doc/rfc-ja/rfc2659-ja.rfcja

<?xml version="1.0" encoding="iso-2022-jp"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
  <!ENTITY rfc.number "2659">
  <!ENTITY ja.dereference "$B2r;2>H(B (dereference) ">
  <!ENTITY ja.escape-quote " quote ">
  <!ENTITY ja.protocol "$B%W%m%H%3%k(B">
  <!ENTITY ja.security "$B0BA4@-(B">
  <!ENTITY ja.crypt.advisory "$B8\Ld(B">
  <!ENTITY ja.crypt.cryptopts " cryptopts ">
  <!ENTITY ja.html.browser "$B%V%i%&%6!<(B">
  <!ENTITY ja.html.form " form ">
  <!ENTITY ja.html.hypertext "$BD6J8(B">
  <!ENTITY ja.network.client "$B%/%i%$%"%s%H(B">
]>
<?rfc symrefs="yes"?>
<rfc number="&rfc.number;" category="exp"
   xmlns:myns="mailto:julian.reschke@greenbytes.de?subject=rcf2629.xslt"
   xmlns:ja="http://suika.fam.cx/~wakaba/lang/rfc/translation/">
  <front>
    <title>Security Extensions For HTML</title> 
    <ja:title xml:lang="ja">HTML$B$N(B&ja.security;$B3HD%(B</ja:title>
    <author initials="E." surname="Rescorla" fullname="Eric Rescorla">
      <organization>RTFM, Inc.</organization>
      <address>
        <postal>
          <street>30 Newell Road, #16</street>
          <city>East Palo Alto</city> <region>CA</region>
          <code>94303</code>
          <country ja:show="no">US</country>
        </postal>
        <phone>(650) 328-8631</phone>
        <email>ekr@rtfm.com</email>
      </address>
    </author>
    <author initials="A." surname="Schiffman" fullname="Allan M. Schiffman">
      <organization abbrev="Terisa Systems, Inc.">SPYRUS/Terisa</organization>
      <address>
        <postal>
          <street>5303 Betsy Ross Drive</street>
          <city>Santa Clara</city> <region>CA</region>
          <code>95054</code>
          <country ja:show="no">US</country>
        </postal>
        <phone>(408) 327-1901</phone>
        <email>ams@terisa.com</email>
      </address>
    </author>
    <date month="August" year="1999" />
    <abstract>
      <t>
        <ja:pair>
        <ja:l xml:lang="en">
          This memo describes a syntax for embedding S-HTTP negotiation
          parameters in HTML documents.  S-HTTP, as described by 
          <ja:link type="rfc" number="2660" />, contains the concept of 
          negotiation headers which reflect the potential receiver of 
          a message's preferences as to which cryptographic enhancements 
          should be applied to the message. This document describes a 
          syntax for binding these negotiation parameters to HTML anchors.
        </ja:l>
        <ja:l xml:lang="ja">
          $B$3$N%a%b$O!"(B HTML $BJ8=qCf$K(B S-HTTP 
          $B@^>W%Q%i%a!<%?!<$rKd$a9~$`9=J8$r@bL@$7$^$9!#(B 
          <ja:link type="rfc" number="2660" /> $B$G@bL@$5$l$F$$$k(B
          S-HTTP $B$O!"$I$N0E9f3HD%$r%a%C%;!<%8$KE,MQ$9$k$+$N!"%a%C%;!<%8$N@x:_<u?.<T$N9%$_$rH?1G$9$k@^>WF,$N35G0$r4^$s$G$$$^$9!#$3$NJ8=q$O$3$l$i$N@^>W%Q%i%a!<%?!<$r(B
          HTML $BIE$KG{$jIU$1$k9=J8$r@bL@$7$^$9!#(B
        </ja:l>
        </ja:pair>
      </t>
    </abstract>
  </front>
<ja:front>
<author fullname="$B$o$+$P(B" ja:id="wakaba">
        <address>
        <email>w@suika.fam.cx</email>
        <uri>http://suika.fam.cx/~wakaba/</uri>
        </address>
</author>
<ja:change>
  <ja:item year="2002" month="05" day="12">
    <author ja:ref="wakaba" />
    <t>$BF|K\8l$KK]Lu!#(B</t>
  </ja:item>
  <ja:item year="2002" month="05" day="26">
    <author ja:ref="wakaba" />
    <t><ja:link type="rfc" number="2629" /> $B$G%^!<%/IU$1!#(B</t>
  </ja:item>
</ja:change><!-- $Date: 2002/07/26 11:56:16 $ -->
</ja:front>
<middle>

<section title="Introduction">
  <ja:note>
    <t xml:lang="ja">$B86J8$G7gMn!#(B</t>
  </ja:note>
</section>

