LAMPS Working Group D.K. Gillmor Internet-Draft American Civil Liberties Union Intended status: Standards Track B. Hoeneisen Expires: 27 January 2022 pEp Foundation A. Melnikov Isode Ltd 26 July 2021 Header Protection for S/MIME draft-ietf-lamps-header-protection-06 Abstract S/MIME version 3.1 has introduced a feasible standardized option to accomplish Header Protection. However, few implementations generate messages using this structure, and several legacy and non-legacy implementations have revealed rendering issues at the receiving side. Clearer specifications regarding message processing, particularly with respect to header sections, are needed in order to resolve these rendering issues. Some mail user agents are also sending and receiving cryptographically-protected message headers using a different structure. In order to help implementers to correctly compose and render email messages with Header Protection, this document updates S/MIME Header Protection specifications with additional guidance on MIME format, sender and receiver processing. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 27 January 2022. Gillmor, et al. Expires 27 January 2022 [Page 1] Internet-Draft Header Protection S/MIME July 2021 Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Two Schemes of Protected Headers . . . . . . . . . . . . 5 1.2. Problems with Wrapped Messages . . . . . . . . . . . . . 6 1.3. Problems with Injected Headers . . . . . . . . . . . . . 6 1.4. Motivation . . . . . . . . . . . . . . . . . . . . . . . 7 1.5. Other Protocols to Protect Email Headers . . . . . . . . 7 1.6. Requirements Language . . . . . . . . . . . . . . . . . . 7 1.7. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 10 2.1. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2. Security . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3. Usability . . . . . . . . . . . . . . . . . . . . . . . . 11 2.4. Interoperability . . . . . . . . . . . . . . . . . . . . 11 3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.1. Interactions . . . . . . . . . . . . . . . . . . . . . . 11 3.1.1. Main Use Case . . . . . . . . . . . . . . . . . . . . 12 3.1.2. Backward Compatibility Use Cases . . . . . . . . . . 12 3.2. Protection Levels . . . . . . . . . . . . . . . . . . . . 13 3.2.1. In-Scope . . . . . . . . . . . . . . . . . . . . . . 13 3.2.2. Out-of-Scope . . . . . . . . . . . . . . . . . . . . 13 4. Specification . . . . . . . . . . . . . . . . . . . . . . . . 14 4.1. Main Use Case . . . . . . . . . . . . . . . . . . . . . . 14 4.1.1. MIME Format . . . . . . . . . . . . . . . . . . . . . 15 4.1.2. Sending Side . . . . . . . . . . . . . . . . . . . . 17 4.1.3. Default Header Confidentiality Policy . . . . . . . . 22 4.1.4. Receiving Side . . . . . . . . . . . . . . . . . . . 23 4.2. Backward Compatibility Use Cases . . . . . . . . . . . . 31 4.2.1. Receiving Side MIME-Conformant . . . . . . . . . . . 32 4.2.2. Receiving Side Not MIME-Conformant . . . . . . . . . 32 5. Usability Considerations . . . . . . . . . . . . . . . . . . 33 5.1. Mixed Protections Within a Message Are Hard To Understand . . . . . . . . . . . . . . . . . . . . . . . 33 Gillmor, et al. Expires 27 January 2022 [Page 2] Internet-Draft Header Protection S/MIME July 2021 5.2. Users Should Not Have To Choose a Header Confidentiality Policy . . . . . . . . . . . . . . . . . . . . . . . . . 33 6. Security Considerations . . . . . . . . . . . . . . . . . . . 33 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 33 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 10.1. Normative References . . . . . . . . . . . . . . . . . . 33 10.2. Informative References . . . . . . . . . . . . . . . . . 34 Appendix A. Possible Problems with some Legacy Clients . . . . . 36 A.1. Problems Reviewing signed+encrypted Messages in List View . . . . . . . . . . . . . . . . . . . . . . . . . . 36 A.2. Problems when Rendering a signed+encrypted Message . . . 36 A.3. Problems when Replying to a signed+encrypted Message . . 37 A.4. Problems Reviewing signed-only Messages in List View . . 38 A.5. Problems when Rendering a signed-only Message . . . . . . 38 A.6. Problems when Replying to a signed-only Message . . . . . 39 Appendix B. Test Vectors . . . . . . . . . . . . . . . . . . . . 39 B.1. Baseline Messages . . . . . . . . . . . . . . . . . . . . 39 B.1.1. No cryptographic protections over a simple message . 40 B.1.2. S/MIME signed-only signedData over a simple message, No Header Protection . . . . . . . . . . . . . . . . . . 40 B.1.3. S/MIME signed-only multipart/signed over a simple message, No Header Protection . . . . . . . . . . . . 42 B.1.4. S/MIME encrypted and signed over a simple message, No Header Protection . . . . . . . . . . . . . . . . . . 44 B.1.5. No cryptographic protections over a complex message . . . . . . . . . . . . . . . . . . . . . . . 47 B.1.6. S/MIME signed-only signedData over a complex message, No Header Protection . . . . . . . . . . . . . . . . 48 B.1.7. S/MIME signed-only multipart/signed over a complex message, No Header Protection . . . . . . . . . . . . 51 B.1.8. S/MIME encrypted and signed over a complex message, No Header Protection . . . . . . . . . . . . . . . . . . 54 B.2. Signed-only Messages . . . . . . . . . . . . . . . . . . 57 B.2.1. S/MIME signed-only signedData over a simple message, Wrapped Message . . . . . . . . . . . . . . . . . . . 57 B.2.2. S/MIME signed-only multipart/signed over a simple message, Wrapped Message . . . . . . . . . . . . . . 59 B.2.3. S/MIME signed-only signedData over a simple message, Injected Headers . . . . . . . . . . . . . . . . . . 62 B.2.4. S/MIME signed-only multipart/signed over a simple message, Injected Headers . . . . . . . . . . . . . . 63 B.2.5. S/MIME signed-only signedData over a complex message, Wrapped Message . . . . . . . . . . . . . . . . . . . 66 B.2.6. S/MIME signed-only multipart/signed over a complex message, Wrapped Message . . . . . . . . . . . . . . 68 Gillmor, et al. Expires 27 January 2022 [Page 3] Internet-Draft Header Protection S/MIME July 2021 B.2.7. S/MIME signed-only signedData over a complex message, Injected Headers . . . . . . . . . . . . . . . . . . 71 B.2.8. S/MIME signed-only multipart/signed over a complex message, Injected Headers . . . . . . . . . . . . . . 74 B.3. Encrypted-and-signed Messages . . . . . . . . . . . . . . 77 B.3.1. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_minimal . . . . . . . . . . 77 B.3.2. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_minimal . . . . . . . . . . 80 B.3.3. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 B.3.4. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_strong . . . . . . . . . . . 86 B.3.5. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_strong . . . . . . . . . . 89 B.3.6. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_strong (+ Legacy Display) . 92 B.3.7. S/MIME encrypted and signed reply over a simple message, Wrapped Message with hcp_minimal . . . . . . 95 B.3.8. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_minimal . . . . . 98 B.3.9. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . 101 B.3.10. S/MIME encrypted and signed reply over a simple message, Wrapped Message with hcp_strong . . . . . . 105 B.3.11. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_strong . . . . . . 108 B.3.12. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_strong (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . 111 B.3.13. S/MIME encrypted and signed over a complex message, Wrapped Message with hcp_minimal . . . . . . . . . . 114 B.3.14. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_minimal . . . . . . . . . . 118 B.3.15. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 B.3.16. S/MIME encrypted and signed over a complex message, Wrapped Message with hcp_strong . . . . . . . . . . . 126 B.3.17. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_strong . . . . . . . . . . 129 B.3.18. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_strong (+ Legacy Display) . 133 B.3.19. S/MIME encrypted and signed reply over a complex message, Wrapped Message with hcp_minimal . . . . . . 137 B.3.20. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_minimal . . . . . 141 Gillmor, et al. Expires 27 January 2022 [Page 4] Internet-Draft Header Protection S/MIME July 2021 B.3.21. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . 145 B.3.22. S/MIME encrypted and signed reply over a complex message, Wrapped Message with hcp_strong . . . . . . 149 B.3.23. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_strong . . . . . . 153 B.3.24. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_strong (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . 157 Appendix C. Additional information . . . . . . . . . . . . . . . 161 C.1. Stored Variants of Messages with Bcc . . . . . . . . . . 161 Appendix D. Text Moved from Above . . . . . . . . . . . . . . . 162 D.1. MIME Format . . . . . . . . . . . . . . . . . . . . . . . 162 D.1.1. S/MIME Specification . . . . . . . . . . . . . . . . 163 D.1.2. Sending Side . . . . . . . . . . . . . . . . . . . . 165 Appendix E. Document Considerations . . . . . . . . . . . . . . 169 Appendix F. Document Changelog . . . . . . . . . . . . . . . . . 170 Appendix G. Open Issues . . . . . . . . . . . . . . . . . . . . 171 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 172 1. Introduction Privacy and security issues regarding email Header Protection in S/ MIME have been identified for some time. Most current implementations of cryptographically-protected electronic mail protect only the body of the message, which leaves significant room for attacks against otherwise-protected messages. For example, lack of header protection allows an attacker to substitute the message subject and/or author. This document describes two different structures for how message headers can be cryptographically protected, and provides guidance for implementers of MUAs that generate and interpret such messages. It takes particular care to ensure that messages interact reasonably well with legacy MUAs. 1.1. Two Schemes of Protected Headers Unfortunately, there are two different schemes for cryptographically- protected email headers that may be in use on the Internet today. This document addresses them both and provides guidance to implementers. Gillmor, et al. Expires 27 January 2022 [Page 5] Internet-Draft Header Protection S/MIME July 2021 One scheme is the form specified in S/MIME 3.1 and later, which involves wrapping a "message/rfc822" MIME object with a Cryptographic Envelope. This document calls this scheme "Wrapped Message", and it is documented in more detail in [RFC8551]. Experience has shown that this form does not interact well with some legacy MUAs (see Section 1.2). Consequently, another form of header protection is produced and consumed by some MUAs, where the protected headers are placed directly on the Cryptographic Payload, without using an intervening "message/*" MIME object. This document calls this scheme "Injected Headers", and it is documented in more detail in [I-D.autocrypt-lamps-protected-headers]. 1.2. Problems with Wrapped Messages Several legacy MUAs have revealed rendering issues when dealing with a message with headers protected by the Wrapped Message scheme. In some cases the user sees an attachment suggesting a forwarded email message, which -- in fact -- contains the protected email message that should be rendered directly. For these cases, the user can click on the attachment to view the protected message. However, there have also been reports of email clients displaying garbled text, or sometimes nothing at all. In those cases the email clients on the receiving side are (most likely) not fully MIME-capable. The following shortcomings have been identified to cause these issues: * Broken or incomplete implementations * Lack of a simple means to distinguish "forwarded message" and "wrapped message" (for the sake of Header Protection) * Not enough guidance with respect to handling of Header Fields on both the sending and the receiving side 1.3. Problems with Injected Headers A legacy MUA dealing with an encrypted message that has some header fields obscured using the Injected Headers scheme will not render the obscured header fields to the user at all. A workaround "legacy display" mechanism is provided in this document, which some legacy MUAs will render to the user, albeit not in the same location that the header fields would normally be rendered. However, some legacy MUAs also fail to render the "legacy display" part, leaving the obscured header fields hidden from users of those MUAs. Gillmor, et al. Expires 27 January 2022 [Page 6] Internet-Draft Header Protection S/MIME July 2021 1.4. Motivation Furthermore, the need (technical) Data Minimization, which includes data sparseness and hiding all technically concealable information, has grown in importance over the past several years. In addition, backwards compatibility must be considered when it is possible to do so without compromising privacy and security. No mechanism for Header Protection has been standardized for PGP/MIME (Pretty Good Privacy) [RFC3156] yet. PGP/MIME developers have implemented ad-hoc header-protection, and would like to see a specification that is applicable to both S/MIME and PGP/MIME. This document describes the problem statement (Section 2), generic use cases (Section 3) and the specification for Header Protection (Section 4) with guidance on MIME format, sender and receiver processing . [I-D.ietf-lamps-header-protection-requirements] defines the requirements that this specification is based on. This document is in an early draft state and contains a proposal on which to base future discussions of this topic. In any case, the final mechanism is to be determined by the IETF LAMPS WG. 1.5. Other Protocols to Protect Email Headers A range of protocols for the protection of electronic mail (email) exists, which allows one to assess the authenticity and integrity of the email headers section or selected Header Fields from the domain- level perspective, specifically DomainKeys Identified Mail (DKIM) [RFC6376], as used by Domain-based Message Authentication, Reporting, and Conformance (DMARC) [RFC7489]. These protocols provide a domain- based reputation mechanism that can be used to mitigate some forms of unsolicited email (spam). At the same time, these protocols can provide a level of cryptographic integrity and authenticity for some headers, depending on how they are used. However, integrity protection and proof of authenticity are both tied to the domain name of the sending e-mail address, not the sending address itself, so these protocols do not provide end-to-end protection, and are incapable of providing any form of confidentiality. 1.6. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Gillmor, et al. Expires 27 January 2022 [Page 7] Internet-Draft Header Protection S/MIME July 2021 1.7. Terms The following terms are defined for the scope of this document: * Man-in-the-middle (MITM) attack: cf. [RFC4949], which states: "A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association." Note: Historically, MITM has stood for '_Man_-in-the-middle'. However, to indicate that the entity in the middle is not always a human attacker, MITM can also stand for 'Machine-in-the-middle' or 'Meddler-in-the-middle'. * S/MIME: Secure/Multipurpose Internet Mail Extensions (cf. [RFC8551]) * PGP/MIME: MIME Security with OpenPGP (cf. [RFC3156]) * Message: An Email Message consisting of Header Fields (collectively called "the Header Section of the message") followed, optionally, by a Body; cf. [RFC5322]. Note: To avoid ambiguity, this document does not use the terms "Header" or "Headers" in isolation, but instead always uses "Header Field" to refer to the individual field and "Header Section" to refer to the entire collection; cf. [RFC5322]. * Header Field (HF): cf. [RFC5322] Header Fields are lines beginning with a field name, followed by a colon (":"), followed by a field body (value), and terminated by CRLF. * Header Section (HS): The Header Section is a sequence of lines of characters with special syntax as defined in [RFC5322]. It is the (top) section of a Message containing the Header Fields. * Body: The Body is simply a sequence of bytes that follows the Header Section and is separated from the Header Section by an empty line (i.e., a line with nothing preceding the CRLF); cf [RFC5322]. It is the (bottom) section of Message containing the payload of a Message. Typically, the Body consists of a (possibly multipart) MIME [RFC2045] construct. * MIME Header Fields: Header Fields describing content of a MIME entity [RFC2045], in particular the MIME structure. Each MIME Header Field name starts with "Content-" prefix. Gillmor, et al. Expires 27 January 2022 [Page 8] Internet-Draft Header Protection S/MIME July 2021 * MIME Header Section (part): The collection of MIME Header Fields. "MIME Header Section" refers to a Header Sections that contains only MIME Header Fields, whereas "MIME Header Section part" refers to the MIME Header Fields of a Header Section that - in addition to MIME Header Fields - also contains non-MIME Header Fields. * Essential Header Fields (EHF): The minimum set of Header Fields an Outer Message Header Section SHOULD contain; cf. Appendix D.1.2.5. * Header Protection (HP): cryptographic protection of email Header Sections (or parts of it) for signatures and/or encryption * Protection Levels (PL): The level of protection applied to a Message, e.g. 'signature and encryption' or 'signature only' (cf. Section 3.2). * Protected: Portions of a message that have had any Protection Levels applied. * Protected Message: A Message that has had any Protection Levels applied. * Unprotected: Portions of a Message that has had no Protection Levels applied. * Unprotected Message: A Message that has had no Protection Levels applied. * Submission Entity: The entity which executes further processing of the Message (incl. transport towards the receiver), after protection measures have been applied to the Message. Note: The Submission Entity varies among implementations, mainly depending on the stage where protection measures are applied: E.g. a Message Submission Agent (MSA) [RFC6409] or another (proprietary) solution. The latter is particularly relevant, if protection is implemented as a plugin solution. Some implementations may determine the destination recipients by reading the To, Cc and Bcc Header Fields of the Outer Message. * Original Message (OrigM): The Message to be protected before any protection-related processing has been applied on the sending side. If the source is not a "message/rfc822" Message, OrigM is defined as the "virtual" Message that would be constructed for sending it as unprotected email. Gillmor, et al. Expires 27 January 2022 [Page 9] Internet-Draft Header Protection S/MIME July 2021 * Inner Message (InnerM): The Message to be protected which has had wrapping and protection measures applied on the sending side OR the resulting Message once decryption and unwrapping on the receiving side has been performed. Typically, the Inner Message is in clear text. The Inner Message is a subset of (or the same as) the Original Message. The Inner Message must be the same on the sending and the receiving side. * Outer Message (OuterM): The Message as provided to the Submission Entity or received from the last hop respectively. The Outer Message normally differs on the sending and the receiving side (e.g. new Header Fields are added by intermediary nodes). * Receiving User Facing Message (RUFM): The Message used for rendering at the receiving side. Typically this is the same as the Inner Message. * Data Minimization: Data sparseness and hiding of all technically concealable information whenever possible. * Cryptographic Layer, Cryptographic Payload, Cryptographic Envelope, Structural Headers, and MUA are all used as defined in [I-D.dkg-lamps-e2e-mail-guidance] * User-Facing Headers are defined in [I-D.autocrypt-lamps-protected-headers]. * Legacy MUA: a MUA that does not understand protected headers as described in this document. A Legacy Non-Crypto MUA is incapable of doing any end-to-end cryptographic operations. A Legacy Crypto MUA is capable of doing cryptographic operations, but does not understand or generate protected headers. * Wrapped Message: The protected headers scheme that uses the mechanism described in [RFC8551], where the Cryptographic Payload is a "message/rfc822" or "message/global" MIME object. * Injected Headers: The protected headers scheme that uses the mechanism described in [I-D.autocrypt-lamps-protected-headers], where the protected headers are inserted on the Cryptographic Payload directly. * Header Confidentiality Policy: documented in Section 4.1.2.2 2. Problem Statement The LAMPS charter contains the following Work Item: Gillmor, et al. Expires 27 January 2022 [Page 10] Internet-Draft Header Protection S/MIME July 2021 Update the specification for the cryptographic protection of email headers -- both for signatures and encryption -- to improve the implementation situation with respect to privacy, security, usability and interoperability in cryptographically-protected electronic mail. Most current implementations of cryptographically-protected electronic mail protect only the body of the message, which leaves significant room for attacks against otherwise-protected messages. In the following a set of challenges to be addressed: [[ TODO: Enhance this section, add more items to the following. ]] 2.1. Privacy * (Technical) Data Minimization, which includes data sparseness and hiding all technically concealable information whenever possible 2.2. Security * Prevent MITM attacks (cf. [RFC4949]) 2.3. Usability * Improved User interaction / User experience, in particular at the receiving side 2.4. Interoperability * Interoperability with [RFC8551] implementations 3. Use Cases In the following, the reader can find a list of the generic use cases that need to be addressed for Messages with Header Protection (HP). These use cases apply regardless of technology (S/MIME, PGP/MIME, etc.) used to achieve HP. 3.1. Interactions The following use cases assume that at least the sending side supports Header Protection as specified in this document. Receiving sides that support this specification are expected to be able to distinguish between Messages that use Header Protection as specified in this document, and (legacy) Mail User Agents (MUAs) which do not implement this specification. [[ TODO: Verify once solution is stable and update last sentence. ]] Gillmor, et al. Expires 27 January 2022 [Page 11] Internet-Draft Header Protection S/MIME July 2021 3.1.1. Main Use Case Both the sending and receiving side (fully) support Header Protection as specified in this document. The main use case is specified in Section 4.1. 3.1.2. Backward Compatibility Use Cases Regarding backward compatibility, the main distinction is based on whether or not the receiving side conforms to MIME according to [RFC2046], ff., which in particular also includes Section 2 of [RFC2049] on "MIME Conformance". The following excerpt is contextually relevant: A mail user agent that is MIME-conformant MUST: [...] -- Recognize and display at least the RFC822 message encapsulation (message/rfc822) in such a way as to preserve any recursive structure, that is, displaying or offering to display the encapsulated data in accordance with its media type. -- Treat any unrecognized subtypes as if they were "application/octet-stream". [...] An MUA that meets the above conditions is said to be MIME- conformant. A MIME-conformant MUA is assumed to be "safe" to send virtually any kind of properly-marked data to users of such mail systems, because these systems are, at a minimum, capable of treating the data as undifferentiated binary, and will not simply splash it onto the screen of unsuspecting users. [[ TODO: The compatibility of legacy HP systems with this new solution, and how to handle issues surrounding future maintenance for these legacy systems, will be decided by the LAMPS WG. ]] 3.1.2.1. Receiving Side MIME-Conformant The sending side (fully) supports Header Protection as specified in this document, while the receiving side does not support this specification. However, the receiving side is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2). Gillmor, et al. Expires 27 January 2022 [Page 12] Internet-Draft Header Protection S/MIME July 2021 This use case is specified in Section 4.2.1. Note: This case should perform as expected if the sending side applies this specification as outlined in Section 4.1. [[ TODO: Verify once solution is stable and update last sentence. ]] 3.1.2.2. Receiving Side Not MIME-Conformant The sending side (fully) supports Header Protection as specified in this document, while the receiving side does not support this specification. Furthermore, the receiving side is *not* MIME- conformant according to [RFC2045], ff. (cf. Section 3.1.2). This use case is specified in Section 4.2.2. 3.2. Protection Levels 3.2.1. In-Scope The following Protection Levels are in scope for this document: a) Signature and encryption Messages containing a cryptographic signature, which are also encrypted. b) Signature only Messages containing a cryptographic signature, but which are not encrypted. 3.2.2. Out-of-Scope Legacy implementations, implementations not (fully) compliant with this document or corner-cases may lead to further Protection Levels to appear on the receiving side, such as (list not exhaustive): * Triple wrap * Encryption only * Encryption before signature * Signature and encryption, but: - Signature fails to validate Gillmor, et al. Expires 27 January 2022 [Page 13] Internet-Draft Header Protection S/MIME July 2021 - Signature validates but the signing certificate revoked * Signature only, but: - with multiple valid signatures, layered atop each other These Protection Levels, as well as any further Protection Levels not listed in Section 3.2.1 are beyond the scope of this document. 4. Specification This section contains the specification for Header Protection in S/ MIME to update and clarify Section 3.1 of [RFC8551] (S/MIME 4.0). Note: It is likely that PGP/MIME [RFC3156] will also incorporate this specification or parts of it. This specification applies to the Protection Levels "signature & encryption" and "signature only" (cf. Section 3.2): Sending and receiving sides MUST implement the "signature and encryption" Protection Level, which SHOULD be used as default on the sending side. Certain implementations may decide to send "signature only" Messages, depending on the circumstances and customer requirements. Sending sides MAY and receiving sides MUST implement "signature only" Protection Level. It generally is NOT RECOMMENDED to send a Message with any other Protection Level. On the other hand, the receiving side must be prepared to receive Messages with other Protection Levels. [[ TODO: Further study is necessary to determine whether - and if yes to what extent - additional guidance for handling messages with other Protection Levels, e.g. "encryption only" at the receiving side should be included in this document. ]] 4.1. Main Use Case This section applies to the main use case, where the sending and receiving side (fully) support Header Protection as specified herein (cf. Section 3.1.1). Gillmor, et al. Expires 27 January 2022 [Page 14] Internet-Draft Header Protection S/MIME July 2021 Note: The sending side specification of the main use case is also applicable to the cases where the sending side (fully) supports Header Protection as specified herein, while the receiving side does not, but is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.1). Further backward compatibility cases are defined in Section 4.2. 4.1.1. MIME Format 4.1.1.1. Introduction As per S/MIME version 3.1 and later (cf. [RFC8551]), the sending client MAY wrap a full MIME message in a message/RFC822 wrapper in order to apply S/MIME security services to these header fields. To help the receiving side to distinguish between a forwarded and a wrapped message, the Content-Type header field parameter "forwarded" is added as defined in [I-D.melnikov-iana-reg-forwarded]. The simplified (cryptographic overhead not shown) MIME structure of such an Email Message looks as follows: The following example demonstrates how an Original Message might be protected, i.e., the Original Message is contained as Inner Message in the Protected Body of an Outer Message. It illustrates the first Body part (of the Outer Message) as a "multipart/signed" (application/pkcs7-signature) media type: Lines are prepended as follows: * "O: " Outer Message Header Section * "I: " Message Header Section * "W: " Wrapper (MIME Header Section) Gillmor, et al. Expires 27 January 2022 [Page 15] Internet-Draft Header Protection S/MIME July 2021 O: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time) O: Message-ID: O: Subject: Meeting at my place O: From: "Alexey Melnikov" O: To: somebody@example.net O: MIME-Version: 1.0 O: Content-Type: multipart/signed; charset=us-ascii; micalg=sha1; O: protocol="application/pkcs7-signature"; O: boundary=boundary-AM This is a multipart message in MIME format. --boundary-AM W: Content-Type: message/RFC822; forwarded=no W: I: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time) I: From: "Alexey Melnikov" I: Message-ID: I: MIME-Version: 1.0 I: MMHS-Primary-Precedence: 3 I: Subject: Meeting at my place I: To: somebody@example.net I: X-Mailer: Isode Harrier Web Server I: Content-Type: text/plain; charset=us-ascii This is an important message that I don't want to be modified. --boundary-AM Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature [[base-64 encoded signature]] --boundary-AM-- The Outer Message Header Section is unprotected, while the remainder (Outer Message Body) is protected. The Outer Message Body consists of the wrapper (MIME Header Section) and the Inner Message (Header Section and Body). The wrapper is a simple MIME Header Section with media type "message/ rfc822" containing a Content-Type header field parameter "forwarded=no" followed by an empty line. If the source is an Original (message/rfc822) Message, the Inner Message Header Section is typically the same as (or a subset of) the Original Message Header Section, and the Inner Message Body is typically the same as the Original Message Body. Gillmor, et al. Expires 27 January 2022 [Page 16] Internet-Draft Header Protection S/MIME July 2021 The Inner Message itself may contain any MIME structure. Note: It is still to be decided by the LAMPS WG whether or not to recommend an alternative MIME format as described in Appendix D.1.1.1 (instead of the currently standardized and above defined format). 4.1.2. Sending Side This section describes the process an MUA should use to apply cryptographic protection to an e-mail message with header protection. We start by describing the legacy message composition process as a baseline. 4.1.2.1. Composing a Cryptographically-Protected Message Without Header Protection [I-D.dkg-lamps-e2e-mail-guidance] describes the typical process for a legacy crypto MUA to apply cryptographic protections to an e-mail message. That guidance and terminology is replicated here for reference: * "origbody": the traditional unprotected message body as a well- formed MIME tree (possibly just a single MIME leaf part). As a well-formed MIME tree, "origbody" already has structural headers ("Content-*") present. * "origheaders": the intended non-structural headers for the message, represented here as a list of "(h,v)" pairs, where "h" is a header field name and "v" is the associated value. Note that these are header fields that the MUA intends to be visible to the recipient of the message. In particular, if the MUA uses the "Bcc" header during composition, but plans to omit it from the message (see section 3.6.3 of [RFC5322]), it will not be in "origheaders". * "crypto": The series of cryptographic protections to apply (for example, "sign with the secret key corresponding to X.509 certificate X, then encrypt to X.509 certificates X and Y"). This is a routine that accepts a MIME tree as input (the Cryptographic Payload), wraps the input in the appropriate Cryptographic Envelope, and returns the resultant MIME tree as output. The algorithm returns a MIME object that is ready to be injected into the mail system: * Apply "crypto" to "origbody", yielding MIME tree "output" * For each header name and value "(h,v)" in "origheaders": Gillmor, et al. Expires 27 January 2022 [Page 17] Internet-Draft Header Protection S/MIME July 2021 - Add header "h" of "output" with value "v" * Return "output" 4.1.2.2. Header Confidentiality Policy When composing an encrypted message with protected headers, the composing MUA needs a Header Confidentialiy Policy. In this document, we represent that Header Confidentiality Policy as a function "hcp": * "hcp(name, val_in) --> val_out": this function takes a header field name "name" and initial value "val_in" as arguments, and returns a replacement header value "val_out". If "val_out" is the special value "null", it mean that the header in question should be omitted from the set of headers visible outside the Cryptographic Envelope. For example, an MUA that only obscures the "Subject" header field by replacing it with the literal string "[...]" and does not offer confidentiality to any other header fields would be represented as (in pseudocode): "hcp(name, val_in) --> val_out: if name is 'Subject': return '[...]' else: return val_in" Note that such a policy is only needed when the end-to-end protections include encryption (confidentiality). No comparable policy is needed for other end-to-end cryptographic protections (integrity and authenticity), as they are simply uniformly applied so that all header fields known by the sender have these protections. This asymmetry is an unfortunate consequence of complexities in message delivery systems, some of which may reject, drop, or delay messages where all headers are removed from the top-level MIME object. This document does not mandate any particular Header Confidentiality Policy, though it offers guidance for MUA implementers in selecting one in Section 4.1.3. Future documents may recommend or mandate such a policy for an MUA with specific needs. Such a recommendation might be motivated by descriptions of metadata-derived attacks, or stem from research about message deliverability, or describe new signalling mechanisms, but these topics are out of scope for this document. Gillmor, et al. Expires 27 January 2022 [Page 18] Internet-Draft Header Protection S/MIME July 2021 4.1.2.3. Composing with "Wrapped Message" Header Protection To compose a message using "Wrapped Message" header protection, we use those inputs described in Section 4.1.2.1 plus the Header Confidentiality Policy "hcp" defined in Section 4.1.2.2. The new algorithm is: * For header name and value "(h,v)" in "origheaders": - Add header "h" of "origbody" with value "v" * If any of the header fields in "origbody", including headers in the nested internal MIME structure, contain any 8-bit UTF-8 characters (see section section 3.7 of [RFC6532]): - Let "payload" be a new MIME part with one header: "Content- Type: message/global; forwarded=no", and whose body is "origbody". * Else: - Let "payload" be a new MIME part with one header: "Content- Type: message/rfc822; forwarded=no", and whose body is "origbody". * Apply "crypto" to "payload", yielding MIME tree "output" * If "crypto" contains encryption: - Create new empty list of header field names and values "newh" - For header name and value "(h,v)" in "origheaders": o Let "newval" be "hcp(h, v)" o If "newval" is not "null": + Append "(h,newval)" to "newh" - Set "origheaders" to "newh" * For header name and value "(h,v)" in "origheaders": - Add header "h" of "output" with value "v" * Return "output" Gillmor, et al. Expires 27 January 2022 [Page 19] Internet-Draft Header Protection S/MIME July 2021 Note that the Header Confidentiality Policy "hcp" is ignored if "crypto" does not contain encryption. This is by design. 4.1.2.4. Composing with "Injected Headers" Header Protection To compose a message using "Injected Headers" header protection, the composing MUA needs one additional input in addition to the Header Confidentiality Policy "hcp" defined in Section 4.1.2.2. * "legacy": a boolean value, indicating whether any recipient of the message is believed to have a legacy client. If all recipients are known to implement this draft, "legacy" should be set to "false". (How a MUA determines the value of "legacy" is out of scope for this document; an initial implementation can simply set it to "true") The revised algorithm for applying cryptographic protection to a message is as follows: * Create a new MIME leaf part "legacydisplay" with header "Content- Type: text/plain; protected-headers="v1"" and an empty body. * if "crypto" contains encryption, and "legacy" is "true": - For each header name and value "(h,v)" in "origheaders": o If "h" is user-facing (see [I-D.autocrypt-lamps-protected-headers]): + If "hcp(h,v)" is not "v": * Add "h: v" to the body of "legacydisplay". For example, if "h" is "Subject", and "v" is "lunch plans?", then add the line "Subject: lunch plans?" to the body of "legacydisplay" * If the body of "legacydisplay" is empty: - Let "payload" be MIME part "origbody", discarding "legacydisplay" * Else: (body of "legacydisplay" is not empty) - Construct a new MIME part "wrapper" with "Content-Type: multipart/mixed" - Give "wrapper" exactly two subparts: "legacydisplay" and "origbody", in that order. Gillmor, et al. Expires 27 January 2022 [Page 20] Internet-Draft Header Protection S/MIME July 2021 - Let "payload" be MIME part "wrapper" * For each header name and value "(h,v)" in "origheaders": - Add header "h" of MIME part "payload" with value "v" * Set the "protected-headers" parameter on the "Content-Type" of "payload" to "v1" * Apply "crypto" to "payload", producing MIME tree "output" * If "crypto" contains encryption: - Create new empty list of header field names and values "newh" - For header name and value "(h,v)" in "origheaders": o Let "newval" be "hcp(h, v)" o If "newval" is not "null": + Add "newh[h]" to "newval" - Set "origheaders" to "newh" * For each header name and value "(h,v)" in "origheaders": - Add header "h" of "output" with value "v" * Return "output" Note that both new parameters ("hcp" and "legacy") are effectively ignored if "crypto" does not contain encryption. This is by design, because they are irrelevant for signed-only cryptographic protections. 4.1.2.5. Choosing Between Wrapped Message and Injected Headers When composing a message with end-to-end cryptographic protections, an MUA SHOULD protect the headers of that message as well as the body. An MUA MAY protect the headers of any outbound message using either the "Wrapped Message" or the "Injected Headers" style of protection. See Section 4.2 for more discussion about reasons to choose one mechanism or another. Gillmor, et al. Expires 27 January 2022 [Page 21] Internet-Draft Header Protection S/MIME July 2021 [[ TODO: this document should recommend generation of one particular scheme by default for new implementers ]] 4.1.3. Default Header Confidentiality Policy An MUA SHOULD have a sensible default Header Confidentiality Policy, and SHOULD NOT require the user to select one. The default Header Confidentiality Policy SHOULD provide confidentiality for the "Subject" header field by replacing it with the literal string "[...]". Most users treat the Subject of a message the same way that they treat the body, and they are surprised to find that the Subject of an encrypted message is visible. [[ TODO: select one of the two policies below the recommended default ]] 4.1.3.1. Minimalist Header Confidentiality Policy Accordingly, the most conservative recommended Header Confidentiality Policy only protects the "Subject": "hcp_minimal(name, val_in) --> val_out: if name is 'Subject': return '[...]' else: return val_in" 4.1.3.2. Strong Header Confidentiality Policy Alternately, a more aggressive (and therefore more privacy- preserving) Header Confidentiality Policy only leaks a handful of fields whose absence is known to increase rates of delivery failure, and simultaneously obscures the "Message-ID" behind a random new one: "hcp_strong(name, val_in) --> val_out: if name in ['From', 'To', 'Cc', 'Date']: return val_in else if name is 'Subject': return '[...]' else if name is 'Message-ID': return generate_new_message_id() else: return null" The function "generate_new_message_id()" represents whatever process the MUA typically uses to generate a "Message-ID" for a new outbound message. 4.1.3.3. Offering Stronger Header Confidentiality A MUA MAY offer even stronger confidentiality for headers of an encrypted message than described in Section 4.1.3.2. For example, it might implement an HCP that obfuscates the "From" field, or omits the "Cc" field, or ensures "Date" is represented in "UTC" (obscuring the local timezone). Gillmor, et al. Expires 27 January 2022 [Page 22] Internet-Draft Header Protection S/MIME July 2021 The authors of this document hope that implementers with deployment experience will document their chosen Header Confidentiality Policy and the rationale behind their choice. 4.1.4. Receiving Side An MUA that receives a cryptographically-protected e-mail will render it for the user. The receiving MUA will render the message body, a selected subset of header fields, and (as described in [I-D.dkg-lamps-e2e-mail-guidance]) provide a summary of the cryptographic properties of the message. Most MUAs only render a subset of header fields by default. For example, few MUAs typically render "Message-Id" or "Received" header fields for the user, but most do render "From", "To", "Cc", "Date", and "Subject". A MUA that knows how to handle a message with protected headers makes the following two changes to its behavior when rendering a message: * If it detects that an incoming message had protected headers, it renders header fields for the message from the protected headers, ignoring the external (unprotected) headers. * It includes information in the message's cryptographic summary to indicate the types of protection that applied to each rendered header field (if any). A MUA that handles protected headers does _not_ need to render any new header fields that it did not render before. 4.1.4.1. Identifying that a Message has Protected Headers An incoming message can be identified as having protected headers based on one of two signals: * The Cryptographic Payload has "Content-Type: message/rfc822" or "Content-Type: message/global" and the parameter "forwarded" has a value of "no". See Section 4.1.4.3 for rendering guidance. * The Cryptographic Payload has some other "Content-Type" and it has parameter "protected-headers" set to "v1". See Section 4.1.4.4 for rendering guidance. Gillmor, et al. Expires 27 January 2022 [Page 23] Internet-Draft Header Protection S/MIME July 2021 Messages of both types exist in the wild, and a sensible MUA should be able to handle them both. They provide the same semantics and the same meaning. 4.1.4.2. Updating the Cryptographic Summary Regardless of whether a cryptographically-protected message has protected headers, the cryptographic summary of the message should be modified to indicate what protections the headers have. Each header individually has exactly one the following protections: * "unprotected" (this is the case for all headers in messages that have no protected headers) * "signed-only" (bound into the same validated signature as the enclosing message, but also visible in transit) * "encrypted-only" (only appears within the cryptographic payload; the corresponding external header was either omitted or obfuscated) * "encrypted-and-signed" (same as encrypted, but additionally is under a validatd signature) Note that while the message itself may be "encrypted-and-signed", some headers may be replicated on the outside of the message (e.g. "Date") Those headers would be "signed-only", despite the message itself being "encrypted-and-signed". Rendering this information is likely to be complex and messy --- users may not understand it. It is beyond the scope of this document to suggest any specific graphical affordances or user experience. Future work should include examples of successful rendering of this information. 4.1.4.3. Rendering a Wrapped Message When the Cryptographic Payload has "Content-Type" of "message/rfc822" or "message/global", and the parameter "forwarded" is set to "no", the values of the protected headers are drawn from the headers of the Cryptographic Payload, and the body that is rendered is the body of the Cryptographic Payload. 4.1.4.3.1. Example Signed-Only Wrapped Message Consider a message with this structure, where the MUA is able to validate the cryptographic signature: Gillmor, et al. Expires 27 January 2022 [Page 24] Internet-Draft Header Protection S/MIME July 2021 A └─╴application/pkcs7-mime; smime-type="signed-data" ⇩ (unwraps to) B └┬╴message/rfc822 [Cryptographic Payload] C └┬╴multipart/alternative [Rendered Body] D ├─╴text/plain E └─╴text/html The message body should be rendered the same way as this message: C └┬╴multipart/alternative D ├─╴text/plain E └─╴text/html It should render header fields taken from part "C". Its cryptographic summary should indicates that the message was signed and all rendered header fields were included in the signature. The MUA SHOULD ignore header fields from part "A" for the purposes of rendering. 4.1.4.3.2. Example Encrypted-and-Signed Wrapped Message Consider a message with this structure, where the MUA is able to validate the cryptographic signature: F └─╴application/pkcs7-mime; smime-type="enveloped-data" ↧ (decrypts to) G └─╴application/pkcs7-mime; smime-type="signed-data" ⇩ (unwraps to) H └┬╴message/rfc822 [Cryptographic Payload] I └┬╴multipart/alternative [Rendered Body] J ├─╴text/plain K └─╴text/html The message body should be rendered the same way as this message: I └┬╴multipart/alternative J ├─╴text/plain K └─╴text/html It should render headers taken from part "I". Gillmor, et al. Expires 27 January 2022 [Page 25] Internet-Draft Header Protection S/MIME July 2021 Its cryptographic summary should indicates that the message was signed and encrypted. Each rendered header field found in "I" should be compared against the header field of the same name from "F". If the value found in "F" matches the value found in "I", the header field should be marked as "signed-only". If no matching header field was found in "F", or the value found did not match the value from "I", the header field should be marked as "signed-and-encrypted". 4.1.4.4. Rendering a Message with Injected Headers When the Cryptographic Payload does not have a "Content-Type" of "message/rfc822" or "message/global", and the parameter "protected- headers" is set to "v1", the values of the protected headers are drawn from the headers of the Cryptographic Payload, and the body that is rendered is the Cryptographic Payload itself. 4.1.4.4.1. Example Signed-only Message with Injected Headers L └─╴application/pkcs7-mime; smime-type="signed-data" ⇩ (unwraps to) M └┬╴multipart/alternative [Cryptographic Payload + Rendered Body] N ├─╴text/plain O └─╴text/html The message body should be rendered the same way as this message: M └┬╴multipart/alternative N ├─╴text/plain O └─╴text/html It should render header fieldss taken from part "M". Its cryptographic summary should indicates that the message was signed and all rendered header fields were included in the signature. The MUA SHOULD ignore header fields from part "L" for the purposes of rendering. 4.1.4.4.2. Example Signed-and-Encrypted Message with Injected Headers Consider a message with this structure, where the MUA is able to validate the cryptographic signature: Gillmor, et al. Expires 27 January 2022 [Page 26] Internet-Draft Header Protection S/MIME July 2021 P └─╴application/pkcs7-mime; smime-type="enveloped-data" ↧ (decrypts to) Q └─╴application/pkcs7-mime; smime-type="signed-data" ⇩ (unwraps to) R └┬╴multipart/alternative [Cryptographic Payload + Rendered Body] S ├─╴text/plain T └─╴text/html The message body should be rendered the same way as this message: R └┬╴multipart/alternative S ├─╴text/plain T └─╴text/html It should render headers taken from part "R". Its cryptographic summary should indicates that the message was signed and encrypted. As in Section 4.1.4.3.2, each rendered header field found in "R" should be compared against the header field of the same name from "P". If the value found in "P" matches the value found in "R", the header field should be marked as "signed-only". If no matching header field was found in "P", or the value found did not match the value from "R", the header field should be marked as "signed-and-encrypted". 4.1.4.4.3. Do Not Render Legacy Display Part As described [I-D.autocrypt-lamps-protected-headers], a message with cryptographic confidentiality protection MAY include a "Legacy Display" part for backward-compatibility with legacy MUAs The receiving MUA SHOULD avoid rendering the Legacy Display part to the user at all, since it is aware of and can render the actual Protected Headers. If a Legacy Display part is detected, it and its enclosing "multipart/mixed" wrapper should be discarded before rendering. 4.1.4.4.3.1. Legacy Display Detection Algorithm A receiving MUA acting on a message SHOULD detect the presence of a Legacy Display part and the corresponding "original body" with the following simple algorithm: * Check that all of the following are true for the message: * The Cryptographic Envelope must contain an encrypting Cryptographic Layer Gillmor, et al. Expires 27 January 2022 [Page 27] Internet-Draft Header Protection S/MIME July 2021 * The Cryptographic Payload must have a "Content-Type" of "multipart/mixed" * The Cryptographic Payload must have exactly two subparts * The first subpart of the Cryptographic Payload must have a "Content-Type" of "text/plain" or "text/rfc822-headers" * The first subpart of the Cryptographic Payload's "Content-Type" must contain a property of "protected-headers", and its value must be "v1". * If all of the above are true, then the first subpart is the Legacy Display part, and the second subpart is the "original body". Otherwise, the message does not have a Legacy Display part. 4.1.4.4.3.2. Legacy Display Example Consider a message with this structure, where the MUA is able to validate the cryptographic signature: U └─╴application/pkcs7-mime; smime-type="enveloped-data" ↧ (decrypts to) V └─╴application/pkcs7-mime; smime-type="signed-data" ⇩ (unwraps to) W └┬╴multipart/mixed [Cryptographic Payload] X ├─╴text/plain [Legacy Display] Y └┬╴multipart/alternative [Rendered Body] Z ├─╴text/plain A' └─╴text/html The message body should be rendered the same way as this message, effectively hiding the Legacy Display part ("X") and its wrapper: Y └┬╴multipart/alternative Z ├─╴text/plain A' └─╴text/html It should render headers taken from part "W", following the same guidance as in Section 4.1.4.4.2 and Section 4.1.4.3.2 about the cryptographic status of each rendered header field. 4.1.4.5. Affordances for Debugging and Troubleshooting Note that advanced users of an MUA may need access to the original message, for example to troubleshoot problems with the MUA itself, or problems with the SMTP transport path taken by the message. Gillmor, et al. Expires 27 January 2022 [Page 28] Internet-Draft Header Protection S/MIME July 2021 A MUA that applies these rendering guidelines SHOULD ensure that the full original source of the message as it was received remains available to such a user for debugging and troubleshooting. 4.1.4.6. Composing a Reply to an Encrypted Message with Protected Headers When composing a reply to an encrypted message with protected headers, the MUA is acting both as a receiving MUA and as a sending MUA. Special guidance applies here, as things can go wrong in at least two ways: leaking previously-confidential information, and replying to the wrong party. 4.1.4.6.1. Avoid Leaking Encrypted Headers in Reply As noted in [I-D.dkg-lamps-e2e-mail-guidance], an MUA in this position MUST NOT leak previously-encrypted content in the clear in a followup message. The same is true for protected headers. Values from any header field that was identified as either "encrypted" or "signed-and-encrypted" based on the steps outlined above MUST NOT be placed in cleartext output when generating a message. In particular, if "Subject" was encrypted, and it is copied into the draft encrypted reply, the replying MUA MUST obfuscate the "Subject" field in the cleartext header as described above. [[ TODO: formally describe how a replying MUA should generate a message-specific Header Protection policy based on the cryptographic status of the headers of the incoming message ]] 4.1.4.6.2. Avoid Misdirected Replies to Encrypted Messages with Protected Headers When replying to a message, the Composing MUA typically decides who to send the reply to based on: * the "Reply-To", "Mail-Followup-To", or "From" headers * optionally, the other "To" or "Cc" headers (if the user chose to "reply all") When a message has protected headers, the replying MUA MUST populate the destination fields of the draft message using the protected headers, and ignore any unprotected headers. Gillmor, et al. Expires 27 January 2022 [Page 29] Internet-Draft Header Protection S/MIME July 2021 This mitigates against an attack where Mallory gets a copy of an encrypted message from Alice to Bob, and then replays the message to Bob with an additional "Cc" to Mallory's own e-mail address in the message's outer header. If Bob knows Mallory's certificate already, and he replies to such a message without following the guidance in this section, it's likely that his MUA will encrypt the cleartext of the message directly to Mallory. 4.1.4.7. Implicitly-rendered Header Fields While "From" and "To" and "Cc" and "Subject" and "Date" are often explicitly rendered to the user, some header fields do affect message display, without being explicitly rendered. For example, "Message-Id", "References", and "In-Reply-To" header fields may collectively be used to place a message in a "thread" or series of messages. In another example, Section 4.1.4.6.2 observes that the value of the "Reply-To" field can influence the draft reply message. So while the user may never see the "Reply-To" header directly, it is implicitly "rendered" when the user interacts with the message by replying to it. An MUA that depends on any implicitly-rendered header field in a message with protected headers SHOULD use the value from the protected header, and SHOULD NOT use any value found outside the cryptographic protection. 4.1.4.8. Unprotected Headers Added in Transit Some headers are legitimately added in transit, and could not have been known to the sender at message composition time. The most common of these headers are "Received" and "DKIM-Signature", neither of which are typically rendered, either explicitly or implicitly. If a receiving MUA has specific knowledge about a given header field, including that: * the header field would not have been known to the original sender, and * the header field might be rendered explicitly or implicitly, Gillmor, et al. Expires 27 January 2022 [Page 30] Internet-Draft Header Protection S/MIME July 2021 then the MUA MAY decide to operate on the value of that header field from the unprotected header section, even though the message has protected headers. The MUA MAY prefer to verify that the headers in question have additional transit-derived cryptographic protections (e.g., to test whether they are covered by a valid "DKIM-Signature") before rendering or acting on them. Specific examples appear below. 4.1.4.8.1. Mailing list headers: List-* and Archived-At If the message arrives through a mailing list, the list manager itself may inject headers (most of which start with "List-") in the message: * "List-Archive" * "List-Subscribe" * "List-Unsubscribe" * "List-Id" * "List-Help" * "List-Post" * "Archived-At" For some MUAs, these headers are implicitly rendered, by providing buttons for actions like "Subscribe", "View Archived Version", "Reply List", "List Info", etc. An MUA that receives a message with protected headers that contains these header fields in the unprotected section, and that has reason to believe the message is coming through a mailing list MAY decide to render them to the user (explicitly or implicitly) even though they are not protected. FIXME: other examples of unprotected transit headers? 4.2. Backward Compatibility Use Cases Gillmor, et al. Expires 27 January 2022 [Page 31] Internet-Draft Header Protection S/MIME July 2021 4.2.1. Receiving Side MIME-Conformant This section applies to the case where the sending side (fully) supports Header Protection as specified in this document, while the receiving side does not support this specification, but is MIME- conformant according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.1) The sending side specification of the main use case (cf. Section 4.1) MUST ensure that receiving sides can still recognize and display or offer to display the encapsulated data in accordance with its media type (cf. [RFC2049], Section 2). In particular, receiving sides that do not support this specification, but are MIME-conformant according to [RFC2045], ff. can still recognize and display the Message intended for the user. [[ TODO: Verify once solution is stable and update last sentence. ]] 4.2.2. Receiving Side Not MIME-Conformant This section applies to cases where the sending side (fully) supports Header Protection as specified in this document, while the receiving side neither supports this specification *nor* is MIME-conformant according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.2). [I-D.autocrypt-lamps-protected-headers] describes a possible way to achieve backward compatibility with existing S/MIME (and PGP/MIME) implementations that predate this specification and are not MIME- conformant (Legacy Display) either. It mainly focuses on email clients that do not render emails which utilize header protection in a user friendly manner, which may confuse the user. While this has been observed occasionally in PGP/MIME (cf. [RFC3156]), the extent of this problem with S/MIME implementations is still unclear. (Note: At this time, none of the samples in [I-D.autocrypt-lamps-protected-headers] apply header protection as specified in Section 3.1 of [RFC8551], which is wrapping as Media Type "message/RFC822".) Should serious backward compatibility issues with rendering at the receiving side be discovered, the Legacy Display format described in [I-D.autocrypt-lamps-protected-headers] may serve as a basis to mitigate those issues (cf. Section 4.2). Another variant of backward compatibility has been implemented by pEp [I-D.pep-email], i.e. pEp Email Format 1.0. At this time pEp has implemented this for PGP/MIME, but not yet S/MIME. Gillmor, et al. Expires 27 January 2022 [Page 32] Internet-Draft Header Protection S/MIME July 2021 5. Usability Considerations This section describes concerns for MUAs that are interested in easy adoption of header protection by normal users. While they are not protocol-level artifacts, these concerns motivate the protocol features described in this document. See also the Usability section in [I-D.dkg-lamps-e2e-mail-guidance]. 5.1. Mixed Protections Within a Message Are Hard To Understand [[ TODO ]] 5.2. Users Should Not Have To Choose a Header Confidentiality Policy [[ TODO ]] 6. Security Considerations [[ TODO ]] 7. Privacy Considerations [[ TODO ]] 8. IANA Considerations This document requests no action from IANA. [[ RFC Editor: This section may be removed before publication. ]] 9. Acknowledgments The authors would like to thank the following people who have provided helpful comments and suggestions for this document: Berna Alp, Bernhard E. Reiter, Claudio Luck, David Wilson, Hernani Marques, juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Robert Williams, Russ Housley, Sofia Balicka, Steve Kille, Volker Birk, and Wei Chuang. 10. References 10.1. Normative References [I-D.dkg-lamps-e2e-mail-guidance] Gillmor, D. K., "Guidance on End-to-End E-mail Security", Work in Progress, Internet-Draft, draft-dkg-lamps-e2e- Gillmor, et al. Expires 27 January 2022 [Page 33] Internet-Draft Header Protection S/MIME July 2021 mail-guidance-01, 22 February 2021, . [I-D.ietf-lamps-header-protection-requirements] Melnikov, A. and B. Hoeneisen, "Problem Statement and Requirements for Header Protection", Work in Progress, Internet-Draft, draft-ietf-lamps-header-protection- requirements-01, 29 October 2019, . [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, . [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, DOI 10.17487/RFC2046, November 1996, . [RFC2049] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples", RFC 2049, DOI 10.17487/RFC2049, November 1996, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, October 2008, . [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, April 2019, . 10.2. Informative References Gillmor, et al. Expires 27 January 2022 [Page 34] Internet-Draft Header Protection S/MIME July 2021 [I-D.autocrypt-lamps-protected-headers] Einarsson, B. R., juga, and D. K. Gillmor, "Protected Headers for Cryptographic E-mail", Work in Progress, Internet-Draft, draft-autocrypt-lamps-protected-headers- 02, 20 December 2019, . [I-D.ietf-lamps-samples] Gillmor, D. K., "S/MIME Example Keys and Certificates", Work in Progress, Internet-Draft, draft-ietf-lamps- samples-04, 18 May 2021, . [I-D.melnikov-iana-reg-forwarded] Melnikov, A. and B. Hoeneisen, "IANA Registration of Content-Type Header Field Parameter 'forwarded'", Work in Progress, Internet-Draft, draft-melnikov-iana-reg- forwarded-00, 4 November 2019, . [I-D.pep-email] Marques, H., "pretty Easy privacy (pEp): Email Formats and Protocols", Work in Progress, Internet-Draft, draft-pep- email-01, 2 November 2020, . [pEp.mixnet] pEp Foundation, "Mixnet", June 2020, . [RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler, "MIME Security with OpenPGP", RFC 3156, DOI 10.17487/RFC3156, August 2001, . [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, . [RFC6376] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, DOI 10.17487/RFC6376, September 2011, . [RFC6409] Gellens, R. and J. Klensin, "Message Submission for Mail", STD 72, RFC 6409, DOI 10.17487/RFC6409, November 2011, . Gillmor, et al. Expires 27 January 2022 [Page 35] Internet-Draft Header Protection S/MIME July 2021 [RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized Email Headers", RFC 6532, DOI 10.17487/RFC6532, February 2012, . [RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015, . Appendix A. Possible Problems with some Legacy Clients When an e-mail message with end-to-end cryptographic protection is received by a mail user agent, the user might experience many different possible problematic interactions. A message with header protection may introduce new forms of user experience failure. In this section, the authors enumerate different kinds of failures we have observed when reviewing, rendering, and replying to messages with different forms of header protection in different legacy MUAs. Different legacy MUAs demonstrate different subsets of these problems. Hopefully, a non-legacy MUA would not exhibit any of these problems. An implementer updating their legacy MUA to be compliant with this specification should consider these concerns and try to avoid them. A.1. Problems Reviewing signed+encrypted Messages in List View * Unprotected Subject, Date, From, To are visible * Threading is not visible A.2. Problems when Rendering a signed+encrypted Message * Unprotected Subject is visible * Protected subject (on its own) is visible in the body * Protected subject, date, from, to visible in the body * User interaction needed to view whole message * User interaction needed to view message body * User interaction needed to view protected subject * Impossible to view protected subject Gillmor, et al. Expires 27 January 2022 [Page 36] Internet-Draft Header Protection S/MIME July 2021 * Nuisance alarms during user interaction * Impossible to view message body * Appears as a forwarded message * Appears as an attachment * Security indicators not visible * User has multiple different methods to Reply: (e.g. reply to outer, reply to inner) * User sees english "Subject:" in body despite message itself being in non-english * Security indicators do not identify protection status of header fields * Headers in body render with local header fields (e.g. showing "Betreff" instead of "Subject") and dates (TZ, locale) A.3. Problems when Replying to a signed+encrypted Message Note that the use case here is: * User views message, to the point where they can read it. * User then replies to message, and they are shown a message composition window, which has some UI elements * If the MUA has multiple different methods to Reply: to a message, each way may need to be evaluated separately This section also uses the shorthand UI:x to mean "the UI element that the user can edit that they think of as x." * protected subject is in UI:subject (and will leak) * protected subject is quoted in UI:body * protected subject is not anywhere in UI * message body is _not_ visible/quoted in UI:body * user cannot reply while viewing protected message Gillmor, et al. Expires 27 January 2022 [Page 37] Internet-Draft Header Protection S/MIME July 2021 * reply is not encrypted by default (but is for normal S/MIME sign+enc messages) * unprotected From: is in UI:To * User's locale (lang, TZ) leaks in quoted body * Headers not protected (and in particular, Subject is not obscured) by default A.4. Problems Reviewing signed-only Messages in List View * Unprotected Subject, Date, From, To are visible * Threading is not visible A.5. Problems when Rendering a signed-only Message * Unprotected Subject is visible * Protected subject (on its own) is visible in the body * Protected subject, date, from, to visible in the body * User interaction needed to view whole message * User interaction needed to view message body * User interaction needed to view protected subject * Impossible to view protected subject * Nuisance alarms during user interaction * Impossible to view message body * Appears as a forwarded message * Appears as an attachment * Security indicators not visible * Security indicators do not identify protection status of headers * User has multiple different methods to Reply: (e.g. reply to outer, reply to inner) Gillmor, et al. Expires 27 January 2022 [Page 38] Internet-Draft Header Protection S/MIME July 2021 * Headers in body render with local header fields (e.g. showing "Betreff" instead of "Subject") and dates (TZ, locale) A.6. Problems when Replying to a signed-only Message This uses the same use case(s) and shorthand as Appendix A.3. * Unprotected Subject: is in UI:subject * Protected Subject: is quoted in UI:body * Protected Subject: is not anywhere in UI * Message body is not visible/quoted in UI:body * User cannot reply while viewing protected message * Unprotected From: is in UI:To * User's locale (lang, TZ) leaks in quoted body Appendix B. Test Vectors This section contains sample messages using the different schemes described in this document. Each sample contains a MIME object, a textual and diagrammatic view of its structure, and examples of how an MUA might render it. The cryptographic protections used in this document use the S/MIME standard, and keying material and certificates come from [I-D.ietf-lamps-samples]. These messages should be accessible to any IMAP client at "imap://bob@header-protection.cmrg.net/" (any password should authenticate to this read-only IMAP mailbox). You can also download copies of these test vectors separately at "https://header-protection.cmrg.net". If any of the messages downloaded differ from those offered here, this document is the canonical source. B.1. Baseline Messages These messages offer no header protection at all, and can be used as a baseline. They are provided in this document as a counterexample. An MUA implementer can use these messages to verify that the reported cryptographic summary of the message indicates no header protection. Gillmor, et al. Expires 27 January 2022 [Page 39] Internet-Draft Header Protection S/MIME July 2021 B.1.1. No cryptographic protections over a simple message This message uses no cryptographic protection at all. Its body is a text/plain message. It has the following structure: └─╴text/plain 152 bytes Its contents are: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Subject: no-crypto Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:00:02 -0500 This is the no-crypto message. This message uses no cryptographic protection at all. Its body is a text/plain message. -- Alice alice@smime.example B.1.2. S/MIME signed-only signedData over a simple message, No Header Protection This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses no header protection. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 3852 bytes ⇩ (unwraps to) └─╴text/plain 204 bytes Its contents are: Gillmor, et al. Expires 27 January 2022 [Page 40] Internet-Draft Header Protection S/MIME July 2021 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:01:02 -0500 MIILFwYJKoZIhvcNAQcCoIILCDCCCwQCAQExDTALBglghkgBZQMEAgEwggFABgkq hkiG9w0BBwGgggExBIIBLU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydCBtZXNz YWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2Ugdmlh IFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFp biBtZXNzYWdlLiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0aW9uLg0KDQotLSAN CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgIT Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58 BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4 oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY 1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr +E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj 0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA Gillmor, et al. Expires 27 January 2022 [Page 41] Internet-Draft Header Protection S/MIME July 2021 AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt 9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5 2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4 DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI hvcNAQkFMQ8XDTIxMDIyMDE1MDEwMlowLwYJKoZIhvcNAQkEMSIEIESMi+9/LUlD fGjj+6U50VNLFxbzvyVJ0wzwnTS114DyMA0GCSqGSIb3DQEBAQUABIIBACJHeayB UllC4GdcgdojTUjoeIy6UIbrSg/aKZgAkCB8Dwq0hdU10qiun6WKI/TxM5izpRvL UsNBGmqknPBMFhvwX6KCrwFk0p0j5Y5DZqX30deiQiGTUv3NiwZGTrKJ3JkyymFO HGbe5Thrq3inRLVfilEuIZewaJsnJhKfnEq9fS09icTJ5olPDAH6mZbW6hpYmU3F KBk2qJNqJX6bo60rCogu3wXDj0wxnqEXmeNDH5/+L9UVZur+EWzviUc8Ldd/kP3L DOO7ivs10bAWe8Tbw7NjuP8ZlVvzcvj3nXWzZzxh2ymDIOvyJA+t0LHQvsN/fbdW fC6Pm51fEkabbmw= B.1.3. S/MIME signed-only multipart/signed over a simple message, No Header Protection This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses no header protection. It has the following structure: └┬╴multipart/signed 4156 bytes ├─╴text/plain 224 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="76c"; micalg="sha-256" Subject: smime-multipart Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:02:02 -0500 --76c Gillmor, et al. Expires 27 January 2022 [Page 42] Internet-Draft Header Protection S/MIME July 2021 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit This is the smime-multipart message. This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses no header protection. -- Alice alice@smime.example --76c Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 Gillmor, et al. Expires 27 January 2022 [Page 43] Internet-Draft Header Protection S/MIME July 2021 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa MC8GCSqGSIb3DQEJBDEiBCBBQlio2vX/u19qayJ1Cm1QL6VZY0fBeGz9o7nEzCRO +zANBgkqhkiG9w0BAQEFAASCAQARvwKQYbbPuADZ7KqyO9LuESdEfBxOF80sHKNz UXrHZo8JdKaKxr/cTAuzBvoTxsmqvzP3ItCBm+javqX22+tHTpqisz5jkoiWyNVS e+F++YX8mXokgQpY26mZ+15Mv8pYYhptn6zdkRU1+QOwwlDCc6ykkCZeXyc+Hf7c xqM6SqPMQ+G7wIF6P2jHCId8Xyl7sdbL0i6PjotesHU+7nQsCjgI/iVR/ubWUdFX CTg8HVy4p683V3Y9DoRNP4MlUdmon8JasHDvA0240JcXxhJn1zEYa4gOnwgu3kh9 3Y+NeucYCT0bXCBq2RLVQSpdNZfScXKL9QvZ3FtB0r6Bmtky --76c-- B.1.4. S/MIME encrypted and signed over a simple message, No Header Protection This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses no header protection. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 6720 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 3960 bytes ⇩ (unwraps to) └─╴text/plain 239 bytes Its contents are: Gillmor, et al. Expires 27 January 2022 [Page 44] Internet-Draft Header Protection S/MIME July 2021 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: smime-enc-signed Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:03:02 -0500 MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAE1K2Qo2Ln5O6L9qgFnOdvuAuXnh2dLiYWIt x7B9W2VMQCtrxTipZfUe+Y4oV/Rxifp4gChJ2lCgt6A4hHyApD1yNqmR1pCT+ky6 jOJlr907Jzy9nIADEjaeKTIHePPWEWPiF3Otlrvg25NobNAE/dzcSgaS+SHsfPgu vW6gA+lfzdoOKIWNVl1AJfbDRw8DeDi5n8ZPLkb/gYteBpY5mC2Iu8TebZ5qstQH i8G01K4xb6E7eMdXKx+gyDxox1P79E4q3dCKwYPK/C6B3AaY52WW55js9mb79OH5 6/XvIEez58lV4a9d0iY7g+aoARyTPE9Z79miRYT0aagyYhblb14wggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAWANrcGMnwYd7bg/TA9Wagm3q dbiZLg3NxHQZRLRySCFHt5wGkq1XcD7bWYwF0hSKiI4AJxJapfGUDEpDk1FYBU4r 9zS/elrwCnhwpO9sLfbJPRVvMTgTZuCOaY25ovZWvWtkS9MRDH+WoM5SNTf4vHHu kjcSx5hafbhyiC5pPLLTRyIjObYgKraIMBXix7XKtSR/G7uD+HSIzhYUXqY0q2uQ w7XiijbRd4bq9zqBbXriYyhFdo/JsBnYckjmmKcTLp6DfYTEzILKBJOepEiY5X4J 0JPeFyGxs7WSKDp1JZLZtjbMwvtEuUAwZ+iXDr1x/rQhq7mZIWqIbG6QpxYX6zCC EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBDwXZa6LrdPCgLubNCkd3qAghAA kaaty8gkFo4+y5iWeOqsbZ9paegmFbiGsTQxrta64sj8znKQfQKz6/g055IcDixI STqxPMV+w01jv6+Azoy9qJP29UTL0mXAP0LDionSBTn/4VAwBMSUDRus6jkq045K UXxmIpcO3SeOnpCLksyij6QlnAO24SbKsBex7R5EXYXU7W1G/PCoz9SWlYrQuXJ9 cU5ONWldvYE4/WeD1m3pjv3XKLNEWiaUIVolKFRhR4v+FUedn6dlVYDgfJrH8xDC kW9gQvI1ZBbnBOr/zkoDhMMKtTgTvmzLIauDEi2RWKzlvwCattvIkkrjt+SwWpvr oc6i58XfCx/d0YHPp5AIU8pslawDtQXe5ecACY9J/K0OgX1G51HI+O2XMC9S9QYn YPxA+CsRxmhKHzQv9au48aQwmLBkhkXZq7FCve8GTnCLdU5AmtP6ff59lga7+hfb VSz+jSodBL1WnlIKw/lrBvXFem/A4mtY/W9y9EVhGyRFuhoZDCiGRo/bPsyDNZBS WAsjHLI3NJeUgHFFcEn5xOwDmhmJOehzs712pqrzMd0VrT4hALvvhSGB7nybL5dR pabbxtpBgqzlwu6eoX1jSh5bF8/RsAJ81dxvn8AWcFc8q81YfYOzjqf7ZnuumT10 18/rdepv/nfyiYCRhr2Eekj0F3bXjlTG1oeCNTuUPcNHVX6+hQ7FY2CJm9JCqNhL 7whKhq+kKJuPugHb1e5d2rJFkNHrMIJAga8QqKy9eqKct4gW5FFT70wyB15YToJb qVxb3BEZ6u1shpZ9IGVzS0Jmvke+Ptze86it00fQIJWfrFqoag83GcCuQEyYEcIc HXWFsZIbQ1UD2+YSWBOzRBUUuJ3U66w3J5oDAYfYnieFNPuP0dhaAMsu7QQfLSZa T/GbSibQoFXcDx6MaZ5fbZ1iduvoZZfERNMe5vN+q/w9Lx5e8hf1EZmTNMuoRn9O wfT/wuM06Cc8FR2Ft7QLu80jqePQ6tAYwvA5QOvpBN9A82DUWz0I9eRDl9+S8Z+I QgjbPcZ0ACFqLCfbT6uzrKp2vGSrA+IcS89+qBB+sKbtWPgTrK7QlJgc7NpHGyhZ BltAVXv4fPngqn+gSqGuerD/xmvszHMIIHq6Q4ADxbxDE4R0yoV2afXUVyAMo85Q eNG5WJ83Z12msJqx1+1EUzzoQXxvrZHm0bMziCjV/P1cu/ChtmuemopRxkplLbJv /mChRaKv9TotDy2Dwzf5N5Xy58gb/0ktMXMdGpYts9awYc742TCscrTqutBAXtNM dXA0OyelkVHBBCRcoUEWWhUGQKYmK0NQIpxduJYcLLhkMI+2QfyfdkODplEtXbX9 Gillmor, et al. Expires 27 January 2022 [Page 45] Internet-Draft Header Protection S/MIME July 2021 LaZhPRi9osmmF0fnSkmt2mtD+W8uxBF7espDkUsidb8NiUtzBrSqTADQUIuAw5xG 322wFZ0DtpFM6nHpbYBfIGlIR4LyqTzyaSRJtMkMiDFgnMWrNF6pMsToo+4GbARO MWM9mq4XSMrKAinqu7T8UGWOt9bMfMJrTrpfETgQCL4vur9nI1CbgcPWW14U2oBW 2lT1duS0o2eRpeGA93U6zF7BbCmlEqPK45Qmm78NwMcI9i4GgHSG2ssEn8URmv0L qp9+UmkhvLT26dZtkB0wPMEVOIWx3e+F34eVzno5jAbiJxuUIdDPDwQg7xtrcLif lRsaiGx7MtWsP6paqGBrYdHcXNt8P8k2ywNqRicTSThG0P09CNDWFwNaKa+9Ia7a EnWoFmNoNm/IUH+wbRQUnT7oh0qU2mxdgMnygDhEELe1+4tGCTAPTbxSU3gxQyv0 w686bzZP9uGLoRfivmXKm73Wu0HtUefT1rNdPsJDfqEfo8mEY4EDMh+Fa50S9Yj6 SGe8X9jDaTEJLd+yL7xEvdEQ7FxHbqo7twj/g4Im0OeG2ngEchWlYcuOrlgog4bv kWwcMhOCcQ/9242sgCTG/ATAV1ix0Z16/WCzzY60Zxk1eAlP3Ar9NiQHGuVClR0o QxhlP/1KvyVMAQTtuEposNLUdXMydq8lVErFuopYej3NJOPE7eA4BeIXNyrhxqfX j23tfb3/C4uHEmgjnfW1LZIjwWrOjoEZa2+lG+Si7YQWLLJWFNqEEH2rpxQMnwvx 282dIYpyY14PDLLN5nMltY8MeMaNp6Q8rOwTDozmmZ9RONzbKJL3FxSVENKgdJTf v+gpLOvXou6qDdidAqxErGM0j68g8Rnsdw7Lj3FQH7JjLZiR3EQgGxRKDwTsV1rW ODtsNyKBtHDBOn/zOFTmgTVpYol2x/kV22C1Wn9ZArHFgZDxDyDjjJqxJwHlgVdE J+bUZ1C5DatXxvjpFhrTpUz1dvsTsq48cmepEiEnqYO/33uU7KIqjBxY527dagnR q01ntVycY4wiLKjuJHHHy/b25ORyxS/x6nVYJsoRNXsvYCZ1zqHC7uh9eQStAyj6 zotbPet++u2REXKSwzhI+6mTCrFkfeHxt3BqTPAxHPxsZAmquayksNs8e94G5LnD VLAbdtwuIdeuz3rDWObafnaOVXD8vzjoMpiZcYKubb9pdFQIdxpYXPyqwz2f+c8g 9VnLXajpwqByOPtLT5knKWMbsXJ5Gc8sNIGl1blYnj5ao+z6JNV2qqWA8dukpM5Q /KwmBvR9/RijeIEPGoqRcwUi92fuvVJV7oZf2ZCCGMLw8W4pSrzfs/xdOJslrTgN trDrAOKlraCKJQ5zHwZyg+c65KUe+5voj4WTu27g/vWTmPjF70htA+UIYcsNVYU9 yGuznj6x/2EV7rLsUTpMqMFN0s4dQl4Hhfr4gaoDROb7bOdkVtWAvwP4c18wlJA9 08X9kQNPqID0M0NOruz8JO8gyTIxyAmopnEDREvMT7JCGuwPM9YRE64pVPOZ1AZm STC7LY11zMhZL+RvhwbWqjkKeKN3hQM4/45BHGFVgg6k5iobcv78lZHWO28SWila dEgJLSobB9ieOTfrWqBrBBHjpaDwuyjS+QwjsF8SFLdRD5TY1IugUvW5Swnucikh X1rK/FaRRQJGzUesrkN06LlpFiiRyW9nuDjdpaKV4P9pkEjHmtN3KF95LjJnXs+Z 07cF0sX2K7FY4GCfFxGPSsqbcR/6zAFHVPjgPGDH51yOTe05RWLhgGEWqt7mIeSD ppJdnY1LDFK0AFbXAFnjxhNwlfJiLB4vdsFqxGSYXfAjns8vZR62PgSExxUMxrO6 P7oIAYisiU+9XuG40ok8RFCZgN2Qdy5oNDbYow8x3XR4BQu8+2sT9nLvJosjYNhT 8yHMhhAbJl5VWK1EaB2gMxmAISiCCkQQ4YlStMc/LUkl8XOdQmf9SF0L1puuGEpM V3BhxNxCReiXA8ulMtnytw++lhl3qapALVu5OsJBQ2sqrhc7VhZTfiRQHr5s/i97 OrBb1ZHv48NblW+tsS0Vl+jW/7AMUvQO+j7wYDI8Q2GplujJ08iHxZw/YDjR+up4 bmQjK3xySaCi9Ef58KYOj0Y8ITvS61GMn0bCkL23UGNwISo2gPEcStdOksZtlvGX X37skWsFPD3M85DqQeckjv3PFzGQL7ZZLUQmmYqwG43DKrDJSZld7VYHmTY0rrMj gNo6iqzI+6Ygi81y14ZWTVeOFIH9tOKvjtuJz+90Qi9vEbDqF43+hiyWVg/aOke8 4TGy7BZp5j/+SCr78/LvTko/5gafEymhaQmmsR7hskt3AhjfTyUfq/cAtuIm39U2 MmXRwPdrzWASGy/lF0QnrgB0T85+ID58J9VaP78mI/BtKO20wWMTjbabR7J3Rn+8 KW4H6eewVWBqghCnsJQuqibbZeFDjFgJ9kIaTvGD0TBehpp9TidmppXM4Dl4J+V/ u7dSL257DzlKkk42gK4Cs0P1dZwe888KIABF38AZ8dnWtD492eYxA9We6NB2ru1o K59oloZdn+slcF3DLfvVpyfkZ8o3EVgAPVXiDfHWuVp1gL8Cv5ahVlk9BJSD1CgC Vwsm01V1E7QeNh3gNdQI88tu4wh5SVFk4U2cYI+dDMFUVDMzrUI3tKvWXNZOzn4V Ce6Eu2JPIcCOYUwDHpsq5aj9BPKBguhQQybDpAAkgSZLwhzAD7rEvo8TU8gzZ2KZ zH506GoFtU4oNinnrvyHX96/bG/VlizOE9YtQNyEfxxSOBsZD9jgd1pG4j/FDF1Z Ib+KUUo8Y7GKlOu+l+/WIVcp0nIsyIC4zGdM6DThCT6nGrhKboduTgF5NRH/Hf03 Vrbj/ZarK0t1gzbzPgxotZiUfCVEuav9AVqxA2Zq5afs6bRfohqyFqwKHiYV19C4 m00v4HisEFDGG3f5+Zj/x6tnX9QxR81DOomUooh8aYs/iAz0nrKyux6GMHSlj8db UbvQ+1VvNE3Fj0xu46HkKzGtFqpgXxzDLkE9e7NJ+Hw4tbOLfINQ0qS7iTcjMbwg Gillmor, et al. Expires 27 January 2022 [Page 46] Internet-Draft Header Protection S/MIME July 2021 snexBuL6rf8NF28EdlqQzCPLZVhnOd1+KKJS7V/M8u/R/y22+IXzFSA2TlxhId09 IduZ3ByCz2HFJfVj7SameC3KANbRnBkdud1hclIBDS5Hhpqk4M8i3zmZRZWgLyjR edtSaHuJAlHiKgAtQVeIzlL6Ilw3jVoHL0vOdISoQpoWWhejB9f47KRmUbdb5Pxb Ot2ylXJKYFfoCQUs1xkNAyynSJAJ97yEAZm7aDmE4bjs33pz4L3nYxO/KUY6EB/E eGgPk3Cdvt2JYY5BuFoxXYRKQgZ06c9mXzavJJXXWQUUB5k2QG0uyKPmwNr2sdJQ A8ehhmgGws+7qXwZQEcNC3W0vmiGOBDYP3JVJPiNLFVQN9k8ClE7+0emFn2UcNyG 294hO1G0uBPAbCdhAyDnNpVj5RS0EgY647agQHyp/gjSt4XeoaCIKaalb4iGpT+C 4r2BqRcVUCdE3MRQFqiT6ccm+8h8eA7xtMB8c9OgUTEIKk/WSc0DUsCJB62Plgtj KJ4xXQXTzzUCDMnACFp6mBTd3g2ZbnfHKSyJdAvPigVbA+Qhy2eWUTYpi6yjTIyT eaQ2qafGppn85oLFkdgdmE3Ty1UxOpAsqLyNlNAa6YT3D/0Jl3VnfhFKlmywWIG6 Z2SLd0r07xoBUuAKHkFUuRauGYbVbU/Frmdylv6I9DhCqV/XEDa/tHOa/LWugvb+ x5A+g+kZiTiWRRLZYHungyjquAf/zeJsPYRoQEi4KHAQ30xCDk/dhWdhDBnUXT8P hzMj8VN3yjQA1vMNA5uefj2/+MIkLkz6+XPl/lJNLFHYi+EERgxJ2mFm/s02h9NF NhyWBsBtsEwi+rVbfcRRBpVjR5MwUohNHMGxwgj7rzvUkDe47ueXDP74j+JclO68 r4jQ3sob123uSYryDHBZxZSbwjFU2ufE8W+XL/NGwTw04alHZfKsH4x4ZbGqwunf U4lkcOY/ijmuhL5mn2YYUE6w4oywZuLx5WCv2oAvQawMmNP9AeI1jcV9JiKa+8y0 sAa1LzD78Dg4FKO8t3d13Q== B.1.5. No cryptographic protections over a complex message This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment. It has the following structure: └┬╴multipart/mixed 1357 bytes ├┬╴multipart/alternative 780 bytes │├─╴text/plain 206 bytes │└─╴text/html 290 bytes └─╴image/png inline 232 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="0f4" Subject: no-crypto-complex Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:00:02 -0500 --0f4 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="384" --384 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Gillmor, et al. Expires 27 January 2022 [Page 47] Internet-Draft Header Protection S/MIME July 2021 Content-Transfer-Encoding: 7bit This is the no-crypto-complex message. This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment. -- Alice alice@smime.example --384 Content-Type: text/html; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

This is the no-crypto-complex message.

