doc/rfc-ja/rfc2659-ja.rfcja

<?xml version="1.0" encoding="iso-2022-jp"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
  <!ENTITY rfc.number "2659">
  <!ENTITY ja.dereference "$B2r;2>H(B (dereference) ">
  <!ENTITY ja.escape-quote " quote ">
  <!ENTITY ja.protocol "$B%W%m%H%3%k(B">
  <!ENTITY ja.security "$B0BA4@-(B">
  <!ENTITY ja.crypt.advisory "$B8\Ld(B">
  <!ENTITY ja.crypt.cryptopts " cryptopts ">
  <!ENTITY ja.html.browser "$B%V%i%&%6!<(B">
  <!ENTITY ja.html.form " form ">
  <!ENTITY ja.html.hypertext "$BD6J8(B">
  <!ENTITY ja.network.client "$B%/%i%$%"%s%H(B">
]>
<?rfc symrefs="yes"?>
<rfc number="&rfc.number;" category="exp"
   xmlns:myns="mailto:julian.reschke@greenbytes.de?subject=rcf2629.xslt"
   xmlns:ja="http://suika.fam.cx/~wakaba/lang/rfc/translation/">
  <front>
    <title>Security Extensions For HTML</title> 
    <ja:title xml:lang="ja">HTML$B$N(B&ja.security;$B3HD%(B</ja:title>
    <author initials="E." surname="Rescorla" fullname="Eric Rescorla">
      <organization>RTFM, Inc.</organization>
      <address>
        <postal>
          <street>30 Newell Road, #16</street>
          <city>East Palo Alto</city> <region>CA</region>
          <code>94303</code>
          <country ja:show="no">US</country>
        </postal>
        <phone>(650) 328-8631</phone>
        <email>ekr@rtfm.com</email>
      </address>
    </author>
    <author initials="A." surname="Schiffman" fullname="Allan M. Schiffman">
      <organization abbrev="Terisa Systems, Inc.">SPYRUS/Terisa</organization>
      <address>
        <postal>
          <street>5303 Betsy Ross Drive</street>
          <city>Santa Clara</city> <region>CA</region>
          <code>95054</code>
          <country ja:show="no">US</country>
        </postal>
        <phone>(408) 327-1901</phone>
        <email>ams@terisa.com</email>
      </address>
    </author>
    <date month="August" year="1999" />
    <abstract>
      <t>
        <ja:pair>
        <ja:l xml:lang="en">
          This memo describes a syntax for embedding S-HTTP negotiation
          parameters in HTML documents.  S-HTTP, as described by 
          <ja:link type="rfc" number="2660" />, contains the concept of 
          negotiation headers which reflect the potential receiver of 
          a message's preferences as to which cryptographic enhancements 
          should be applied to the message. This document describes a 
          syntax for binding these negotiation parameters to HTML anchors.
        </ja:l>
        <ja:l xml:lang="ja">
          $B$3$N%a%b$O!"(B HTML $BJ8=qCf$K(B S-HTTP 
          $B@^>W%Q%i%a!<%?!<$rKd$a9~$`9=J8$r@bL@$7$^$9!#(B 
          <ja:link type="rfc" number="2660" /> $B$G@bL@$5$l$F$$$k(B
          S-HTTP $B$O!"$I$N0E9f3HD%$r%a%C%;!<%8$KE,MQ$9$k$+$N!"%a%C%;!<%8$N@x:_<u?.<T$N9%$_$rH?1G$9$k@^>WF,$N35G0$r4^$s$G$$$^$9!#$3$NJ8=q$O$3$l$i$N@^>W%Q%i%a!<%?!<$r(B
          HTML $BIE$KG{$jIU$1$k9=J8$r@bL@$7$^$9!#(B
        </ja:l>
        </ja:pair>
      </t>
    </abstract>
  </front>
<ja:front>
<author fullname="$B$o$+$P(B" ja:id="wakaba">
        <address>
        <email>w@suika.fam.cx</email>
        <uri>http://suika.fam.cx/~wakaba/</uri>
        </address>
</author>
<ja:change>
  <ja:item year="2002" month="05" day="12">
    <author ja:ref="wakaba" />
    <t>$BF|K\8l$KK]Lu!#(B</t>
  </ja:item>
  <ja:item year="2002" month="05" day="26">
    <author ja:ref="wakaba" />
    <t><ja:link type="rfc" number="2629" /> $B$G%^!<%/IU$1!#(B</t>
  </ja:item>
</ja:change><!-- $Date: 2002/07/26 11:56:16 $ -->
</ja:front>
<middle>

<section title="Introduction">
  <ja:note>
    <t xml:lang="ja">$B86J8$G7gMn!#(B</t>
  </ja:note>
</section>

<section title="Anchor Attributes" ja:title-ja="$BIEB0@-(B">
  <t>
    <ja:pair>
    <ja:l xml:lang="en">
      We define the following new anchor (and form submission) attributes:
    </ja:l>
    <ja:l xml:lang="ja">
      $B<!$N?7$7$$IE(B ($B$H(B&ja.html.form;$BAw?.(B) $BB0@-$rDj5A$7$^$9!#(B
    </ja:l>
    </ja:pair>
    