<section title="Anchor Attributes" ja:title-ja="$BIEB0@-(B">
  <t>
    <ja:pair>
    <ja:l xml:lang="en">
      We define the following new anchor (and form submission) attributes:
    </ja:l>
    <ja:l xml:lang="ja">
      $B<!$N?7$7$$IE(B ($B$H(B&ja.html.form;$BAw?.(B) $BB0@-$rDj5A$7$^$9!#(B
    </ja:l>
    </ja:pair>
    
    <list style="hanging">
    <t hangText="DN" ja:anchor="html-a-dn">
      <ja:pair>
      <ja:l xml:lang="en">
        The distinguished name of the principal for whom the
        request should be encrypted when dereferencing the anchor's url.
        This need not be specified, but failure to do so runs the risk
        that the client will be unable to determine the DN and therefore
        will be unable to encrypt.  This should be specified in the form
        of <ja:link type="rfc" number="1485">RFC1485</ja:link>, 
        using SGML quoting conventions as needed.
      </ja:l>
      <ja:l xml:lang="ja">
        $BIE$N(B url 
        $B$r(B&ja.dereference;$B$9$k;~$KMW5a$,0E9f2=$9$k$Y$-BP>]<T$N<1JL$5$l$?L>A0!#(B
        $B$3$l$O;XDj$9$kI,MW$O$"$j$^$;$s$,!"(B&ja.network.client;$B$,(B DN
        $B$r7hDj=PMh$:!"$R$$$F$O0E9f2=$b=PMh$J$/$J$k4m81$rKA$9$3$H$K$J$j$^$9!#(B
        <ja:link type="rfc" number="1485" /> 
        $B$N7A<0$G!"I,MW$K1~$8$F(B SGML
        &ja.escape-quote;$BK!$r;H$C$F!";XDj$9$k$Y$-$G$9!#(B
      </ja:l>
      </ja:pair>
    </t>
    <t hangText="NONCE" ja:anchor="html-a-nonce">
      <ja:pair>
      <ja:l xml:lang="en">
        A free-format string (appropriately SGML quoted) which
        is to be included in a SHTTP-Nonce: header (after SGML quoting
        is removed) when the anchor is dereferenced.
      </ja:l>
      <ja:l xml:lang="ja">
        ($BE,@Z$K(B SGML &ja.escape-quote;$B$7$?(B) 
        $B<+M37A<0J8;zNs$G!"IE$,(B&ja.dereference;$B$5$l$k;~$K(B
        (SGML $B0zMQId$r>C$7$?8e$G(B) SHTTP-Nonce: $BF,$K4^$a$i$l$k$b$N!#(B
      </ja:l>
      </ja:pair>
    </t>
    <t hangText="CRYPTOPTS" ja:anchor="html-a-cryptopts">
      <ja:pair>
      <ja:l xml:lang="en">
        Cryptographic option information as described in
        <xref target="SHTTP" />. Specifically, the 
        &lt;cryptopt-list&gt; production.
      </ja:l>
      <ja:l xml:lang="ja">
        <xref target="SHTTP" /> $B$G@bL@$5$l$?0E9f2=A*Br;h>pJs!#6qBNE*$K$O(B
        &lt;cryptopt-list&gt;$B!#(B
      </ja:l>
      </ja:pair>
    </t>
    </list>
  </t>
  
  <section title="CERTS Element" ja:title-ja="CERTS $BMWAG(B" 
           anchor="html-certs">
    <t>
      <ja:pair>
      <ja:l xml:lang="en">
        A new CERTS HTML element is defined, which carries a 
        (not necessarily related) group of certificates provided 
        as advisory data. The element contents are not intended to be 
        displayed to the user. Certificate groups may be provided 
        appropriate for either PEM or PKCS-7 implementations. Such 
        certificates are supplied in the HTML document for the 
        convenience of the recipient, who might otherwise be unable
        to retrieve the certificate (chain) corresponding to a DN 
        specified in an anchor.
      </ja:l>
      <ja:l xml:lang="ja">
        $B?7$7$$(B CERTS $B$H$$$&(B HTML 
        $BMWAG$rDj5A$7$^$9!#$3$l$O(B&ja.crypt.advisory;$B%G!<%?$H$7$FDs6!$5$l$k>ZL@=q$N(B
        ($B4XO"$7$F$$$kI,MW$OL5$$(B) 
        $B72$r1?HB$7$^$9!#MWAG$NFbMF$OMxMQ<T$KDs<($9$k$3$H$rL\E*$H$7$F$O$$$^$;$s!#>ZL@=q72$O(B
        PEM $B$+(B PKCS-7 
        $B$N<BAu$N$I$A$i$+E,@Z$JJ}$rDs6!$7$F9=$$$^$;$s!#$3$N>ZL@=q$O<u?.<T$NJX59$N$?$a$K(B
        HTML 
        $BJ8=qCf$KF~$l$k$b$N$G$9$,!"F~$l$F$J$1$l$P(B<xref target="html-a-dn">$BIECf$N(B 
        DN</xref>
        $B$KBP1~$9$k>ZL@=q(B($B:?(B)$B$r<h$j=P$9$3$H$,=PMh$J$$$+$b$7$l$^$;$s!#(B
      </ja:l>
      </ja:pair>
    </t>
    