This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment.

--
Alice
alice@smime.example

--384-- --0f4 Content-Type: image/png Content-Transfer-Encoding: base64 Content-Disposition: inline iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== --0f4-- B.1.6. S/MIME signed-only signedData over a complex message, No Header Protection This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection. It has the following structure: Gillmor, et al. Expires 27 January 2022 [Page 48] Internet-Draft Header Protection S/MIME July 2021 └─╴application/pkcs7-mime [smime.p7m] 5229 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1274 bytes ├┬╴multipart/alternative 868 bytes │├─╴text/plain 258 bytes │└─╴text/html 339 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part-complex Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:01:02 -0500 MIIPEQYJKoZIhvcNAQcCoIIPAjCCDv4CAQExDTALBglghkgBZQMEAgEwggU6Bgkq hkiG9w0BBwGgggUrBIIFJ01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9ImM4YiINCg0KLS1jOGINCk1JTUUt VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2 ZTsgYm91bmRhcnk9ImM4MSINCg0KLS1jODENCkNvbnRlbnQtVHlwZTogdGV4dC9w bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWlt ZS1vbmUtcGFydC1jb21wbGV4IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQt b25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUN CnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo IGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVh ZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w bGUNCi0tYzgxDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMt YXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNv ZGluZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+ PGJvZHk+DQo8cD5UaGlzIGlzIHRoZSA8Yj5zbWltZS1vbmUtcGFydC1jb21wbGV4 PC9iPiBtZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQg aXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3Rl Y3Rpb24uPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1l LmV4YW1wbGU8L3R0PjwvcD4NCi0tYzgxLS0NCg0KLS1jOGINCkNvbnRlbnQtVHlw ZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQN CkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFO U1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJB DQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZz cWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytP bkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtE RDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS1jOGItLQ0KoIIHpjCCA88w Gillmor, et al. Expires 27 January 2022 [Page 49] Internet-Draft Header Protection S/MIME July 2021 ggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTEN MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1 NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT CExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3 jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLY Yy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dP zZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5k sKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5Deo ULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAM BgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAV gRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud DwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0j BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJ eKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30i LrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc 9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94 M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCq h64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOU Rza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnX MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYD VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92 ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2a f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z 34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4 xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3 vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3 SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCG SAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUE DDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYS HJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0G CSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sY onX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3p dpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqD IdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9 iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyH AVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBV MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kp olw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAxMDJaMC8GCSqGSIb3DQEJBDEi BCCBo3TZITs9IUGlq1clkkamrYq1pC+qAOmbM6mBrJaWJDANBgkqhkiG9w0BAQEF AASCAQARpMjNRbLD+Z682oraEKCbEbDsym9Mrdu6nkcZ+ivEj+AHTU9rt+LBdvTb gHEKrWW8/HJ8C9eybTU4XJlVzbvGLRFhLPrLNz23qygzUH9AJ3nONY9eGAHLRagc Gillmor, et al. Expires 27 January 2022 [Page 50] Internet-Draft Header Protection S/MIME July 2021 Ij3L+IAoRjfC3KO00s0/rLfb/l4EmMLCUDJlShrsqCrFfXQxKi9dWWvVZUzEsGqG lhkY58o+No6WN/0SsWTHNNXrg1RKql5PyaHfWtySsMZjUOCJrlQDMeKBSE7dpTjX wA5N/m9eBDASJyzlxdLOHGfJ1uWn/VR0Lm4xbscAdVJEm5gaH9o4QKf7jXAl7O9n yuP+ZEhRpnjHfJ3XjFKuHiZ36Yon B.1.7. S/MIME signed-only multipart/signed over a complex message, No Header Protection This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection. It has the following structure: └┬╴multipart/signed 5185 bytes ├┬╴multipart/mixed 1330 bytes │├┬╴multipart/alternative 924 bytes ││├─╴text/plain 278 bytes ││└─╴text/html 362 bytes │└─╴image/png inline 232 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="d66"; micalg="sha-256" Subject: smime-multipart-complex Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:02:02 -0500 --d66 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="7fe" --7fe MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="848" --848 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit This is the smime-multipart-complex message. Gillmor, et al. Expires 27 January 2022 [Page 51] Internet-Draft Header Protection S/MIME July 2021 This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection. -- Alice alice@smime.example --848 Content-Type: text/html; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex message.

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.

--
Alice
alice@smime.example

--848-- --7fe Content-Type: image/png Content-Transfer-Encoding: base64 Content-Disposition: inline iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== --7fe-- --d66 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK Gillmor, et al. Expires 27 January 2022 [Page 52] Internet-Draft Header Protection S/MIME July 2021 arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa MC8GCSqGSIb3DQEJBDEiBCCpaVCRppoO9Sw65TWLCDTpvw7N8HHyZsFXr4qP43kV mjANBgkqhkiG9w0BAQEFAASCAQCW76eXVAXnm6vEII1CD4QNEh2kpQeBr4/NyspF 5VopKxNrBRfQs000ewQ0y2n07BUJtVyZrZOdrP5cG6K9KByxVGgpRY2Uyllz6hUA K12zvtU3hU5oKTKVgNtDMh8qCMVqYdJzFSZ+exTGLIaN88bMNErzw9Id1F5TpJYF ISUP1mXY1+GpjuXo5WEM8c7cfFH2/uDw3PSFILmuXowedbBptFH7ccGhNg6huY2c AxIADVfW6YVG3SWVAaTHUM0QmvG9AyV4d0dce+p4aoZfhUfjAF6nWIRLcrfu18z5 FBxL02+VfWaYOg0d3TgScxQgE2vjAgdz+TqDbQpPriQXf/h7 --d66-- Gillmor, et al. Expires 27 January 2022 [Page 53] Internet-Draft Header Protection S/MIME July 2021 B.1.8. S/MIME encrypted and signed over a complex message, No Header Protection This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses no header protection. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 8670 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 5408 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1342 bytes ├┬╴multipart/alternative 936 bytes │├─╴text/plain 293 bytes │└─╴text/html 374 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: smime-enc-signed-complex Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:03:02 -0500 MIIY/AYJKoZIhvcNAQcDoIIY7TCCGOkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBABKoUk6G/5pRCkn0XsCial0oDti/uEUw6E3T PAqN2WP4KjYkf10gKJZNaJYEGhOmHfu1r53FsuW3jq2IS3A16AkpZHY7ROluKpAV 3qkTBDqBnsC16f3q5uQxCWZ3DOJDvf9X48iASbXArXOjGk14lgjW8GeC5stnK9s9 4O5KpkCQges3lVWngSPYxGkDgyp1xjvftn7M/EnXAKf6F2ujLp7is9EgEjdK52zV GE6Pqqeq8hy7Cyqlz5pWn76MTbgjg7OxXFzDCTePXiDPUCrOoCxwHpj6yo/bfbrE HDq5rZXDY4ZWyHGpTQbVLA8zMMJqoVXiFz8NqNeDwY7ApaODpU4wggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhI15RwR9LLMR9+cR4l8VmlBW PuYAz1vENb+Il48IFNmnN2xqAU7ATw+HvD2noH+6yqf9N0fXz9/ARD0GtsGrG+wS s0gYC34/x1zwZ0DWIvrVq5yPsly4Qd5KkFEo8ACtFJFfInL3KaHg7SMHYObg6OcT izGKSOp6wBNnVlvknSoIGjdg7IMFO2dVeqUXCkpf7N944kqvfxJXKPcOgleAG0Qw n2v/gJtM0hsB6lQhh+vc5RUYIfmX4N5hNW7Polz3NnYrPPB0QFBGyAiCuFFEoWa/ nj+DWJbH+cYYyWXBMVcqasx05FCNkuX+RcemRzDHyrMQEs1TFj7NxSYjvjCaXjCC Gillmor, et al. Expires 27 January 2022 [Page 54] Internet-Draft Header Protection S/MIME July 2021 Fc4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEED8PrzsI9SpFxgbjoB0E0g2AghWg gsBBxGC3GwCWWfnJH4kpa67Ta1NLifl03nBkTKakYEGsNRk6BvffDHiQzB1dJg25 NKp4YLNTAWPLW2OP77KAvc2NQooQgP2bSaaNSuEf7OPnfhb/p2rLvLeMD5o6aSbp WGFcMaIhjqmNAtp1BPBANEyDgiTdIFP8mMDklvqRIFh2lJNRN3bCQqfYxH9dCfaP RLAmqGnkaG4i4BROgn+kHCprDoHvlWy+4l/iIi8DIaKSwDIvsbtk5yVhUNpbfxZE wuKvVdMDRMf9BPMY9QgoK0BfpmovhMuqDClzn9503Rdv/Um1NErlPj9fNgtEZg17 bxKvsBRAX6k2J6r5chEjdiMsoCB+niFL8pOIH5sj0G556MnPWFfNi4bRehRzq5+o 91iYlHfNEHTQDNjPSc8zWfH/KqcfymxoRY1cUdXyuE0N4E1FSdlS2kqLkJYXcIvJ 9ReXT7eyUUrV8YGgsFxAXmjQ0Ky48+TCohDsf2BzgMaKULGjiHwNQPrd5ojhWZiR RzVbN+I7AVeu6pDbs35pEyIypgGXTMlNPLzKuHcF+XVuQ8bDJzOTCoEaYTc6sXwA c5LxLa3N+p2q5J3PO9hNWY6kt7inpommoAr4X9JmUvCk5Z7rQWf2WWkwkA6GGt5/ Wtpkne+vk5L2fFKK+DfBNv3f/fjhp6SIgkShF1h69iNzgN+SA/SMQ7c6eXB9WMZv dSLKt6dWztY2Xd4DvjiTaQAT6mK2MjpvCxoBbEphmYqtfBVibLBzxVr/v/rBI5j7 sR4dVHyN0/TMCktR7qZfMdfpDyY5d9uabxzUI0sGKJOxB+fQ7iTnPCpQBGPZCUeJ 41CiiNif5ybqgjhzl16Pv4UXQfdwBnR0qf8r4z1rMjXO33LM8Vo4H3I3YwFlFiUV FwFiDFXccPW7zQnUwcRA8cFkb0xI9oLFyWQ4M1+yhJ2j+x/cLesukAWJ3lDSX9nd obBObwCRjPNgYwhbG0DnSK0dSU8oAm2FA65T4y+rkwaT2NnsFJsyISHHZG7LHlPU lFwRQ+FND1LO8XUs+ZYj17XndZ5tndZx3wQwHmoweejvJZdgx+ThS2I47YBw/5kx Zd+mJQ0E0Uc4FWhtGqSw0l95727xWbF84HEYnC066DaGFGFXsF4bF2+ocq57kKWa GSFFm+San0QoMWj7brKmfRccX+MDhOHFfFvVsJ4i4VbVvSNTnazKZLndeZcUwMAk TWcVLXwEnPdQpQCwHmfxbuYj7WlmhS3YfISS8Yu915+/U1zPlska+jGJi4W3YN69 FjGjcoRMn3fyGgvwaITiPcSF/r7QATQOfOiI3vy6KZTHBU5VNXuKYV5yeC2Mf0SW pgwH2vaSlBBgBQDnG44BL6JDRXIC/0JfOaS7ouutPWRWn6i5z/d1NA89f2g1HUbh gFBJhM6ayBU6nAAiYDLcN1yGpPykDTCF3QgJsw7hqcdZuA48maulywP4CR43XiS4 ouRui/DpJk1TdwI2oBY52y0dNb2RI30bYJHCmbxpTJ8yVjdQjjldSGTBs+7ScV/m axNqcLxf4ciE5BGr7TVMCCEl/s6yFbL4BrEZKgpaf28LiOQdc/3sWA9jpQCSR10o xlVurEK7fTNQhMCTwd0wxqrOZhPm0HL2GcKyIGpAJh6UkkvOAp5V8pDJyzMxmKpH K20PQqWU5xVeMFF1Aa6HUOuFYCMb0fKRaWBo65KsEepQCNHcQszQT6PywIFt20Ny y5jbiKzcXZ3xpJgGRWeCHrM+w8/bkA+yrzAQaFXM9OVxg9pU7ov4YTxn+DbzA+I9 bu4ob7lehti/z0AfmowF1db8B9ccBq2KJPoL/r6iAunDoppE8p8P0n+KKX7Ns59f MA9cA0ujcnWX2rptYxrJXub8gqIfiPo/6HUCG+Y63iy+MsFXJ6n4KdPbcBQXgsZU XsOkuIYpdjAZMsy0trlgftS71fwY+6z3Pirfzq8I7SsKO7IBOqbuOGRxw2o6En14 i4huYm7fizX5oWIqQb3+nZpgX/mnxyPDSrrblgsCl9IW2NYbIh6FibjG9gOXzSFk AvVjY5oPYct2eorxyKdYl8pZq0/mSQfbHSVp5iCOxRJr7F1l364F+KsunF4Qg6Qg 4qye+wSXYiBDnOIzWRGNR9BPbvwHWv5p0mv0eDObVm8n6kDvdLa7IJnVN7VJkjGr 8+RB/uWTX33h3N52sRbEs51sstdXkg/4H4PwtxiIRviWWM8bDcXmMjclwot3xvej xgJ7iHbgLsLYc4GshIk/lxxaUbZdRJWKqrVRJtUP50AKALjldfUGuKh++Z2SWSI2 knZOJRjvaWECd0soQMOvwP6oCq5xgKtovIr6JPNe48t4DAAlIb+vvbzHPBVAm1eQ gqaZ+DzpYiPR/+A9j9u7q4CtNAXbIep6MbV36W51oix0W4La8aINl4uXxvM/ahHt nVvKHs4MQfUwT6CoriHcyPGr4n6DudlLzlKHt2pvotyR8LFUSdfrWaXoZK7gHn6t IoKAfNwE7Kqse/JLcVDBkdQhodLwyLWnVWCmabwjUtBr6zMApjpLJGsB27DV7IOn VqaBMqMOmurYA2/+zgznnxQeK/rFutc7hckG6I+MO7T47JRgmWECNYp8zbBVsEkL A4TDTarRoLLz2z4GaLmFKG1YPR/70urvWINp1YbyhCwZm+WvroLRmF5dYpiVdbXj 9DUzI1ucxoGKEAWXTxXq9RUmHwNuDN6SvILzaSvFzUigygZgMjCM8CvRK3Nf/rAF sHp80koNZ3cfK8Z+LPMHDEdMXuep0ahEhOTBlpVbeq/Idq6rpOkjXpvcowlyj1Jm L8ADlcyStEdVViv4/VLyzDSeDLOIqBz9RTBLfXb4Ek2h2nFJ7MpH/BJZi253VYxB xXc9NuJ9M1odj9uJJNS3n8U4gLHFm1fjGvGAOExd5M5qmN8b/ASoeA6oHaSg39Ur 27N4/a2HpnRWck9H6aAOB7PQyh3L497/sWs3yoFa93Mlwe7vO4uYbW8X34ewXTNs Gillmor, et al. Expires 27 January 2022 [Page 55] Internet-Draft Header Protection S/MIME July 2021 oX7gH4lRuj+XbbVM6DCH6KzNOkWyazhCNMGBTeO+txUZgoZD01OgAQQE2JPF2f7B OT1ZeYkxSDLJH3nkGzfzvhvJ1b8eRUT1f9JrDdm+qd1/fGt+uyTIMp7GqovjiPJL q/NbbXq5CrtUZf2rBq6pK2NM5l2l/43h37gH/xMJH76u/VdAbcXRkq5HnfEuG77q VXKeoZDsXgwdhQRP3VGVKjCvqLpHs/rXco8v2xGDvqAnOT19mXxFh1jFl82KFbQq XDQCJnyMsG4Jvc6Zv1mFyFba5GaMwxWq61thCVEqWA5AwnMsSnTnsyG+CpBctyWZ dAOkrjb5/NAgSAsta6S51Nk/7oo+CyEt/yOs+A19kPFdtBjtEot8r2YXCLg9gqbh exX1kgYR13wh5x4LpVY5cfMeLkjKWmvUfTPSmVLdjBYuG21F+Sp6T3Z2znQqqYEF 7qXMocZHhLSLWQOj0bk0DVL9AF+hIvuAlB/urwWuIBKdQyf1tjsS61u7VNQOLqqm HB7vNkzdkihIyNU7f56a8D8k75GLF6q9cvZHfTmNWYDOxsU9Po0CbX8OtffpxmAQ ikAi+40f0elM5AMV1Au11tYuA6ckSvT/PqHZPsU4bFk365LIZRm/wQ+Lffi8CZOw S0L52RfwSKIP4kjjwYHE03XoNXVM3iDgBesI1HMVJQYeP+kLUPrzAtwxtQ7Lccv3 oLVtVDK0a2VR5DqW6oluyNPddsa/RV4Ld+8GVZVLA+iuSziaW+bmD23OtLw0ycEn 4pB5heZNxVSvQ5NzE6mY6AYLolSN+trTT9hihc+Z10hN+S2z06w2M4zKYVCd0Qzo UnMbJNHbPgaGRDSaLl/dBmezCL0NuHFUklZUCCKD5ut5fTFCY/zEpe7Xky/2WFS+ Tk+9f9A6Eha5zVx59yTwriWgiBhyu5zOq6vJoeiYoKluDkganEVKyco7Cy1ejEU6 C8Z/FzC2iuoXf0hH7/D+jSmMhKkCu3bFz4sR4A4+ItamCFgA1DoeljCMrZwLwZBz fEwajERkr1tVW0YvyzBB8Qff48MpjCmrGcpi9WRRob9tXzf7DtIURwgXUDAEtL4X ApSmswV9ZG0UrSytwzGfFz2v/SIXIcZCcgWzGx1QhpnjyS9Sz6AFz3Ba/SvcUk6Q r+Hx6HWqdN4MEVeUnhFwCK7XwzNEA110g4twEYO+M38F2LDXzvPAQkmKkQ2BwItc 3wpK9Cl3d0Td+TS+bxdKV89YoQNIWw37/Bzg2uSerSsEmrmo+ZGcrcZtGlZX5TQK OHgkPM/CUztbjKFcv1mCBF5DH4sXYVNP4G/OticVMLiL9QBIeXAZcjdb0CuSkt/8 gZyhCDNzVN5me/fhtN+tuTjTETaQFcF7ErTOEHokvns//NdpSFgrUvFe5jhc+nMZ VryVxxW/iDk76C+H1HxF8LWAlXeeVi0PPfeYX+TwWvaKPX2wBv5qOy4KlX/NvJGL XyrDB8NJe/csuU21wsKs+k4qlsoDIz7U8lU8JiZ2oxwYFkffqUJBlncHnjX7jN95 bBKMolpwSd2Rvnin/X2L97QceFPoMYxWA2YWbVHyfXRdQoNpFHGvDWREBqZGl2K7 UTqWptWWsOQD7MGC5bmGDFj4sq0/D4F1HoAwHDjZ/t/BSYXv8JsahPT1L6ymNJ2J QpYkqkUTFoAcPGGdRY7V3LDFnprFHQf329krDizoHx8zXkSWX1RPW/SB8jcxkbKT 5nN06+GIJI+CmO+YJbT1OQ8a5bLDAE8rrS5K6d8LAS2b1zX1tnYSqFWIyb84iEG5 sy6NM1VU14rWIzEVnr0iJmAn3PLDGxVtVKJMlzp5m4EZBESadPFUwdLKvQXQUFeK bmUo1BAcLxaemP0S8LJ7AS7mfQSHTRQGI1UCAU0LTuEQg75kQtEPdic71NjorMEZ a3oBk72PFLq0AMF3KZOSih8PQisdlUJckiUqlppbgoxTJBbHWd7Cb5GykRb1Sy3X hLCfuvxZ4ima8SCulHGfDF4StdJMdpqtfdn0ttKbcRkMsIVHrNhwwdIwLKR+JXUW UotEh3clhvEkuMvzBtkJLG2eEbmCQ7tSOkZB6+fqCJ8rwjFYrlLxzsrJZMmN6+Wk uIFRnM5GAwdr/y3cNcUA0lHliXhYjZ+aux5QqM3hnqiXwRyjtdBqjZIAZdfphdYf 6kIuJIsmfvT2vV8IWKzoWeNswd+n+u6qqVWGSvIG2u1+F1WhKS+35kVcppVawtA0 BG4wMhkqEBJg0CIL3RE3AMEMvswp6i6xwuk+hIOlfk2hhenTed8T2Y8vnAZiTxk6 rmArxR9BCXWBi10JryL4Yr9eHc6e/eOhhxk+QrKC2nJs+QTcArXdLJvbsYXdVNuM Cf8xLegWrkMRsK/FbarFPHzESH2Chy7Q1DbY5ICyfluSvFFlFh91FGycMRGgd3rr ITLV57i2OS9blJVGZNoF3bmRjejxCCHgl5A+Qz5Jxszsi6HIEeg07IrhE/CCtike BfqlJvR3rm8XSZYX6Neo0aqbXOFAMp9YrevJrZ1hIPT5BfBvElbyaJYGX/jWeqx9 7nJ2Mh5MxNTnzz//xTdqCrU9gCk5bBe2ZvDwnZ7nCwXRbcNd97+x30EAdHirss/5 kZyJwrWwuDGUFVinUYf1i1Wo2a2dEHlfYymNr8Uwe31wRMJKqqy0bUhB/Rez2I2t 7U05g0svEnAz/SPbgGk1TUvqcxMqC2GmpPq6Tfk27sDfUCqYKgrDfE44Q9IszBpR fAdMTIQLtUWmLCq7ZM2yFkl2mx+ymmEaqKA+3SzC2A32nZ4IKqebD3vIYA6c8aFn V8OHuub1VAvFsGjviVitZmXL9wTvTLCFzYlRoZJWqmgH+oZZJ36o1tYaEobaTvCU MfpKuuqQO1ifjFtdnO5wJtd4Usw9OngspR3V2EoTiUC4+oGJYQ1ux8ACWjNJ9vEB pH7DBVIIGyiAXSuqL+W77PRi2I6xnhA5eWR+jUXRnr0v4DGjdsQ8LWeyS1APmCHh Wbf5p/Z6k3mcMF+vJz3DkWq5BI/horJK0/lLGGgi2j4klnus2H52OOh+f+4Vn7Ky Gillmor, et al. Expires 27 January 2022 [Page 56] Internet-Draft Header Protection S/MIME July 2021 vYby8jm5Oo6RXgAgc/rFoUinUo3//syk/+xExYZYt37hL6PlewkeG8vhXoFvuJAJ gi0d7rnqWYuse+UrzUrbp5z/UpJQp/PyY6rdDlScWQp3WJYSNgEe62EmnMShGf+q TboTsuXy8MfKltJsV9ybuJGZdtA6yIrlKwj8YYfbPX2neXmZrdnDMGkOSfdGi3lU /yXCBPWOnMCR+MVWVXUpf3wfXlHO4nZfNtyVb/v7e4lRCylyayXo7g2rkmR+LrH3 dEnczDF/LZLbDnkizNpzlgLU5BAlk9rDW6uwyMywrLIYlttVnRrHwjAol6US+mjF sZib126lo8EIeHyccGZIqfyTHld03m32IzMnDnl6dVeX5TAuBmDuNGbXHP4h2OSG m6tUHSFI9fMxO2pBT1Tts1kjYBU+jMenqI8GxpP6DD/Y8PUbxBNoPoP8aVR3rkBk GONb4ksn6zWoRxT4XyaPvmImvFX5nkHHnvkThvL0DaWcwuIOrjtqOJwmPBTOywjA KYPPCK7qVCwVAssJxx7adE1W+F15UoTyyyjpe6pVtgO90lGRcprYQnBasw03kATd k8GFN7Ej37OiXIvrmsJ1toHzlhungW5uYedaTMBNmw8iU63r36sMhj46i9nML2jP mUjfxMeMvQGMIMmjDBN0j10+5tANXtQY8CdC3pSJLe0lmIIHMB7gTlf4QuyU2LP9 5NRz07fwamd09k3N3dIeAB0I+YJyeElO69772qnqpiGnx10uq5lnhEyvtJCyH1tS vWUvX0tyAFfuIBkdyCKMFP6zhHVxZCCa+r3W/qrfON6GH/tJ3aLdilvjwC2zQy29 iuNYYJoyAS3PCjC7CL41U0kAOBNJPka6Vqn6PwxpnxGaZZyFCSU2fpAvNyT2auOh CmLz/P0tNE7z7l1JXqao62CoPa1dOQJ27NbEjsoR3GobhcGQQkYb3Zsss/y1QZaa 9lkTdk02ZDXfPPyaIUY46+VA3VcHlmWxChZiiFpqOdV21aAt+f4PJLtspE2/OTEG GqHngtafmMV75z+MO8ExXvy5YrI5N+S2eArIteQxBjNs5DjXnsPjE3CGwb7GPx8T XMsEmWDQ7TDtqFSUzHAIb8EieTziP0LL2LOd9dpE8xDH1X0gDC82whSxUrZOa15Z iJ1sZkS1VRI/iq9/5zc8BX+218FfdN+rbHWZZAM02ge1IMyOsLF9qaaiR1K9ZQPJ lYDLcCmnS6Q1oKA2JvDOiB8sbrpKLsLk31lcqCrVJ9eOIqnA4yAijsCNiUjI1DSC TefQo1PVS8qAGhfkcA/4nw== B.2. Signed-only Messages These messages are signed-only, using different schemes of header protection and different S/MIME structure. The use no Header Confidentiality Policy because the hcp is only relevant when a message is encrypted. B.2.1. S/MIME signed-only signedData over a simple message, Wrapped Message This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 4213 bytes ⇩ (unwraps to) └┬╴message/rfc822 566 bytes └─╴text/plain 228 bytes Its contents are: Gillmor, et al. Expires 27 January 2022 [Page 57] Internet-Draft Header Protection S/MIME July 2021 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:04:02 -0500 MIIMIwYJKoZIhvcNAQcCoIIMFDCCDBACAQExDTALBglghkgBZQMEAgEwggJMBgkq hkiG9w0BBwGgggI9BIICOU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246 IDEuMApDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IgpD b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0ClN1YmplY3Q6IHNtaW1lLW9u ZS1wYXJ0LXdyYXBwZWQKTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LXdyYXBw ZWRAbGhwLmV4YW1wbGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl PgpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIg MjAyMSAxMDowNDowMiAtMDUwMAoKVGhpcyBpcyB0aGUgc21pbWUtb25lLXBhcnQt d3JhcHBlZCBtZXNzYWdlLgoKVGhpcyBpcyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBt ZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRoZQpwYXlsb2FkIGlzIGEg dGV4dC9wbGFpbiBtZXNzYWdlLiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2Ug aGVhZGVyCnByb3RlY3Rpb24gc2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1l LmV4YW1wbGUKoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQw DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gB UCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXP mrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEF XgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41ko aZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX +TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iP sIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkV fAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ KoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtK tl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3M RsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0 LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXw fDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyu OfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3 QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw Gillmor, et al. Expires 27 January 2022 [Page 58] Internet-Draft Header Protection S/MIME July 2021 ggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo 7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+95 0MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYW Tut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfC n+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9 COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAw HQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwH Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4K kkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30Uxf yrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HV X524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP 0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+ JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSz NnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1 dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA0 MDJaMC8GCSqGSIb3DQEJBDEiBCCt+Ik56mZTd2mpSgOXM38dS7jM5alU2FDX9/58 cga1szANBgkqhkiG9w0BAQEFAASCAQCxKLkx5li14OIOcH2tcWqcsQilPLgQ30ck qhJL2X9/Cl22ibOGNwL8w3qSEBeG1a+WtHw3bSqJx1ciRYcLs16ms23no5QoZ0pU fRLmQuTEgObCf+syiTGnWLj8e+2aRVP1L9yEIbin6+hFyp4s393zYhdMOPAP2ruI lg+BxoWXUjXso+8lPgqLawA+9KMI6tQZMnwI9LpGJmZfoSXdHWqWtjdotzZpqsKm Ihr8DBKtUetqgZ2zqDO3zo3W2L6EmNM05BJUmqwAt/cN+X9kws5dAqtHDQhPNTa1 WUX0oTTkMzn1RAlOxfowEStSnfDOOzIqg+L7LgiMw9jhIgP4/uB2 B.2.2. S/MIME signed-only multipart/signed over a simple message, Wrapped Message This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Wrapped Message header protection scheme. It has the following structure: └┬╴multipart/signed 4451 bytes ├┬╴message/rfc822 596 bytes │└─╴text/plain 256 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: Gillmor, et al. Expires 27 January 2022 [Page 59] Internet-Draft Header Protection S/MIME July 2021 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="20c"; micalg="sha-256" Subject: smime-multipart-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:05:02 -0500 --20c MIME-Version: 1.0 Content-Type: message/rfc822; forwarded="no" MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Subject: smime-multipart-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:05:02 -0500 This is the smime-multipart-wrapped message. This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Wrapped Message header protection scheme. -- Alice alice@smime.example --20c Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz Gillmor, et al. Expires 27 January 2022 [Page 60] Internet-Draft Header Protection S/MIME July 2021 B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA1MDJa MC8GCSqGSIb3DQEJBDEiBCCcDIxr7wd3VCCz1VBG9nySvUJ/Fhzo26f78El/UUbj jTANBgkqhkiG9w0BAQEFAASCAQBUmMGL40IZQmt3Nad/ymEUOLu3Dgfd/nYKuj6P fjKYJFb9UhwtufZK9/WyVtytLsFJMYHZgUSWU3VbHk1L/cO0469Rbqo6CqlLRJPK uN2Eul2UCa+3ovMIQ8g0NBflXrdfR0OVRqvfO91hLFkTxLfCDUG8ziRWOLWucgZg zkVXqEzvFyOtsSbr3GAY817wWgl1+PTFchO4XF+rg7cNysKqGLtjxP9lN3PcURYv TmooTPY46kheab7ZAzKqQI6go7somKmMqD7UsctMLSVZo+EX5/N9vq5znv7bfpoE Rgd+NZNQD+VYDIOU1FI5ZjyjHpRmcFpywjvHNbTBGlYhv3q4 --20c-- Gillmor, et al. Expires 27 January 2022 [Page 61] Internet-Draft Header Protection S/MIME July 2021 B.2.3. S/MIME signed-only signedData over a simple message, Injected Headers This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 4185 bytes ⇩ (unwraps to) └─╴text/plain 239 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:06:02 -0500 MIIMDgYJKoZIhvcNAQcCoIIL/zCCC/sCAQExDTALBglghkgBZQMEAgEwggI3Bgkq hkiG9w0BBwGgggIoBIICJE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1pbmpl Y3RlZA0KTWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkQGxocC5l eGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg MTA6MDY6MDIgLTA1MDANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl dD0idXRmLTgiOyBwcm90ZWN0ZWQtaGVhZGVycz0idjEiDQoNClRoaXMgaXMgdGhl IHNtaW1lLW9uZS1wYXJ0LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBz aWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEu ICBUaGUNCnBheWxvYWQgaXMgYSB0ZXh0L3BsYWluIG1lc3NhZ2UuIEl0IHVzZXMg dGhlIEluamVjdGVkIEhlYWRlcnMgaGVhZGVyDQpwcm90ZWN0aW9uIHNjaGVtZS4N Cg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3 oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsG A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4 WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB TVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoi ZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3i Ox7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLo OAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqU uqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8 v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNV Gillmor, et al. Expires 27 January 2022 [Page 62] Internet-Draft Header Protection S/MIME July 2021 HRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNh bGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB /wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgw FoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCc sTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPI FlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMG HjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M527 4XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P 1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1 SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0G CSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y aXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQK EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxh Y2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+S tijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc 9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rT iz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJ C3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfo g8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOW wks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFl AwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAK BggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeu KWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqG SIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2 doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVY eDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqG JdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQs Pn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcs m0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0w CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw6 9Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB MBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA2MDJaMC8GCSqGSIb3DQEJBDEiBCA7 4grfze+Y7DQEGFAYHyyvRpNkuuZFR0V+RvSTvu4FGDANBgkqhkiG9w0BAQEFAASC AQB1KYVvQNZpe3EKeM0XhJrlJNxneVmZWFCEl5YFeRsO8FeIwJkV65YtFJKjOVVy qYuZBGz4MsKaddXxAOXI/Q7cJ+70d9iOc1mL3PD2/U6DOwwhNfJoNSK7miYfMASV 42TMJWTt0T1ORJnvBitjkTuZDus1tp3xwxbrZTa4pyGaXEhBW/Fc4z6L+z8hpQv/ +6dw3+ORgfc67VTHVnsVVfb0UPrWvdxFdL5xYdqXxlhDsLMEms2ttHHzvjC003Kq As0xMHEmMpfdL5M69MAjvroOUv0SXETfQaxca7IKd+9xUNNRretZ9xz2kn2uD+k7 unTEyVGeHrWmQMw/8MdvEac/ B.2.4. S/MIME signed-only multipart/signed over a simple message, Injected Headers This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Injected Headers header protection scheme. Gillmor, et al. Expires 27 January 2022 [Page 63] Internet-Draft Header Protection S/MIME July 2021 It has the following structure: └┬╴multipart/signed 4417 bytes ├─╴text/plain 258 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="12b"; micalg="sha-256" Subject: smime-multipart-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:07:02 -0500 --12b MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: smime-multipart-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:07:02 -0500 Content-Type: text/plain; charset="utf-8"; protected-headers="v1" This is the smime-multipart-injected message. This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Injected Headers header protection scheme. -- Alice alice@smime.example --12b Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj Gillmor, et al. Expires 27 January 2022 [Page 64] Internet-Draft Header Protection S/MIME July 2021 ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa MC8GCSqGSIb3DQEJBDEiBCCXRoUdgR7J+TnI6kw8MpGtWVJPCnoAB+XfkDf78dWi cTANBgkqhkiG9w0BAQEFAASCAQCitU3JsEMd9FhqUu87UxYScDI1pDfZnX1vjges xBmmSy5lq5vvs+axKK/hTOR7YLSuLJLNwxJgDCPEmHi1hV5Tpj5mLH8qEXu4c+kK s9is53v0NvibhIvDEpnqNvL/kMVDAk2gTqYHCE2Ij7qcWWNhnGdweMJZsBvLy/Xi BLaD2t4qHY9lPaeMugDrxThNWEhjoDIoI5f7NpBPYvJgB7b1cJhXqil5weYrJiGr hyTr56lff+Xjs8qjgrrzdJ8HHeUsxDJulrX8auo+pIKudcu41U8Ben2M9nCiVbEG aqbbPK7xip5c/YZEaZWYAs8w+dif68J8Eo7QO/kkr45Tt5pf Gillmor, et al. Expires 27 January 2022 [Page 65] Internet-Draft Header Protection S/MIME July 2021 --12b-- B.2.5. S/MIME signed-only signedData over a complex message, Wrapped Message This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 5615 bytes ⇩ (unwraps to) └┬╴message/rfc822 1599 bytes └┬╴multipart/mixed 1535 bytes ├┬╴multipart/alternative 932 bytes │├─╴text/plain 282 bytes │└─╴text/html 366 bytes └─╴image/png inline 232 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part-complex-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:04:02 -0500 MIIQLAYJKoZIhvcNAQcCoIIQHTCCEBkCAQExDTALBglghkgBZQMEAgEwggZVBgkq hkiG9w0BBwGgggZGBIIGQk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246 IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjNm YyIKU3ViamVjdDogc21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkCk1lc3Nh Z2UtSUQ6IDxzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWRAbGhwLmV4YW1w bGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxi b2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowNDow MiAtMDUwMAoKLS0zZmMKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBt dWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJjMGUiCgotLWMwZQpDb250 ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlz IGlzIHRoZSBzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWQgbWVzc2FnZS4K ClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3 IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5h dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwphdHRhY2htZW50 LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHByb3RlY3Rpb24g Gillmor, et al. Expires 27 January 2022 [Page 66] Internet-Draft Header Protection S/MIME July 2021 c2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKLS1jMGUKQ29u dGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRt bD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+CjxwPlRoaXMgaXMg dGhlIDxiPnNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgtd3JhcHBlZDwvYj4gbWVzc2Fn ZS48L3A+CjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2 aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFy dC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwph dHRhY2htZW50LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHBy b3RlY3Rpb24gc2NoZW1lLjwvcD4KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFs aWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD4KLS1jMGUtLQoKLS0zZmMKQ29udGVu dC1UeXBlOiBpbWFnZS9wbmcKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFz ZTY0CkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQoKaVZCT1J3MEtHZ29BQUFB TlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hi QQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZz cWxUK3p0OWNpZGtFKzZLd2taCnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09u SkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkKdmRQZjFRWjJrREQ5 eHBwZDh3QUFBQUJKUlU1RXJrSmdnZz09CgotLTNmYy0tCqCCB6YwggPPMIICt6AD AgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY DzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q UyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVa TC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse 2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgC ReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqh BwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/P GeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0T AQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxp Y2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8E BAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaA FJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEy nBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZV jdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4z E4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2 MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YS HjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpA r4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkq hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo 0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQW l+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+ A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtw s1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPP Gillmor, et al. Expires 27 January 2022 [Page 67] Internet-Draft Header Protection S/MIME July 2021 dfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJL OwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilq kBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG 9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naI s3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4 eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXR n/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59 fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtB iN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsG A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4 as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNMjEwMjIwMTcwNDAyWjAvBgkqhkiG9w0BCQQxIgQgGiss 3bBs4a2FSojj2NVcmGx+Y2J2N13x7iIWxuaypk0wDQYJKoZIhvcNAQEBBQAEggEA huOPBptjY2fcRzq9DPryHFCFCPa75LnQl2zLijpFMW7qyswoyR6BguvTEzV4kBPV D2Sbh86FibwmvNdgzzXc2PJzcj6jtYE0R58tdO/ks7qOeIbtZUgpZT3W/wlEpnmd Pr7Df4oVEV9qS+vJh0iNASJspYwccPwIf5fKCPJf5H+xhQlSJ1rLIhw6Cu2ogkWB bQDijNyjP5jM1X7Xo3mP4ReuauS4e0DnnRMH3pDGUaKAN5dnEVqdXG1C76+yOBwr /foPN5vjE8RMtte3DtOKqGeWwsoEcjinU77z6d0kIWQqNYUNmqDHJ7O/yla0xG14 IPJnl/JphEWKl3FjI6iL4A== B.2.6. S/MIME signed-only multipart/signed over a complex message, Wrapped Message This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme. It has the following structure: └┬╴multipart/signed 5528 bytes ├┬╴message/rfc822 1657 bytes │└┬╴multipart/mixed 1593 bytes │ ├┬╴multipart/alternative 988 bytes │ │├─╴text/plain 310 bytes │ │└─╴text/html 394 bytes │ └─╴image/png inline 232 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: Gillmor, et al. Expires 27 January 2022 [Page 68] Internet-Draft Header Protection S/MIME July 2021 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="932"; micalg="sha-256" Subject: smime-multipart-complex-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:05:02 -0500 --932 MIME-Version: 1.0 Content-Type: message/rfc822; forwarded="no" MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="c35" Subject: smime-multipart-complex-wrapped Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:05:02 -0500 --c35 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="645" --645 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit This is the smime-multipart-complex-wrapped message. This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme. -- Alice alice@smime.example --645 Content-Type: text/html; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-wrapped message.

Gillmor, et al. Expires 27 January 2022 [Page 69] Internet-Draft Header Protection S/MIME July 2021

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme.

--
Alice
alice@smime.example

--645-- --c35 Content-Type: image/png Content-Transfer-Encoding: base64 Content-Disposition: inline iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== --c35-- --932 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 Gillmor, et al. Expires 27 January 2022 [Page 70] Internet-Draft Header Protection S/MIME July 2021 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa MC8GCSqGSIb3DQEJBDEiBCAqHXFyYQoKOPnaQ8OYqY4ornV0eciFU8bWD8ky9iEo CjANBgkqhkiG9w0BAQEFAASCAQAPH0Gm13RZy3gpCgSpM94kN7gG0Qz7gYXsP10Y +A4JB3xAPM1deb6TWBBbmoX8KktiMIIQQz+im/6ab96G5VlvSXpaAsHjTg8pkvMS K220ePIQLYGMgbf/h/CDO6kXr4D74QPwhaRzo/DKErgwlvY+osiwrC/srFXyv6M8 673VBGD5XXq8d8LSYQjiSpAQjyGu6Ddo4hZdRNzDQU6a6HRD6qYmaYszb9z6HMHL AR28J5t4YynW2Hr8/4HSZ5YMt+sXjm1nsGGqLsOdxo6VmgKSiC2nhx7QbJhqevQL CJWufMVWkvIX74TyfK6W0hl1x/pw0YfHnZMimppl69rRSEsF --932-- B.2.7. S/MIME signed-only signedData over a complex message, Injected Headers This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 5631 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1565 bytes ├┬╴multipart/alternative 936 bytes │├─╴text/plain 292 bytes │└─╴text/html 373 bytes └─╴image/png inline 236 bytes Gillmor, et al. Expires 27 January 2022 [Page 71] Internet-Draft Header Protection S/MIME July 2021 Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="signed-data" Subject: smime-one-part-complex-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:06:02 -0500 MIIQOQYJKoZIhvcNAQcCoIIQKjCCECYCAQExDTALBglghkgBZQMEAgEwggZiBgkq hkiG9w0BBwGgggZTBIIGT01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBsaHAuZXhhbXBsZT4NCkZyb206IEFs aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4 YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA2OjAyIC0wNTAwDQpD b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9ImNmZiI7IHBy b3RlY3RlZC1oZWFkZXJzPSJ2MSINCg0KLS1jZmYNCk1JTUUtVmVyc2lvbjogMS4w DQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9 IjdiZSINCg0KLS03YmUNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl dD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zl ci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC1j b21wbGV4LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25s eSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBh eWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFu IGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVj dGVkIEhlYWRlcnMgaGVhZGVyIHByb3RlY3Rpb24gc2NoZW1lLg0KDQotLSANCkFs aWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTdiZQ0KQ29udGVudC1UeXBlOiB0 ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAxLjAN CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KPGh0bWw+PGhlYWQ+ PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+VGhpcyBpcyB0aGUgPGI+ c21pbWUtb25lLXBhcnQtY29tcGxleC1pbmplY3RlZDwvYj4gbWVzc2FnZS48L3A+ DQo8cD5UaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBL Q1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2Fs dGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRh Y2htZW50LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlciBwcm90 ZWN0aW9uIHNjaGVtZS48L3A+DQo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxp Y2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPg0KLS03YmUtLQ0KDQotLWNmZg0KQ29u dGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6 IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlWQk9SdzBL R2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0 MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZbkN0a0RL bmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpvMDQ0N2dZ RHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkNCnZk UGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLWNmZi0tDQqg ggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0B AQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UE Gillmor, et al. Expires 27 January 2022 [Page 72] Internet-Draft Header Protection S/MIME July 2021 AxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0x OTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjER MA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY 60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6 kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b9 7enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMs wt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5 chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQAB o4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4G A1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUH AwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3 DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0F AAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX /4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U 8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXs U4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZee gSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo 2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJc OvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UE CxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MTha MDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5B bGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0 iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7 pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rB X7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQV tkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/ 2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVC CpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQ MA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxl MBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQU u/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpn HGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40 BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeq AH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ 2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYTo j1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6h noQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB /AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYD VQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3 QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzEL BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDYwMlowLwYJKoZI hvcNAQkEMSIEIEZJTcpCQRTwXEI88+nlLqN3b7JQ6wZ3y/JlosQRxxY4MA0GCSqG SIb3DQEBAQUABIIBAEj1f7sJy7g9/S/3wXfUqyyg/3Sr/4H7n/Wyxg+FP74Bi0Km Z01zoauH8fpjsOg0fS/ll14j69FCkaFUqHYotT6kojdodBRM36IGMIHEPPYH6pAL 4K4CPk62J9PWRwlX+6HYPr+WDfSjzGAL5mDTzYVAuu2aUn46SmTUVNDv3UBaxQCS sghtVe1snSHpJYz3LciIWyKrE+Kpw+g6cb9hVY/a4p9jHu11x7MfCQddVg2qjZsO Gillmor, et al. Expires 27 January 2022 [Page 73] Internet-Draft Header Protection S/MIME July 2021 9TH1X9hfSzxV6bmFRZ39+MU/mOV2pxVYXyDnk6BX48PVx7C5tFWDtr+hB5dEQ93i sQt3VRgv6NwEiyxqfxyQhHgpJY2+DqhoFgwbhkI= B.2.8. S/MIME signed-only multipart/signed over a complex message, Injected Headers This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme. It has the following structure: └┬╴multipart/signed 5496 bytes ├┬╴multipart/mixed 1623 bytes │├┬╴multipart/alternative 992 bytes ││├─╴text/plain 312 bytes ││└─╴text/html 396 bytes │└─╴image/png inline 232 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes Its contents are: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; boundary="a23"; micalg="sha-256" Subject: smime-multipart-complex-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:07:02 -0500 --a23 MIME-Version: 1.0 Subject: smime-multipart-complex-injected Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:07:02 -0500 Content-Type: multipart/mixed; boundary="d03"; protected-headers="v1" --d03 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="8d8" --8d8 Content-Type: text/plain; charset="us-ascii" Gillmor, et al. Expires 27 January 2022 [Page 74] Internet-Draft Header Protection S/MIME July 2021 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit This is the smime-multipart-complex-injected message. This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme. -- Alice alice@smime.example --8d8 Content-Type: text/html; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

This is the smime-multipart-complex-injected message.

This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme.

