeh Dp1f6Rr/at8JRAdz08iJujlWmcbdycUagg6v19gS1OmD5v7gcScZH0AOzYcYpntz f36dd3VZfDT2heEkp+dmlNo5jiP/ZxANGy1qU+Dcq5vp/6KyHn1QZBMHw9KEfIAw H04zUBXDBtiWIsX6UqW5bHR+nhKaB4oHpvnGPFekQZO1+5v/UbkAwJpEd3nPa96M Xgt1oX0WRl05AYfge1OzJo64KDryolmNNXAqw2gOzN9blHOeltkiNIwFdIU9gGHH HdT7F3M6OoInXO7X7b2Vw7y/7Ze9pWTnACP5k75EXXMgd94OlclpR99OX805kwdg yFc6ZKVqEK/5rHRHwL12RfugI6Z43aY5nVtTQpJCUgw6HS4PzAEbNrHAQlEd+BZn tGXvbtfO9ps1l5AO2HRS2YzdlrcQJqP5wD9gyT1hIzoTn6Z7eyIzYXGgte2GChFa iC6V3SgPAPi6XheH50GBjllKFjPoFRYiNJsqdJF8Oy/Ywo6ile8sByRx9jiASUZi QSDxdMqt3m9ATbZQ3JoEGGuUohA5Wwn7ZhUDK1sfxp61h/lD2npjsS98hYuBdgck Gillmor, et al. Expires 16 March 2024 [Page 177] Internet-Draft Cryptographic MIME Header Protection September 2023 a3jYMlyR9oh8KVlpSQ9ebaz2XXqmU2Egn9IOHQdQJ0wwqD7K5yneQ04/a1v3/0zG jaliEfbgS81Dj4+iuucJUqTtS50K3H88zr11s1vr+KtFA0k8TESWk9ncDc2Uo+0w jLIumCCdXZk+ZiUbD7bAdTYoCBKaPPj2RamY5K3/CYxRGdhuEra38Uyfk6S7Tjyr UXvfEFZZVdP3UFvOO0Pw/p+iXnJusPZ7vZw7Zg5SCnO+RXtVnq18OS/HP9LbvX8g 3jgjABxluBtH2HmWyLiNhxZdG/OtgRzVYnBExVafqaBRtP7qNxIl8u36U2p9IFn+ 99UNm1uZOup+yqVGzMDH7KUSTf36Oz9QpEghKwyohmK6u6s9FO3zHNVCkg2rvIOG 6iY8ro2q/KC4ioShoU+KM8DyBzAe8t8Yz/c06ipWlae+cMsBgulhqF7oAyyRJUX4 LMX1DAILi2FzmA2Cu347axP3woiquwG9GYiC+a3tfgzsnvVBay76JBPPUh2myy2L 1mxv1xewOjE+VRfBMGo6bPouwNqflQGnDhWLwKyNzIAI7AiL/BHK7xhT4Be7+xWH 7P/Pd+9OZbYC4heifbXg/y+wYHBLVENsM9sM7qCbuJSACuWQkNBBHJUQC1IZeGQb Z1OdcjBQE+JNyJO8mo4cNhfIWlmJNH5lOjHRAzVO2qerF80ucHQF7xWGV3qKg8P8 x5MAQDTiTiqKFGOHj5onM3Z6rbmRSRdbn6CJu165GGJjx6EnfXlpMG7IlGCFHv1U CVlTnop5onytADFQih9LmjNvpHxonEOQ8wuEN9CiKEvFo/kleDiI/qRQhEV+KrX7 j/zsGEYFjMMbY6Uk40cPpZ70CwS4P7coHdTJQIX26inNN26UvQR9u48mhA0/ezuD ttm0IHs7uK9IHOm1MBjSmEJxbDEvwND4srbjlQ0cv84bSPX3HHR0HGkwtPE4zqNq Iw6eOpYUsJDdNyToq3A8Q+omzoz30YUzeBBRVvbf/Mwrd0Ci8+QcT9DbF4qUkVYT xwGPQTnoLt+5DDPsfLESLb1gXyxkYFavbnSlvNuAFl/AzD7C2T9GRvK7x7pleNrA mwstYUVDPAL83egLxxqKDYeS7IPFZal3MJXO+/L8fr5zm+ZLh/fDFcHSTdkW/Mnh pZfTjjc9NL7O1W2bpKUAVatptOqqsDNgX81mXd2qetYTvVdc0rHrxz6moG8qtb2+ tzbi888edf6l5de8UTF9u4rTgN82IACEZC/78eeaIVOjOgUaQi/qY2yxtjFPOCZB l5Vwe/KkUMonf4btXlMAU0hSr83gQbhZR0ikKc9R42MwucOOri3mWafVmjN/rB+E hoF4756QzdkT7N93iGToMeiicCu+nHZ6Mf/4wcOE2GzQ0w8LGMI2AxMxW5bBJTEA /g5Eaug8JQ4dQ1srdw5Sn9CvaiyGOLvqiYMDj26YfPne75m29HmfFTgPI6xphEc0 Z/MCRP5kMXJuAm89d0KUZmXmRveNoudqmZ0VEXYzO86wn6u64Pj7RoN9N4gQYdZe CZI33gShQfhpGVKMHK3lKc8tqB0I4PoPZF9QZu7pYa1Ki9VreFv4SA9X4l82NEHM sLOHlj+7Mr7k0zLXaFOLO2X/uLUz+58aKeho9TnH72j0Za71C7BoIcsVhdvlvHDz +nw8bmeCHZA7mrThb5DUSG6J8TTDcAqAHxwD3R+vocAJGNDtE/6FvPHIIUmLXOkY Y+HPzvJhx4hN3plTXfLeB7ERgBsAQnnJYcZ/91sNNsC91ubbyC6X7Eu//V102nvv Qo4M77evEo+ZW9vxyVxF+GjEuceiSCGztxKFFBhb3Z4XNNnClGP03GbAWAdnyI4T T09QA7A0qwK5t4BtS57fuE8VgTEE2d29JmXM2J0vYqr1Bu7VWVvK8RjieqWi6g64 pA1NJrfACyitfbibkU51shu7pqrNKOrjiwewADLyUH/8s+HoPJCFellNqialOvMN 5Zy2nYs7lGfW+Be6iNvLBef2vvVhbnhRMbPCwMuQteJp3Vk1u98n78rVY0Q+G2wy xGoJ5j020LCkboH8IBIsp0tl9Cb28x8AFTQnwWnXpjtmNAWwb9bakf+XvpLPkTlQ /31+cHHBVIWzPBpbq8am8Ct2Ha1SRcOV3gFlU9jg3Us1pYdX7p0gqaQRgJOumcCu /3tE8jye4VDUYwHmCiIsO8mnyFGNq7qBb/Iq4AXegXMHTN/loDVWqlKaPoq2t23X lUWly0KzV68q7jYQSyJCSAbhXl/K/lyY6YiRPukCu3cOjE66SFuVFeVbEPqsNuvU cgTWLyDibMP3dzP1YTjVtjsdxs9kMoJcKyRG6uPVuD502Q/zrF+tB14Fu8tBscjM q4xDg5OfcXVH1HAZDDqaPYJEANRVVAEfiOapnrHC7lW/Wit1gCGKyHtwpXNyGZqi gTdtdDQMIOtKXYcbA4qzaFRCXHAisVVALhzznSlcGPwKZuIKOR3FprlCqbENzOwJ 959ySW84J3qoiNCgA1+gEJhXzCoRmb74+J0XwQxGJNz2EdPaQ9zn7fzS6EaBvioN