    <t>
      <ja:pair>
      <ja:l xml:lang="en">
        The format should be the same as that of the 'Certificate-Info'
        header line, of <xref target="SHTTP" /> except that the 
        &lt;Cert-Fmt&gt; specifier should be provided as the FMT attribute 
        in the tag.
      </ja:l>
      <ja:l xml:lang="ja">
        $B=q<0$O(B <xref target="SHTTP" /> $B$N(B 'Certificate-Info' $BF,$N$b$N$H!"(B
        &lt;Cert-Fmt&gt; $B;XDj;R$r%?%0$N(B FMT $BB0@-$H$9$k$3$H$r=|$$$FF10l$G$9!#(B
      </ja:l>
      </ja:pair>
    </t>
    
    <t>
      <ja:pair>
      <ja:l xml:lang="en">
        Multiple CERTS elements are permitted; it is suggested that CERTS
        elements themselves be included in the HTML document's HEAD 
        element (in the hope that the data will not be displayed by 
        S-HTTP oblivious but HTML compliant browsers.)
      </ja:l>
      <ja:l xml:lang="ja">
        $BJ#?t$N(B CERTS $BMWAG$r;H$C$F$b9=$$$^$;$s!#(B CERTS $BMWAG<+BN$O(B HTML
        $BJ8=q$N(B HEAD $BMWAGCf$K4^$a$k$3$H$r(B (S-HTTP $B$rCN$i$J$$$1$I(B HTML
        $B$K$OE,9g$7$F$$$k(B&ja.html.browser;$B$,%G!<%?$rI=<($7$J$$$3$H$r4j$C$F(B)
        $BDs0F$7$^$9!#(B
      </ja:l>
      </ja:pair>
    </t>
  </section>
  
  <section title="CRYPTOPTS Element" ja:title-ja="CRYPTOPTS $BMWAG(B"
           anchor="html-cryptopts">
    <t>
      <ja:pair>
      <ja:l xml:lang="en">
        Cryptopts may also be broken out into an element and referred 
        to in anchors by name. The NAME attribute specifies the name 
        by which this element may be referred to in a CRYPTOPTS 
        attribute in an anchor. Names must have a # as the leading 
        character.
      </ja:l>
      <ja:l xml:lang="ja">
        &ja.crypt.cryptopts;$B$bMWAGCf$K8=$l$F(B, 
        $BIECf$GL>A0$r;H$C$F;2>H$5$l$k$3$H$,=PMh$^$9!#(B NAME 
        $BB0@-$O$3$NMWAG$,(B<xref target="html-a-cryptopts">$BIECf$N(B
        CRYPTOPTS 
        $BB0@-(B</xref>$BCf$G;2>H$9$k$?$a$NL>A0$r;XDj$7$^$9!#L>A0$O@hF3J8;z$H$7$F(B
        # $B$r;}$?$J$1$l$P$J$j$^$;$s!#(B
      </ja:l>
      </ja:pair>
    </t>
  </section>
  
  <section title="HTML Example" ja:title-ja="HTML $B$NNc(B">
    <figure>
    <preamble>
      <ja:pair>
      <ja:l xml:lang="en">
        An example of cryptographic data embedded in an anchor, 
        proceeded by a certificate group is provided below. Note the 
        SGML quoting syntax used to supply embedded quotation marks.
      </ja:l>
      <ja:l xml:lang="ja">
        $BIE$KKd$a9~$^$l$?0E9f2=%G!<%?$K>ZL@=q72$,B3$/Nc$r<!$K5s$2$^$9!#$J$*!"(B
        SGML &ja.escape-quote;$B9=J8$rKd$a9~$_0zMQId$K;H$C$F$$$^$9!#(B
      </ja:l>
      </ja:pair>
    </preamble>
    
