draft                 Content-MD5 Header                 Apr 3


                              The Content-MD5 Header

                             Sat Apr  3 17:10:53 1993


                                 Marshall T. Rose
                           Dover Beach Consulting, Inc.
                              mrose@dbc.mtview.ca.us





                               Status of this Memo

          This document is an Internet Draft.  Internet Drafts are
          working documents of the Internet Engineering Task Force
          (IETF), its Areas, and its Working Groups.  Note that other
          groups may also distribute working documents as Internet
          Drafts.

          Internet Drafts are valid for a maximum of six months and may
          be updated, replaced, or obsoleted by other documents at any
          time.  It is inappropriate to use Internet Drafts as reference
          material or to cite them other than as a "work in progress".


                                     Abstract

          This memo specifies an optional header field, Content-MD5, for
          use with MIME-conformant messages.



















          Expires October 3, 1993                               [Page 1]





          draft                 Content-MD5 Header                 Apr 3


          1.  Introduction

          Despite all of the mechanisms MIME [1] provides to attempt to
          protect data from being damaged in the course of email
          transport, it is still desirable to have a mechanism for
          verifying that the data, once decoded, are intact.  For this
          reason, this memo defines the use of an optional header field,
          Content-MD5, which may be used as a message integrity check
          (MIC), to verify that the decoded data are the same data that
          were initially sent.

          MD5 is an algorithm for computing a 128 bit "digest" of
          arbitrary-length data, with a high degree of confidence that
          any alterations in the data will be reflected in alterations
          in the digest.  The MD5 algorithm itself is defined in [2].
          This memo specifies the application of that algorithm can be
          optionally used as an integrity check for MIME mail.

































          Expires October 3, 1993                               [Page 2]





          draft                 Content-MD5 Header                 Apr 3


          2.  Computation of the Content-MD5 Header

          The MD5 algorithm is computed on the canonical form of the
          data.  In particular, this means that the sender computes the
          MIC on the raw data, before applying any content-transfer-
          encoding, and that the receiver also computes the MIC on the
          raw data, after undoing any content-transfer-encoding.  For
          textual data, the algorithm must be computed on data in which
          the canonical form for newlines applies, that is, in which
          each newline is represented by CRLF.

          The output of the MD5 algorithm is a 128 bit digest.  When
          viewed in network byte order (big-endian order), this yields a
          sequence of 16 octets of binary data.  These 16 octets must
          then be encoded according to the base64 algorithm in order to
          obtain a value that can legally be placed in a message header
          field.  Thus, if the data in a MIME entity has an MD5 MIC that
          consists of the (unlikely) 16 octets "Check Integrity!", then
          that MIME entity's header could contain the field

               Content-MD5:  Q2hlY2sgSW50ZWdyaXR5IQ==


          3.  Use of the Content-MD5 header

          Use of the Content-MD5 field is completely optional, but its
          use is recommended wherever complete data integrity is
          desired, but Privacy-Enhanced Mail services [3] are not
          available.

          If the Content-MD5 field is present, a MIME-conformant reader
          may choose to use it to verify that the contents of a MIME
          entity have not been modified during transport.

          As discussed in Appendix B of [1], textual data is regularly
          altered in the normal delivery of mail.  Because the addition
          or deletion of trailing white space will result in a different
          digest, either the quoted-printable or base64 algorithm should
          be employed as a content-transfer-encoding when the Content-
          MD5 header is used.










          Expires October 3, 1993                               [Page 3]





          draft                 Content-MD5 Header                 Apr 3


          4.  References

          [1]  N. Borenstein, N. Freed.  MIME: Mechanisms for Specifying
               and Describing the Format of Internet Message Bodies.
               Request for Comments 1341, (June, 1992).

          [2]  R. Rivest, The MD5 Message-Digest Algorithm.  Request for
               Comments 1321, (April, 1992).

          [3]  J. Linn, Privacy Enhancement for Internet Electronic
               Mail, Part I: Message Encryption and Authentication
               Procedures.  Request for Comments 1421, (February, 1993).






































          Expires October 3, 1993                               [Page 4]





          draft                 Content-MD5 Header                 Apr 3


          Table of Contents


          1 Introduction ..........................................    2
          2 Computation of the Content-MD5 Header .................    3
          3 Use of the Content-MD5 header .........................    3
          4 References ............................................    4











































          Expires October 3, 1993                               [Page 5]