imKS94YwzD0bw4viUNxv+V9++hs/3Q5UL/TBrCTtaoUpzdkGGR/zoemj0S8LYLO2 6J17+U2N3i/Wcnpm8Y47LupdvbL+zddh8WQkmdJ7X8sHVfHsUzSLxvYWnIQzdETY +7xxzAY+W2309MSTJhGHR+xOcLe/FB013ifpZo5qFRNasTWVLuPBZkwF3eFrSjCH bnGre4WFFWLrOYR3VfslZxczYJinI93N59nQUDN0FSTuoCT5ioIS2GQklWoAbzRL /7erGVX40mppmzB/tQ9wxXQoKZdWUyAJMRk1wV4XhnpUJScxJE+2HtBkaUi6I4/G 5wUs4i/cHAfrWkSJOSII9zKxlEimwOGc1WcntB2+UCCb7cTJ2I5V6qmhAFK2ReX+ 0Bcm8j8gmRJtEEKFon5Pp07CR/8FMr0X39D7VQmpc6t8hyA8xPhWWiRDdLwibMtj 7ZSNtVfiNMBofj+7k/INPNSe75DIuGaO+yAhizYYIJAF+HqObyMv+eBImiM3A6IT Gillmor, et al. Expires 16 March 2024 [Page 178] Internet-Draft Cryptographic MIME Header Protection September 2023 464xi2PN0JG0VHkQb9ONF4GjkXXUe+4JKu9FkyxfaNFNMkhKgcNcEO57TLwyhKHk vXGp/TDgY+3QMjhS5ufjVD5rOZZQyNclbJ+my41wu8BR2Xkc+uhQaMJ/jOjla3ZN fgBmxL2+DylgC21hg5X/OFA0KsA5iyJa84lq2k5F/KlGhWkyPgpRSbrEtTWWQ1KM cbhQI1v1D3/9yZLcrtLr+JnDmqX3Vl71zzSwhwPsbDvf+c5zOEXagDgXWhlWs+sI bhh1ozpomjyrER6lwPwRIl1JcSdAgRugUvMIGQ6OosIEodRPMCI37esvBv/0XAmX gsaJ9xT2a4TxezWjBUQInTcv9dRcDXidNt3py3F1jBqx9MkTnEbrYKOXZ1wk71fS FZQ7IcPrdKjwY7id5j9ABHQfQWy8bRECh3woq42JisX17wmBXlmtjmeaPUkZynKA taPBG5IM5jRqxHntADcWQRXg5UBB/ssj2ziyd8xSpIZnikMcJQUZAlOWprCXm1kC LBYanEAhce71K/o79v13de+Ynox5v0smvsMF9RU7+90Yzx/2dWzbMSwh4+IDoAZ3 fYUFootr14wPHVA4z34Vuyc30BR7UMv3JvIXmU8awdENHUf9yVGOTbMhu2MOkp5O 9//u36yzJCV9X6CcF8I1NrDaoS7OSzt5kWvMm3t3nGZAibf12ZGdeVK0+ypaIcVA Appendix C. Composition Examples This section offers step-by-step examples of message composition. C.1. New message composition A typical MUA composition interface offers the user a place to indicate the message recipients, the subject, and the body. Consider a composition window filled out by the user like so: .------------------------------------------------------. | Composing New Message .----. | | +---------------------------------+ | Send | | | To: | Alice | '----' | | +---------------------------------+---------+ | | Subject: | Handling the Jones contract | | | +-------------------------------------------+ | +--------------------------------------------------------+ | Please review and approve or decline by Thursday, it's | | critical! | | | | Thanks, | | Bob | | | | -- | | Bob Gonzalez | | ACME, Inc. | | | +--------------------------------------------------------+ Figure 1: Example Message Composition Interface When Bob clicks "Send", his MUA generates values for Message-ID, From, and Date header fields, and converts the message body into the appropriate format. Gillmor, et al. Expires 16 March 2024 [Page 179] Internet-Draft Cryptographic MIME Header Protection September 2023 C.1.1. Unprotected message The resulting message would look something like this if it was sent without cryptographic protections: Date: Wed, 11 Jan 2023 16:08:43 -0500 From: Bob To: Alice Subject: Handling the Jones contract Message-ID: <20230111T210843Z.1234@lhp.example> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Please review and approve or decline by Thursday, it's critical! Thanks, Bob -- Bob Gonzalez ACME, Inc. C.1.2. Encrypted with hcp_minimal and Legacy Display Now consider the message to be generated if it is to be cryptographically signed and encrypted, using HCP hcp_minimal, and the legacy variable is set. For each header field, Bob's MUA passes its name and value through hcp_minimal. This