<!--
    <ja:pair><ja:l xml:lang="en">
-->
<artwork xml:space="preserve"><![CDATA[<CERTS FMT=PKCS-7>
MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAM
IIBrTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAwH
gYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc
29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4MDIxODM4N
TdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0e
SwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZTEYMBYGA1UEA
xMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMy8Q
cW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamIDElX/qw9mIQu4xNj1FfepfJNx
zPvA0OtMKhy6+bkrlyMEU8CAwEAATANBgkqhkiG9w0BAQIFAANPAAYn7jDgi
rhiIL4wnP8nGzUisGSpsFsF4/7z2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d8
2H5+Ndfhi2mRp4YHiGHz0HlK6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANB
gkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhd
GEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2Vyd
GlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3M
jM1OTU5WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2Vjd
XJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTANB
gkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1FpI9tX
Q1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8nOkkuBi+A
QvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7xDdp49oZm9GoNc
PhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6Wqf430Xe9Et5+jgnM
Tiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFcmiin80RB8AAAMYAAAAAAA
AAAAA==
</CERTS>
<A name=foobar
DN="CN=Setec Astronomy, OU=Persona Certificate,
    O=&quot;RSA Data Security, Inc.&quot;, C=US"
CRYPTOPTS="SHTTP-Privacy-Enhancements: recv-refused=encrypt;
SHTTP-Signature-Algorithms: recv-required=NIST-DSS"
HREF="shttp://research.nsa.gov/skipjack-holes.html">
Don't read this. </A>
]]></artwork>
<!--
    </ja:l><ja:l xml:lang="ja">
<artwork xml:space="preserve"><![CDATA[<CERTS FMT=PKCS-7>
MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAM
IIBrTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAwH
gYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc
29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4MDIxODM4N
TdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0e
SwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZTEYMBYGA1UEA
xMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMy8Q
cW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamIDElX/qw9mIQu4xNj1FfepfJNx
zPvA0OtMKhy6+bkrlyMEU8CAwEAATANBgkqhkiG9w0BAQIFAANPAAYn7jDgi
rhiIL4wnP8nGzUisGSpsFsF4/7z2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d8
2H5+Ndfhi2mRp4YHiGHz0HlK6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANB
gkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhd
GEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2Vyd
GlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3M
jM1OTU5WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2Vjd
XJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTANB
gkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1FpI9tX
Q1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8nOkkuBi+A
QvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7xDdp49oZm9GoNc
PhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6Wqf430Xe9Et5+jgnM
Tiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFcmiin80RB8AAAMYAAAAAAA
AAAAA==
</CERTS>
<A name=foobar
DN="CN=Setec $BE7J83X(B, OU=$B%Z%k%=%J>ZL@=q(B,
    O=&quot;RSA Data Security, Inc.&quot;, C=US"
CRYPTOPTS="SHTTP-Privacy-Enhancements: recv-refused=encrypt;
SHTTP-Signature-Algorithms: recv-required=NIST-DSS"
HREF="shttp://research.nsa.gov/skipjack-holes.html">
$B$3$lFI$`$J!#(B</A>]]></artwork>
    <ja:note>
      $B$3$NNc(B($B$NLu(B)$B$O!"(B DN $BB0@-Cf$rLu$7$F$$$k$?$a!"(B RFC 1485
      $B$KE,9g$7$^$;$s(B:-)
    </ja:note>
    </ja:l></ja:pair>
-->
    </figure>
  </section>
</section>

<section title="Security Considerations">
  <t>
    <ja:pair>
    <ja:l xml:lang="en">
      This entire document is about security.
    </ja:l>
    <ja:l xml:lang="ja">
      $B$3$NJ8=qA4BN$,(B&ja.security;$B$K4X$7$F$NOC$G$9!#(B
    </ja:l>
    </ja:pair>
  </t>
</section>

<ja:insert section="author-address" title-prefix="4. " />
<ja:insert section="references" title-prefix="5. " />
<ja:insert section="full-copyright" title-prefix="6. " />

</middle>
<back>

<references>
  <reference anchor="SHTTP">
    <front>
      <title>The Secure HyperText Transfer Protocol</title>
      <ja:title xml:lang="ja">$B0BA4(B&ja.html.hypertext;$BE>Aw(B&ja.protocol;</ja:title>
      <author surname="Rescorla" initials="E." />
      <author initials="A." surname="Schiffman" />
      <date month="August" year="1999" />
    </front>
    <seriesInfo name="RFC" value="2660" />
  </reference>
</references>