--
Alice
alice@smime.example

--8d8-- --d03 Content-Type: image/png Content-Transfer-Encoding: base64 Content-Disposition: inline iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== --d03-- --a23 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name="smime.p7s" MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT Gillmor, et al. Expires 27 January 2022 [Page 75] Internet-Draft Header Protection S/MIME July 2021 BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj 8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz /evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa MC8GCSqGSIb3DQEJBDEiBCA4lKOx9a084fB6gb7XvsxC6U70hVOXe3FjeF9sS6mN qDANBgkqhkiG9w0BAQEFAASCAQAfMFJgqp9Vb8dS34Kz4fZfKGA1SMbqun/XqC6S 9/+EpIiDL54Mw3qug01eU/ms0YoBlu8aV/9CbC2DlOdPrFCRuHTWyFClWgi2X5Mj fg57SXgGd1KJmhWAtcNuI11l1k6TeoI/pmU/R9tNKrF349tDVHZU/4GWUfuyiorK t6TQK0/Vf+JUySQVCUqnx+Zb+bhvWmKfKuX0CJDEOyD+kH21ar0HMNGLK9S9R3MJ dfL9+1PmXCXsTP7TIhmnwCJSpBJpmzzq345uu3N52/3SsJYrahIUkbPLnYxTAKDD N1k0ijGbEofDEC9RtdwnoGPfv1UG95LK22Ys3tLqApQqkByY Gillmor, et al. Expires 27 January 2022 [Page 76] Internet-Draft Header Protection S/MIME July 2021 --a23-- B.3. Encrypted-and-signed Messages These messages are encrypted and signed. They use PKCS#7 signedData inside envelopedData, with different header protection schemes and different Header Confidentiality Policies. B.3.1. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7345 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4436 bytes ⇩ (unwraps to) └┬╴message/rfc822 679 bytes └─╴text/plain 321 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:08:02 -0500 MIIVLAYJKoZIhvcNAQcDoIIVHTCCFRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAFHb+aM8bhyJ1nFFuBDyyBVQf2IplykrvvYb mKqBk08i2gecPSOMTkW5e2oQ4+WT4rtU4E0JXfMSA2KukKc+QUA3ycVCoL5zhetX GsEx74S5P4JMY/uAoyBlEogGNi2lvagvgOGkqHJCZAjKjPNmqyTfafyv1Y4BQRQ+ WJi7mURDIbgrc0xfcC/yt7UWxFlfUhm6n7rTvRKhe4D0EOOB8yKupUgcDzBMTw5F P9HEy0vFij12+LNKSsOPhVp0PbPkMCVi+ERtXEgV7C7BRVVYBiprpYJxJryO9t3E jmIupqHZMgXxlAKFpBsdlPWfI1mrMVZTBpRgy8Bds7CORgWbs0MwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAX1PxPDDlV2Wo766+MhR82lW8 Gillmor, et al. Expires 27 January 2022 [Page 77] Internet-Draft Header Protection S/MIME July 2021 pD0GWAM1ScYPggh4t5OFmSjFtyiqawhMcQhoRsAkGV387oXupYXH/lkaD7nIdZW+ pZK1/RZUU0txvlsRIpJduXcWm/Dsu0lQtQSfcg5FaslSMjBpMI41BD2KC9M5meDP NqHnzNMFv0ZiPO6x+bTCXhds8WTi/B2DDyXGjEaN6RUFw6rKNXwbXoR0DJCMosF5 55gQuo1k040YMqYRwdsJGETr/r/JaEPwNekogAfuXBkNE3JQB7aVgePp8mIZNIIU 0nP6eXp95UwLsoA/zwbOv9XSYgQDCcQ0MWycXmmn4ysbeWi1p7P+6CLwgx/TNTCC Ef4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEN9EoELwqIPQUHcQvENM3K+AghHQ 7MaGZ6VZ5f9fpYjTHCbQSjcBtsF3qd7/z94CkYE+Fdt4Xtm91GlDSRONaVuT9yV6 vd3hoFTCfrX1aQSzzHn3SPtIh7ySaTG70ctsXP33UjcMjzDbvyvfIl1mxsct5rSx e+cJ4z++pLB0vQeq1JlbuqY8SkSX9FyDZegnUD+zCB3qv7YSZEwD+EjifauMcrl5 p29hRgVx522WoILf6Ty14stVYot76cyOYE5AlEUMxBg98tLLzNgvgpevmhZwNzby B3v68cMTXh8Zm8UB6F17oxdLFIszhEMnM4v2RSWB5O7L5C4ab+zWpB58AcOeIesg E9TvdhcJVsiQHLMtVqxXcyyzlh/T1g1YZnfI4+Q0gNTTS9kp5y2Jpl8AWiHV3lJH ltigpNDSlfbskC4ZUKNLmwMTed03kH2leAZGK9afAC+nNwKvSlhWovXXujmTwGao 8fQPc9cKfRS3tx5dOnEY5A6ZPbAx3SkcdHpUc/Z6Z9at0NnN80ppl55sichJeP+Q yoWX/IMhZwNksoiP1Wqa2KYGk89l3EvBOOKMH3G/IOcilg75VxjfKQ/IrB6xrhb7 wY3YCV14MtJ4T9gi0rtkXxq6YfJ6LQVXP3BWpmlf3xwxQn3HUsQNFO/dESQMikOy PgNT/wkwX0+v0XY59maI2tF9sMFiheLeRRjPDbwaXNCX4ghzpOA0KQ1+0/upcXPd O2sskI3b3qh+gbRhTUOxAMA5i/POQ6QOj/0jxfbN081YdiHE49jlx5MA00u/yn2V WKlDkXE570tX5Z3upvQvLVYuc7+hfsr0oIC/A+4UKzt3G3kjmHqKvkPeP4ytu5Cw VxRQlhl+rWISO/EzflNHsgNwE/X3eOmub8vNl/fX9ng5hMVaz38pAQyQysr2Rg2s ZDasrLS4kWuGOtv8gXD+Lm34r31bQfl+0NoVpJFV0iHYzBcmL+refdBec9Jfm0yI KkX1YkAovvlnYL5ZYzP8E08hNtZW+rln041yyZa12hRlORO6lBqxb9W23vTgU4O4 vIRppUbJrf6tmYQMiYXkC+Kugur1nBJtEbLQ2WurYFSkdrrZYLg6+cs/K+sGgCMI 0GokK2ntwmLWHCVU9w15i+7G0HYxZkschUQeIokU2M6KePbp36Mb0vQlVJhlqTmU HdW6EDk+iXDNW72gZccDyPhZbhZT2g4iWHl6xA5iydhE9le80boq437OlgMIHUkS 2+cEArcITxmKpDQWxREYF74jJyz2Yf8rZY4uI6j97+LHYlds7X5HIIq37xVUKUud sDav+1XMQygilVzgdQ6MTKH29rK+/OKJhWZYn5HDGUIa4GzskjL9Sp93xG+sRvtP tC2bhURNdHjg7HyyH+RldvxN74NiFrNCj39TXyw5Tzs44nxsVqghdu04BYMm5uGp 9rN4c7Asn7kfjg9rmntnmnmBotKncRM4W1ybT0zZ4QoBCvl2306QKgll3Qiv4E2e 3l/POH7VEtTBeYph3JUhCjoF/DU7lQetAaH3sKDdRqvxb8pjvQKI+q3NLUhYMLdl /HqrtNXq4ItRsfz+yYsEKlw68fPncK4OEVjxD8e1kP9iccyhEWK9sS+zZmsJmRP1 +CzHNdV/3F4V2eaa+YRiBgerv8jjqKhozquzKBnFerDrGvBnctYkBCL04sGowv3c uxADq5pw1sBo2XIwsA6/hKtCijpkIOiPjawE+uKwDiQdGutdxOx5v/wk7McMU0qO tjhrKGa3WqQ7w9lLO/xqNVBsGxKSDsyCZuKnpYlg3MgRK5JEq7GngLiBKRN3EErD f74gk2ZQ5l+41eokY/3YTYhAFnDabzhxLK2vZxuc5JWOScoo/Ej7AATgKkhr1U/g CHvGyXxqrozMu/Vks564d4QTx7SHcOzJs0pIeN79muMOwEFYBKnQJWZPxyzZ+Bx9 p97BbhQwhJ3sCJPiwMrLUJCI3d/DDPkz8IPru7rBmuYfTJv2buakTrR4hwjg8oK1 2YnhHumejoHzR9EfDQelF3hYZSzwCH64ODMsSXGCRZjps7Gu1KWvdRxAiZHHCCA8 98vBO6pjBFG+J1KVufCTecBAyFKQOToYBMiQ195wzucZjnEeFtBDlaSwTJAx8rM2 ROR5DasKHRqdV6i2LV4b/3Xq5CUqZw3Q/kZcdSQTrqtDafc5lTLS/dPdCVWr/XAh wjBgP9alKi33QhB73CFNTM4T9HAgR4SkqqpfEQEWkcJOIE3K7pfcQbplvR2uIIdg gExjg5vyMloBFEO2YBcBi8bzUKF+sVpIkaOyfeD/tUydll0e/eDkwMD6Mx01ssgT POJKR7EggddGlm/BCB29IekA5Y4Ydc7GslOFhO8zC2LCm5OHfNgzCaOos6lZtpzA II9ihCb2/P0VRO0XSJ4RoR9Srj4DJji/VlzHqqswZJQyzqJMRJT15mQHf2tOmobJ PCHpkJVwJNjHphbKTcqfokzHh1YnOvTJ2f0svarDhV8H3q9cM+ODMDPFOARjZ/hi ciDo60l0MciMAYzh5CoAbLQgzlHNUZIM4CCqidPVzHyn1lIifhH+yEWkXkkCO8QV 1kDFbwmBhLRPawpIxsr7QuZ0aICJBdGZ2Xwx55VAbht7SObllNYbM50QeMtpzJC7 0vKgPkoctvuqR8vO4lsIqxUc6vtHW8C8YWHhz8g9oLBPeR0o/0I4+AePScm/BICy Gillmor, et al. Expires 27 January 2022 [Page 78] Internet-Draft Header Protection S/MIME July 2021 DrnYGfFM9C/rMU+PateE/dvsGiW6dTm+9SUFqEqwIOazGfAwE83G85ZVePQ0Q7RB jxvZkgnSg7DZkbuy1EmSRUa5gR0wttH+4jVTYo9Zqrjw7NOvn/OLIIYDcpxQBrUE /ntfknMq8luYOMou8YJCIOtx/wL89sYZhJu49H657dGB/A2tpGRVSb82OIei7rhu +9quDIPXoPgBcEPh8k5eLtF23XJTfTi2sxD7WU1XwhiX0+0CfvQNFt8ptJUrPB9/ GzNzN0brNex9YUbFEAeGh6BiopGlTAeauu/VSc6J0Dl2uxLtt/sqx5riBDvgiXpu vp+N22l3sEjyMeQ1iO3EJKhAHNpAFbMi6uEeMVCNneg9IxJj8lodiCaWKxjQafhY i97omBTNjLQWXj3gCyIr4gK8aD9jrcixrPrUuK1yO4jdSuprINoQcDLE1T/yPd/O OTwDZewzygLHRI/2eg0JPHtjZer/m+stDLbRxnhKGfwjTR7Redk0cX4oLPiyVI40 mRZ30OkMZ53iYRvzrsChO+L7Z3D6q5nZ2vO5yKFvfHgcmy3RZW9WyaiCF+wnLGD+ gcOtrcMs+SYc1FO1xCpCNd2obYK0icviIqH4TpAuSrW0bYCtM6hzoDdbW1OBtcal 08D6XVsUPgy4o683tf5TyqMZYqEssG6UbY+O8HElcJ4p1jzb50VxwwFrMkfntREv Birra5k4+/Td6nOWE/Ba6lCOWVC8cBy1qp0bkKsm1IWNrbbGZmfLx9hgfLtxtCZQ +DaWbvzEEeH6qyGy8VR/rX6kU0+rHMIyohPbk35VysC/s87OfBsuUheFCigfC7xE v69dle3NAnXQpCE8OyIlL063AWlQBxEvEMfkutCX9LM/w2h7PI7DGu71Naj1CxTo g/74mJrIT9lneVCKlEpkmEMCimLd5NzjUcGatCLu574LfGpsOEDRUDvIi8HBJOAP spptpgQ8LMAjnvWilPQZcbd/0WvRzzKEp8i5k3IvtVHi/aFu9lZvnopgDJe43L30 tT3Kt9d/ZjHRswW4MT8vnCiDkBNF7TTyTC/jUq6pOuHglfc5H6QRgEjow/maBCB/ ApoGhlvCv+7J8ExVzkesaqrcTWQpHmq2szcTpnnhjgzV5W9CHGv2R0GcqQGHvkBB Ds4wYl+OKDQhXczbqX7C9bJOjDb6hhlQhTtlO1/M5iBdW53k2OCcliV056KNLFhd yLDvXZg7r7IuGo75lb9urObCI/w2KGDfN3P4Y8yRseJeBY9m+txWMJNyhCyNJQnn 7jLZ3es8cx/zQC/6AUQtNrjHzM+sIoSxSHXnS61Akj21zY0qyn6pZalPgVM0HIy6 I5r4BTGdIeI/kc6LoKhrfgeQnH6PwZmmddNIFQo6la3lpXuWgOZfqWOILo7L+2dR neQ5AYaQj0QdH8z8aYrIgwwFzxFzETtnGJkE/HoN/MNGSaMD2x5b4y8ObDpvAkG5 AD8/VxZOsBJE1hTz/v7DBFY062MdYDbKHkBSOAxUPMI0ivu8yV5JzC6+x/98L+C7 NJTs6g2OIWXqgAX+NHZbFDdeIYMcExoMH8R/mz1zLibFZG8f4Buv73rdhwuRQ1/F aKAxL58efL/ppkEvFEGrJhOKtXjQv2mEloseTc64JuG7wXql0/LW22Fiw+b9vP8z aowf6DrVDB4CiZBvbjpyk/t8EtByn0JLq+Qp/f5FgIglB0DWteA1PVC22i0zlg/d +aVKtOHRCsJXupP+jIjdJUekwJSZCid72SmwS6lfCinpJlVedq7OOA/SrJ9eg5Om Etg28g9N3x3BzC4Q+gI5CMSKlfC3d2xHohxxdkwO2MJWdOXbjwPaPxgqYbngJC4E WLCXLPTLw6XuTJ6lQJRpF3kk6REmqnRlDz8Dmm3ocpCcNLa7Vo05LkCnZfUvmZc4 jw/2JwuLcZR9yooiuHRMZj/WOFzRhPmWQWwCESCqcKYfNnXLKVsOZfWaUbNapIbA 5EOZoVpFQYZRz00Q7vdSodDtJ0REPxvybjGomJTYm8VgsICQZVTAhU8cNkRgh3KF tqULWhLK7TzOzl2rrr1+LuSq1pb+QM0Az4ALYByeWEKno920ZaCfa/DxxMitx/Zy RDfAtYiUzOmtWKcJnGfPzuInCHQ7QRYh2+xDh/o9k5qSeSV+lrG4MlI0sptm4lfN W6oEJR7Y99IoIt1enqjicyLDYpJavZCgMjHznCSPffWziOB8Vy1vpbs80mTQlvN2 J2V6HqLTgDg27MO6vZoBjjSjBdW+AJcwOzzY0eMvT+hEkLqcSRXXEB40Wr/qtwFv aLYhIToRENyvxRbQGmXWL8iT2mCs57m1sr0tvP2t7J4DWbp4CoiPY2IFLC4vZLK8 KgfPwD1d7qdZEwykzn9tzisOdx83ta0qeXc02kXsvxglglxlhO+DL6oamH2G1BBz yVVaDnw3C72aV6BKL5XFjbW5WdqKr0/2Gh8EE6IPZIw9TlMbt2TxSTdGxXDgslBB plIDqlQo47imspSjw1lbZm/duczPWuDpNW1f9uHRyIPcA8QaqXA+hvgeLbVpJuJG 6Y11FEYeIl+0tX251S9qhkDCvZ8MIZZ2muqYoB/Bac/CsbkoGJHgF5kglRNBMCZv aUGnTA/PaUEDyHJY74VsJJFVv8Hbsvwi5M0AUuAIIy60lGL3VZqQRdQjInJKEXIp szLOcHyaL8tHY0IRSP4XaSR6hiEbFJvbPUIKS4TqTr9N+mT1FeVkJXxjGJVqwcxn GSohbJc93gt3r2sS7HAr5fhJI3xDyXIYhWmRIQatvlKh5SXsg9wSVMNFn4D1Ql49 Flb9J+ydb3ENJlVnOaKGC/hyGhULNAUTDyg+pqz3Nu5lwejgFNgz3/W/KPNnIFnM 6vJto9bEpNKATOOBLXW20ztJCjgH0DD7AvQAVTGu8208MBL8PueUDlUysqZduTay f2aVXIcEfPFwXR8lzHtDe87Iu/RqKwPnkHy+nFRKUSVhyhQ3EgnWZpLRNzHgPxvf C74UbBFrBARWFRty28HGPqM75jNsOIsquad+9gxleRsuPE1klsjiXlvDTltrEYE/ Gillmor, et al. Expires 27 January 2022 [Page 79] Internet-Draft Header Protection S/MIME July 2021 EF56h9hdn88C7SEO4KFMbI/6ae62JQdpO7CPgq+5YGHMVUZeQHJZkfLAQUVTCRQt cZH86BtnMyKPZeovEd0guyX0kv27gswviZXf1h0ey5voAGw0EH9j6+z5SN0sPhry AzwG8mH27qDlrrGCn1gX5fOS39+xtuuseqAW+iQgDk9IGrqAstMQYRW1kRYXKQlg y/1c1Q5/M6kyq5M2iI9ggd7hrqTcEh9Xy1dRBPdCljXyWZo2eTnp0n9whXZbMtLu lIZc102dTwLWWXM7uLK3xDQS653AQKc8C46DW3GslHl5+jW00C5orPHh5xeLX9UO B.3.2. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7305 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4406 bytes ⇩ (unwraps to) └─╴text/plain 333 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:09:02 -0500 MIIVDAYJKoZIhvcNAQcDoIIU/TCCFPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAEqWQtP9NMp0lborDI5F55uEoZxerbw2f8G8 04jr822TF4ehQnzqtlSmtb3q7XZZGz3OVYv0JOO2DWrWWbSzaaWHXwJ8HdM0vxiO 87SvZMWXXzwrZSyrabmCte7HhJOo0FYqMphkC8UoGtIE+J5Z1XpZqjpiicTDHZPD qKPIXCE026LS1ujO/1l/ON5cBrdMRlzEE/tnl2vA3e95pUEM2ILObukZPPKLiTfr ejLM2/oQUklYmh54leeC3dQA0xIf0Wktzrp4qt/qJPPKI/RCw/JL0Saf2x005pET PBRhxQdPEyjKfBRIOm/FMa+LkAqzjHlJI6MbYs7a+zAZvqH/tXkwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABaLUv4/qgPpg9LQVoTctoa3J 8+wK32xlFwCr3LzD4A+3AZGAzqgJ6roO/cyDbz6swNjZQb6IvsHrxn2hCLyGS7JZ pxaqvNh0MTZ7ppvAAMY/cbtim6oo+aR+YBFMuUejNy2Lf4g9Qugs7C86BqwT/DDR 8012vrQcTRVqxxgtaJtTSHXPZVQeoTL9QvyvBR69XJ4fNvap1F5CVPlGONwVWgYd Gillmor, et al. Expires 27 January 2022 [Page 80] Internet-Draft Header Protection S/MIME July 2021 7u1FQCViH1ASwcJ2VMYTAp2vWgrghn6taCB5NuzPH6TLqXM33bzaEZ9+7ya0kOyC h6PtoTm+Sk504F3qTf3EZ9l+pZw9dYKmHXnJSXzhInzob22BUwmi8rmAhyz7YDCC Ed4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECnEpHap3uuwIy1DMX4JXriAghGw Y9Dgh6eaEPJSGb2YLpt5P4NZqy1iFQN5A5F/ejZ+0XBWbhPihaoCRKaixUL0XFx0 f1THjHHFDNcuiZ2dxbGtWtuCZkxt44ycJ2GOJpCNcWVnO0aJckEyiPxhjn4yu16d pqbT2G4Pt6DEW8teMJFNpaM7AcGbp04KTf02zIy1PQRjQRafhFO8+7Jkm8ndRPUP bNfOdLq+oIErDaMDlr84VyUEaSjJzIS5xh7+Igilk1O9cGQViTaOEtDhhL19sWrn Tdmrit+/jso6IPZKIlkaA8U1sZ4B3gWEjyxOphDKmtzOY5P5hQNcbXquk6CQT+N0 2XB5h9OdYPQc5hSUY3PxG0WwUovzQGAQLH/LwCm57sjfSNdTYJO4NijQB5kIzmSI 8KLqLquMser7JzSyhGaatw3zC9rZl52FUohJQk3OSIzeMhJoXrQ1lyWEQOSfdCFo +iaV7OjHoEYQtmmcamzZwOi18JN4FyufRh7DyCBi4RoDx7OwWgKr601VrhcPZNwV r+8Ysuqprpb1YEPlE1cqL0ZxVX5z21UQ133U08p4CV9fW0TuuNnMFRARnfnwoXFS ORqrSR45G/274tG2/j3R94EdomMSJ8/Zx/qf7fou+EkdhfVNB/6ANb2jAm37bUeg I89QvN/BTVcXwhMDsYV6OqPMaHwD3B/O7yF8HjyRiVh78bUX9rU1pIgXSrmnnuyB 1noOrWKpacjxQenLebNa8CZVG4ZpQRa3f/NXOcS17auNb/qoT/xtgcTaWb6jF5M/ D3ulDiILH/jCyDaglL7ItSzTKu2BCH9tNXy2DVV0FSMTyfOLrYaZpYGLULvoly+u yBqTQram5ZxmWjGhM80snWlmaB4kQ1FBWoW++rnEbQ9JEL+n6UxTJHBbR6bNuY7u 5jjYih1tEKM7Y6cQbWn/PykRIjP76mukR/PI84WHQGP+n6K8QjCP32Ij5v0BdXCN KftDYROYNGK168oej0ozUpPnz5LJw3vbDEFzMVVCjEY2qOD7EdTFAYojNwL4IuGW W43/PKeEi7smTQWxGWrbIFxPwuuNKyMOHLGiKXqSJSzj531jTiGasWVpHibEKlUS IWOXef/7Q/PZvCa8vxmVGowSQ7gWQTVEohKi0MV7lYuxDTWRacPetjFzkwOZoTHF 5gFV+/CY2W5VXVSKIR5mr/jjQtBu+7LOAep2MGq1u1LZJgXDaOkPR5Rz6orfCz70 M7oE85uq430h6goP4YKeCU1sxSE9YXRqICN83AhY7JCzrP4bKVnKdia56XEmxMKR LQ29Z2zSakaIPKbSmxMuIqknlOV29PGG1KztSDonWIFVVLJb6Qne8altI7zTxml1 IMi5zxcto96g35HGN1V0h9zJKA8xOf6q18yhfJnWQ0ONkMpfHrHPTOXaU1r4hzm3 mPEnuG94PWMw6EKi485rsY0tZgE/PZr1slDsxmAO6r06mqwc5NfNZoHwNl6WFWZ6 1uRmctWEMW7gHeqly4TfXH4QiRMXAuzDdrYnVjWGqNlk3zEY/v/ppxI/woU4wBmw pxwr3LTvna/8jpkt060hM8ZUkAs9zYbtQBGLqrSy1prf+nplrXDQhkIgbV3Lpx2H hdMljzMyvPJse5AyQ42L9w5SZa0vIA9t7Rn+i9LKxjpdMsY+zW7tgqMhRTd6U9pY kfRsOnDJJuv1ypSBwbaEfZgiNtUkFwuzQRrfKLqjJeKCXw5cpad+f4xPPPc52UM5 RnJMTFe6UFlNmodzkyLr6pltMRmnLxs12uTXHR/9z8Ni/+mUWg8G/9aTwujB1JOl 6Le8TE96yPlWqF//qSz8WJVWgTrfPGpQkwpzBWaV251LvgKzETe16/EY8zo/G3nN ahlOW1aeBxbKm2VwtGwZM84bYWaH0cLPAQAvkFhv5zk+5pgC98rwifhhXTefYA2P 0D950lUaTQTWkjrw6t2kzg6mQ7TF0Ee1i5EW+SxVKbd266MQgSZNhzXsFTgs8XA/ aNmXLx2DjpbQIjI5AzvE5YWeN+d5lHDee4Z54sDp6GsqpYj136AHZIE6I1jxxi8U p7J7Bkc1zs/4FdY9cGfHTlhV7ugtaENq3w5whavoMgaQZIj0qi/PyLBSFrScCK15 3kfdaRRwdg4E43PqQDRW0e49oKWX6VxGzqVlsOhzo4Hq8GvMhvSjC9gJQK1hIeDY otBZIhEmOZQBq4rlJ6nVaWEPJkfebn8GB2xkogf3j+o16u4rv+djux87+QJ1h+cZ vOIk/12eJaW3cxzBa/ckfph6TAPM1wEkcdxpLtF+dbNc7WHXK6NV8P5zPBTq58mC iCpwhMnRUKY78wOdsAK5/oXl1bya5fFBSrVf7lPPyADaw09puu5di9cJUyOGEcH9 dWWI29MnuhJ/+GPGLrT+X36CDc4UMuYHNqGI0Eqk6XuEUgZDwbsmpYUt0J2zBvu+ Rb4xAIb1a94wXzsAQ/4aVKaUSd6ofjycbzcc6aU1vyQtqAOZPFP7S9z3dyN1LCA0 Uiat5crCQbVhJQNVMabkFBOWIF5kGIIERqmupnlukf8OFS+XGw8t24PPq4os2MnP xtdZMOlmE1wvFlcD2/thU8hfXUfYnT2qmObikJpXQE0e7BAsAnYQj6u05eboEhfH 1bx1ZsZX+8bb504ah7QLfuqwAg9WTzdWooCpiCuYlAS/I7Ey2JW1tna3BZMCYMJi SOD4yZG62wfP4QZFvv4WWKyg+NYdPj4XkHse7Yd7qTI5mxCr7bjtccBZi80JU19G w+OvdypURyiYXylUYolj55nFnEUX+IP3/pToBWpL7yRizP/Q98xEUjoOS1QV9rz8 ppg7XjBYZrns2JERC2L2xQUUfBgTtd28lNgCt02PwnF8F+KrS2w+kiJZI9CvN3ie Gillmor, et al. Expires 27 January 2022 [Page 81] Internet-Draft Header Protection S/MIME July 2021 No/ufb4uOFLlJU+YWC2c1kBb+5bxF1uVN2jhIfZRNXzbGVVifpTsIaz/qddsFtnI 8Y6yhImBpFCrdzt9GjsZjdNRFwTy60fJrXdkzwQgTwR8k4b8OF7AWYPxqgLHRhRv v2P26GOG2d7+BhGyZcaiz2y/eleV1eG/rgfqYHi+a3IDAa3Iq0hDg9IQ4x6/qh5L viDAM70hN8kqGkg8//BaXvgETIIMyupmvi7nWpBVKozs/jGI90UCOSf8uJDDcbnP XOnV47XI0XufAeIdxKa30hxw7b9UTqE6DAe0Vzc3qtWLscadPIxjHOoko+PGoUOe A7w0vNwutU8beBDHkhz84Ni9hmSWOy9A+7J3XFMm7QxJJTmKoRe5bySvCy38god5 12WxVrlxuftoGPf8QYtLc5F7B+gx5i8Pv8eI/JJLMnGBdci9OUYkIe6IAw0zMxjz 0wPzIITHL8l5ejE6cc+Gy+SwVosoa0RC43n0AzP4BWu4wRmJungQTSzMUM+6xb2k ku3XkjwdQLVY7qX7M7AbDr/7eK7ojWnixTyNY75zqObQaoyhgKJlD+6iwadbMVq8 SYpSY2EUnFSVM3+NeGVF/ANLoGcBHzYiokQy1HQZlTpB/2nYA3kBfL9mZoUxN0fi Ca8uDcGvB0MsHne8wvOMv9A4GCYYHSQxZ+SMtylTMtZ6qENDdRSz7JFC6jbaho3U KM5+8iyAbXOh3PnMNURtJ+9+nFHI+7Uiudkoel/ymgOZgJhrKkbSd6X9i0f2da/F SeLx1jFtLx8GDkwZfI+8N/JOTsH0/0tI5gW4UUvWoRtF3XUMU6ZFPnkCK8GLUCqs eCgzZdnCV0tYxvZNtQhZe9prONcE1bbRGCJ/OeZRNKKH2CrjdLG811wFC47KfrMD xRTM9wFxVsFDyr6VyhxojPuEz2OjmxnStXyd3nofcVVr8kI9VxIqPbRTLvlzevRC CMdeZPGMgvEPLXCWAkFTuqpTYwWBx+aHDGj8EPWoVKp/4DRwjwYMEyiErQjz+a6c 0Kg5lovwNc0x3w5qx+7aU5hA8JF8YGj0+Oj4HdNeFs0n5uAqSXI4IkaiMcik3F5I pJRwI5VHLfm/UoeazisJ3IDq3TKAYpeh7lSJ6xotJkZnqlMBFzMA1vu/WMN8Ymye 1GUEFPLgoRiukUOrfqDC1pfgYKXtvRsJRIFMPiaT/6kGDMA6OOVRjNOBO44OxuJJ N2o71Q7+J6/Rig2Gck7bEVmmaZdj/lgrD7H2Hs/aUhFS5vQzdCnTiXBdcfUIyHM3 AsrOlzmwPgBup6FH4GW6oL64cFGmuSsCzkCwdXJKNt9AMq5h3efJVWhnRnldAYKo bgkLdL4u2ls9R802FQHqC9WahhGh7EF/fnVGE+yJkFI13jJUC7ZSU4W+QTLYR41e ucYxmO+DmK9UDLOXyExJaSqohfaCba4nz+Dw2BFRSgV3JG3RcbsLsfcerXwQdyxl R/u5ZRt3SThNNz/UIgkTZXTYMWZezQbHv6REvER0rwlDtMXpg0/rcPcH6iGSKEi4 Wn365bCmBTYHd6mCOh8p2YycZoQBgqGAxfSxz5q9OXJGIikrou7UfnSKTHqhubXz PVmNwGbxuR5FrEYkR6sHQwpF4Hr9pbiqq4OZFXr0NvdC0fB7LL63x9XWV+TFXnPE j9ycJeqxVQgB6fQ83nNfwb7WKCe4waoEARcZ2CNY14V3pePfZttMYwQDtHR7Ssko VpjhgDqoQpMP3sdNFR7u7DqmwLkkhwArU1J0LynI72G2IutRxnOx4hWxiNizYntB d9bjlUpcOt7UYf6mDnadqFg6gQa69YiYuRR5JChc1P6LUSVTyNNMkCznkoPVOWGm VQvaEPkWWZI2/YSmZqtBsuE2G2ggK6q0nRXCO1GxjeNuoJkgaedceHrGFtnyfQBQ gHG1j7L1HV840nwdJNS3nMhxceof7nQVsOyllcdHv7Flui5ZSxPzAJb6turW8ssy xU8838uMVgqwnwVzj1Hz9mGguIeGX4rATS1tlvVR93GAebDWcEBiGg2hdJLfrvUF Gru8B/HMtDc+HFwyDICgwVMrjixqb4QlOMZV8X8B2NdFG66U4KMG2KCmUeVU8ExX sCMrf0/JEVC8uXZWUNXby7H1u4rMH257aYkhhXwh/obKUx9DDqkWxW8QFjNeCQYq +ACwiXXJlWOPg8CSXw5HQHdTLJHDtUXQ6qGuJMJCB5VCDcnO4SRv93e7wxnqYqpM vQeKYt1gEx2SBn79jgkoZUCJ+GKqqdA2X0lWs+n/yl39OSyckWHgEvHv+MzLjx5T pAG7lMwClyA5Tg1xiuYhliensL03XmszIm9qLTRD7tQ05RwC+fzpmBa6sU4eyQUe ZnLupGijRq4IbhFWng18sDrS2dyVnib3tS3E8dnn9jTBDXxDnQrfgq1GNcK+W7R0 n4c3EfHXenwQ1mkxdp5gefawftI8pa7VU9oVPdNHG2DbGtNfyrdcvKBjNV8k5Eq7 f2ScfXVavYXbDN0kFohBQZJCQNMEdrJRq6G1OoBmCu1joXpo48LWj/Wf4EM339nm A0umfbUWwMMUHOtHDCdFwMUQ/pviN4J0u67f32f8WnK7FJGLqcKQSBmT710lp0wg B1A2gBGUp3/OtsLsc5RZMSUyXYuqZ+qXjKkhEj8ApsB4sO8mEkho0KJRDqW0uu5o yij7OfBY9kxe056y0xWee2Fw4O0SRscjAcuGkkiCZi8Beb9JriE5ddE9Hw9W5/Ai Xyxn3C7Mv4ozpFzvKgw/bukNYIKdDZ2nWeqpnRoSyAbuHJ0FFdayEvx/XSSPdq/t g3V1bNrMbZMYr/QJkQqCvncusXK5OpFeOF/2jj+EnJrbubrOmTR+GzKAN88Qq67n nMRrQVCOZ+3Wiq1ykBY7nrVLfHW/AF8BDW+xqr6uNIO5u084yZRpStkE611JMZVY MvTtm+Yb5trb/qUuzJbpgSRT40mlHynstp+vEEcM6ujVFSUEITFCQuaPKmZl/qHd M+AqbdMRu6MLGBR1TX5rTVd6kIj2qDTmPbnV/6PK59T8Nv6Aekokdc5CtYgc4oKh Gillmor, et al. Expires 27 January 2022 [Page 82] Internet-Draft Header Protection S/MIME July 2021 ftDRa60EjpLGiJgCQzT7khzTrHZMN9YxdtrTDBr4fHitqlr5RjU+Aymx+NL0CXmX V+LiVvvQxHGpGiZEaV7onQ== B.3.3. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_minimal (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7865 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4810 bytes ⇩ (unwraps to) └┬╴multipart/mixed 923 bytes ├─╴text/plain 51 bytes └─╴text/plain 370 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:10:02 -0500 MIIWrAYJKoZIhvcNAQcDoIIWnTCCFpkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAEa22w/F1c0bIG8WvzjmjX22NFNUPhwFe1V/ qCroT/wns59jF5f1JcoqaBlFwKcb681of5DTO8vnSkWPKWrnokNw+n7WDxPDCt97 mpdL2yESFnqJNtOPRi8A+wIqaWL3tbMTcVmkNv2Z+x2gkdjvtXpkv1uGrnVdJ3+I 6GqCibr/IXM0bqpOLOpDAu3oGz7E7phULsVNqf5pKBgFBO2rz5LoifSfzVXb6NzA 3G2W2+ohE5tR1tEWif7EAVI/szW1nIHh3bjwvMIcL+LPVR4ktMZQMI7108AUb+95 HJAZQcl6eiyePfhy+Sep7ADdPufBa1sZE28NA6LF8OCrkRx1xVswggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAcikf/KvXtwpXJ3UkcmT89anq Gwo/y0iMoldTtl2ZC1RIivydxs2bZY9f4+aGk8eHlvqo/WKedsln6X6h/VuysHg8 LysyubrBhH7iTE636Jh67I+juBDcX8B7H/qc/lYsBp1ryJ5UGSMp0lctF5OSQsy7 Gillmor, et al. Expires 27 January 2022 [Page 83] Internet-Draft Header Protection S/MIME July 2021 2MJZkYHuA5EbDAHsUVmbTfK5ms3rkomKkDPeg55OV+aYXZb5KROw/mNzeK2tgvYk ec5AGboecFaiedYYXootzo4XkbplhYLf0Pw2GnUhBvNLdzYEbKdB390EQjZI7liG 5sAbkYcjfQBfCwSrPHlGV+AwgldpHtIRrgYlxywI72HekKN/BIj/2AyxOcKmKTCC E34GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEB/2upKq23GgsDZUcUo9+5GAghNQ iuAya0TZqTCj2e/BIPKVzRT2h+7eY7OHIsBha+U8Xns2rMqCPtYEwYfyJAmX0nFK tkaXj5MDdhXtSBATyz+QMVzEC/m/0+D5U7ssdE9dK1ZfxwW8DpYlzQvNfujGPuXZ XP4m2Fwfy4If9itpq3cZubfD9n43HLDcIxiceNYf6Gp0ITvKGPW0z+AThblA0gdS aGlRpRokqqYhwNqPS17KqCzSuZz3DfdaOis5d4SDq5l/BC7vSNLb3k10ERgZ5+dJ +EaNyDlOuFqL+qm5xnkJzgw5iNJ7Gp9XwjTLbXNwmx7U/1n1X7PufBQPiKsVhTLa W98kvrWzckKeHOveCjvjIsHvgtoKBO5l/PL1WINKcDTDH9iFO52FiGLdLtVimTLl LqY7ysLEV1N7k7FpVR6RYYdKk6G9xEG3r9bIMlwGQAn4wLk70qFC2BmNGekpzG9/ muiOdB2XIaweUvNrYGB+jy4oqVYl7Re7+TY+De63ZCBx4odw8tDKgExKWoVHHYWP eBxk1vZd/EZjwAkbHI4NMPajKJ+rdT1axfyvRxVfzINsJixkvp1A314fBbNtkub8 k9kR+oq6R0SxlMOgp9PzKNqkWMkmJyvOORb70BcagZh/Vii+ySQEtRIdoNUZUT+2 d+TYlunEGiNp3Ny+JvL7n5nSHE0WskzzQrGWV0mZX1pi5lXeaZPXorBt0JPk6H8A bzm8480Ioo4QOAohfJsuztHmWlIcBX9KX/fBDzBYux0SGbbsTD3TWK/+ITUZASkG gxxt6XJ98uJ/Fji86TMkiE5EZpAcsFQucELhe/IrdTT2sOc3C61c5i7VsGkiCpRS URpHL0HcyOmvdLQIKPlpTxEku2W8mBoiRWXWs9tFOcmKatS97ZCj8SbHA8ptq1VL 0P5Wjuno8PghvVeAafPpq7CI06+EaWu0NETzfywAYhPIs6zfcnct8Zk7nVEHiDZX cEBrILiR3pZdigh48YySLofFjYpj1vqb8GuRsVTIhQeyP2K42y4kUHkD7Nteg1Wk FpA7Z3bSYwAJp/FGu8+Cc7ItaiMwNstOf+ajrbNkI2+tPJoVuXJmR5wLaXyMFC6F PjFkUsJKpB6ZcEFYkJ16WxWYtysYn2FIcQOJXLCQeAn7lPw+awous3Gmfo0wjGo3 lXjZFKJxTSKsEpMyFPfCHSv6BCwMDfg1/29IjzvhmhGAijs8RHHWm0YexfTf724I eBYvn0IpPxfpvlTf+/9gVU6Gp2hJ6u3zkbH/2d/30m2/F9DhDcT5IxIx/9B2r6o7 Qi0ln9Tx/vCawSIBYE07PCijretGbjthGQzOzXlEG24ARa35tCO4pgPfkD35VSd0 xHV2bewdZDFKTCpTatl0KhSgBwLeAixU7jBVrZR8VnJByjxWBgFLEDE8KzEddKn4 Nomaa1oifV+yVBwzzG2C1vZjH4O9paMGCfX3z8TWU90+tOhMmkpwyQriTLjKfIwN cIEl2yii4eqWWrrU6gg9POEP04OhmgCsEn48SPlMxnQ6n6g2r0V+wCcow2rPqvjC Jsz6VOnLZ1gloZwrJo3Vm9UBmNqiB/PHH/dDjTTRYf+FJFZ2A02Gdc57PQ6MWGYG plbzAKYunqcYkVe20/qEV7E6nDaWBK9CkeT1tDB4PVq7MdrzmpgV+Ww7BZ5GVvnH KTH+gxoGRd3osBXGiDXSJh1gLjCJeRKyK0L9h281No1WtoF0kEucHubBg8tei6BX P4gYgchmcZ/vE3K4adRSm2bnudFRE9jM5tU2ttwxmsp2t+trVIc16MTq193JHYZT SzIaxa7oshTxNVJamKzyeabTgeDnB0VQhPrFPxwCxssCs5NQpyWBP7ho+iaqMf58 tKgV2OegfK/6N33l45npAb2hmA9e4pGuPtbw41/Vvl9q5wdA5M1R2tdMN9PYHLZ9 HinWeDjg9ibHoQejI2Ji3pbtfqhhBVlVDLGOtJ+4Lc6PoFuZcrR2RWGQxtHOOSdb R7zenb+kXANT9Ax0IRPr7MlJAt8etw1yswd/YUws4ifmrfGZSOp+tm9inXWCLzR3 4bxdlmsUL3AKRqsWQd8xi463Ye69G0W7auEaCl/GR0RnOk5L/FcxcGXAyPdcvn3q +mYNGErvcyJIDHAiPbrTvLSrrO61Uy+qU5rv8r6D7JtxUubJujNrs29WmVN44hUL SNcf1d/nLuJH6xXFOK+JheMjbb1wQe8fGh79sLoSqp+HNlHnBH+AQ68o4YgomUzq 0bDNjU3aYg8hQZV2vwpM+hWAUPqU3NMJGpR3k+Nji32R+0RhvdLWeqN1kfnQoT1R 4aJub4sThKfLuYV44UGr5lbfaZHyNDgjjTCD80AM41L5m/EZSQs91fjzumpIYwBl QypmLkoUGiLOyBVP0wdpwmjA3IzbiWMbOmDKHXHsUyMCbxLGs0SYGS2rriwtcqCq 5sJJbn1l0PizytS8i/BrJII9Nsab1GtX2J35+njd32FsdtL53FN6cPIL0KcTjElG 4WOg//34Jl+MGbgVPjTurXXGOVZvsdZN4EHy+4rnfd4fMKRYT4HQ27gYMBXHIDHn rm8HIuDZ+jYC8AKin3dxJcJhHlitKYTgCeEbzy/svlbhkA96MQaBjiSpVYrELIQ7 a7hZ5ud9S2Av0hwgcOiMRonpYCGtCdkCCyHa704w5hVxZiHelf5jThQtfTK86oJf 3HiCAcd3iUpLlNtxBTZ6fbF1yTymjcjO1iGL1wJGFanWRg2ZV3AI5mY3hMq7AtxH Y/Bj90EF0sz1Gs4SSLlfYt9lblYjs7c7uSSv06GWIE9UbD8z7HW5FU5tK+HBjBdw Gillmor, et al. Expires 27 January 2022 [Page 84] Internet-Draft Header Protection S/MIME July 2021 LPM8brWaTrwL3XzRy/w9ZXdZEPh70HUIMeTC+Oi71hgemjjQYZUDhvXoYVwaIU3v CyZ5FajozqxAHng3E8i3dLOYjNygTlqQYsw9joGA1BA2EpQYgEUjSqhd47gXXtdo qHRVrHIl9Iz6LAzkdSZrMwb1IJ6kBCI+aP9p9zygcLC9qTWUI6bye0/ICzGIPOgP yQPZFiR0aOo6akIeDznSedHDhR0YN3RE/QMTVDk3v7vBtgyM/z9zDID7bScE/SJj KjV5V6BDgnnavicg9wsxeqV9V/3cql39JugZR/ABxhy3E1fqLIc/G1ZYruGH1Oej csJrtIOhX2Gq27Cq74oezEg5D6wEf4YNs/GNwBPo8ptu/hOIHEHwyKzX1GAQWgnm Ip1+AtGXuZlOsWo+ZsrYjfgoL3ziKIszdBpUJTcH51Qlj7GoSjzyppyIRZZxqXBt dl0cVI56eZD+nJuT2oFJN3Rgdv7VHOAOtG8kl5iwwsvT4uO7hA2pcAAV55OutMPm vf78urtFFzenepJ2dgShgZB8K+FkWDNJ4dyYpajAhnnqkgvZbzDVd+Jc36UtZhnW k90OpLrjc9nFTQkyr0ygZPnas8aKs53lM2TSQnRMHBkvoyswglOyBP0eJpptBiqa mJDH5qK2ivjt+J77g+QkzolY0K6MwSELc0QwSGiK8z6XEktHYxd+O2Xda5j+mvAc Rlcmgsk6HD56X2Ev5m39bMmAzCwXxH58xa4pB+0SAPf2IMD4iyXkOH9TMwA/yu0X 8usDaDjHPW0S7mjrrA5hvv/NPJHTmahlOPG9ddaEAXqr3JSCyr4/BfdLX1dDq0U+ m+unOyia9PPOSk+jNGUgp6Z4kT0cdh0d/Z4PiQmPiH9U9H2UTALqBw4NhZfCKlgo 2UMAhxv1bB/2ovqz1cczDOgCiNO3i49J7y3kTl7b6igRJo+/J6jJPPQXYs/K2h1x MZamB266yvpzEQ5XmQVZ/WD0e8UP8PyWmALyhGObnucvDMBH76ENnpoiKG32qdGy aiFbGDagENFNLURcZvcT/ov712ubwbfNK1U346ly4npNqJSCAWiw7X9wFJjnL175 aN0xf6Lif+eYOY+3v/p+TKT7X4dWLqrT0+G8uS8CWg9m5PRHCh6AWH6Rko6cJcpj 0Fiv9sxu+FSXCa+4N1p8MGEzy368JojdVB5RSE6+i4DFy9juKnH8xlTaJKTw6JDj wi54YOxYpqJT4KLYy6ubzr0ka7TPU1LNdyvxoSDKGS549d56E/jP9jBNBKB5MMLI nE57fAvuIoEZsSy/ndjmyC/BWfDDMXFZ0Y/w1n8OSph5sudLk4RCCsq+PeFMis7P jZwliinGCoE67migyD2BygrIrj4p1GCfROgcgxqez5IXlxvl5xQtlQ/Cohq/HrZW bg/HoXzJbbiZfy0dxv9rg/5t5WrzCtIq7TEvgyk9jPUd48vPBU38YXBPF0jxIAxd WUlNZMELTHqGyrvaZFSRnh9Z9bCw6V3i2kRkSEfICZPygt+6ocmIDXmA0uv22I3I uZJc7ykY7HlgfzrvgENSKN3bdLKfLH740tiBGfvxD/jyk0iBtY2j4lLmnaKeyZwP CcZPmoh6iKc8zruDs7LA7v/zOuzD8Y3snjkmuh+kLGtdpP09IkYYdmdoYpPVkcb3 4Ndz5BjJ5FpRuRe69hBlZV73KZGaR6cHOPzfoKfHJo7dF8QNoK/RSP+DWaAV9bLu 6ZRKzgVVAR2QMD+3L3zOa1o8SIiSFKlUwR9B0oILEj5ue5bUes9zgIRmPn3ORBt5 SxegQO9L65uvcg6vnInvUe7BxIBqqxSZFyjCHFgU8qOrVB8+wB9thdTNXSfh9Qak ZVtF3Aw14GdvQJaVCNu7jSDuUP6FykZjqLPSYQQqGJcBzAvaZOp6k5Evjnf/Mnk/ gPwfCeJdAXyJcxSbFYelbx7V7Xk/09OkHWN+L5pqCQ9BAMk3FXWiv0K7wme0iYS3 krs55liUz2ZSTlWVDdVxukBGoImY8A5i4+8SaOvVuITfvYhThfYS8ZiIKqgySeKe VHQl9cfF5gzko8GFJPJB5zVwX1uUnjGerB8Y93OAaWE9/UE43C8QG5kSb7mLSWwT OP0/NbLQWwax7L8jPzn4480ntX4AeOK834Dfx4a7blA9/fKtighNZQlAZ3ec0RpP i0MiwFsZfqCYjDGHYhXGot9Ak2BwiN7Qpk4VHhICtr1nH6kJOhUbJaFSTHdRW29t 10E87vda3aDYjtl2Jabl8HqQSZCsJGUskc+4mVq42BQGzuFHxMiHI4DLvFyMpXnx l48QAUnwDW5jtQblPSA8uBG+uKTIHOK/JKmHtPGIFeGMi1h8kEIbGEkfE/Pose2v u31RQmBs4BspSiMROnGMiLH/aDWgSsBgT+dvsWrtXaVHISgMVERqfYgy4WmyIJyV UQ04MxOoGjVr5cO8JH6IdT0TvHpagP/lVlb6Acc9BXSHa2eLAL/VEtm74A2tt8Aq AYZ2jHlTtREgeU2PLfffLAZk6PDZwkNi6ltHb7XQNBnyupbfLiWpMFZCemVd0SG9 MxP6COt4ZQ4d/Khd3ZlVpDClsHX5oLy438m/4pjHEEVUrq8IwR2iE2N4oVqP8BuB yj6jswjjEu1uxahEYUqagASBAZU/uoue4B/hPrMgx3vVLs18UYPSIvJ2cawRFtEo PgFoTvS5uMDlOTcCvcW6pRksNQbOvkwgFa2DnpxAOKWY4o+6zhWcAzzE4o58m+hm 54sURdkwq9hoDKwv61Yw/OlI1DMSfoZyccoQ1r54PE0+rDcru4IPrPVsK65TMBHM utS8DatppiLRuuryLd6YtRNihlELM6V64vPlbZi/i7allO04RQvHjy/vgZTHrCKF lHZLaOAmoyGTPVAugiOVsLGc6SE/7P71Qxfmfw4nEAEkD5bDTLNXKrgSXN+26An9 pjAg/Kv7VzqkNvPeu41Y8dLEOA4LzUx00W4TtoJaGyOFY9jrOISPkYi7v9c7Onih Qay38UcMyaHNrJ3ln45GrH4d6SyY3MFF9pCzYzhrYgMrrJoF12VGRL0CVfWEL7Co Gillmor, et al. Expires 27 January 2022 [Page 85] Internet-Draft Header Protection S/MIME July 2021 lWmMQ5sg5vYAVEZmdZA/BjApb5/yByVwYdVEcO4YlyZ4IKXutyPDsOtHn2f1YM6M eC0mZq3Wlwac4h8oGh+bb5uyDtRxux20x/mFBO3clrt2Xlxg3Kz+30dz0rwBcJNg gb0McWbNuvqkrqbtcjrSsgiYSyc3+8jXBZTF+Gzb0lcQocDCH6c5EVhgkvJ0ZK1q xotnpJ5KkmutQcEaxWyzl5CZZJvUatasOH+Hq4742stnIjtgec5S7Zz6YyzWL/uA PbskoDQW1FBEgzMBwREQ4M+UjPKSsO8CAIVSreGTeSYYS9JAmfe5iGSTx7HkFRft cP5KgEr1sm47epBnV7C9qAf6XVUWPpQMR0mbkn+1b+BYNE84NG3CCEDRl3JTs5fA 7yLCnNJ13+jmqjtyCtcbYfGVFiZ3xnPMTB2fbO16oTShsTx6jDr7bC+a959XBxWn WSwc47R27JurX3+t7BkP0IYiED6yydVbQ0Q41E0p3o2Kec9VXh0fjIEuC6Ttctgk JyAEwUylj/APoa//GN4qqHQFXIMALaxfwj/1IvyqXWEE5E6WCIhUdV3GFkMhztul d/X6IOqUgQyas/1WakdhSpRiHZC6MXI5WUA1Fj7DqwlckxWDar3Poy9VsvtmP47w zh5cgHDbi1Kz65mGK0AjVH1D9UYbOgkW6nAU8yO5Bm0AhS8bDceC6GaQzhhS6a5m B.3.4. S/MIME encrypted and signed over a simple message, Wrapped Message with hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7345 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4432 bytes ⇩ (unwraps to) └┬╴message/rfc822 675 bytes └─╴text/plain 319 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <73a42f8e-8f5a-5c62-b982-82ace766fd32@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 10:11:02 -0500 MIIVLAYJKoZIhvcNAQcDoIIVHTCCFRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAHMG7sjRDCJDMqgvQrFh4sk9MkaJJY7q6B3r hY87n3jM6UYk/ZaBi9uzcB1pDAF0hJkFLmo+PRUbFLUrmeYfQI6OuvVElpwIDWMp cMtfzlXgKAO6fh/On6aoVhpfv9EmaG1rCU5ezDPPbaXW8caNi2/yvL0ustpqKOTj cOLgMK45tPcHeIaSD+8A4P0uf/GLzEFhDPdJrt3mVq76UbAoIGasA/sDhhg0xygq ZH3IPQoYShFEUmsK+RC9Sc9dmXtVYPByCEsPdhTieJyjW695dde8xl7ZeWS+JZai Gillmor, et al. Expires 27 January 2022 [Page 86] Internet-Draft Header Protection S/MIME July 2021 QK8pXZUdRL8El82+001HTXZYybfF05sFmJHQZ3LlftF2Dqs800cwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEALvjSc3y8/+aA+Mk2+8tupO51 fsr8cR8BV0+aR/CYDXaeAFg6CPk12PnLcpFRZDdqitxfe7SpMgk0oT3IsBxvuOsr 0QckRlRLOwlv43Y9jJFMc7VInrB7bJ/cPHHgB07tPtB69/Qf252gsUs3UbWko8JU JXBkymfUAe5+x8/gGQYNJdvNC+v9cmnwTORFF/IJ/WcGsyHPhxguR+JZqIJkSI8T xjawV40qcahz5G/O3vLI8kxW96lSSmVE9WIuPafsMbP1KZN/6i1gaUOPFcsH1jln fdnk3fToayCGwOAQvh/UYvlGTA06Rtnmz44YLZiGbVLFLGlvcXFfwL1JLdl25DCC Ef4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJo6kOdMHnCo9aCxhG8k8qSAghHQ oifxeGRuuDaxdcCkEyNhsAq0P92jEteuI38u48FqaDfBniUs9wmW/EiEaTmXWvdB f7df3XeOK8yGqyR4pcXSYSK8iGfLezceiIwABbXRS8eLcNT9NPc5MPopD/h4q1Vq +L1iuvm8P0OIh561cmKglrAmTebH1bnyjYLw6GH82/dscgRu4mihqvJTYQC3uaLY H0dJnqyYV124/K0QyAPKCm3gR9gniHVlejlQKIVwOT649mTdZ6FVeMk9eaLQtKf3 mkx0trUzXduJnBj4cASKSovC8yySEuGwWu4kROF1g650ledfeU4SC9lwPwzvHPD/ lk4R/gUA0UAolIj7GaNDZ4CqpZqDYOG2wJvCQjfK7MU9TgoPsSRXhlmZPCam4ecK gdybUd0A4UTQ9OlZiCrS0pDyKQyatn0u04SfKU/b97P9VwNageENErZTERoUx1T8 Vq9yBTKZIWoQe/2wsVvVJaR2+SXunrla9HDwpHqDtZHhR6i9TtnpO8KMOCWLZbb+ lVrxswrexUtGPCJRl62TBchhyO1dIyz8eWMiUvHhLUkFnSUGh81MdQKItc0qJ9g3 iu3tSd05AEHxNf+2hKrrTZzWCClatSvyfRbW6/OmlIzh9+JUyJLcCywJbxQUuWRA 5pc3bHrd6/Ff1dqgw1dbH9x0Q/r0lbKrWK98B+7/KIAfvy/XTW3NAJNdlzpzyhl4 Ko4ujuBiRJz0xRKIPSMOH4w76YejowDi4O5Ea/F44hlTop5N/lYNVkPIVnGYrEHD 7s05/cjQTX+A98PpoFVKHxphV+jRiwDz7uUYlW6ClyrC7/H7VkzdtPk07EyY+zXs uThq5Js+uwgsbNqnA613vTEF0p8f8k5fLi+HSgL/TYz/UtW7JknTl6k7TvLXuQWT UWmrWrD/UKADkkehGkZHpMZe+RaImwRd/x10M9+ZBovlbflDigfhRVimwTppKE2k /S+GSXDs5r5ESN7OgIZv8swYTk6Nl8yoFijBD+wvWU4u6JNLl5RlJZZbki00Hhse 4Of2qogvmNfTpHbAU5DL4UWdehoK1fmPu4KaSpL2sRnTpqzyZEdAwG1JIOB0YAqE ztszmcxi1s9KWQ/XdNJBG2QHvSMf4QTCuY2e+335Y9/ZC5WBphpAazRp9xfXc3de Pl93N6ydfn09wT5k7TMeLOJrqPa84H06oRAyXqFYwiOVWRvyfrsInUv6AJfhRJBN dA3ebIVCwrfG1w8OHerzDBo5yPc1ASLrmuPjaQ42CDrHqzfnMw9tHq5ZajoCGF60 4mzqu9/99upVaaToFRsA40lUpRN2QoOYUBOl3Ck34mWGWg8vf6akYADylm0SrpRO yM+/8WeERonQcc3YqrmVjzM/yh4RLpl89oWWhHIHAAp1YyuwCj+kjiOq2HNhvyuq 9acwfjQ7mKBfK1i7PAydvWb9dt95VnY5LF+MvevJOdf1lEt6rISePs+AhoQCA1u1 B92MpDynfPUFoeRMx3do/zhVmY64qN7rlV0XxuuZXUW3WoopjdUzTmHycYBn7sM4 3U0d02yJgy+IqiTOusRaQGC3/IJiZmXoTL94wBsOB1++cP59GPyvm6qgM7iO9fUW VO4ik8lTEs1WegTez1Lr96dwkPv6mfFJQIDlxVoZ4LVRf3FbQa9cZS7wxSe6hgpI 0Y6YB/s21v13GpCX8RtHEkEkW4Zc/9CrpUv+1/R3QXRvYOnQaWXc96w0/lVkoxCd SRrlglhl6yY0QYvOmTbusUdC0QtrcQBRVcVeqqbfLhip9Nxe8vabPkoGQro+l5sO xkO8YwlPt6oa0hh5NjqZaBpMhD0xAqHT0826xj7R5wp49KKtR90K4wuUy0OAWpFY NdihvipP1jGuCio13PPc+Vah0+ACMMDvEWjYk2qEy2TRbWooNB9szzUoQ7P0kKJx LfMSO7ecJ6sSsjcprsKzgOsjQXtIcAgRMnxFFaCfeg2zjW1I5HC+jbiNtqda0aQQ L0RZ1a3KWIIPNBq18u+cXXjfaBy4HQhlXmQEnStkLrx1JuAI1wxhXWYdsrjJ2xEW hQBjBwcnTAc5i/vU8H+oI1Pnc32DF8qfa51w1uLdoYl37PUMlerpXq+mPvL9cX/l w2zd7Nc+UUezqOYPrBbwnrWOvG1msrjBPqKnJGHZJhlZOfLdmLa6inlsQBpX6kXb K+8mpshqf472HOfje8/hrdLnOe9Qxdf8eNyi0DHs2MzxkYRktNJFIEK6JHo62NSG /aM1VJbKudK1V7FFd/hrOAVg+uLbrsaFBdI6EE868qQpDThpd3WnyX8HztTkm7Up zpPujeRarCgEk4RPLl3erYa7d+8lpD0hzZOlQkEALbSlCV0uTW3RSd60fNp4gvXu GCzrJ/gsevjRJNggz3QojIXW9RFaU1Wwy80yIWdTguCswGBjMdUBRghKQlM6LlHU Gillmor, et al. Expires 27 January 2022 [Page 87] Internet-Draft Header Protection S/MIME July 2021 qqXGdRL742XbYU76RVNlTnjUvAFvumey5cylAck7Lm68hV8rhTBsWMAJCP6VYhY9 i2AiW440gsNOWu/uCLBNpxPlfA5UFYNx3fo5XriyTPumhhkwsaF1N/jnWeXm8eUz /ylnM5K6sD0gOX0ThLWVg90IC+qbMPNu5dOpCznI9DIup6dIhx8L2j+JoeqdsCBY 6Xt6KE8silLZAkYFFe5A57qlTq/z1s/p/6TlhmRP/2IC+2sSX9EBqXGDD98gy66h rBapI4n5N6RNt1N5fnWJPVSnvFYIDQ145EmqPd/gUmMBF/AalgyLEdxc3xKOT+Gd G0BcwQJdvmUp8rPGWgP5oy/qNIAdB3dnlfAdeOeeeiiGhaSpcwVhEaWOfYS+IXUM kGWNDccjDIZHvGyLNYSihyAP6vOxZWzj2EWWUEAhtGodCQ74qm6JxRMGyVuBvyFD MtZxMQE/AU/bPQmNBNCkN69NXyYW9Uk7p//Ef0EvZG4WYgQvaZ1u4E/P8xOL6au0 pDcB5UWRoqkyU7jguMb7f167iCgkRTTFSLULD+ljv/4zflFv4F6cQhv+NaEAF48l fCUFjEMtGLCp99xxnu3M6CdiabZNCyuGEVkhzL/fq1JpVlgKRFeDFU/wfTe8D4QT 9tranwYyAVj3gd2f0ijrlQ5/9Ch0s83/X2CpSk8fHFOz3oBS7Gfyz45BugIhDqml NkX8J2vKlCBOx2Xo/3waf/Wf3ajOEFXKR9fC+TSO6DrSS6XGBSQXn95SsWrzuA9I RuemiW8+wYbygIW4auucs+V60BRwG0wxAzn+0lX7zac+WHjerZui+E/7ehmFc8NP ZW/FVFtCYi6oc26dysKTzhpOUmh0WX4TvFHEx4KCL9QXTC/Ya1jrZTBFF+OtsJOi oRDK2/yjrGU67Q1zK5escKJg0YdorZjMkfb0nNdjNOeJ1fLNL5eB8em/LEpaF+vK aCWLa8tVvuq8ggUZ6PHQNkqeIssJoSXrmCfSP0DEtjk2ZDGsHaHOJ8KUBLR+wiSs g+NRIG3Uvch6kARJqN3AgW1BySV42A+C6x+BPUEbcwDv3qz0DLmfNob4WArd+jyk 42Gnk9VL/bbddnhCyzYyHCr1D0XMIzewqzfR9ppDbgCLMxb7Q7a+8Umlkddd/aC5 wFUAVB88JT1gj+NqxHZs4BIStd91ElFslmx9yXD/dEUPGfqyl5tbTrbGQpfv393U Q6L6cwZS11Rg+b7E777ZSuOWxJL92ATouJmzCYLjafI0jBN9BpGIymvi2QvUYgB9 9Bia2X/SRc1fc00VRK77c1GtW6Nj9L37eiXMKseQEWY3i94vY2Z61ytosB2BCcSO R0QRJSWzXCXTJ6btCnFhZUuGhrnG6ibGKYmrTJTzNcrN4yJ/eByDqOc0YBUR10S2 uGMqxwB0adJ9ci+r76ZLzdo7OvTIb+WGbOP3IIYeSjIsymkc+ShbO4mAEcodrYX0 n3wYsjrhRYf4WIDxQhWJRUdBpty2LGl4OGUOTPOQPDaKwnGIiBUiT554NJMvv6WW KLEBxtJlJQ8LhN/jo9ZwxwI/FZ68pd0h4r5Mh1atVxJHbLmnWmdd0L2b8w9UyBwM ts/zY9bdjfndBgU3zmDsjkZgZdgGtzL9KbUwHDInvCKtODM+X7QQKHu482dRb/vo uIkQDy6meuxdj8e/xzdSua2aSQhYaRXuZlE7uq4EyN3OcJB/rE3OR1sgKh5k+7hm kSibtsFYYMWvBzh/Mata98kYHs6Bf+Rgx/FdA8989koFmkAb/B41NFKuTuS0DmK1 2SDKgHb6rmn+cftv1MOzfgJdnGObqa3NCEYnICWitPw6NAbqllvRWdKj2A91oMO9 YU1P/ZNox2vKWdH6rkpGfKJYVwdtVEwu1Nhaobu6p2c71RyCzJSYuAMshOyLXxgE 1mCup6EU6+IqLryA4WkD2IdpYbVP/tOdFLKY1fBcGJtSVdgJCXiC/krDLDKhrEkm RCiIcf6ghGlEn0Jpk0xU3OWMh+kD01MO2IJuwk4TlT0kBRqZAtYWQQYQv0xecZ/K DvOXZNUQQSzXFSpnGo7wOLoUh9gB5GOIbDqtAShYsCXbU3fuXl8/6Lojv+f0YBBN capJh5oWBmJAmowJU3pL1JyABd5+R//cj1hQFApBKrs+cbP6ZO2cDabDWavBPPQ/ QQCPjbMENRsGrU5bdWRoG13qP8+FVk+aNHF0xtn+mc18scGhwfem6/hFgKyBCAZh H7RmYuWoRZP73XPLYAM3sfwb1hLZSFNhbKHs0O/Fg2b5MkFy3DwttMbqH+2vDLBv 6CJ8s0VTULjSk9b+ddvk6rgUy+Nce4l3s8Gq1ZfUUdV/AfYeovwoUhCIkKYj2DFS jBB6Zvoo8Z7zQpqNOHIiz+02zoYKtLconQWBGhVhn/A5ytYh05JZ72725AjitaE/ 9iRvigf0u4hQrowNuR+5t6bjA+5nfpKimd/3G6JdvY+QcN3BizQ39ZyUrUr3pmY5 KkyHTZolsazk9ZKQY8LU1/nM2IraTuFzLhP6Mttj8DR+zXDjoPX5xxsr9VVWlcTG Y1NPHo1SYvqScQ7K3LVVsiqAzbr7SHOABDF8ZtfwVqIDDmk7cubaTlUEdGA/tXTu iQMYNv8iJ4MmE0tte0sRrPKKbnEPlf+UiSI2LDEYPuvXooGoroNFHzqPUX+6BswB 8GSEpsQDPzSJlYTugYrX+2PlM75c89dhfuidAHdubHMqurOUaWtTKTl57rd9en4e HF0ZHQpXBgGQyQ7fT51WsXBZjxhWjHM4uDmc3WiST9DQX+blihwoOGx3moRbbAR4 UsUJ8lopNmbY+Pf5XGvp92PtxzIBJyJ1Wfp0nCX3g4LhuwHpi5JOGu2nfKD2LZR9 l9OehrIncV0oF5rcJWwKnRZbTBJgozaxKwkUUfp/qEAteGYxEeAJC0wy4ZD3N2cS r3I2871gQAni/LsF8CEAPaXE6swdSsfc0GWTi5W+jnDh2oeAWeUOqb10+vwLikC+ Xm4VabpnHPZPiozLRL6TaVEqvmBpvUXgZffUIXpXHsWbVpJuPsIzMlmgeKEdwUvD Gillmor, et al. Expires 27 January 2022 [Page 88] Internet-Draft Header Protection S/MIME July 2021 Efcmnds0p3V5B4ZaXLfR6aHdtrDT+B8eNb1bB2wOP/IA7Up4NzVf9BtEzq2JKj18 mtSbNmSuhSGqYP3fKWV4inAgRQiDDw3bnazMh/mI17qMLa25lzP9IJ5RNDRRWCjf +mljnLpyYHb5RyZ4nqD4+w59YM9Q/v72C2cyL6WygYE4JVXIWdnrHPSTkjBBjoxD P1WbthMP6DJcM5v9t8Rv8Mc8bPiUrKzMDCbXNcPJm1HDCnYrWXFYqOvUpKvWn6zt Q39rPppCdrHkNzFS20MsvWiw9KsWg2rb/ph+qh418ac8VdyXNcETVgkLeYHnue61 Rbb04HvCvu3bBNjy8D6yRlFVIVxH3Zy7+iz3fJ70VwlqqpmlnMsidx3v1ykAeK1t uo42n/3t82Dx/5s3p9rZnhWXUdO0etjL88GpyzvdwtkYy3Nj/8afvB62iUwZ1fR5 rcnklWkphSq9HL6brXQsS3lODDHsy8xIJlu5RrGD2MOIOy/rbMxNT5WnGoZ6j/RJ Spn1f944h2LkyVFFNgIlq1W6MLfTNBrZZ6kMpJ8X39iL5KmkrQ1me1rgJTtM4heK B.3.5. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7305 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4402 bytes ⇩ (unwraps to) └─╴text/plain 331 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <27139e00-e05f-581d-a339-d2bd43bd0f42@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 10:12:02 -0500 MIIVDAYJKoZIhvcNAQcDoIIU/TCCFPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAFeMxt6IIoOR5Kq2Jiucu85qezrNEQcYm6sV Cuo2f+/3QCmr85ho7PNGXSmj0LkmkvIAh4RYf2fH6jqYSYgsxQjT3jOcx70hhTms zQV8e/UJvWRvxQHhPbtnDFketPi2CA++Y8zqvbl3L/dBeL+ltiQqcQprqy9RY5pH FibcQ5OkxPIzBZQUL5NrjwRf16gujq+nGVrhphjwjWsCX+ypt6ZrrBPtje3Iudw6 /0MkMj2lJPEkgWvFEFNL/FkcNRzHlH3dQxqjaf28Jp7eY/3tF4NVHcirE9DSc6hV 7v5zVlVEtthdFE9shnbPxf+Sbww+M3ZTVOxJwGNwPwhM7ehf8wMwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 Gillmor, et al. Expires 27 January 2022 [Page 89] Internet-Draft Header Protection S/MIME July 2021 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAZ8MBsyH2Tp59sokhPP1DnTLh iblpxffhKGR1N86t0QjQcmsND8MhB4aM7BtgsymR3IcdKrchClmkt6ATp9anhFwz 7U93WrdRIUcSqLnwoCU5P6lGpM+w6XYJqWjpU2Yd76iYLPOYBeAFtMbxdrOEwSCh KZH2jyGohfZXtA8jwGbf3rV4sQ4EyZum5yfm0i8cOK7FPSPK/7pqtP797I9IBT0L YdssDTrrNMDRBKZ8AXRO/UZFGyWAcX1SGSlwAQ4Ilg87lgUblYdKihC4VhH2Qn0m YZG37Til6fmiZqAUFyJZp5nuJW8sUMzgrjzv8vuO5u66W7LoEhCQQYTRSrxFYTCC Ed4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEAfIC8XIvnLoAcDMT8ITOq+AghGw lTqzvMWiOchU/VM97L/Ya1UcMR5Gp9ca4N2T5OXhTDXkanfsUHQtiKBHI9XXBP1h Modt75Gunm5g+Jaj5K6hI2OtXZHGJFrH7MkZ6ttTNUeIHqtjacCA8j6Bunoa2qmT MCCdHnTipVzH8tFx8d5xcNETtOvuUjXwIpBMsehYbKBqpEG3qcS/Ke9chuwIEbwJ vDwkagqw97Cyn+b+EWAj2hEKUGnS/YtzsrhPwkhox3M+MG7eCJ577KUmIvrJcOZw d7vku5E0Z075QiAfw40KaHVkqHsEEuAJ6FtQAOpwuHrTTZkMkTiZpETf40N4SPWu uk0JIZpJvbxnZvktxbCDZV9FrGV/6TCpFgo0iAh28LWcjVkiFTS1kOtKqMFQxAu7 78W/dA6JSkli8OYPhevcdyP8Ffyh+S1j+7cFirJPyKi/WS5oJn5vIZqzkJelySyf vzGAiy84zd7AFevlZyHSJhYhvkpRa3Q9puIgF2DveqUvoFWuhhkg9SJ3QMGqVC6v z8bPYqk+vG2btGT6FjlzZk/J0et2jpe+luFQ6qqVxQZQReUXaY3KZk3jSyub5M8U RmIBw+lOeE7HXor+L/IMW2AV4TC45Crl61YlbOadPDyClJtsleWj7nlRkfRZTmAv fgecHCgqAFIin76vB0uB7BcWXEJ1je8QBP9RHSadMFsxtO7QMwVXqMXLil4xaNPP hUV3Z+YquW+rpMbb3WpFO1AzYtwUbagK08eIzQmEa3nrpiX0so42imrrde3VgWiN l/ZRyo9cPuCmmsdsJkxGfa2pdTecK52lE3Add8BI4qjF+W6ZhZnEmzkMiDuHGmoD OOWvV+yV5S40HBhvGFlbBQR9xjKp2k5oIWLiSSbeUxpTw96sQ8Viu+MLgjubTjrL bvWPHJzykokgM0VgZs0MwDQ6TNw3sSeI4wB/5btssUmjTwOinqjHbVjyityjM4WZ 5u7z29MaUNUY3I/rTBvN/RllEh/dBBBh1hCjbywizIQtOv146GRwPUGZeWymkNkt xRqRxU+ecdzT3FZIDMjcK4F1PqY0ylK06yevfI8mioUFU3HwNBpmkhfwgKx+K+WY zoLatFBnvon9gemuVKvI/HblzOSqMXG30TQVzifza9Zhfeh9Hwz0cnknLCKYVyYq NcQoTI6PyBZ44Rc5UmMr5o33OI0pffYHq0+QueAb15SskBOnCi6ELWBi6n38fVEB Nh/7kpFO19JqXnUwrsl7jRMGp0gsM+sW9xaxbCkb8d6VOVS78gewysolaGe0AerO qMQnNbfzbNH3IqxHGote/Y0husOkU5Kyglq6k3Aq7KCLtIlVLnyT+7rPmpf8jbrC TlZmT3IaunHh3qS/c7xo0ybB1sFJzHdlrgwZ/FqMFGI65pynQ5zVGH37MspWs3L+ ZJ0w1nvA8W1e9cYGh41g/Ipz8Tl8hn4hhxP3XbQrPczDQ6i0cZn3Il84Iy0EyW/h u0lLnQtzN9aes0ihuE8uL5H5DKFlG0L3zwE9eayxb9DXk+1wVLnCfO6fGHgJFNt4 tbFIDW6y1ZLvsNT6FZwJUiLD5i21UIaMUDossMBzruTMGp8sTPqadxEtQRO8u/mU ezKAKFr0DP86svFjFtMUK8mp9trqWpg5c6ftgN/7uG4fzq5DKAcPFbUspLH9J+Mw WcbS3bojohXXNtpV4VgYbdjOqNFw5P2tKHRHSYFyHmu7eznQCrgklNNONJFQA9dr 3wHvLNshSt8ECsLarvnHUxyLCqn/i5Hy3Elzalma1iL7wYp3/7i+rl+qx39U6RCO 1uHAZHWw2/IU5JkDkxjqRDOlkHgcfmwGdIBoKuHbcPxohwAlR7fD6ez0pnjW8RBo AiDbgUB1rWOOrLKFQMIabr7QDFrnmjLRQ6f19MJUtdsktb5E+r5odPTE/87yPS6w wZxtM3xoFbIkmjzAjc3URxJRtDNVeeyKOCvnyxXO/QSS62Rs10/gOGmrpdiAA0yO F3+n0jCBMkhtMmP7J2DiCDCwTCuuFglWJwxfE+TzeOzEOiiH5Pjce9PBTRgHJfnS 7apBM8IT+HatvHMcC848/mtO7Sg1ZpYQo+xBRjM4viMwSfYX+HeuiTQ4X/AxjGeT sSOsOmozJwJiRkzwB95wY5yaTuSBLZgk1w0cakzfk6elcxVYiN7PUc1/GOR43sp3 soZF7Q+vI6pIbDzOXGH5gE8yrutkDhHs6pnQJ5hVWi4KBo1R5dFNhYv2FsQHpVKC ocw/Ng+jARRSHTEvRyvZTTe61evbTjG0ocCYx7j2rNsyov8MX4b1XpECBOdpOAUE IcfQUUqYtgfs+m4h3QGlch38u4UVUPAbhqCy14HHSsmA2y097eej/A1IKx1Q7AAh oyjCVIIrKtZClfkfu6gPq9ft3L0aYqwQY4Ns9Br90qNyC57zvklvZDziNDy+/5NK 9raZxhPSJzek09erc68W5mR1d/M3+hnHUJJtldIfd1Ud5LdJSnqUd/7f98xxFrSR zxyxdyPyCnRix1+mcCRoYsFwkYtnocmBcuKgoNtiGpmx9KZfbEk85xHW4OOBZPus BQReMzmCHYMPWTsh4RrP0BjLkdjMrlmwZ+P3fr1PE5CCTwie9z9hO5gXnrc2isRF Gillmor, et al. Expires 27 January 2022 [Page 90] Internet-Draft Header Protection S/MIME July 2021 PMhm28AVdi7HHNHW0eCBRluz/TtgwZKK/ZsDJ9kx0NXCoWgvyLC2QhU9NT3q5jYr LzSdyoaTypOzoYQT7rIgaQ6nyuo2gJ1rtkKYGAAWKp3Z8QIWz1VFV7XDXekKnPK0 i2O63tw/PtB/PMRXMqRvO4lBP+M3GY67yROQ75RWfvaAmQhyYfA9p+1FkLnaXlql 8sh6D/BSRAr0aaGBPdxY+M/WBNnIAr0e1VfcwUIav+x8j4/YJDGi7Rb8IJj3C7+P 9ev9NDQU3NICaUVlYOXo+PCa+WMVG6cHkk2u4GvYu2r5/v57RScgzDYpfOJwadAx EINItmSH827SL6mLKPLPr6nvGhMZSONUSVk9M0XqgGWUVlFPh/Vc7PV4qpi8F36Z i898n6XP7u1L7TFUvWYHEbsK5x71uURECMlkCr+tueRKzfEfRtfnpP12Y6mVt9JZ fBkOGR8I1ZAoghQ0IsC0JP3c1f4z6msuZwleDm2C98WpohbHX3D1AnCFSPzl5RHS /abEFkAJ2hfuaSQNc/nw9BWcceX1WNXxC1bA8GsXRguODW/BgfJ+lGsptFZORZqJ u+XIpl7NaHPrQl8pnF+pRN5Zqzn+nDO3H0Uu5tdKKpk0spelQenzG4bDzy0UBJel l9cTFLJwz0sUXZStIGz5KhwMiIW9O9evFGE6q8lm4LxUcG5OaSgUNmZWmJ2dGWGN 72Q7Qyg3FSZRBbFDkkBYAWUFrnjrHEAQSFsD9NVjrCAVEXEHfwnGncn2Ysh+gm8U Poj0VWH6R1BIAgDQbITeskfo32dyIn9RHWPqwF16914VXndx/5XO/bORTCqQSpFc vaTwSt0NVkFVRvCsGG74SCEznwBulWd6ijslVKnOrZqlMXfzPiNUSTk3DEdwatsL 12yNVNiKoAdKK9oxbIyMHYHJXJWVluhwPy4gS43ND2PllePBWC6DgnFQyIS2uPmD sJ8V4fz6MYcLZQyfI0nOVwyRUE80vTKAczJ4u5hJ0HhhIXSoEqBJONSO9X1Ta7MW uKmqm8O3X7JHEZcCa1kb1SO1KeFXtVXRudVLhPP5Lc+o+DaxfvtOEpxjD3wjB2O8 Z3fYwkH0aW3sDo2aWSTuYC98UJ0/imqlxG8+4FrkwRkaoGetwt6oXaDY1RXE8GDy FOBIxBrxAncl1gv5dBxsjOmzQmNYCHtMG3T+AfDKmzsSRyPNWhi8NeEK9G0PThu1 LYezQjfKTm6zhq3Jlm6Fn9DZ3CxXU7MZRqrVW0yXgsjlC0Mfb2WKiXZB7PZ2lQKy qi0hZoVubPHAoAK6rezhq0Amd0lf3K/L6qVeilFMD7ilcP7r7dW/6hm2ZV4WS7Ck W3R1ERI/HDgJ15NnWyyaXqcbwaRhpJma70FWE6c3lm5s1mcu64txxJDJSB4E4aI8 HVkz51slcwbuE/YzdNUbNrr98iuAlh+3iJOZ1jKK3bHfb8zBZL9IDYFv+Hsb/fdb tkTASb1fZUIp3u9OhvD91Vqb3IYriQiX8RB6/6cmvk3L+lbDGNk8leupqSPrhIOt YvDSVbQSyE93KGdNbyUe1U/l3TervPeu2dOL1qkPFoEs+TXThUUxzjyCvp3kapmh MmbI3pVHqZKLfGym9BZcm80gOVMLsD/ICYwLfmMQbGXOVvQRBvn0rVLdbu3YKOll MZci10F9Usak+agLidFmLlCBWnLk3uBNsj1zX/KkSFMPp9RBCpVDdtY2f4Fm1SSN Mg+dmnVNqZHQuXA/Z2nuxwGKxrWF29crk8Nakha13U0X+qnBPUnRrs7X/IFhpsY5 OsGsD3US2ACHpojAENsGoCpwJ0ydsQJ1926iSbQpcyL1avqxouPA70KoNWL8Jn6F uuh/OM/NC2JhKNa3wbfMHg3btoAZiK1hhT8NKFbZ6P7QfDkrmP9j8kJK7nfWsiYp psAur9z0EW//oWWAWR/xZ0E5rG0QUVfjTTWEMVQOwf6Q6cjJ1EhxYrpIj0gA56li Cw+ZUqUAyl1FHFEvVTPAeJD2XyZW0jwxaL67DyyxeGBLJj5dzTBbBiZ06vkMk7b+ u5Z/iGaM1mgn3jS0y8a13WAn/y35u6HZzteP8A42ZL4+fBsFL6cmIrWDYsLYEmB6 0owZ5Iz6xmqLXbfwNkRZBDmixp2eeQPcMX8FnXK+6lZEl/AGlSlRSz5r8HoPOwI4 /3HE3uykVyRl3dWCnQG1A9V/2xw325/WgbvZ7z4gOxhwsYTNucIyCik3PR1j8OdD GfEICpkLRCA/28hWE663wV93bRwVMqJi1MSTfxprAW10ChqZqe91RM5ijXbisdoG yiwKF87xW5/lfEbBhVJAnXqjvjMtDZbkBEteBDMOJ4yR2lWOj8/F+96IPUulX6N7 6BGczTT+dFe22fgjFqjOllOaA5H9d0A2me1oaSpveDLWSd9k++tuhgbq5amEj0+V o8qcJ8YydforXi39Tugm1elPjlJFSfG7uH1LFNzBBKp+cfDWBtfNqnsFUkJoXT/d 21Xwl9DKzGIfzcjDyrXDQEdf9Lzvh6VJ3CWJ9FwpbIw0rzo49ULXkl40Uyy9nhA6 JJlX1sI4q6yWxUTSXQunbZH6LogTq9FshR5xAhkHmJhjAdDMkR/d3cBcDxKs0pdk 5PPw7R1w43Ledc+sV73bvEmD7r+mrQXfbYhvkP8nmLB8VkbPUqq2dqUwvnAq8WkZ ggzcOKk8vETew+4B+E1zC3wUzpL+B9O8qhIJu2XHQqkKJraDaB4k7/jTtlgVFjQN J3swWfsiDRKYUrPzZfac8+smCyy6FN1S37fGLOAIaDFcTiO1fZc1OhCXRHI3uRpl dNXwFG6OepZTs+r3yLEpqH82vnbak35zhJTZgWWlUutcLLYLuulaTv85TntCV5du tEPiR2f6oxgo+96zUxxpFAMU6+EZz01IeGYy61+NTJ0aAOhWvlmpff2uDBEJtdnu /i7WYT5qC6Pae0ZWIhseLGI1U/CUMfdY295pCfCQSTS8O16J93yHY5bWMwMyDw52 Vf584mGeE3a5/j9ju9qnjdl7Z5rjR7bc7oYKjCP+Pv+R3pOo7jhNhTKCbipvH2Ik Gillmor, et al. Expires 27 January 2022 [Page 91] Internet-Draft Header Protection S/MIME July 2021 xi+aa9nsTlYgNFMTmbFljhcsiTbPSOw6NpNfJmynWlduqM2Ra5ZSMOjdKtOEW5mL HKN7LhzMs5nWvxM2m6J26kzfbM3+d5W361BvgU6v9oCE8uSobGI/sSNP0kgGU9Cx A9kSrxMnhahtlC02aROS08PSeAcErUnyKJLOdrcACRM/T6iwROLI38Nn3E/PuqmF XDcN6aosfk5Gz0WhEuIe7o4bEDcHTKkeZ90/qNyJuCTwh99VUEeN9T6PovTSTYr2 xpl2Dca+KXzEcdmT6bL3eyrBAMRW8HyfYTxAJntty0pLOgszHc9Im6q5Y+HvKOU2 