returns the same value for every header field, except that: hcp_minimal("Subject", "Handling the Jones contract") yields "[...]". C.1.2.1. Cryptographic Payload The Cryptographic Payload that will be signed and then encrypted is very similar to the unprotected message in Appendix C.1.1. Note the addition of: * the protected-headers="v1" parameter for the Content-Type * the appropriate HP-Obscured header for Subject, * the hp-legacy-display="1" parameter for the Content-Type * the Legacy Display Element (the simple pseudo-header and its trailing newline) in the main body part. Gillmor, et al. Expires 16 March 2024 [Page 180] Internet-Draft Cryptographic MIME Header Protection September 2023 Date: Wed, 11 Jan 2023 16:08:43 -0500 From: Bob To: Alice Subject: Handling the Jones contract Message-ID: <20230111T210843Z.1234@lhp.example> Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1"; protected-headers="v1" MIME-Version: 1.0 HP-Obscured: Subject: [...] Subject: Handling the Jones contract Please review and approve or decline by Thursday, it's critical! Thanks, Bob -- Bob Gonzalez ACME, Inc. C.1.2.2. External header section The Cryptographic Payload from Appendix C.1.2.1 is then wrapped in the appropriate cryptographic layers. For this example, using S/ MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed- data" layer, which is in turn wrapped in a application/pkcs7-mime; smime-type="enveloped-data" layer. Then an external header section is applied to the outer MIME object, which looks like this: Date: Wed, 11 Jan 2023 16:08:43 -0500 From: Bob To: Alice Subject: [...] Message-ID: <20230111T210843Z.1234@lhp.example> Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" MIME-Version: 1.0 Note that the Subject header field has been obscured appropriately by hcp_minimal. The output of the CMS enveloping operation is base64-encoded and forms the body of the message. Gillmor, et al. Expires 16 March 2024 [Page 181] Internet-Draft Cryptographic MIME Header Protection September 2023 C.2. Composing a Reply Next we consider a typical MUA reply interface, where we see Alice replying to Bob's message from Appendix C.1. When Alice clicks "Reply" to Bob's signed-and-encrypted message with header protection, she might see something like this: .--------------------------------------------------------. | Replying to Bob ("Handling the Jones Contract") .----. | | +-----------------------------------+ | Send | | | To: | Bob | '----' | | +-----------------------------------+---------+ | | Subject: | Re: Handling the Jones contract | | | +---------------------------------------------+ | +----------------------------------------------------------+ | On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: | | | | > Please review and approve or decline by Thursday, | | > it's critical! | | > | | > Thanks, | | > Bob | | > | | > -- | | > Bob Gonzalez | | > ACME, Inc. | | | | -- | | Alice Jenkins | | ACME, Inc. | | | +----------------------------------------------------------+ Figure 2: Example Message Reply Interface (unedited) Note that because Alice's MUA is aware of header protection, it knows what the correct Subject header is, even though it was obscured. It also knows to avoid including the Legacy Display Element in the quoted/attributed text that it includes in the draft reply. Once Alice has edited the reply message, it might look something like this: Gillmor, et al. Expires 16 March 2024 [Page 182] Internet-Draft Cryptographic MIME Header Protection September 2023 .