</back>
</rfc>
1	wakaba	1.1	<?xml version="1.0" encoding="iso-2022-jp"?>
2			<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
3			<!ENTITY rfc.number "2659">
4			<!ENTITY ja.dereference "$B2r;2>H(B (dereference) ">
5			<!ENTITY ja.escape-quote " quote ">
6			<!ENTITY ja.protocol "$B%W%m%H%3%k(B">
7			<!ENTITY ja.security "$B0BA4@-(B">
8			<!ENTITY ja.crypt.advisory "$B8\Ld(B">
9			<!ENTITY ja.crypt.cryptopts " cryptopts ">
10			<!ENTITY ja.html.browser "$B%V%i%&%6!<(B">
11			<!ENTITY ja.html.form " form ">
12			<!ENTITY ja.html.hypertext "$BD6J8(B">
13			<!ENTITY ja.network.client "$B%/%i%$%"%s%H(B">
14			]>
15			<?rfc symrefs="yes"?>
16			<rfc number="&rfc.number;" category="exp"
17			xmlns:myns="mailto:julian.reschke@greenbytes.de?subject=rcf2629.xslt"
18			xmlns:ja="http://suika.fam.cx/~wakaba/lang/rfc/translation/">
19			<front>
20			<title>Security Extensions For HTML</title>
21			<ja:title xml:lang="ja">HTML$B$N(B&ja.security;$B3HD%(B</ja:title>
22			<author initials="E." surname="Rescorla" fullname="Eric Rescorla">
23			<organization>RTFM, Inc.</organization>
24			<address>
25			<postal>
26			<street>30 Newell Road, #16</street>
27			<city>East Palo Alto</city> <region>CA</region>
28			<code>94303</code>
29			<country ja:show="no">US</country>
30			</postal>
31			<phone>(650) 328-8631</phone>
32			<email>ekr@rtfm.com</email>
33			</address>
34			</author>
35			<author initials="A." surname="Schiffman" fullname="Allan M. Schiffman">
36			<organization abbrev="Terisa Systems, Inc.">SPYRUS/Terisa</organization>
37			<address>
38			<postal>
39			<street>5303 Betsy Ross Drive</street>
40			<city>Santa Clara</city> <region>CA</region>
41			<code>95054</code>
42			<country ja:show="no">US</country>
43			</postal>
44			<phone>(408) 327-1901</phone>
45			<email>ams@terisa.com</email>
46			</address>
47			</author>
48			<date month="August" year="1999" />
49			<abstract>
50			<t>
51			<ja:pair>
52			<ja:l xml:lang="en">
53			This memo describes a syntax for embedding S-HTTP negotiation
54			parameters in HTML documents. S-HTTP, as described by
55			<ja:link type="rfc" number="2660" />, contains the concept of
56			negotiation headers which reflect the potential receiver of
57			a message's preferences as to which cryptographic enhancements
58			should be applied to the message. This document describes a
59			syntax for binding these negotiation parameters to HTML anchors.
60			</ja:l>
61			<ja:l xml:lang="ja">
62			$B$3$N%a%b$O!"(B HTML $BJ8=qCf$K(B S-HTTP
63			$B@^>W%Q%i%a!<%?!<$rKd$a9~$`9=J8$r@bL@$7$^$9!#(B
64			<ja:link type="rfc" number="2660" /> $B$G@bL@$5$l$F$$$k(B
65			S-HTTP $B$O!"$I$N0E9f3HD%$r%a%C%;!<%8$KE,MQ$9$k$+$N!"%a%C%;!<%8$N@x:_<u?.<T$N9%$_$rH?1G$9$k@^>WF,$N35G0$r4^$s$G$$$^$9!#$3$NJ8=q$O$3$l$i$N@^>W%Q%i%a!<%?!<$r(B
66			HTML $BIE$KG{$jIU$1$k9=J8$r@bL@$7$^$9!#(B
67			</ja:l>
68			</ja:pair>
69			</t>
70			</abstract>
71			</front>
72			<ja:front>
73			<author fullname="$B$o$+$P(B" ja:id="wakaba">
74			<address>
75			<email>w@suika.fam.cx</email>
76			<uri>http://suika.fam.cx/~wakaba/</uri>
77			</address>
78			</author>
79			<ja:change>
80	wakaba	1.2	<ja:item year="2002" month="05" day="12">
81	wakaba	1.1	<author ja:ref="wakaba" />
82			<t>$BF\|K\8l$KK]Lu!#(B</t>
83			</ja:item>
84	wakaba	1.2	<ja:item year="2002" month="05" day="26">
85	wakaba	1.1	<author ja:ref="wakaba" />
86			<t><ja:link type="rfc" number="2629" /> $B$G%^!<%/IU$1!#(B</t>
87			</ja:item>
88	wakaba	1.3	</ja:change><!-- $Date: 2002/07/26 11:56:16 $ -->
89	wakaba	1.1	</ja:front>
90			<middle>
91
92			<section title="Introduction">
93			<ja:note>
94			<t xml:lang="ja">$B86J8$G7gMn!#(B</t>
95			</ja:note>
96			</section>
97
98			<section title="Anchor Attributes" ja:title-ja="$BIEB0@-(B">
99			<t>
100			<ja:pair>
101			<ja:l xml:lang="en">
102			We define the following new anchor (and form submission) attributes:
103			</ja:l>
104			<ja:l xml:lang="ja">
105			$B<!$N?7$7$$IE(B ($B$H(B&ja.html.form;$BAw?.(B) $BB0@-$rDj5A$7$^$9!#(B
106			</ja:l>
107			</ja:pair>
108
109			<list style="hanging">
110			<t hangText="DN" ja:anchor="html-a-dn">
111			<ja:pair>
112			<ja:l xml:lang="en">
113			The distinguished name of the principal for whom the
114			request should be encrypted when dereferencing the anchor's url.
115			This need not be specified, but failure to do so runs the risk
116			that the client will be unable to determine the DN and therefore
117			will be unable to encrypt. This should be specified in the form
118			of <ja:link type="rfc" number="1485">RFC1485</ja:link>,
119			using SGML quoting conventions as needed.
120			</ja:l>
121			<ja:l xml:lang="ja">
122			$BIE$N(B url
123			$B$r(B&ja.dereference;$B$9$k;~$KMW5a$,0E9f2=$9$k$Y$-BP>]<T$N<1JL$5$l$?L>A0!#(B
124			$B$3$l$O;XDj$9$kI,MW$O$"$j$^$;$s$,!"(B&ja.network.client;$B$,(B DN
125			$B$r7hDj=PMh$:!"$R$$$F$O0E9f2=$b=PMh$J$/$J$k4m81$rKA$9$3$H$K$J$j$^$9!#(B
126			<ja:link type="rfc" number="1485" />
127			$B$N7A<0$G!"I,MW$K1~$8$F(B SGML
128			&ja.escape-quote;$BK!$r;H$C$F!";XDj$9$k$Y$-$G$9!#(B
129			</ja:l>
130			</ja:pair>
131			</t>
132	wakaba	1.3	<t hangText="NONCE" ja:anchor="html-a-nonce">
133	wakaba	1.1	<ja:pair>
134			<ja:l xml:lang="en">
135			A free-format string (appropriately SGML quoted) which
136			is to be included in a SHTTP-Nonce: header (after SGML quoting
137			is removed) when the anchor is dereferenced.
138			</ja:l>
139			<ja:l xml:lang="ja">
140			($BE,@Z$K(B SGML &ja.escape-quote;$B$7$?(B)
141			$B<+M37A<0J8;zNs$G!"IE$,(B&ja.dereference;$B$5$l$k;~$K(B
142			(SGML $B0zMQId$r>C$7$?8e$G(B) SHTTP-Nonce: $BF,$K4^$a$i$l$k$b$N!#(B
143			</ja:l>
144			</ja:pair>
145			</t>
146	wakaba	1.3	<t hangText="CRYPTOPTS" ja:anchor="html-a-cryptopts">
147	wakaba	1.1	<ja:pair>
148			<ja:l xml:lang="en">
149			Cryptographic option information as described in
150			<xref target="SHTTP" />. Specifically, the
151			<cryptopt-list> production.
152			</ja:l>
153			<ja:l xml:lang="ja">
154			<xref target="SHTTP" /> $B$G@bL@$5$l$?0E9f2=ABr;h>pJs!#6qBNE$K$O(B
155			<cryptopt-list>$B!#(B
156			</ja:l>
157			</ja:pair>
158			</t>
159			</list>
160			</t>
161
162			<section title="CERTS Element" ja:title-ja="CERTS $BMWAG(B"
163			anchor="html-certs">
164			<t>
165			<ja:pair>
166			<ja:l xml:lang="en">
167			A new CERTS HTML element is defined, which carries a
168			(not necessarily related) group of certificates provided
169			as advisory data. The element contents are not intended to be
170			displayed to the user. Certificate groups may be provided
171			appropriate for either PEM or PKCS-7 implementations. Such
172			certificates are supplied in the HTML document for the
173			convenience of the recipient, who might otherwise be unable
174			to retrieve the certificate (chain) corresponding to a DN
175			specified in an anchor.
176			</ja:l>
177			<ja:l xml:lang="ja">
178			$B?7$7$$(B CERTS $B$H$$$&(B HTML
179			$BMWAG$rDj5A$7$^$9!#$3$l$O(B&ja.crypt.advisory;$B%G!<%?$H$7$FDs6!$5$l$k>ZL@=q$N(B
180			($B4XO"$7$F$$$kI,MW$OL5$$(B)
181			$B72$r1?HB$7$^$9!#MWAG$NFbMF$OMxMQ<T$KDs<($9$k$3$H$rL\E*$H$7$F$O$$$^$;$s!#>ZL@=q72$O(B
182			PEM $B$+(B PKCS-7
183			$B$N<BAu$N$I$A$i$+E,@Z$JJ}$rDs6!$7$F9=$$$^$;$s!#$3$N>ZL@=q$O<u?.<T$NJX59$N$?$a$K(B
184			HTML
185			$BJ8=qCf$KF~$l$k$b$N$G$9$,!"F~$l$F$J$1$l$P(B<xref target="html-a-dn">$BIECf$N(B
186			DN</xref>
187			$B$KBP1~$9$k>ZL@=q(B($B:?(B)$B$r<h$j=P$9$3$H$,=PMh$J$$$+$b$7$l$^$;$s!#(B
188			</ja:l>
189			</ja:pair>
190			</t>
191
192			<t>
193			<ja:pair>
194			<ja:l xml:lang="en">
195			The format should be the same as that of the 'Certificate-Info'
196			header line, of <xref target="SHTTP" /> except that the
197			<Cert-Fmt> specifier should be provided as the FMT attribute