Jck3h1nygfBehDUwsLTWPg== B.3.6. S/MIME encrypted and signed over a simple message, Injected Headers with hcp_strong (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7845 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4802 bytes ⇩ (unwraps to) └┬╴multipart/mixed 918 bytes ├─╴text/plain 50 bytes └─╴text/plain 367 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:13:02 -0500 MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAFlb0uw75g4ZCsNeHmu6cGBIrI1m84iH5M8Y h6VbVpYvAPA/KiFDEtYIW4jVzcWrLuDPIwDsb5rhP3fqOJVBb+aPueeX+1O9+3kF 2cbvhTGXV4ypzmLnflRUDcvJc48uin2W9r5jwnz8Hcqzh/hpxkhyjQ+A43PrkNei xFk9DHl+TjlbDXIHDBpq4a9UO0DwX3lwzl6+0wqFrnbAKop04yJ11TLZeNlukxci Gb6CO3J97HGPwe1agFIp8Dy/V6dV1oHYq2fYtwgXro+FIMKgQJrJIzO/7oXdFpBa zR2rgtoj7vlilATvQjlz0TZ+EKA8bSMdAk4lqTt7jsk7/5ZBBrEwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 Gillmor, et al. Expires 27 January 2022 [Page 92] Internet-Draft Header Protection S/MIME July 2021 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABqHnnpvSQAY9G9b+jB6pp/A8 ed7liUtmJEIpUdbJeWjK2wXX/ZMl8npfxptBfpyVUX/hZKv+7CEXxrR3HDmMhegU zwTWcF39ZC2cIYOe31l2J+ejNPWr7447svWuKyNG/TeobeZBYsVw0s9TFKN8+8KC T11WUqCA63rx4SG1Ueq1WjRc60fEPiCLrC9Cy0iNatfulUFiMWaUsenyUisqu9e0 pyknncPN27BkIPY1Zj1Ks1PUy7SwrRztAFey4cQ7duElEoKOz3SrF7vk8/k55GKv Lh2WfTZozb4iMgqIVj15K3ARmgUAcoLrNRpFlia1MtN43YyHDzIopnbMLVPyuDCC E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENl7tFWc2MLAxbzfKk5mB5GAghNA Xw+XtyPyo6kYsiwxV6nx1hSJyw4mPDO9YbV7MWEBXixmizwqXrF3MT9F6ummVZSs 6ZNGuQ8grRFzR7jjhZJX+plXiErAvp2ntmD50JQ9kzzrzLK4QvWyGIwqPbZ40wn4 gvk1s1fgWmKHzmku+ajHLgTDAdIhFWvPw1eiodSmVFWSMT1X/KhbTwwcit+mYHId L4qND9defiJ9uuadxJeygvQqQbEI/OWxpmYBJxqxWrepc3RnVOdrDpsDx8ONVHLI ujn1VaqKc7MFiNXJyhag2F5FngrUyl5TxvfwUmnmPYfwHBPHb9qAHslbnM4+4Mqj Q6IY5cio01a2D2fFFETACMzKexbNKGgLzLv8DGIDcgRJGyLVL7KHXdGPG/cUwlTh s5IAlFA0pKjZA/rwtgQyGA1oYoL5JThQmYuA0vOL6PuEFDL31vZf3oXKqaSEFoPX cjzMaxiBktvqkGF7vyWDk3fGH4iR1Ttgp/xv8Va5Aw94aZORT0dcW2bPKip++11k M3VnfL2hpl+5pOsmPDc2d7kXo7OUHkDl4xRMuz0P4HdSlKNH5Kz2bBlBJsuVX0hW 8GlpvV8NFcJd8ns4x+Xajfp7cRPz1vOP1ISoGs2z5CKvVUH1jEsSC4mWEWo3m7tN zmyTqVhMVduAwKmCXn0dfNY1tOaZd2KqJ5/1DtOfy/0JpsSfP+TVe007asHhWEuI 6uSui1r1XNhXsS/GtIthhxN1Yh0CBMQ5sCQlpcPvbkckAdfh8gxWy1as6mdnSSQH 6rH7js2DErqn8SJUW+8QW6cIwXCMfuEwUR3TXAHZJZc4+FDzLDh/SFAjUqBAjUw4 tAzy8O1zM9lUNMaGFjvTulokTn8S8zdg2E22BOlDN6FDKa7xhrqJy4wMycinZxJ6 PhEz0Cci7O3l0FUoT6pt6WVZo/jwpjmCoY7SWIREzxn8QISqhOCsQiPixdohSQW2 5tsfSjC8VS75lGEHT4cqg8EZ4/oryfCLw4LVCZTeCl4V0xJFL1p6Vk0fgSOiN3B5 niGj6eOHkmAnANr6Okuro3ogwoRyOPhetiGlD1svYxvX87vLGxtHYu9+NU5ZwI7A grRd7v0XuI3a1tCs1PT0id5hNWfxWYbJcHT78aPJTT6n4Wzy13pKIxkzromw8T+7 hYByBPXWvrULea1irKL1QQp4Gl3bMDmNH2QGd1l6WlG58IPLXYMH8R18JQg3YPZl 4ee+dXq40MaOPe+5TpDgBMWj5CTZGswLUOujsSvP4z+p6/N5H4erXNF54O7yBQ42 oxQjQupz0NhAouYmXcdnsSEc++VwNrgoaic9EyroUCNHvcowtBPsw/fhJ2TYcm2B wUyNqfOaJ7VfqeYUZBXhJidTx3E2vvayQ7F4tY0QdXzcSa/4rO0IWnI4Sn8yBMmQ ReVXjN2IqTdNo/fWg7sSYvTKLmqKIfGnEIt/+u+V4horrQM6HoaxXuQ0HP6ekEAb GugQ44hyMwvKny3v/fhu/5g4y9V4hgyrwXTLoQYIooW4uzFOIbW3XzAOY8GMgIPZ 7TTdMGTXpQxMb0k7GoFafSBHiygruaJ2HDVaqpXAnOh33ZdbGHxdBhRPlxfzpT+A bJ/P4JP4nG3MhrCtHbZCd6pKANcmLtCK7YCPfndumgqKPPl+Alq3QfwXwTnrksMM Aqt+PwwNJSq2i/LuOZoRusH85FqnBAhAHX+yTinsUTLZ1cWh6fkfT3gHcAe0u1Kd f/vBsS0tbbkJYu4LV1Uqxr6+mm7oZla/NkUZ73Edf7G9IzixsVRXl03ryB8sr56o 4ouRHAF815+RUFmVacuMGwpJrOs+ql6NNQblPkllveMBly9ak76sjnwX7LJUuhje uxaipDAOmd/49cSsKGkzzzAUCW6Ug4Ar+a4fa95CuX2ZSId+I79Mg9GIXRAiz1W1 LUYHVf5avjvnsms5d54oJCKsukizbSq0T3ItofhfQt0osK9VhbmT9PlntwwjXY3v 5BhGkSp3CtOZpPjkrx6Cc4WNTBb+PX2ZTprF2+uWxxYbHKKyWv3eSoiJcpPkQUjX U0ZaKIxDv1er7Lq8wwdXLjUH3x3KgO3YsofePYsOWmcp33+fTef+0zBT3e60sT8f hnoUHI5OzR7dRqEiiKLFSN1Zw9fSXtp9cTxBeM6+jcjnZURoxgy6U+KbVnVv/je1 P5v3Wqau0FFFmWb5vPSlhHSF5L0z5CvCdWZaadU02lZmdRkYbBDtDADUlUfcQrXi T+mJlCM9tAl3iCjm9Q88Poxcye3pri9tq+KqE1OUajmX38wWvlBISiXU1YIAxyWR HjnIq8SZ3UvJzAkp92r+3ayy41CotY5o+RqG2ZZ/gAvH4FNOuzeZsDAJPeMR5ivO grInuAfP6VeVKgvosaYYKvOL1rkm/acdKBs2wBXlKnceKR9mJwdnXvZi7ruILSpi WaAcoNvxAPNfd8Cv12IXz3q5t9OTZhHKrXFMhpMRq1XOmMfIdzr4UJgh8A2LQDsJ /Dqpc9NVfqhWVP06ZAgWQW3UCQ0AyVRwYpaUh7fsJdR+rthFMusNrt24aWkE7dtn sXPrwC/z7e/nhhPnqUaDmEYqP9i4k0ITlnACDnZsNOUbbNB5BZChmdc2CvTHvkCa Gillmor, et al. Expires 27 January 2022 [Page 93] Internet-Draft Header Protection S/MIME July 2021 KHrloihhUT0YWygKGc5BEKfif8l/BrUaDATwzWAGICAyWUIu/XR2SbyjmRrulvta +dYMsekYozcKnTtu53JAD7AUun0Dj8Q1bK1i6UfJT/4fjvWslGrR3DDJwoaVC7Nv t11hb+seTKdzBAtiF19p/ShhraL33qY9E+T7mo5paRO7GPVj/iOFtwUgUopKSt8f BjzoYuwcZGacW3YuMd9qbV8P4V2I9GL+FlnOcutSIech9jPS+7Fit6A+J15Ca87Y DlIh1n1MAjOK7IvKnq1UC9ly8uC5e3CUDNGs1rbg9YSHaqnTQ/bTJIjfR55qBmBy eWK4/JNsE+gjQzWgWUccI1wDVvFktvM5dSIu1RiFEVHkzEcE8wQbMQ3i58EMhJg1 9ACyTLucKLuGJRm+CT+qsYXF6PEAXe589wo2wlg98EiQLfS5MI+ofrnMkpG1HNye pLMo3YoZt8bUZo58v/e2XWLKXG/ELQ+u6X+MsvfWA12HWiwHb/zyEyZuNZDqVDpo RkeLtYtaW/RDHyF82RyHYnmtG6xQCqsrsbtkWKVZCiVIcZONGt6Z/5AFnmJaMjZk 69ShU2R5x12WGXsvaDaw2Jzgb57DJfukOro2KDYebgTSRPiIAIxtinRlvrFAOfhl 4W0BQehOVTv3Z48i3QYWG/vHkJTHKgwB6fXesTa5ylfs+YKlwCoP11UlLrove/hU cvXtsGju6y8Vs3ga3OA37Un2feDCZkNnpo9jUG8ULAmpuKlJX6otzxi/ZM61W/bI 5pvxe/GLm7f3zzbxCX16ibeO/ZbqPa6VrqZ5rSXSj3TP6p0IusQ3lqOrvib5VEX4 YM0g5A0VTFJj1yQ09KMXa9qHoxVq2Ux5ai2Ry2/8A7nI/SFOjEex6mpL/NoCMMAN ionN1GU5Hx6oN3nS1nBWv9xNJW0sQ57fYI/gHzZ0mBn88RiwDYRoAWhR4hrA7okq elg7J9X/lLDDrgIWNfImqQf8eu5MbJ4fteomo/s1usR0xEisF9RwECWEDLoHLG4u m3VyXHzgHUbJEdxnOudweHFGfZDIncnCONYkQSC/IiU7p5t/AgfPyXK1kO+yrWkg aslamfOG52KaF1bk+rMOSlD9vQoFQbh7lsRkHg/MMznqHwFnN+/+YM9zGHHNd23A SyRnOHRVpfdIRPEwPKV0vf23v7CuajncmG35rl7ALYCPAr3W617N3/w8rNYiTk3d D3gCu/gs0S6wOzOTsiMpA4fmsn0ze8GIQ+fkQefTa4f8VmITdXIAuh0uIeJcauqy EMSUbsJshKgnXg9zAws19VVRz4tbbt5rgSutuKY2yb8y3qst3bOg/AYlDc8jU2Kx k7unJAtMqNfDSFBs8yNd8iRh3OJ4u1jAYt3vbF+9EuGKvdmJStSJuErR165grMeI 4KaV0JacRThFzC1TW42qlNMx2GE567agk3SQ/+qrQJZ9LvJe5AUaBQU/Pga9S0Pa t8k5qKewu9L3SFShSuqWjGTNdNlfRAzBj37I+l3wZe6SFGc7w/TBvkDcXBC58duV oZCRMsSb2QwNpkwsicLXnPTtjqQBPPsEklS08pjnYn4RJ3QOQ5LRP0M4rJ5i17Qc zO/BVXFtzP/SuGgrjWkEX9Qm3vgOLBGbNdk9Zn2uLtog7vrlSjydl6fYd0dF5otv GpBBRvOxZ5BzP07L9CfzXyAMeDu46JRA85m3qEZ7CLwo/aIG0Ff33/yUh65AmUu7 /j7sLtICekmG3q+gzgreATkA45aVN3v0B3DsNHZnKPwIsit24FItq7mun5coHG6/ jPoIvLiqR8ER1PROs7S8khfPZk3o+uoJmk1cmSPQdXF91y4qYbCeSuod6FTJU9Pw lsjWiaX5SORLkLKea/aNPC/s/v7zfe/Rd/3rDv/UtRr4Ys824X0qT9HKGRXpF0QL R42XRcIi3rTBsOmalFlyC6Wjy1RRdGOBisZLnQgNI+enmkmN/ik7bbulwXujIlWW gXHzxBo8ADKqtxTRrri1ahNzxdBjuIz7/TkVgNxkTudSy3X1oaqA2TDxW2E2oNkY t7raY/bQV1JQra8YXe0rbYiia+u/vEfvEzW+5oGTz830wV6YqxLbTgNWvzYqw2ut HDP5q/6YQgoAFzT3+jFbqaankizXQHnZbQFrdEQIom24i+I1wuVhc8XuJydWa5Zz z6uitAZF/mxEQ7BoFjNXtxoRVdxWG4ki2GypiN9/VzXpRvSUkUEpb5itnQeo51P8 2sfTXLQtYKK6r/nLs1QwlfLqIUY73qAz2lStvI1P1ou1ORWK/Ksz6CF+kcUfXOB6 KGDZvl0NnYg9Tu79xu3sktjfGNC9vaev3MD23Q66xK2kLY3OMikpXwAybmrGdu3I OQlZRWVaGCtnNuj6jweCS6vvZtjD5m9uqTvRAtN+pMcqzdMwJne4jh4ljFOcv69z bk9Z+mxJ5wfQsRNaH8QoaQmoHGRksaYIQr4sV5L4rA60+AtmXsmTQram6opUAXIv 7G3ggWdzwt2Nd6iVuMAtq92hiedoOcb7qxCi9/z8kpnLwp7r4X4AzQRsiLq8w6vJ rVu96hIxmdP8ob/XU0DXCnZons1fhlw1Qcw00JnxJdQbF2a8aUQ1yBh4ySPfBgZ3 9ZnZtgzmzHS3LCqEs52r9nJAGvjiGtnWnCmGbFI0xU3j61/XQy4LFQx2Dcx+DCnH 6qkYaxPJr6LZZQcobiYEHNOCjkajVFW/OTJjPoR6LsQletdRMjOTE8bggbHNEDGk ghcwzKUE273LaTdJorbEqsfJ0ZJee3n5l2P2IHA4a+rCvZcXBNfQKlf7JkUabIDf f7FPTY0yGj8MuZKzWWFJJ1myE3o73katd7f2cSw/Vi1mFJsFe9hR+9A3ycmjUSfn fsaFJNEaMFYckdG5Bg8imadMBrKtO4GsAtEFB0c8qAFxvZClz4/hGXwx7oU99BNC LyO07jZmQK0XUNXIwfaZZ5gyfCHQ8nu8AcpuN/7itIRA/ubHl6na3vg2eif+vcEG Mh0gdQ3B8gKQ9j2ZYT3X6bpsOjeOXA1e3Xz9KXAgfzcS5ECQeBGPBdg+WIhrhfrp Gillmor, et al. Expires 27 January 2022 [Page 94] Internet-Draft Header Protection S/MIME July 2021 WS9+GtY4J3YwFsB9QezWVG6jBZTk60KcqXZ/8JC1Sg19G1sOI/WZ2vyrFPw1mNif 95zdXk6pM5vyucfXQqOrcIpRmRMez7Dtf6hQv9D06XVbS5sht/bwTqwLXBUe7Vp2 QjlJhEG6LGv5zuEu7V1BaKfISyMV5YPCqvuF9emD+L0rLirsTgbrOQ10gezruXF4 r/Biuz07s51rGAahwuWj4vbqaD/onN0G7i4nfAx54YsCW1U4d87ty19K7Rcra93Z PeYPT0gwEYcQsQlKVlrU8BmZLIeBOq4SKBIzl0ec/qd+48pPSuom+KuVT/LBiiS7 JtC469RvCKnlH/kILA6OatQGzYfD/R51QtW3e14LZaJBr102f7oQFFswj1K11Cag ucIj54+UQTm4PEMW2SXsWBgwykfLfl1Aimbfp4BF4by3vqcd5pURCG8+B/++tL+n DLxf02+KnPHZz6GRhhoGRoB0P4I98hC0/SqHMzbyLvsqDnOWesGUpzpka+JH0aTL jxuSDtfR3oyEz6E2v/k66E3Uj5UaRVatOeow8AFZ67WTFmg9v+8yl5wTsw7pllMC PNTy2aju5CZ2qP71LA7EprQLjrjc5rloXBGx71VvVgs1iSss/Irwy3WoaI20kXv/ d4vvl8mGy6Euha2Il+z8l5xCinZgdpf01YTboVBVa4NVhnvWIDihBp2BAIFLWq3e I/jpu2+jfPBfPX/9oizqDpQayelhtUdXTL94RRMHR/z8NxdqfJ8X8xOlxLjEZsZ8 llPcVF7NcqciQEFfMJ7agW/FT6JTBqnwCGr0xXUXc6pRvZKi6qst1ReT7AmNmJS2 QBF5Rc2fX0e0qQjQEjaXmRymhxiH/sHslb8QNHFzgyw= B.3.7. S/MIME encrypted and signed reply over a simple message, Wrapped Message with hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7605 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4626 bytes ⇩ (unwraps to) └┬╴message/rfc822 816 bytes └─╴text/plain 327 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:14:02 -0500 In-Reply-To: References: MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Gillmor, et al. Expires 27 January 2022 [Page 95] Internet-Draft Header Protection S/MIME July 2021 Boq0MA0GCSqGSIb3DQEBAQUABIIBAJG/Nu5fmnMkn1fBsCANbQMYLALsx0mJWEly TzK5u5MUntTeOq+fVAUULIJkXaF4inxIe6HSau/bWDWISRy5txztdBIrGLB2RZt7 Yq6OY4UVqXmD3EwkUab9wJVVj1ZTP4O8ijOAfpCjJkzfcQD5J0ZLr3CRXz7JT1wR CUHwhSBCMOuy7/lM2fKeyI+ThUNFUQQRECIjA0PmMrQt1dYM+bXNPi4lY9BVM5qx J8DQG9XNcQtPsIfz7ELwD20a7jGykPYUHzyFE681x+4KTBKjRZb9t2Ezecydep9M T92aV0ZU4A3Vd8bujGl9sUvWCbFR6/vhT9TOHHpqRUOOLJr20iswggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKUK3Tne27yc9+vIqGMeTO6/u Ieg0Iav3LcaUwnCOGLjLZhlnpZEzC/SfNTobX7d/2yPH5oc4gDxGekJO2YyCkin5 RqpYlhIeCEWtii45otBUInis/kAroFNbe7TOfJ9ck5tVXxLJ0WwG4mW+CoMlRF6o E7tB3VSvplzvuapfi2/TrLtmCDb4rlAfyhTIeIQy8J2LuSEbmDm2RllrWNVhVPTo 9gQYfEz9VxyC6Ix13w18tJ7vAgvECibxVDj6AVkAB6ThJJGle5YRQHsqbEDbQjBX RBXfKBjTQ9eZqxRIKjfP11iYA+tNktr4WRyY6YUA1dWvb+GBV/qS2F78yjK4ETCC Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEE9Ajv97rc3cRK2SsCiVP3yAghKQ 4aCK5bc+ic/OjQtKizK3Vidpqd/12OkW7gP/7UOS3BiPtRIUkwQux1cSiCmFa8FS B2Hv6npe8PgIkgv6B4E/paVga591QdjPmnyoUmAWrH5ILbAdHllugybzhs45sSg5 xHftcE9xswAoBb0Es60qRMyNEbOilRKYIDVoXjFiyA5SxLCFxXZTveJGqQV6bErY bEsTEhz578Cq+tMZVC6fRR/iSi1ZilyP7AYtCxUH1K5FSgt8qnxLSwk1kiRaBnMJ Wtk3Ve+BETCUBTn6jYdL3rBLw8rx2bp+qUcVCu48KTW1Bk/eytSJ6Fn62hJnmNs3 m7U06C3nra2hvFWYhKva0JgOD+EyAiqGWwXOdD7jRS9js/dkFgguZVT9OewCvEb4 gGTXLtmTF5oiCipk5o8rRhQk8mkrXQSmfAkD0R7hav45BnaisfI+4rd3VRBqV0NZ wXVFiOfEpq4hhA2fCV3owC+DiW+54F6gUEz0htkkfbJdD4r7+8u1Y8oLrEkPZGJU 7SOjAM5yC7TErr4U9FCligOLjWKmeKud+rV+AGKUVEtgXlAe1C6EPQDY+uToSsP1 bwRmAroLwBBD1fttSRuS7089AsGqDNLbLfhoxrwkwtyDG/1t0XbjWNNw+8a5y/nn xnLklpqHvaHRSzrH6VAcSmrSuJUrJ+bxm7yPWqJbz17+8wrQa1FObsq7NBfUz1LD 93+hvKOmLVIWTpYq02QlkYgRNyEFSXgTbLslA5l9WChT75VhrwQrRT70JVP+RXwd LT9su8myIifWOZpEIJpSgSMAJs7EPDJTdckMkBEVyiQRIcNra7lZsjjI5JQa6nVg 8pqD7tbH9ZH/AV/Z87q00VNUP3ppQWlkwaw3ZuLEH9DWfxVbrIxD+c9DjzTl+axI voBsFnXWUQyW7CsirR0jhoM7sLcLXqv87UnwxlH7WgSiwkzNAoNj5gvZ8FB9xLw6 ZvndV4o8MOYKaXQuOkIo4fJ8xkjxa4g2suRFsOHUS8+EeuBKmMJhmOXx3P2TVFmY jZcIPkXuHbJUMS3sCcDkwsN6Xbt7aa3jzqUpEJwwge3BG/1PC7Xeb4JgWH9uP5Hy /JkC7Q4gfLcqXNvBE800MyGXpZCj9iXWNYSbAHLazBYpARpj+a2/nj+D0xjPYNo4 iwBzCBpOpva2C0f0MO7Axas7XDRRRuoP0bVeo/gDS7Nm7mq+HpH4RYdLP8Idr4ff 8wHmnihggUDFmvJnWAEePrMXZb2fCjr0zFAwHG7aL7GI4bH2tbN84uOYFGCUrAf9 qRe+7v7SGZIiQIXNvQCzsHkNbhSb1hOeAeKpMG+nkU4IHI2GGjs2291D7kEkKN0F VA4f15pSlKLlEF8T4HhoWc8S8+sGxdXm4iujbis/yrkXH13bk46A55DNk+aCvDkl nJatM4o58mMFun1LaCMUZl/AQW3CFDRJxOU2Ae7VbgXRsb6gokkiL7hmxC0fNXwG ff75Lo6/MywhXI8vANmoTBVNeOCO7atRVdzYZ3xvQ7tTgUgr2BCDQlw+1aDLso60 SxunTtZxDECm9V8mWeoQjzmWYLuYeCbaUfeoY0dhQfwlph8tOrunEfwrbfCMK1Gv QX5b1eQURzZ/owrqE9/fUHHY+EjMrxk0T6+45cA+N3oOJS32KkIgv6+91GE43YKK 9eAiDYmrBaIoDMXAzpW0yyWmzPjSuKuolPsCKnVeMN1bM/1Iib1/lyjF0yegu4bS 0VIh+z/cNBg9Eetrbr2gR68d5mZzWXvB/Wfa6VM6Odl6t7Kq30wiFUJ5OtVaRPkg NSOeAXekL2rUQdmVJFwOtO6FmoYimgc+YD7b4HZICUSbpaernIhy9+ZS3iLrci3Y 9tiMlikwHpBX8ykQ59fI/i21SK+JVtqzjFOVq6hoRLegzQ/OSHuiEr+RWYmnGXH3 TLRaPx1xp4S5P5zEsrIGmkQVudXavewItyxq4vyEzC1BS7L4rK0XcK0n940IKJj5 YwOIj2uiGGew6AFVEF2GsO29XdpbM4XbuIrXMVKBV5VR8B06ppA8NcVOK0PgvfhO 66yomGxgvUn9V0v76+x/ZZpsyonbIsdfnoHmaK5gIfUcAKVIp8I2B7gN4tH8ut1+ Gillmor, et al. Expires 27 January 2022 [Page 96] Internet-Draft Header Protection S/MIME July 2021 YumRhc/R6Y37ZbeY9ZpMh1WFDJ04LOaiccFaU8yt0Grdhmg+VLQg+mzOUIZReTJb VCP2201EGNisGeYp4sIqlVfziAtyPgnvTN8qtUhoZOZ5ghK5xlB9nmmbhf2wjOGY vB3dyw+dTkOBIH3tqqS90ATEddzJHHVV/oXzFAs6FtGbRFA0YpGvgYC+RUpYqvqj lcm1OLqlEHl8tpQlrWzTEIGVUMePTRBW77CXSZGNh3yz+eC6l270KPKbhNbvZSQg uI+NZXnGCdapQh8NIUmn4Suo/Kevo9/Z5WKg2k1gFI6rZVw2rdMuY0PVZfyuGTeE KuLtXAmNZ8GVFBOq/uz6GoiO6s5nFh7587LHc+X4bayK63tuKnkRdKJoqzChoU7y P7zFJGwR0Rhe70vFwlihlYI2y9kH11Y6GSzULYY2tYozH0cmAkYMnSTmeo5lq7Oh NveHC6v1vVQZ6BUYN+6fm/jU8fuE8aTgrnREfdDNbPUF4G3hZz7Kyzu5KgWxWVjm a7Jd10MxVjUhqVtU52/H8eikdanl1QCSTtjnt8BP2apT8lXjzT2zdZsiIeEXhylX 03ao14tBqMDvpZ2Uriq0S3d4O6zZ8DdCA/4vqyVpdA5GYxj34Wg2tMN07XHZ+5iF 4D+Dra9pXS3mqmR+U/MUF495/9xM6+eKSN0e3gyHW3LLhMtnc/sNIod0mMvIkexl 1VblCRNsO/vKpLm9TOgilk4uhk6//Nha+SoknZwZbKpV2HP/yjFm3/yopccmqRbJ 96z4Uwgqeq37EBPdrck7d395U29Wntzzh122iauJyNYXmer9OqsH+tM71mJ6NWiR KQ23Pj5h4nxvhDRAMD2tN65RfRPD+Qjz8QJ/6h9scXL2we2QuzNSZZ/IfITHt1Tj c0Qp3HQgFH24JSf/QnhdPz06SUZp0rzR1Ykgh97miSOzOZZt6K0oPYy/YeAC+kyL K15Cu3F7fVrk/aYuU3TSSO10vfblioC3K74lWQZHmEd8nOF25++U7FspYVGa68Gq lJiI/W8vhtTDUCdSwymn1NgsrVVg9ip7RCkSBjoibnup7nTOLbdi/yNTmgD+s/Fu F9ieEEQN0/k8ARP71YAZR8YSaG2dLuYh/pRTpe3xoxLqwNyC6ck2eOWq0lK+LBOi /T+b6HH2v64De8MGR33MNDf2DagAJ40/RlJJqXhLm6JTn0ZB4C9gygJRUumv9KIV li9yccYXs/dU+zYXiVOwedmN7vtm6lJTkWfet+gTRz4zS0z3UA2+dtiu8LLVm9oG 5BGb8qiRF5WNXjaB+HC81bpJfuIDzAja/2QPAwFH3tG5ixKlN4/ryCwoGllkamDx IiZPf+2itg/7CLDnomfCGn2XEe1WxS8CGR+c+sH1k3umqpDJam0FZ8y1g7gaFUO3 QhpGY2kt7EvPhOXdbwMhNADHFCu9oEC/TLxknowMsdjme/vA1h00ttDWG0dPnKQO VYpCRCFQCVOvNqbrc/kbRRiIZxnuPmcoRcI31MqUDirZWfyxpMJsfgGCQxAMe72q nCHGQgaRIC60JXosP0wFPSibg9HloaEAFAwheI6rMoKaLy2WL696rG/zxEQSovB5 wTsHFs1UAaB70nCVoLu+0lS7mL2s5JPv6Hk0i0+wSi5uYMOpO6TUY2tZE3ay52zR tJHKVK0rT7yTe6VQOr6PW//y7Ygqy+glBPVUJo8YV6oV4QF2vrj+StNKV457paQ4 +ACh6FXcShgGxI6Em41W/wrBQEt2wzOUv2QKsx1T4rjtBk+hA1xfJoCYuJjiTqtT HpdHHTPqX4WzGa+7Kelr1YITR7TGAbOlPeJd0IMP8mu3zoRc1p15Te0mrXwM7CuA 7f+c5VIPIXaPxcQmGdPgrs9t9jzpV+JUpeokAtUpVJ+jcJtTaFf1SQqd/6w6rI3o uvYT5IxS05EUu2nTYxjQRuTlonWNXkqVHEDGi99u/FrOgh9fZ10oX0FgTN4u5R6H 58uGsmJnWUE0Voj+1iSKb86wgwDJw8QOHhnrAoDBxAhtWTuydmuEhjGaFmQdNSKr I3xC9o2Q4dqI/Kmht/fzrZiifbxvPleMkvaMUOKPEdWOQXaDeIAauR/Bg14jyrvo 5GcTdHxa9DBvSpuhE/jpTk0029DBIKhTWPiUK2mCoRk+e1JILSi+k/q6P105sziD TIBCjg7ba04EahFU7f8EReRzToWb2e+a2/F1DIw0r6o8SQJcrDi2MNORjEpOkAWP HEAeTHh9WojXnEsnHChwG+pshviy+tZInONjU3Q187xSUbNseO5u+tKVTLtMEr6H AnU8UzFHkUDnpw6fjJjRfKYe7BQrM4uxeN+V3CjzNrK2VLQvMiUw5fcuEOboEbBT dzhUObkrGKaUGGbuyIBhR5zVRQC3QsATra0ITzrPEBxGD2yY/PkpW+GhiV+6Qp57 fHtZSB0EQHOM3mihF0XJqLnx8dXAXJobdo5jNBXSo14os4fw88WdUCpmBDPpbWgD Fy6hynY8tjtmeaGFQC6o8tzFNMnSH/Re7uO77x45Ly1WeHBhXHARumCEVRkI1Yg0 8WE9KLZ+TEkcTok4hMcYH27XnKSWElrUNV2ViuXKyH2jDZe2lSvLO9kex+h8Fl3C cfgeToh4pYrcxYB1Q+2Sehwy/nubL2pTbq09ZifaTyJaUyf6ilbAX82TUVSCRRn9 pqGlo6+sFZsKG/AitwV0xZ3DsuFbhVaePSArpAGJ6VLTMeHqHGy/20euCky6fsyE DAU/W4DYjv9cN2BoATOxWkWKyI9IbGyN0Ob6E8LfPXoCswXAtuW/MdphWUHWlKED v/WYC1ZYL8oRIzDAvNQGJxp7CI9iGaQCEcsbwzoGw7AGsb7pt0lfLJfVTNC28qSG tCei/HdZbUvdwUDRwePFXxSh8uhZEOWFNnqaIVTYDdbxnIHfnHNNjBczT+TjKKlz s5A5dWgxCtLZcGKGmqcOmiw/KnNsAEJ5y7fFur4fvKrXQvQYctdYiJ5yX1O2gtci IHiHmfohFrl4TWB7iKEVj0+pfQqqnJIWYj5Sgd96UkR9FOl+Suc4lnTRqzSkOkYj Gillmor, et al. Expires 27 January 2022 [Page 97] Internet-Draft Header Protection S/MIME July 2021 zkYZFaa7SPobvhK3N7as3niAgcb4VfTAoFXkOX7oVPPpDrHcd7UfZ/Vj2RnuO2/7 4o4aUm89U3k/9FgEapUL/rKCOoCGnazK+w4+Hcg2wzkgkSNFU/sgxEqY7cKAHjTt TAxKYh/F1r7MizSf0uFRyksMEa3NSeDqNhDhHV0IbPandc9CWVT2eqU5uvOgsNPp oLnDUUFC7rkQhQW1h39BaUzndXGU88LT5Lqb31Z8/8/AMMn4ZxowOTggd3Z0NSVe ymrsuSGyuOEU0agx9ipbomjzc5Cz1oOcF2D0/0ofzdTPkGFhb1NtOjutGbg5x50B 3bIphtV6lpFP+GapZKcX6e308lJ/2AV2hJywbxN1AnLPnqmkGeHaU1nOp60JQ5TR It8Oi/LjjNc5hrFa8zKU2aM+c0lXT0VQu9DvEkHqqkMBCH8B35NXlXn7GYDzFwBs NnGcrNvJl3y5LbJjdrORsyggVHjl5Rda8Nx3ihLdt2lkse6UBoUkZMJGwc3ZmpGW 2wX7+5Pv9ttUmQ4bx7xcKy0su4jQaOWpjoJ1l2G5Ju0BzRx0Vfvn2WGX4aY0AJR0 uIZgeibQy5/3hW5keuHgB1Q7134DgYMSSjj0C4PBvHnpSnuTjYPqgE6+D7UrNnbX x6PbWeP0soJxQfy3i26+flQ2yPZcNIOSzSulQdK36RTeOR7C2XcQhsivgBbsM35Q 3E29rbMMFDfUzCZmdJNivvf+kvHID5I8RtX2p51YIQVcyItTunQkR9P/avTMBqyN 28vQlzFk3RtJrpOuy8m0nOfNue4VpUV35u3FdYIa6RkqLB8ZBiLcSFoi559B9czW C6zz4GlpoHMNJbPN+dNbNFIoTeSi0dE0vHlP++Xo3phOC3bBcRxNwEoIExYwxxBS uWGQBDNIdRHsYOVYSSiEx9QE0bOinnitTHLthPcpcE0yMQkl+diABJe/J5IBPee8 O9sicjpgeFcIozBDz26njPOgLMl5o0xtKDsJ1tKloM2g9NpA2kjXy/4uW1iru69E c592xssBoY3eEzoKdAOE2OHUBVnmA2v+kJc51y1BkY3YYi9LICEDPZvR0PTDl72o cJY2hGykCCDvfrTBjTuvIB5KeKgMfJRJDMtGAfzPESCXOZcDr4pXX4im1japeGUx B.3.8. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7585 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4600 bytes ⇩ (unwraps to) └─╴text/plain 339 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:15:02 -0500 In-Reply-To: References: Gillmor, et al. Expires 27 January 2022 [Page 98] Internet-Draft Header Protection S/MIME July 2021 MIIV3AYJKoZIhvcNAQcDoIIVzTCCFckCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBABgRQRzXTRs0Jqxrl9ouqlyyOUVTZpzsEN4E rRGV0bKlOV1O8OiF4s73Oamfc1GowC6YOss5JBen3EQq5NmMsFXjlU5sSiFGgsX6 IjkVSHC9c9QtdJtXyEoqEhf2lGJ22FcLjU0M21XxtKMlArch5aouJO1+nTj8AIqk 25JNvqG2dpiLaN61T9hSnyZe7bqDUflBo5Xm5REOc6EBvO+lFgjtIJB73QWiGBu9 C9iPJPz7du0yIReoX0wtkClqUzrBEiqO64SNQ2MuLTLrl2niNDfaQrvfDa62Y6Zz RKPE+I461BxC2Evp18cJVdmOLPE/41b6QPu38l6L8/fSoKYoCk8wggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAbgflLBuq/SuTA535o03fl0T7 hFJz1cRgrOgdYfajI+bAIAncrUXPCxEhAIJAV9DNOJnISnnTNW0E5ND32Dbcji83 GwhT2iC+Uzx+0auUYuuVZ/go7eHMUWrY1Vm5dqNq5JbTwVgWy8lIC5CatZVYDVFW o26J351tuF7mAaIaLYXOnUrLgqWpgqI7zXjHrL0hADXlaJARcCY3Uv/PO1YOsb83 1zQQs7Mu82fjhmJWqZ4yQX7rBKSk5V3aoPjFcj1w2vQWUXHqczJmr0ZHYiaZQuLT gglkNNSPNFVlfipXESE0ksP3ZoM+DzLahjfKSLiQTY1Gacasb9+oVwALBhUoCTCC Eq4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKODP8WCdJVi34OU9/jVCwaAghKA Ed5TZquhpH35bEbuVz9wfPotJOKJ6xieYlQEcchc8+87Log3fBKWsZo1NwcRMZzW PhE8p73CscBYylFWDtwWTtQfsu+pizFoH1B2u+byGhyr+cEVOcI2hSM7BTFzBEbR RlAWNZse0ZlvW9MABUHhu/7QFVwV9LYaL+UlEEAvoPfnX1QP1WPbjyIl4v+/4i4B 6jk2HBMlN2r7Kjk1+i0hdt8V7WXHRWifGO9rGmZzi4hVkFIiRkqOqXpghbsHOdTL mWf8LfMXatmz39ueE27ZJC/1KHygfdFqQkTfSutBP05eP7lJHPn3cb7ktJ3wmEj+ 0iCyGySJlwKB9EFbWPOo3ENWZ90csz4250Djzzx6HIUk5jA2ePiEw8VyoTCq77kc n88G6ucn+7hApODGLazPByQeB4OTg4EwkVwa3fZ6CHENZfDNDjiqYtBtxLUh7KAt elv3UmZ5PtoWGuUd/7MYNeGiZeVuALdFAzI9Z8uY1BEQE6kZQY4g1IAvvd09Xvu5 Z7LA4qbfbpw3708ps9KmKmlcrhmDs62DkZP26lKUgC98FmpmKgpKmPb/V475+OlZ FLJkE8LVPrhBQlgJWSFmPCj5FTkWml+dAriVS+7RdkeohjOepRIw7ON+BODCpvSO AKHry0k5ANJOZhIgYOPCByDs+AypJtqPl8M0azkThmlFLBc1m6HDVroDklpZkGib hgANe0pnA87omyIXs3lWpkApS3Ri4HrlJXj8sM1gqJABeQEOOcej3yIlIcKgVh1J OYPfeRlibKzDHbIpVFs5QMzKNNwil/t2+VmuV9Reye1pdtpXPFDP68ilPO/VCyMk Uq6yKfU/3gtieCtCgYbh/5dAcYwAVwB4XvYqCO4Sxj369X90TBM5Ege/4e/jcNik S4wJ1VNVIgs6WlQbAsQ0GwwyULguRbnmXuwXmLySLgKd3pqSeR6mM6HGGXe9rdSN miIc53pdrWAaLRqP35oyOCjwdl8xgaaLAV2Un3AD+Lwwts2rSOpiTFbTLRHPYvN9 /44HfmulG/cxGTWfJrXq54hh+UteebsyKUx9Um4LGqs29HIx5skDVOxhzYPM3+J9 ZP/IVgnm/tqkzVvYd0s1SmHdhQyXuGt9BaWjii2JZdrQjbUv7KrtfLcGUNGl3yzR q4hyRecPQeCO89AryPZor5CQ2H1fi1ibSDcILtCP2UDzScA9qd3lvMRZV83rFcYl cRYGUyckJP6aJFYUPCXRiDei9/nSkLDCIjtVHESDyUtGFTv8DeTH208INYj5xjBv cEtW1IM2DXft68jf9Z5XsnUM1QO2jhLDaUptBWmKDgzeQa3KESniqdceGLrTM1H0 lFgMPFEn9W/Ma3pdi2I21TnzIcS7ZaO+NG/2ZLKXMEVBrXVEU+R7heEo6mey9+qV ftDsbNZJoB7mTlMf75Ut4jax9YReArT22jhHyxZ5NiUu1200emE6VMlH2t3UB5gS 9aoVqxh9xNiDMO+6Gh0xHbc3m712hWT6yIHYcPCHzC/wqBE7VE1jcq5PF3ZpfrBz ZMVa18yGAvhW+lF/Fl5GUpsyxJ7LR3RMUappLFdx+OBrAHWI3B59ZIDYTodigu6k e4qJyNKMwlEGusefonkkAX/53Z63QXe0RswKzW3cfydOvwfC0Hi0TQX4kqXj4MAg N/gNFOVRpbUfLEmaWyohkVEkcgxqyYm2Qvw0oADhU/Loz9p6a1Fjz2E29DNsKtdT uszU9+2D+9PptibTCm5BOEbgM27wSfTwjcyKpcZ1E+6SEiGVQthWIIj8cCSkp9uG vTQrG0F1HCYzBIUixyzrCJoc1jBRv9lcRrjG+xdVOrRX2gNKz/bgU+9e3MPW/MFe uuhCqpee6qMBPJY7JQqa6qsJRDIbmjib2gCdSLsYr8+E/KGTwu1TDDb9bKq1I1lm Gillmor, et al. Expires 27 January 2022 [Page 99] Internet-Draft Header Protection S/MIME July 2021 3LWl+d+VrGBz3Hl10N2PDgedjwHco3igrwt3dMiciqF7l4R/aDCJXgQOb2PxOqoY Eyg6vrAoykdSfrpFU6UDhXbnxBdlsRSQ5zfX49Rr+YHXOk/VWuQQkeWMA0m9nQ4C BiU72A3+nP11Kh7mc0/3FXzSEuF7zzfhfU88tEVvzmTpVJkgNm70NEZ2tX6VBe9g ycH24ytDbrYu5voZUP1CepPCdOTwq+uD1iU/UcIKxnsnxwPmnvqU/3Chl/wOd8/V 4TwbNbRlSYit7Xt/3Kg63vkQa3wOBxZ5j/KOZLLPYkSy1OJTzvE7Y1Glf8T8oeGP li0RQbOaux8t+j9ZrHCtxfDvbTOEOXYeVuQV2rnbvQcXg+KOAv8Ef4TEfSnnnG/1 dW0Uvb+YxJjABh84LTf6X7ja8BTJIY+oyIMIptw3Iw3BKmpHe0DqZaJKatzZ2JP7 IaBmSS46Oxngqb3tIs/iX10OuvfoYFF8JP9VNwlVacn40mU0YuGJi62oWugI5yPG zjI1lcVAsiiTYMM8OUmw/UuTDwIgIO6AOSVNMMjWcihBOQSn5HgJNP3dc9JWCIzd xM5npoLCukhsKgzQr3MHHroiP6Jn+UsYwoNvFeVkVzb7nZM9sqmrQ75JJPiqADfX NpSGqNdGU6q4o7aCtjegr0coM4xyfyOEKyq04w5oXhYzAQ7qGvN4j0iw+WVtIX6x kMV1cVXLzeJ/oNxL1aIgZjt+sN8MGTf1IBftWxfuGO+WKvWwuO7D/BTsxexdfstQ J401huuod1YSoSsHMcT1YdDaRospOz9pvkjREwwb9RZtlnCjKALdVGeLDBLG3bc8 SX/LC//AosoGt1gzAFtBa7/n3Xup3EqME+nXH1K0xjvED8jh6xchDA8U+tSghuC1 0OmY4GFlqXtshxJOf0tbCGEoXJUGFLeYPUG8d8cn6aLwQiRi3D8OMZhDRSdz3KWw M08i6lvavxGnwBPG+XIVDvxkzEaeEZrZ9Ea19/RnW+bZwxMwvC7Ecqk4q7o/djW+ FKjWedjnGYAJIHSZCljRDosskfmgCEL4nfgMwVfqF+xS8bTxyQu5RxqwBPDk8EM9 ZN1EH4WY00hgN4N2oqllTUn8L2Ehx5JAhiTckZz+cp/nzKVpKArnjBQpCjTBUDiG PT28zjiTkrZi1eKw1C2zwaQ8KOjMjRp1An1P6zSiuayEtf/GW8nHzG9FcJoRlMKR TUt05KBg7wgE1RxPumyws1RL4cpIb2oWlyfSqlYNHdNCQykyuu/ubaQVg3VZyz03 CRl5V3ErDa95ZM+cbaGx2JMXR29N6wTXEGi8FCMZpS5gTucp67yZtG3Ik+PPWkih 8bYskpn0AcPCl283neE57MhsEp+BOekq9tAx4IEWDVzL7w1EotLT5gp5iZlqMeQT A4kCWEbcX0emotgo/KgYhSfgaSDa+LJqvFNlOAqpWU0ApqrBkhDUUY97uznHWjXc yS5rzHHDbrO448nJpFo9ioCAwFYkWaEKRCEljUlqlfdaP+jHYIz48nuecCtuVOeU gpdgE4EhL0mGG+ylj1wC6Isrqdj41aR5m3ZwMeucBE7RkyiCVMW8/GobcG4OEqGn grvjoMjWLjOIoJoeuZsv4ED7JjAbedGsA7WqGGzVTyyXbUVseSuYsb7eVy7I0VZF KiPI06KglRA9AQYPtnij3qku/RMQNWWrSjSSwUlm4FceY77GGo9BctQ7DdYSoMOa ia2CYsL/nR12wRySdKzJOBmgBPDA+cFORwReVoBwGl4z1YB7jCBCpjKaB3zRrfwa RGXijQqS8frHtNaj6+jQqa6myg6vlUPPRnEyPz69WyE5BVJOaSftCOixCtBI+Fnx hJDiobd6WBzdueaB7Qc6W6tS79C+F50dUbzHeZLQNRXHztZX/H4TyJ2Jz7Bhy1hh Haa5mIhgjdV985ZHUEBXIch5x85lmAjUQPADei3chwO0idxi+nbq/exCmsAxj6JC cIuVA764o2gftaIAEj94JXMVy7Xi3en12L8wbUezyFZGKhUxwKi1WFhvb3or70DM yT4U/URV1HgDgeKAyOsAkTeSAZsK08cRvhxDrpLl7y5wOfxFkSbN/04KujYb6YBe Z/aUF4VZeNeg7FEmpW6XAVSorFQ6DgMLmY2TyIIh5GswHwfcB7tqgYVYSieRM/ns GZ9hks9nsg6NlaL5ueYYOyGs8MB50XHDS42uK18fvRI8qA5liX/CkCdUJC5Hlu4i lt3BXM3Z25iaYaKEmosgNj4cMdreoKFckmq8nSBdeZdIJ0xWX4/ioBdOaQRTknIV wSSQb1utN5X/AZmKnF/65svl3IgngkLQIbFCCaD2IAzS5itRuTcbK+KZbKSCLNpg U/qYmuh0TDeHHMO126VEPQXAQnxvtV/0MobXpswmuo91PVsbFgCU2IA0JDILkI/a xwaCsoQSzTnw9qN5BVmIodbT1BBfoDorlC/C2HrkeD/J3+jSX/35Zbb9GnuLnlwU j/fQaGftHgt63pLqqMycYcVmiA0quvpMZYRmBGhHPyr+TcoLzkFNAsNswev6//U6 hxWkF6SAaIVWF7hTAePbDqIyeVLm4s2S5Qhjw5IAsQokxff2C9GZTLDJpBlKv7oE r3HBtOIs6Y2CzkCH9nXfQvbv2LWEgsAgq4dLk3Z2NRCt/LZAWF3E5a1wW4YRRH7j Ozl8aACWB6WnKnz82+1v2FciFB9L8b0gNwU01u7sE1ayC2TQGzXAhu0riMtqBiJX bLmCos3/VelP2TodcI9HmrjSPH5HOWnP0h3M7VgXHbohm9FgOZf+0GNaSI4Hr/3X nvFuT6JgJUS4Nrq9uE2RpZ1XDvLUVrwE77tnLaqXMbLeHm/V/TXviqaxEEgtCSba iWgsWkhjk8JL/Oa/HBSA5mhf8Sq1ru46/sJXjRdZ1wXGEVmCoSkJmgKTn2a/8K1g XE1NMeTFZucz8WJDAC5DFvqthrHHcAcG8YMVTE4EzwfTrYe9dxfHjILMDjP8A3Dx c7tlM/6g1c4nQTI471xs28iOsRw3upKY1T4S5MRqidQD2yKYbBVp0zMAwsybq0ay Gillmor, et al. Expires 27 January 2022 [Page 100] Internet-Draft Header Protection S/MIME July 2021 Bmugnz5xafztkADCg1mgQ4BzhXWz+0CMNj4txId3kMwGt7Qi20RDf7cDrv0S3krh lDGwGSl3fr9aaLISh6m62v7hg5Jn4wl2yXEGxAPj2TXzZwVGL9hmzbghxt8pJM/u HR2vMKohagn56K3xIfwi8QrWDBr9r8OKj2Ia88v2i/QeQe8CqOVu6yR8xAxGQFiW mJZO3enMPl00rRF9wdj33CxaF2q2kVysid59tPfJanTHUYz+IFV6/NsRfMgye0gV 9k/ebq0x5OIIjAjhllfIFj/jyupnblUteAILhvNBfkqiDkWg9Yhqd2MZXgIGuJod CLUq8fWt0iNV6WkSthZI4O2wMz3ek4YuIfyVrh+oxQcG6PihlwEu5wamZb2g0GDp tqa8AD7v/mezlHR4a2xogj9lDLz3RXH1RYOQHSbvvRebgjZrntOG+gidcbQvsB2e aS5X3SZXYQ0hbG4KACkwKWTj84Jxflp+KMfdybhVz9HneTtiLMsvlibPVj54ZuPc YNmELTHyCxjlsX61mmtydIAoitzN+YrB+MWx06KnPbWW18AsH/gWNX0qtYIRxJjY rZkvzOEOUgRBxdWuK9FlOcbAfq6S3fIPMJycTlSalOA6ltq5XtjfozA2ckRutqV3 1n+JM3Lo55CMe9igKfi4sEuIPmFjQQccxh85PMZKXZv+k+EU/PgD21HxWLbp1y1n lwSllaTC9kNAplcvelROfuM5jqi1qDF6Q6w8pwem2m+vUc0aV0CBGJvvz8+Y76Bo fho7SD9SeBOnCsSxq1cOKaeWPl10Y001wUfI061oTbSya/tbNGgaE+pXzIbhKCvv wOTZ6t3+12dhZ0mx9Ozo1pxslASescGr4MDQePR6lecDPdgU6cJZMCzMiKrbZC1M lFlApbM5HdkJOGOAVxHvbBP5u5SSfu5GGDcjiVp27A8kLGB1x1JkFr/ayVqyi0Zn 7QUQu85CxW0nxqFFkYxXfvWVpPvbzorPySEntj+ZmwdqB6asqBuHoW+WEVf/U4Sp 7YZ5c4Q6mP9/HZV3J+1b+BaFuuROp8lwuvYuITRpobOncr3+U4Pr77vdBbzYFm65 kR5uZgS38rm3DX54qlUhb7AeWPnwqtEIaJA3soThkk+J4/GAIDM46cQaJdPfXikq AuZkkSOqjH0qEQR2gprYNTTakISQXK3os+aSrdScZq87W55RQ4bW+1pwZjCnlEI5 zTgzG2iWGCaPHZvoCV0cv+Ln14a+rplNBoRDHhDuN5Vxnd8R3QFz7iL6WOW8XPUW Vfhi1ZMHR8/e0rgqlF7nEw8B8XYydKsPRpYDnrjWOUA= B.3.9. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_minimal (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 8170 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 5034 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1082 bytes ├─╴text/plain 57 bytes └─╴text/plain 376 bytes Its contents are: Gillmor, et al. Expires 27 January 2022 [Page 101] Internet-Draft Header Protection S/MIME July 2021 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:16:02 -0500 In-Reply-To: References: MIIXjAYJKoZIhvcNAQcDoIIXfTCCF3kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAB4ecHLrDWfKl3yL1TN/yBLvobSKk41XBXYb VJ/3GqI6j/32SELFoDOUXgckW/66RyPsEs14KTmJRFA5KWGZ8NBPDN2AM8zjZfS+ iRgYm1d57/u4DEUnbUTXOagYTa8eanBrWX4/oGHg1L5wI6pZ9zyI5YUCj0tQUaLW 9t4v3U25z38eCokhtksHNsCtXSvLAQzx2L6KrFRTCfCmgVgsXhsOBEiTCMf4ZiB4 hh0lhyu6SV+07dm1LcD0T7cLXAD4mkoeldbIpi92W6P66Y/Ay4PJAXZmvyq01+za 5eYAieaPxfVbMaGdyayOUMV68ISqH69uKJpRVwVsZGhQQZY/MdcwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAkBeWGtHTul5YGzJtjM7gl/ET UpVPGeHs/jLsqj6oeFQwrE57igqf6sMpY69yrFJnDm3aOjbZdIJg438bax+XjSG7 vQUy8m6CgeztdBAzlTbdVU75sstdXeiRVwC5fMtz+H0ZymV3SRjjsgCv+0TEJR/j gf0IB84y+zjJ1QMgIvCxIEXj3j4qPI6mijEnwqfPZ5nBcBL6/W82N205SArWYX71 iIt/GE68DH9o6FU4lAXJSQj8iuxVFzDV2GTNJc1pTsgcEFC9bGD9NgZVUZhaSZkM JleDMSMloQWPPd8HbXBiogIJG3dRudWSfohmxjOUZVj8Plq5q9JPt8sp6pEIKTCC FF4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMSKvlmchoxV9HtD4C7JxlCAghQw uVLuAYWsCKCp+Ltfh81OkGuphM6f7qhorQ3+GLdW8e5C2kjyxEAjowXSHLjFAQBP aw7UCTiBJX9XCl6/0D9iCh8MzLDz5XMxwyJmluPAmOsyWvaGfFV8f2mqBrpfgeJB kXZoou1UuRjv1MnKCOmwdfGTQTuvfEwawURVVM3cZVNidgP5QdHWBVHayWW4zCwB WpdArroepsEA8HvcUJ1j4t+rSefJfA/C3h7+J4HMi+/02tS+0iEUSMVl/xsp7Ote jzXdtdjFb53756oCnoRh66ozZlL2EoMs2v18Ccos8yHkPUCkSrBoRjq6fTl76PgM mRiREJHwYnNZImV5vNRcvwy/S/+rKwUEfshRDYc0P5NHSkRZuMfNu3yRB6UnaDzL 3l/qOhv41DdptlI2mbvgziItgMlXdnzGkJQkS9G5V+GLi8/ISN2S7DtWpFCaJOh9 A77YNI35X5nTFioQiYZgRFjHkLEB/cpbYiANBHHtX0ZE00tW1w1QOUVJHPo8N0aI uRx7oIeHWJf6URM08yVqKV0VSrKHxdQ/RXii8qWDlS5DUk9lVZYypqmui4Nd9Vc6 N8KjbqEmaOlcA1XKTZ41PRAXCA71pGDPVutOrhSx1CuAqk0UJoMcx3FiM+uCmbQQ WZ3K2OtKWpbRzgGxn6AFPMYTxmQfhbfp2WFBK4epEZeK9TK0XEba4/L+V++bPzqb SKTa0fYkRmfrXrQ+K2yKvMIBO3yPjSbEXQ5Yq4DWu5tTohOgQm+8zAdYeH//S0UU F63qGQyKYlTIu1OjIauM9g9F2yGQdJGRtjSmbuyQ2CGOeeJpVY+Y08/5O73GvyqE eytAb8Fa7d5gsToARMcxZzBl/NBgIJU4o6PPF7FYSz9cxYVtBdYiRAJBjuF+CghM NWPPVxR6SqsNq9fm82EEunJZNlIzkqv0s76xySZaOizvjtvw9TkjDAkJBCP4+o6+ eTRjYtGsgn4Z5JY5lMQirVxEy/Fd3gBRwGD85mDxrHKXtKT8j0ke7DjhAUuw2YoV Gillmor, et al. Expires 27 January 2022 [Page 102] Internet-Draft Header Protection S/MIME July 2021 uChtI1tGku9UZD3n9mbd515LXODVtbCXAJu2JYkearRMmOq+h0Pu22kGwo+9hYpm A/hr6XWNmQlytONCbIuNKyRTAt/CIA91trDVpnXqS/hIKdxFGx3OuYfHz2pELJUD lLcqpPhDYWsf5RoVykafGc76gUDzknIl8FdiFCD6NNJk+VjBUkPUvwCEIM6fyIPL p07H7arnjZ0gJ6xxdyQlXwINqAMZ5DJ/dR0EgJtxJ7btzBtqZ4K4KyLlsDpLj8qY OI1aTBH6UilHzQn5khZgC7XHuEHy1mHIbR9B5QeqqlwezWmtpmfPGVSv4UX3fRHa h2yZ1QRqtvwalWPa97xj2fvQw7HbWtqF4scO0yLr0buvksZ+FWmc186t3zTdpnOY Kvb1GK9VATs5UNjzpAdqqR/uPfqGyxjOZDM1BrDxVMejTL1bCCfzgpJ88A16tTIH OvoLhY+8wUoZwaV4aaQIX2/Jq9H5EuXAJX1nffWbPdBusWlbUECf10DsIhjDw4r1 PoPvqcjIuHNrp8Rs1G+COI1d4KHKN9mMgOxDTNgF1gKkkw33wEy7DRv7/b8ej/CY e9xLlTCQnXW+kAKs+OD179cHdHR42Jv80QEwB+Rx5m26mYsIcprqQf83Z2V4Gg1J OYUCxd5T5G5rBdzLtRE+NipJJ0RqEKCEyc3RH39NXkg9LnP2XvA8zsByExwrruTb 6HZ5ojO7UvEXRZ2A/H9nu94C0+KPtER4mtESJFDq/k6Tn8MF+vw7k/2Dt2Us+TVI q3do4FvUJfyZXmpX2LdDhgQE8CMb6B3hNPg+NSJX8KvCdWU8K79i+ppaSCknAaNq 4cxYavHhYdHz2U9zQKLEJt8am2/Iyf2d46q6plUzvFj+DCFoD3z/yddRNqe0M1Wt tdgvklkymsJ6E/G+vpoDw89FeDA7oFc7mOgBsxZggi2X1WY2KUIqJqm5GwYy7j0J CGpHfQqU7WDvv9kvADEMOq+vIR17lpn9PRUluwutdaKNwICZEw4A9G7LuSNRhNz5 Me5pO1Tt2BRK7NtKCdiMiuKFq43ezOpMpCla2VCuEANA6iZwGJlz5iBFckCN2IsH NTNXA8oeL2sFcW+J9JVTsw4YnR/KYSgMlpoIU/l44fD+FMmC80+MwVPSe6QJkyKD zXE9a/sP2WsAC2WEKiG71U38HDbRXzjyEVJcrTJAN/LSjIh/Ko3PFuuEvTu+2Rmk A+pOI2vbcEUlcS9qkQHuvSefxiIosSGR8HSWGr7BJMAnQ4/GYcPfJcib8vpN0l/n ID6LcyTTAUsPg8rYb7DeGuiwR43iW7wkReWc3HLO0p9N1UhYWQ9jy7Tf4L9NzK9B rZgAIPPrsoHuE22crg85aFU8JR1GHQyNJQnRirCCOOqS4B8t2ArY+bkuWrYj9JsT xbYzTYYWhA3pytxm10NRGmwD4MU+SEdVGs+yvTo0YN6BJhm/OaHHFpWywNICO3F8 NeO3+GBtaPXaxyZc1l7y6CJ1d7xGHnGkE3pQfkg4he8exYfyhdHpzxconSoOZ+XR ft4fqgk+tB6hyVGumlhyPz6ThWFMorxnJEgzIZR7iIuk4+ooiePjgTGjrtvp+rNb 98e09SqpIxqWdiU4yCOwfkOg7hEb1SuJVoNFVLKoRMIgf4vBKIM0DBAv7wUebO61 9JnhoQY20YMxSsVypdYeycF9TLIDreu+zufX6LNkZt+kq+oP7DyRodCB/4SIcRzv tzXxNPUjnE5kHv4dxDXieBiC2S8zbQO2vaQ8kjf4/MOGjpP7eYBA7vK59kELCq0X b5ooYbxS2aUF/FbyTSRCIeNsCWUKMBmps0pS+MA1rpZ0zFxVRqdgmlpoMQ7AkjqB DI9B7RDDrW6ORZXX0D36Tcm+/PbJxf4QFmq7/SAWKPsZlN7GEYOAlRhfOr+XHHBy 91jPA+XdUDgKXt+y5kUxEcFRu14yGiCCUIOU7vbWxHqvXdiBMrjulAgduWJlVqgI CkI9QEDt2NNV/ElKxUS/PCnqCSWBpfg8u955rLijFchVD6sum7w9+X37tblXKeLC rn88xK/Wbi4NxZwEdp9OWbpavugUAe8ynkwBgfYIWP5CVbX+gP6BshyN7Sv23TWd kVUjudyfoXXBx6paTL64IgokxXvYMHXTPHmRkPhZhcPjOvaAS6SYr9FiE7cbtFCZ yL1EcV03stmTO9x6mpJeWuoQs8mLllqzQFTwIKyLG/2gbOTI8Hjq3hWoVnSwDvxT xljQQQSqAGhLFhnGqnGHDqTUI0I31e7Yj1Nn4E3z43ft22Kq1+OSJ+g3LCHrqepZ N160YqujX1Kd6/5t8dtnKFNjUlCy9gzJ6cy74pVyfQl4edAmMa1s/vZ12VEECXeg hi+EmuMLquKZEVv+U0cNQxPfzm5x6LzWj7ibLkiWa8vDoa1//WGIWBcZX8v7HLN0 42cNimy9xklYmdXVZ34711KHEhwRLpYfcrwNOttlwKOtfThkw0cW4bSatAmtguPd SrpBwOpbTKI3am0yVsPCr0cgKmeMaNTZSEN5njDB84rsaLZ7aM23+s1UlJmyMQAi /CCD9Lrl7S09s383KZNpNKmEUr4VZ9IQYipiDzN4wOI907mC6DWEVRh1II+bZeBM cPQlrOrcfVqPqlNu8qiEyJUT/03Rb4xxAjH16EeeMcEIPs+BRujxEybRnBuPA9BO oZ3pmIuN/NEFMBMZz7/VKoCbd0zapuV4KIMFzaEn5HmnHbP/DU9lSQKZcr/e0MHG 7dnTM/zx2VxNk1f0b+yBjvZm15pV6FyjgGeldnl42Rq0uAzkYcs1gcKDmaEy9OVZ gNbu2k78DOtDhg58PRfBmX2luk951xf9F+PMe/K8KHSBqQQ+oD51kSUxuMPgQxA7 rMxjdy8G+mfk63cYrWKZcNrr3vQ9e9w0oLjZ2dCtKsw7jLCxjAc0TIycSvn+bmOS kv4vg1BgsU5xTUVEK+6AIRc/bzOA7JkqMW5tsTYaQJ3szW3nYrTRjWMOIEG3ghvb urJy/Jw0UBkozxP3zl0Neol8rrhAM6zFQXIE/nuOasAd6YF+TrFljIOIJIl4IgTV Gillmor, et al. Expires 27 January 2022 [Page 103] Internet-Draft Header Protection S/MIME July 2021 yTAQMeRXcFLYWRggFpdp3d/7a+M5d2p4lYbo58jydWPvqSF9/1PThswzHbDFT4fo iFZK8EDY3wWjN55vyXusuB+8vOXMBLvamfTfFb5XDjZLeXp4jjoyaDf5dI3m65+K xegr4fk0R0wvtdx4h1AtBb2C5myMLN3tUPQN6r9aEoc+U9ZiyFZinpaW8LGuqcyE MIP4qWglDlE+7GaQbuvQfSsxcQ+YbQI62OyIgczsp6X8zMqKzhB0MgE6k5XSlYw4 86IzcjlkdDYyDHNvQdmt+yfcqSrHsvBgkyD+ISr7zFrcW5WgCLuzi3WIlaRjgLfz IDNUjroPB8xE+3YguefHdSoPF/Ai+lUzFXpRj9AE14JkH0WM9pPKc+JPgqlda2US a6hLRd4+z4MF1HGbINbFWDmV2OiPDJrUzLcwaAHWu5QK+NyXlQWmYUB+iwOg7hyg /gG9mYNUpzqtJghdu74HZxigX5jGUKQLthULGqDA2EL0vR2KCOMm9gLxeJkOrxqN 8YvCSpYUkaDvtIJcwExkfGu7LhiTXl5vvHrF0RDnhK7Q8QT9yQo7Er8Aay5ySRVi ZFD9GhfQlix5cDox/YBNMyfSQm2T+O8WJdvVFWHF9mBX7ceUEg77EP65fjV+boY+ ir4XmTJlZ01QUX/RuepGrm0969L1kpgwhpXIecyu2u3RKL4JTv6jLGpK69GMqNrB Ol6zRufAgsUbFAzpvS7KeffSMQVeib6TthMSqiw5eTlUFj6stHMJzgnzu2tQphDb TUkogk/41XGI2q8oMczv/4AL78eRQVTPTCU9MQGe9jdNlqrnbh6mSIXAxA+MUdpf KzavSvbQWqnEEGQzsabx6nLQ5uPV+e5kDPs8IeEV83mi4Fg9v7YFrAtMf8nA30Vt eCHnZdgiQbaZQ6lt+hdiaJQ/+Edu9HM2v8aj1o0beiw8Zy++bGo3G32xazJVkFte 704GrOVWo5W0N0YGbzacvkI9ktZpwudcS7u5qp6HvATahMJpI0Pzujww+Y9j06JJ xudfTJ6BgJlak458LUz37PrzSPuT0l8VGA7WUWeTTXjpNQ6WEiEcVyVmyHKbeB2+ 5hIZKHnueZzqbtQjoBldChMeLRpYgA6RyrUxDJjRXrkPKdn0h5hgwyrYqdeQO9Wa 5pfE2mZ4BJbOFLPZv8SMTKEnbR6a9bP6Fxhir80T30HiPW6Gc6Yk+yUx0aPfiRcJ 3qFKBOVuwrjEP1QZqVopm0XnjGr6pSii0+qk3f35bykpl15n/wRH3lVpPW1jFAlo xKK9/9atIIy6+UejHD+tIgbVZD+FXcJKhtdf0by7WCOMnM7qaRrLqloEZlRVN8pD 283HqyRu+F05U+0bVL171kjRkPlb5FrtpqiRV3KswxP661pvIpVOGSh75izSb9fo YsdVCcSa/8jFS2VxugUa22efyOhAlCNQr+kwHTXztV3V5yMALNpnnUOd/t5IG6oI 5PUAWfhPFco9b1em9v/XfaHwKt4+/buRfjIXiJOf9v54FoO6FESNXcyAPS9Fmd1S lHSqrGKlD/lz5X7IbEq4tnZoBpkTMtbPnQrWUU+6HiHggjrh6goeLwKKp5IgtonX YmmGzyiLY34japtze8CfCyUZGtzkJqQIaYg2V7XF7aM068h1OVupmCYlkr3frM7Q HWssHhhcyVZ1q5pM2+5lEi6AZTblEVI/gwO6/0Efn47vwAwABCGKOR//MX877q7m Zcn1X1fxpT2V8hcEcgCOOmFWebIBdagvTDYu1QNBmGmKUTe9r1OTWhG2OEC8GgB7 WMrNGS1i6wYDU712ZnjvLfUT45wsDgPBkGToecIEcT6PN/kjj33IYQDQGxxrXAuf oZeYnioFc/7aRwh3tYjJNnNz7GpI/gVNwHJRwhufkVvJjlxqkE+sCGjgHaPo7n43 0ZzaA0OADyFmrLQeFDzeFElDUn/35LjU87CZSZxOisurHvzV4hpfQJtCuJh1FPBt hC6ITgbq2hZSjPtyZEd0gYTyMhw+mdDyk/a+fbgquB5UcZDg7Kj8Kh738m+WLxYn wNiMwMbeaLMw6tnDt2D6GI6+qCjlBGydFm28El30EfimhifK0qj0utVgbNvhzgJe XEJyXivslEzetRVvSRAy66COopqyDb/R/cKXJ2r7zgDmr1+Fq3OXB8ypw00km7gw 0Tih89GOnyTMvTOVOFF9xaL3WL9lSEi1LjJ4S9XgNxiv6nCe4r2NW38Ql8RbF2jr XtOjGt4nY2KSaCtN/FMElqUilj3VtTmRRBzrjB8T9NpnfHSLbIgW9xevNHUeCZwB fgkpW+CjkywygPuogLtdq6tuqb5gE0GT9KBDRMTIlQYgdICvBnwDxVnAQreJ3HPH VhpRkJ5Yav/37Yq9YF8RSM7XqPuZm+YgZElNMMTHBVKfE5cW50fFWaZLzZHjjS1L 75nd9FFceSjzhLMVC8sC7oWZqGdQBpcNg/BYBAn2Stf81ipSpz9WBoqQzNcO25Wb qyGxUQfDvto9TVrJe+/7bCFqZbwx6RKZDUAnfgC4hs//PKm8Ts3+suSkwzfEpxN7 0cESXR3yioZNbkubxRXWzemAJzGn1G+Dk7MjoYQ3h6Pgjv7FJ2MDnmTDoJlL0jLI zYNMz6izuerW2r5m3PXfkhffU7mlwn7Bo/6mbR6ztrsTOm6CbjdlkjjdSq4cMmX3 ZeUnehbRY/W4cGu9zMxJtNVGRTFAGV4zXGqjL8mTEHzA87OHf2BSJjOCM/V545U+ Td8ulTmmLG6hyNn3E+cL5Tinka/j92yxTzzUA2TU1uE= Gillmor, et al. Expires 27 January 2022 [Page 104] Internet-Draft Header Protection S/MIME July 2021 B.3.10. S/MIME encrypted and signed reply over a simple message, Wrapped Message with hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7605 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4616 bytes ⇩ (unwraps to) └┬╴message/rfc822 810 bytes └─╴text/plain 325 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <0e210732-9184-5855-9a95-2a635560d3a6@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 10:17:02 -0500 MIIV7AYJKoZIhvcNAQcDoIIV3TCCFdkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAIEzSE7YJfWjy0TMQGEfYcrcBw2uruGZw+/k QaHXEcEFdwDSaKvAzEFoNN0xMpZ090ybC5MHqteYMRpaax43TsCnes6XevL7o7FV gSMI6CCnmVlY2Dvj+oGPHkl/ZkFRPz+Hsrnvl65Fs19thjbtQ7LX9uKE8TBODLRF nCnuyDdHx7iDJGI6xepIvD4M3zaUwpNa3fFi8XOC7UH7br6+UGCRQCZl9nrAU1W/ VvfRt+6XSWXl71IU/0syMw4ghwS2tsLgZhIrDkFNlEokgVR8bDejaV9px7jH+d3m FJ0t4hBjsZAfnggaecXwoKUaPqlj6Xl0e9cLtqwr+26h1TmA8X0wggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEACUHcgXEC4pKuedLh3CB0QLAW HULF5htBXebTlJVES1voU9Smp5OkueBMptF18R2ojjM36C5d3xtdsBddVweJqNyA Hgp92O7qVoPyVXvp7BByoNRgZcrMx1pRoTREEjCX585MOXEBFUxRVRPohViZaOAM dgdWFB02fcOwGh+RtwBfE5Ege2zujhTpF/ie7XIbNOlWsZrTDGdQ63VaqvX3AS0m TPJyeqUkstDWSzOIrOlp1W/YjMcYNjDkygeNgppdV4SEUFYTNxz6rqql4E+a8LxX IogOTMh2ruDPamtoAEMfsMvz9XUjSN4TRWXORLkzQeaI0jcPVjr6AHLJFG6etzCC Er4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDyefElL8mhLfkZjajQLY7KAghKQ 4f1OU+eyhjobu3iIzeCooqq/a6JmdoGQbY6s656cODYMhlimkXQkRV1QEZiLkAOi aKPZy3zmuu00h5lnpduDqzFq16Clw8CY/99ep7I6vANjzmvh4pV0onCsR9GuYexq Gillmor, et al. Expires 27 January 2022 [Page 105] Internet-Draft Header Protection S/MIME July 2021 65nR8oy9dXdCFP6vkGBFXcrTqnbPQrZF9DSxpXiicROjS5ybp8clDbMJKB0x9LQE vHcxB5jaNGAsb+IVHZr3LjvO5V5T0/YsXn6aJXQAVU3bOO7iUjxgvGxQGSsShre7 F5qW99KiI2cc0c/wPtv4PyvgcVuLs/CFtvc9CfgbIAr/Vm4AupZUbaizLnpxSK3S PKY0l/8j0x8Eavv7LsO7R9WzZwS8zK5Zrx3aDRclXUMCXyQkel4nZvCOintGDoKo QuSs4Fy3M826VYkKfc7uaVo7j5lzoSeNUeD0q5hpmrTnJ/ce8C9T0FES75jc6P3r Q6yAakdLcsTL4XPc9Hi9stkX0pPrGYrK1HYaDBDBKZ92VdiEVGlX/41hltwX0f79 M/R1sbT4a2j9PsWKRI7Pva3L0nNGV0iajjBslyppdXLKNFBH02Vy4zoujcjj34Mr SsrmW5EkoxUZGzlX9NAYV8N5/f8faUCYnSbfHg/QIK9WBKggCTm7e8Gq2iGgzVmx Jpj85EkYXLDkS7tN4KhgJRp3ZYRFdRUutoq4SVNzNc3AhYDMVyBWcpDAIY/Y8ync ZsHpEFB1Ypau4/vtj14MCjlIfOtRDf3oH7Z0Gp6ecWGFwkZ+P8muIY95FEfOofeH gTzUi2M3NwbGVOSPpTMxZE5wesAvXaWVS2pN2KPmQLBXPVij7vqavbVd1e31d8JJ cRJwxdVYO3Tfe42TQRdKjYIxQmPrjRdx9d6TyyoZE00mGed11v6Z7lxWcvGZDl8k rMM30LF4IgQjCVr7EiAYIybviRYLNNKptCqLK/TvANtevYEhb9yTynwevu1nFW5e Uw3rihR3MJgCV7+zSvsjKHubdSpuu5adyMKfYpRyDQM94pKVEvEVxR8Ja51xyVB4 p8T3Y22rNWjlsBf0B7UAVqb/oDuN5oW2M8K53GVXEPUg+80dlR8r82Wq7ahSyae+ /jAZcaopN062hQvXXsIFj9vy/B2rdDu3hreUtFIjgLrCmKqmeXIvh7lcBL1hQ9Zm EI+F7fIJJSynDna7PLsU0tANrE6lmn9XkdL9EVCVZK5LMFp8LtuGo8EMZ/MxZ2LQ 99duo1um5gSBdZJYhrxb2rpmsVRrtLjzKCmywxOEBlyj3hYBNjFcdYhRd9RsMRgg QjoZME5ovHDRyBABUiwOtyGIFD9rt8xNqjzHWEizeAzfj+WbDfWDz9qrysvx4Myg scicK+yCWBwRvL2LbNb+uHhX879Ejj4zzkSlqDIuOTvGduojH+Ti6aZjEdnpfKGM xHRFRHBI4hmwuiwzqO6h6CpuX/2aew8wByIAaomyyGeTscBaJk0JumMxhSmeyImn T9DTF4dUXR9cGEs2qYquQcSSc2KNZpaRpVDNcTETNPLNh+vFUPJcv485g3e8EJIy VS99+e2lECdjkc+iHVMBTXdwSMEgrlYdIlfrPCy2nwsajp9+4lhL2aPk3yEqSs6x QHPO9cEKNuL7BG1Cpq9wkr0O7CVayEWY9W0k912ARy637pYpgeQ/w3eNhlGjSuRK pXZr7WWgT8MEuF0PJPOVWy2V49JmKjP4po+9/V+ewHievS/Z74/xozJnNhNqyYDp 56mGQ3FH5Q628WcPdk2V9h897AOsHVyFrjFHlObWeUuQqQVctYqT6QtW/rITmQwE 85DzWoYELv6ng+IjSswQEeKFm7UIbz6UBPe5IVYJaA6nAXV9Ir0ErT0A8QLN/Inw Buz4RnznGuXNgm7mONvWZrYnbwNKGsbO/LSmsKDmlCqDd/CRZLP2/r0mgNld6Iqy wuFfFo9Ml8WXUY3veMD4J9+i1sm08jMQfIqKgBOOczsBt0sPn2yE9mgcsDgudO95 jFz4g2E8RUSRJgj/av9nM1lSCYjnizkBezVvM/S/qJmGHOl8RbYSZlZBIJq+xkAv xGKG0oNKVzHe8VtMUwBbi5kOOx5oTrvJ/A3s36MrE0JlcBKV/jMMt2FyDE++PvFE 0X0zf1YsK5281jNBMBIA8GRbLb8+G/6q5RMf/epfy7c4oJRpDblPVhSMWXmgUNxc mLmCftewVJZvvtUu0WWcVWZ4s2GZOjtBFlqXcm8nBdY39drprA0pcrkL26XKWM7y F+6CqwCgsMabwViBtsY/BMVeO26UCfXJfytMGyCeuano9d3p12VHCLM49TQcWIpZ 6yRLmKEYoXxvtThZE7WndatiUmS646xpsLmtoHpAhN9V/AJVUB5DPHDkFr75fWp+ GYsKyEDDIq/4U6gYlFkzWuNF3if8PWwT8PbkiA+2XWrUs9N0Tw+ugD8LkeobRw5M gHcphVR6Zia3WvpXBe7u/rGgNqzRWHSDtT2UWKsJx32iPuQEVb7/KQNT6blBhFrK LUa6Xp1ZUtvdiJ09fNx9plaKquHQqjV00YTga++ZCrdLnEL0IxRMUbzf6tkF0fF+ gNnP7uaCt/1mXRyilDgb68oLxN8R/fCRTSVZibLhimWPRFXm0Qf8nznYR2+nOARW K4SfFLhhB7QqsLHuQ6WB8k4vwewhAuNM6EDR9wSyp5wJ4/NRtwm8b+Vf9aYXweQ7 8n+mGBpKQBwStOllzU+pDdorM+jmLeky2hPVkR59IvEiZmnDQXdzEWZAVEC9jbsa llb8FnL61OedbblBkjfeaXn+hD3iRbz44vyHa/l/4fi717XNCyWMEL4Op/hezWdt pGtexT+AoYw2uA9+qNkz7OxtqcSzcVkm3jWTJPJLrYslUUhI5HF8yH7NtbaySqPm ybxysODBGFXz7qf/o/rg2SNHfSIcfr/itP0ZpnuHiCtFwIBYFLoY2ceMYeKfvrKX 9Ble9lgex4BtKL/uPFQopYWNPKAchseKIJzptZpPW2T37kt1UYzEhzieQpC6IDCn qSZeq/Nd56iF/kw78PQMDCGLdulJDh/nu18LD62GhCWpZMEGdxDJvP+VdycMEIkb BHXKLKm5NNAygyw2Wj6kiAPR3+/ZJBMuRzBFSxI87Zt/iXoHM9PYvyDcgjC8wwEK z4jRNokSW2eSmgRp8ty0ZSWcgnnegymkRsYSYkIc7894qFP44PmypNB981mLje3c Gillmor, et al. Expires 27 January 2022 [Page 106] Internet-Draft Header Protection S/MIME July 2021 FsuvRcVny3r/KJ4XI14OqbkYWwD8rkHbXohiYQx8N5VUqlfQCMyPpaqYf247fW1p YJwOKXeOsJeiv5/uUiC6GzgunABnBhZS5uFVKoCtVITzzOKpqAEFFMr6fG1nOMzv Y9XwwT9fnM3XWB6RsXeHvSMKjQQXzOMxc23mtV0wse1Mg01UJVcLURy1jWoY815F DDNeBt5irzunTvX3eRCGz9oaJ6Dzl6er72YqmHFyKEGFyFjCpOxMI3LlwZhUCRM0 MrsbtGKchcht9fmh2QouxtQh8T9r0vLlVrHyJhWwargNxQG+25ZPyb7pmBR9Fs+B 5PFhN2O3nOr9LbPdrDXxvsGexOwAwf5kp0LdM/8g+cn5qqSNGcj2jDagZ5j2IPbJ 9S7HmRxx/D0v5RFnwrc+WVPR+z83bYwlN6Ug9KB1S1lwE9E5DEUb4MWbnh3RCi8k Uhh0ErIcBWByUooqZz1in408/ebhlpC2zYCOHqUP1AgVsycmvbZf68bHDZxJWPGz w4EJYYCAF9DGbvaF+pA3TWnt7jmf8qLliwGCgC7U2XjsL6aTClql8QseE2OvvBLE 11g4ZbXJXHs/rV9ZuKzzIE7MTQmZTY4923ROG/Bt9Bc/1AJ/a3e/mdYoZ+79TnQr /sLP2FiqVHAOtLY8SQXnVP/Tes/Jc6EAxemoCR7fT+959WcC+vaow6MTngjk6JBb YQUU5wNNFl/834tnvSLBI4IohjKbp/ZBqsctq6bg3pGb5MjfJgOxybX3G37CdccZ yxd3N0+3lXBWuEuUEzusUu1pqxK/TpVTcptV8IJJweiQjwYCESMsp0vHO44a5ruy WDiMaDOdgSiKgTl+4LiQsTTqVG1Hd3WB/16hUvIUeCmwbsDLZ7JZWy6b0PyQSqdi AH2GwmcRRU0Kiebx942EDTkSTDudSCd8fcE9B3zg7VkgNkTRyHALUW/4kEm2LayA Igg5Rkfe/t3w0wiDfiPkx6KZH//S5FpHgbFbPiXGLcKIozH0ocs5kT6L7vKc433K es5nwUksTlIiBdSP8fJjknUww179CqF5H3N00HUo3vN9Ghso3bvBvI0WOd84iuLk 7OX098rJyQR8HBBiUFG6ze6ZY8hd4EY87dFY2/01p24iuQkLpXgxIRPmm2Z49Wvo 2MlXLGIao+4D+sY3+E5RtOfjJ9oEUFZX1HJ5zjGB9poPJV2O/RSiRXpU4weIW2+t T4gvboMSMPZh4tccAsIMZxostc1LjBl3lrLzR62crJOdOc3vKHhDrd9RdR2QM9yp ufaOAwJm+Ubb5+liqVPo5bwyXOxJZ5Q5cyBQRhwwFUL0y+tWwPmyGR1ysoW+soFm w0NNGgn4qZFm3O0i7wkFJK1gZzo8t5d2XXx1yp063X6BYVLT+SGuTSNrfpk8MuWo 0Q+6lyZ6UjZ5XLuGvyKFOyraKr3ETdfMCA/bDmx2FI/rFDhziwWgtYJpSaoEptP+ I/+rZxfQEd1kzJ+SgvggUbpRXR6/UCHBcvjSnJNMyBRnjTU5j9FBfitay2L5ZOL8 79hudV2c/NO+qTc1yMir5zQyYLfN5oIHUIOJRRTs1/kSu5Uk3i+ByDvAXG9nJ+I4 t/zZ9FSvk4RatM+nHLbqQvA31qfv8yoz9quVhEAMZRMticGWmwvPkchjZQdtzwTo vCKBC7M12xITparw+kZuD5tD2d62xn8vTAgLhaFebflI5N5dF58XgwOkqMEoYq+l mYNorq/q659Ac97jyJ35UEGsS8tbkWCAHcj27WwkCcFnXMyfkRrDXasOyQWqZ8iQ mmZeVjJKrHNHAV5Xj8l+CI2BJlLwYyS/IwbK45UuIi1xcMAAx21J/HMk80Y8laDR qbqq5IPR2ndsYs2JYchBB06t4VXmcJSzK9Y9CFzK8OOOawFE3DpTjcl4ZCxodKSM MuTGLS2+ZYqM4buYp92HbeXBz+tjCaFp16wFiPm3yRpm969smGt8Hhc0wkSvJIOl LmFkXib4QXDx5ulHVDRH93B2tnq9kCG0Zs/AHaUkN5/TeFx2BIvMEJyQTNHfl2Sn kF0+ao3jREVMhAadVzFq5Yvr907MFID/t29EEyWkk7NU1zmOjTzOt02akO40Pnog Qibu6gHHGFY6Aje3zHdIBEXnIETJd1vda//GG5u1fdb7bgJzoY/sdORb/U6ZY2zA hlqJnifV7+0aT1aVDXD/F/FSd+B8sK96e1MC0oB7YJ517ZxdZ09WJ/fNJaXBU1PS 2065hVjG4S4XfYonkvE4Ig3OUntnwg6y4fx3ZUgUFo3XJtGhgyBIw6ZNrHrhyJHZ w89PxnGJpGTA6tDbJMUNSir6yvR9/uhgADhfVJszdhSFKKre4BdDwn7gEtd3X2dx TbkFAs3TzfummzNHO0Cl1v86RR8xx3jRGRqJLd5RtwoaNUoTMIR6oFNx+1KOG/lp ADjBJU3otm8hC7Vp5HdTtRk0mH36inha9dPTjFalx1OIUmj3V5icC2ZlLApdAuzD uAiYMqntZJGHawGLKOc9UspeMgmUiblo25gDMYsuG0stOfQZjQi9EQLQ2xyyj4Ha RIrSLm+guqcYPQJgRhAOEx1owEGqJqYoR4rmps7w/kAW7TrTrdXeXHLBbvavGtwo rt0mrTfHPhPmsYbQz/4T7Lsm2k60TjGbSm8tGgBRydJI5ly45U/FpNXVgykgXBMF P+hJLVMvKgHehLCoxn5sBE5Zzf8/PrgZ6c1iG/iBXgnbMW0+yKUQ8sVLvp92YpY7 hKplcj7RKJL3HBxzUeuUhFGfaiq7MgpKm18vgnFXJoc/NL5N4eKLzn3TD0q/Xhid 5lpZgm3+6c/mDgS4RUIqtHaALsVQhoMGdrK2Tr1bi2VoKIhEOng9UF2WxQJiDNhr VM99rYy6aX8H9bj70xYG+KtlO1fEjp0+S1OEfxeLCEi/DShQjPrEwumCW2dKz0Q1 7G2u+qo6Zcml9eJp5ZX4GPHrlImX4+ngp27/cNDQML/pHZrTbT+h2HZiDObED3if Lj/pAB43Snah9bg7XoUWOE5lNQoOq6uSG+bUFsuuprFeekcs850DtaryNWzpi+4/ Gillmor, et al. Expires 27 January 2022 [Page 107] Internet-Draft Header Protection S/MIME July 2021 5bScqoMawu64YqNq/1pSCXImEEab9nXtn6q4aPjhKHEAhWD73YR0nP3kV6XUn1yF B.3.11. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 7565 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 4592 bytes ⇩ (unwraps to) └─╴text/plain 337 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <0b3ea6dd-0e91-5a91-9bc0-3d553f892983@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 10:18:02 -0500 MIIVzAYJKoZIhvcNAQcDoIIVvTCCFbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAD2qfM1qd/wlIn5/weLGjTIvhLXq8DBtZlBx 74LEO41mLd1hgnRYsPIWC2PtjkC/seobOuZC+CV58bybhtZc98t+SPFhw/rCzvKD r+TYWJWJ5klGojWrmZJXuXFUA6GW1KvNQYQV2xkntNjeOe0dUY/UwXDXnV2hwOSz K0MpYY9/M847oDrGiWv4xDqLd7WrN+ztQiy+4b29oA4Hy40Ll/z9o3yNMYEeZ+ZU oICNWAvSHhIHuHztoEhhGI01wF7KFpygyjP34o5oC0MRFwyUPmqJEuj+/o265hfj zKAzd20Dh0lY5f4cKRak/Nq7j0YAVUMftIn6Z1AI3NBdqAuncSAwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAmcFRU9fU/PySxv4kLIQ1zBV4 nTTHsBv+t6RGYcEOmqToQCdNyyQie+HqTJh6M2/Cc1sbRuOVsrfhJc0RQqKG2VOa huevYf4E/x7+3Apl7zzg6rOUfi0rSCv8y5PYLaHe3AbZvJr/ilj5YKIj8+D6JnZe WxSSPZTDbmnN+oTtePW9v+hfq6OWomQ/VnUJTSQNUnkxTnhBK5MiOnwmIYBpOD5Z 29/dLzfgciF1gFtTdEjszQ05IkVB20IvP2hvyaciljfKmFXS3302jAuxLSPiAQIK UYw8JQCLz+TEGT7jr2XKXTQQo2yv3dRTB9Y4P0/MglX8fbzqWLyOY94hK8fWMzCC Ep4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBaBWCdD05Wk7rGu0j8AGnmAghJw LWbI6Q5pWF3Q3tMokfjJ+6dzF8HNZm7De0S6Hu3eU/9w7ooJDnRsWbdr6B5QI3b5 Gillmor, et al. Expires 27 January 2022 [Page 108] Internet-Draft Header Protection S/MIME July 2021 fsXYC3Vfjp4iYgwikm2xX4AXzt07T4YUl2V3yKNU5UKPhRLrbH6zb91+ghmZ3Nor yEWWu2QuHVTg4xsCaEG/+LX71k2wJTI6Lk4QDH15OyIN6KaivSZkqjNll6OgQTp4 /0YdExevb/K2WX7w34kdq1KFg0Vju2hGrnPMhgpvfuzkQirtFtZ6FmeUXWm13lX9 Guf6GeL6F4r6aZqH5gz1JUVh++3OC6bzPG0MdkSVo5hELTYRvfclnSLbyYcoE38a v9aMDlRv8v45Nd3eCxClG93Vh/EP8NOS02geATE0/mNk5f3jsZ9iFZOdRMZ+jVuB l00t/jCj9PiJaxLZ4+Vf9qB2CJ15PtbEp8CfhNi1mGU3Z8LJbPApUpRW/rzmTf0P JbGJzL0mU39zRnEoIRDAFAaqTj5pVgqWiYVJhKkfs7fHXd6hHM7MXqpQXtc4KrPC UJWjii4DhyEEeTscOx10QPrGqST5nNFbc6Hb8qFKc0/bIE//QGz9rGerH+cFxeKa sOkevWj7Gb6EhMu2aGJMmnqoh0pNj2bp/5vZ6paFmhn37B89nJJhLXqQeDcgglmA f7DzuAAN5CSw6KmiJocmaYe6RHZjCEZmILXHSRJoDoTEIIrQiV4NNGxah7Nw3gaw wwASkf+dhn6mKg+6y1mVIIPdgW/CjjLSUTvox7WeKdmlX4yjmJSASoCJM3NWGW3z BVDdY3nxkSQ6QcpaK1N57MpOmkP2EjbN3ch8vQuj+croYOmR72zD2mGNQ5iMzcl+ US5jIew4R49N1TavwubkQKXtxl6WnUgVGLeFm2d+J7zGWT6tw88k740Oce8UwVpu NBZduEjPtYnsyXIRxL5tYEPqUrSbrTbsK10WesjpTD9+i+fBqvf2Y832yXQeu97r 9JSQi1Q6Xtyvsmy2lM5ahdzwS8cz2WSxMmJgVyGKlFX7REPjktHf6dkDM+GZs+6w SBhDu4Lyf4yrtiwuNsoF1qn2rdhnGQAkjishzsOOIcoctx8ionRi2p+nLn963tfZ kYGcbbRaDs27nMBTFCncLpXFqq8Phfmb6fI8Amv4JzptPtqnwU/ygonOdkKoMrqf DUXXAJ7r/5otGqc/ABjuCOPe7TeAi4JZm0nnEnJM1SvvuJuPk2cJ18ippjYIF1lf zkOU3aaxJtQKofPszkX6eBEuKWlTo9rlh6M7NqmZ3j9Q82SA8K2W43q0ImgYnded h+5i3siTYTHrXwSdN07hKtPI7c2ZE9J4ASDtTmWNmrb2i4u9bxF3+IG1ze8lVZU2 Woj4mqsBYOEO27tKn5IWVGKrCgJ1maKOCEumEi+iICajyyYOXzl5mXu6Z6+84uDn RxMCOxu/mualrIjt35zaUVuvkhMMJnkRijEcdbHk+ICM9x0DLnRQruuY9Kxwjgui c8YACZcQf0SSMyQZTbMfJjVXvplXUA0TqF5dCX4TorUEiWy7pclCmBvvAkOADjug htFRym605C5HtjmVQonQWL5c5e5z4+cDOISgdkaEvVCqg0pu+MSvMLhjiqoQx7dZ Mov5sdbk344oo/G0mokjLT3u52mhM00SighMtW+ABfzwBE16DP1I9sC9Ge999HsU EU7hw6vEOIzM5O8hsKTAceB6wpXX0ch1um/emFkjglVnxgHGxYegMezigQwkgaNV UwuqPnnrFIce4xu7QZ7pcAcpcWVLUZhEtCK1vh8QPUBcdA7CSrcGWdXuzEZ5V0Xt LpF2augMYQ+a9XFQjm2Lx0UZErfesN3plZ+1ci/ltQgVNuZCPABIFNEdZpEKtOfR czO5y++dgqlPVOAdAP3bhY4cFSFfyoeOTtJo4Ev1kph7Cgp9s1zR2QEUrwah1zMa 4zyeqnwomcZtbJfFysNTlIOT8FeRrynOImEZaj5HoCRvicEBUB2Y0X6uFcFlyydv 1pEEIBfoI2opc5Zczm4x7sr+MUAaGbvVBRoXTn8L0r46JILp7hVYlXt+DeoR3BEt sKKSE+q3uuGbWCmhAxeoYZEZwt9VGFv5DPJyhugkn62dA6P6AXPHYf+NbIQIh0oM HFRx+3xZwluTmCq4+MFlLFekGuYenQnBEySm7ps3aLRBxjdKTuG59Z7nu1KIeLjg nyVhQfyDgyheDLdf4EWpb+moqjmfKnW1k83KSMLR7v8EQyWYBO1jSCCoOTeEFez1 Z0E2ALHfEWKMFt8fGHd7VQoJlwoIoixNj5jYlm8xGBDvNbFDBCa/4e2CaAIj/AZp lhRBXc6JJibLqOihgoxc5fMNTE2klv3qWa47QmbYnkQ1VV5C/u3mwBBlnFHSVHu5 s1MduNiVpN6Z6/Cex5nloPZK/7TqixnA6/058Ckrqf6nLZUGIT5gFo9RRYyGqbNU ptIeBZqRpOxLoFanC2KSOFnJFhDAd4XVzaoXTEvyCjj9miTbccY9xh08ldAlWcZh 0RItsVcqKhkVD25FH9kViSKjct1V2b1fqBAEcuqwytnB4gp2aUNCRmvu6RDPBpy/ yNAM6d9dgDCyW55KNpv2aUoJmSxEGLuZhSMJjbiZ/B43ipxJHwpMmP1Vj8y6UX6r bzpaSRXhPv6RCdohH0Z6dY8rpO2PEufTa+4YNYcv5ehCY0AVcVSGGy4PgSiS+M9t HezSWjMkqB/Oa3a7rEKo0Em/n9Y2L+h3npXY5BPACo590diiPdbOajojdP8s9DbH kGepW9TxYpBKKSODBZJF7Gv/yUf1xJ23g+eZjnRgOBaNTRImSe484pSgmSCbOg8N dW4Odnk4zyoZg61obVAQShRtmBU2slIx6Yl9zrVJUIxo77d1dkybPob6mtgAauxZ RDKT9uaaC03fm4GEJ9HEWfKwK2m4lt8EiHLrjz5Qar/XUW7JajxsJG9+d6pMZtak TKevdDYv+3Sr7+TSDUEYtYgPbxBdPtT8yXZa0vruA5BA9yazmxIfbK3HhKe9XFVW CEpR1kHad3g8t+xQFEvdKJEEfwrWd31KuqXCmPJqPEyT8uZ51NLG4xqb2oTM14v1 DcoREgm8ZFVpsvuwylItnwH6jluWV9yzetCoL4AbH/M8os92mzgl9OCygBl4PV1T Gillmor, et al. Expires 27 January 2022 [Page 109] Internet-Draft Header Protection S/MIME July 2021 t1UGyDidOpv1Pa4tWvvzJQioGf49mPeatlpFv14W+Iqqw1cKsDVbmq1MusOXgafm qZ9nNYAnxLU07FfeN09ljVyAEYMTW0BglxWU2Vo65GoZURH8mu5OHau5gD8FPOqJ yl3kUiZ8PKoQp+TCYfWs4IyEDXCo4+wKJ0TPVOhH8mBeAZBQsfmYEXtZhBGSlWxB OMu9DJMuEXMSlUWFH0NEajhn1bdU1KD3KUvLXx6lH35NoL6c8ER8AwHTB51wPWsp hMiG6T1bhXc8mSrz5Z9ftBXe+5NIN+eChmxUZpYTbv6wvUQJ5aq8iO2CTjBa5948 RhXCrENgzF2sa2tRVQjWOeMzU5G5NGo+v16bIZIzXv9GsWJdhQfiwJ8PEjdNGEnF gFb/zSPJbno41vgKhA5vp4r3T9IGR8wqID6Q4Tf6MnP6MkEPwwzqH6lp1tEhNElV 2W7lpbkL1n63ciSw+2frJ86QiDDeKMU5OFpWR+pt/6dGuHTSCOG6lKIlJRzDLRpg Wg4hOEJOFID+9RU6DBZiNpW1FIt5VZ2ZHYjrqSYEy8z+tenmX/yg42YFxI+1UL63 PAeyXDuNQ+D2OSrs5WqPz+ac9SGqA1NicNMDnLrm+82OG/4z/1xcTUlTI1ewQRCD VvXiTNxll1PvW+/wdD5YGcRz/yjBSTqV+Xb1ALKPTk/qrLpHFerTxWw1BITpNEA2 kKM3lYBpYZQK+ubTQexACbQeeE7129OG5r9rUEtcTEeh1vzg1hiYrWoGzFOPXUET G+ru146zMsDoJSALJuJjgZrEQX/BMumYdFHwPVxAXy7d0lzchXUTUlbzTOMteAUs Hn6hpaELCpuWYhKPQ30aN/Q2zWpat7jz1w6rm+NPTHbnw1loE0zJclaw9huFUCQZ If/DRPbKz9JTOdfZiz1ZqCxDXilpfYXHgFMWa6OMpcMYQ/yDOggqD7/z2fvwUdOU NlDv2HxpoZKuBV6bF664gJ3qdHmHEteecKXjKbuzUbTrQLE/dsZIsgvZyW/sMiZy ErLCFA+pcGIeO6za9DFYVQheIpv6/y+gJgc/H8NPJXZVREbfbRqnhqkMGmnw65FB lDRstzU1AYvq65aeLXkDaT/9wydtN57ebZWD7zbum6OrgEjdBtJWd3NuiUQf/pqY dbKBfBifI8r8oUWomyJV3l7HOxXLZO7bwXt6sykngeZhnW6gULF0J2VqRShN62iL ycHtr7ug33fo+EGHE/FTia3Wg9SUJXgssrcxB++igW1Ou96AHA/Ub4IQZM9plIpE BH4a07A0ia2DxYbpWCpeWZWuKmBa5jEF8VIyVy3baic8L2cWmMPjPZ9+DyQpsemj RTutRPZUUI5pNUPiGvAby+c/s4zLFtKFFzk0/mE5MhFhwws69llz1BOA/L3QRNX9 py9AlucjDPOjFrJ4zmvDzdogkwkXGVSF4ELZgh6Jpe4ZKNqkI0Xrv79GOngnHm2Y a1srIFshEQj8TxXc3GT4W7HrzrbCjT8NLGE2YVq8xva6iOAX6DcpPLb0DH3fUcJh IYBE0Wxlr6ZSU4DaahCfEuNvKBtLv3oE8izP+SBDvo62etQXWS7ku4kQi3z9Xhlp 1qjLh1ePnZXdO60RlgrpvfwbmT6sFWrnRrOpeCkjU4YgMRJWwzyhWDJK9VVvYpFv axcyjGzBgkmdh3+EV8ha+Owy6OCY95+9tZmv5c3jdBHrs8ErFh1AsYDfVWCeN9rW T3PcOGahl3AKqRWT1g4yPxIJSGCwxLR1238YLcd05LigKh6VDV10X1AgiON5fyP4 5o34WccEbM4qvroR+sEBvlFJkA7k3965R1K1exSFkVqyaZbn5P5EgvY4MMgtCxez KvYoCaS26llcK8ofGVy/UTyV8B1N6ViBX5NPcKycjVNrnSroPIDZtXjwRHjZiPud iboVmbLDgLA3m5hoUUGeLi1jbTkH+OUVga+0rQy1QSNHX/MGTP4zV4Gcj5NU76CQ 0XWwelntePs9LTNJCJfYKyLPcelDAJ31JOia3Lqg4GtYEJbp4pq3rwdp8vF3etkb 8QHUBcwfEPe3kyK1VYRPwfwq4tpmLrfWtvofx/mZ33TAoMa3e1p9SXHI+Ndb+Sob KL8Fyp43miL9wUFYKnv0Vo67do3cCXYOA6F/wbJw4V+oLdBS2amMQnMwpra94Scf L+B1nmzQsGVpl5nieCQE935uFDxfxGUatNbKbsqkX1ZOIORPplfX+TJrAfShBsSj E22uxGfq0Bj2W/3tdFVKnkxzCuNtKECq1xQSuTaWkAHW5apFfpVBpWxzGO5eoiE8 CadNkpr8YFGswCrirpoYqPgGHE68I96yIHal7H+ufo1XK7QH9ZtVSL7CEirYG0Xi ZhGhDlQwMBDAhI/57sF2xfGgv8UEm7l7/94isN0XPkSqEmmbjcBpGhRBvRmWggnX 7DHoQj0viTY2Cj8B4f8ATvdCEuPY+JpCU3xWVdSTJSOXq9NH/isNzxWWxx2aCS2z T/K9ol67FcXMJN8tH3TCs0VmXkYwID94DrPknaUXMPqr8fiTedByso764tCoK/bZ FcDRnUbdpn8UCN8koJF4UMp6mHOwWxIg4ekX+V+REudBAWOXF9pRdury8xbVFb6A t+RvY9aZhTTr7sFFDHOSlhOnRndzfOVj5u0iiKmdmk4NDMf/gIMq1kQ6m2/vjAEu 2H1p8DJ6XNsLCIZ4nwdqU5326tFOaeylTAcwSXox4M/23zzEHW20+DCSXn+GAd3v U0iN+AKsss6pGPFxzwwBzaWBIpCdXmzV1w3JOoLiHQOx2IHkGXXEeaNPDBOa2PoY G/vQRsJCv3vgeYHuq+oKiOORye1rLkFakmuSZjgG2Wo05B5tapxMHoW4plyNDDPJ 0cezb1xnqbDkceXcHa+nTeCouRCqd/P6YVz5ocD4BIdSwrda5GX+6U0bl/e+IDoP pHWKijdsU3DAM+uCJrE9EwZHDrkW2qL/Spp9AhtbdMsugaIqVuuTQyCWhoK+wpz7 wjCdyk1XEMoCfQ8PAS1RyaSUz7fYAsIk9P+FZ6qwyvM9zhmvFQcNoj3E5ObIq18H Gillmor, et al. Expires 27 January 2022 [Page 110] Internet-Draft Header Protection S/MIME July 2021 GezlvPOeoDwieqKamAHWkEwefrUb6X4IK9w8dBJrYQgCjnwPq9G0dWu+MbbP8xwE w7LgVMRJKMMDllquSaKDrQ== B.3.12. S/MIME encrypted and signed reply over a simple message, Injected Headers with hcp_strong (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 8150 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 5022 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1075 bytes ├─╴text/plain 56 bytes └─╴text/plain 373 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 10:19:02 -0500 MIIXfAYJKoZIhvcNAQcDoIIXbTCCF2kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAGqHqgj1xSnDA+I9w1gM5jscfj+VbIfCbhnx X0JP91o2lvOWKQP/faiuh+g/m0aWux3LmKbFTmeqI1GthooqMKdrsneFFPkq2YVr t/bKwwt9r/BHWX7YmC4IaUEt58wY5EpJjyNgxTS6W5rYW0L7Or1u4VavRwDQy6UB Z3PwtibHKXAWPRt0GdED9tUfwJodE2NUhpsww0GfbObN19UazD99Tb6l5ez64avb v6qp2I3T9K2777AyeI5mTPWLosR2e20ph8VVAaElK7eqoj6fNWUl9oCHEKZ2ugnu V4cMPsaqOAJFHnqFjoBCVtzMwKQUlSQdPD/G3M9QxD1eZyUA360wggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAe+PncR8a8M2yRVIrPvFoFBJ/ sjeT8XqP0JrDGQJAlltXX4VP4yv5f8QnxVyI4GPbmDE18nGDWewzgOcssAWZfuyP 28Mwa8EFDstckvkFea4MvtoVbIZ1fj6zztvZeb0d/cMz9IWpM4qfaMrF9Ejk4jfE AkagViFvjJ6168alDlLbJfAjFUAm3Kg9QMM3GVQrXlLxlhoOAANP+MzTZBk4a0/r Gillmor, et al. Expires 27 January 2022 [Page 111] Internet-Draft Header Protection S/MIME July 2021 LS0jU0v6KIq8T5bXj1pwGW/64+koLYA1ilvbMbN+G/1KucNgyYOc3++6LI50BzYX woOnmcNJtX32+f0kz33Zlbo1FNI+FGISzxYk3+ENNJbzOApIgRK8N/n6ky95fjCC FE4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEF8YHUGL0G/9JbgGJzcUb7iAghQg j91e8wyDIuHSPaIhkChDZUXsZphbmazatN+8ebg9nq7kB2HpmK4PyfOvv/kXpOdv lMsP8vVjcQBneqza/wHl6Zj2HxqH0ou5sCSuiyfW55y8pquGuqLf77fb+htPIjmE +Cw+vCEUw/Y3ekJO3kTSBPoZIb7EWEJXM2LHQ2AW5eE2NhAi7XZVWfMKbSwsRx3d LW28ErQcGCDYoF9CTGyGQ7dFn9snr/mi5lJk4nrEXr8wVJpqgfxvcZqhWEAndv2t 9okudg/3f/kzY8A4yFfoapBF1SCT+ktTpWo9qSQ3gG1j/uPNhKIip2sCWBcwuyJX MRv0DBTxObkpv1rgbLB8Rw/8TDRfPdrk/dttoRdqol/t/e/+Bx1KPMGRH86sPPLK 2csc2fiEGUT4aOALq09mp1ayzHXHBqH6izqKGrR4LvTMEAMgnzbvhBSJVtS35Nu6 LeJAgytmK3AI8NUzlPa9Wbxn1urGdP0vqisb7YcZ3hfZvifPiVgPgIcODL/6Uei9 fL7yxqC5FR1DLzJh8KrZ6512xKNLWAH1A/RrY3KIPQUvZ2L1BtzVm1xvvju0m5oj 1pjWVs1OnfZbft/VCbhyxbpILmOW/XK3lhzRd7s6anzb1nioBPsFw5ToiXEKkbT6 Pj3Yk+mWPGZbl6Q0pB+o9lgWtcNHr3fc4RIQfjM6H+WqV5VwozCA1CssSL07yYOi jQArheZZjo0AsMlr5zOfPQTM/BlQIc9oFtFVs3Yes1pHGeX3c7xiQJ2aSNb2YtNk 89toDxtEJpzwctlfbaWltjghW/fTBvXj/pDkSO3i2rI/XxuPror1BS5OO/4tB+BC qj4Rvf4ZGYerXQuZtNiiv+xwvQ1wQOqVnEbzAx9d+gfh8xNzk7xoAuNUJL9JNyJS OnmM0pTPnHyRGFPFE49rE4rpRqWko1t5NHy/T67FZj0rGhssJR/y8RZf0Esqg1Mw zHn0qVaCy1ZQimCM87D2+mvZMaD4VOYRanCWNYVOV6NLsjPxG84UCfuPSdNH6SZr ZXSy5M8KJgd2IkgxBVwCy//G4mBsgFnQUs2E0n5bh9HnQEQAB+ttVLElGtRitmrF UiuJwzCVat0Lp8yQLk/FlLz13pqZSpABLdxKngIfBR7tTUd341/rcLadnF6u7gZA cl7ymFwoQT8pRg5yPHqFHoCxgreM6nXEr9Eh/ScaYKB5gKsPTdCGFKDOiJG2bxO9 Y1RB/EvydEyoCQTLD3qdgFTqEoBqH8Z4u/jsxakqg2+qypO89Jo6QNhrZK8amuZ7 q0L+ltxcZRefx45cyYrzqTodXk8Gk4UxjD1qvj4nfK1l8JZY8cgEEkKEgCbrsyO4 mLnmMxvNT11PWqdMhXeQ9KyoDQEYb1Kkkr8VFu9PCsw4XvwP0u/DvvASM8XDawr/ krQtixD6aXo0ps13JPuzzXy21fJ1qwOnSBnJ3bIrllaeferjBFwmbaxzESi4UtK2 p0XwQpLKBh7LS+7KToClbvgzoqZO2mN+nTqn+mR+G2PXnW6KBFPsYaupBQoNoJAC JwokhlrcdMZXy0C+YNNdmj8lgz3J/qNH7BFAhGYNaqMi9EODs4wBKxt4+WKuC1az 7lqbFMOy5eofcSl5txCZZyYjQp7aU5QE+2GkY867RtUqqJ6IrxEtt3BBKVZtBwWj DeNAeX/UENoDi8bAxuQyggjGsM/ozgfq94q0i4wKThvGR2N7lfKs7dlF2Vk9zuWd G9m9MKXmZBk040HRtYDJlvXt7iuHpp/vvqlx4OoMf6QbG1nI3UT48PUHqHgNxbxW NHPvNqQGW5ay44ZIbDmpTIAp3e9uUWGqS7F0bfAQJ/IEDnoizEFCL94MB00KCeAO DBiKlneEHjY4EnsaKB9XwEjdEumhfveVgwpX9wn3PR9BDKZpWXIxc81I4C1B55QZ zfKr0fGcvDRDVLIqFcI5/E2/D0+maSJdtvI3mHv0quU3wT863lDkKruz42ym/h6Y M0d9qr9+MHllxedB+l+Qo1LMmkNg8XtVBYmqtyOEA3eu20AqqX2a81YZj2S6qqW7 fCwiLuSLNvrRxCrTOVkrgVRrKYynK7gFPZFRNaOMQLa3fv0mxiR59bVYSA7qh9OY h7swt89nizA+IDKdaUpkN9zfhxo9IvkexukoaxbqHY+sYmy+ULLg9ZuJ9ZdiJpu6 waBgNKC/ELPvV1V/MwU6u08X+L+LZKnLRc1Ct/EOJlevDVm/MaHEcerKIUmkxUWP UDkQoUjjrIznQIODRYllw6E2pKK008gCglnm7er7VjE/yjEPzOdBuFAoRqatVsLL pCXATV+wySNzFgpxJWxHcGwRSs+JkWnw2rdbLQJOxrZr4v2rrNztx1BfA8WtGWmb vGXqztE2LV2mob/aK5Nb14ZzcySbt/rqqzJo2bGPU7TU++WxlOOPMVjjpURS6Do1 HeTkgb7JYS65kCYDnr0hJMGdWJCEjqh1lSxOtc3q7R2tWbQokcU02rcFHFabA+4y Xc6rDQykW5xeB4XVJ0fO1QQ0L+k5WIj/9ZIifmO3kILrA7d++x39Ewnn/SrQ32Ex lbsOIp4AMpyyUx34iNjsQXLUq70ixvWvs0R+B7gVdwa3w8KLgZUYkk6pR7pg06y3 +R8CzTlKktxNSonU3AazQ4V1TWVcyMxZZTG5+MicEpSF1MUEvDmjuoZHfWv9HgYA K7G6hjQ8Q8y6+fY3rQiDDhAAGmLI9FDvoMDCQ1g3zHJuysZlXcOu4x8sCPTpz4O3 GvtM5PIIB8K2NDeXucYc7jilElUX72sAYixlyoGWmCB+fM1yIgnKXITLRRcGnzr5 eB3Qjjb/2H/tIOdKysOg1u6Ki3ZwaHQZdLRwRxmQ/BUGxpX54WYAbL7Dv8CioRNy Gillmor, et al. Expires 27 January 2022 [Page 112] Internet-Draft Header Protection S/MIME July 2021 wBrzuxldQaTqWsMyOsxpgPSIlzoJRRRrI8WLp2iK5PbKjaEXhdUXOD0zqbXV7KvJ EO/9efDUSocGHT4mfTNZHRCxT6AE+rNZ+vPoO6nUpfV0ZIrVEUm0Vi3TTLAvPAR2 +loTHLSZQJzay4LknzauN0IsD2Gkr5YOYBP1mb8nqHGrZt+9wA5SPfPpBb0tqSzq aRIBl5t+Nh3aTznqurQUXoJJlA9F6nXZQoFRwtMhgXqe1c2j9QrD/6r26+wPW2ZS 3VFH2ZDYLJP0t+wudEz0hdlqTgHqZrJal2tnqdE/Egh2Q81qDE6UiOEBsVa8cx69 gWz4lfJ9ptmUGuxOjN/Wx/lo/V4apwrZlJarxhkg1DB5/s5rZXHgWen68HTg9nIa cc4N7qBN0twqdDpWPebdEMuEms7KqnR/uW5uBTp5DpDRxTyu++71K76HhUaCB9J3 98uyxSYBZdAl+7aDiKQn+HjJ4R2EaxBNtPiAwYkej24SasQ6sp51IcB+OeXyeIMn +EzweYVGn74tHQ0R5ZqBroPKpUYEVz536UCFHb5//9vvy14C1sMoaaqKn0TCZ55R zocRoFruFTkwRoEaNnfnB7g/CHrfvm+NIsbcYqIrmyM+FQsRv1SmJcjVxhrB/z9s 6I6UwJVQNHXs/T05Z9yepEhY4UJDAS19NKDZoH6NTFD13O7PhbW48uf/9wVCH734 PeVT8swKZjBEfY0hVJ0I5Xh0TchKyUaMZzemCpf4U6/QE6poSggivtD7AF2uwwHN 4SlXi5cKjwZhk44GEIVRHkjam9OC611yNOJC3DRQrix5ibeXjdVHRYJOk4jCXJba hGxhJp21ZLPktke8lVR8BNSs7fJN6P0OahAuWaGxd/EfL6exWfTv+rm4nyDuCDBU FxbF2HcgR3b6AStXGhUKY+nNL93roNcpxU8sTRlJDHuuFUmp4jrGVKMs8mSvUyWJ BgL9PcNjfV155M+5ggj/VyipUv5feFKGiPa4wYq4zTWBMg3ysl3v4i9f3f2bxBMs VwM21BgajuV2ilXi5lbNbLNgLDSeTH+VKEOWs230GfE4dsL+/06qsmVQMVowMtRN xgHtzbcKOZcqKgZUe/lb82s4ZmY+EuKF+Uj2lXeGdFO/SeJ2X6A8thdFMnnUpkrS eJDZ0xo5B1abVVPldqGPK6d5bC6V8NovF02t24Y09T8FFE4PPdup/yKeZXCa5g8s VgztjBNQkrl5K81YBd6gMDMvMdzAfKnbHdzCmF4BvEiES6wpjE2jf7pTlFkrCEew uva6sKsdcH/zPshz/BJCSYyNK9r0oy4moHWVrKLvOO9kTc9L+CYXG5TCmHRM1Ad6 Itbv9249SBepyBJX9Usyf2NNaXvUtWIpZ1PmDH/ctWPqpVYnX9heLtaoDLmJB5aG H4QROqKT/EIvaW23xzZsNr+Fa6lgaItjW1z5U4VLW3T19LX8uKpuNefu1fXKLaxY nOSsFmsYh+dkJcyfb18W0bhXWPreC2ALI3yOcL5RH0Ix99fu9ivLQtkmUrGcL16c 9sCqNZJjUbAENUYeGJYLVHnhEGgzHmYsHvp3LcbgBnzdTyPXanAek7Rl8VhIo0vl a52LAE0Ld59Cz4Ta1wGDbQezt3wvwJSngKOmJYbraSn7YfmLviPbemeKo3/G2Yt5 DVzqQBfelLUTdDIm4VGIrUv/UOwONBtlgnzaUOMXJdEE8+Ky95RKeajkPU2ipkSh rv3rAdyNx+Hv+kt3PQEkScMhvLSrsbqiyx7nJyjewXzzyNZvu/4glNWZUGQfXzV2 8+2Ce/zx77vugH8/UulNZntk4CP205P1KNPjQn6Nuw5OqerOOKWx/EIFEUmGmVA/ Bf46FMejHnrPsEdFJu9eVGwpwF0ut+CaekLCPUhBOBTSCI3n+4f8G8ESTN2KJDQB 41u+LFN4vhJCq6m85SRcX+tc31GF9jYDXCcrvPFpU06FxKmmKv5rLISPVH9nfzyS L3ZhsgUz5TURM2H8OaL5+mYpSpNJvIFajeqNAmWiXsUbZgMSes24ZEgvSjGc4SGd IlGCxAQDHbfFfoB6hhb1C9I/Xj36DqNRvqrW8zI+KprW0vDcq6r30/imHn4OE8W5 jUA/dPpVFRRvMdSkeQfx81FlbNDOThSpNQkrhCEWwp47U6LXzGs7d/WJu8LoxuGh jQntq+bhctOqdnolTHSDp6wp6siguul0zobH3O8zP8KQ+y9CMJSKumgNATgvWUtY 2nDEPTUh5Tjp2MZ9IxVFH+ogsa1A2XRG2iSIKwSrSLzfzgVSTqO5SUATGJYs4qSk Kfaz8+i749PZTDtviMTQi1t6QnNH5vHezV5CBz4w3aE1CSDVQJPm3DreSNEXjnzV Vy82bjcSw4LCA8bl05swwHmCysoqX/nluv+remcFOPfTEw/gciH5kjBhDhtEV4pz DKf4+Sr4OJ6Z1Qnfle3lL8xNCFScL4G7mu/dQnWLklhnlpmBG35elwvIPK+ZLU99 MPsRMedK62OIkxIE9WzG5Hq2xMP//v67FT/wZuJ2qnXV59u5NlJNc0iWbo8yGy6z ZQa3f7SIXoCQAgGbv16T+Hk1YsDFapC5HKLzAAKaWsd3ytmIoecsChRaOsKLla5h GehI5HUD67UHjiBqarFwkZ80V4auIFzR6Lt9F+pb/HXyUKsGL33WwkES6TKOnxP+ 8hYBdWGWBZtC9tHkfvrdb2bQi8RNvnzez1zX8V8fCizEgAziDXaf2hWbipC4+xep hVf5mMD8KPaME9uD+Rb5Z+AlP+U7ka/d3wKh/DwDPn/4djy94SLJ1TxE4lpUaBm6 5EIIvnz5LoXEHizghqOIP74y/0FUggCWKEAMzCtLa/eBK3M68r9OFoznUy2QQeYc i5Jx+vaP6J5GYffGNPXgL17777goCMNdN3UvWjf5ukDEhE6Q5v130nzlqG/3aKDS WSi/MrnZjvhtn3XZix7pb267F4hdBp4HZDG7yLZYRd+O7BoDArqciXlQg6gaI1wA 2KlImv39QHhJF5aaNUaSYw9vMql0aKKG9OPCCvE/uSLGSbUNT7mf/fRMPznkatlC Gillmor, et al. Expires 27 January 2022 [Page 113] Internet-Draft Header Protection S/MIME July 2021 v8UhNIzE3T6bIIlr45gNQdvMZsAgQ+yg/hPFpkteawKdqhZL9cvyyXcr5/f24UE3 USxH7XiIobz76C93oK4gdEjBihN5uglkedwukwqt1/WAGiHBDpM+kbXuKNx/t4R3 tIMfrLdev5ssBTnBDuh8134RfxFHGHEOutrOd+ECZAIy4yPilypr44SfmKKjECUQ bCu/Jr6NkD+89ZjMo9hssAD9If6Ctu4ryx/jO2lZkUzzlDSs5WhwhIhTC4G2wzFj p3YYRT1xvaDdkCwAD1gzInssQvTUDEkzHeWpCYSu2rZJHS4ccCiGGA9xhLceD7+h 4X4epNtb24KysAfBXYIY6HDKnVJ4FEApm53BcLbMGiuM430VfyeMLsTw9qSOFuyh KBXW42iEw0ubD12cIKq3CuuTTYSQj+lIDxgNddD8T+WmPRWP+Oi7dLqGoJXRZyaT RL0lj92WZ2h+/3P60RwV1+D4zc1x4ptNRG/KV5UVI9rjq801dLEZjayHDm4/Wnse raZJV5bFsui/N+MyODq9WTDlHF5GgxAa8Lyc+muDOPOQffIccX+YfaL0aBueXemV TrVyq9wE+EXFj9V67c/9iGMVqhjT1Fvq0kCP7ROlPBnJIwO2SzMWKjQLpE0rLZ5g nmb6Ii3qM79NNCZHAPMkbdvRGkCfURrR+s/Yi0GXRcF0oT2h8eIwTR9xTFgDFtcT lQgVNoS2UcJYJ5k/+q+WQRtRkX39ATSR0HuO2Xfi76p/TnLOqzIKVeesB1BIs4Fo DYoG3nvcSItb/G3wLrkryWtRbktpBaEHIDtYrWtITkM2sx6qjQuBmk9NdRQtIfch u6MSTmNwqpKIj0rSJ4h/IV5pC9FGxrvF0bVqMU0+CzXHOjjfa+XQWPEZAT1ijOQA x8UuwNnS1G6MeJGd5oXIzA== B.3.13. S/MIME encrypted and signed over a complex message, Wrapped Message with hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9450 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 5982 bytes ⇩ (unwraps to) └┬╴message/rfc822 1805 bytes └┬╴multipart/mixed 1741 bytes ├┬╴multipart/alternative 1118 bytes │├─╴text/plain 375 bytes │└─╴text/html 459 bytes └─╴image/png inline 232 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Gillmor, et al. Expires 27 January 2022 [Page 114] Internet-Draft Header Protection S/MIME July 2021 Date: Sat, 20 Feb 2021 12:08:02 -0500 MIIbPAYJKoZIhvcNAQcDoIIbLTCCGykCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAFXRckr86ZKdjwWngyWuYzh2C83A2vwhjy3X CIP40KUvi3zDTIC3bHcS4J2+dfZughLHJ4zAUpLaV9aE/mXRFOR4R7+KFsqgFMq/ AdZYFzPSolrBVrX4mJ/S33n9o4C8liWpYKOHTuCuaIQoncwJnxMjC3MNkTz3IQu7 bA+8YQsXHKfxgYx/fDqE+M0vQ3WXdN3hNqFV1/vvn9XBcJ4vEqJUWbh20jrq6SWH LA4Rf0ehkqkTO2eLfW816sEgRDjbmz9YnwPZI+9v9lTA54DOUHqGRCc4bF22Oauv cSMSlXYqYc5t7GG+m4FJr0ojYP2mfqO2fqD5MAWREKiXps55bM8wggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAX2QNNJI5Eh2BB+XRtjP6Xj8w I99B8w98DcikKNcEO97Wubdh2e6zqTd5ZcN/l4RxDDC0eo63xq5urZxpjPQMDHNO VssAn8w9g5jZ3HSCqGlPqf91uRuZysIqA1QftgYEgMoyv3SJDsTviruYnPlOk3QZ rQhq9crW5eMPwcU3pR0fz9RBnUsCA2YSZtZ1Gv46IzxmPIhgn4EFX3gQE5P6Eh/k IGdNg4egeONZfpHJu2od14RrII/3keYC8dW5PwqJ2O5M8glq0tcERYG+9G1R85vT LVh4+wzEUKqUBG0ZcNuuB4XCH83w18aOhnVG5MkHblyqJVujKuVBlMzS5lwzBTCC GA4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC83L317JnRlmVmZGWUVqz6Aghfg Dhdevr/n3aQc13mAIW+gC2eax7HfkRXLt5pfz22kYNixmJQTrGScKgeySwqUIaqC sSIOtsX9PkCc0oTY9fer0LFSFCts+Z9N6Br6R7XA4o1Q4+rIiJKAgkxRZaN8HUZi DMrz3JPbIRAmSyP3snRlbLpHZWHBml1PaE//wIjBX5JyHwIUSMbfKqZAxunlzuvX 23zJx7bu9CZBfo3oUF54zLWFNIWSd8Av6TCo8fNFB4nb5CCeUNumnAEOI/gZqhSu /RdeMvB+HtAc8MiXyOZGbWVL05EUWIczY0rVFqU7S1MmlDX646Jh+2hBDkExTGLz wjWnJ5QvjY375XxHB5SMidNuCWV+/ZxyYPy7GkFZCmsvjPb6J97ABSRJ03t2X67p yNz16lijBj7vepUuZvPbYc/Wn6oy2tbTPww1OeWkw/LtzmbNGzMm+f1FWVvuxxpY 9pxluovr69RfrHzbl7f6Dl2EGVbvCD5yjXxARqXkR+2Nr43KmhLcuaKnrjHdKooG XaFmlLfY/A62d9btJd+U2uFFc156PVl+40/q8CVO73bSIZqPEo1MFN9pCs/x6mX3 RVgzipeItwteQdd8xcBvwYHX18lRVO5j7tql7KqKe2zTGDW4Mm9cy9Jg2o/9CESE IDv0nO5Gr1NP4wcu1y0Y0uoZjIK402enFrRAjWKx12ai/iTFfJH05QwkQLWrOycq 0sHjaqtDgDaTSpSIdctC42QkvoikltgeEyjFC11zbt4CjD9bYI8/MoqN6MjltwI9 G5TVT03tyBNaEfZrUkcM/CDd85hkClVnX2tBF28T63Ozui9GbVFviW9WUs+I02Je KWN6llM7UWNb5XIwR//UG2fWxhvFK3aJzhEIHRV9JBQAQfzK2EVOZsRomgmOBnRg mvOMH14trTNPaOcBn/SzdJ4ZW6FvvYjVpH3x4bJ2+pvWWL38t3jY0MgsfXzq/s19 mvOhoIG7+UcchsQGYR5zrRDIb3oSc+hIJyHk/wkPM5a/iUFCvCIpGGw8ytP6ywhh O5KBYA/iEw9mjfJP6t9LWTky1pANXCYYxPXGqBQEQTc0i/yYIIYMwhvyBDiBAcS9 aAbhlsPEjP2OO978H4MjdMpYlc9ftI62beqXnWRYq7SutLwG9xrdQo0NNyPhxBcB h3xR9xNgkC3giBi7DVj30uzDSTVZaSzNf5dtctS4T3SlBGeeqiio0uczevPxwHQp xQibg4IbVKSDyETS6TIVL+sDliAWiPTjozptNzXN3ZNxk6pEM2Dtp+6kuje/KHxU mbNiR4u4j/0/+lsOlCPtXiso25Zy5Db4FeWC+0kLHcMfRRcHTW1BJGBcHAtDlcwJ RnMQK+RSRRGUI6B/bRUsosAWDk766bgJj42Q6YE/047amHvhtgCScqYaELG8G8+T rG647BR/rxj/tMX5EKlQvc3qm+/MMc+LprO0WGVWMrGV4T64H5kcbvP0ai7nU/X+ I6L3VA6v35uWbwi8sfzcrjXh6tyZ5dTSM14T0xkuyzXbahTTEL2+UxXH11qbxh/A ZWHpYu9NNocE4/V36BZ+sbsisu6G9dwEAEtX+/rB3U9hm2QJ57lG05SAZ2mrcU+Y x+tbMRIBz5dqJSN4hkL4r3ySMjU+p2hSWNWHYX2LHqjywM3+l0Dubjr9BvJAlatn uawkgIOLgEbr7BYqyfgr+/2HVrYTu+w7kGWHnGyEZgB9dIZ/kmSdJLJbW8qVdh9s v1Z1BJB7ZWIpQd/kI7EXEm/OQsNM7soCrDZycDLDqy3n8G8Y2pu4QkOjvqpjP89v Gillmor, et al. Expires 27 January 2022 [Page 115] Internet-Draft Header Protection S/MIME July 2021 T/TssRnDi7wOJ9+3RldrycQSnexuO57PsBQezZHMDbiZ4rRu1heolgsggygdpeWM gRS58oqxDakL6S2n5uM1xcBMhY8NBHZQfOvcU0koJo7hbFFoxzRzo+USxJDsOuuj +NhqRmVo/Wp0er5yKdeEdeqoqeOSq9IrS/txX58DX2lP/Wnohn47dm3tRE4eImj5 VsCOyBV3LNTnu0vsWGi6sm5wRLXvQtSmfwTCPwexiTUFjyz/UEpQBUONx5TWhiON kBeoz3OFR7SNj0vmLVVny5cIMa5CWqZ0F87ycT7vFzwo/X1QQppmcnEVysipM8XB e5AoYlMkcDf0Lh+NFtbksT8giOHoWHhM8pnQSRgScM2TdXC2+YayIb3G4ukgdOTh KT8YJolbeEZrzegm15LBwcUftfAcUcxt20MUExVZSf/qQuKmcmwyFrle4thxK9yb CAHCNBa8iYyKU6qAdjWX+aH6UoRI/7ysWlx6SupMf8Bd2Ghk+iUllT8CrORNi2Lb M2SjZwKA/zNn4W584bAoV6fiwka4IgXh5SvszkU3c7OJYXtRuJwD5q/TpY+0fiAg EOoPrqLiTTrEDE9obzPh9lDHGlF85m7WRjqtTmbgHYjuHqydXYAG37QgWMnyoSAF YVHWqh7UhFoFvsHpn1Gxp2aqznkw2qXzoGZYoaCfTJ6cXbJNNID4n16eRztv1bOO XLVG41ldICCbOH6pmA28+DbNKQBx7cB/ZSpfwD/pQCNg4IXUuJA22p0WRdd+2yVw 7fPWdABaWydzQtKgN7HnXWCogt6fkz50t8gLkY1F1Q9pRzLDBZO0O/bCMlvPXy4i rXGP3BgH06G05OIzxcs9/EbNereRb0/OzXmd+A0wTDaBarQJYNu5IyaV4EIhVLBj 7x/tYSf+74o9uuw1hjiz10u57ZluHI2LfXcITXRufM3+i4VBlI+RSe9uUgv3dWcr zwqzUsMLxqGpVLUyISDoMMjIueIVLKg5TlsLIrjXyQVwj+ZX0mEpubL9US3AKDjr UG09davXIkfK5OAPIJn4T9YOmw+bwtt39GCcd0ITKpX1rHhblJQKy7f5yqm3XNPo Pw9l2XAYAJ/vnvHoiXwp9pVYWqGY2qoLuCg5VLzlHgQIN+mN0OdzSqGG3KW8s+LP 9cb5oOw23VSA2AGjEYiEuFcunP5aZMCT8o0wh5J08a04/zwV3+IkaMRfC1ZPgyyz YZ7NNh+v2RvR3VeW/QMPOFB6lTnzcHcYQdmK/DY9/BPrmm94yDS9t+wPfvVN67Ce zIkk4arX9S2KEJ3mOH0Usky4Co665+9R968xOjzSlUYaPdqmRb46TvYJ8BzmcUH2 fXMAjPRsxaBeApglXFOPVCDR+H/6Y7T2lqkKWQCZqsIcOIPlD1YVILdPJFTRwXrm N85n+wflN50jpAoKKEg6CAsxgR8YxemQB1TFMee02Iv8j2Z2gpnu2TQALVo5dyjV PykeuGpWooq9za2hdLQkolkfCmn619yzAsfZIb1eFVNxyMvZO8BdtyZQ/u08eneT 4a9bAEXzzNTT2iDTXj1mlhO/ifXojWiEyTBUqNeT1eAnD+pNiLqZEQHqtlev1T5w MaGx1M3mMUyiU7XN8F7UpfclDuJyOLP2dg3j3ffg+xBD/GAWByXjqTpOFaN0zg89 qA2wTkLGOFqcJzOWDHb35uPQGdHDkzXaWOSVWr+ebr8w/i5PNWYR79yL0MOzavvs rvbgs/DL52R8llVHG9XYxHAVUxDrrvkOczg/e959xFntSsdART8NkuSEQnCBcJiK wTHjgd5vke87yC5dMdswj99kG5OJiUSRpBAOZNpUVqL6CaENsg4c6csACQUR15wS QBR2MOBaXxiqma9k3i2JM0SPtkpCzfJoRrsSTvShKFVvBQIQXMybiVwFP8HTrnqw i63Xgew19nYRXv5jjsmQNvxZJDS6/mM3rbcyLBk3uSXciPFkQuO1sm2wdKb71Rt/ 8ohiCt2xH03dmk1poVq3r0kzelvR2yt+gxqZ0G7DpIhIlm9SASZuoL/GIT/d/d+4 fecTkPr8dK8SobUGqCscev0ngVJWsDMM/1Q5yxZPoKtccOW9IOqY0zBGgwQxv9s4 4Bz3vo3SNDRvcvaTyfehrJmQIUm3+ObehmjPMh8l2Vlw19wQbROffjlg34RF0OPg spdcAupeeK6rzGz/qZkqs8qvioUM9M23oliyUJQ5j0DlywlnbmHQwbDTRzccroqY e0zpiUZ0RX2Pd/aXaDVF3Rvd3ZQjHagWvgXizhNW7LmHyqTxupwYseE3mtBHllZJ rNy+Ako6qxPslMv4x1+TrPiEC3xqFQxQ8Fkl2tJ9waY0PnZapSTNIaxf1n/zayLL uqVVDmlsJ7W30QxAR8MvazDgW9R3pA/QlTHZTT74vxkjEhUfsG0xNnumWfRmO5Wc H5dsE/Bg6Y9lCPsBUQ8bTF6d2YqgHrA0jScPf3S2Me0zpzCYnkgDJGMiZ/DVXY/L GUWuItZr2UqLG43LcVuzVAp7av5swE4ebwc5NRKf52UCAJE0R2wwYdHjj6ETd+q2 1R0Vw8GL1aUn8FE/SvyOTMaCseXhKCb2olnoLm0K6i+EskVucCIeNwwL5+g7kcf8 /wnTEC4sQA8zvtG68Kr1wQI5zgMNK+/MzYn+Dz2Hkm0NFJRXJFp2JG7CeO+D/OTk RX/VBd7Q0tqQFeOnLd3JX5n2Fd/tpsrim7TuThDGVlUevg1Lgp4n4bucUFe+A7IN srRmfKChsjU9Yl+Vjyk6wyM7OwNAMLJ8BtY1aCJegncTMmNhTK1IQF2D6lUa2hJX FG5Ewc/xqd44hI/pchtFV0mKMX562GIAsndqsqBpgVX5rDReMt6DN0h23f7yzXIY xpan5It5aQE9PrIULl+oceRQPJ5tg2JajyJWwDv0nrRLQVk10Ryh2IZnpnFGmrPa ukEsJOBde8kCoGpE+4Exgsenv61MSpYxdmhQrm4AgIAHtumk0xBFh7k0TByZAYig MuuYUn1iVG87c4E7hGqSKmT3/oycprhRUTSzR/ZErszPAZZYTr6i4wgvrSEoFfxC Gillmor, et al. Expires 27 January 2022 [Page 116] Internet-Draft Header Protection S/MIME July 2021 TrVw7w391XRsysO65KEN14pHDUWV6tswSoMpWI1FlcVNaGvfHipT91BVVJyUKoyG iEjGzCa49IhqeTjLyjaBfB6u6LDAyC10ovbMo9gmRuEK45UqRWt3E414jUwXD4hT jdzX5fdYmHjHfO8dcp7BOKOmr0SEwbhVMxjdGDCj0+hPOJC82jsD5FZJ/sfRtdvh lgKUhtAiTu4qjfmq09u4KXeYrZ+8UWrX2XvLlDlvNKYhe+iEqkjQk6SDzfWBYCa+ UNaDw9SG/cTBWH+JknHQbB1v9e/Qtj4n8FT+aM13D78k/kaVu1tyqa2NfyWIG2of 59N2IfYFnKc4gw187MPp6NeuhFMqphqYqYSHSWsFa1LSa71R78eK0R8v4q/e6q52 BU1kaUk8isdPWkG0sgS5Mmejm/ajtoMHYCzsCWySkDfXqM/h9mOZVKRRfDI9Gpvp 7j4ScwbL+lgKu0XkCv8Qjr5a/rUY8ltD3g6WLSuu3RIWuslmkkfrMHGUUuw68Fcd XQ2B7y3vEWU+t9kWUnHnQc1n2jrY25eZ7S+bpuFepUR5a7s3+FIjQJ4EdLActfzh YFVC1fNR1vzKI+xtdqfU5p1wddbe+1zlbrmits1fnisg8GRjFjtDGPeHLv31AZMe ihvH8devCgSSac+0CTgL0XAohSnnqOemBYYtBKTYkLYPMBnDHpQlqoPuU/2c6OlP VLRinaHgxkVx9ZkdDNbY/clTbIgE+hVTOLxTmplV7CPnR/PPa6mWm/DkJXr6T/VU vHxP8LQUjPWVYuxSZ8gjRujebi1gc8JSzK4drOf2qgZuRY3pRjHlrK+HdcUAUu+4 XdzdVBFlPuVl2p57eYJi3QQN5BOHbJfRyCdnitccyLDGNkXbx1fLJf1aGn46LHV0 kgrbHpg5p0Az+s0XQxvnGMf0n0IdVQ0MwPa3MNvJzMPohAqwfCC47GXAaZFde/6C 1x+BGQr6SqG+PaHcp7rxBLMGK+IXQhqlbFZ3muwW/AUsTAH47PbM3F/Gcft1m3pT LjIk1dbqKQtGmu/cwq37WrMldgPQ6r2Uc4G/0tOMo0B2nV13WJe7jgorb547WUBJ 3Im1Hl4rXx/uf34FxjTVhy/tuA22VA1vZV2gzwBQ9idalMzX2ouziaoebF8E5uBI IcAQmA4oyiaLRQmOwAGy4UBNREEqW91MCGAwuIvQO910iB1mTUjFRx6MskpWUuuU BmA3UPzXu4QbBTVSrrbnLZEuVaSKbFRSjhOUdsH36OWQLereNZvg4FyiSm140lD8 0U2s8e6c2k2Dj0UBAWtJdeCsRLg6xyMCI6z6Q9EbRVsfoJGKB3eEGKl3zRzaTwKS 3+EA3Mv/0UUshDFV3yd0tnkBC00BXbmKS4qc4Vmgx/N3UlCO+9AlEXoyeb6Z8esk cMY6GbsBZwtdRAfNWg9/X7rV88emPa1kUFI33iXVw4XYdYZMtaWEXQZrdab7dBws /aHvkHUAan7/Nl+lbuTcduLIHEGshkI7KKO0F8XDTT8TXf6mSgDZrTd6ICKKa74h NzO6xEtr7fElIhvi65O2ybWGKA/SVIyIVT4TXpz40GpzzY6mPC/zYv46RfzTetVe Msn2Jpi/tnjGVUGVzOLJzo/rQHukaNtDMKb8biQR2SHpxUauizdM2t5KQlht/GyL nmvHbV0PdFCKVRrQ2XtwOR9XCmQKr5o2cztaE6Sqh0PLn9PxEwrpmswaMBhHfbdi k6hK3gDPypJQYSGohd2AtUFlxokNDO4x/4yzHLCfK3Mpqfg+Q513EiPHEqSubZn1 Z2i+qSLRnlfYDt2UjPD7jcSelW3uUdLtSfd0bN3uHxZZgqf+3WCi0ry/0WlG/lfF g87KfUhWhUtFF/pMN0wdp6BrMWFxrjPfmTb3B9aQ1cQPoMeTQXYc05HxS2Rx6/HI LO9s/HNehvLt8tyOy65KdHzCnLfxSlSl4vtRbhW73TYgbrh1BfSEFpzgU9sM1UkH 8cCzrZ1U2cm6vbv0CO6/1wVhTnL+Ij3i0y3cvCUZpHSz2i0gra1wxEPMT/z5p17t z5sppHHZZhzV0eS9ehUkkLdxbguwwFbKWl3OJ2wG82CDQb8Xdtc03K/zTD4QJJ0I LSvoCYwnBJi4waoVQCbLGN0FC+cJAqqUaMVlAEHXauQ3VLDOnOWVISGYuUQZ0b3Z yom88ScoNdI7jNxjfRp52y6mVkgTY6Mm4z+X5E90+VqH9Bwg7PSFlaaQNC4hIkyP ygciHDwcmQHDkzDpoY9+PCZb2DisR7DLxmGEKqX73POlGYTZGXb8pshypv4cqcnO WqtJoXs6TPvgu2UvKwdo4vrw6OhaR55wruq5+99irV+IuUk/qZWojKmLdd744fnM fYJEKLcU88iPoEHohals4z6km/osvbY7GHH6vRzgzRDIOMV64lONZD0kxW7j+DdG JeyoDuxKPICR/Rav1qKCjBxdzhHU73TZijFf4Ht2YelP4g1mx2ciLoZuyfQgaf45 rqFSXo/GlftzXbW2zSqr5uhTY6J+Wh7kk534m0yqf0lJ1Oa4avYqsZE7VNe+/Xnd x8JqZf2FFqnf8+H6FL9DOtyfZugJTQwrDs0egcIVsbTHi3i0N37iDKGGaCAotdso Ix47BHaBznn2+lU7VpHEkxTcTSZGAPJQ/5zZ10mQf5wwVAWUnaJlegnCpjjlr3xd t81KWFMWAPVuL3otm2vp94yE/lcW1AGGO0tTb1e1e7G4qCzjQv16cy8FlSZv9Vj2 efUOVSINU+FmK8s0hMsgbJ/hY1yWGkhkL41wrcfvYfkt+Iwv0wzH0Rpan+9zC953 /KIAvVqO6BK1BQfpYh5u/hOJ/tBC+wz7uReLT/q5qfZrP+bRvvQoApGKZHkWczif 9wBhsM1cEPWfpDDIhTYdAsG7JFAaznlhb2II7n6g0CXiLP9pNktsLD50oJ9p9RVv 0bvGc9Ag9x9gTQBOiAqFeT8Ifk9gEfKKUpbpdHYlwiEKBNEvboJ5Q1KROb56OgaI gm3i3+Q6lIibNQub39Xdka+zl8NVBf5id0zTjZpFt85/7TGvHGCNuGudW79Jl17p Gillmor, et al. Expires 27 January 2022 [Page 117] Internet-Draft Header Protection S/MIME July 2021 TFXMattXtTHGEuAlWlqRKYoFPZpLMynTLsTT5z+gqHIAgURgTOMa9YY7+7QsNLXb 8et3eNsg5E/cAgzt0OJO/hpkQ0fL5k4dB6DTiJrwEMiedvp7cTeHPtlOdMa/KDge Mqk0daemNTOUbk3Vsj2s3SfS7BpDTnulb7/1U0Ti4oMF1Eerc7fb91dOhsKkh+13 fRAIhT6rto+gbnDKGQffeQ== B.3.14. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9470 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6006 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1771 bytes ├┬╴multipart/alternative 1122 bytes │├─╴text/plain 387 bytes │└─╴text/html 468 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:09:02 -0500 MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBACHOyBpdzWJH0FBPgjsElRkfM603OpOAWv2e JJk17KWFDzNyqNUeh6amywEGtKMI9yEQMiWNDafOaySww5OAyv4m5Td1NqvM7yAK If8GwwHBsZkZfcQD0XsPeileAUpW6vhIAXNHv+Jx8PxoLef1IlqbpvIch/OYXMrA vrupwwg4fV17S9nPLPAbAAsHxkIblgtQd3VA1KUwW7EmuIyZYKlrO1oHXOTKu9fm f6+ZYptlsGhqn+sxjWqgdryLyWgHpAyC5lGcRA8/oA6NVFOseeueqYEfRS7d7S42 34MgvX72chqxXnrEEk3jyq+ofs/LYiOQxNVxnsAcw7uInwzthXcwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh Gillmor, et al. Expires 27 January 2022 [Page 118] Internet-Draft Header Protection S/MIME July 2021 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAd2UGrRGdkmM5K4skCB8Bv28Z MhHF+f/veYUT+lxq2ui/KUjsxbCAH+Wp9KZxoAqgCxuoc+eqhd96bTpfJ3m1iCNO V84S2KOXiq4A1G/IqM056zklYbvPfLI9+EOotWXXW5RSHyMczxsw3GrFEyLLSGsy X5mYSLZpdPLzggn7VIP1Qk0gMXQXGgsjqxoUJUhb7PTmYR7F9f7qB3nhxBSIfdQq itXe1GgvI+e24eURa+lH57FivKbQGUCPmf24pB7WhjK66EuQZNWJvkMeQPOa2Qao lHZBshnyMuTzY88yDthhUd7M3zkzTLTbgOQEFY5JdB2Df39AmhWD5tkD+PD0dzCC GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPcJVIQSixxxaBzyW99anlaAghfw myNPcQDx8BhQw1sJYG8BmQwWk13lQo28xcdZsyQgbKJ5Eq7Og124W3NJFCTWKtwU CmTyu/IU50zFxmD9xm7IPCVFnCZRwuCfeNXiDfQy8KRQSIzMYnFz2CIWNnyJQ9wZ WoeoJPTxQapw6ILEm8CAEpmTtpCarvrENS/MKQm7FmfYP6Z4UzIKQJMBjVS99xO7 3TU5KrneCPFYS3F5i1J2yNQg9O1ACQDZk5O0/arLdYaOs9ybOFMXLofxTgOYjATF Oz/2W0ElzsJMhpZo/yCNa0lq/dDSHQSumJTcLhKjSUDTPnj+fTELU2KUmmKmsRWz VXxYuusjuDZ00PRUp6NUF+I3goOYuR7+hvXurJFHGQhSp1rQ0fCkAHsyLCjfU6ux i46LOkVYZrjQiuCIVFvs2otvHYN02xqhZBARNckq2rEORfA5CaH+9iGwEekhRfND +0Nwa+IQmh7AzEBS5vm7Rog5zymsTOu0Rv6j0QlonUiLiKQ6KvTlYHzwbZlspPuE aSEq1UZAriavn7Rh7fhX+JPcys6ImdXbQAqE8dl6Wtm+2y52HCaaoKHcJbCAvKY5 +AttDKOEzkTbYAhmlYOqEaW3NbKGyLGm5MhZ0iTyyCaZfk38P2c2nnOsotMJmtpG sbdYA1qWrohadiGUOsLzbtqJaHCF0+TwdVdQ9/d9ecfmmdWm6oHTqCa3zOG2urTS JtpVFdIjtp5+5EYGT+HQKYnxEl+Zge43Yzu+70i9Vv+y2j8kubLLRXJXF5bX2Dpi cyluo2s68DqrcXrLQ3d2ixmnq5gt87/HZPCykbKzssCQNhdgYR7Wv+01EZtroOL3 yvqRihxSqg6x4Rg44J29GBUL9b5arwRVo4pciz3F8WPP/jZNldLNqSeqkH+GSXtO MlGg6s0dZlsRGdClr5DYCrLN4cqOA6VxCQvW2JiU+Jiwpt3XZ2v84WBEX5ZmKjGM oQtVe8fx49OZHrnQsgTMYBdY/Lx3nnzrbnpZwIza3V430HUtClnKbanF1zbnNsyA dn6aZVliZW867m37N67g7Yl9VNrB9Qwwg0pEA90G826vXoBNI8aao2ZInTS+sEt0 iuH8Wz192z+gFFzfD3cyN1HczxBdXaOF5A2pOUEhaWCJWZYhFCLBj29/oUv8ax8w obsApX5/RJj4F0POW412xRCePCeQghfuhUUyUYLWn99X4V0ZqAVXmJhNUgfrmass lUdPvQDm+FMK7v7Tz23Idt9nmuN70H5GG/Y0r/5e2JkkcxxTS8+yUL4SbVw3/03r AbgpVFGYCMcug8UI/BX1CGlSI2PrMAg5MFVhpNW87ph2rOub4mJS7SESQvbPEYht ZgOv6gDLCWluJ7QrxsGIUYYOwHw82nqertruj3oZPepIR6WFiDp8JPgTLn/fqaGL gMdfGV+Z1VruX4yCTkVdd60MITN0sPCbWoLQqK77QMk7i3fw4PahAnVdasuF5xnz /xUYoelUq0gkY/7o8AFjc2zSFM76S+XWZMrmnZpM7IiBx3vBSPWPyR1INQYrD4ZF WpK9LVnAOtK5pxIlEziaqizSO1gp+DsY5JFa5W9TPpwbPw3nm3UMrd07cJMGu4yw dzeokbYWSAAAu4qfjXB2RNHSw6HhoE6lTHIUJhH2+dw0LA/e48KfRgoUs/BA7E5h qCVOY55mqxcYl4eOitv5cYPdJeeqltpifhwEIiW77YFk8bjsZIS3y/yiMiqbYb9m +lih/CNy0gLa3TmhpIzVGcTtsGlc2eSl2/GAX4rgg3db6Ut6EyE3MlUquOuQ4eOj RGufe7coSwJ3HqwvrFgXYIWNPdus7cTiuIq4ryIqFwg8fShJIDVf9XFncTXNdkkB Fbxt2Bd4Eko5rXRn73wDKbtHKI0WclWxChNqGhkpydmQYgEV9GqHXtHTRertkVR7 sO4Ua2U/is9C5JVtwnraYPNnsggYYWBQUs8zrAiXEGNH8G0mTonPEvuWlay23SbA KsnWxrAkrSREA3KX1klBsKhLvJexr5jezV/VoulQs2buTUa3T7Poa+/gygxaZQN7 0YPZ5FvBdHWZMrnTCgIPi8JyEmlvZAYw7OD48Gv7p7GjudPd3NtUM3v6g7y2Jazy wTrQHVCW/BfBs4Qd+0NV4GSzzvGLjsGe7PSUQ5uNL3aOqbPcSanZbtE2DIRF8q4I KyI2w+uRh/uiXk0xh3KYUq69xXMesnAICQxdDjqNE6Gcvdtw3NjxAaXUn8MJC9f7 xd+Je3t51s/r/VyD7p16lo9UXurR/QjtOrMcoC7H9+xnmJ4xPD1aB1Nn7zE6DmH4 uC1P8thxUQxysv6UVS2QuU91vC1jk6ioamSi7zbfXi/T11Z9pFxKxvjOT+w3b2W5 A/rG+zou4o7qO6ad2KWpei0ySQMVOW3XZN/7DcFXcQy5gGns3iWurW0L6R4bX6kx QQqYtXQpDA8NxfBWu5ZyhCztkTXiuj+Z+YN0/xjie7Lw5wevJHNcqzHpshf9xEH1 mX7lWpcN5F4Z/uaG6hFyKmICCMCPNimEusCjpKSBrlEl2/ZfasAf7+nlot7gGRLa Gillmor, et al. Expires 27 January 2022 [Page 119] Internet-Draft Header Protection S/MIME July 2021 +nEqpZAHK6eZ2u1cOJcqlM6Kd+kj9Igp8evi2IaY/Z1FyQ/3HLJE7hDpP9GpGJGe alBt1pfu0IUyEJ2Fe7lJomcVreEXYBMdcPpc5btJbnsuamK82qCUaZBbxzxWfvGD yofGz2WySMZWttrMHUiCVLx6cFa9FMu8ME6HjaoqN7FbXplabt2ae+lsFJZ/Ehmy 5uz/FTk0QqExHhF4uWvfoP92qUUgWnrT92Bua2CLMs4nGxh2b6pH6pjGLLmdNDwT w6Z+Cy5FFazNnA0w54FuIGLyV3HL8m8Jbzty+uiIB4NnfpXeAmWvhqStV8GVzH/j 6VW7ZaZbg2acn1HMTSfKYa35m0RQlakc+1bzIqnLWMdbRB7Pd8mghNSHrZ8rrrCJ yUPhO0A980KgzFJZgh/3eLG5eYWwN+6B3nlkT0vETiALnTOE0+ICP6D25yyiy9k+ iEAkiXY00vUnUv2QJFTKmgrYMRBpnebYE1y5VgA9etEUIOV0tlzKgbMYVlxgcK5v TnLVmTioj1DgSPpOwkE8EKlRgjjc8lA14Ih5pcW6qgarDkyW60ZRHfLRsuWkNw6j jFnRWskK1LukllBvG+S81ygPvfc1SIMlUg/nfqp3EF4i+1tCA5am5AuOrp23bBsw 3k15q5FKpsbn3rQ7b3L1NquBtPwIr1E5rIMx6pWXOs40M4GSNri6Fg92eo4ZZfYZ BeJZy4jerGNxR4SE7NunWj66j9UumyVyE6EbgZ8ITuqEKt3lx9JMJpWHnkgeqDsA K1YI/+L2zGRIMo9WOoPuw/WdojEEG+4r3JMAK3/fqKWiiQosStG2u54XExuUfTpm Jzc1keEorZKCvmyhiFFObkQli1Dn0ZwEpx6qZbowDiMmXSGJgC7l9XUd+3mDzmJo QPn5IIYwOIkdoPastOGNuuax7RGUOekjl6f+T9SoGu9eVu8sTVNExarMAnwReJTh dnrdqWLzSNuJweyR3snwxMruvYE1yy2W9mxiQHM3Mj9apwIPmU3dtE+H9p7uP6CN HAMiIUsegY/2du9cSeesA1re3B4Z1nJ8Jt/7wFOk3ob4Ox2lCk+U2RRoorBpJtvk 8P/BRHq3EoUpbNnoB89N06GQ1w5DkfqOeNQC5E/wDDhx8JXWUHnad54UWGS9++fr 4mHqUNdU6uA9wgUYUEeXkfUEyVlxY2OZAgKmb7xwAvfPrWxLadODpWMPb6dogmBY icxx9Sg4ZOPFgBoSuwLlc+43NZNz++ziOgdIvtbpf0a8GJVfg3ql5Ch8vUsNIfNU 9cYkQg+hTn9RehPdM0QQzOXWQX3C0vFshV5eGqrko4z+Tw+7E4wfA16Hm6S73trc 4YmHZtlgtgvWPb+CvQvmmx/xNmpatBYSDzPyusaA3GRb+0vxeIMqGXxdoriD0qrN lQeADPDYPcZvGOAYjvpn3UDs8aqKsZrqB88QUannTO+bhBUrjD8GBTSAg/Xj5yrP 8DMjwc5Q//QhiizoUtsAyDvsfjYFNriXiX0XsIydnVCqBQuk0h2spfIHqXT8+EIo nNTq78WLbZiHqnKBNxWWCXakU7L5MeX16GlggHB/Y+klrWq9rcJEsoh68klYO4WN jCrLweQMCmAAktbQQhS2TWoN4gtwd3lmjtoCU+97K7Umh0nQOOtOLbOPCONfxwLI rnV3HG2gyILR9mOjQbAh70F0GjAgov4C8eDdzVTv9WL0blN2APdNT7dbW69Q/1Aq Zh0BncXV4QH+TIH3A/6gwEhsrkCMeLgSpEDAsQgZgPp/2XQ0JjxlnkxnTmsDie/V OWH4X5rj1uKa/5dF+RjR05EmGzbExxIYgI9GUx5K3JbDxnx2teEGznvpFa4o8fjb dxOlpnrV/NWuQBtyS6Ated+0ngioqqaLDrJBRaWp2Wj7UIepTctAq3Ps0ZaJMGol DRg4LtubSNRDDYfcnAbwvMprC1s4IMzLPjtVK7lHwwvqGO6BatjcWUN2qwbKMA96 GqQFeXZ24loj2rPYGD1vcnFkUHty+ZfEo7F/hdmwLz3/WCnmlBtGj4/ot/UTW3UE VFTXxoz5m4JpRIm/eozcLVHh0FT4XviB8RrrrMqelN0dtzNTib0LnklcbAo7Fs05 2MMWRTWxEokIx3Qmg7X+umqUKehNFtz+DaSmyySZ2i+7zlnWFY9yYV38N5D84Dca 1BrbEpMpwxREaWTpnxHQOOPPmWAOpdMvBBePNinw2jSQxGLnJt5IGjQ1b+YxcDA5 OSPvZp0igRaqNi+Dp2L9DATcvz2o3VQtqRDwzEGZk35K0vSaeD6BrFOLSsVhSXWG FaMKB5RaX1el+CB7L3wvIq2WsofM8rBAEd0ExLiyk/IC+n59WQPQjW/2UZuGUQiW CtgTtpWak+D4V9LSGiET/kUBXor0R1DlKCPmqXdvkd4E//Gwfbg74J8vyZM1y1o/ dlfTicOJWZhqu7AUdLukBs0mo15P9JHXOg6Txgp/fpAGkYO8UO84AgHfpRDbzHKl HGTrERj8kAOv7MdFqDwVZHIdel9+JMw/sUq/TvJgRwrOdiEKLOaeVrRBUoInAe10 RBFqcQOgTClPZ4Q/fVroIuoNxMQF0OnAMNG1KEDVYt/Gwq3syNH9wUFBLuEriOdd OKiFmj+beOl0n3JDREGM9pasBDnE95JnMF7X+EDPVo57W+5ua549SctYcT7SrXzO v0Y4LgT3y7EdiwQQy7eyxzTs1fkyFHcr0kLl1ajGLVxaaZWfMchfGIfyEYJWRLip HvjCdUhPGjzrAkpbmhWuWbEbUTNpyi1UIzC4rtzWYthVIdL1n/CodIiScKCk7QOH 0ysSOAveFCmabvJG2GCXo7mcu0x7ruDxWZar3RBaLS+7gLLhHwZeZjU05E433yRc 2Wme56dOTguGIVv1sBVZjGoQsGg5h1iYBxc0PMfHBCdD8Bz8cFhsU3GzA7lvPAw4 ILtHuw1pMVM63YEHOeoZwPYUoriQsKCG8C9QDCJGXL2BL8b75b9+aZYojvRLzACG YszVDnQ7809N1M7YER66bWpr7Ni1w6+9x2XogefKDYUwV3+cw9BrelaXK4xGJmkp Gillmor, et al. Expires 27 January 2022 [Page 120] Internet-Draft Header Protection S/MIME July 2021 cjucFDnUVuTKZwLnmQ3EeBEuAJTdLbTQmKlZi7nX+Sgn5uiQRySg7gy4hAxPlNB0 ZowjiMIxrr9ba9MYUgS78xP8iOclFJ/C5WxzTAz5XzYcbR4jGoMpwWY4CHAxFERz Tm3ZBqVvxqkLYoAts279KnjpYWwft6bL9acZ4Cmovb2wSzsCi2YXeHdll9uTz1be Lx3eJ2P3AR80F6LMDtEIL7/EeYHI5zF9bBVG7s3xtb7u0CEAzEUG77vcdQBZOMsr cMjEZ70fza5GFIi+cIYtPlVjocd0p4mCfSuFuBrICQDA0iLP3nqXjc+5RzZSkwKq TpuVs6PSp52rikxC04IUozxpfaJvqRNQ6fusvMn6/ZinRbuS5ZWncTyfqZYP8JCv 3OHtdAyF+uGuqgycMGPQU8zZz4/+ZDXP0zpySZQ9WUiQ9zpqeuk8QkoAT1HgwnBE 53K8HE+ceV32CrS7EODkHRKoMI6WhDg5PL9FobgSfqhNGLTYEW9I3lQxD7U4a1Bq MSu4z2QGHPwYjSGZ/aQgs0vu6+3SK9ERSjXzENKDeofah4AVooYoSAMXuKkEevVe bjnUJBVh/SBMGx3NTlEVu0JBZqgbfpW7PHDmg+Si0TrrJVSD5IVWYYfxM2iWdLzo GHuckDuw8f+jpdZtLpEoQhdzOD3iIiKJ+hrk03sf4vowSZSAmIsNhr2Xjxt2roFH KzIHyuIOs1RDc5O1DCZvVjjoC+HbDwaFErZGEQgIcHgZqPgdaTcubsMU0ykmmdw9 SsRq83TpNTj5fbwrT7Nq3z8NtCr1l3PW11KwzbjIBJooX+bBoahkb0pG+Xuth8eL HXmpoGViY+Obet4pzbi2g/41VK4Yrp+HWgc1ZqzlBWR7GxC6lkc+xY6whA00L5Er 3pBhXMNkyKVzC5hYoscocLOXmAlQVcDoMA1G3Bu8r1e6Ak+SYIviiHj+ElD67kBw gIZ0Qruh5GnoBiwIFQgsKUXFyNDF2PSljsWcZyevAJBiue3SlANdztwWMZQ6E28s NXMpF345BMGThDDK+YP80rmcwTrF0nOK3oDcn/hFKxNM1RQHHRpMkED8fiGKeX+n U32xWYhSBzuBKZN2sZWHzNju81AoK6braMqPjRTxkxX5Lvy0sKkgtGxxu6sHlvru 26oZloZnCsBvjJyFw7Wqbbq8X9HXzGGAhBrBTCMcuL+TVShMbcgiV40GwCJDQ9SJ zaVS8VFoAzYtm2dpjnmjLOAp3QYOhNu78cEtjtS4GXFv+5jPdOuyn2NC/3dT/BI1 mV0f3NKviHWX9TKLll7LwEeAkdycM8tJAXEydzq/Jyrj2Fk15P8ZM/ltzC85dnht qljIT+8ENZSL4U1XFFTOXF7QiEpCmbenvSlyG+0xYb98FSk6Y0KoO1I++qcsr0UW n08vhhv9nuhNRAHHcbR5ogv4S/Cr2yW5ChCht0u8a6R13cyJeHEtOZIB0Jr1+/yR Jv+tZZRzkI9Bjtppm2W/W/gSMvXFNdx+C7naU2Gtt7fBBTO6i5bRvfy1bGEAJksE ht0Wz9ri23JT/NfeL3rQuAfgbp2WaWQzCkuAgRZODnJedA0xOWm5rimru93eISWX sDx2eQPdTxndKBxP6b9aFZrWmX0srW6jKeAQ5f4Quy2sXBvU2jAI5vjkA/wWiG9z v8R1sTbkXzM8VWz8kJbT1uOEMFNtG39kQoIRq2lQSHrSFn/VhyG2wh49wG5giLB2 eUtnSUvo3miqqCDfZY9B4rpHLbeDb/3NYlcMMQPQwWEKKR20zGiqKmMV9/jhaIoQ Tr3gP8TUhPeuC7vbS/IFLDkIAliAzgpoYllAWUwZmW5J+84dDPMrVStiQMK/CAZk ZIBLxwBnH9s6ucxtZWNFaatjMgz3Y03Twn5GOjjOJB9eaR6SdAZxDTeODajJIuGJ jB4cjm6Un8lZki3PTAyBFOupETWxRSczCs1aPnaZVcRWkfOV/O8LILxCA7lesZmB IrJ5U9LqJLoluggC/4wuxCziXCRXLz7nT4UhxYqG8ZoJ9rjHtf2t1EbmpmT00D+S 71rAVNUg7Oep6ucSAR0gPQEA6T1sYehVYmIkz0QIJpQVP/Ls9ArZCkVpsmLoVhyu +pU/HIn6mLmmnqSlAYl38M8F8xjNX8UsOEuJ1X62coaGREi0FWgmti6rnzzYx0DQ 8dsaQCHtZR+7+tgxYGrBls6PWxpP2gjwk2u/5kDiirRfIMhvke1ZKLmwK/DvlhSI p25G88scGcwUoLhsIzPSfFHoYEIG9MPAS+CJgbiKqljpyhMZoKfsHXyHRdf9YrmZ bemiWCBmwQK5J9zAcR8l5ULfkVC3kxgkdHff4hXsf2U08D+oANABAxDhxZFNMIvy d6HCmDdxtzdeUNcHF9XTJ/YGme8gsU0PJ1dPBsMPS0lBw2TXJAkHmY01meT8/r0v r2uYdPt44EwrLtWonChUe1LwMWeK0D4soADI2Gc+cGxt/CWTFRFbULZF4BRc+1N9 xKgCvub2mwWSwCGP4tHGKWpAaoTX2b6uP5Kb7N7HDRE= Gillmor, et al. Expires 27 January 2022 [Page 121] Internet-Draft Header Protection S/MIME July 2021 B.3.15. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_minimal (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 10120 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6474 bytes ⇩ (unwraps to) └┬╴multipart/mixed 2095 bytes ├─╴text/plain 59 bytes └┬╴multipart/mixed 1600 bytes ├┬╴multipart/alternative 1194 bytes │├─╴text/plain 424 bytes │└─╴text/html 505 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:10:02 -0500 MIIdLAYJKoZIhvcNAQcDoIIdHTCCHRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAJY0bRwKmnM0NyOz+IgHeWMgMOX8/jDwHHrP t0MXudwDeJwQDmKd2J6YtkG3fRjZx+MS7bpLReFPedY/7RAe5oW3JgENYa1HpIwm aD/h+qIxTicIrNwzuiFAgWpkAArav42vaMmG+/Xh/POG6Gzi0KPeJUnHyySf4Tp0 AfyjVj25criwnRM5O747uUuPB/jfGaQpY3juME48/ncykOBtoUJjZRnRfGPEGXi3 PC7dqg1DU6psEBsAblddc3UiWHmvbupTrzFRZ5GJpQxxAiEP+dyYkhEmmymIwVkl LmxiN/ym+SGbYN8M6bEyQV+fa1XHVz26LJIZNTM7f6ud9rZlRQswggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAP6JUg6dihpC+SAwERMVQthSf ztjACWhmPPjx4+npojd9dah/Wc2iimFnMUpEUzU7AA61CmqDuC3TWJh0CUFy+QdZ Gillmor, et al. Expires 27 January 2022 [Page 122] Internet-Draft Header Protection S/MIME July 2021 TS4Z/46E4te2mimwnE/vh84lgRX0G7+XjemnjeWlfbbtcxjwmUQA+largOX/O78C 3Wq6s45zUj/3gAUDOaIrbS24/VdvM0kNjbflYC5bVoRV7zCrnsv9HZ5Sl4R7aU4f AMPAEzt6JuNb56XLUeEjtLc/J1rg+by71moz+bl2vAHrCV7KS4rjuvdX5mtyx+7Q RsxO/4U7edUDYP7xwoRJH7BJuQ4TCpribA9gExERt+8TKVw1axoZ8q0gfLklGTCC Gf4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELIL/TZpjp5jGGOzwxBSul6AghnQ 2G/ggROJ0uuf9cWwp4La4W+lALvFdSImHu8llX0XfYLiBrQWUJsRX4pa4bT8jUPl Wq/HHEZvS8ehM3FIlpxebnDey2FCxeAQ6Pn4oByw74UnzFeluL21PEeQeJTPbui+ sLqZqq4HWlA0WpDERVLbWxhMDGXLNHrgmy3tYGfOa7kP0mKnLahSRBI1FG2HSzpd 71pHqYy90RE81qK6B6ocsK0+2D5pPZHFOedAS+xVMhagBRJrK9em5mSoTVZPUBWv sITwwJI7lA98wuX7WlAHwk2SGNrmq59wkU6hF8ZVpIg+ItMwDW9+5lKI4sEJy3Y/ oxP/zQX/+/GhQJSArY/Bc2k8dOcLZcFSGKglv46bm5NgDl0tQlg/waZHVYfyvDO2 lB0AZpiVnum8B8KueauYQ95Mfaq4p5dldBye09fCjNNOsPuPwmmJMyYzwr1+fmQR C9yNfArM13+/2aRYo6ti+8nldGl+cnCQDBXu48KlLZH8oBIsghIEmMw+3wGVb3ka TXpTsYqAQtjg6V3J9FFTNbyX8LlHhAUbs0I6lyDwgILSEI9/pQdbkTE8oqJ8qChu wz4ZMwh89+AcMqInzKkhsOq48DbBLVeZoliknnJsLcejbM/ZN9tYVc+wqZ0YUmEo gCmd56WDhEGwKoSz7O3reLmAjen1wrKH8wGIzhlbL9rja1rgWSC1PrlcPVug9ghv 6AlqZA2q7C+dVqdu2WhGgEktkccAnM+DDmSJxJxCzVjJomW9bdLoVxdvbhNfleQm VjxPiY0Bxkqkq/JhyU3JcRpQ+b5XhA7q9PIhDRllcMOarUK4sMEVK3n38fZmaSzZ xl7/DjiQn3EKwnEQso4/dajEdCAOe4cjRBdn1heQS5xnZgm0uuYajJ+jv35EvyE8 gXayeJiyXOHgUesgqNBFzT/Ld4qwQm4v64GFa2NHyUYcyqKpzIa1cWMKllMhaIbr iGQun4s36wYtiUEaDDxkfbcMr1jDDHokB+nCNz3Gg36zBRQJyf/LFsIk0tQiCOBk qOxMrcYD5x0GT8EDHKYtmfoXlCE+H5I5wAjK3KNlpWDrrpO0Ynp7fYHGeMClt23/ cDej4eqGpy+/OrVwQMeiJ/V2hL5Q0Qk+POhjUEadbPPw4XODQADBeT/y/kn3hWYU otNWg7bnJYhh4pMYXCxYwFSK5tpc5cszCsaR0+CtSRyTVMxWTl56IWl4n6xk/A5m surHCqVn33S7TIjH9aTCltz9pB/5c7/Lq/RJbGl3vw48ILJaC6qr7/w1eWJFp+tL ZEnFg6oVFa/aFB6QDQHkJfyGa1A8AgtCcCSLPsugeEOMfYsC4ZEg7KooLxDdIblv FiHFv0N+R+p8PHNbETNO9NezL1CIGgzS74xGW3wbnOlVbCtEJbGjVljVYWdpBnyN 8c6i/ASwjIMX4NuAROfJ+B/XS5Q2WTMwNmwxwsEBK6ZDEYEKIgiMstS5cwcIJ5EL 4f/f/O/7XkE6n2SJ2+n8wSJXQM9uEO+QQSawXBkGeoSVDptDAwiiRVpj+aNmr8Oe Hqofz8lbdz6t10Xm9j9+DG7Q0kqoyLBnjBdwc2JGPlTD96BRFz879V/jgTw/FEyr x9aGtx+5sBFTg5ds+WzfraqR9DSOd0q9xEGZ6gRKbN6LRI51q96rzoAGoaYTo+bS gIL8dxU/PzDxEZ8GOnH110vtnt+b7lYWkLQe/K+tMmEBLMmNMsMHDO0amRU46xG0 Awak2XOOx3p9lsuCR453Vn4CZwaIXpskIDFo3V1iWIJd58tqHbVwnyizjpnrcnq9 FILQGrEoLhrOvP7S/utBsZ9PYihbD8aduzZNpNWxC/Lv8LSP1FTDB/ZPogYeDw// wRxo/m35QFwfG4U7U+uW6Z/7N/5fX/DdPd4bw7vuJQO1JShB6PCfkK+dGh+1XMKX /yI5PkmM7tFNg4y2BORcHGWjaKNp7/xU0PpXFraIwENhXSGT7mOWjvyONjaOldxP Tigh3VrsWGOf4kyOPpBDzcdqUs8wbmp3F2OQ7OP8wpa2ou84Ka85rIc+RyjT+izE nUAq/aT/agOktwHBAe8EzXBQDpSfCpTQaCfv3NQPL+QK2Ty4EcMq9FnT5idTnlmv JP8Q3+Kk8oXz/bdkvW+dksfQw+yE8fZfyfwRJKLIEMzWe3HtOMr18WbVU3pHhwfP OouEX/9OCZenycf8P3KJ+ViaS1RrRL/O21jVupUgcC7kumJwiYYYjH8q+e0JI/PO FqExNOjm1xm9ZX7xu36KUawsw1HiooaI45x75ddQlRpjmt14pQJYNoaweOActoba V1c550tHt7xlOIJNwhLFxIgN2axvPEdhONDLMOqwPjCvG6xep6wBagxrKHvRUjU5 XLvsPAeItrX0oUCvvydX7Dl6PmWauy8NCNlDZrxrcYrFHQdTWYzVUp6M+pt4SRIE V8YYAvAavVsZBWSG9cYTEkiKGBnV07qPfrKn0gzjaqDMGtF+FOxoqv8EiZ8bI5c+ IztGlNoT7bpFoVv7Jcx7wNcYV9Xh+/+Y7R2GAaW1GN/A7OlLmezgJD2HdfHvaVZ4 KEZMo0QHuBoJLsqhS7XSLoLgkaq+72VPNI1xYpHC3qO63wW2K7LvxxTs7Z3na81g c5brAyNhyERIqGLKUypxNLehBzqoA9/+VoBxnjO5DLpV+7lbVCXuI7PUdvMwWemW DFzGgIhjZUf00RXc7/3mxiFtxXc+9/GcBwIluNcC06RiC1cqo8zGbwC2bMVKvrKG Gillmor, et al. Expires 27 January 2022 [Page 123] Internet-Draft Header Protection S/MIME July 2021 7n+1shUyxz3QFKXQu/Qv7ZPpDy0QQvv4pOrC7ArCYi1K100uo/lfN7WWF3S08RC/ 5VCzAaUYA0h1OuKbNmhFcK8GCHM91b2KBU91lfmbF6QNh0qeEdVABj9uBO9+26LT QaQJZh+bBDQCzTUVu97wHfbQKbd7xy6epVrSoBki9uAfof0pElcuTbpSFtTtgKzT kOAWYgmt9QE8ZEqjf6Duj2CBkcXqFKOEacx6QoUxC/tMMrMN4w+4vZyJp0k61/00 2TgmIUBekdqFx1cg60v5G2ad9fBB/a+q/IwIPI+T5NsepMxapvH3OfqBIfPCLAg2 3SJKuuPa/YYr0i1z82XHKtbmFwF/pVGVksiJYg4mLZbXAor8RXzAgATQEQ1Xz4XR NLS5PAGD4KpY/EFnROv0Iq56t7mEnxISi2TolvjtWnGkML279EDZjBycik9+yRAy DkBcMhe8WQdlPKgPXlLLUWZE8QteESP8YJSNqyQ8sYB/W9JzKSmDPYgwHOl+q2P5 Y1gY+h8uPLzv8Hgbs4WvEq3ns2FMUaP6XuuMeWO5qAgAirUU5L7pNLQUB569z1NH GSAhjSAJdhNug9nuubG4upaWuc9DGMbPJe+EC6itqitSaBtL5lxu0aBa2TMhjn+A PQEVzDMf78TQSUhZy5HJnj8c2DupKL6i20NIaF1doHHgOHXRxS6VPJGxq5X/XanK TzMV0cVB2cltkcf75/JYu1JALe3o+49fm+nGUHrGlp6eHqXo1RwMaKFh/2Kw0nVs nivNX2mAoZAQRlZSJJCm9KOX7AtcY+uo3E+9wmNX+3iCwudxTjWNqFmD//Og9CED aiqxFmvJF5AopqL5peo/BqH0BsEwb8lbeR9gSP5LUKmFFQ/Jeaf+EmCznUfMi5JV q2GzcVsLjsKjBipSccydc96D8TXbWSJJop/qz/47usS5kAlha8RhEDCKGe2s5mPV MRtJ+Dgn3HHzsVf9Mhb7IWbrq4W9jG6elr18hRxs39FhzZD0ovnFXPdiR64caAQP gyMFBrUdR4AMXahTwyl+rCtAt7SUBjAyIOXsjqEghENX/M/qi56IuI8nWg+cJtDL yFWhq3oJ75wEZGSX66GHMYcog0NMes8Lx9rsvBun5MXfmM+Dmq2VHjkAKP4NOPlQ jXo+kxW6YjfPGRAdBmlWrXqRqJljN8qffpgbAOgIF4uq/QD0dRx+dUmTWIAcU3C3 AW7Wux5f3w7AUNZDjt39eD0ivI+3jgMiSUGxCp3yZ+dQ1hxjnpq3YnVCTU9iJJ2r MXg8pOQFK4ofZB1EmBmhxJd/2lN1WAvAJHpgFXGs7Qy89WhY6RObYwvBPpkULu2D aWVc6sEPXCgdBiSUd9fFbWNhDQd5puLpEuqLftejN7WNE1+Db9aiIlA+v05T3zX7 PYGxVGuYxf/P+Sl2wBR4yl8r/vONAyctAALCYP/KudSIgXQ7zWVC1klAjqRksWmK SDtNmnXHlMfPTt7Av4vHX8iZrz6sOGpMso9j+Sdo62Ppmbwl9vS8gbZ4zFeelkXh OXXIbRo7p3tMeFwsogY/7o8Y+9gxep0rm/w1mTWsQRHJr0t967Ki3AUrX2HoIa0j mlOL846o7a1kMrKIK0FdFmWUFV7/iWbjoaX6GWJ0ovF5+KffFmfF1jPYDptlKR1K PFjDwpzWuIu94fmDL5L7KcMUA/cGd4eSkXaIpYjNBQZ3QD9kqzoT2KopK2yG8DAX ScKlkB6EehTUzBIpvYRA2pA0W1Lfjnbzn5EU0PWa3sp2Yq++C4fURxEt+8yT8t6N WlFlqUJRQfWmEf1ZLHTA4Lvi7/HUN8JZDfNw7wckorMO4ZPWYI6+zBQmhx1IiGun PZ5s+lUSQKPi1uUArMwfcT0CkTE1ebt44z02GEyLyou4ZelKbz5oXh/mz7qyUZcX U6WcaNHuvIu+3r2I1RlblH1FYHB0/l6CQYQUPZh/GvVTliPpg0VqxbE//9zTYi+R JF430mMMRXBhiNvJhWEfbdVr2YQXQKwN8yngzIlC1blCWWXE8LxrSb9HWbUrFmpG XcHg94A9B3uUcZwX80AuW8Km35KgCqNR5se9r3EMWeSvR61cTjZq5jU9lwwpkGdD heD7fdGDLq4DRktks2jvwn4UIm7uEu//7A77jhhvXgxv5no1EcrctPsMZsIuSsp6 wUlMgY07vUuRVTSxmdeSwUXzwTPKqsSCq0XgdPe5bEjgIU/+jCTQczYeIUHqRwLj 5qay14SkHSEBv29pwEXTJg1R9NXYQ1J9GtPtHrrS9Nf60YWMbsWvCdeM29BYHE0A 4bZm0KrNNtiQcQu91diLXG4lxsW/ukLTMndvp7zHbKdq0dX0I/uewQsecCZOTNkb o/NyDKUd215Mo5LOTQtvvgZ5BB1bB9y2fWGsRvGbI6rZXCcEa96PoCaNlFAjT2tM IjEiBcc/5T5qY1zNcw9HgU47GEIY3iTVNTVAdDAIfN9IIt3rWFhjiOgD9jcGBMyf O9NNPwapxJ0QDzFBgOxYyQXe5u84T7PTxvsJ2W9wYXawqx+yr44zPrSTGcRC1ed3 EH1VhSuooWwzhlXFtRKure3d5K0lGUoNXwQAlqyNPA9GoyjGRdUnO4RY85uf10za 76z8OfGYqxnxyir0ZNZKhCqOhzGI8I1/mNJ/tvmjfF9hLbNOXWajrL4ziMeb1thT 3Oj2sTLyFWlEcakU+4XhU05IAJDk8RyqRPXD9mmiJx5h9pgAaa+B4huIB8Tbx6Hh jsPszUbkzFNt64/+C4y0Oq9c501ZPBKxiSx5/1U6SlwkepBL2TZjio1w9fACjGSx /OxUjlZNpWe959WL9eG7GICIy9yDNWGvHiQxxSZZF6mlN9ob1N7KR6jpKhWyKIwh EukNuUKuYYqBnLO+nRNCuVJpSPOmXXmbTcPC5QRTrTem/krg6cGRMP1qCQ84jJDB XBY+MX1QqAKrK/JLuydUrWjoIeN4Zpw8USZEaBlO9ZNv8ZJlYNv7Y+mkz12ZbnmI 8cF6pB9Dw16c78ESuwTE+ghGnPtvxZ5dn15oxlkryWIWHkOJod2m+3x6assc2ADa Gillmor, et al. Expires 27 January 2022 [Page 124] Internet-Draft Header Protection S/MIME July 2021 HULNQRYqyR1RgwUysf6rQLMT0WRWOEoqn4n/SuvPpfLe0VylldnBMT7Q6awFkTtY Y2kWJ3NwP1G1Q8rcW9wcXj6+92XH0NU2sn0bNei7+wK6YnLL5rGgmp5QjPYlYJrw sBGZ4hPtxmmuAKRWtoy8+oyT0kHjIEmg7nqxUZ3WJjk/SxQt2j+mYTaBPvqrIqmo g0nxu9cnUVNJs1ScnF7Tceu2GFtN1yaBFZlrkW7uX9FWL94LtGletsVJlEPB4oPN dT8x2siM3HHmqdCUiQd04oRUYG4A33NwI2GlI6RQ73deLlEJqUPUqhahyA3FvK6K lU6x1Q13/TUj2satyjiZe+YNhlUZXmwTinPb+pUtsuo037yt0JcXjqdjkTEJc2yk gSKWwYZxQJtZkYRme1TnI0sciULrdtLNWQ1CDR+V4lyoc+6P7w9voCM297Ip819b xif6PKmHwNqdigey565yB8ngz8JwLtvq2BbbQjmm2QV4nMbeMJGkvwDijp5q5pTF 9Rh2ljMBcJq9EY8w0fYcEEEB0PNF8iIVPoIvJNSfUIPoWhz4ocBxQCJTlD9ZhWMg yCpOuYjcLm34O1swrvNvO5hb5Kvz0xSMlYhC/bU2phWV3EmnS4DBvZCfNxIUAok/ zfbfc1B1AzJ+w/3X6dRRcG3tD/zn6GXT+SBJGOAKZ1W7fJcNA0a8yzHq6IkpWdjw D+WeHOYQUN+UPiF/8pN8xPi71fyzJRpqj6s792yudJNvcg2WZEf0gdty2LEkQ52Z m6mVcj404cGhyeiI8Sa4yD/LP6msfMUB9NGxKpknMfkzE1STGIuVr+3E8wdkLfbL Tl/HyfO5GpxgIb1Zw3i/EUGDkd1dy1qI3nq2ILccaYJsY/LjHKnbjAltj/CCyWqB W7rmbpHpqhNEHomC1on2C/mzN/Ea28tzhci7bErT2giDHVlqqfaAsaDFGngmbOGx G8mpoj9yjrrew9b/KfUjd+eUzuXoWlFVqmaj3IEIGsSK17dd6TCOYbujDyRNfpVf nH9H7JWBdpdH3IJMapHuKVj3Gdfb+L0KHgAImHMA2yQQQxmluvLZln38UQuM2a/B mXHx4D9tIzk+wy5F7atOqH73gx9KoZcQRvU2E97H9y1ddcTTDEDhhohuupn++5ni wX3IE2UywQEd2TPYWV7xCx5/LypsNG+tnwLneN0HFrXle5Yvt+zTKiZDlCl9UkOM wphDI6TRyOlIuvK7h44fTyBKSFoSYyev0CBLDP9tUgo3oSR9zlcDJlP0v2XPoCQ5 jTlj7L96h1JQnKX9xINc5bPDLocMG5ht8q2VItRHtSEQVrZtyVqokJnRtIVDR68F aho1hjC9pZoU4fEB6Qwpsy1ITyDdkstjuYl71QDChs0ceoN0xx4TO23czVCLN+z2 UF5zQwK/fwz4Zf8xpStxhoqEfG29dkXR1y77I6hJTjmjxPyOaWw3Ffw9fFU2mtQA f/DrlheHMOyogBSllBX1xXeyD7tneLVebUK/RPzB1wfsxA+t36+f4X0XfI1xMbWV Bd9o1bxgaob+zASOSoVhpi/64FCReUQPTrqQlyu+5rz3GsHSVxEBjV3K+F2ZFgXH FMt4lj4LKlErUZpLKS+PsoR4Uc71dlrcTni+baJtgsdkuUCnLbI1o1+c33qqtWyu 3MD2OOEkIO+2AReqvbhT0R6BwkZGlhU7k1sZQcmnjS+wUR6zYRdnQ52zJs/fglEH fwKJaRagDSb3+HvCFsQVcgTia2ppzcbnORTYTfHiugWv6TWYBLOtOh3odigIrMZb I+a37z4tL2bBR0engUKRha///Hv0HX9hYj6HufnHbrakx7kJ8QDiM7/XbHmp/EFa QsubLIXp07htSBG8rYeyFcnY5DCygtNRyeBa4gvrQxN/fsssay7wDPylUjIc/83Y WRxvKlsONECIPAUYovLO0AvHZeZsoes55AdGyzqZqhCwOUNwwZknmhL/3D6sZE+M 8acu/0dBUSVkQKceswjAlK3mwHoMV87E8s8Kvg4g7/mpZbZfNZ0ux/cj08Ilglb4 C55JlH7H5a7rueuUdkAedi/QB78MjZKsTFHlfeiov5z7C0zv/xxswUxTHF0l5l3c N8IWLrgaKG40QoFhHjTPe2QAmgXt4Zhi5BCp+e4JqYnPmmBrw4GjwbnMD4AE5YKf SI/JkCSQTaGeL5cl789uzqnVh+wT0rft5uQpB8l+RgekwIqAcwmeHww8VvTIGtB/ 940B+UBeiWsCgFBANm350hrfLn/dh7HwOemg6CRbmNpBGXpIjWwE5L6V7aD9T5Qk fPZgmPkc65oZ9S7EejomfGH30OyUr1oC2jsVPd+1llLYlH4Wv8pGWzkKYhXmGyjj TKOdWcOsc0/9ChR0cHy5b4E0NVKm0wCoJstY+bgpDRYbA1G3Urmmh43g+pbfZ15p jVnx7oQmlzeLpfpWcFZbJ3NmLBb/Y/QmMlmoEtYbakYkbLYgB2DMrBdM3hN7Bwi3 8VM3WUes9gb1xvz3X4IEVL6Z2cAJDlxgyyFD6dtFlvfc/ONoZXF+pydrWQAalxQZ uDZLKo+pdGkVZC5bHtHQd5tc2EmWiNawzK04KhEVkYTbO2KIYWQvwoN0aiDZEY40 Gb4Pf9kUUMCI0T/uG75DqVrjIvNooNPWOUvE5PuVN1sK7vK9sKxzhHgyElygOCRl VOzHKuB787LgfyXrHlTfY2PEIOKCqa4FuYYT8WTG/NtgqVjDE2yCZsHu/qUXSe+9 EwfhEUDwS3np2N9dwcMUNZKvefeOnc/7D57Z5xCvsioU2yns/NGMlbewMpbVaDjK 08G9pfLq3EDTU0Jw7iAZgG2duaIouYgQS1uursITbg2npAD42JbQ5iebrRUE650s z2rLkM+/7/tz6TWhUbcIJv1BbP5M+xvnWwCCzvm05Rm8CrLzgb+7jFbYHDIaaYPE gfGxSiuIXxBYyTAWPj9iIiHuCwr1BBw71VY3U2gRqxk= Gillmor, et al. Expires 27 January 2022 [Page 125] Internet-Draft Header Protection S/MIME July 2021 B.3.16. S/MIME encrypted and signed over a complex message, Wrapped Message with hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9425 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 5974 bytes ⇩ (unwraps to) └┬╴message/rfc822 1799 bytes └┬╴multipart/mixed 1735 bytes ├┬╴multipart/alternative 1114 bytes │├─╴text/plain 373 bytes │└─╴text/html 457 bytes └─╴image/png inline 232 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 12:11:02 -0500 MIIbLAYJKoZIhvcNAQcDoIIbHTCCGxkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBACjMzFIXlc3EbymBS0JPbwPNsuC8oupYKV2Z zEPTKjXpbK6gAq2DHXW+UN6VxRnuK5og8/5A6CH1qssj4VvZFE9BYmVtXBQzdSYg UB1lOVwT16EfEhaHMPlw2rZ6F7hnMApYrpiH3oMNzDF3L3AOMRwwu4botbDl2ONY KC1TGC2i77Uy3EfyHxO6yx2mOvL2xfzXf8lu3uP6j0WcOAI/bcwmMybxP1ieHsxp MM/wy92eu4cRreEln/W+FDwp2PCTEQE4EMeJvq9ovQjzRSa9EjAsadZmJ66KRbDH OjIxpVISEgPCSD/nmY68P92JPWt4lySKmjm3Z4tzNVWcVYtxKNwwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAI/LCW328CZK5s77+nE3oW/7D 8ciV58oIhhU2ACOcQX+pBSXDPWl4DcBF0PbajRnzCL+RHbEDOpvV8iIv2pG3izDU XKvS9U5iVvFM9ZsCw2aUfOSiyw1sCT09gVMZAJc32hASFpPZDQvQnIMG8lnPMHaH nsj0CFc7M1RNcgrI+5hLoc3YSZzlv/khKsj04/TkKtfqJdhoei17Ch3iMRXLXHcT Gillmor, et al. Expires 27 January 2022 [Page 126] Internet-Draft Header Protection S/MIME July 2021 J5z+Pp56onPplEa3l6SFYEqj9l5k6aMqIfujFipfXU2xLN8wthVGnus6wroDde6G Rh19XCDBTwsqlr46QAOUMie+JOx6mA4anWEDK5UzWmkAsJ70afNOF+TWxpTX9jCC F/4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENOmE62/eOPyBJsQx75+tcWAghfQ RlceRC3Yh6DhNhJPej5k0aSqZp4yYE3yGFeQ/nuY7KjRFQ43ZJ2D/McFrfRQrox7 2JXDYRlN1QDrFY5Ik1CkCArMAH28D4b8+VUH4bLD/hjoCti2nfROXY4dZaBVdB4k 1sOplPXAHoy5gK8TeMBToyXoIwdQ4SP7BJFzfU1uZq0JIrC1Q7muA1MM2AY+nPhU fMv4zr7pODpQz7YWK79GeJVM1Xsu40gvduJdxdt19Tz3cqB3Vg64nU08vDXp5A+e fP8qxogkv2pOn+hPv2Etg6TIpZYdcfHIysbQYwGjkdrXxFoSijD9Ankc/OAaZCvm WFv6+GIff0jk+lI7vWje107u2WIMsceo5cXdVhBLL4u7/x18RukgCpJF7LPEvT4e 1aWzI6nfCM+yz7GucNXeRUJ3PP+zjmDyzFJg9KvgL/fibz3G1js3CibezT7cWPDy 9WeLULXNgvfd6qdeRAk4oW0NN7Wk1ar1Dz/LOyv+tC0YVx7B9HkplY4x9XP3dvqy cfgTJ90Z2b1JN9YKa44wGN4PfJkT8ChCpaw+1L9LDZrTQyQAzfgHkAKTTazOS1S6 SUyz02sM5cx4w/FwQzdSEyHZSzor80DffYiwSUQEgvm8aO3gYtWGvRdTQD9re/yj cotzfYeezN3Z2gr6LdExUwyykvpctLjDM8IAPgXfcaJN90QHbfOPoqOCgP/68ohS 5tY9getzCcNE0UjwWxmkJIRBCoy3IcCKNjAtxwaEEF2Q3Ummaw7i0VkvYaN1f4Kt M4uYYxV+Jyde528ltqIYcAsB7+P0PzJ+192TSO/zA4mCH2PlpQZ7OaUsgY4WKo6h oiYgTNxNgD1I6SlhqQtRkuQsAOQcVy5rpss453xZNBU7gOlbUygMMZ9M00TDuW2Z cGGRi5KtHOxIVkdN8R2/zFLrtyBXIm+erRUyfUupYrHxCQr+BlZsLWsuMwL6nY8d beWupZ7uD7l9xdbKwTuHDXwttRhzRzM+IkH5JUh769T8IKNU+DpJ8APSs9sn4Q9w y/fuORtJIHKMo6WmTyV1zipHd653aKFL7Zz16rYz4Meg/qsKxzyjlH6yGhgccENV 2xa6DXmbLMvKp8eME/nurEB7g0ifozwMPab85eJDxSQfPktofgDESqa826WGQI88 rzHyw6BFBC1uPn1hcMq0r6LR1zPhAcqQsx7zDahTYRspN4xSEUe0p3oPJ9tVJKvr mHAHO5GpEx2Zs7RWzXLBYb4fVfrCHu55O41EbXWU1ROX5JsVJS6+lLUQViqUKk3F tyBIYZhylAGEFHft/J1JdjNz/6iMrsXntiKNIpRDSkvQdVUT78+97rH9t5DbetxJ NnH34n2ZvQEuNghL35vBQv6Pcs4inkZ7OLY07k+3Zt1Qogqxlk/3ZZYQ4gg0x99C 6bS84GZV5OchQR0h6Ci+iCiR0G4+koTYo0BDZUa6JNR6kyX1LVPZys0QSbwi34BN n38Aenw57CUUkLigHfrcd+kw8nfF/VjMFda2wayrpQ0llmYWMkM+XfUtFQjplZ0c O9sdIQdE9G5+bG7YcU8UZfyl/UoqTBELBLyVIR7y7+80IDobuErkIi7WbQrs/rkK Jzx1lI7Z2zR/Cer5pTgaKURcEzGEyHwUD1jwNdpUstVXgSLz+Pe0zdQOLucAVgtG Ct8VtAE6xpdYl9KxU40Ke1VH/FU0L7uq9Br5QBawLVvH9R9a98JgfKdB7Nu4teg4 P1X8IWna8kT75n1V5o+EcrZTExyNPgQJyAvH00tCdj9cof0QNWQ3gw8RitEGIocX +gWqLaeFmXX0500a6a5ypQHQuU6sUujZMj8biD0NaboGN+wMiftu7fRZBcxS+3n6 dYx0pwlU6CSrDGET03HvVVWaJl9rJ1iGB86Q9VFXvELvwysuR3IpUxmlH8LDyb5+ LHKxe0PIEEO/DGBPE8YFycGXIpOUGeO/NIRYXWJy3nF5UoVbYLuBrB5i98WB3CY4 RNsk5UBmoZ+q0EKmzasXgCYc+nO758kBgNtmnVyH/cRrwrQALA8oLm+qURNUF1PO vIrQkKnFNh6QH/K+mJEPMQGzSprhkhS18WOql2gpgqiVNbUuj2qQ1DC/riJZOF+S b3wwGyBN/0WmTs1VxM7TjyWwfu88RXE/SozKwWbpHrOIY10kQkPxtE2zYACwrXEp TVZr6RTCbiazzvaps93hXruLDXBKc0UUUn/wTgAzLyCVuNl4obrl9CAPDkZIgU6M sJNArE/HJti3cvWTIavEOf4ez/OTpdzoIsnyv31Wc/0QkGk07qLaxq90nNwiWPJq J4HsMDwPzuLhfg5cOaA+9xzKzEEQQquXx3UMKRLht3/i4mwuNepZdYpGz9Go7Zal O5ZwzzKde2H3XGa/3wsXhXYfFD/wUagmDYEmILXwFifSKLOo0GnX7E4zR40T0Kfd 6JJ76u3RCo1j7BMas+dbw7RQ+X0wCd+KQi0lvd9IMZ4Yr7vurZnpGRdQQh79QHbK l0RBMx4nyEsHyUQii6VxfmvslF5yzRGzePQD6HW8O6LTci96omIBsdpSt4rSr3CT Ig3IP0gSNI/H4pu90R5XButCbu4fJcNFmb1VQswBsmwTXl+5G0QTVRoqst3a8tAI +4mnaR/uZRfTt8LBgMDK59jSuFNNWxgrCTUm6PSRaqm/9ZVcwvXHLWXNFYFGC+6L tufao/+k2Bphx261a/AERJyRJhgFF1gDyA8G74wfrVcYXXLYwNSP0sirYsjN9pE4 RVMFNKYFaLsMyYiBAJLAoD0waXEBg2/kKeBPKhpNr8yIgQoNbpSxYV7oYqHCtBtT k6o25FIj2MXauDvdxeN27drfjXM40x2Jtm/ryuBhZkF70do8bqUjMWEHkGxbGUa1 Gillmor, et al. Expires 27 January 2022 [Page 127] Internet-Draft Header Protection S/MIME July 2021 7M7vPMReB7lfJeJs+HjTYrhHXqtLsKMJoHD64boPNMAOQnaJTKT4WwVt0Op552yS rgc9vhaA//BN0oONV34x293H6Z7l9aBY6Su5xp5frwgT4vy2T2xXYASSN6ewGsN/ TSyp5RV7n93PmeYxcssAxRGs8Ww8V8AI8xk1Wi+hRxoLy/IcxuIKajUzdq6XYEBB RzAQslcM3bXpIA7xM0OR3P/grAqH1Qhh4zBGouljMH7LWRUqspCW4xGZdBAuPogN JgbQaijQzPL8I93qw74qce6qTVTio0EK2ljRdOQ9Q1J/teG8hfaRlAcC5QUAr3GV X1Z+CjNG8ywLaOyyYHoQ22yRYmiLuKkR93u79W9gogN8bUE3Qrw4wPxLOKfKZlQn k02QnVMrHaQAcY3FgXOpdvMC3Gxhpi8AQzF2OWQDo35UHDjB6rTWTrRIxI7O5oxN icVPihJ7XZF5eL2WpISJzJ+zj8tcVDA1GOFiNlC0zF6jHEUEdRvc++tOSao6Ckwa +8sfsmoYRAijrsKN/BW6P2NC5K7KH6LwzySHdJNgDofW3Ekgw+mrSK0TzhrE3F9h R7m3/mFa/22I2cHgAti+uF3RSL3xli0HOoiH53MM2B7G4xpkcTCWO4tmqfYBrNUI BnLSoz2yLxWYH1mYGnH03ooVK45N9/BGUadV5ByQaB9nC8sD3BEft9wTxq0jRBPn eEFeiIDpbz2TzkJ5XTrAS14mR6jaxT0gYfM6T0YMhlt60HHUujWtv3SMoC3JBXiq lx62lmdvxvJsoxmET9nTA5RmpZJPUSXn9R6jXVNg87CC3EHXGYS3SVyGT5l24X4x 90mRan9QiF+a3pVjQTt33UzHgpW2hwrljL4OEik9jFwXf4plGBT8Itzdud4P7Wqc 4Lg3cbsBe+I53m3Ghy04tQ66fggE4Zi23OH6DxljsE/JJ8DBlnFA5kCBvLfAP8zc ZLbOMo799nbexsfJp4jo/0TkFzMbjk5Rp0vRvJlxqCxZiMpj51FyPH7q/hd3wd9f s06pJpXI4AkUXxeMl3EDmcYe4e6lR3RdFR0Oj+uHlQQFwvQSKMWK7Jq6K3bK1y/t DfutHObp05kmTjgoAEJPxcuKV6y7bSbPc6LHKU1SPg4E3hKHVK7e1TQqAbTMp3du Hza0QeEbgXw0+6/8pcC089XAoQ9Et/YvfxmYLZ5LMGfYkAfHsmnsy7kKLEOiPQNS ZNwef1XUfUecsdGxg67Y4E0y2RvivaKFsoCrFCKVIRXzKIIwVUTo/qyDmbUJaI42 SsqdxKh0S42Uj0Ey8pew6G5SJuMK3YhOvmraZeVqJvfpQxj/FpEzQIqCKMiSF1jY H009sESdyCWH2F0thzranDGRRNDlIbwv81kaflTgl5Ug5Bu/aoPnaBhMmTd86YPs PNjBFdcr92jnEjj95zPhy2nGn+o96s/dzrTvaQpq7BIbtZcZRxvQEkY0tYGoZ98R C1M+kKImegPFoU+4UajtEnPVhbPxom0kZcPffJcS7i4nRPlrXKaOZnQ4Kc9jxwIQ kqJqXakWQqGri3vGaUP5PIfdbEdjVPONpf/WJPMHCz1v4fn7eEsu7uB1livaUVpz /vhLzvjMiJB4D0z+B+YKDKmvtnGK2+JNJbwbYiPTaykXBUXxmTFMeClhvz0yZRST mWtRFKopcKiK/ME9roq+FpZOeRSPkP3inpZYZQ6UpcfX2GHa6sVmIAIrrmPKjWsQ MFNMQXUWT7fwmHRzZhWV0jzDzjPxAIaJ9PAtEGkdOwAbWManCx3G+gju0lJV+WtR NQurz4x7mAotU2E4+DwGSAw/XZO7E6Ht+oMKDI13EGzc3P+Tbceg+uoUE3bncrr9 f9jOXKf8fL4OTvmPeLJMbgzFDTYs/vPzzSuL7X673geebfFhagavUweDx80kNn7j ywHTAFxmWEa8irFA/pof3J9T4kVFspdLQoVoLx8PBoCwDhU/12jZ9C4LgbWLbkMh 4i/eP8ULCiEvw2wNMKt+BJMv9OmDQ4oidBMpxYfKeOullKPJ5FXKF8swhY7XZV7U ku2PwEQXP19Ry6RK4+KVWZQlJBS7/IBggyN8mVx0sgpbpPPk3vmesSXRcuiOQe0Z 3nCvCjOV9A05lk+zS/+O4rwudTmmf0+DJr+cUa0VNSZLNsaykm9HF5txo8Hg7tC8 cJdtUI2UBTGfc+EAzpbsv1hP0K3SHABmatOuJA8YCOdIb4LWyxxy3EcFsHXx9UhT K03riK52wFzaoAkZJnIfx6y9GK1StAQCKaAmo3OrxNWajKV+oWT75ZXfPRa8Cu/D sA907g1qT87WmtVHQu5JFE4r2NC52B8bC3UIJVOU/qtijVPhAkundJp2yx7q58hB Vo8A3Wv3U0XMpED7wbJBKO6CJc/wa1Kx7RehcEfh3JZhZvYSpbRNkhKBFszW7K/T j+Tght9wozEQoc3uVsXflHAN2mROTOT6axo234DmJ8K3jUlpsU+zI3n0qwF6VMgD 5Qi3lfsbBISRsVK18OtRr7XGGlNNHCnQqsyi0AoTbHSO/N+BhME2jBw4IAh2Hd2I 0ERKvOuFsy25IrlSUwoTcS0wDR4gUNB1UE+JMRMY96uGz9uYhNby3TnNUclhBGTv jH/rmHcIPy6+RAGhnC9E8ejcW7KJ2hwWkvMRl/wsR7M3OSzy/yOMYzQkTSEOJ0os cLB9ROASnPBp4ymEoUuqxYd6L4eTxlnUlcSeJK8PI9CspQ2tFCoMs1lJh/eFwp7P FlISQEJh05Wl7a7svhDpg9zsUNbrqeyp1UMO4f0ZzQaXK0xwZzUVXoPyCsoS+TpO zAp0isrlLYRlHPZFkl+1GctlX0/ho0UqNdhh4v383mGOQvuGridR1J6aOOBUeI3t W5ZbD1Z0lZOMYHQRHd7UefCBWp3Iv4qd2iyBoW68JmCLrEnA5MQtBNeuPRFztBjS RrjshjrpqthStLAORaX3I7J2tEilicQXD8ohSqRk3GBy922mc5F1RWV5lem2irva Vq+gz6DsGaxwdF1AZXnngDw3MjQyCYgMs8ecGOoPr+hJYguhIT0DCNGFix8fCWWr Gillmor, et al. Expires 27 January 2022 [Page 128] Internet-Draft Header Protection S/MIME July 2021 joWeejmNokbN8ZDadID9or68y2iCVVVX4N31yxqWUppojT6OiEs3ANhIG0SA990e 6yaZH9fkG4fA/GoiUviFGy1qaulO6jFmP8M3FDZ0srLnJAf1PtWgGOpxXA+sW/uy BSnRUm5fv60rs2T0NsQYPIMoBDwtjcQHKH3xgU4NA94EDi+BGTBVOq3+qgXVwPhh 0HBDQi6YlRPTDB6Rq68k1ybSxqxIjf7Kin/33fn0q8jA87kl5dLvnTHskZ53R8O2 QAPRABkjmOUAyYWZIaNU3GUsQhNDKnAi/s6X1zM6YFmgcFdfZZic2N49DD93kXgH hjecAv2fmgsFbYlHb+t9rTDX6IQk5KolfbSAsYnFASwn0AIyKnkAkczEGg/p+1oK gLp8KQj7dyG7SNI5azVdsyZZxGkzV+zmgfnN7mfGOlAWh5KLvTzGFwd9EtlQDC8z CTCrzOKm9Pa7SwSQKIOH4o74XXgeijCTSIYWwRDqF7SWF+0E+kQ9TiMNl9cjG20P VWvHv2kMBdCXEfBmPCwkiqmgSIP4txiq1FvS4swwnoT5WzMlEi/gKxUkwC1D/o7o d3m3ywLOzq2co9zNNiuvlxblIUCCz5MbCU1rz19rM92IglljN9mu5g476PvzKHPt K3fyU5YxOqhlR1JxUgL1dl2tMtBycqUPu/eT1yO6ER4b5Z4v5jzWQ91a/La2l/tV gllSFIQ5yGPB745+CZ3uCREOAFnwwXYw42jaV1MxJptchjJHY4oKFarROlXF3Oe+ 7nwuFS4WMkCZuXXHLevrRBPa7F0DX9tRDs2fYpJeEfpOR8epvB4nglk7x+bL0RKd xrY6dRH0cS1dJ5TXTWJtvCL/LocfiN+TKJDhlkgq72I8aKOZqxhqDk81nu9y3tbt V9QGTzXhtg7KzXyQacxYUoTHHCDopEVVr6CNc0PY1xGN9CpLIg1BTduuBlIoTJyi EBgE9dL64xi/D5jYLsV0L+iWO/ASRYEhKzqETSyPte8kWaqvIUUgH8bQCI9rJXab mngAU8eMR5Fdl8aXE//FCpUiLfK3cMQtKZn3q15gymnqSKi0BSZoogU4tFQnyC2E gghhGe0fsdJgUbWUqlTyhtFTGhNCsFtooFTWVotcPAuo4CiUevm5v7Yu9xm8mvX0 r4S6I2bBoWhyiosZcd5lZensmUHBAwoHgKuJGAScPSfGQep5nUXcAx8rgW5LOq4+ 0kedmfwIvcvpc0WEOuycX/zFBHgZQJ3bnbNkBtzZf2xPg6jW+BRi7vOlfkzhhOcK fSwVELORItBGxRq5eysPrNnNhsftJPv7yy9boCE+MwrwH6WGG+4dnm3Gj6sNKdZv 44QYT81muB6IDi5lpbK1PNEsko/Yxo07eMjWgx3ChnuuNdfgY7xWh2gnqBFvF1b7 m1D5AuZW+XAJ/yJTbLrJHLQzSoVp9+k0kvbe/suzbVsGNv+Awqs6E5csFgTM+lwg geqq+lF7R6tH4GrPdpm7raGmQxZVc8vh6x/CKDEBqY0Cc6tGr3V2e/gH2oiuHIc0 V8O04kjr3hJQBBZk34jWg0pFGNGxzPE4WtEI0CxvINs9aYdNvEY2iVRfH1Wi6+HS KwuRnMKbysO6rwIevDe1wa9JqBmqJFGteKqkdGzlaHMJTw9ehprhKrRAjf3aJ15C xS3AiWc7guUeZiS/pN+DYpgX8HuFTuyf2FxEiDdLFFa0A6ozlq09CzQ3i6OYjQcO 4fckHJD2PyoaQ3bbHdiEp/UNqq5OrAHSpVlqCCcN/gkTAZun5mNEZ96Yru16QrUw jwXRwRff4Fhtux5WQklxflspTTPkQWG33X3WELecjw0abCYo4gcpD1kTjb74LmhB eO9t8/YCMC0Di96YRHTvsux9qLFeYzI7J/hSeVm8G2ho7/McWU1q2jQMhdF4e1vv G/pjZpCRUj9jfSCGoA9Yu05C/ifkS6p41mt1z1SrE0ttXYGYYgTLZzCR/XsyCHSO rLxSXEp59N+Onc48lbgEpcpN3Z0Cf+bOPYIODGfLwRorwoqJpG+cv4UJQfj2ZX9A bhBfC4dD0ZlqMAhBjK1zvfDDjafmY/5CD3xfTqPDxKTDjW/UVShgxuLn/Ida0NAA pAcZk4SNuLYBM4uG+YEl6ddJfuzndZgKOb4MbCPu34rRIF9AWBNu8P1Gca5dlzuK B.3.17. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: Gillmor, et al. Expires 27 January 2022 [Page 129] Internet-Draft Header Protection S/MIME July 2021 └─╴application/pkcs7-mime [smime.p7m] 9470 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 5998 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1765 bytes ├┬╴multipart/alternative 1118 bytes │├─╴text/plain 385 bytes │└─╴text/html 466 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 12:12:02 -0500 MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBACg5SAEbJdRyrU8Bf5P1nTcvjMySeblcbXsC SPaTgaVlplQQBJ8FmEBqzqelnX/JRwlJblVRu3LpDq0jaXSvJOnU0G9n1uuVbwIO g2rKZmzj1nR3GUfnvVip5f7hfxCXtdIkTW2nxYrhrlMuOCSn8vhIg1vaZNKflzwl B7xn5F94g+SJwnxyOi66u35/A9fzexPN2CziSG9z2UAf6L+PV/AUSM13NnnFCNxP WwbnG9DqAOuCPVXq+W8Y93CvFjG4p4UP+6PLTeLcciFe60QKqeZoeE57xBzferxu u3HOrMm1m6nLHXXzayGx2PPfC9rGZqHBdS6EeuMd50SchpyVeNAwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAQIKKinEhs2gGBlkr4wmROMLj J5BtZ9ui0KT3QP47qn7cy9N18l7BK3yBTmqx3Lrw+Zb0Efyk6Hf5uP7PYj0wdET6 smbGw9rmBbRIsTxqu/Jpu0jUEwPperuRFfSOU+2h9CkXlbCY9ZnntltaGVKJxFCF myXpOYFf5MfVyG6+Z4WljpR9JeiI57DTAPbD/+2LEedm0z/lvhDN/QSCZLDIe0Jo vOfS5CvzHmLHyPtUbdHxJ71NMQvbkQhu0dZFbxtFUypWTFk+X84PSCZQt5/NvrKB W7+SEzylc/Jbnp3je5M7bd+XjgBdhblYEO2CNw4EwnQxEtLhD+JNn9wzeelrJjCC GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJyJ4Y4LdbBu1BDaj40MuPmAghfw BPr3MdKD9K8S+bENae4nFDCZSuX/TxLyWxeCErUi452NWR4++LedhDvwMIO9OQPI zEzvs/1974yrRPhTfXtls8uyKS2MArtXEP+SwkqmF/sI60Miko1wrYZMm/ccCSor G45CdWIfCZmRaFJ+sui9+Uoe9aUw8gFtDE+4J7smDXWo/slu8mBcjbe+ncGk6ahx 4607LxUagIoUT2ynLRV4N7Ex2uQ/NF/geMAqmAyYhD4mjjWC/WmIDVuQt+j1tZzR hUiADCdmR1qtynmG+cNu0RIa04lBw7NQSYZoI6ysnYKyH2e4F7cT42LdcHsiVrPQ sgiSG6zyh+pk+Va27L2Ou788dSg+yZ0MvZn129vPksqn1z5Ep22JQh5WKKX1f0mT U2lJbn+4AMGQPMzo1dVFydx5HFfV7cbhY5spO9uTV/IZPJOogOaZkNtLM8MMJDJy AOWO2iNyFJ5qQUCgK3gHwAe0kwsX9eIKaoCK0m4VeK5a3JLI0ktQduEw8y29asp9 33CDvr/u2qpNe29ouO7rw0G4K61uA1w9DKUxuSOCPVYocazFKd4zsdlSXgHmKwuW Gillmor, et al. Expires 27 January 2022 [Page 130] Internet-Draft Header Protection S/MIME July 2021 GGdYGTvfLD/+ZWSbXWwRXIj40cPzbyHgIRLWOGxkEeBRyHnKp/wdX4QdpwOVXItj +fxqvCYc8iKEz/993R1FdGtUG7StJm0gCfOjU4DWnYJhNBSNfv/rkUd5bQtmUpHI HxxG7nC1EC3MQdGlZXSghfj2PKVDW6mFU6p2ExpsRkIOJ0RZRrhJuWXsNZvcNKFn 05GrZzjKiCI199cyY5yJ6hUMl4rinVtr2YEibH5LTTHJAVX1ihv3pS6x1mFsWHXV 196gLUqHbu1bNceZ1GCS8KJxsm/IGL8lPWWVup/QF4d/528m65Fw6Ww9d2NsSUPf byY420MylkUlZslOsepqST14h7jAwYJqfctT6SvK7RBF15c7CH2MNCyta7no7PfM 6xpq1xQylmBuOEYu3Flk6Z3LHwFNRKxYlz4+rN/5Om56uY9nsGECpC56kjbD3pZj cbjrOMYJxmJk8NQ+tPLmNTHBINtUGGUrO9rv2xYfNSPVKOGzKDacij2i4aNhS4IT kr/j9Vq6qF1QCZ9J6sUJgAynKQKiRZS7QUFwp0LaBjV7/f9iJE0nthxnw9z+ndFj UQXnqTczPc0fzCG8r3Z6TCH3KvVBvJ7uc5gJAo7hlZ2p+hzsaTne3xmQlclorzJI 53qD6jn0AO3mCb/Ce7atobRput6cflyu4wsgSX7XqjB6GyEtyhT/j2/uZUEwuK1L sbkVt69LerG19ALgz+zEpmoivn4Jz2TQ+h27TKmAm/IZv50EbGbIzoJR9ZAYf6ep EBoj4XtWSH04kqmTs4qY5EZdzaPgzKrAP1y1H/ouxeltesKOqQAbpeuoNLt17oEt SZRfzQemo4cYuqu7cBfIOF8JAn81NupfzD89FhoDIzIpz2Fa2PdUZ8v+CBJSfUmU aeem0Y+o1TmoJnNBSLHBCVkzgpvph7efjk2mxNHREOAw0iqdTErh2j1HxHMWJyiz NMmzjEUg6Sm7bTTkY16zqMK2j61pH+cR+4nSi+OyFboJbf8PF5Ge2XN4M5ZTbd0F /+CXTSqe67ncl9nxl51dz7U9ghr8ryYAAsl69pk1Ozq15Ek+jdqsfj6urjHWIZWU ejb4x5qicfhWPbEnmax/TG4kV3LY53KjYQzIzwcHE+jwq71so4uMUf/LnmNv6o9u ti4XNQvk+j9hvQoolMuuzOzJO/XIxte3aSjhukE72mcjoU6U4Mid0fFgz1UKELv3 uH9o4DsLL35cGaJUYo7AYyRXz/REm1VT0H5VtdBPMMvWOC0FaVCnZqHMoZVCSPrI Jo+E7W2l/sxNrzKAcy4gVzZKkrazvIEz8tMzWLaIMo0tkiu7EVjUMvHoMLf7Y9g/ he+JNo7GbfCro0PaycGakfvTBX456kxn9RmWi08hJHVP3fMDGR7DVZyoVHmhgRuF o1PYB/CnVop6SHoXg651w5MVa6aVPmTtb+oMK+BzZYshlqQ9JRdbF1QiQRWW9rew DPZAkc8AqkDmMa4hUbDl7wPn+noVZk65Y5Jqq6Fn6gHFZSZxGiAwp2R+iF6QbBi+ GFAYJsmuBRXDquJi//1eXEDFhtWGOOrfhyvtdT62RgANWeaHF/pXXuhVczwfQTwA 3Bigvd/PsJ/vHT9iJUItTMGLeS3N00xJhmz5VLywW3P5yhC7DOExk3w57guBl+35 Xxc7Yz76vkKpAmiqHO2sPkGtn8Wke7S/w2uZsfLiflJ3p/8IOQMNK7eTaPuQM/ez +0ktdSTvambpu9xekyCqTLyLSwZtlN5Me0iox/Uz15ytNzshe/2enklHEgLMJTrB 5eHy6J9SykSRSHbvw/aXAIeJYeRqL/e7uG2JHxYsdbJ0gmrPA9kvtTdPvWC3qRMK 36UP29i9YZQTH5g/3+lfOSL/D4k10RXVO/XfIuU/LnLHeijCIpdQ55hvXFbO6w85 otk5z/NGQdqO2N2w9dh2dv85SZRZQappzuMVp5N8M0Vb922vhZbOwMTtSDNjyeIS xLarc3xrmdl4FV6xRDLWIKVsa12Qv8PGLvYxGvFVHBbdtW1nwP1yEyc8unlBAYvQ V73tgsZhwXJ84FoVwGtZ0rRoQ9l6edqNlOYUiSkIX2ai9amIlWuxKYf/rIvu4T2n 6/t8n3i+MqBKcOmcPGxVWMaYfLxlBQqg0kCh031MgSw/pLm40eV+lHgI8GixyBcV QrAV7c8B7Tf9u3xDZ4r360k3Nbm2TnMvVWaO2brcwU7UHrGhjKCJETK7Yn4G0lv2 YsHamXmxD9ae2+8QnpwJ1+j1QW2K0NzQbj4p5boMQQPZ8UhVIw+btgqK4uu7tMLc 4a97LDsZY9GefcbovG0IgNFNIYmSolJQyk0vdzRgfcKXbl/yUGagjfL7RuhCU/92 oVSVl07mGeCTu+WRC//aPCodyT7Lrv/Y/dd4NYzIv7QSyf/RklYiJ75lBhLuwLoI YAOtiSV4s6FpOZkRvPby+FuUZLWrD9wmED3Yq2nMsYGSGhDtaZGsWqnrFatfr02V ajh1j9WNBJPErhO3LifrWhU3SpSnbzRORZh7AzjjoDBJU8M8lMgkr5JCn+e3COfH AfRR9cansxaCXTM8Su/+Dtw6oEm/K7aWAim7KZ7uP1vnhZYJq70vu6/YH01MD00z fK7P73+JMs+c6s0PcaMMRm3j1WILGIKQgGk65iFAUW8iGAp6T4Zsv8P5tPPn00Da F9Vr6Fz6APk2ueLwrF1dk4eXKt1IrbFeu8sMzPv3O+z6kC7IFv9kL8Wdjlq6MNLE BdCVosbTYq+QPWAh0mg7Ky7t52QHi3n5YGLClsj+RXBcv6jwNWlcqgUFjZOAhJDC zjPlrRuufAGTK2QCLBnHoVcl+pwFJniCT5B0VuY8sZiwuMhNGRDpMvILw5w+lEvc CIQ1lqR10a+OvwFN42YOYmTCZtnC1wkH/1OoY3O0m/lnOrypLKLc27WBV/4ficGY VXf6nwhYCAzZEfChQfdXxpAqYp1JmWO0IvKwzrhI+dMr925V1pP1Q6SIubJyci1d 3jVOHYeFLBr8NwPMaDgG27DnM4RicmIb2qkXDgs4l0jQ+qCEEFF+Itbk+agNOZon Gillmor, et al. Expires 27 January 2022 [Page 131] Internet-Draft Header Protection S/MIME July 2021 pILFOAJfkZ7JVptHD0p10AgrZVRx2efUJ3z/RHqmRecwc2S1bftaq4MSVz0R5U+D G9ppeQSZwGLXwMhPxgoa40Wu2R9nQAfGB3UAsZHB7yJy6XRZPKncuPD6981lkxAX lZG/Ft2lHLAEmnXdzQI85hRiDdwVOY7YgzL7Jibv5oFLOxv0qBEPC+UDurkTOzjf w6QS+QQ0gVwpIODaRT4EFTT5rbqAV44/qx1u11JX8Uacz6cGlqu+KBsQ3QAomg4C B5PAl7ZaAKOtCPBEbrSSWEwXVgozYVHDJDACGc903cz7rJgcJilvMEM+ZVwbC1cw gAM7I3h4Xsku4JZ87lSFz8guc1q8D2W+Z7rq9fMwIxD2nMK11K7LbBMNhUzrDFYn vmRGWIU6qatgzDe7qG9lvsGuFS/V8aIMnKjcFuDMSBH/nj8dF6r3X+BBmJuKRK+D jDbzogBI0oPnBjs8AyaGYHS415Mn3P/cTsrG1tddngVoKX3Cz3NV8pjd7uIKaBUr OHSAwdB39RU20Jbv1YqQTRcgSyBOnVf2HKqP6N9836DAQKfDofz9TQxExaFlbxhi xEdc2HSIewAZM7fJY78vpnvLwB6IOuqd3egD/AUjjhK6SDcSaVwfNhp5CLGUDSqb zKccNVWu9M6hV38M7yfV1S3FqSZNkZucmd5VTuZmNBpyQhm7mfc9XYVTK+WrBFEv E5lGiAkMqW+TBE78MFAf90L2ZkwVXlUjFXrDc9OURnEu7j2UaupA8azc9Aq2Ho4b ri7LWwbJplfiGi66TS2CstCnokV8XZ4S3GK/UgATxjVq4hpt1vGWBF7hWIduHJE0 pNtkoyWby3enEXPUBilH+SSZRU/ZnItmjK+pyjSwJm2SxjIqv98nCB3sSdU4jBpW tmqVR2pfUM2+8Jr66Wk8iLRYf0xlNKlTk7U/yKbN/0lvan3nPoXkFF2/HLYdUCd2 LblEs76eo+TxaKIHu8XKZRDbJ1uzqIJYaOL1INi52kN2gZuKmS6ARdfXJ+V4l19Y sTCVMIb6uTrZrzcpPkuxNdSPFex5+jrfeB7+7qmW9zD/rQFPt88VNu6wrFnpNvhd hNo0BtEegVk866eJBmKjBFQDzDR3gtRIQXsi9JRyllg414TB7cg75L3VbODOLqmz 6t2ErgUFZRLRkSepH0Ylz6He4M3LangIBaAd1DTM82I+i8vY8bh7JZsm215BafqQ Xqf4yjjfByjcE4nbjeVSFOKrPNCe41caINZd9LT0PMDULCiKQamYCIlyKz+3y6Br Hv0Bg+mcHZEqmnNSqAQfY01sWnlqYwqqAat/LwabfVN7AJyXgKsHwIV2aM78Msfv 2XAx+axVvelIEqVO/IX8g/dQLJ7Lrd5ZVMywRHxs77ObYHrCnhan5m5r765kiFo0 tUw6ff7ReuRIQvX3i+Yy2LlsIWa4aIOg702TN2BKTEcPo4MHB7frMD+9DhhlmlHW oGCNlgrPBZUOU1h3A5LTmiqV3cyeB67xjPMrTVsMp3r8mUEJEXfU9gXXiecRem7G vL7KsPSnDnV+YV44fHKI9eaAtUH/XTG3ELho5jN4z6KgzALpramB3bqPmsi4palc Qim4NKqhGB3vin4gDCOOlopKpn+CUaKFsBsmmsOZXR5llHXkHiGDAvet0x64xC6T /Jt7Ywtc/oIaRxNYAruTQXyva/OEll4Z0Mic2rZyn2UU8rjB2Ax1yKo9N27DbPrv wlHqKFO5wdo33s+XECogMJMqmW2almEzw9oliDNWODU/5qDQMUz6/gEBhW3g6nBH pF1T3Uwo7S2OGY4+qChysyV9g9uf8CcykQtXMVSYDboo7B9ClUWp4+0W3woVnVZK nAgOI0N4Z0pUOg742DDn4kEZMBurUT67ssblb6SFzYrUIXL3hVtJAyLPlkVhIkdW aahmeBMAGhq0vgTxlGKvT4DaJZuPCy1rxHDkley5RKiZBHBzzH63kAxikarKEhO3 i/aB0Btu1Y0Gr4vrM/ynuIwTE///giigc8rTfZnXnHkojWBQVehHaE21nD4wXZbs V5FV+RYNnhNs6IpNRWL7h6IdvxwtGZmq1iGYyMmJ3vNIMHaDJyev87ytQEvjphi+ re9BMYGXIGsbxTwwdKW/VViBMP7MxVoDHO4e4pBoVlhFElGL5gcnpCG7qiJ98i96 VlJyTFF+ktUtWmDhE8ozkbTnqbz1M79BRsLJIrsOSWSzDeRlfBUBEfBpYwlMfKik hEjL4FZCL3UZtE6lpEozA5XWxavUDvFOO+4sXwSYLeos/G9RGCGHs41vVoTu/vrS RyCRTQFm7d2JU4yNNUCLKrjSXyJ5ob3OYMZTrpseVwy+9Onwvg5ic81vYQ8ScL3h xCfbUxuFf9c72lSNYUrDHCUGdiqPmi7UTfEXn5JnnhG+s+NXY9iK65DcQfuUSL64 LjGqZNEMw5Z6+UgPOwgw5qp+MC10iOAXvrIXxVeqwAPGTLKpPcSzH/p8z2H51AFG xeMNcUYrb4sAY+IkFjhe1lkNeymFax9HogCSsYiYXY9OAjNLsp/gpS9QH7sZqdll UHp2pj1BHqumW2EzhIEURb66+/nG/3o1T0JFwwCMVV7mm0pLRuU6QfBet3oU+iin 9gIymNrJLYa9K3hJ/FpyA2tcglkSdHFGFvHBzKJD2m0B1Y05FIIlDuTAUpjujQWy kDrF+g4EWmTn4flTGfbugxMYIDFV51sDKMfOWtDXRGcvef7PP7qFSw3RworYPZed e4AvoToZnVIC2Lq2oUGIJbU3bbSWlw6iIOmENBKA8U0jnbcCN6TUEPO2vY33AypE BbzgkIO+ruZyIGrcDlhVeAE9grptGCtc342Ii+ywDMPYSkgNC8qs3y+I5WI6NDt5 RY8Vrm5sYnkJDIYZ6wtkDB2C0VXLIqHtE4qTL3gm5R1pGGZ3y+CRD7ns9yUs5kQM a+aQ8AwV2cvmLNgZuJDLlyMBMzrJoTjiHFq7N2l72XRx3BUeDykK8gWeXj1vBZum OZen4mUXUskGH92WZcHG3soz4ceby+uOyxJPKMusxJ8wdEfGDJHUKia7jpvi4v21 Gillmor, et al. Expires 27 January 2022 [Page 132] Internet-Draft Header Protection S/MIME July 2021 qvQ12fwmBV/rPiEunNnKEakczNB3fmZBDeTHmkkUpEyOtIAW0U5VHa0N9sHAjHh+ wCNB34BFZpHoXQ2yy0D7UHmFep1hFu3dahHfeohp2FEHAi3BkNc8l/Aem9ERznY+ IvCpxQbLb4pqtnWm/ko9Ai0MI1ouKNAyNzEbwF294ZGn9ABYHOChppB/zGyDLUFn K8PmHio/OSyddzwXyHi4gV6+Njnle2M+R/07SMxTqKS05TDIvsgW2i8AN7U08lwj csKC9T+4fO7CMFrJqgeTwE9OBE6CY10mCe3AdF/f+a7sgt8Oe+vTXgBvtfo0GNLw P5eqf2atPl+/5WzQdjtGSC+CWVmK/WJk/98n1DpoZ0hXn4m4F1AUq1nv7/g5TFlX WUFpDbjRb676ynX7UEj0AzyYjrUU8hAzPBvcQkndrjeYSWaKkE4DHn3bbH7wAhRg AOhQqXFMIbOnyC5e0NWsIYn9nab+PlY7HUGjmWtW8XSheJkBh6Wf0aaO90OHTrq9 ZLJ6XZkwtuh5pNUGYdjSrjmVcEPwin14wieGfJXkCbmBsZ8kJXR+eaQBR3qadKcR Cfn8kAC4efD761OJk2HvzjNZaIqvdNVekvJyGMiTWfhHpuZjQ0fcJC5NDbmwCdNY Qz7iS4YWdbXg10JNag32tazuhNwUegZFGXL9a5gcNkv7AdmWGkSdt0lsSPV05kfC QurrTtShb3hfJkR6KnVBSK3jFjcF5asLM/VxoQ/iBgaanPhen0fNWgkyJJaVmDJi 4xzAhz9r6kPENqyCY5C+e62MvEaekDidg0gZUWuo/gdb6moIoBrCqZr4J9y4W2Tt 6AZQtChAdW/A4OqDgXlXmXc/tXMy65zIccDzc/JMzufzQcP4wC7DbYC+sg/bNvv7 LWWT4esu7njEbX7Ni4zIjhBlynqL+qecT5kB8ipGeql6+Js2iKNsi1HYQ+hTt4Xz k/sEobzFVLp6yWNpa0ZqyY7RTLcb3OJUM+KCgSftZd6FWi7M1cPn7PUWG+Hdof/R dxOt/PaXDxNYEK9yrcVWP4yurQ1YS+0oXzpmuAMQIbWvQki+tr0JcpsKnUxcvvsH ZFxZ02bTi73DCFCSWK00j8j5IVbvrRBvtgkVOAl4c5WU34sh6nwJPPBTeO002wFE VgO2F6dPTTys/6D9eOzd3yb3aEJ9PNFhpzY4uhS3TBWhEcuyJlpus8ximdQjwjlQ IgvT1ty1v2SRJLA8gVY8cmR6yn6KEL2lc2PsclF6zjYZd6khKSyrBBu7ZceIo78Q bnPly68qrr8l7x/DxYHFJ6pwZ8LYPg8XkZb4k3TmLZrA4ys3a81R5RKHkwmc9qAI kyNSd6lJLMeD2IMC7rxCupV/dIJZ2cIjH/46ZTOTB4jADtrHN1SjeFWOqnHhjKr+ naZLCDk2EcSquYtna4J4BvyQXdcebEz8/zSNK6jS1v8= B.3.18. S/MIME encrypted and signed over a complex message, Injected Headers with hcp_strong (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 10100 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6460 bytes ⇩ (unwraps to) └┬╴multipart/mixed 2088 bytes ├─╴text/plain 58 bytes └┬╴multipart/mixed 1596 bytes ├┬╴multipart/alternative 1190 bytes │├─╴text/plain 421 bytes │└─╴text/html 502 bytes └─╴image/png inline 236 bytes Its contents are: Gillmor, et al. Expires 27 January 2022 [Page 133] Internet-Draft Header Protection S/MIME July 2021 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <9cfcaae2-9fec-5aca-9a29-c98da35b262d@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 12:13:02 -0500 MIIdHAYJKoZIhvcNAQcDoIIdDTCCHQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAEWYkOXbozCgn9S8iXQC0gutDVG0YPIJVm7k oS/9bJiQJUvaRNUw+Nj5QB2RYBoyUkAYI2JX/1q8PUAHH9KfUR6EOHkMWMYjZNZD cEOKyz0lFkhUUL2hW4NtriRalYxcQoQb5lbQpBIm9sSSxSUPLOVfDCKWVtfezLtG +G4qtZyK/ih7LmcWW05GTzOhoaWx7QM4n5UqIxvleH2ncJZdWtQxp2nhkww745ME jkOBqXRxUpeCGiulXT3lU4efVIsHcJA1G9q9mpXz1OZFewtvLkdUDlVgm/gA9+Nm D9LXe6z4VLwWjTCS1k19/9r/GMjxhYn0yD8iwo9d6jXYsTSv8iUwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAFjcQW2naUCwQ3YNI7QTekTBL hqLffZscJbnMbWEWh87qQh/++/hy3h4XCgB/28tCMiBkuBAQHUFbrudBaFPbk2D7 jdhwdId8QCOV64VIP59T2jHwqqEl47M7+jN28ipnVHy4r2hg1XdS8xN3EcOOfxbn rE9ERd1D6IIHrGTNMEfzs1Ntvd/6katezKqYtV2zDUkF/uL3SmkIoitIb7hEW4mH hy8UsLGt2ZmEhY49lsQWJQqxR4V9/7NYqFCSdSKt+oIbTzv3PVN7rtvZOeM2MG13 /2zLagsWuUMPrvpC5HMMl8YR4mxOPJOi5m2xMrIS6kgfd3/KrpX1niUfuvEgiDCC Ge4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC+d2DmVGu7vHFBEpLF4Ke+AghnA kzd7S/YbQDNpFka9cVZpJMyZSUzF+U3YQH7KjV7717o23YBLQPYEGxsA0LWTSILa JOon1R9d7vP81XGUWVHmpP4T7d45bOgQWHysoAREhkMQqyUb01mW3F7kSJkOmKcN uNjVH8MJuhr8wiraPjN/GT7+xYy7tH2bXYmkuuzruXMH3s+P2+ZN4nqzvY9KPUDM m9muevN1p/dQhYq2vPTFrrUS2QBOtuPjgxOAG02R2jNwJlWiVQrSCG8O3li2JNDc Inem3VkMajeDw/8+dSjUz/eZ2/xvmWKhJ9YwtGu0e001+SEXNzMRO3lbJJN9yWqL 2j8VtnuAwX6QBcauaUg+kZY5DInb3gNPq6pX0px7rKRY78nXLsRpYsOM7Y7xiu7z 5HoDzf9Hxim2j3gkYr7M+ULToQ0e8t1Vo90GSWB9Z7PnGt/NbCwK2LtDsuzZswuM EclO3+Hfjey44GSB7GtuT8hc6I/NBnIEAPV0IbJfgH2MqTowuuM/GZz01rL9ijgX Rn1FFGLkrba+pw/DpqLjZCE7qS1vZUS10Br3scbayUl/4HTVWnLbrV2C1SGjVinY 1pHqiZQSpk6KPtNXoiL+XXNzpHXEv05VFrpulXheD1kz8w3D/Z4YqjR71bb8FVJs okvUR1s4ifDrinFwenBtdtH+Ra+8lejaXbbp0wuKX3Ne7hryjX4iKFv7aaJsg+bx 38DaXujx+9pF2gXULSSFGIxaTujy5fdIhvcKqHdAu/c9YZMlWnkK0xyvC0asGM0M H1Rzf4BWMxk3XpVZYzyqW0LIR/K5OUPsl2pN7B2y9QiWBQ061/8Mv3pViiu91thd 73uzgY9gKdPwsrKYhsSMLqrvuV4O6qTxZF/EwiKn7JRPwRozIVcnZtJSz7+MUH2t 6mqUNygJlPPo4BF3/NZk8NeqfaHTic+nhgUyYwejhXk3dii8Z7etAFMsyTWFiEw8 xvdzI521CcmTn/+Ov6kOWSSbZkfzcMkhYSSpoh+8/kk49VPpvEyhT3D77pfIzTd8 isKyyxyqIxFje1wDXUvKwoGHI1tvRsmxmUkRl9aa7iO1eXHVtQnXosajrM41MKI6 GYgKCLBh2jIAP/3Ae1Rwrd60XXbKhJek+4W2F9yqehTN9+ev0ZQ/Shtz9I4QiT6h gWkk56ijCZGUjxdIIAO4dAj/Iw35eGxvVxpKk7AE0kA9W1PV1NyrxytPn1SHsUHj zH536kW463PEBuVbPucedwr7GiAKHZaERhHZwEtSqrXi6Hk84z6LVzb8yG0KEuuo a7WnjdliVc23EQsbY1CV1/ZmyxaMZ1cVnKsvda8xko25KI+/y0mD2YK/VcXprfRe Gillmor, et al. Expires 27 January 2022 [Page 134] Internet-Draft Header Protection S/MIME July 2021 WOfck9QWC5cvQqMTVpxV1ykMFFPMOOLRqyFDYK79WoMKLV6LTqKEsuzj+JxeMFf1 rjR22h5WDEjkglngB8P5KYHmpKIJVlSycemCu0gxu4iLZ1iAkncXF3Q/jVe3OepT 4pj1hiRE6NbmzSo4yiQWiRMAziXu965vloLLlqhyGkeBgI4virllLegB4GM958Id iahOSRan0S5zijfQFWW/6ugAOK3d/iuZc5/OnzL1DTP6jISOVpkfpwuh6Va9vxkQ dUQZK4bjSW3A3nLl6AHn9RzV4pS7RfINyx/hYN+XoJl7qkfwWBLUxYtsUt03qqJv +n4eOpFQXSEOHyFWbIsdoWMUrBjwKCa8xLYCjPbxqCQv2IuLcekNj3rEYxjRWFkZ OzxSHhqlmKdNCLrUpxhqRwivDQSHr0VRpNCCfv9HkdP49zdyoF5bOXW8b754aKxI BN205TjoGRCbozJ/QmFsrKRKqURPo7R5Pi0rTe51HbTC0aLP056whZjIsjAhNXxt QXu0K/ZHE1ip5QD/cfsOQL94lRjwSQPYbv1+hNvxx/52gWrf7DnkVk80NyfNHMcm UoeiVgQxp1GpHz8iv/ducJBx+YLCyJzZ6S0MswL1uPuk08Dlhz1ALM3deKEQcOoS /665Rb+ZMuwDNFIhi7c7EK6d9FWHLpvAv4OOWVWtv+tQi+cU00CNKKO9R1TLZGVP oDii0CcFszUyiluAO5mCUwbgk98EHv4v5tqICI1oUpTy/qF85vqg+//6OcwJrYYP 4MolKXNYLVaYvjzZZeYpcyx4kC5bLZktp/Yom7Kq8/Nof/AoBJjbDc/IU3f0u81R vZXM+b7PTwbfTlw6TQU5UFqEz8BarVINhrMlCkOUKp3ddgkRbnnBsXQp+BvQwh+i dQn5LnTew8kVenRPozwG/nThBQd7L/XcLYwM7S5cytcpbECERR4h4axl5FS0jud8 UltbXu9mG2xSL5ZKDiPteQm86aocxd3bcwD9zbYnx0T7/2nr0gnkitMpO1gGVEC2 jGJUrmMjvBX3VZK5Pi32FlWJ8u0xWJchY/Sfx6k8hrHiBuyYkHYyhbos7VDL5E/Z Pki+8m6aa/LBEV60ll/ZP2CpvWEjtaLqOoR2qUHsHFLTQsGyL6Tvauh0NI5hkFG7 1nqhmJqp0jL3H2L/UO+cw9HpFUxC5BSu3L1bWp/xsDBvuHQkfvlI+WSaxZCHUYys XjcXrrr8PNYKixOlRDUFs3bu+vWhO/SQaTzRKrlHyWOO3M3k/mJdwFh7cQMwXchf vpfHC+Ha4po/MLphNa9ZCARlh+OjHt3Wn0TqF+NEqo7Zckqpu7eWKzV6yr5CNk84 UeWzHXpoXnOF9CDINDj1/+1/ODooRjSHSTk7GSlPzmrl/IUqhfwPTkr+XfozBwWR /m/IwWAqdVeS6rxE7IcN3m9cTqE66dX3uHBnOdlc/E8N5lhEmKJJSDgcpWDdfiJn YVK4PWHify+iQEg/DI7Bk2slTrmQBTiYHjWPaRhjFxBeHTBkhWeCTbcrT3G/1q84 3LjrkKmn6VGnc9Oifl3ua4EJinHUoWn++5HgyEosifKWQiPWYkfV6uIYUSMf0Y/9 5RiU6dNxqPrEwbTRvGaqNoY5EE7/zDrktHl+ZavezUtEmFCGfVru4GmV6JRAAC72 /J1YcQXjfscu+SRW7GS8pj24jGMM60f5RZy46efRlmqVqZ8WF5ciJN5BAEz8FQ7R 5KYqHDdRsqImEf2folbLvbSFkDmsnFrLswKdXVgInfdr7ddiud++nRb9KgFugC8a lSNt3eOwkEmc6vDd1+auovLXXF9fPnSPx+9N0wBnQbIDMEG4Qbo9FBFOHiiMC89u 8Up9kmfyqwNge4JaQxxOG0RvQMP4OypGAhyNk0NhGYbS2OcHp+s2kH9BiYw3Xn64 XawZnKQtQWpBSCKzq/aBIGya2kY/olHJm59NXRoBax60vHf08xGhGWTde4sMhned fRlRRSzwoJRYu35a3Xg+iZ8SwvnwkGnAB+pxAip1XDm5kGiR2mXckNJ/8JQQf+CS PpMeI3aieEoApqh9CiSgKkNVZnZkzMMBXoN0l0nQ75sPficTVOplYZ0DpbTgmieY Kist3Yf6kKH0BBXUmc5tAqPOK++TkFx6wff2hpJKJu0mWhMpTVBVSdv0eiFA59wI NwuI8ZccVQcdH2dP1Vqun3C87y49ClagneW818TxK3KocUSJ84/jInFucc/v41Nr Kdbl6g43MQmj97zcaIYRB6JM102A89bN9j6UX/GpsICafLb4Ml622SH5LZyrcVSn RujexKoiLCTYJscg6VfCnxeEkgrsc79NZ/rp4jd9gc5h3B+azq8uuJj4VwcnqjPZ JSdLQKCMSH/nyb+hv+30zi9r+4HXn+sqgqAD6iUPsWB2GL1nKnMHKjMo7FnmA1Fu w65i510BeSAkjF2Gx4FIKycoaRqUBjICMtMrorrO/KmGP7l7dRpuhauOukayTOS7 8VKnb5lJOewHkS6VD5sAEYYrp7xMlX+w+azPxYG6subuEyiACJNRBylcFaKv5w8y 2FCf4SVXO08bCgM5v6X2V0+44rNTq9SYygUIppVFbe2gZuPA8ZNi0iN0hwTsO9lw yJndiesu6NDfxnUqeP4k05b2dE3NMzgfqICUuI+gRVBNpsauXSkZmKRZ5xGSxztG j95vpUKXzyzzC7mIrzRq2ZeL7tj7X2u8t5wl+AFWeu8d5jkiII4jFIZlL3kWPSIH guBvePaqkcR7uOzPksP7dx/dYMjGjsMucdnf/a9fqa1uouurpZXCp8hSpxV3VHD0 gN9ojaFQlNt1wqW7H3iy6eY+b8PngKY4//wdyoj3sazcxUWN44nUa+zGHjQWwFFB SgSFidez5n6vQABTwhkZrBz47Yhkc0QF2WwzlvEx96/9+eG20MfTrQINCPx/cDWT N/PP8QpJkG86x3Kokr8thJYQHnlxgLXZywLIx31jKR3FSYzsD5PERTDzVU9cNEF9 tGwSqEYg8AcLBFHzOU/iz0ilU2/i1ilcEoAivRD52H4OgpMArMZEL+x7peLEKs7n Gillmor, et al. Expires 27 January 2022 [Page 135] Internet-Draft Header Protection S/MIME July 2021 a+on1E1RuQE/YSrA8KgGQ2kSaaouCuybeqx5SyYi1B003c4QTvcE8ShVbJhhbTka 3vpcb/Zw9rZ+AeYyFfKj82Z6n/ujgEhmd+6Ianz4LNdgPgATpTgD9L/MiFv0LaWl CtcGCBHSpBgk1ghemkMlVKORFy+CALQFdoVWtY1dJ2rDZl+BkyQPfTIXdoBmW3rm P+TlHYBTA8WmOyS4Td4040h37gqNzk6WOi7oxY2Y5qKL05K1mcuymIvDXdDTTRY/ Pf3NcnBEHMVBqp4n2P/tDdqPLhkBHzGB/c82A1BXxt1tSrNZrKNYL3sPZYWEUd82 EtMDgKaNw4on+whyZexNl7hDS/JpO/2M1h8TaPel8EaPc/n0WiTgqajrNWdNUm0K Idf5gmeOjTLbNHYyBg81nkEif5k/73YvJvJDDAxZ2CxI/URgmpeqNWQ8SNukidiE qjkO+uvxxE105UIOEBCqwNd3MQSxmggMPHyfAIy6wVkE1zaRuEZvikZr2lMB4/qT myc4tp3JVK2s4cK2933tWE7NYLMZMGRZJa5EDijFi4rBggiHP0uv2u6MYFCL9WZL fahwSlpa1mF3Az7+LaglL7ymyXMEcr1xHCwzolL3pX2J5q98rciCvkw6qkGLZYlL x4nAJnaRoxkya7eWZmHb/WcHOV4KghwYifsv9jlSfYrGZrB8YoCksuKZUlcZWB9f 8992P0K+Pmcngtn2mBh5lTJ5nxPHUOLap3Psh77FLvflfkitP/Py7BPWq6uEQdgs Zy5j8DbSQ8gUUzpDIHxwhx0xyvK8jIfAaKmP9ldVI79n+kElJt3ay1r7Gvm+2tsT 7+AEjB8Nt382mAQte2zhmF4ecl+c3fgEFDySkbM/n/ws2Wp7tbNBDQVGUOTHUq04 3dUTfMyHdsW+wQPEUSJx5U1OA7T671hwtf/X2OJDdC963efXDdLUiwMJTvK48HzX zjWlKwe0PNQj0qmLnzLsz4jzAo0lYeBzmfGmnXQb1+ReiQLAbzvg+q2lKrR93X06 iSOtSpNP562saAYSD6mx/9ngqTfdODqZUsnD/wcn29hNox/RHVVf7+CJ8lWBrU0U 7u/E+wKVfvFRkiBw9Aj3gEBC24GSfsb234xYILlIX/9zMMurslXL9uxZz6lKtenR As29a8xlDNiDUdZMwJhZbtABJC2gXsw0RK/uCasbkVGNeb5FGYEfOgN9NLtmryP1 2dcHQtug5WHcyDrtAjxVY6LuQCCpF3/9pzAtpH//f4qpf6tzumnoKwjwXMs54UlY snBfIDQHNpRNYINiCyAO2mrNO/h6C6ELJu42zqZFzHcPy/u2Kq7IQAO5CvF7/2TE kpe+PusukCdfpJeR6xOZJlR8Zd+CD271ZZSbuxveRU8Q5pu13Wena7aBMXySt3Ro RlKM2sQ6gI4TV2hZgk0uOg3g6l02ebXe39YZba2RU8FVsz2ySIgTYDixKmBpnZ0H rrl3xEUl5FW3hcH6FU/Bpqtv+K2xp1MsE75l92JIIZOMF88gtbw+/i+gao8lAMmx MF+Oa0ulBxpG/uRFMxY5+4iPRK3qZrZNLyjLAtOZ0wBbtoN8ws+MIV7/W9IiWbYB Oi3Nu0SXCYibdSFjHizV9Q1SBPHw64V0+wFb+kcAFeOxMeRtvAEsWrQbYlFxRxFx 17Nm/ldToQ7jMwZZ/zrL2Z9WD6SQgAadPqrXOFtZ1EiioHceNCb4X45GkA1wecsc U2yBmjyGiRpNu66D7qI5WjmLI0pYY8ozFJ8sWYWjVnx6B1mi5mOhPgiXjcKnLW7A 007QdGeAhxOv5nHmPsH8iO29nbMkxioRu0xqw/EvluwBEl18iXyGQXyu8BPXYMzz 3EDi4Apeu6D0lssgxJySo//TQYCowW9gE05QHTPp6ucMiuFuxRbxmGFz9QvNihxM OZ9/d0ZDj+d8uOWSJhDzN+g/Wvegmpe+l4QsSMtPz4oY9xp7MmlJjdr24m8OsS8G 6ugkxD/Bx4INuQ6OBClWYEn/abxrWJEdsIAnD+8VyVYERH1CJPuEpEtEKPGZpJub tlMGAP5H4G1v/vcRNuzwKtwBfwy+2HrCsEXg2ID6KNkaQ5rsF+eaEP40sW0Agrqr XOWjvttcSHMzWIdYnKM+dNlbJYQCfszPEyrwoNPy0TZvj/GbhkvptZhxfYlyc1wC 5bakTYtX/VEQZ8K9u0tHKKbkm1YCq6s0Cj2YoKWDkpFPSqAtw6a91TyWAO9MP1DK JAizgrwwJjZz7W68oVeUbVavIiSBqaJEU2FuQHftrpALDTL7Vb4HG+uwlCU1MlTC gfl5Z18q5GwJe2BM2ngEUfsddtsWRh4pKYtRoQavbLS6F7A13tvxbjKVU7l18VVl bp8WlPN3soXuEe6N1tWfvzZ5LPhC10lUYBv/QasAjyUPC6quYnz4L8YLOGZbnCB3 xKkTH9LwK3dK3JSu4Br8tURe5tMdEJFmE1XjAXGjwLS7Ao1Yzo7EMtIbdXNFxj0N O0BE6ZedBUEoujik0cRtdckZ3yVZzQKkLhA2iTYV1JSpoRRjb/hCEqE7q+/oIqz7 HkdmKbCWa9YEm9u195BSS5J9vRSADFR3h/uSQEGlNgnxnNBKMNTfXGya7B9IzNig MUwlW6IL7sHcUsQI4lfV25+QaW6ii6dZpHXVNUGfFkjk9aVv2D4oBhekLAJxfS9D t4FU7GQ7FElrJTiGq+L7+Jo07VBAHQpTejhFUe/myA5y3CfQ/cM6GDOyDJ69Lx3E 8/lv3Y1EmzbhE6BKCmGTv/3BtGcP1pbMN/NC/SQCYLyQaL3oGjrWiJTLmaPYT+/P EQMvuIfoIEplqHLqrZ2tKihBx+dcmt8GvD0ekC5yHDhlZWUFxtJ9LRYaGSY6SgPm poceJ756fN0JQFIzUFHzifY8u0TplXEmtbMSLw5qMnJzKcMwHjItG/3/HhaR7lO6 ZzhrGGCubD3fdnmsSvEIf+3TRMaRX9umMR9hl5Ub6eAp4j3VLDaQK0llQooxFXsq Y3a3Q3zq67sDJhUDdxwfeRbe5omx0ut5BygkOWRtT5eYOGyOISlA4f+mQCO6tvVr Gillmor, et al. Expires 27 January 2022 [Page 136] Internet-Draft Header Protection S/MIME July 2021 1EH0pncE7Cjm4Dhcg0Q3FxSfAPbr3FubD8D0bqFAAmDdGsR5iowWNiDnVd3+baqz PpL2PXsA4zA2fewBQbQtx+W9y8u1bG8R5F55QgzTIU1COJAdS4GF+jUkH//ZUUeH 0peDMkTIFIxTrbUK+cM8XwnrfixWuKU+hNSKULUxLZ/U6Hwvve9gCRH4nTZrzpX5 7r7noQBDDA3C8ly4CME3QMrkav1uTnjroXosgGL3u6z1BpuH9Reh0FUYvWo4x2bk aHFs0tMx6BOg2mi/ut4POToN+WW/jh+1c8HJfbCEX/XbrQlpzn8O/a1/fU535APE pB3AThi0b5dfsMMHGVGds/FT7EnmubAYgnIdTgmXI5aXu6mGChd2SSi1m4DmaMbV PsTMF9EE781RWHX3fRYGItLWLTSckZ95wmsW2ossKiLkCpc+oOAfzn4RNcRCxgSz KcZaOMhzY7N0Kfq+KZ/iHBcdMxvdVXiQMkAwZlv+xBledRBexuZ5k6psEYDcBXbV qhxNF/k1v3deCPJKZs1222LfsxqjzKKk/m3HFwFcEIXPfsImyJ15CYR3m0E27LJr YctpbBPYSLzZFHHVOLJbOwrO4u1B0mC5mVW2KNg4sMzSGPBRzr9RGQk77ERDVcSm FLIH1+7m7Vvgew4zq2leQtCMKc3j/YHDiWOVse12qugp/56ejA5y2yWcsS/yULqp FQb6zqvkZk3Zq5IauhrTrBJrkox7viiZtDXoS+iM+Ohuk0bEecbePs5DEtmwUI5R XaaRuKREGzxvPqeTlg6jZu4XuPDwE3zb1vQudey71NDSy5iccWd1aqXDyVxvslwy I2srfh1W8v/y6yIQuuwi90/3fD76LInAYUrrr8d12hNdq6sLmrm97vy8Bj1LgLKw WlNU15UOIJg3rQ58tfpPt0G2ViULWhYgzS8vQqCsyMExwODbnUUPz4x3RId1lYRh p0HIVCVIhJm0mA8IxdttmyD7uPdzaSNNtgHb42q3GhRUQuSDvRumJWastCC4d+bs mPjNST59uJgARWKQJXskVRPB0UUW4nmof/AFzI5hcmMsLTWDasaJdQkJlJjib/Mf AUTEGQ728gzYwnD/NTvGr2NjcmCzI+O+MW76ACBWrNlLJNssqC0PQ4hDOhk5yRv1 RMm7qU3RoJ7lRP5Jcv2q1Ttw5zd6FIHBwQmltm/Y6MKQkkPdto7boCm0Zom+xW/Y +AnlYDu5cR07uOnX3sYcOp+hye6uWL+IwdDDjZ7aXA/rAj0c1X3A8PAJIkp+o7zs Gd0+hXYLrw1ooZzXU7ujig== B.3.19. S/MIME encrypted and signed reply over a complex message, Wrapped Message with hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9750 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6200 bytes ⇩ (unwraps to) └┬╴message/rfc822 1964 bytes └┬╴multipart/mixed 1900 bytes ├┬╴multipart/alternative 1130 bytes │├─╴text/plain 381 bytes │└─╴text/html 465 bytes └─╴image/png inline 232 bytes Its contents are: Gillmor, et al. Expires 27 January 2022 [Page 137] Internet-Draft Header Protection S/MIME July 2021 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:14:02 -0500 In-Reply-To: References: MIIcHAYJKoZIhvcNAQcDoIIcDTCCHAkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAC6XPc3wZgeB3FCnDRhzs7bUIr/hjZrbZzPm H8yaAt5YW8XRZI/Bt31j9i1OtPWRqthYxM4xwIc7ShdGhF92sGkV6czLsH8kkT0p Z+FD424d5ohgjPw87eyufum1GL+1q6TPItjC7DDM4kq3v+kwMaF59PCZ1QdbB1Yp p+bGYko42Dd55Ur9xrbkklIuFI8KQuLrt6kdLehhPU8EFF2Trd5s0hbHR8/AE4GR 46lKp9nZNgkNRo9KKMXSMB9bkVe9kaTjGYKjtD23AbNDDFrwUE15jrgBkQWtWU9j BuZG/k+vtFch7NNVzGYQy95etutW1b6Efh1UJ7/sEv1at40ipKEwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAkZniKnyo4dOigzoqg0j2AJRM 57gPSOt7RygacVe0zmHsvEnmvVeRA2u3C9gJHoxQpZWdDilIEDhFUEG0POmCvksB Dl50HiQvSP8h7RDohHPCAT4TpgnFcuLwxASBXOGVEEFUfQOaTxeR3ZecR2vqfXXt TTTh+gO8j7y+uKqAdpwaSVRcawrX6KQwjiafPYhWYGkrZ53cHhN9Ljn7SvfwoigZ fY7DanPi59cvr69ErFFVQBwQUu2IGpQ2q5O18GPuk3Rjv1WMyG9aX97OlbLxjJnM Ql0ajLoSdrQaPe5y4pw5KisbXIAamC7Npu7hc0Trwftyn6SdydpdrUNVJPGf7jCC GO4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIT0h4LUiMtMNeOENaw0gB+AghjA h+dlTSrH14NOYcnRg88Aj3gjke5sIzCIy5dF9rptdXw4wmUr6pAL44ufkCY0Qm24 cq3223vx8qLJYROZRn6DA15kFHcHw1o7mZWLW2EjNo8VsNo2eIrPmT8S/2UqEU8z s9ZtYacYtD2bTJesQCr1gGck5kMJ3EXMknPUL4razcOxJB6sJLhb940fw/FsoeRC tuaMNP4wYV1FsiG2zDGuOtnIE0Z/f3I8uhLF5uSsScnCDzURA2ERWPK5SwGy2Wz6 PSw3nvIN0UtA2fSmRETWAog9DFWo/t/6sU428swxvqhFCHH7VZY/jqbE48GffVhV b8YyTr6jJvn1QJydL5n4V0rPPJdUMvmeXV/84/5oVPVY1YlOGhUXlgA0yl7JfM13 