--------------------------------------------------------. | Replying to Bob ("Handling the Jones Contract") .----. | | +-----------------------------------+ | Send | | | To: | Bob | '----' | | +-----------------------------------+---------+ | | Subject: | Re: Handling the Jones contract | | | +---------------------------------------------+ | +----------------------------------------------------------+ | On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: | | | | > Please review and approve or decline by Thursday, | | > it's critical! | | | | I'll get right on it, Bob! | | | | Regards, | | Alice | | | | -- | | Alice Jenkins | | ACME, Inc. | | | +----------------------------------------------------------+ Figure 3: Example Message Reply Interface (edited) When Alice clicks "Send", the MUA generates values for Message-ID, From, and Date header fields, populates the In-Reply-To, and References header fields, and also converts the reply body into the appropriate format. C.2.1. Unprotected message The resulting message would look something like this if it were to be sent without any cryptographic protections: Gillmor, et al. Expires 16 March 2024 [Page 183] Internet-Draft Cryptographic MIME Header Protection September 2023 Date: Wed, 11 Jan 2023 16:48:22 -0500 From: Alice To: Bob Subject: Re: Handling the Jones contract Message-ID: <20230111T214822Z.5678@lhp.example> In-Reply-To: <20230111T210843Z.1234@lhp.example> References: <20230111T210843Z.1234@lhp.example> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: > Please review and approve or decline by Thursday, > it's critical! I'll get right on it, Bob! Regards, Alice -- Alice Jenkins ACME, Inc. Of course, this would leak not only the contents of Alice's message, but also the contents of Bob's initial message, as well as the Subject header field! So Alice's MUA won't do that; it is going to create a signed-and-encrypted message to submit to the network. C.2.2. Encrypted with hcp_null and Legacy Display This example assumes that Alice's MUA uses hcp_null, not hcp_minimal. That is, by default, it does not obscure or remove any header fields, even when encrypting. However, it follows the guidance in Section 2.5.8.1, and will make use of the HP-Obscured field in the Cryptographic Payload of Bob's original message (Appendix C.1.2.1) to determine what to obscure. When crafting the Cryptographic Payload, its baseline HCP (hcp_null) leaves each field untouched. But it also knows that In-Reply-To, References, To, and Subject are all derived from headers in Bob's original message. For each of these header fields, it observes whether the origin header field was signed-and-encrypted or merely signed in Bob's original message. Gillmor, et al. Expires 16 March 2024 [Page 184] Internet-Draft Cryptographic MIME Header Protection September 2023 In-Reply-To and References derive from Bob's original message's Message-ID field, which was merely signed. The To header field is derived from Bob's original message's From field, which was also merely signed. So these three header fields are passed through untouched. But the Subject header field is derived from Bob's original message's Subject field (by prefixing Re: to it), and that header field is signed-and-encrypted, which the MUA can tell because the HP-Obscured: Subject entry in the Cryptographic Payload of Bob's message. So Alice's MUA generates a new external Subject header by applying its derivation rules to the HP-Obscured: Subject value from Bob's message, yielding the value Re: [...]