198			in the tag.
199			</ja:l>
200			<ja:l xml:lang="ja">
201			$B=q<0$O(B <xref target="SHTTP" /> $B$N(B 'Certificate-Info' $BF,$N$b$N$H!"(B
202			<Cert-Fmt> $B;XDj;R$r%?%0$N(B FMT $BB0@-$H$9$k$3$H$r=\|$$$FF10l$G$9!#(B
203			</ja:l>
204			</ja:pair>
205			</t>
206
207			<t>
208			<ja:pair>
209			<ja:l xml:lang="en">
210			Multiple CERTS elements are permitted; it is suggested that CERTS
211			elements themselves be included in the HTML document's HEAD
212			element (in the hope that the data will not be displayed by
213			S-HTTP oblivious but HTML compliant browsers.)
214			</ja:l>
215			<ja:l xml:lang="ja">
216			$BJ#?t$N(B CERTS $BMWAG$r;H$C$F$b9=$$$^$;$s!#(B CERTS $BMWAG<+BN$O(B HTML
217			$BJ8=q$N(B HEAD $BMWAGCf$K4^$a$k$3$H$r(B (S-HTTP $B$rCN$i$J$$$1$I(B HTML
218			$B$K$OE,9g$7$F$$$k(B&ja.html.browser;$B$,%G!<%?$rI=<($7$J$$$3$H$r4j$C$F(B)
219			$BDs0F$7$^$9!#(B
220			</ja:l>
221			</ja:pair>
222			</t>
223			</section>
224
225			<section title="CRYPTOPTS Element" ja:title-ja="CRYPTOPTS $BMWAG(B"
226			anchor="html-cryptopts">
227			<t>
228			<ja:pair>
229			<ja:l xml:lang="en">
230			Cryptopts may also be broken out into an element and referred
231			to in anchors by name. The NAME attribute specifies the name
232			by which this element may be referred to in a CRYPTOPTS
233			attribute in an anchor. Names must have a # as the leading
234			character.
235			</ja:l>
236			<ja:l xml:lang="ja">
237			&ja.crypt.cryptopts;$B$bMWAGCf$K8=$l$F(B,
238			$BIECf$GL>A0$r;H$C$F;2>H$5$l$k$3$H$,=PMh$^$9!#(B NAME
239			$BB0@-$O$3$NMWAG$,(B<xref target="html-a-cryptopts">$BIECf$N(B
240			CRYPTOPTS
241			$BB0@-(B</xref>$BCf$G;2>H$9$k$?$a$NL>A0$r;XDj$7$^$9!#L>A0$O@hF3J8;z$H$7$F(B
242			# $B$r;}$?$J$1$l$P$J$j$^$;$s!#(B
243			</ja:l>
244			</ja:pair>
245			</t>
246			</section>
247
248			<section title="HTML Example" ja:title-ja="HTML $B$NNc(B">
249			<figure>
250			<preamble>
251			<ja:pair>
252			<ja:l xml:lang="en">
253			An example of cryptographic data embedded in an anchor,
254			proceeded by a certificate group is provided below. Note the
255			SGML quoting syntax used to supply embedded quotation marks.
256			</ja:l>
257			<ja:l xml:lang="ja">
258			$BIE$KKd$a9~$^$l$?0E9f2=%G!<%?$K>ZL@=q72$,B3$/Nc$r<!$K5s$2$^$9!#$J$*!"(B
259			SGML &ja.escape-quote;$B9=J8$rKd$a9~$_0zMQId$K;H$C$F$$$^$9!#(B
260			</ja:l>
261			</ja:pair>
262			</preamble>
263
264			<!--
265			<ja:pair><ja:l xml:lang="en">
266			-->
267			<artwork xml:space="preserve"><![CDATA[<CERTS FMT=PKCS-7>
268			MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAM
269			IIBrTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAwH
270			gYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc
271			29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4MDIxODM4N
272			TdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0e
273			SwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZTEYMBYGA1UEA
274			xMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMy8Q
275			cW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamIDElX/qw9mIQu4xNj1FfepfJNx
276			zPvA0OtMKhy6+bkrlyMEU8CAwEAATANBgkqhkiG9w0BAQIFAANPAAYn7jDgi
277			rhiIL4wnP8nGzUisGSpsFsF4/7z2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d8
278			2H5+Ndfhi2mRp4YHiGHz0HlK6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANB
279			gkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhd
280			GEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2Vyd
281			GlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3M
282			jM1OTU5WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2Vjd
283			XJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTANB
284			gkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1FpI9tX
285			Q1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8nOkkuBi+A
286			QvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7xDdp49oZm9GoNc