q+UubdpKCGXCOXg8NT5g1eBagomHvqjtStAscpcIgvcj7SaydqtnIgOKAzJir0AI UkOe8L8uiAZAQ+GjRUdvJVkrRood0EPDUwRO2DFXbfaxyaZOhpc2EsJlm08BTAyW kzuRRaZJHYPLqQt+UeibGg653Uo/WYi7m32gjgU9MktBqKw93URtmw8Kmy5xGm6R 8s10FNZBg1Cj3aPRXbPjkTP5WUb0bxJA/aYBUTVt6bgHgV5NSbUS9DU9S7gf+YPb h0LoTqE1DeQktnMjFCeNUrI98js/Hfnq3OYRCn/w2jsJSvj90SR3djIgiUXl0wUm YEh2cD6/OAu7UJ+LKVR9JhnJhjCfWACT1G36BLWdC5uGQ1f7/mSmYFxaD/+pwf/o GgNZyGq/ob9PLpVXjhCUozHxc6Ucy1KoBZkdPFdH3AZ918oDdQdJCOdf9jP/BV2i zPg7W17Ppd8i6QgdgUs2nrRVgJW2J7Jbf4ahlsMGeumoehsElc5BcLqM5daBB5jo 0RBUrIxUtVpuwjYlJ4fe82vgSUlaa5prSvGQlVhpD2uHqaTf4/5qtCxQimxGMHyz +SUSnoglLsYBiDVaaDgVjTv8KRtrXb3ld0PBz1RVRBKJkoynNhgw6GRxjQrce0+T Gillmor, et al. Expires 27 January 2022 [Page 138] Internet-Draft Header Protection S/MIME July 2021 qajjmpGWKScDPemN7booTxzKi66Igp/PMsmlDE20VTRH/lrg2pYcdsqz68OBLClp lE4mTpM68YcFD7O6Cu7qlW33fxw0hU6jiIVghR1bLm3j0oO1I/wJ9qu8zn7TLc+y EFYmOVTWE6DA4Ntoj5ASt51wNAXr7OLqoyod7N/A3XxJ/A80+LA0j/uhLBeqE74i qHijFBkdtM+m9mSxhBoCJeOCo/hIWDKP6ML+AQsUKoa5GqkswJ1+OhFkp73Y+PQ6 3qONvmpgf0qrcdpK7txfva0fxdaqhHZ9Ua8GC2s5CQJD0CyncDWg2EAmC+fQOrqa 2qDPldVoeUgdl0pSfi9VjpKcG0u6T05WmgFlpEAJr8dJiu/T0u/fCPhkBspAMP25 glP/sRZwDlmAT2DBDK2TXRFQaqHvXnHfYkbYtUVWkVDwfloeYOL38Xg9CCOOwly7 S5J91Pp3yFCAQCVZb2m3LadnkMYz22Xy2cxqViP53JPzNdqx7HgsklSHgp5ZZED3 PV0LNpkeeokGxjGEg59/vA4gk6rxP4Vr6wrpVPo4+WFTRk9QjHN5UbjMgiOYtWhU SWJb5G6j2ABx/UpkOY/ICSjqBmJVQnLV5xKJvai6DZhWYdYuRtAQxhrmnJC5Azt/ 7ZTDqdQb0rgyyfvrPMKGB9uoJLgaMevQH3zASx/oJlnbopA03UNaFcDFDejxtj69 /p696TJesf8841xrZi/JyEnF7eGEXtlENINRqSpdvtNjHCqrcPHfn0zYijFdwrtt mrvX8MpUFXTnVZps7bfWOxRzeYbMjCrYmHxt+3belAtrNtuWRAOBNFEU9w0fPtBF QKi/Qc69Rc67mGDPSMa+AFIPk9ncJUZN/Sb9Pmw+rj/G2ckrMhijEeSCtI7lNDj9 +Arts3gZ+jVe8GkP0y5ECwmSMufMdKxfEzslBAEoCIWJuhoK7bms8tPUAJA3mCfr IPrI8Q5+2tSMIjqFH0ZY4gACx4RMe22aV86ZuClbXfGeu1vODnk3EcW4x1yLC+jq X0bhYHaXmBAjW0Y67q+uNarcKP0Stw17eJt9sgJm2vXUSiY2rsCrWo6oHXo/kiGJ OWTx5hMO5eDvEiDvnl7bQx89k+2a9hVLXYcN2HElLhaaW9ngi5DyDU4z0ZIk0dBl Qq0celJQYKW+x+2h6DL5JmABT4DoNAi79VI45N9Ku96NZYilgmc7u8HDFJXOA7Dn B2NxrmmFx3eAokwXXLr6cO7D7ftHyheRdapaB8Lf5saoKBDE8qAxdspu8pWLoEWN SpaLeosea41JmiEvzt6IUFYdPMRCZVbfdo/IY/IcjES/8BB6RCEYCci+MU+mzmUt o9e33NxPpO9QHmNrQC//sxfXBevzPDb5fLx9q7RMt5GJUSoggzf1EQxkxGXR3nyI uUicEW0zaNfyPUtPyXYDd41ntrNAr5GWQjbtmFzpt2GBK7DeCAmVQTU4Sa7SjMeq jqlFtJI5JTCxOyyFF/zg+9qht1beTTTjoxHbc+PFjfGyO/nOr0vbF+/lMbnZ5Wh0 zCYbR9uDYhPwpyv4lIEtZKgt0udSp2PaaD3N9A/U9AlLl9+cey8yf1li984B0hTa 3rK50GyIpiP5+KYLS09E0bj8U8r8QilSt7RIbe03aQ3JpfRZ3xRiKwrajfG3VBwB 8DTgMea5un80h4/RsdxpIN5h7maqbm8pWU2fPe+BIdoDnuM3DXlB2xafZwTTdOoK GDmWMBoY7RfFTKryA7vNU4jw3KUHQvE1czL/nIc0ORhLmQpDHQYhgZh+VKUr1J/y leQ03G5/iVRNIEY01V/Zf8akV1RIhnGB2Hei0GsxtFsaH644VVedyDspWY49K3ji ivtMMZPq1HVY8PADH6bdeiCh0R2Z2T5JqyqCWZ/DUzM57mvj4B/7uw29gF5EDIno 8qNcdQcsZRCsM2btmeTtN9JNvLrL2v5mSvH4fS0Rd9e56lbMGDDGaECpJHo6BAOt ZcVps0041mDMzkFoOs8G7t7bkiNIMTpRaMxNQOz+XBRz6yExkfSgTXaqqs7tv1He 65Vv/otPZJg1h1/TiyA+wpYnSpH4YDY06pWpk4BNlVDCM7iIeQqPwpLEoZxSVguR 9JWLLzvPbcOXTJruCoylL9Sf1zgyqwYya5FUhUIEftvzZ1Qt5l6qOD4HrQtz6oL2 BbI7Ftdy9iodZh+CW6GxaBxPbpvrBtsAazmXopHu+u4E0O9PuwR0mi+WwY7z+RU2 nMzqFtaNRX0SS+jzPpew7soJjGpPSAwrOinh+NyM/dqG+pTZhOwJuaZqNCQBpXLQ 696fFQJrddleN9bAV24mjfKy/AK1qbtJRk8TJv1HuxWU1iKqpzV5318i6hilhmDQ KBh3S0Ees8vXUqSgj8pG0wGFuzfj8pAEWmEanZko0c39BG/q/1rJmm+bDLIiSgYL AzzNTxcHjzDiY/3W6Y5nzV7Z9f2+jYOtAGtDMuS2O4DNW4Lhwo74ud/SIlFkmKtg 7zTR9X8iK+DUVFgT9DVL4awJYYfoiP32a3Acxa1prL4zXZfF5MY6T7WLn1wMIwnl vGxn4/THyTGAOGIsf5zYx2NNxy4xntI3DZO/XJV+nIlN70RrtyuqAicMfzZqkmU9 3j9+OGSPNys6GMPtxBiB16QZVzk1uUXuA10tRykNnnwWBu5zdNGbYpXcnBm69BgH QF2IzlKfh3xwNZQA/oSxxg3oWfCIvVJ2tCrgk0MngZMTmyyabQaEUI85qKAMzfav joYB0dUwEHs5RuyGPL3Jfz/YqBaS95p2B9QFC0R9f4sFAQ41y2w51AabVSEt5GcY fY9BZGc4wKCiRURjk7NNLRELClNVUmBnCnAkas4QpZK/Ghc/l+AgrJep5vsmpH2p gsbY6zBmUm84p4U6f2LXEuNkzHynvyWUZ1o43LftsbfIJM1ao2pUbYjY/Qi1ye+t liukpKbGB38YK4GBXbv/9TwCfRMTSjkm9Kh/tz2c0qSVwjhSqoyQf5LZDOdcgNPc MlXtVPVGl/fkJhrhzO+Odo7sK8/dpEWf1NRalSHeBrYszmlp5MoSOrRaJs3jBGlc Gillmor, et al. Expires 27 January 2022 [Page 139] Internet-Draft Header Protection S/MIME July 2021 kns5SrxM9Ollto0eW72SLZGewu9L6gBg9qjVRuxXzPFF3l5RxKT23/irwrxMzvYr vNmopJpIL6WYv0+7K8m3FunsYGc5jowFU2fE+EpzTth2SlobIb0TeRPsiyhq71eg +W9hbB59VYURK9kNMtigXpUTP9FENdWBqNVBzalbxKAWi6s9Z1rHDwuqVWp0eJ+x KEfkdZg1M9WqVrcNW5JxEFrfQOACB/tzusOBYV6CFXQGPKtwLQmrdspRsSo3obxh pt1gEMJYULiMIvZk1q87iemYUCc5ohRKHPvAYgs2k4IHaDQobHM/4va4fnyzJrAG u/3ii1nGwO2Ea+//5AMQEG0txgdmA4KOuum4tKNK7iKAEaQ1+WIho9rtfRoLxHbz 5tBmRgjAdhj6Itd1e2RDMiMRGWiyYzrphyupJ0NSzDxon3PknHg1daQHtAa/BsQZ Ptp4QkEUNs9j00gRpZPgMhu/GAwKnOfY/Ik+dT70UvgB069b50yaSKhMCiwALiez KnrH/2+IvyjPcfaRuaDbJFA2hYnyUVpDGfV1rOYh1gtuyv9cWImJtgkvJ3O8keZp eydNOvmhqDR7NDNIxzjco8kveA19r6jAXyCzX9cTeJZTZUAEor7jedsQq8fHijOo l3Hi9b6/6eDNcR1Ud8vjxmTAHUg6cXMVGCxhSI12hGcrPmXK3l3gGhuZjEyEoafm Ax2QRrfS7lYGnyrS97BmtJBVQ4AxOD0ajkYXEBbztPQZCtUPqv1/n8d7sTAMjFHn qDLmy4btxKeH1q10k4s9Gk8Mhv/jczXtv8nB98ZNrGMq8WAL5Gc6vIMQBoBwpk8B BdKVsBFezHCefTgV/cmi5llkhc/Q2rQmXQi9a0MgfrkvlyP9Lvw1AxqJGaWGsWjU 6xuImeZ9rqsY8jEDV8+cNBwa63CPSqqNKeWUdBNF0r4TVlFHk/IwQ4dEnRKhSrvV tjLSbCxhzlL+FHUM8+DjysvMLELs/ZgvBGrpBr3vKrdQTqVKsU1fkNem485O+HCc Ir5RiwWygdvavp0bdXSoXY0vR6xKrkoJGbhmtWgh/UYkIcQKUQ9mRdzwlmRXgzHa yWi4aWiLTKLKr4yTPXQxHOpblDN27Sjkj85wFSUSHuo4b1yojvFFU4CiID/BGezr 1FIUd3S7bhVh/HgAD+qW8mR1JP06m9S/vAcgmalVdEsOKo4IpN5Bie8PP6BMcYBV VTnLB5hHdg+saN58UlqObWnNetICxcHlGC5yYpcmxmbZQe+uT8ARIYFB4jlvsPeU FUN2QDZT+35UqnZGSNat4CK4r4pCQS3lFGjbBAApRCYdV2576fU8LfHCFGqtPgv4 0JYcdTlWVNMI09LYmnSLvmZYLeKDufYXDuF6DXt26etEi2E3LLTkjg3j4EZUuL2i mvPEiRIJHquSkVHRZP7Njg4k3SjcPVMPwp8i9jHrxbuEmXcsPWqogN3XZUFbGXiv i4bfdzJAhDjAwrKWjLWUzFhNh4ChDeptuCqs/be1uW8O26xebnk0kW4DidmKUcdZ Qpef2nA3e2G/tNRrgx8ogeV/FFrI5jCwWSv3rYGEgOR5az9NaffzN/uMkL6vn+Kc gpIi6cIH6wBLo1DrSI4IGocAPllvO+iTvvVHXPSsdkiePtvRdDrLu4rwe+yUB/Bl VSWZkmTyIq/nOwfpRX6mU6HWYlvdvYoxJRRwKKhWjE6Dbe2h21fYAOjvPkTwm8Tz sXTYlt803yU8ipgdaw93lvuuxNMlkIvKQ20Zo5hOtGdbuq4jyUZ5o4if8monlcQH n5xv/5nK5jAAD7ZHmbcaOoMtZlvPf5DIBfAN1kWUQlD+ehjAq1jMjo6R2e7MkBc1 N8xvK3WB7xJ2pS95NeESyDv/HyTASLaY352extAacSMlDUo2t7/s6aGMbZdjchCq x8oc8Ez2045fKfvvNezvTjY8PFKOgzm7KlVJDaVpkDvae004GLCa1b9IeUHCKT8G DJnM47hqBAQecijjBczXUHxC19B05aAPJU02CrlxASiG3V2aKI3m9lciNaMpksJb /fr4kaMVwUpqZiR5RcgjUAkoSA7OHaUyNkQOL0UUFYh3Kl/+q68gpy06S0PCcU3m RIY/Ky4rjCGXGeXhT3uOFRJtZ5vfX4cQ/cP2YZZ+kO/DIzZ6fVYQfRelvC3Ds1zV 2y/bI6wNn2BdUTtztg9Tyamj3WTumOwZ+o7+XHzjuhBjvc2P8gZOkXVOXTXNFrqz 9jNuGa8WIIRv3zRHAHCTFxazxiqeoDLjLc44YmTqpjgRDodAuaccAeD+wx+XBYLH WbvQarq+aAbVWWaREZ81hRnuac1uxybbkV6JVFi61GW3jFdLc0oOLKTa2RBeO3y4 U8e2tqSlM39u25lzF2qrKbIyCNK98BvxotWWnogDsH6s5TF2MyqcQpq5kzs634C9 ZI/8Sc33Qb0zLFDBnvtWQzA26RP+0KLN5PeLJ+2XkjCHJraxg1HRkWbXdCNB/8s7 gZ8LQDqCj7ieG70FuUWJIPQ32lHpwwv8CU8xPTrMdfkOabsIK0MkwNv9Quv6umHR gfToX0l39hV35d8KBuo0SGPkZF6btK9z/V/9RSgGktCC8wsb7V3KEp+C914pQsmU XqQ9pF7tZLudtn9J7e1WdRjAYf+Vh9ro80pV/cv8VkMI9OaPJ5/XD/CJMeVuNaLS hbWrAiLU6bjhRuuYBgtnxXPG1QKBFwqCyMzP+7ia2VNVrKPjZM6F/D8Q1M9ifpTX CkvPX7xi2tiW+zXtAgZbmEnaMp38CoKB5KB+HvM+LB+ms5GVhQV/CpeuLts/2SKJ gjpj7dZb9vtU1X8JX/Ek0I/BKODPCyL7ZD2FuR2qYmhgcA1/G89Jb4PWPRlsuRTc DTexBIIygaLt5WYDqDjQIslOV9T3Bzbj9mSGqjzTFhwX6Bk9hUxIVcEee8221XRU fZwwfkp6wlvSVKzavpRtDFvGqjVfHbHx8IGW2ILWlc/yF3/B2uNbTWFahKpDipyw syXCwdZsDDpLFYqxrhBTY0WApT5hYsJSK3jqbBQU4RiDfjXhHpu9RLLpI/abs0nG Gillmor, et al. Expires 27 January 2022 [Page 140] Internet-Draft Header Protection S/MIME July 2021 63XIGhiS6nN7d7y9LbkOyq1PJ8ZW+2OD6aq4Cntlm6hXZVHkmOz1h8dTk/8UIKwu jmmJI4Mf/I9KR6+k5XeZob6Tfi0sJdj/EretoBPWPVA+lNUB57LbPdWM0K4VRS7a Bk/ZoH9phhKRhWMDLdMTqm1kDx/dxqe7DS8M6BfgmZCtFHeQvqPnd5i1npik5bmB ivkNet47fMpy+FnQF75Aj6EtKVyNpTWgy2Iju6xiPTle5/1FwrUc2cl7tbHxJhdA vmDsIC74DTqN+qw/WUrf5VoUXjJfiVXN+v3JSiBRy34TF4HSsqNRSikyu0Yr+2iU UIGhg08JT1WblGjiqxG0+oUyb7lDPtjWeck5fH/qwm8w5CSpVTjJPgLDh9ij59p8 TZjZS8vQJmp9tfCL0IALmd0OgfmZgGZEiDrsOzMSxaTObpt3kUa2T4qbzVeizQfl thSR24XcH0maln/KhLbo1X2mVMlGN1KJf0bMdA3fjL/4tn6JNQuUXzKGTEDhVBVi KKmuAkaZhc4Wm1QVLnbNmylr+Re7r87jKAXkg1h1vVg4LxuHEKSv2iWkWoTfW94z uSA4Rz0goegkrbsSRdSqxnI99zVVF51FT0PdMRUDG4PdlHpNI9DEZDwJgWipU4pw sjvxWKCU2pKv2iryIyChOTEf4rrVNKRNrDA7njq7s8czkNjopR5UUiu47TFIW5H0 ap+5+Uzl38mqbjwHq/SqhzOzdx0G0duvGc8sX5PWUOCyN8qDn5w7HJT/owvsCQa1 Z5BQUwmHmnCskr6QzUnXKe2pK4f4udI2996Y0E1ka0OClffCsNAmVDd3QhjvOE3M C3S09VCYNAjEdO5QsENSGfdp3+xtH2JhpQUaZPuQUVUUYn4bl2q0oyAdKYnjvGtj ag3O8gXaBJB7yu45KE58jPOgokCapn1jykmKkg5iqNla68oUqW/4V4u8EJuzY2Xm ZgLL1iOuHYsGGCktPwR3YpFPEd2/t/lmE5pEUyGWD0lRX689zahgvF1ez+sRkm9T /dqT/26HERXw+hzdM7PvTdL+9HBkJLO149x0o2WlYLQCo1yc6MWs1ucM5nWiggN+ rdYvFODbhCZKqJXf3L2n4yO9i87wPRQI7VAVRS8A9Yn9zbMT/7xPwdJzOet61O9a P6iBenWdJFJOurnLi4d3lq/Nce21G3eTLlBy3iNo/B/edQbl7L/K/GZ2hdGe3xqL EhuVvdmkaOS8RUjAg3ZR5ch7FBGgGFQDZgHdlBS9YNzIhMhLvBpdBaRD1uYX26s7 B.3.20. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_minimal This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 9775 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6230 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1932 bytes ├┬╴multipart/alternative 1134 bytes │├─╴text/plain 393 bytes │└─╴text/html 474 bytes └─╴image/png inline 236 bytes Its contents are: Gillmor, et al. Expires 27 January 2022 [Page 141] Internet-Draft Header Protection S/MIME July 2021 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:15:02 -0500 In-Reply-To: References: MIIcLAYJKoZIhvcNAQcDoIIcHTCCHBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAE9HDUrbtMm6tMXFiddE04F6o6+6+bjTxH8s sdumFvkas9JR+jvk2mMX6lOmglY5/r87cdSAMFq59MAGLAxpBHkr2qzzLsKX8JGc x/nMEwX+pAqvd6gGEYtvJlEpOY4n7MIaDSXcivOOEDd2JQemZ8nCqwAePFZ161r1 NgmG9hanvscPHz3slK4QEiMI5SJ/81EHuYFZsktu6JtqrKzR7vvQFRRMwKZ+xcI5 QYSQEIMIhLG601FHAW9ZvQpb4lIcm0BZOkVk05zLUimqAN5/g3Cb3rlPzz8rH0ZO maAO/K2OcZG/3kR4r2/mMRHnNQQw5atxiBz0bMSfPCnjjjltYDQwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAC0bAX0tnVecfETyTe/YHNlO5 RkMhIq7QWdrJlsMTdIDQIe4LtcL9iyHi0+5lbftUdhHByg7az0TKs6rJ5NV6Uwo9 zH5FDMzk+Q1ry+KUdDuZqlW8gCa81n9VIZj1bnn51/7jTfa656ILTD4oF5l4TB39 VfDJ99OEJ88aca8MKwB7YQp9mQGMj6ZBHMR8qz2m8hov8t0iVnuXEv2LqBXxh3nW TC3/Tz4eVbhsFWQWnBolLPG+vbgXy1UJl1Qc1g4qfcc+NoNgIOVsF4Ydj5DJIhSi TObg8Atl72wKDLhnMFmdj0thcdhj7j1+UoW3xpKXoZtdU0JjLKyz0JgKZ+mMQDCC GP4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDvsksBd/Sxh6/HtirTanleAghjQ 7halciQ1qTXJOovaSxq8ykfDhIyzuHI8vAv2YCDVAmRhBA5BURTAI8ByapJwuHJY 1PMlCXJGYaCJ2YMGfvUHW8KMQtSJwbPz6FuLznN5wHVEbm9rLc9HsevvFCi/HFsP igfu6k10vP5CfLlR75bs3NY3QnFthGdoTGsta4jf9yGqYOA5wvVNQ61N8Yw4DALK SRg3kE1cAvXmjtUaEq5r8n7F97lCLhbces9aRK2sGDE55mCGE2VR3hDSkeMEkve1 mmRBHYnjRBlqA9ph+tpFMkdaSTNiBxDbrN3tfJglSxHAwFfncx/5CaldBZ0rvdwP 3msCeJNNkTy+wkiqEN3kFUo3lbkcgijteAxSmGz2xePytwONy+Bg3/75PmGwSe3H p35HdfqzMoHtgoyOgR9opKsRVfGKtoQwsi/oXGTvTmA3cMh9LRlL441yEjxuFKnK tqax8Hz9bJJrXqItUqr+0kSswEMvGalw7B0GFlAoCDsqhfECwvqwoftfIIWmddcY bd8kQhRYwMWzg7Xpo3RoH0b6AYP2Dc3uRlpauq9jHRzozzbBni2ZvGnRRausVvtM Qu21NXdome3FNZMNLx1a4RlN5x/VXWvaU8snlCIQqcUAT8pCsrjP++WvXC0+dHIa MgQyGd4onroTh11HeyjNmJgINh7itdqXBSDlZUMBymcZOXByB3SA7OfMB/r+3MEW rOHNtEWflM57fvHu9HgTeEDp1bwh4nb7K7BLAmbsp8RXmWum2ZiCIpqac/NXaeeA 1sKziN9yC89npmQscQy+BW0KUxoqPzRGJqLb6uUyy2ieGuHcWfkT6v6+BZsCfWDM wGhLP0Po6LaG1RwzPwk3z17rIlo5Z0B6abzDo9J+3NTTlVE4/dkbXfhi7LXfwJBK QnJN7ZrPtVLK03auuN2oKaqaP6RYnFU3qNlf2azKqy2U3lkeqvpa2iw5Gz0EY8uc GYV58Qu3YQkNWRE78lVmKL37A7RkVGBi6Kpgi2XDmpOqIkDa49Eu9hBfMseivXJm Gillmor, et al. Expires 27 January 2022 [Page 142] Internet-Draft Header Protection S/MIME July 2021 Ym7OgfRNSiwej4Ccj750yRKr59i6TwEzrYkIviEE4sXsVMueDFWtDLcjvQ9NRt/L 0E0zrmnWX8T+yMiqJp7fUcpHjnOATpO4QHbpGU/+l+N8hT75pQkwgW6iVCyNTClH FuziSdoSvq1hT5bUGBK0dVoHLcTKOaKhxDSwQGcb9C/+GU3wYVUPh3qa5s9VhXmT Xwvw9wln6MibrbfKoc3P/k/9q2gNiXmaJvK1SfB3hrMt67OVALZu1QKmJd/S5yPU 7vBKUXwCqr26sxATQPqJ0Mqvbgasy5V41ffddwXMwXzH86m+epy3fIQiAPoEA5NL LrwBQVFV/1DCMJYAlAXTFQK2tkq9B0p4CxnXbkyIDG++Py3a+gSBKmhlEkJBnYsW 5WqKABo+4k32Knds0mmp2ZCZ/tI8RTG0q3CAF6gfHRRimdlv3uiOXhF7JlBZZAeT pM4PCTT6hpZrlNC9Ipo83n4qjXnsy8D4eS7hJgZ6zdM5E9zczCYislSqPWkvC2ew 7kpccJHw8D73e9bAicUPaXyz6+Z3C7mDEdZpJ7Av6C6ChsCaSFGwrV92QLzTAIHU nfKuln2TArGYxqyKiI31ihSrMM/F4AnNkAAZ1hh21Ni3WCQ40qVWmbW2LCSBUHKu vcBYJ2/kuTKBZOqouORkgZQiuSatoesjHptHsWnCVxJE/+0o0xoJphODfP516ivF zgJ87tb000E/Kn+yUASCHg8bS6cNxnQ2995mC0wa27htw+xvWpwPfw6gPL5r4pDn pO1SfDuCO8iMbyNaIg92qiu/gFdkIXSIAXYLABAhSgThV1wauWtdJIxPif3sYsoc AoxVRPBQXyfBqL+RE/iSyhkeKH6NfN/f2gmfSQ+SB8xmb/NpkpA0clKIxgCLUFiG 3sWj5EY/02raa1T63+g6zO9+UcYNpeoqu8skzVPUrudhcVTZtBBTYAjA8ATsmkFJ nm3eOj2BkJQ079qQ2RIjXk7nj+b2RMI9UPbM9fFxP5fsjoiMifNsBA6Hddlskiae c2a69VT1LlKi2mQCgxdLiTkIGBuf6t7k5moMFeG4iKnIgi44EDYHAd+9hsuALS5Q w7A3NHF3LXvugAse192Vq3aEsXoeQqOajPdDybctE0i0cQXLvD7e/We/3jZ5MX7/ uEyLBJgFeZCqwLzX64Lt+Z5saUQVbq75JbrmA/kLcweoJVOIxnz/nA8sX1G5tTub T0i/nJkUkktL5rLpEgPwuOpt3ed1i4hna0LNBDNsmPonyS9nguNCMyU0VYK8Q1xz GDvPwH7WxaVggn+3zQ0DDqE0i+XmYjuryEemgx0JC9Aki3yZbXCf5QaM++pqDdFt U/HX4bfB5sofSbNIqhq6TYTqhJEmUuQaQzH2/4m7j8sJgC3EzQwVvU/yffiKBGUY CeSgy+eLHEDzqC342SCAY+okSep0jgrZwsRx4r19PuBeVq3I1vcWcNPrEcjamk7U m0gMfi8KTIiGex1He+eoO0yupXu3JI91gDoIwZCSjjq4bOlBOrvV35OjlRZl3HRI xAYa0etVtrtBUrBLayFWpFBYDcDHlD5CwU3YpgB8UWEMtcci3qjsiBuKWLQ1tjhU A+xXrEg4yBHe2NNPbUxqYtxFf4lA50QRUP2vxOnixOiCjd70AfWSXm52tYijD3eO uVkKgyL3g/xJsXVA/oNlq+a37PY8sb5Lp+gc9g4NcI86ZaxBWNE+PfTTFTT7TzdJ CVajr0dWZMhWmPm4hwwUuR0Jy9Y8nxiFES0erfL36ftqtpZbcdeK62W9EUKGD3jl X1gM0TF8z2UHUqQ5UWq0aHKrSDaL4+Ipm3JWBxERIAWEtiznc58B3yyiwm/4Vh+L n+9V1F43psU3KLUTZ6XkD2uYS/AenypljtUJFEEFCZtwKLXugKEB0AejSpPUqNFO pa5338v5ocqMowr9c3ErqEJZcQLUj9TdYAry1FGe0Spv3LX7HmHr4KcvDXAWSUQD lii1zJzQatmuwx75SYMeN3x5D7yhjYL28bJaJcPvFDbgCsHrW8YWu6+o9Xpg9rKA JVvjtThGsLEllTA8c+HYCf97mS7ccBoL1JqW6/TgYF0aL+jnSTulcB1snBhGAjB4 fK8sYQcBAFUHbIMuxjr2tHhxWirfSkI1zqaaVg37chfkCqp/r7uMU++xs3xbiQvS mOI/intNv4bZBE05guL/EP1dHyjyc1EQu1t8Bj4cCGlDC/AfmGJM1Zz+GFImW3hT DZco+uenvnMhTi1O0vqGYYKwTmlw3VQGhllo6o8CUf2HL9XhmZBaA1sAzPByJTlM 2FjPMzM1pG6qj2vYMuRHK6/GvqVpHcJESUIrXzwT1RwxhDV8H0j+ygZIM2Kozgkn Xwwanf7euqy562uxPIWP+kXKCSuCyAZX5oZG7Qx6yUSCcTV02zMOrCS8WMYLxMLx MB1XS7EjqLEkfasgW/IzRR/3kgznp9PU5FaT7VaiSwkIL5PNl2RoXfoCAu/LKBF9 bYaaGW4FVkn/JocuQKtG7URRPji1uL/kM4sePpgRuDJmvu3AD6YjQ/6XUt4GfPIa JpTVJT0fFH8vRpdiZ2zRlib7meLI2If6swEzv885sbp/smsi1SjNIuTgzqeK/Rdc XOdLutvQ/MZyyVDKHzw/rG7ceTKniijS+tqcPtI+2IdSxuGCxPS0tE1dJ+DVPBS6 PfPx0uM+l4T7QEWgDEP3wGDKXyAETj9fCgPPaTi5qjX1bEqCo4xSSoFi3qu8tFXo nPBrPnJbjk0Qpd/gRXsudKm5T3Mx1iL43FtCmNrdRhyrAMZiqIXVqvFzoQtxutOB X5KTBb4SB/2NCnEwhZwfPaiZVU4CdTQWocffuyzi5Q7VpJGZZA2aj+FPyx+9R8w7 V7d+7yBgkEsYBfB7c7760QaVvNWdIza9OY44VioMGt1KYmj/xLoR5MnZ/CPLDRLw V6wRbsmyuLKn5eq2lkOZPK7zRjhPmk4jMI+hZ2NA2vxgAOnP0iQbTR4ilXms8NKz +wgvr4W6zr2h2Aa+CLPESKeo+OQKWaxr3AwBsUHgVUYkFk+gR5GZHRuZWre7KI9f Gillmor, et al. Expires 27 January 2022 [Page 143] Internet-Draft Header Protection S/MIME July 2021 zMORjhYthKy2l/52+MFIirsEBmIR5aB1b3MOUWU1OvaWR5purOVYi6KO+zzmZGZd lHja+wOi8/KC0liG6kja2JGy/Qrmg7icn0ScrRTEvXb8ut9Ej2/ybx0WK6oty8VH +HnRdKfb75tmbmsM3wFCO64szakuLwJyE6qmBmWej4tf0JAZNXpt0f2BIzE5XzdX sEbiUZpc5wk06obXxVmpluMRAJR0mUhhDWiCcdRF1LrxCYAQprmS4AV7/kxOxSTT Uram5vArneefy66nIZ/pPajlWY1oZC+9BhViGk+/TJLBbGCCWRWWDHLmlnl/UjJ3 uURhhEu8qhu8sRqUh2iTlYlspfZLnlldZYhKX6gbfzPwK/l4ydF8JFSUTKE39qRf hrzxsVEjpCKJOGGiGUia9B6trZvFAAYr+sxpqcYkqwNMB/pxRVT/0GMN2oTjq3uR Z21zPhtNL6nUjUrQRYyiqlPc6OYPntu+ZkrKFJYzfHBkqfmNQtvLY1V14Y3V2vU0 QjrjhvreW0IFKeadZpYjP4uDLz3r75LJ6zLkjDEQajl/ZAdEXUf3EeA1bgncFYO0 PUTlhxXf5LrsPLydaZIetBAuklKSCBtfohVt6HIjWWUkwDj7evmi7KvrumyFePU7 4QNya3C05HgmmE3RYgrmYBDiX7bG5z1NmiL6p2vCRs+inOUMDjEelYLAIKjLWqx2 lNNS7ZR0ZyOOBq0OcvAxwvv4FFez6APBzLP9ZTj627I1ZQg0pCM74YKmssvFmjQ9 IoHAyp5Ru7W6hDZLTYKNYycybL0aKe5YafV1NUZxox9k/9iN5Kf6lnaOuEtpTDCh 8V9kxHadOFLmk3QoPZ/1ufih6ZV3Ael7XRPNL2SZ6a03/rpf6HFOqWxRnhR3V9fY LdNe+/Xu5yBYSjoW9CxCR5YACYhGSesSUR8XZwwuN+i1BLUC9WjjNh6Gpar1Y/ll mWDKSSdPXZUdF4iD7i9CDaC+eFd7eW370mpXTJNXyCD2jMvYpXRzyf1JC70Atooo WAP/eNkAiN2+JDzOYSw/ZGv97Ba8Tz0oNVMIj+aZnw3tlrAmUGWywVOnDoGKPj88 IVCX007BDnM7oUjmgaCPJpGiCGDGh8+CdU0105cFUiZP8g4Mv049tuE3VVxKQi3o h4VwVXU0qa5FLhaRgRiSvpB91ni93oQ6Qc/vB+q0sBThRpjwW2Cra5TAWfJoFia7 N3l6XqntXZZOsCFDrBs4uzgJiDFj4w0+l43vwIuBS+Z5sCl3pJANNolwdL8jEQu+ 6crgYH64Ib/eJpOEIHu+gXa76XBO/zQ49X25qXDmzDslq786kzLN9QXfBhNykO5g nkW0vxIx6y7bI0IzRrx1kP7H80I2d/JR3RwTA2Fokw/9LCptXZZ7D1mv0N11p3qV X1doUFDHi/5TkrlmhsnP/1QARy9dLn1FEu3R4GgWNNE5+r/WlODUxh1Qmv/8f43e 4PhXYiN8KTj4XXNYRVi5Wz/wflZF71V8HbYXWLPD64DuKM9cNGlHpX6SoR5NbbRj 7H9+OpCah2Rf44N8ap3J1x82FTr6/y2vPOtdU9LRJ3dJZzYUvXe/LRRWN52R35I/ wBfTgxY+nErhCCfaEcT4SBtQFM75SlxHNHD1IHFqV3a+6q6DEgqAbYz2Sbs56qAc 8IirCPglJUIxCcUe0fWstwHTdcOIZE/2AhoSOHftKgreC2GkBSTrmWFWzA3Pkjd0 oovsv2tTHJ/YI87UX9PcUaP1u9lI0Dm78jJmM3GNSCqbWQf+E1LvXvqrF2p/TgGF 2s4gFm5yanbPUEDDOe69OkZlZjTIy11Qsor6vmwDsHBsBB7DSeRUa+08WRh4TyJX FOLE5wpcAj9t2FjAYAEiPVOOMHAnAQFBf18SvKeUr7T0uSVW2RYFjdV3iiE2U7Z5 WW7UBG86GvttCLRDmL2Yhgp/ex7mEu3L6YgwHg3hAHWhATqeK/yKsN3mA9GA1FvM 7rI3+SUV1jfJ0/GaauFtXJnZaI58K9SnDG1bCQ6xjzgUowJjjhh2F6hHe/WwjMUd w5w6d3cjIUqp3olkQKL/RE5ZmqP0uQIntfQeXDClM5HN1vg4UbnPXXw4d78ipK+N 2Zu9sYkFX52YcZ2hC5bMenJ1DjU4o4AU8bTdnyTNpBLG8S7Pw0gTySG9rK11SerO qaC/xcegf6IkbkXy+YHIdplzsckHl3Dm5Bzh/q82H4YmaikExr4FqJewOyNUydGp mYRKNeGcArMblb2XPn8ooEhGvQQaPKRtuvlXdXd6fYbR24YevWkX7Uuatq+RgiQ2 WmRo6Xx3zduNWxI7Z6Ha7ZFV85jGGikr12ajydccx1GvofrozDzrG/7acdiM0hmw OzFFc1N2MBFW9uerEA0jyylw26TCOILN+LBBME8SXzjo2rbBFXJq8Mt94r0PwiEB hWuk+jH+4llAEy5Kel1SXDeKfcQOvEpo/2hhrP1XXRfWNv79DF0jDxkWx4jV3B4i WmPrWExY5cmEysXFjDzqF+8E3pR5p95nYax+qnvqY4DNzDztQ/Po52ILUsxsw2Gu B+lrTp6qVxZoll/lHgxSsR262gMhxJZYOcCkfcQ4kMYzajYZpdqsMlUK1TfuQoNq dsHofrYZ0sufTZ/wXZpTmKvkxc2DUaCi43iWmj2aBFYokUA8nlWGA86Nln/GtXR3 XPSCX0ZBmZ4bYdCMqhJI17JjiU2r9VkdvkaevRMsKE5Gum3NgRkLwAB/EMnvYefS 9rF3DmqZl7ilyrCIJo+6EZNTo1Ol0y6Pj5mogmix3ZMaVHmOwUCknAFcShsxhV5d 2h+SSL4EVSRn8OPWRPzYEnlu8XVZ+EW2lHI3nsjuqwiR+4PllpC51CqV1a7PHwHP fNXJqyCq+Ru2eFMelIzBWBmzfONXniksGQHn4mX3F7Cby1v5vfJsEut/tkppEDa9 1Wo0FSMe1IN+2nNtEh3i3MUNykzYJpgM4PGuBNyAW3KInaMmQPifQN1d5Bz07fHN sx+uRhi2Kt2dLDZwjLl4U/ZdUILGorGDtisRPyGxZYa1+pT/2RHugdVEFAytR8cI Gillmor, et al. Expires 27 January 2022 [Page 144] Internet-Draft Header Protection S/MIME July 2021 LVsGtEL9H1vg2lzHIlFfM5oOzyP9B9eO5XBG9O70+aP2g/kNWWETJcGzm/YE77SJ TKZakC+QgAEvfIhHRUx5obw/ekJDyZlcJRIN3wn1HwJ63USgBHMl5OfRyJNkg1fX 2P+ad2rjEyN/PW7XD6EjNQmAnbRCo3/Yamyg/6MzIu586+MIFZV3mhjXzgwZWzG9 Oz7R7hjPcaK0Y3kgOGHR/RYWW+MObEesTdCSiLwcGOaucbMK1lRwG3pvFSysj4DV DjIhAKF9ai+qBy+G9g/rTO+J2nszZDBW/RgVz0EkOmyow/F+zPk37zavG9VUKYQ/ Az3CEO0SXCUWRJV4DsaRRMte6TnKMF9grNY/TD+EkWPKKv0rdt80OA7R+y0f6RTT EcAG23jJrReBRCwmopkoqhFv4w1vp+OHbMxj/WhiZQUda5UP/ks0YiGSim0BG715 ExLRXkV1CtgfPji/ZRKdK2oH4rJVTWZ6ej1TOyLhu7UMWfOZyxMei49RP47oV7Na wMz44+oFm1oOCqloOIugc2wrsFS04OiAzpLym3wc2kSF0PfnaPY5JqoeRA/D9j6H RKhFufAKlJ4Nd/sZKxM45OgTSWjsDBX49UgdRBoakZKhgTVgNzVncZ4AdF+D7egf 9h2KZOCqWcysKEc2mqEe3MWnusP/QyulTq8gmL+p9tEz/++8ybH1vXVb1VGiFMiZ /J2yZoT2l6wBSM5wn8lK7W+Nk9F/ASqVfOnhXUQs9uy0c9+A4Xw45wgxHQWgK9hP 2dMW0WXIaHCmqPGvg7jEa6iuJI5aOlf0/4xJeqDGfCHR2Rgv5z5K3P7McigBW/ty +HAMHnaCLkJ8D/mBDe3ss+INPxnWPti8Dgo4Xrot1hTrdTxopSw13iG5F3i7fXuL 8ZKQFnWbzFUnhg2ZD7ODrOpjI0/pEe0C6H/Xs2ZpZj4yyhjrA7bHvNXis4D3pF1r XbfBYGttazBT8UpAMo1jrUqP4lQ79nBKaTn+nvLD8hpARG1IYiSUe/VMpRLyJ+1J Tk+jwqMrD00wALSsoGM5pgA8CWWIAZGz6T5YXkZxI5ArGJd4bj0YR8g7kUI/TYfn sMZcROMB31ts24gfQJLWAqYbLI01rf0DH48FTzhE09ZHDDNO0kolViosU8i8HTI+ xL8J3luyoECvcHSQKXXNLdV56bYrFm0p+KeclsKH8kE9rQlBfLaoO5TOhwgGZxgO g3FFo5gLqwtlasf+hXU8ZJanCjUEh1WBjtZ+AwLqMjJtsDyswvxr+c9/WET+4z8H BvdgLI+cdV+sKOi+2EJ3Vg== B.3.21. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_minimal (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_minimal Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: └─╴application/pkcs7-mime [smime.p7m] 10465 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6728 bytes ⇩ (unwraps to) └┬╴multipart/mixed 2278 bytes ├─╴text/plain 65 bytes └┬╴multipart/mixed 1612 bytes ├┬╴multipart/alternative 1206 bytes │├─╴text/plain 430 bytes │└─╴text/html 511 bytes └─╴image/png inline 236 bytes Its contents are: Gillmor, et al. Expires 27 January 2022 [Page 145] Internet-Draft Header Protection S/MIME July 2021 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:16:02 -0500 In-Reply-To: References: MIIeLAYJKoZIhvcNAQcDoIIeHTCCHhkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAC/zB+nn0jWI57wKmTVdRPMb0gUX5+I/CyN7 ggibIEWkRQ/Xg5h8RS74HQIHBq8apDwJsMtsEyZLnkwh/9/O+7TYYpMomQcmfT1+ /O9kt0bP+X8CyDwC0ObwzdTw5sfCpBvRC1s5wmsCG4n/dBxyf+xbKqH34C4DlJVz mB487vVdUQ3G+M4C/P1epEahjuskm0LOIt1ZAFqPig3fI60NOAoE+169vIQ4WWbV AYEX1n3Q+n4L9tB4LsEt/WjfBU5HQ6IsoHJ2WeNLF4bnd/qthy/qtlbeqrhPC6h6 nCEALq1hiYMqT0Ydv6U86fXu+nG+GZgf+l8Vl98hhcwJErevsuIwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhpgwI1cnPotx9KvqcZS0mQl1 3xkhoArwNvQ/Nv7J9vh0+eeo1AjvC35wOwmzlT+8eoFNjdxVcab/KssfM1Mtf2x6 m2iM9ReNrTCVHXxWhjvqwGIHPTvhFfdlI9cwuMis9+PaU87fjrOCLLrEijZ1x0Ia DPhJdrOVe88xtrf7e45JuLRJPchcjavdPW7ip661mbVTWPEXW7eJk2OBENEoEi0S hU68if0w8bagImEKJOyvoFI3WxjcBMBulAnOKY17foyTxPKBDZmX2FzQ3de7ZmoH HHlNV+qPLMMn1stiExGftWAZ66ld+oCMU8YIaN+Mgn/Yj2CT9R4nzCDgUM39xzCC Gv4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFlhhAGXoQFFBU0VQo5Y/UyAghrQ /LkVplLBhjWKm2DFogyc3/xl0LWqqWgOWrpFuST/KCrWlVgMJ7lEoFaMOZ2jrX4K 2JwnspyqbuKU5Ng/he+vMsgHM2toGSaZmPa+KmyoYlnyTNKdDx9Tnx2Ey54UGl9y DGvSVWzmJ3Wi4G4rc4TMeHHfbHLR3a7bcNT1Sb9+X6IPW3qPAplqrwmpRLWwO9Fy GXayWTOyw+HVshCBJz/rPziePAJp74mI8+xaZNSfN7O17F6eAXO/vgwkilOrtnm1 0krF2W+wsClWDaJDZQUTXeGWirhdiHSWhrJ+RRaQFBCC8kXT2J6HyPVwrpMKR4JP H+SpePyK+Hf2HcTwMFwiiatmxZ/gDnG59TCtYatlrAYOIEkXNayfbAOTpRogqNE1 36ruGUw53TuvLx6xlXYlnnDjSaAFZxN6dPEQNmcW/p3HQFjKJnSQJ6L4pIluSe4H 3eiY8bpCW7AkgldmG0qRyBYbPHXHwk5GbUq2FIVUtiAYZCaeP9kcvjh7KasV4Fup eFeAtB7Qy+L6gKMD+sQ173rGihy3RFwe8Wqhki5vYXrcUdlEF11DnTtXem9L8bsK YX17pQyWJqH0gvIoMJLrMWcRhpVHsg+zLDo3yoqDdEm6hP5LtBzA3rlvd6DQUfMf dACsi80tYH8vnAOJ/BO89yP3VU5E/hFF59AfzD8rkkECjeiDxsyqzKeIxLj8O1kD t4pn0Eeg19dAJYZmeY3lZ8i48ELRDE5IJEhfE7QzagG7Qkd0xvg5QJM/43qm0sQZ 2w6QBnBpm9SdrHCT2N/SQhZsvGl1ah4McdNdyRC9VtuKFIGxU0DMd5qVuRZCp6dq ORWhw8b8egfN4D/TUOoiNVNx0//s26h+G2jZgvC7XSAgmKyF3Ivh07OPqtyz124z sqt/ee4rRpIi1KWLrZiHwAuZbVIEmSazCmgX39q0BvaORTXjKFpaCkxCIPhMV7L+ Qq6y3LtVxWHtIyyfoQNTti+OwSiH12eTU0oraWpgCxI/IF4U9dInnN/xP8yyetdT x2uG9+hIVfO0zvay0sCNMWPN4pyG7OigfqAeCkwzjFjV7/kwwe6vlEh1mwvDqZ4R Gillmor, et al. Expires 27 January 2022 [Page 146] Internet-Draft Header Protection S/MIME July 2021 NcmjdHSU2tsCd4IhXkmcP77UUbGp6UtheNxbeAUTsQtMDcgLJYitRV2ndVOxSmQc UD5KzymuUI8Wg2us2wSB8PZBBDii0gjEBJmReQwHwGMMkcBHm3zxDU/Onr0DwcZv lDmqgx9Zpf8yLSaA6WDqIT/SU/dar2gF0N0Tvmx0gFiR93eaS1Dntxkb1CiGG8t1 5sKwJ8HYNf+4Dey1e72vsVNo1WPxZHBH8BAXzRkXD1r8YiztX5XJhIHO5PIqApse q/zLbjkN59G/t++Bc0eg3KoBJvaF9JSw9Pm9ta9gq37AG44PcTXctwK4rtv0yyQg D2cUKwIWVNrUei6cqSRmnG7o83EmG6y+0730a8g7OEpksZ9TM2pHGwTI/+CW8Cf1 o2UXIE7HBbjFMjYEYXGG9629kjE51Ez0ChSfg5xF6ZyDUI35YY7mltwJ3f0SYQgG wWpE2a0uIxSaG3bIkbwcwThBlbpuO2w1nlqNndglQVxaaBO2wO66zIuIYqzeCe/3 zHEE0DOq5XL+eCIRt8G3cT5eYcKCafyPkrQagGlFDIPis76awxukHBpKGpn38RQ+ quvARDsEjo/iKRl0ZFICCIQbs2Cx0TuO1luhYMjfa3//y8X9p9ZBGRzuxvBu2eXm SsWfUSYjMw4bra1Jmcf6dqebJDVQ4NQs43n0k8kPRUb4qxlfkIJpFcbpmb8UabiT BZzzjm1gDwhd6nkq8NhOzoDmZKnDw48feY+NnLpltXMjqMugOa7KLGmNPvc4rFq1 TW5SD3Yp+wH1sdAq46Je4WLRtYvb87fRPz/0fXIl8up+VVMFQIL8BBRhNOEYOcQu Eg8xGm3sTf8jxZP+8Nbfibwr9Q/3aFV+fj7AJQ3RDDgm9neVpOqwNQ28OtrFswlB GW5V2kjy3U5LrrvKMiMuVQ3Xk2TQgZZ1IsIir7i6NCLa0vzJY8QzgWNMqmIGLHZg KUTMrg1yhwbJFaaO6eM99zS2Wrf48KXmRPUk0clq9UyTfXcZsC3zTv7hILo8Jyes ASV789kpxXyMvNyBcIcOSL1NLUeb6sdIZUMi1aR42ryELCbM3q9RLzVrvr5sRV23 fwKRLZNwUaAK20Ex4l714A4tN8hKQnqT/KBEUV0FQzxY8o7zfwXpBCV4AYCybvPl EVsHUGB137G/3p+mFfzlfEsJSrqIEIMSIRNIccmRJGNpmI+OwXNda04sWLc2gWYm gdJR9WLH+Jb0nhAzrVBJgj2VgYBuMi3LRQ1YT1stq0LASfAoarg5c7Y8rH19qVuZ AeiOrJ8xQHPoYcLxWT5magiXtxWXDARA9H1uq6eqhTDHNHYC7HIP5yoN8w195XV/ OZ95+LVH+7CYCljUjBzOoetB8WdEfa7qAsjL6qhUIhzHo/VlRkbKBSj0h2nmH77Q JjhOW+FbSiB6IoNlIUCb8kyQ9xWMEhLgdlcm5ZvEnFoKJZAUmQXq63MdqlwYIR8D WCy2f7KLP9Po3UFuOrVbpjqmNWO4o/Pe584gam+uX6gfMVSM2cdAfkV2YWCmgTwq RdQZ0x3E2oJZnnjUgLx6KHndgYRU1KMd30z+cgao+4U4bHfZSjKQtnmeQ4+jNtFq OCTO+fLfS0j3wlXG7NBXDdibeS5ZPJ+KzumFR7txFAueKMbt4UA+YvlOD12N6kl2 SrtREk02JRWbn/YTtSSJT2MIGrg9c+HFMr0ik7THx0bZlCQNrsoqm6jZ+NVyaPvd EdzXXaMupFomKXiMJTeXXDnQGtlaUn3jBzn9Olugy1P4Xz7gwFiZfN0ph0NqjDIw u6j6I/FPvJXK/TLCrf6+iOmXawf5BQBVxzAfS4Msbqo4NH7Trg8Gc6v1p0GB1NOD efJABG61HExQ7JVQ9K/b7DECuQPqUcLW6nhFP2sjWF034ICebBN/pt2+tY/eaaau 9RGPcKMVkkWuTIFHn9Lk7Sqw492Flh9bV1HEN+UBahcW0rKFlrZkUJqtGGiCcsMO bICmiqLQiWoSYsPB5pT3VFPu3R49T///Xfe8HZHz1ZpVpfcobDemuM9wZGNOej0i 08cEX/hLuANdCdiRsK4rWs8gB7u4mvGqM2ZUxC+QGkp4Ao7OucZ4h/V67MHdOTHW VUHrp689r3G9NnLrUrux33R1VZtMMSwIeMeP7I7jm8eOiBSLfHOUkptF1NFAtlGM +JJvS3aAey2rLNGLw4/SoYUCnRgiguHvlD/fNljIeMx6pGIW3RlK8OtR+CXKwtm4 2Zfdj/mDLv8A4owJuDPT9aA6dzWOHE0a+8G2Fn6Hn5jdGmmI+d0sBE473AzbFUYa W29iA0+AWS/9hnB8M06m/w0G0Cgqr1+OQz+1KJ+6QRDuVJXcXN1FqsIZowQ56/O1 try8d/dcNetdckBHQuLY1FjY6xC6EJCsJQFeYI/a9g2IIAH2CGJVm9rNxzsCrloo XTUQk/rvIs9NENlhOPlJsjB639OcJ3GLcLdcABPfSWsj7dzBjqdZngyktA9k+rbg TXVM389FjhIuCOIgHeD94pPpeMmul+yc1CnqxK7DoiRqwgJAoY4CXVjIae8Z/Z4G S/R2VtmTRLj21UtRGDfpp8uYehNjYnkBbS1yt5/2mNSnsq/Q8gRFhikWX6t1m8Y5 v4QKafDWWQBqU3xF9MurToO43+6UMIrvuKO/1cJle+g/q5PQg3/Cnx0oDRJdnmMD mvHGMts0C436RZCCtz1xZdYM79O6fmfDM1cmjM0gAqeatX8ez7wdvhrHm6pipDdW AzsPfNG0+Tfke7IzSAPmFyxuffmMqBx0BzzqIUdni0wXOivPy/Vlt9rTX0EPr3Ck e4VtrzExz1Axc8lN90/bGf0d8P3iNQDbgAkQHURlxfOvJslOs6tK3U09/36shqQk 0x2j0isAmQXHZLUCxrnfUVWsPJ8iMBxDPlsV2ee3M3YcGu5XXJZYCXl+XJgbUWcI M3Gussx0MfwwjxLUT5K4c3j9HB2zYPORfRUvZOpcUME3iEXAo4s3pRqLynbRoYTJ LYzSOPb3ifcKQBDzUyATi3MgHSZWJ0F0FCyyZnkGaN3mbuc/bcPhx2/3578iHJ8o Gillmor, et al. Expires 27 January 2022 [Page 147] Internet-Draft Header Protection S/MIME July 2021 hKOxesF+l0rpS9VurYe2rgxOY1KCYxcqF/OeoUfaFvtv/Wqi6vr4DFXoUSj1H5Bs uQ6BXb+Zheul5qnx2JhpuYN2iGYDWk28rQN2K/JmFQzNAItKIDZG3/1XEaRb1xkT ZK42IXCuE178R1/j2T8usGivOqmTMsIRrvEFQJzBJBuOAwcyBcnhRfqa2jJSBKNn 99vDNOhWfQBRvDMSZfHrK/Tu1ra674y7vSb0/Rk9ygjUAi+rV4C2hM2F7wZ4adyt ejdZM2iBgNgCuLFd5GnOwbALqZgxD2Ym4pes3OfexsmQqmHRKAQ+l3zhJfOKhUYx 9VORuUUDacAv9Ho9StvkBq6T01xfqyAVHhr63QXGj5I3s66Aa2+tiIcMItEuPrKp Rb40WXQUdUMYy3LwoJqGjdzZPL5Ea3R7LM4KFZRqhyqG72WndyLxvANb42QWADFk 4KPYY6K3CNhPP1Kfpa0FlTsirv2nxkaUWNqm7oqFOhoDBBj+ISP72PDEEGju0mZF ndEKOcx7oI1HZdS9FgAyE061liam/bPl8DLWi/57/nbNxKfK5WEMLHLEpFs6IBKy HxpXO5cl9vA2Dt9X8UVfFuEcZd8ATe7+KjUD6y8Lx50Q/I88kBPRzZS3nhY/ozvA SXZ+Zxqi4W9hYzHLOC3XOX/nXwW/ygzr0BkysxFRZ4L2qo192+1RkjmSirJttZCc l7McK7jLAWIPlNoKJzVghZK67VVLY0jHM6apcLl5AVoG97ljCxWUIveqyitPcvAV nMpBbEIbS4zGEnR4GByckP2yqV2RkeqVpEFQzud9HUmwon5UqYiFQX/XsuWorY1L 2FHsc1NtbBPzv5SRBsoy1vTQIZw3ULSURd4rfU/F2gUllz8zzvAY/qkkQiO16eh2 6EBLOyc2R8gMVDyAmF4W898+bWqAZlrivmR6Uj316tofX+4fbil7e/V6iZtM9+OO voOp9bktOUMLPMTQSOSVVOVoBA1LxE/4lUyeivyRPhqlk5Z1RWgoCrXOxdqsG4BX ltGUl78UiN/kwmcd6m3ZClbqPEZF5QzB+6RkMMPaEd6UkqzE0FRfTYtHMDs0xOvR aDBCjIaQRjPy8lXY2NEjBfNnBPlhuoIae9y+5ThWiGUU9RAXJlisfUeUgQw73nd1 VPjg0iKbVIuOSaeCHnYjEwHkvc1KY/J62vZvDrHfSk06z8i07+0IGDsPK/bvpsjw W6ElsSPlnjVpXTfML36aN+u3dYNjlfW9aX1Mqqc/+WNl/PcukeMbYv7EJLkeqHSK dJk5cD70xn6lgEe+wQcmbvAWZ3TJmCxLJoWlyisUWr8m1OeVlT6w4Ar4ddQZ7tfU 96WIRJmKYJFRpfqcHiwAJP6QgAoRZmM1jFyT9BOPxydJtmfxRXDecv1S7D11oLlw 16eOZEVfgFB+OuDrHaK5iXSMe7vXiqOnuLMxHgAXgulZD0iPZL+nkUT63hM7uDvM h0YKbNE63mRBmjXApCgBl6tB1K8yj9PNBHh9C6i3SznAa+YTJb7BxGCqPSkjTTfz fxkvCymv5VxD0xRz73f0CAy3bqqaq2jQYdPrNI42JPoBKgjWeYoBSbj/mGxRX6Ls I6jX9uEmY2h7wqn/sY2vPx9Pj2p/cmmmR4r+inEw6J0O6M5gDFh27ssY8vpMN3vY Mws5ZwqJSBdF8gGHHcqAzfed0yCaevOVIqdOyyb+dtg68aC55PKV1PGky0KdHa6H ERNAq5xVStPLvtr4dotA414f4/WRQg2l+AuxVGDUICxaRh5oSPkXWQMYAwy7oKoa 4I1UzRKe93tiGH2NNZXKDEyesYk9rxIO2fqz6ON8M04Oed6V1LqkJdSmLz3CqZCf TZFXuLgLMZFNkknmXzoaOwwDsmO0fPBmzuoiXCUOzOjGNtC2kVmPC/bX+EZu+GPw IbOdskU1U4+kVNP0uhE9lvOEwwEbkqpvxhUL18N72XLkhJj36BrUq+WbMYyraFgF hEyEctugebCv19CaCS1nx0A+SCfAF3q2D3oTwjQXAHnbuQhAggTTc0GsWDnre+Oa eXHIAPbTBEsPk0ti7t3l4hGapCmfzw1PEMxPHJLoIBriL5+ctj5Om0tdpKYHGm4b dJvP65UE6JRY9PTuC+/lTRii0GLp/QDd4IAuThgSbXCfMxmIoPP6cMboGm64BKoc Dn//tXU1OYSntM65z9kzuRTca+FA8biAkUG1OBQq/HempIF/l/uroL5mMNgD8HBf 7T4UGrtArL1OG+GPhNnXiL1lunnMsgAKXb00SlbTCtiG8JrC6uFmCYB2r6Ih7GIQ EQWK6vxW3RGLanVtlpQTEdlYC6TSsA7fThk6xOvvacHJc35wyogStNIT1BS1xnvV rUnuTSlDvLCnrBAuJMMLOoG8m9POcbR2v3Wd0g/BkAXEZndsxX+jwfT18haQJQqr Ii53EgmJEzN+dkhs8rYZple9zhRfnIntwvKB4wvFu3HgKD8a4oFEF/OCNVbCG8Eo fNuJ77xRVzNNytWMN/BSdgq9MH0P9puEpDPYyeaFOZQcCqZCRSL/dSgyRWeqgppd xyjjTXvucoR2c2pDLeI2MUrT3Qa2QBhHOlgVLDFWD/kespr8jkbYl9cM1nnJXWgM TYNSn+AIvLnjPyRDSsJL5BWeh3UkRxvnYMaDL0SqEZe27fFIlLMEXPKkBisggpeM gz3Ju/0B0Ot/ZlfqnrwEaS8WGTx/yxAwf/l1jfyvyHzoXt56fAEdq7115OMO2zLu W/X/Ry5bv5Wl3I+a8PNC0TyOGS2A+U2C9OEZP1woCAj7DdmXdyetKRWkcABk+R8e KRBnIZBYY9ufMcOeKlArf2S4x+CfuXtZdJL0tU8/JvDNYTeJLPPSmOQq+IwO5uS6 VQ1DD1yK8V5ynKOdqcVrP2TFCYX1TIQXnS3tk6L25l87Pt2PJBgjpr/LrX41qSdM KfUIMAHKxA9IxDzfSxnhJ3K3l0kwYR5NNGpIR3KF8iMaVM12hfzPHuhGqGmRWz8z ahPKQ87SDi55gUFgEyv7xKdyKKkMGShADfuS8orLlXaxOtmFKrf71HOGbWlCF/VN Gillmor, et al. Expires 27 January 2022 [Page 148] Internet-Draft Header Protection S/MIME July 2021 wPbDc48mSPEciIHRdAS2+tvHJ1HjrEOAqNrdyOrsZz3/PcpMSbU3BhkPG//1yl7B XJ4eBEiHp+IoSkH0Li/trO9ea/Eq1s/8yvJLU9I2mELlFCASJBh9W7jc6tdVzxdw PVpXm/zDLyqsnDkCP4zvb/l6h7IWNBSlsjbIMzz/VZi4EN1zAINFovRikvdUxzcM QWXjLmXT19X28iV8nuLZjueceeydvjpP5Qacj7WB6TEVHbR2dvMvuColYATbZ5IP NDUyvEXlgI2L0fiVZpjO3zyB+cykMUHe2SACwaiLnS6m2xl7lP1SMl/Ivmjrz9Uo B0laA6uv30t11YX/FtOfCayEnX0MXKn0QxTIWDkVIqykzbl7fnli7sipcxyrYKjL vuUoTs01FIZLiiR5f98FSh9VgRcaURa7bM4RlpSVrIkxDxj1uQkjFTW/fm6EmYxZ U9uXCQMILgp2exD6qY9UTgTS50ZYTsGuzHUMShpvy089IAWafd7MrClWAAgJ9TEA 2OTmeW0CUhpsuU7SRk3L5khrRDYUhj0gLHxjEPpBnk9iIeXDOYPTsEix2aOXQAOz sMxfuPy0BLk+b0AHmp/JvreYA/3Fe1OjNIDHXSYJBowUwrqnJMC2BQ1ZA6q40hWB /a7K5uBNRB4wTUVXXgXTjRM31F+qjYfYGf6Gcw0PVlgpWCNnUwN89omFEON3Iydu 7m/40WGHkRvY5DO6PEyR38hVnnlcmxMAI/BT3GopBxQSdEpym2uagH6UeaIvFkUM pnzwM/XvkQJqy6uVjiVLwADPRuxk49k0FTNKY1XPAC1TVMbg5JIn3lvA8MTZonAT hMX+GjVBx7oHgtF3g7MEjdoW4evc+HieF4JmN3Efij5+HWv0Olo8kR4G+leYrSXG qk9Smld4N+UX4X9PonDtC2hxUs8ojV2dblyqGWgl0VrBQhIWAnn3e76A1km2fqEX HrqPRGdkt+QcP0BFP3dec7/YITy6Zy4PodRCDBwf+IVgK6Rm9y/bgJFuYIdODnOp wpzoP4qSK9pS58RuBKZ0iAV4za1UJ9QxaPc1nkc6DnqeOufHz6WR/7IjS94paerY XsC7ly0HnwcwL53zhKGjsv48WdWwXFca2b4gAVuC4HWNFaQkYPUtFcC8Ahmj/Mec L/TmVjEKU9IfStmwvzylTvHhnbT3udRVKXPKmPUyImaQyNU/1qzvdomRbhSJTDRo b66S3GBWcFTLdLt1lfZlQTWgvQyu4thaxtWQTtGMX5YoOLFsmDVahsZjoqikKvbX CJ0YhvEqJEL4+sfSXMRHqtZbOjO4o18I+wRKp0xq3yzM2rzFWsoTAwryoBHxzLvR q0LdDURt5qXmNDx5+GDiaK85QZ3KyKvhKkd1Bqn/GP87dAc4kk3T8fgTEnh3TOXq 9ie1lpOQsUgrg6ad7jDku5N54QLEoJbKtw++9HtQhpjNWemYMnR+WK3Rh6ZGjij0 hulTG4WkDkLQJBf94j+F0e0AwAGPfR150U1w3fehnCMW6qdV3TQ2YqZ6aL0XoonH 5q37KcgoJk636h+qXkOKikxVCnwCvMcnaF+ZQE6IwmgiV8TUYVVbSCrtL0Dk+5W9 T+ZGROgZe6Ro2g1rKYVGU/D/MpqYJodUNII9AOloc2eWXuIXdGd8CcJADmDJP6z5 bMoGLXudivQpm0hGScHvg0s7A5KUuSGYGJb3eGuKh1GARjkxW/pMbSwpMmob5oMR UCEA91EKlSWVsYT8utyarh+MHyzSruV2+6qC2n/WVUTQ4moeDRWWDaDiiu/TjVIU WkscDMV9SU2BaXDlYG/ING15oGkjo/xFxXIF5/eFFXUo8PQNbI6iI/WVsuQGHBMQ 5RYRifuLhgL2N55990m3oajpGCQW/NODMbfK2aJqvcNsgs/5+hmuQBMPN/sbr/C5 B.3.22. S/MIME encrypted and signed reply over a complex message, Wrapped Message with hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Wrapped Message header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: Gillmor, et al. Expires 27 January 2022 [Page 149] Internet-Draft Header Protection S/MIME July 2021 └─╴application/pkcs7-mime [smime.p7m] 9730 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6192 bytes ⇩ (unwraps to) └┬╴message/rfc822 1956 bytes └┬╴multipart/mixed 1892 bytes ├┬╴multipart/alternative 1126 bytes │├─╴text/plain 379 bytes │└─╴text/html 463 bytes └─╴image/png inline 232 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: <38a0b7ba-76e0-5351-93e9-f44877e20e6e@lhp.example> From: Alice To: Bob Date: Sat, 20 Feb 2021 12:17:02 -0500 MIIcDAYJKoZIhvcNAQcDoIIb/TCCG/kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBABemnHHf75QhIl2ZGjel+3wmhpKAG/LVZP+0 rQgw6ZvFFxGLNvTompRv0NrYzBGh7tJR3lr721cWSQKzBKtnpAind4NjL3EAO/bX 4hICimMlE3HWS5LqmGefPGd8vhuxP9eAjXGh+RaGp9YJEQOCptHAEeHHYnGV0gOb 3dQEJY3PAcn1JhIX0gPGIbPmjbqCgRbC49F2zWBJvipWADfQ0CE4H0icrG/GoBo3 KbeAMTV5CRmyzb2dbHdJq3MqM8cZ6WfoeeJKeYSekwe1p/KjbqXhqtnWL3KB10Cg y9Mzr9Pn/HOeXgB2utuszGfi8n83rihuQBpuWTKPCgdnrGoYaXkwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAPRgN6kAFQanQSKXPQSUt2zjy aTK9dJDqvQrMrgWz6QjVGxn4hAPnZHoEYhW1RAZ/q9XkAV5UQb3U5fgZ9IkRwTy+ V2Gu2Z4AWIAsWx0kRkYxcu/h2JlYjOgaJmKDwTFzkg1SrgKgre7OvivKmGfrxl58 D6IWTY+8lTkTSwPMFIeyv6is+IPsGwdz9O+vYPxxaap0sGOCtYKAqwkqRyYaOHH/ zM2/OyFQ70e/SleSGmndLkodcDQV70VJeznDoJ+c55sJ73aujN1YN8GWL94ZnMx0 lKKCeOG3/gQ8jBoDMdGZBIJm9y/1ITfYskE+SFesVMJbcXGT6il9105lrRLhDzCC GN4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEELPsK65V7wIe15uJa7OWzeAghiw mRkClkXZhb1LxibsQotZWBEOBE72+pz9l3DXSIkD5Dvd0r0Jc21r4p3Z/PxxX6f2 fMSxjP/an/OcfPq19DGzbLon4NThL64YLmAjAWYeoP22DJZNGirpvUXDyMdqR0u1 egDe78jmp08JMy0F3p8v++lkQhOu9WZeg5JZ9yJB9x2BJwnve3r03X2ixRQCPQDc S9UCcBXV9zIpRjseHhe8yhLimaIqcI8Ug7yqY2gM85ETfzHFX/KFALO/hQuZJo6t kmHxfsJ7WvowszS4n1Rt776ooXRW7iwWH9xdi3NIGFilJLsbRAzR9g7Kg1V/I5d6 Nh2G+fD0akyrytsW/lKg8jw0Mqja/f0UFEvTVGTN6D4Yd/I8c7W3CtQke99QM8gB N1A9KOexpivBPZaxb4MG9Y7UHo0l131XIQxvbBlUB2/eK77PVKJq96NXusHZbzEe qmGM0/GAEccBQI10JHP/i/ozD1icRENY+v9iNJjBHIfLQuyQlxqM++FeJoCU2c0e Gillmor, et al. Expires 27 January 2022 [Page 150] Internet-Draft Header Protection S/MIME July 2021 ZsgVGlTvjl8C4XCtfh+9MxlWdpldoaTNvpsmX6r43N/TF2GaEyHU9O//bDpCr+Ck G0NI88+I1oJj+e5t7HNJt10BCZCZ8NkYmE0cwmieBWzIBHB2bp9h6g/nzgpVU1bP 37++dp5EOFf92RBfL4/wEXoeKs+iA7BpJbWXF6AytE+FpcH1K42V3+p1CBlkfiJ+ KaXR+EqmztZUBgUfJgB0HioauckrGHuSL8Pb+36j2f16yHsMCvOemme+gMtm2Vbu YnHvx39UkvFMjIm5DHhDe2IMo898rc5wvri64HkOltEwgJWS7zNCU3FINVy0otUe yYRaGD8vP+QWxEnVV7T9t9gIoPKdiMUXmzE7GdB0NgSew1PgTYeKp7JD5xR7Di7l 5G8Sia5KxFHMTiqFQEHIQfRCd5ka0pSREu24A1oqhH5AERlJQlIKYzH5yzur8jUp RYprPX0VJ7A8TWfcpETQkJaH9n4iz6uv3AzXqziQiSYj9OqRN649iuIWALNaVsGA xEVOgem8cBkx3TYOFyFTcrbCgiQsUHmr+CoemXL2lGZzYpeMCtcfl8J922n66XA6 tc8hLQ2zv8T63MkXGTLUvVKb3gDDHfs6q0Yy7ZUyk4ULUsVne4bAhDSuC5LdGjuR A/8V+tpElFfC+WcmgkNpfriJWAobaQajXyKfmpJCpn8NSX7UDy0+3Gqc4SLN3rU9 NfiwB9me6rZOe3SJ+8gQUvtJ/r8pEE3lfSWDxkiLIcuHmSLCAtJvOxoHUXy2WhFL gHPvj2AncfDF0Uz1WAL++mZ5o4eazqFUf3znZJka4XHa8ge/5NsfF8kGp4Imw2IL BNSa5p9GJMvMMMH9by5idjxhzwGSEmWpXgO10DatC0rAjrwNb4MbW8w5L/jHe616 qnKFAn07LGQBxRLmymUBTfkDGQzgK9ioV/z6A8aQqPyFmWwCGr+AyUwkb9RCpdoL B+nhHWFuwdoH4q/J8YP5AxKWudtipj0s45ABs9OWRnWsmeGlR8Ont4NuZJOdpzAB fSNl0PXJP/bJFfDmqsRt4kzp71nSK8IW6Zda/NlLlua6BBhBUUkYtW040/b2miT8 iZU7+k4GN/Apg94Wq09JNtUltma+NZ7+Sp0gRp21OTxW7pbaibpxqRv+YvouNjuu f7+oDSRzjNSVinMbngLjNMXonk/dxyFVpnTLCqItkgGEgFSq/90lgpWPi5BU/sXG jjkIcXyPn6nmpzCHz8izZyPLO6j3H2fcoyijuiVeTQ8pf0CshykSbZNI5yfpEgwv U4ZDdQFih9VfM318ILVh++BIXu4qNq8YSUaMF+TbjKZY85ls8i4x4E9UbQvG6KDS gh6G1yBmBetkNO+JQSo3v4JraMTsfqlngVXsSs7MnWgDAPpmQbSqFWouXGF0K/cb ZM3uc1nU19EersOpH+0d9dmYNUIXzRbN6op1prxbeY0A/Wfac6XtGjmn3s6kcVKN BkrG5eZmX/bv0YNkirtILqRyLg1b6/cCUHMBWPzQHvqrsRYCJia2pU1pBahP4fFd ubUwBL+Y163DF79VxGZIyCCLT3/6mlJIK9hzxGPpua9RPpRDPYRWgjI9lKnUHNTh SfO0dKNfflVJ+RFHdTuQKzRrpVjmVgU8nIJ5OAqY1GLzkL85oS9aAgVz5Dz/Ub6Y RYMyoreYicvlFJmg3+Xz4TQ78TUfDODIxXvajAr2nvrGNDKd/1zs+UK9cD+RyqBw pyj8oswX3mfxUxDD51CY6eu2uA2XkKyDqB9+9o2qMpAzn/sKpb8Gufs9+w/h3fYq wN438dwrgm3QmrbnnKd5DIiGN73R/sfbU+jPdBPt1+mbEcSuQfOpn248l1XXfkC+ AqgOQt/g+zVzEarovYShdrzisNOGWiL03B8I3FjMPORuDOL97ocFjEzODi9qB4A0 JxNkOWVZSKqlgdAPsnMFV6VJsUzY4n5UU70CO07YaYhUcTNDflyTogDLXdZTZ+XA seYTmasKA4AjEi1ryHc0xakiCwXnTREDoteMB0PdsYfETV4epJ1Ulp4Dvuyu1jst LW/z32sLvxI4Vf+0+zhdoSsVZbLccdRrGpZEswWl6jGigJnfzHmv/49VRbHk+4Pn 34xgC6w/oCKHHT4nMxZb9ZVBOONWmPu+pJsv+6oR/AEup4RPFRttX4Su8WoKV5h1 FLex6YsmBt8Z4EWUiJ1MXOJ7mLsPg15+unnWWrka83zLgjYKa47PKmQtXRgY3AO0 NnwuF4h3tCmR+1bYmQAwdJhph7ZMS7H2yEBFEDDj7ZWZMinYn7uWLYRHx8hQJTWj bxg6I/4HYqav5AvpaDw+4boD1vHkIQiWZcDCKbalHSrUkkwPwAfRcaEFFtVaHrTI Og1NXqKY82hT6wuaEZ1FM++S8ggsOzphHGHzfYa3od1VNFKDY7tmBdZR1UEiYFJu vuqYfrR3HnaUXhJ9f6yNalXHluAOSRpkCd8mU6xNcZ6WFjRvtR/wnIUbCHRMB9qu NkRzDtXFxpzOc/OM1huFXkvkchS998RqIiRBzbQn3IJnuqcS42SadtmzVPVFcWYQ B/XQAEQOqxbBRnxGuTIQO66lQexPgZSdDWOYBt0iwgzvNo2jhw1sEAAgre12U0lX dt1D0NX+ng4MSmm94NQpOUyVubUx2gOdktIeCptoZ/JVZ+52Pu/3pEi96QW58iGY yQVrTTxMNHCa7y8EDgwhJCTF3p/+OBQvy2WeAxbuT7eJM8XNAeYl2h16qc9R2BLK JB9N5n+tP1BOeVabmdYDFK9dxuR5OdiPe6p+5Oemjqduphq+THutCTMQLiMdbw9p 80t79H8ghZa6Bfp4MiWAZR9jGT0Zwti3eC9hsXAA2YHvwPjO2WGQTxVxRe4Tt0Ma g4FQ8dlj+WhiNS9Trc6hHy5iyaKf6n/ElVbhzykB+6GVMvu59gsgh8nVlERNc0te V8Kge5H+nrflBVaXUc9kZDWcoawn0T78dZ9rdZYhE92mtWsmcqHJzKX/w2q0ysP6 cC5Gr6raTsQRI6YM7jMgQP2RDCqWO6FNZ2oEjkR29Z2ILJ3I8O5wyHzjc4wLIIIh Gillmor, et al. Expires 27 January 2022 [Page 151] Internet-Draft Header Protection S/MIME July 2021 +g8oEfuQBDoJDKEGA9oP/KwO3QdwCiL/splag+lFAnQ7ZY/8V6/ODPHZe11dX3Zm 52H1sFC2kjZi5jrrmAXEYfgrQz/9StGReHiB6xTnt9qNe5hzkhutkU5LCdMch8nh 2MrEghbmoCyDnMOGTIIs1MshNYR0N4akI23TtSjbxxc6tQO9KjUWGc4qBYBJMs4W iyCYwDVIuO9W/wtEh7uHvFwiiUL4+wfVv/mxwdSCIl4iRxBbPWgcvLobNqE6Ik5w kFPsfZ8Slba4EkRlgfjK1c2o3c1khnFVJaHCbc1mKSGOO6y2WKasLYczbfyfqv/G vmVmF2SNmun6N2n/R6Zv8eGmFKC7tPx75tMva6+33+uRc2kBva8kd8pvd7pFHZCN 81P1jf7+Bz9zV1t9sal3NPwtST3CSlRr6fSEYKGF1Uc8K35ex4AOlAxAIGn4PvxN 8stHYQ/rs/LuxYw3AtFOGBNALeivYyjv7h5c5SMH5xgIUD7OD7WAJkSI9EAsxKSw c8FZieyl7HSGzY3Zw9UuYU5CEbkLznkQCwbsG+g4IU7dIGko6tZNDl3TbCG7E1mG UzcAfLlF/lC/fdVJCgseGDLiBGkXu/CsN7iS+qvRKOBflryc2fYnwzc60FI7T9H6 Rn1wpjWzX5FaXu4MPnMl1QmK+rk9R0xkGoYalw8PJ2hWPQYbui4igEjzIj8fjWn3 L2X5+Xh+utJJjqwnDZWPCgOVJe8ALGXcBm42K+YZpSSbh6urdfpN2U2cZIOUHHbG +7FYUD/BbHZKEc4RhZ0PDI62jm7XmK39RgFWkFNEJx7NR2AqMcrzabBn6ThywOmO XukMU0t+IODdxCkv+Eur3zD6Ckfp7nVI47jXuV+7lRThbgtf/vBsiVEgY9UsRXIp KXR+BqXZKU6eXtVdE9mFntfpJgzY/gUGVUAC0FnkPCGGZ7nJxwBiefjogTdmwumr OpMhPLemmKcyw4lhoDmEpfw6PC8V7Jf6mXvk7y/YBI3jhd93d4MWGrYo6sfk40aN ipOogZChn1vVF/m9dhJCpWwYAHAWL6hs9aBMPgAyX1Se4yoryvpwCICQqTDE3sIR FwSiM0FTJg/b3kNXbqDL2y/F+MD7GAj8wkTAfzdz5cF0zDwGEYI8VSd/Fuo/8iID LMERjH7EBIzrDRbDN7y/hNaYW0f2IH0T8U+IsWMrE6L0M9GrVrla8+5AqBfFQNeB 0W3hiJVKBuWEAj4GMEbe4ui5brMgNMQ8gmsFSSChpsI8DDOuDsXT7PdBpTGluPR6 RFXW5Wg3NAVjB5R+oTTEDiERj7H4mQQBkQY6aYsjKgiqUoh0KMvggBfQlSMhoXPp akeggomPbrjWDTZB7oIxb7+5uIJ/E8QpV1RSpIM+lkcEKwOd52pNGmFdYam9f0uB E8fDDmgEqLaxpH5pT9EHCK93SvSGpgknz9NjU7mo4BwF36FW2fQ98MmnqCTppcOP HMEh0PPuwbIPwMNXYJgtxIXVVOXHcpXPZ8Ma0AXkm+GbQ/bJ8DNwhCjym3lvnHid c8zhr2OqPyyobkxgqqDmXd/6j4ktgbE6Mj5BhGXUlhPJvaM3SMYSK7glVMzJt6/0 l1P8Jj36d3Xuc7Q1f8DYQbug/t2+EUyaEFFAMHdhRBT7UVARIlpsLgOEIHQhgYAp jbB7ifMNNwzy0Av4Ljw8blaTXOAiA9XXbXxUA9cWTehM+q4aNwpC62qpIYfDsiQE 1PylVVLaXp9dvgVoUx79PSYL+IK0oJVBd/8TC+vxrbE4oMJvivfKpRjvb0Gs+df9 pGwAyquOK0Mca/VhDTj4iz/wRfVN/XyxlYrIqL2SNDvZOK4XK1yoM4Hpl7VR0fwS tsVxDUoufFGcOGWdcxa4G2xFQE9J8PI4zt05aTPVU9blGobxY2h3RK1ckPueqzcN YUIaBCLZv1tWXaq15r09dvH/77Ft2cij1UiWoSJqCsUpGqaupjYxm53Ccd6GcbFC 26NoeKqn65VNLhBo+fEiN66igZhLaARY8pqqs9vFJPFXiz9iWQskIXul7B7dy5oP +ZZmb570ZWUWyCX95um4m3h+OpjjzaKL3NGiYSIZG6xmJipZEFBj0Pz7oSVbeG4M JmjpQoLAyFuyRjjDw0khwxWfURov9+vWTTzCriLC82Y3bZ+yMsLQzSVRe573LgWP IHBWKHQCzAUO6OtKVhk8kzOav4cxUqjt2Z7iBTLmOAnBgNQQ1GBSr1WPddryXjTt 8px6zLd61sG1ki/4Wms+C02hZVc/p7RpK1C5SrsI18TvIk9Bkhcg1G3lwRSsdRkq +mVXfiszPZL1zUJebHljoGK+uU3l9MsLC5rBQ81WvCr+M6ggZE2ep+fZTs8TAgPg YpfohgibWutxc1bkDOCL51nO6IbN4DS5Y2/VenQ6EivFGLsnB0B8hJ8lAAQ3WyJJ 6GbRxlkkOhYYLTBl+DOaVc6/+ncmBQVoKeV4ATm1GDybxnNvPXGTGx+zom7EVIrO btfAlEE7Yp+Q+roXlXhZIiS/W0virxKQxFKthhhzGR4jbR4Hy9HKeQGeJnk/7plG 9RauFd/iHdYQk4paXxMEyKPEj5/JMNhcY08i8Yzn8wUnHMgRzSN+hJ83XBODW4fN Kg5TXhAzWy8hX5t0xPU/xzyzwj+TGGbJd+7dkv+9GTJ65MZG1VVHRpiEBEFj9Vxi c3xTrice9/QULNIHR+o4beT8j2SnWY2UpyhYL+Rbo+7nRy2n4o9PKjzMYWVS6tNV biFel47a+ulvyTi751Vhd9xV+VdjO1IEMHbzN1T+5KyXOvZBfx4eqkdsZ2Hj/5Gt 3pFODRzhz9H25rePaGZEba6vQe/lKsnba+2WCH2NGXToa4i/CHWIvUMyVM67AwT4 wVoIePNZcFI24Pnmp/8ACtumdCgTSD8pfFc/mh1Ysq5gU1tRLTODTaYv/9poAVOy G2EiikP8TST553FyQesWtlkOcUvZyvGHhECjsixSYJ+8lrFGd/3SuaXP053Iwavz KswYHRp5ykstVEbkLCBUh4pBvKUCr+lzY3EYbcV6IenO31PFHwbgWwoV+5Savazt Gillmor, et al. Expires 27 January 2022 [Page 152] Internet-Draft Header Protection S/MIME July 2021 f4oYeWzl9fyzY7ek15NqVpKIo6Hi/SkZ93ZDf6IjcN7fBot9uZFQZ9IJ/jva/r/x 9O3e787qED29fhcqQbP5mYtvnUTEgYXriffbqPnrY31e4UMO4XuncNoXBnO1uDKd EQCyYo7Qu3HvxE1aS1H2jx6wliBzBhIv0QTSlkSjY8KuO1Y4zYfdo89GcpEcAUWW 5Wz8i2jtKqHpochDl4qnRKIcu/N5ped7HZ2jtoxR0erZkrfokujVj6qx/Mzpj/ta XF2wNkSwJSMyeluo8Vagsk3a/aNDwwN2UAb4S+H23mVWFb1LmlK14CSSOiRLBbxr 72b5u34wsMuaRjs9sy4YTA13PBpRga4vLyQ4dBntDj4mp4w0iLXS22xx1u9y/FGK WWKDS0MTmTubwZ9RB766/e4EYc2KeGMq6ytTC1GkBSDTLzMGoJXvMaoeVcaDzclV w6NCA712RkT29BI81vNW8M5d01Xp9LyVz/HJbP+Ku9EjdUX1DHiv3nUSvEtRKYaD ayDvY9avOqX2x0VVx8i1sSx00ramjBfX+H3raR4zIdHYdEylEQNaVuukLQweTbuc 48BJi4WGzYmrNDhZ98qxQIJJOU3ENFZ2Nd6dCPGwsoiRZG8B/oLZCwbduEdyUhVf 574qupgra4B7oKrXn2bBb6GCufPrDkqcyYpq580mMuCfio1yajem0ozLFSm4xjMy dYKR/FTb60MfAM1iDPTCDhUtg3NsxjbXlaxFjoipdaFT928fR3sbi80CklUxt/JP 1hyM/aOI0d9eFpiAJvaz0QPpqCrR8V1c8+edYxhymI4uY9ZFzTA66wgYOr50r/gm OQDYGfPdIsst89dimu4VsjOQCCwH8KSLL9xdxp1vLsbFMWBxCNh+Wso/HLEhwrrN nd52fJCIqLKknBEH3wNPWsadrsPyJ+gzhEmF5Bcl9zhiiloGnCFZ6H4Vl20dO0du K9MXE4g5lJUAWEGCLU0VZRL05PmPDWu7nRk/00Up5f3acJ3OhhuBoNMCF1hYlDd0 r7xKN+8PYIGuMAlo6FtLtHQQ3OMAMspIE0yvpQy4z8DFHF7Qg1OJe4iC1GS3LHcu 8twH8qh3nAtD1RrUcTzBtxFhN+MuM7W6KHNN3PX0M6ZaKmK85kbmjQwyW4PKL++O bfB+XK5qKwwLFmhVt8hGp8h/ZNjn2rS0JrNHWc+4vGmgVLjoiGtYz21WpQmDy69z mmU5qH8GnHbw7bhKwCFIVBd4FHS4DCSNVDqpxD/hI4k9mlRyIquhSacoWk6J3rH0 ntIkWuAsjw4v8+arLCCXfutBqMYLrKtFlOED/6OidqsFRtCH83DsgivRTvwBw3G5 ogcNF91U+tf7VN8ij3t11LhGaXIGdXUzb659IiSVCAmqzojCLBPmEPQOgeWnC8WY TkJnfZ7E01g3WkOiTheVE7sCVGy2oGQ8HzvzH+AVv4lNi55IxPVWVgLEFwbQhRvM MeRPidNChc78jREtwyVJPsxKm46gyN/eYquZG4cMnMbM+IzMid4tESznXMmiJJww cZi/nN7mSSD/M64BqvsiZ1L81JdDQQxHvHJrTlWH2R9nozsGkSzr8IpbSienRF/F iX7pNZXAq/L3mPo/4iC3XUPEPluweAVJfoa/irEZA1tu8eKFqIqQt0kGsFYO9Yf4 LCXtun62PTxnZ8b9NfqdzWYR3lsJE494Hq8PwMChPCE+YxtVjJI5Wtx9A59otG2S FhjPjS2KIEp6rONnbasJnAfb9JGqAd9l+yofLqbajiU= B.3.23. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_strong This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy. It has the following structure: Gillmor, et al. Expires 27 January 2022 [Page 153] Internet-Draft Header Protection S/MIME July 2021 └─╴application/pkcs7-mime [smime.p7m] 9775 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6222 bytes ⇩ (unwraps to) └┬╴multipart/mixed 1924 bytes ├┬╴multipart/alternative 1130 bytes │├─╴text/plain 391 bytes │└─╴text/html 472 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:18:02 -0500 MIIcLAYJKoZIhvcNAQcDoIIcHTCCHBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAGgB6GKG3BktdYx9b26f98xIYUpPO5jQYr8y mu3jMU7EN5GwAY0Ip8BEEtWVO4kkV3HQXLjPR9kQ+v82Lsj0MX6+ByE29ESGUDhu xH5X4grXCpBo7QCwHRP3vMrvz2rnUwT3qmP+15eIT/mpSlCSn0nVe0yY9/awCKEY FmhxSOz8c7ZOeJnKwD7Dcen+TGr48KGfjykISEpESzDQRkMxRHgysV3/LtVP4Z85 5GMCQWcWhCsG3gjYWv8qsinz5dzgsCvNdyOrK+q/PwTtAaoGZigwl7Jp4qzp0Jfk KdovaPtczTI3cboPx4J9SOlkuYOoXHTvs8TVhXehUejBEpRXnFwwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEADPLALl6xgtRSO6KJPbXlmwZQ rDBh5k3KXiAfi100Q23nJ0d1cwaDu0zASg/Gfsl2zg5PbVesXD2KiIQrHxnGQniD 6kXIvExpulKzi+JVIWUHDsqAiX0rXWC+pqu4Xasq9vnDFiahZfjv432Nfu7ntbR9 InqjlWZHCnm6Cx5luBIqBjyI7X2ScuUS5IxwS7x5NPmo5zvOEAiAqFwn1+sQvnLB 1IfVpAJzRlWOQ90wRxHOJ1TdCKUPBKz4DjNPZ5QkKoyrcZL1NRmZhc1zYaO6/WkE fKcHP9whDZMI6xKPVXopLdoG69yridXDfJ9/cqPHZvnOQ6C9FnDFb7UAOqodpzCC GP4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOtLatHfIQxoAtToDlaMkYqAghjQ vboyJHrq47OmceZe8qUJUTMbh4n9X3Xm6okY6K1/HEL9ocSqD+YLGlbuJ5LLqkCb 6okCbGytW+zDCBPmxbvXbNfCPVDeq9S82586o+ZkJWSKk62Nvvr69nIOjsL8i1jM A6gmqLvYBlyzPX7ZJpaqPSG/MTBaErO5iawYfcMNw1eMcmOWK7JKypzAMuYInsyL BCGP47SR3MOtq3Qhyj5dvUNCNhl5oVdI0iWJdwVHVPyGdtMZZcTrZI65+hrvfcJV Kz+Js6If3tQUGXtcoHCpERiT1UwQXJgjuGOlYdMfpGGRdz2ysKclBfoOjnxJ5W73 7uBt+1Gp70CnII+OnwqBLFpPlb+VyKv2QovMlyDMtc1YGHbZR4EkWgqmfa6j728t BhqDt85tMy7wVc83rrDfcz4xnlwBFjG8rzoZvldmBCDxW39oeMLnosnPaXltFP+v hunoJtQi+rtocaoMOC83Um4OXmNvhpIMQ39WbYGEeJ3riQFQbvhkNr3iMHUo6yt5 SK8U0LJAd2eUjPATP9fR94bIp9I1JaVB2Sv2BDcPeggly+GI5bFlR7FEO+AtMw+2 Gillmor, et al. Expires 27 January 2022 [Page 154] Internet-Draft Header Protection S/MIME July 2021 nFjFf1oFgW3gYg9z+NEepQtMfIo3IrZGup68T0XuxvObSnUMx5vdjaIkILUxukwU AtxxNzwbX6J2Hu0P808wz0i5IwfMONZGE9Df5g9d3OF3RbM7oDzOAvkljMTYC61C FqkoFmsaiQIDihugvYjOcQBfFzCU51Uw8e3L0nkeJbCK6Mh7mPRop6MmBHPW6dLO twq/HLZCx0ShnjfVshxS2dyxSJuFrsrqhM95RuOWEFn9Jb+ww3eZBw4FRyYsTXda V37J1UpU5EFWjFaZe6h/fLZLm578XhVt/YuutPgNoI/nzAl6zf8MmSIAMLsY9aWh 0+0TBltpZe3Iucqiio5QHpAzeXSkgEnc4M9lorjhc0q0EPTJ4DyWN/P6L7DuDhMX zHua2+LB7Jk3MDljYcZLwRcTWACnzhxk23ie27s6lr4AQMNqtJ2McH5I+LDaV/4B o7v7z3e1ytN+lu0kD/LcnobD0vPCC/kNdzybZrdK1QmXf1B5g8bKtn9U1r4hylhr q/5knv4BOoq0LO6ZrJF4SLR7V7yc5vlwPnde6S97l+0rWCKNYdQo71S9oQ8Ng+LE FF2+qgTPFrxieYkjfcg4ufwvobr+d/a34cXCFtkRzzdRZtHezc5SET28L8QMUKQ0 Dzu9jNc4CVpwZcZJCt2piSNUP2ZtG5Aw6TJoU0j03RgsRjYZRRK/J38EnfWQFDQM NVgM/W9t5eglXpW+5lfvbOwGdkF/MSwsxUFMdGkTedteqMlhEZ7gYKKRyeYgTlHu wXnWR9F13+ia7i0mlhW37dTjzRgFqFgOkWcZaLGHtTA0//duQNRCbtpqpaXsPBRS LB7fLc8FtcG2j32tDLJ196R6U0cl3/4f+ReLxt7SHl+UA62IhnljYjC5BHQClMZ2 FOD9J3zM/TIwhDgGd7giwr8E6CcgzEfhR89m+atgRGkKO2P4KMZ+jsDZHm57RIP0 SbeCDIHU/12syY9XWVkqpQ+RxFuqOg1ifw7w8OtS16NXIB+hvc/ods33JdaKPmhL 0xHMYOG49VaXxBNZKMUV3lhbH9qTOujjvq5Wv/Pn3VX2Ikb9on1iLhGNnWB/7wj4 y+5kyQYWEWJLEgIHNMOYRkz4ZNO67JJzUJXOa3FEDUHaX/LGb5BGxzSStP5+gdbC bZauUhSd56GP/DG9hkJBkCaSoh9ucrwRTy4KA5Hq9HW9hbF3bK0O1GuxGXME0ATn MBN7QGvv1rEsIq2It+P7SJ8lOYXd5JKqhOA4l/pXeMkMJd85fIH7/tA1vmmaiRp4 89fTehgfU/hFs7ZoUMKyRMoYwCxSBNPFKQ/pQ7oKQlFSFMhzSZOzXU0galm0JGWl wWx2zVYmMWt6CsDUDlPxRJF1stohJhCqAVaiWf0ryH6wpyisOkqEiSc8haCbZoaE n7CklIz3SX/Y3YcdGa1kLdBNiTTeQgaDp2fCjubN/XgAiNN+0cSXyrXS0WyXux1Z vk26ZFeM+IUrlTpqZSLqmQQThHPmScIYN8Az/tTHkGPqWhl7GnMXrLtzGN7SPCs/ AzAULXxJuf7WysusSsZ6V6KBF42ommqNIC/3IBuDRZRSblG1LUOV3LcvCj8q1mSp kdZz0O6G/gcWvPwFBY+xNfjAmAVLbOOK7szIjoZOL39aFlaqkLAzvBKpZSs2cRdC qhHhqV4by9F1FTNoKi6+X6ahWpgtzrT0Q67StiCX0yKxHxXau/GAoyt55fGG6dHM gFM5n54FlJqUKk+SugjX8zjs1VlBA87Qd6hZ5zpi9iQPZT7OxraZFJ7usdgnt4w4 P8oCyLsT0OP/TJ5uyyOm20oPiNy/MO5svThrp3Sj2hze3QtVyehi+GdC2QtsGgtL p8yk5Am+hpvUj4Ui50sO104C1eNvFCu0CtiBjiGAXVa5v6jxCauIv0b5br82rDTC QdU4NQrFD+7940k+Zl0vnQrO0nZtXzbglMute1QB0RhFx+e9SFlXqXwuFichOREb Hhkf29fn2lCjqPsvamhIADTDHWMMpvB1mp7ra03vRNTDaiPDGAIxs2hbKWUNZ3qY rgnNdjqCWoXw1cJEgPIVhZF88/eRRaHg+4bUQ/1pdhUt1nrgUESxek4Km7FJkJkl zm24dCn/QvpIP36geABxN3PMcu5qUCrWn/kDwaK28VftOdRuArsIslNMqvpCMKJU c51NYTnPC6zFZv7Jcuv4Udnxlt5Txx1i5FhWeH2BemDiTGtKXYhfpN2WQmLKG4R2 5UUH97g4/ccyPFTdTo8Vt3flD4o6j1bx46rKbIVLrCGAnDkvyYcNcdV8lGSbzMXr h9/uax1DQ5U/yJAz7EpCDR3V4kqdGyf0wN4Hu/U7kufOSgEZSAfmMM4Zt9uOtfK9 gen3dxOg9syJuFf72gEqzQSB7eTPhmNZq5Fz1LTSa1JShZ50GYBuF4g2DCtt3RsZ PQzFCx+0H1EtS2LWwIGyqrVliN5sgXqXNZ9jvxV+oxuNJ9tLqJmP6rPsuwnuWNqC N6lr2LLq/DNI/KuJQvjB8c9z/znftdv7b4hBVEp9Avu44fhDAuku+tRhTCyrfFYk cdJPY4gLrADre17btiR2V2v/MlJ5mlZlZxQlWsCcxn6ZlRRqoBUi2bVq8ZoM3YSu FzCnqtx6nGQLhIbzQSlpt14dJVjslhKRTXV8JgmcBNXGsJXO6CyZsl1pOQSonWuU u19s0K++2XliTOeRL+0mNjI8n/Urz8gUyNrLGDOOP7/Ad1Hl29J98m/JwO6YgT/8 WzbLdZhBtKLsa1XRJZsaClJSVSU3KLOHG66+nRxvjWGqjRdo29OqEWTLm5LN42wg +18plDsVOGE/k/GYQG/1CUajmY5uQe2GxFa3MHEYQuutoJzf9zd2fwgi2awktZCS X/L7nQ465BX/5/a1w49QGLIgdxCs7aZDluH24w/nKQilDFmcu32Zk7E1raivt1T/ R0UvQY31YXX8FOPKdqrkmYVup+Jm/HcUMTUFfeox/U1Mp/5hpQCQPLJtqsiFz8d3 UtEhsDAWhyT+qvmRWWaaZqLxB8U+I413kqPvbzi+eT/7hW3uWHJHQENILOE52Gzo Gillmor, et al. Expires 27 January 2022 [Page 155] Internet-Draft Header Protection S/MIME July 2021 vTnIqg0aDcVlW7c7LRDxgNyBbmhfstoE4edSLucbgFNDK+MnLCu5CFhKTcFnncXb k4eCuMhXg6C8t+ync2+EFLGwFci333MMLRxDu5hWvFHBKOWHZlwdATg6Rk+Y8GrH 8w1DDRvFU883fcdTEnzs9EzAjSQQljinQ5bZrG4z/f4E6qYM6Wx5V74dSbt3UY5W ytC0sBSSQuwCaT9RWFgQg/NSI11hSw0UpzaLBdx6o7UNZf86eLZ2dQOUpT5dtt9w dggL1xWPwEimCFdAVIakcKQgkZzPpd3ZBNFNEnN6hvmc4exXJJSr06HEdl4MwxYd 7kBB8EXsx07J8YWThRUKydVvgmZI9beQAnLomg1HdkUYZ9AtLNOceTTOF2k2KN5u qbuHfVlJs8Re8z0G2IX4piN2LiNugTXhrhNMDRlHkg8TIlYJVD8r9wldWDvCvhCK +vAFJXtYG4w0jJDQwLpYWJhP40O4OS7CO1m8X+SpF5KHsUbHXiImHX2j2QfBlMJi ZOMZS4q6c0BI9/atOx9Vc+aPqqw3MPSQPmOJcXGsZqcn2nRvmmouVZhejm7FUq9l OqbwzgMV2VPiZZcwNt0BSweQmD3uEf0Dxx5yoK8h23DhhYnqIyF4lFvTa5ZMunqj 8cdbo9W5XhSK3XfLi3LFSLASSZxNoPXYLPsRy1If3NPrMH78uvPvFv7PFE/bUy76 UnsJDhbCq/vIXlthN9fBsrlgc0/n8j3Zr9cuVnyQ/SIkumPbNdlN5cnoLNXJxqUX DRw7CVz3EHt/oGO+ZUw2oT7TBfYRzNorbRPaPG7KPm8s31/FKD3FDXJVCoe5uuqT sIlMtDmCizdddEX+GL8nWvR45zNZN9LwfpkATiBm/T2fbbLXJDWHpMY68VRBN+tr BXgDwBQPFjezurdjg2zNd3oYqMQSi8TZVcEl4l2fI5nW9h9+C+z8pZJ4LO1+rnGy JKigIYJ7XSyU2yruJmGm8E3gq1nfCp0xHiEYI+w/ihtWHtBKDraKKc2W3SQsV54K cQ7mwmjYy6fROLRfJvMQus6BmR0p8itSLMwJwRH7PlBKZHHw/zwAWlCSKz4yURk2 PICcVErMcXGBrvFFhTZ2syLuMFwgQ+wL1mF43D0byWTq9IFPvkfuv8CLwuN2oh4/ LU1eQmQGGYvKXlyeJOGxaltAj3h5/aBGLgRekQUDnYxqPUQWO4O4OnB8ZCotxOFG RXLoH+tCMjDZx+cdqoEk1OtJLvu1iSY93qSccN+kBRjwXMeCWpHJPFCdO+IXpV9a d/JwtIqbHRUqrNc2SGOKB4FwhisJOEdc1gfVQGmK267Hr9tLmA4A3AzvMdFV+3b3 +zLamYS34bxF8MJ5Jc1YTN2pFLbzRbnSrwSwL78AK3kGC1+bfp7UJySeL25HOo+n 2vikgi67xoEiXadTCL/3zfzlpnSK9gk1nuzDIROAUNXsbuNDnHi7YML9wRhbtuPS aNhb5ySowG4b+2y78p3Xag3OWhn+Kr5zdvo+V519f184cL9zHs/sna4QZPLo1JRI 8h/BkZT22D7sSEw5zAaq3BZexJEbRnc6H+9xCmeS9HYsFHTunuLU6DviMX3SqNuf SddFF9lvdqL8MbYmJOwL4U8V8+f8cjjtEPK6jIRvlcM04eVfoUX4qfhmQO0wUKrT VOSegJhywPhN2vI98u5oTi/DDIY7oxg99c+BVGo75Z6RbicnrDH+R/CqMr8XUbod Ehg65XJUmgKdI6KJhV164dwArPVdjLtQhaM8vEn7GmxNfy0QnAa8AwQEJ2O8VSf8 0W9d9FH2pNdmYLifp73MOauTe4/U8nGLcydoNQfD1d8aZVsH2ISevmoTTqbeFa4I 4l1ldSHN8KXFYsd0yGfJ0m3uJmiZ16dzydARi272Xv7crs9MODe6hv4LZEPpUWlI DeAOqmsuXU9VASfWw/31kppojLc0aW4UijZR+5Xqac7DLoFW6ufll3cbje9TT6fj sUTp8v9aaj/SvVY8nLvyNx9CG82UmaBdZbxQfyU73t/D1a6xa3Q1bsbtDIMyilnw ZwzlNHOnDewl8HdaYxpPFHF6TfcV5Y0vVxBYWYjeZ0M8qNOoJmHRnq3MXTsaLXph 6PlNkiVojCH6Ior1phf+PNP5YDohod7oD+9XP+aVRY4sC+9cLjIfNQ1GDz9gczhn dICiefRTWf7LxFg0qr2snwSTWfqXJwLE39hSYHFz9O7rkfeiQjnHWuXmHoLPFW7c Yub2CPqdpnndpREzbyUuyxr3opHbZVNyDKFUWkT3sk2T459phaIqJW7aqjML5Jd5 +l6ABe6W85seCLT+KX7urHrcRVpp7smcK7TuusUN5SBgty2v1dySrsOHOfjr0ruH N8sKn0cONU437UF7m7zNNY3KlTOhap9RAfhrPhVgVNDvsTcpRN+i56smOhH/l2VQ gZqwa8wz68jgNK/OsfC1nonpeIAA5HUIwwflnZmh7K60QeJaNoizoil6iUmbUNzY BrvKrB6Jv5gIS/eYat5RMG83dbjWg/ZsKT5dKqsAyK9FGtwuvR6woG99CUU2SCFr IbiqTDdg2myr0t6NDZ7Gm+a/WMrEO40z0cI5wbMOTACb3ahp6+woeM/Q0B79h8q8 NaEN3+ic3Ewb7aoZK3mKnuZMRIGa72fzl2Wi/2soh/sKlFmcPnBIYgPJI2k3iA3Z fzOvwMgnRNc8E/IJkW5Sy6x2hMTUAyxlDaQ9Qtie16n/PBfL6k4bOe4uGyMjEU5J BShNoZE52sPdju0JSo8nB+lgGsrcH5VP1gC3b6CMGWl8KjFYL/LoB9fQOQ7YLeGY tiu2lgGPFpFF+WBTEsrPfkkx9kSWH4rn4HuwO3ZpiifvA9SovEyRG5pKD5iPVKgL cMtgzAoC4eBWRcQGjO1/9ASSw4osCP0UbjzRFa6AnWuI6r8aBKvbAsFjrnS3Oe/F LTXsVSLHt/7bBaAbBTuMtEi+DiSI6qqa4ECvwzZlLt1m2OpfiZsQnQm0Rr5Cw2Ob PrJODZ1Mdcsil1wqQ8C+/cByHvoy8UTXNoQ3eBiBEcsWVjAAue/OVltk5EilvOlL Gillmor, et al. Expires 27 January 2022 [Page 156] Internet-Draft Header Protection S/MIME July 2021 U83Y4YMvE9sU+sPjyk0Gf9H58myEGYe3ZQClRYh0ZhBOlaxV6JM8NxwZYxL8yxjH qwglYfwJT0z5yMwZNZ2BoS0lQi22mpnGb5RpzhMYaB9olbluh0agYXq5qawkqdLo Y4I0ABTvcl0i/fgkQpmfeaqROJfKamJXw/gAsHnRyE+PsBOZ2alRqqke9nppP00V VEWg04UH9+Wq3/JocxQDwM3WdlGiVq58dGeovLLp96qH0ZncDZMuS/VRfbNKt/yX DnpPTmg92qmy25NfM0jJm2TU/Wjl3bEtniJ53e/pGrlslIvPi6jlMslDocv0a+dj D1tH2RGhyPSGZm0AzEGCq3rImyfFVRVGNFv73nm/9GZa4O2RaKKeH8+ocyadRZDB +vbQSRAVggikC6BnCpnpBRnLasxp87mqFcpSHTkyi7b7RBZvyRDIbzrZD1e3Y0+F HORdtVtl3B5SWv3LqRaZUg4XIixdGM+XwbO8vyLoURMmsy8dIr4mo++XC9Freohh fUDz5RKfkK1s/Bu/9TdJwLTtyPZ33r0bO4mJFzNxleAC2D3prKkf0k2ByYqzKY3V gUuHc6OtKgbgcX2gaHESYxgC0iVlOO7ll+txdAa6+BE6QV46NNaeX0CPyKPwgz4E pd21Z10844YAF3GhXSydumDXuCaRVwxB9BLHqHm90dING7UbZhKzF8BcIjVQsksL ccAD8mWP9MBG3aCywE4rapjPZm3xH+4dv/Vw1FWkeyneTY/nOrgjTtyjiIO8oVSM 30vCtBUFF7GZZKdmfQ37KSgcgt6TmX6U9cI7lyl/y22xoJHgsB40vRpGHBiWXxP7 2s2X1lnjSxT0Vv600rcoWT/YKnBfvlzf91thmS48kQ+msFYVOnDa8JUS2NgZuyN5 tejdY8YGcFoL3PzgL6ryoDFovW3L6lm2CxUnkmEmzLVQdjSr2iJTBJ2DyW5MOOQ+ X3yIh6fNm4epRPiA+sEnknx0ENRKtO+Cws9pWWU6oIahcZO1mokXAe4xXJtjH533 tWHtZRw7mS5olUxmq6YbAAIrkc1Wkubl73T+Qppr5i6bU6zxEo7MGglfr/aB3z81 KN6tX8ECWG4/IAM9fL7jsn4+CKkSW+JbtK9hFubv0IU7zBg4uyLGjggddvSnxMCA fcOQYntZaXLmExvuG0W/SLhiG5j9Grxp1ESsloVdQ4o2xOzsW8bRNq6MNss0lFZz R/AxVLrepd5uW4wF/wpIYjhS8+72rkEx8e7P+Z7qWLWKpYtdYemoTmQxIHRt9bpX TOU7LYJ/mYljf8EPJgsqKRciADk7vhTugpMkkQdHJCdAUbgt9RvZ3RVWLMJ8XzwG p0Eyrc8bqjEqa1TD7BXY2NgEBNvSQHCa+nikW1CXhx7p26ERd3sLbgU4Upsir/Sr hUt/oRt75UHlBuiHo3hPoKD8BlVbQ3P4unFMkP4E5viJvPIlvpimfU0QbQd1CTGD LCiwzxtY5VbUTJh8Bzmsk68W9XYOoFYM86C8eQiwT+iv6SEThhlJ97ZkbIx95jOn h1HSVD4BG/VrP1sZHn4LDAoIBugbM5HpwUTVX8UvTkHbqIau4kzadGVHHfyKLw2H YfbatQCNwK/lHTMjGdwd76j+jUZ0QfBYD9e2SwhPF2qGok9gx1glZue65xEC8XM2 hvpBysW+9HrKwp+/SvJc7974MKCcFs76A+Q93/AnXq0lKcYZeDJtBJfjkbqCuvbP dTYlFvjuVh2TudqGzxeP9g== B.3.24. S/MIME encrypted and signed reply over a complex message, Injected Headers with hcp_strong (+ Legacy Display) This is a encrypted and signed S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/ alternative message with an inline image/png attachment. It uses the Injected Headers header protection scheme with the hcp_strong Header Confidentiality Policy with a "Legacy Display" part. It has the following structure: Gillmor, et al. Expires 27 January 2022 [Page 157] Internet-Draft Header Protection S/MIME July 2021 └─╴application/pkcs7-mime [smime.p7m] 10445 bytes ↧ (decrypts to) └─╴application/pkcs7-mime [smime.p7m] 6712 bytes ⇩ (unwraps to) └┬╴multipart/mixed 2269 bytes ├─╴text/plain 64 bytes └┬╴multipart/mixed 1608 bytes ├┬╴multipart/alternative 1202 bytes │├─╴text/plain 427 bytes │└─╴text/html 508 bytes └─╴image/png inline 236 bytes Its contents are: Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data" Subject: [...] Message-ID: From: Alice To: Bob Date: Sat, 20 Feb 2021 12:19:02 -0500 MIIeHAYJKoZIhvcNAQcDoIIeDTCCHgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 Boq0MA0GCSqGSIb3DQEBAQUABIIBAA0KmSPng+cWNJVCbPBeSpZbXks3myShz3E0 bUW2BwUhb1U0UxNgcFJyvDABOeYHXa6U3BHuJC6DwqwlEsFCpsCQuZqrBbsk6PgV VRKAltBb8K2+qArXTlSYg14dOhhZy/qBAJmyf6JBkzrTcNmndsZe04WK11b8BfJY OR/YT4FczqIXRt1WyqubDsG0WEJk5GnOqqj1nQkVXxHE6EQKPVPvYvEnW8sy+aju /x5WsXtiJkZvuVuN5UKoFv0vMsS8MjmHSmeJquJLDgpxzHZA06E9X1+MjCqxorQa BDiXq9fr1BVfcV1zmP0jCnEa3zW6F9lCmjdFHdTUd7qtGFdZhqIwggGEAgEAMGww VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAAfHEHAfy9YX7TEVdvY8simkh Bei9XOrSiZXM4BL69LYDtuWUSahVtQo3mFwtvfqavK5uxP+sIPoevoj75M0cqJML lzDsCqECiKY0uEVbXm9hKIBigOFT7hxnEETs3V+RmEoAz5mdL49NJcYyWU4Z++6K 9B/WKLDAk1Bdfg8PWR7mi7W8q78Y387vn3CXsrqH+LlLDJjqT2xoNMYKtWtwjYQ7 em70YgIA/R0695lQbowkAY8Rov42cxWUmVeUicU3MmiNOoiBA8EM+1l05kUvI3H3 tA81AH7lFXuTX2rHrVclfKSLrHjF9VYx06iy93/DG16JnLHv0NpCTu3+avrGuTCC Gu4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEK60EiMA0EoglYVOjIJ5jUiAghrA Neb6sKO176aT5ELOauda/XWYUZvn9qoGG9dp6SAaJiS2O8zmEgyZyPhdoSIs7wRx d/pP/iNoITUD6tcWewEY1ZoBF8+Ozcinaf3jthQLlrnVf7XOolWTDK/pRjUoFSyV KFPx9u1qcWxCs8vlcL1CNR74nySEM4sre3ZxaZrkxA0lLDQKjiOVfWkGLTWJpqNw 3NuUZel3dCNXZqrLAuGedX3guNXYP/RtAL23lCU5oFSwsc01fsKt73oK+Pvvj7+F iRiCPx+9P+1jQPf2cFnpKZObeF5EVMPGf2HwptXnalLVAPzlKX38Hedy4LENKz0i nnNm06i5jkCv57B1PaamC1zrCBnAfrT1M3E6MPiC6yRNyPLMAjuyHQfFnF4wJHCQ HbkDGEzY6U2hwIgD2DJxGQOGpV4hLj3AX8PXC7PI98XoOLU4BTES+zaCvxCJYWG2 Gillmor, et al. Expires 27 January 2022 [Page 158] Internet-Draft Header Protection S/MIME July 2021 +KlzCtDp47xrUYpWMl1i4LVRqKItfyz+oQmShiRr/Ie/0eU1fG04l42IP2kpsB7A /jPsqvZUHBlooQnAvpjZocWdQYSznsVCOpu76grXUsaIsb4NAkdYcrDgNwbY6ZdM QmqfKU7JWfzXUQn5R8CMC8LNlqAPv4A0q/PecHvPIxjTood0oGAWTYGYmLDSMma/ sGlrxv767FD8qnwMDNkOedgsP3U0Z+qjvHHg3iVI/kDH5x4WmnUfzpFZgaTu2GBT WZJVR3D4reM+7ppqKHL5f7rIlzabUIHbG9Y+VN5UsfO3VVdeMzioix45v5u5C5eQ Y6Ce0doonm7JZMn2rpf6VEANXzHBixgjyY9ZgIQXn5sibRV4vD/qqvkKQsdm99qt 2kXjKb64W0TpPq5mGsouHLrZwLa8uoeJQ10Y8oxmRWcgp66Qp480G2FOeV6J05Ic e/6zvsTVIE1/Vjwr4LkKBmh1rxsP0ExTQxCvHsj07qpV50oj5Wn7eaEWUOAXXKWe OnpVzB425SxlBSgKhv5Jyfy5+NeLlDUWnm671iCJzKy7rTV9xy3fG3b6u1QzLyFs 2/Y63S4StzziJbBEF8W9m9z8TQ0cYX90mSAn9922ZbogHzQNKy7glkGcB2htQPjF BOKIOFavJqP8GMUByyte2qo9FOve2gt1hNHiT7cIAGjm6/i5Ax4gM/GxoLxkK3Em WisjwDbLvUrlYtUJAGZfwC8dsd6i3EWlNkqb4OAlGrl8qa4FsRLuTxU+t7XyAHdl qNYE8OusIf391hL3HVJDmF6AgT4fy0NnST1FRcBf5Y6uO8ZIQblSFAVTTm8E2Geq vFDzVCIb6OGrlnmhWv0W20FEGBjTFxt3HZBF40E7plESAUbEEzH3IXOdJeqVtOFl uSULf6DTzFDI8ulhLLnkhad+XSkNZtAj585s8VwQELTIlNGbuFLvY6eU4irsQ/sW 3h20gqVsP0m9taF8h8xQ82Cam+Ok9OMPEt0YkZlGOed4x86lG6jraQw6N07qwmhS C5n0jDaSAIFlpr0CmBTpgbS3fkt0+ZBO5VKrywl3KM2tUwKTyDovrkxl2WhjK+Mj Xji9A7IXzVnn9H3eMcPAewYSbsuflUEpV5Kq9vZhriFMZUeVPDaw+PtD9hBOKckT l6g0Zo+XYqeJSzTCVheYp5LCqQOKS93ptpeElKP7M8M6QXvknxcLXWWqrB8aE2q+ DJqXUdLPUJP0c+H3OFsyV5dLbuJRvVa7cUvH+IY/iwtGwDG44/ZkAveXFDu9rfKT YALvpdmGMTWmW03m7f6uxy3condgOdDLlkTzQ2wZu/cdkm+580kL26KmftTVtwCZ dqy3nYiw9R/kin8uTj4TrEecIO4l5pcWQ2yfMPVhUHCfrn9JV7eLcvxSaVwl9y12 DKCNXw4FGiPo+6w0dTIT2axXZDHkxRzmFebYD1hr1UbOCW7CfJdkWjsPyDLkw5MP Y1bvtlWAzackfQu417Jng3WgDofQtQibOYxr1wfPnzTfkyp5iggYcIarm4xYqoDg +oheuV6feQWDNqq36dB4DKfVgGtUYTxXjBSwdedgzBW7AuwiZSfH7wa/+iphdksJ P97BGRPrRoN0zmtDcQFuI91do92A8PnB7+7DNvheFaxCHkEFsPpMX8zON3P7kSQQ HvLcbcJBtHlRHGIaRSWYqZujLFE5Ot1COoncNRdGT0rFi1GFGtA9m9sNtfIAecSU d/WySb/wCvrewbdxuMh0/j0MVhdv+ip6ev4bDIm52wTxCb80yww7REwtVdSoCaUi KDDD+XD49n2pxsa2TTqT+trxobt1JcqsYuBQFb96ygeRkaq/P47NZZ8i6WL9RlkZ Z6tD5xrNLOOsw2S624UEvnZ1B+tjS6/js1N4RWRlJqxQ9FH3LhlmPpRj8IvhCdVm XM2vh+987iIx6CCkRaVR8YkkpBHTON5DbW48x5NWlynBMQ9eZoPrxTtCG+uHuGz2 x7VSdnA5jIqDZEukm6WIvW9eGBfoGwMkhOGvsCnyKOG408mH3QQIea6WFw4SDz2K uMnNjCDZ9q+w3j9ZFExd55p9UCX4Eak9rHH/xgHfSRdrsC2bT7cfu7lpJhRrzxdj rALLXtPkx9hTlVdoRM/ys6uJU2WsnosnJvyxH95LAQSO2QgBA8AxVoxW0LQWULzr gOIbUGjhkTdYI8GkBQiKq+dHpeU/ktG//FhffRirsXdVgdgH0l1q/PJFx5JUOZhN eHK/wmtr4NyQtvMujRSIyOPcUzLBAixiyFC3XbZEBjRr5xVOK/Pj/EnS32iKEV3H VsNr0C2hJmQpp/LszAXttAHBhZHy6UrXAgvYavUuEEGvFTNgk8m01kiDd9HXDJ2E vLXcmeE7O/Hv0Ydafv4lzY9xcWR7juMCEmeBOMuHkItOjccPgex2JdQpKE40x+Fr DrXezIhXUpuZyUyx+JLfkIX/pJpIMPFai/rbbmNGSxtNOQd/AijcHr1ETwk1qAYY CyoG+GGEr/qWYgXl+bhiVIECK/ZVxutzCj8PyqBuhpvMFuWLRRf6mgwoih9dgl1T CFUAM64zn2DU6bnRFEc9Yiap/Dj/cS+rkH+YP7gq3j9VfXxdXaap+cdLVR4tiP25 cwN3SOy9VJznWNgeL8ZwFr82KXzPvyzxQ0pdr3YhrBm7OBEWbyNJICdicKiNI9my CSmg4VxkVX3faQ96e2ywYzO6th6ZlSl6/bR40AEQyxA9Cf1UpfkzzL17E1TF+l8b t1fZvJZVAbr12cFJAJ8nmXp0hV4NPU9TgdzhiX+7U+SyD6/t3r9l3x82Zf2k1XKA 6OWk4WBgVFfvVlQeo5rViAd3yCp6SHZTTA8PbYaYEvNptCYAJm/9Zu16j2IS52sS 7dzQmgkrfKA9hr48zl24wOo0D96iQXbCNwgOSTwBMWJxNhLnPmapMKFBUsaWiTZx zWW4D1TYBFJafcMCkO49O7I8CsN8EA98BY4chjTwYBVG/BrUnGGy8w/lSMW2dtKM f88mSkaVK7hzfWTXYL/ZH3gSGMuttb/8FFsqG3ctvR4aFc55L4P9cYZy19tSiwAu Gillmor, et al. Expires 27 January 2022 [Page 159] Internet-Draft Header Protection S/MIME July 2021 +28tBzN5cwaMTtFyBjPAzcM3hPidF2eGNd/td7jcs4UkfjLw5c3Fhrys+EbFMFGB SGqg0YV1DClFzVOmuCh0Z/ZBigcuCMA9p7y7UuQwQVi452xhykMQZIbj6QWrmOQ3 wxESQYQomiLon/oOf5KWGCF3CgdG5J4ic80U9WwWxUj/w4d2zXzbON7HGOOuLoTA NjbeOPROIXibe37kknekXgH4NZZyhQytOpWbGt423IzF5HYs00nqgUg3xnvAmmBj nkm7GMIFUHATKTnTckmmbB/Aoyucwq1fE5vvzrNABTma8tHIQvl4gT0ku6AETU2T AqnB25ejz3T1ZoMUshTubcoIOv4dAbyBNPOCUiwOi9O1wyoTt33gy8Iyet0fkYS/ C6641TjHg6sxPym4tBgi9J3p6vgp1ULPINlv7YMXljvaCG5fJxG4wouP4evt3zwD w5ArhYyafGCsBewemFNM2nsnl86lW0HoumNUsnrs2Llu0/qb0qEkDICELYyZuj4y 6d3cRXv/5C2Gxl1cf4LRhiR7hRtZKFsmd7y2QgsdBrxqxy5n/SDzmT+gGPUp5/hN c17wo0l+rdHBDT2p3L7zxepCpyjCvMYOXwwmki7y0Fpo03gp79BBGzo7eZQkWm9e wuxjFsPsZRl4x6ZLu9xSrohGDjB3rdd0g9A1Kqx6tlmzdg98msxQVdYZbt/lDl6f xbxWiBvIOgI4/tFSmduKhw7tuyrgge053c+KO7XdfVH/1LC84IGQOEjpFGLU4SLf BIUp1EZ6l8EdOTKQOkOT8zwi0yVlPELBsy48UxCT0h3Vd02YPIlkaJFnniCyjJx5 CcH/sLjaotbKc072lfoPtP4XbMnLO08XD8aUjxpg1qam29fAEZwvOlv01wVVD4J8 nMFKyEbtYV9MtyuXVAKr4Ixw2ns8dMJXmOkfqFWlfJdsABfdd4wtxBQbPSN2R36F yYMvPSBUbsfLJkn1klRQbhR1YUSMUjJUEY47e0b8MFUbdHwjUG33Rln0hucvGrhk 7drbe/YvjRkSGggUdIm3oqnliJApDBc/T5E7B4zYdKGKI+KV5LB/xfFI91628AF0 UAmPjZNmUT70/YdS7HltLuUJi9QVuvZ0K0sVhsDsnlXG0ZmZ5lqQJW1d4/441QKo XBlZBzp9BxTZdbOxggV/ikBGjscrhG/H+i91g67HzYsb4Ag43WEyNGQtSAhQUraM BQ6Wc8PoHDDPdydtKA0saujL8+WUUczhtliH00s7vi8He0Hop3g/vnufZYjY2Lzr A7uCjBiFwMjKKYQ0D0uECwEoLfp0wn1Jsbrl86dmu2ekckIbdng+G+FUwE2mrMf2 zfk83YEV2K9bPdHhwvzmHhP+DKzdj5MpMKIbIcMux5jPTS7gfBt0qbxm98+LxKx+ 6oYK0lNTSnPiVW2uaZruebLBk1FTt8WLq9qjYPvxxfdnsGMSxp8CcmWtZxvWbRtC ZlyHuN+2E6ZYzJLh4Vpz7FFw5J04KziWN0edvB7AOc8BJylnp77m0aAWEcPMCifB wObiwHIIE+UtuSFCb09HdDLXCrc/eojjgUEZ90kibxPAYF/jraiFhAnOKcpunphn Xj6Xgjp5gHYvaF9xMHOON+t9v8E+MBbEiW4mNOQhbH0xAKZ8VbjJdIE5m8yDgOtQ O6WZLtMZ3yr00ygVK4MFTZW+IHTiuMk+covoZdssEFAauj6+YUyzs1OwdnrwQuv/ 0o2L3LDyfqLmdpjPxaVWtfWjmRkHFxv1/H8Q4CaMxdOVOhh+qn+pvPsA0itAQ40/ 8Gq4CIss7IEN5fZNl1t0z++2xXXAh0VZVkSJv/PKySfiAog/Iy/jmOAzpH2DlVSC rtnRcbGOqzlFpsTcfdXieZxGbla5xgfknpCy2af/AUByF0Q6TDS90dEo0WD3xrDz F8qcvGXe6rPkO5dHj6HYe5P4vwZgPLrI/OGcNU9ArnNSWX2Ge1oqWkmz3sFaM+jo Em7hj82lgzGSBP9lE9AND7y/3WDyRq3TlnGq/hr7hcKW0sxq5icIRXGFcHS3KHM/ 35gTQ443YWCTkuy1pfZdSAe9Ezki/EWB35SaV/4SaPWZVUFa0GxXYwV2m1mmaBvJ rMsnwkQuNoDy/5ccMqPmjUMl248Zs9VCNObO36wLYgLNFCp05cnmcl2LRp8pid6W h4ChWXdwYOM542N8pxG6kHT9thPblSXkSIDUpkiNMePJS8S88zl6W+D31QAZyVll xTXiQJkQ8yIoTPdeIcx/7h7l3KaiThewRFXd/D4BoU5g2maPl8ecBpkdMWPkWuqd R78AhYCzcME1VBCx+PB94born54di/MNHY5i8RsvnMndj14DAkzvcCr4E1jvy6fH ajQLpkY3N22z+iiE7O6FChU5pk3qCtTRJqEzJKqHd4b7/UtqE2zrScRxCw582PLY kggH7GX5n2h2f6ARwtGj52GtFiy4HjPLmvx04V/W2wskHLP3uO0ePMLQKvgFipNV tIXvBdyYnYOJLzDtC00WPcYXhO+lakXTl1MkFqzTVSFf+0UfnrDLnPiEp8mSUr7M yg+fIrBeUVfFb2O+UES2MqTGcl+nXBbtNsTBQnf46xUN+3afRd5EAWCpeGtDSWRt Fa6SH9kOoF6QGSJIIW5NEdyumD199LDOFkw6Sp4ciXZBFEo/diep6mcJQX6AWJEU aqX32sSgxXFUrLkkcXxehnrvDsVvw5f8s0ehZnR0IooVdRC6owzXPHQKlww7UrO1 foWba1f8kfUmAOo6/ghDcTTzQWPcUqvMC/QBvLn9RSHNN6qqJB6hSrjj8zpmT9K2 LVs10Eo3BOfZn3/rsDyBY4xZZxSsjZlCd6QVi8rJnnf5AJUi18qSIquSeMvKDp1d NMRbeyC/8F0yuh3QllV5Wtk+FV2lUnieHxaLhvy7H6wCfJdLRw3hUj8SLwclvcpO z6mHIFpjRSZIWprxyx4A+sSWVSlIKKGMySYv7xClj6PkQwZHBOkESithtm4SnIHe fYzUylqgQc5k+11Sp6sF/uK/S96wTIc2IffqQBZ3qaoxY944nJL4PnzqU7dQd2Js Gillmor, et al. Expires 27 January 2022 [Page 160] Internet-Draft Header Protection S/MIME July 2021 gP1KqLZlaYgh6fhaV6dmS0NmdsUc4kRUYodbKS2rhexD9c8mpXYbE/P3/wa0tWHc PJw/UNgw2oDpbWEQNIWmXPyD8nCIvSTQ3BzXbY7zfmbPRRCd0UdHWQ47RP66ImSN ZzA6exAJfR9zyjOYznT6hqfAscsRtYZNyGjAJkUtj3ckNZkDWzlrBnBwMuvLtrr/ o+eeK+/zD8PF6DGD3iokIerhLIDZMMEf/OW49DlcD7yu3MV2qTFBudL1Ng/uVBjT pM0UEGqLkIBh+TP1FAa/fq1mNeV0NEdUieJIvXd+FMgoO/tRK7iBuIc6FuhpSMmX zuaA4ctZ3gyP67Asx9q7xUGwZpmjrzD4FRCZeen8NjlS9dYEdUjJ3v8G/kqBQQfc 4mdSD7u+AuH2Y4WnjJfifJm8NycnjB86kLo5/sbuiqipsvLKmyM0cEDd8SbcPA7r GBDsSHt8vC2l8HZHWamIjAxfAb+ggL/RuFoaLNggI738SMBlekZH+dDnLobylpQH d2t3VEVqGNuubLagBuad5Xth6N2AJHafnYps79at7rlPH7fl3gf1Vfjrabjv7tAt D6uvYJkyg5wdPULGiFZ0Dtql7YRqWujy7AL3fmedeRgukrbsDugA/1r95pNe83JI wTiWFj5IVWreCwXhXqPvFynoXqy38Yca+5T+SoXPFmKq178AmIqC0+118L1Jz0GE Wh0NC8aQbSsIsDHP5IzVogNOTTtI5/yprHG90z6nuAsLLBWcr6eYfL9/2MuNlPHs pUg8MOQuoZRYzvD1RJJd+tY8z+Df4eOSHEptbNmrGgACJaLh88hteJRDmQMP/ep1 bun7lkK10P3IsadldT7ryEGfV0ZXDLJ9wHf7lQI+kDxZTynmmUgr8AldFDbzOg2K /APDjgoK/pErH1d3CQBPniDIRERs0aLK8XjtNB8MtnTVY08QlHiXvDqjmtg01nMs C84nqFSDaPvJ0eUv6dbPPQNwnU9uSdLgIB3ZUrLXR1CGGs2OtR10DnwkvbOQr95I JTIJfuYp8IGKQvd+F8tXCFDiGQgCw04WTTJfdc4lrc0FDcam7wjYOftu3XhSRYKf R1bb1wQQWBxW6eB56/f25/cz91PGpZsWFgPub/Yc1TxZ5oxlxjdiBW1iqT3NidQd w7iGIDx+kwd7UGWdIETluUBZMHsPUXXBtrKurqiuH7hQEjAk29sHpk1JQI4J/ZkN l1ZSfk4yHwwqt4RzTH8S+umZYtEONKOWoDflx2Xk7m2G1eghOzGYknu1sOMqwMWC 7zHrKben8nWLAnSxYuWePm9pS0EeXtwCE9oUPcGwoKTq0ubzYpZry884J8uw+e+9 D9SxrAd4BLjEcQW8gVJhPNnvfdx1iSRwyIk6f+Qy3WQ3d0nF7wwQoRFNpUi+MpSc 2RMLciHhcroQ0NG71XG7xE+c4o5TQOGXb8leAaGH7G3fEILGOaVnxfYMcumL2xk7 kfToo/Ubqfgv1weZMzJUZxv2X+HkDBwWGydj75Tq7lVlN+Y2dwtjf9HmrOrTfWZg z+jgF+1ufbrGhmsuoP+Zy7nqifF1G6KgABs+9TXWg4rZWxGb6/SJRYu49C5F8EDD P4JNm+1ntLqBaRZqbLXQ2zua+nrG0/Ja/JEjdQfRYxQ0t7x5W2PMJvxLFmtCL+AS n2Qs0AXcgQbnYRI5KYVKkzJ8PBIP7TegmMhgi+nY9w1KNMbmAiEiYcIgqJ9NUaL2 by6eQGK/ELXUcA1pAbEYiGnN/uH9ttINrhiOz0Gd8D6MajMmwNqrbERxHYlxkGKf j1i76puXo7lTTCak82jvkbTq+T18OLigbyaTLhTBC7nqeN/3BcvJEOzjaGGRuRGA 9zMXWyB7H03entzGRmSGNexkR94G8b1UbAQN3GRcXRT3hTvd48ksocIeDNYx3HDl 44t6pExdRBR0YPp+kVXSrph4vdOKYLdh6y019dPy0vw4m5NrDd4uNtUOkWtGMhn2 wE71YSl3b5vy7wOQaP9Jgps64bhf3iRAr1gSAkoT0rFW0fDJR7VV5rwSRaB/re7y dS8ddUx/0qIE+/iddSWKkPZIIDWiCQrcUxQqOjS5fxDnzoaaqll0umEDR1zy9KdX 5UyWiNctfexihp8WuPGsO5WoqdaVUUHLBaa3ZzIEgbVmXW/OCReAxjIwZpsOUHWI PilkacVmrYOp2Msg1Wqw74MekZZxf/v9oAP1kFkA12psIw5fnYXKiejtsrxOvXdI 0Uc55ruTMaMI/SqihEwu6CRjjSDCr6xaFMlKhsE/xAKiJZH0u80QaTm5yT42Cd47 2n6rCBQmKBoJBKELW+YzoN7v0Kcf1gogx8OXcA0UzZLx9/JLfaxlfUKt8dx8kPzZ UkEdz448mE/V90sUVHGPV1rSOZGSaxe+OKchRRUpYM12xcvldvbDxynLfRI6OUYQ OC2cH0uJ4wCTCqlRKVvlpZBYRGmQZzfgtZNuFPXkGMfgJ/nMtKasqPNdqTglFubI jyUq8xdFzYuIeydv7m6Tf2jBawV8zHbQ/2ZkLl8WUPU= Appendix C. Additional information C.1. Stored Variants of Messages with Bcc Messages containing at least one recipient address in the Bcc header field may appear in up to three different variants: Gillmor, et al. Expires 27 January 2022 [Page 161] Internet-Draft Header Protection S/MIME July 2021 1. The Message for the recipient addresses listed in To or Cc header fields, which must not include the Bcc header field neither for signature calculation nor for encryption. 2. The Message(s) sent to the recipient addresses in the Bcc header field, which depends on the implementation: a) One Message for each recipient in the Bcc header field separately, with a Bcc header field containing only the address of the recipient it is sent to. b) The same Message for each recipient in the Bcc header field with a Bcc header field containing an indication such as "Undisclosed recipients", but no addresses. c) The same Message for each recipient in the Bcc header field which does not include a Bcc header field (this Message is identical to 1. / cf. above). 3. The Message stored in the 'Sent'-Folder of the sender, which usually contains the Bcc unchanged from the original Message, i.e., with all recipient addresses. The most privacy preserving method of the alternatives (2a, 2b, and 2c) is to standardize 2a, as in the other cases (2b and 2c), information about hidden recipients is revealed via keys. In any case, the Message has to be cloned and adjusted depending on the recipient. Appendix D. Text Moved from Above Note: Per an explicit request by the chair of the LAMPS WG to only present one option for the specification, the following text has been stripped from the main body of the draft. It is preserved in an Appendix for the time being and may be moved back to the main body or deleted, depending on the decision of the LAMPS WG. D.1. MIME Format Currently there are two options in discussion: 1. The option according to the current S/MIME specification (cf. [RFC8551]) 2. An alternative option that is based on the former "memory hole" approach (cf. [I-D.autocrypt-lamps-protected-headers]) Gillmor, et al. Expires 27 January 2022 [Page 162] Internet-Draft Header Protection S/MIME July 2021 D.1.1. S/MIME Specification Note: This is currently described in the main part of this document. D.1.1.1. Alternative Option Autocrypt "Protected Headers" (Ex-"Memory Hole") An alternative option (based on the former autocrypt "Memory Hole" approach) to be considered, is described in [I-D.autocrypt-lamps-protected-headers]. Unlike the option described in Appendix D.1.1, this option does not use a "message/RFC822" wrapper to unambiguously delimit the Inner Message. Before choosing this option, the following two issues must be assessed to ensure no interoperability issues result from it: 1. How current MIME parser implementations treat non-MIME Header Fields, which are not part of the outermost MIME entity and not part of a Message wrapped into a MIME entity of media type "message/rfc822", and how such Messages are rendered to the user. [I-D.autocrypt-lamps-protected-headers] provides some examples for testing this. 2. MIME-conformance, i.e. whether or not this option is (fully) MIME-conformant [RFC2045] ff., in particular also Section 5.1. of [RFC2046] on "Multipart Media Type). In the following an excerpt of paragraphs that may be relevant in this context: The only header fields that have defined meaning for body parts are those the names of which begin with "Content-". All other header fields may be ignored in body parts. Although they should generally be retained if at all possible, they may be discarded by gateways if necessary. Such other fields are permitted to appear in body parts but must not be depended on. "X-" fields may be created for experimental or private purposes, with the recognition that the information they contain may be lost at some gateways. Gillmor, et al. Expires 27 January 2022 [Page 163] Internet-Draft Header Protection S/MIME July 2021 NOTE: The distinction between an RFC 822 Message and a body part is subtle, but important. A gateway between Internet and X.400 mail, for example, must be able to tell the difference between a body part that contains an image and a body part that contains an encapsulated Message, the body of which is a JPEG image. In order to represent the latter, the body part must have "Content-Type: message/rfc822", and its body (after the blank line) must be the encapsulated Message, with its own "Content-Type: image/jpeg" header field. The use of similar syntax facilitates the conversion of Messages to body parts, and vice versa, but the distinction between the two must be understood by implementors. (For the special case in which parts actually are Messages, a "digest" subtype is also defined.) The MIME structure of an Email Message looks as follows: The following example demonstrates how an Original Message might be protected, i.e., the Original Message is contained as Inner Message in the Protected Body of an Outer Message. It illustrates the first Body part (of the Outer Message) as a "multipart/signed" (application/pkcs7-signature) media type: Lines are prepended as follows: * "O: " Outer Message Header Section * "I: " Message Header Section Gillmor, et al. Expires 27 January 2022 [Page 164] Internet-Draft Header Protection S/MIME July 2021 O: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time) O: Message-ID: O: Subject: Meeting at my place O: From: "Alexey Melnikov" O: MIME-Version: 1.0 O: Content-Type: multipart/signed; charset=us-ascii; micalg=sha1; O: protocol="application/pkcs7-signature"; O: boundary=boundary-AM This is a multipart message in MIME format. --boundary-AM I: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time) I: From: "Alexey Melnikov" I: Message-ID: I: MIME-Version: 1.0 I: MMHS-Primary-Precedence: 3 I: Subject: Meeting at my place I: To: somebody@example.net I: X-Mailer: Isode Harrier Web Server I: Content-Type: text/plain; charset=us-ascii This is an important message that I don't want to be modified. --boundary-AM Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature [[base-64 encoded signature]] --boundary-AM-- The Outer Message Header Section is unprotected, while the remainder (Outer Message Body) is protected. The Outer Message Body consists of the Inner Message (Header Section and Body). The Inner Message Header Section is the same as (or a subset of) the Original Message Header Section. The Inner Message Body is the same as the Original Message Body. The Original Message itself may contain any MIME structure. D.1.2. Sending Side To ease explanation, the following describes the case where an Original (message/rfc822) Message to be protected is present. If this is not the case, Original Message means the (virtual) Message that would be constructed for sending it as unprotected email. Gillmor, et al. Expires 27 January 2022 [Page 165] Internet-Draft Header Protection S/MIME July 2021 D.1.2.1. Inner Message Header Fields It is RECOMMENDED that the Inner Message contains all Header Fields of the Original Message with the exception of the following Header Field, which MUST NOT be included within the Inner Message nor within any other protected part of the Message: * Bcc [[ TODO: Bcc handling needs to be further specified (see also Appendix C.1). Certain MUAs cannot properly decrypt Messages with Bcc recipients. ]] D.1.2.2. Wrapper The wrapper is a simple MIME Header Section followed by an empty line preceding the Inner Message (inside the Outer Message Body). The media type of the wrapper MUST be "message/RFC822" and MUST contain the Content-Type header field parameter "forwarded=no" as defined in [I-D.melnikov-iana-reg-forwarded]. The wrapper unambiguously delimits the Inner Message from the rest of the Message. D.1.2.3. Cryptographic Layers / Envelope [[ TODO: Basically refer to S/MIME standards ]] D.1.2.4. Sending Side Message Processing For a protected Message the following steps are applied before a Message is handed over to the Submission Entity: D.1.2.4.1. Step 1: Decide on Protection Level and Information Disclosure The implementation which applies protection to a Message must decide: * Which Protection Level (signature and/or encryption) shall be applied to the Message? This depends on user request and/or local policy as well as availability of cryptographic keys. * Which Header Fields of the Original Message shall be part of the Outer Message Header Section? This typically depends on local policy. By default, the Essential Header Fields are part of the Outer Message Header Section; cf. Appendix D.1.2.5. Gillmor, et al. Expires 27 January 2022 [Page 166] Internet-Draft Header Protection S/MIME July 2021 * Which of these Header Fields are to be obfuscated? This depends on local policy and/or specific Privacy requirements of the user. By default only the Subject Header Field is obfuscated; cf. Appendix D.1.2.5. D.1.2.4.2. Step 2: Compose the Outer Message Header Section Depending on the decision in Appendix D.1.2.4.1, the implementation shall compose the Outer Message Header Section. (Note that this also includes the necessary MIME Header Section part for the following protection layer.) Outer Header Fields that are not obfuscated should contain the same values as in the Original Message (except for MIME Header Section part, which depends on the Protection Level selected in Appendix D.1.2.4.1). D.1.2.4.3. Step 3: Apply Protection to the Original Message Depending on the Protection Level selected in Appendix D.1.2.4.1, the implementation applies signature and/or encryption to the Original Message, including the wrapper (as per [RFC8551]), and sets the resulting package as the Outer Message Body. The resulting (Outer) Message is then typically handed over to the Submission Entity. [[ TODO: Example ]] D.1.2.5. Outer Message Header Fields D.1.2.5.1. Encrypted Messages To maximize Privacy, it is strongly RECOMMENDED to follow the principle of Data Minimization (cf. Section 2.1). However, the Outer Message Header Section SHOULD contain the Essential Header Fields and, in addition, MUST contain the Header Fields of the MIME Header Section part to describe Cryptographic Layer of the protected MIME subtree as per [RFC8551]. The following Header Fields are defined as the Essential Header Fields: * From * To (if present in the Original Message) Gillmor, et al. Expires 27 January 2022 [Page 167] Internet-Draft Header Protection S/MIME July 2021 * Cc (if present in the Original Message) * Bcc (if present in the Original Message, see also Appendix C.1) * Date * Message-ID * Subject Further processing by the Submission Entity normally depends on part of these Header Fields, e.g. From and Date HFs are required by [RFC5322]. Furthermore, not including certain Header Fields may trigger spam detection to flag the Message, and/or lead to user experience (UX) issues. For further Data Minimization, the value of the Subject Header Field SHOULD be obfuscated as follows: * Subject: [...] and it is RECOMMENDED to replace the Message-ID by a new randomly generated Message-ID. In addition, the value of other Essential Header Fields MAY be obfuscated. Non-Essential Header Fields SHOULD be omitted from the Outer Message Header Section where possible. If Non-essential Header Fields are included in the Outer Message Header Section, those MAY be obfuscated too. Header Fields that are not obfuscated should contain the same values as in the Original Message. If an implementation obfuscates the From, To, and/or Cc Header Fields, it may need to provide access to the clear text content of these Header Fields to the Submission Entity for processing purposes. This is particularly relevant, if proprietary Submission Entities are used. Obfuscation of Header Fields may adversely impact spam filtering. (A use case for obfuscation of all Outer Message Header Fields is routing email through the use of onion routing or mix networks, e.g. [pEp.mixnet].) Gillmor, et al. Expires 27 January 2022 [Page 168] Internet-Draft Header Protection S/MIME July 2021 The MIME Header Section part is the collection of MIME Header Fields describing the following MIME structure as defined in [RFC2045]. A MIME Header Section part typically includes the following Header Fields: * Content-Type * Content-Transfer-Encoding * Content-Disposition The following example shows the MIME Header Section part of an S/MIME signed Message (using application/pkcs7-mime with SignedData): MIME-Version: 1.0 Content-Type: application/pkcs7-mime; smime-type=signed-data; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m Depending on the scenario, further Header Fields MAY be exposed in the Outer Message Header Section, which is NOT RECOMMENDED unless justified. Such Header Fields may include e.g.: * References * Reply-To * In-Reply-To D.1.2.5.2. Unencrypted Messages The Outer Message Header Section of unencrypted Messages SHOULD contain at least the Essential Header Fields and, in addition, MUST contain the Header Fields of the MIME Header Section part to describe Cryptographic Layer of the protected MIME subtree as per [RFC8551]. It may contain further Header Fields, in particular those also present in the Inner Message Header Section. Appendix E. Document Considerations [[ RFC Editor: This section is to be removed before publication ]] This draft is built from markdown source, and its development is tracked in a git repository (https://gitlab.com/dkg/lamps-header- protection). Gillmor, et al. Expires 27 January 2022 [Page 169] Internet-Draft Header Protection S/MIME July 2021 While minor editorial suggestions and nit-picks can be made as merge requests (https://gitlab.com/dkg/lamps-header-protection), please direct all substantive discussion to the LAMPS mailing list (https://www.ietf.org/mailman/listinfo/spasm) at "spasm@ietf.org". Appendix F. Document Changelog [[ RFC Editor: This section is to be removed before publication ]] * draft-ietf-lamps-header-protection-06 - document observed problems with legacy MUAs - avoid duplicated outer Message-IDs in hcp_strong test vectors * draft-ietf-lamps-header-protection-05 - fix multipart/signed wrapped test vectors * draft-ietf-lamps-header-protection-04 - add test vectors - add "problems with Injected Messages" subsection * draft-ietf-lamps-header-protection-03 - dkg takes over from Bernie as primary author - Add Usability section - describe two distinct formats "Wrapped Message" and "Injected Headers" - Introduce Header Confidentiality Policy model - Overhaul message composition guidance - Simplify document creation workflow, move public face to gitlab * draft-ietf-lamps-header-protection-02 - editorial changes / improve language * draft-ietf-lamps-header-protection-01 - Add DKG as co-author Gillmor, et al. Expires 27 January 2022 [Page 170] Internet-Draft Header Protection S/MIME July 2021 - Partial Rewrite of Abstract and Introduction [HB/AM/DKG] - Adding definiations for Cryptographic Layer, Cryptographic Payload, and Cryptographic Envelope (reference to [I-D.dkg-lamps-e2e-mail-guidance]) [DKG] - Enhanced MITM Definition to include Machine- / Meddler-in-the- middle [HB] - Relaxed definition of Original message, which may not be of type "message/rfc822" [HB] - Move "memory hole" option to the Appendix (on request by Chair to only maintain one option in the specification) [HB] - Updated Scope of Protection Levels according to WG discussion during IETF-108 [HB] - Obfuscation recommendation only for Subject and Message-Id and distinguish between Encrypted and Unencrypted Messages [HB] - Removed (commented out) Header Field Flow Figure (it appeared to be confusing as is was) [HB] * draft-ietf-lamps-header-protection-00 - Initial version (text partially taken over from [I-D.ietf-lamps-header-protection-requirements] Appendix G. Open Issues [[ RFC Editor: This section should be empty and is to be removed before publication. ]] * Ensure "protected header" (Ex-Memory-Hole) option is (fully) compliant with the MIME standard, in particular also [RFC2046], Section 5.1. (Multipart Media Type) Appendix D.1.1.1. * Test Vectors! We can point to the relevant test vector in the main text by reference. We should also include in the test vectors an encrypted message that references another message, so we can observe the effect of the HCP on threading. * Should Outer Message Header Section (as received) be preserved for the user? (Section 4.1.4.5) Gillmor, et al. Expires 27 January 2022 [Page 171] Internet-Draft Header Protection S/MIME July 2021 * Decide on whether or not merge requirements from [I-D.ietf-lamps-header-protection-requirements] into this document. * Decide what parts of [I-D.autocrypt-lamps-protected-headers] to merge into this document. * Enhance Introduction Section 1 and Problem Statement (Section 2). * Decide on whether or not specification for more legacy HP requirements should be added to this document (Section 3.1.2). * Verify simple backward compatibility case (Receiving Side MIME- Conformant) is working; once solution is stable and update paragraphs in Section 4.1, Section 3.1.2.1 and Section 4.2.1 accordingly. * Verify ability to distinguish between Messages with Header Protection as specified in this document and legacy clients and update Section 3.1 accordingly. * Improve definitions of Protection Levels and enhance list of Protection Levels (Section 3.2, Section 4). * Privacy Considerations Section 7 * Security Considerations Section 6 Authors' Addresses Daniel Kahn Gillmor American Civil Liberties Union 125 Broad St. New York, NY, 10004 United States of America Email: dkg@fifthhorseman.net Bernie Hoeneisen pEp Foundation Oberer Graben 4 CH- CH-8400 Winterthur Switzerland Email: bernie.hoeneisen@pep.foundation URI: https://pep.foundation/ Gillmor, et al. Expires 27 January 2022 [Page 172] Internet-Draft Header Protection S/MIME July 2021 Alexey Melnikov Isode Ltd 14 Castle Mews Hampton, Middlesex TW12 2NP United Kingdom Email: alexey.melnikov@isode.com Gillmor, et al. Expires 27 January 2022 [Page 173]