. C.2.2.1. Cryptographic Payload Consesquently, the Cryptographic Payload for Alice's reply looks like this: Date: Wed, 11 Jan 2023 16:48:22 -0500 From: Alice To: Bob Subject: Re: Handling the Jones contract Message-ID: <20230111T214822Z.5678@lhp.example> In-Reply-To: <20230111T210843Z.1234@lhp.example> References: <20230111T210843Z.1234@lhp.example> Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1"; protected-headers="v1" MIME-Version: 1.0 HP-Obscured: Subject: Re: [...] Subject: Re: Handling the Jones contract On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: > Please review and approve or decline by Thursday, > it's critical! I'll get right on it, Bob! Regards, Alice -- Alice Jenkins ACME, Inc. Gillmor, et al. Expires 16 March 2024 [Page 185] Internet-Draft Cryptographic MIME Header Protection September 2023 Note the following features: * the protected-header="v1" parameter to Content-Type * the appropriate HP-Obscured header for Subject, * the hp-legacy-display="1" parameter for the Content-Type * the Legacy Display Element (the simple pseudo-header and its trailing newline) in the main body part. C.2.2.2. External header section The Cryptographic Payload from Appendix C.2.2.1 is then wrapped in the appropriate cryptographic layers. For this example, using S/ MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed- data" layer, which is in turn wrapped in a application/pkcs7-mime; smime-type="enveloped-data" layer. Then an external header section is applied to the outer MIME object, which looks like this: Date: Wed, 11 Jan 2023 16:48:22 -0500 From: Alice To: Bob Subject: Re: [...] Message-ID: <20230111T214822Z.5678@lhp.example> In-Reply-To: <20230111T210843Z.1234@lhp.example> References: <20230111T210843Z.1234@lhp.example> Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" MIME-Version: 1.0 Note that the Subject header field has been obscured appropriately even though hcp_null would not have touched it by default. The output of the CMS enveloping operation is base64-encoded and forms the body of the message. Appendix D. Rendering Examples This section offers example Cryptographic Payloads (the content within the Cryptographic Envelope) that contain Legacy Display elements. Gillmor, et al. Expires 16 March 2024 [Page 186] Internet-Draft Cryptographic MIME Header Protection September 2023 D.1. Example text/plain Cryptographic Payload with Legacy Display Elements Here is a simple one-part Cryptographic Payload (headers and body) of a message that includes Legacy Display elements: Date: Fri, 21 Jan 2022 20:40:48 -0500 From: Alice To: Bob Subject: Dinner plans Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1"; protected-headers="v1" Subject: Dinner plans Let's meet at Rama's Roti Shop at 8pm and go to the park from there. A compatible