287			PhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6Wqf430Xe9Et5+jgnM
288			Tiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFcmiin80RB8AAAMYAAAAAAA
289			AAAAA==
290			</CERTS>
291			<A name=foobar
292			DN="CN=Setec Astronomy, OU=Persona Certificate,
293			O="RSA Data Security, Inc.", C=US"
294			CRYPTOPTS="SHTTP-Privacy-Enhancements: recv-refused=encrypt;
295			SHTTP-Signature-Algorithms: recv-required=NIST-DSS"
296			HREF="shttp://research.nsa.gov/skipjack-holes.html">
297			Don't read this. </A>
298			]]></artwork>
299			<!--
300			</ja:l><ja:l xml:lang="ja">
301			<artwork xml:space="preserve"><![CDATA[<CERTS FMT=PKCS-7>
302			MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAM
303			IIBrTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAwH
304			gYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc
305			29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4MDIxODM4N
306			TdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0e
307			SwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZTEYMBYGA1UEA
308			xMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMy8Q
309			cW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamIDElX/qw9mIQu4xNj1FfepfJNx
310			zPvA0OtMKhy6+bkrlyMEU8CAwEAATANBgkqhkiG9w0BAQIFAANPAAYn7jDgi
311			rhiIL4wnP8nGzUisGSpsFsF4/7z2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d8
312			2H5+Ndfhi2mRp4YHiGHz0HlK6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANB
313			gkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhd
314			GEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2Vyd
315			GlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3M
316			jM1OTU5WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2Vjd
317			XJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTANB
318			gkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1FpI9tX
319			Q1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8nOkkuBi+A
320			QvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7xDdp49oZm9GoNc
321			PhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6Wqf430Xe9Et5+jgnM
322			Tiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFcmiin80RB8AAAMYAAAAAAA
323			AAAAA==
324			</CERTS>
325			<A name=foobar
326			DN="CN=Setec $BE7J83X(B, OU=$B%Z%k%=%J>ZL@=q(B,
327			O="RSA Data Security, Inc.", C=US"
328			CRYPTOPTS="SHTTP-Privacy-Enhancements: recv-refused=encrypt;
329			SHTTP-Signature-Algorithms: recv-required=NIST-DSS"
330			HREF="shttp://research.nsa.gov/skipjack-holes.html">
331			$B$3$lFI$`$J!#(B</A>]]></artwork>
332			<ja:note>
333			$B$3$NNc(B($B$NLu(B)$B$O!"(B DN $BB0@-Cf$rLu$7$F$$$k$?$a!"(B RFC 1485
334			$B$KE,9g$7$^$;$s(B:-)
335			</ja:note>
336			</ja:l></ja:pair>
337			-->
338			</figure>
339			</section>
340			</section>
341
342			<section title="Security Considerations">
343			<t>
344			<ja:pair>
345			<ja:l xml:lang="en">
346			This entire document is about security.
347			</ja:l>
348			<ja:l xml:lang="ja">
349			$B$3$NJ8=qA4BN$,(B&ja.security;$B$K4X$7$F$NOC$G$9!#(B
350			</ja:l>
351			</ja:pair>
352			</t>
353			</section>
354
355	wakaba	1.2	<ja:insert section="author-address" title-prefix="4. " />
356			<ja:insert section="references" title-prefix="5. " />
357			<ja:insert section="full-copyright" title-prefix="6. " />
358	wakaba	1.1
359			</middle>
360			<back>
361
362			<references>
363			<reference anchor="SHTTP">
364			<front>
365			<title>The Secure HyperText Transfer Protocol</title>
366			<ja:title xml:lang="ja">$B0BA4(B&ja.html.hypertext;$BE>Aw(B&ja.protocol;</ja:title>
367			<author surname="Rescorla" initials="E." />
368			<author initials="A." surname="Schiffman" />
369			<date month="August" year="1999" />
370			</front>
371			<seriesInfo name="RFC" value="2660" />
372			</reference>
373			</references>
374
375			</back>
376			</rfc>