MUA will recognize the hp-legacy-display="1" parameter and render the body of the message as: Let's meet at Rama's Roti Shop at 8pm and go to the park from there. A legacy decryption-capable MUA that is unaware of this mechanism will ignore the hp-legacy-display="1" parameter and instead render the body including the Legacy Display elements: Subject: Dinner plans Let's meet at Rama's Roti Shop at 8pm and go to the park from there. D.2. Example text/html Cryptographic Payload with Legacy Display Elements Here is a modern one-part Cryptographic Payload (headers and body) of a message that includes Legacy Display elements: Gillmor, et al. Expires 16 March 2024 [Page 187] Internet-Draft Cryptographic MIME Header Protection September 2023 Date: Fri, 21 Jan 2022 20:40:48 -0500 From: Alice To: Bob Subject: Dinner plans Message-ID: MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii"; hp-legacy-display="1"; protected-headers="v1"
Subject: Dinner plans

Let's meet at Rama's Roti Shop at 8pm and go to the park from there.

A compatible MUA will recognize the hp-legacy-display="1" parameter and mask out the Legacy Display div, rendering the body of the message as a simple paragraph: Let's meet at Rama's Roti Shop at 8pm and go to the park from there. A legacy decryption-capable MUA that is unaware of this mechanism will ignore the hp-legacy-display="1" parameter and instead render the body including the Legacy Display elements: Subject: Dinner plans Let's meet at Rama's Roti Shop at 8pm and go to the park from there. Appendix E. Document Changelog [[ RFC Editor: This section is to be removed before publication ]] * draft-ietf-lamps-header-protection-16 - correct variable names in message composition algorithms - make text more readable * draft-ietf-lamps-header-protection-15 Gillmor, et al. Expires 16 March 2024 [Page 188] Internet-Draft Cryptographic MIME Header Protection September 2023 - include clarifications, typos, etc from comments received during WGLC * draft-ietf-lamps-header-protection-14 - provide section references for draft-ietf-lamps-e2e-mail- guidance - encouarge a future IANA named HCP registry if HCP development takes off * draft-ietf-lamps-header-protection-13 - Retitle from "Header Protection for S/MIME" to "Header Protection for Cryptographically Protected E-mail" * draft-ietf-lamps-header-protection-12 - MUST produce HP-Obscured and HP-Removed when generating encrypted messages with non-null HCP - Wrapped Message: move from forwarded=no to protected- headers=wrapped - Wrapped Message: recommend Content-Disposition: inline * draft-ietf-lamps-header-protection-11 - Remove most of the Bcc text (transferred general discussion to e2e-mail-guidance) - Fix bug in algorithm for generating HP-Obscured and HP-Removed - More detail about handling Reply messages - Considerations around handling risky Legacy Display Elements - Narrative descriptions of some worked examples - Describe potential leaks to recipients - Clarify debugging/troubleshooting UX affordances * draft-ietf-lamps-header-protection-10 - Clarify that HCP doesn't apply to structural header fields - Drop out-of-date "Open Issues" section Gillmor, et al. Expires 16 March 2024 [Page 189] Internet-Draft Cryptographic MIME Header Protection September 2023 - Brief commentary on UI of messages with intermediate/mixed protections - Deprecation prospects for messages without protected headers - Describe generating replies to encrypted messages with stronger HCP * draft-ietf-lamps-header-protection-09 - clarify terminology - add privacy and security considerations - clarify HCP examples and baselines - recommend hcp_minimal as default HCP - add HP-Obscured and HP-Removed (avoids reasoning about differences between outside and inside the Cryptographic Envelope) - regenerated test vectors * draft-ietf-lamps-header-protection-08 - MUST compose injected headers, MAY compose wrapped messages - MUST parse both schemes - cleanup and restructure document * draft-ietf-lamps-header-protection-07 - move from legacy display MIME part to legacy display elements within main body part * draft-ietf-lamps-header-protection-06 - document observed problems with legacy MUAs - avoid duplicated outer Message-IDs in hcp_strong test vectors * draft-ietf-lamps-header-protection-05 - fix multipart/signed wrapped test vectors * draft-ietf-lamps-header-protection-04 Gillmor, et al. Expires 16 March 2024 [Page 190] Internet-Draft Cryptographic MIME Header Protection September 2023 - add test vectors - add "problems with Injected Messages" subsection * draft-ietf-lamps-header-protection-03 - dkg takes over from Bernie as primary author - Add Usability section - describe two distinct formats "Wrapped Message" and "Injected Headers" - Introduce Header Confidentiality Policy model - Overhaul message composition guidance - Simplify document creation workflow, move public face to gitlab * draft-ietf-lamps-header-protection-02 - editorial changes / improve language * draft-ietf-lamps-header-protection-01 - Add DKG as co-author - Partial Rewrite of Abstract and Introduction [HB/AM/DKG] - Adding definitions for Cryptographic Layer, Cryptographic Payload, and Cryptographic Envelope (reference to [I-D.ietf-lamps-e2e-mail-guidance]) [DKG] - Enhanced MITM Definition to include Machine- / Meddler-in-the- middle [HB] - Relaxed definition of Original message, which may not be of type "message/rfc822" [HB] - Move "memory hole" option to the Appendix (on request by Chair to only maintain one option in the specification) [HB] - Updated Scope of Protection Levels according to WG discussion during IETF-108 [HB] - Obfuscation recommendation only for Subject and Message-Id and distinguish between Encrypted and Unencrypted Messages [HB] Gillmor, et al. Expires 16 March 2024 [Page 191] Internet-Draft Cryptographic MIME Header Protection September 2023 - Removed (commented out) Header Field Flow Figure (it appeared to be confusing as is was) [HB] * draft-ietf-lamps-header-protection-00 - Initial version (text partially taken over from [I-D.ietf-lamps-header-protection-requirements] Authors' Addresses Daniel Kahn Gillmor American Civil Liberties Union 125 Broad St. New York, NY, 10004 United States of America Email: dkg@fifthhorseman.net Bernie Hoeneisen pEp Foundation Oberer Graben 4 CH- CH-8400 Winterthur Switzerland Email: bernie.hoeneisen@pep.foundation URI: https://pep.foundation/ Alexey Melnikov Isode Ltd 14 Castle Mews Hampton, Middlesex TW12 2NP United Kingdom Email: alexey.melnikov@isode.com Gillmor, et al. Expires 16 March 2024 [Page 192]