    <list style="hanging">
    <t hangText="DN" ja:anchor="html-a-dn">
      <ja:pair>
      <ja:l xml:lang="en">
        The distinguished name of the principal for whom the
        request should be encrypted when dereferencing the anchor's url.
        This need not be specified, but failure to do so runs the risk
        that the client will be unable to determine the DN and therefore
        will be unable to encrypt.  This should be specified in the form
        of <ja:link type="rfc" number="1485">RFC1485</ja:link>, 
        using SGML quoting conventions as needed.
      </ja:l>
      <ja:l xml:lang="ja">
        $BIE$N(B url 
        $B$r(B&ja.dereference;$B$9$k;~$KMW5a$,0E9f2=$9$k$Y$-BP>]<T$N<1JL$5$l$?L>A0!#(B
        $B$3$l$O;XDj$9$kI,MW$O$"$j$^$;$s$,!"(B&ja.network.client;$B$,(B DN
        $B$r7hDj=PMh$:!"$R$$$F$O0E9f2=$b=PMh$J$/$J$k4m81$rKA$9$3$H$K$J$j$^$9!#(B
        <ja:link type="rfc" number="1485" /> 
        $B$N7A<0$G!"I,MW$K1~$8$F(B SGML
        &ja.escape-quote;$BK!$r;H$C$F!";XDj$9$k$Y$-$G$9!#(B
      </ja:l>
      </ja:pair>
    </t>
    <t hangText="NONCE" ja:anchor="html-a-nonce">
      <ja:pair>
      <ja:l xml:lang="en">
        A free-format string (appropriately SGML quoted) which
        is to be included in a SHTTP-Nonce: header (after SGML quoting
        is removed) when the anchor is dereferenced.
      </ja:l>
      <ja:l xml:lang="ja">
        ($BE,@Z$K(B SGML &ja.escape-quote;$B$7$?(B) 
        $B<+M37A<0J8;zNs$G!"IE$,(B&ja.dereference;$B$5$l$k;~$K(B
        (SGML $B0zMQId$r>C$7$?8e$G(B) SHTTP-Nonce: $BF,$K4^$a$i$l$k$b$N!#(B
      </ja:l>
      </ja:pair>
    </t>
    <t hangText="CRYPTOPTS" ja:anchor="html-a-cryptopts">
      <ja:pair>
      <ja:l xml:lang="en">
        Cryptographic option information as described in
        <xref target="SHTTP" />. Specifically, the 
        &lt;cryptopt-list&gt; production.
      </ja:l>
      <ja:l xml:lang="ja">
        <xref target="SHTTP" /> $B$G@bL@$5$l$?0E9f2=A*Br;h>pJs!#6qBNE*$K$O(B
        &lt;cryptopt-list&gt;$B!#(B
      </ja:l>
      </ja:pair>
    </t>
    </list>
  </t>
  
  <section title="CERTS Element" ja:title-ja="CERTS $BMWAG(B" 
           anchor="html-certs">
    <t>
      <ja:pair>
      <ja:l xml:lang="en">
        A new CERTS HTML element is defined, which carries a 
        (not necessarily related) group of certificates provided 
        as advisory data. The element contents are not intended to be 
        displayed to the user. Certificate groups may be provided 
        appropriate for either PEM or PKCS-7 implementations. Such 
        certificates are supplied in the HTML document for the 
        convenience of the recipient, who might otherwise be unable
        to retrieve the certificate (chain) corresponding to a DN 
        specified in an anchor.
      </ja:l>
      <ja:l xml:lang="ja">
        $B?7$7$$(B CERTS $B$H$$$&(B HTML 
        $BMWAG$rDj5A$7$^$9!#$3$l$O(B&ja.crypt.advisory;$B%G!<%?$H$7$FDs6!$5$l$k>ZL@=q$N(B
        ($B4XO"$7$F$$$kI,MW$OL5$$(B) 
        $B72$r1?HB$7$^$9!#MWAG$NFbMF$OMxMQ<T$KDs<($9$k$3$H$rL\E*$H$7$F$O$$$^$;$s!#>ZL@=q72$O(B
        PEM $B$+(B PKCS-7 
        $B$N<BAu$N$I$A$i$+E,@Z$JJ}$rDs6!$7$F9=$$$^$;$s!#$3$N>ZL@=q$O<u?.<T$NJX59$N$?$a$K(B
        HTML 
        $BJ8=qCf$KF~$l$k$b$N$G$9$,!"F~$l$F$J$1$l$P(B<xref target="html-a-dn">$BIECf$N(B 
        DN</xref>
        $B$KBP1~$9$k>ZL@=q(B($B:?(B)$B$r<h$j=P$9$3$H$,=PMh$J$$$+$b$7$l$^$;$s!#(B
      </ja:l>
      </ja:pair>
    </t>
    
    <t>
      <ja:pair>
      <ja:l xml:lang="en">
        The format should be the same as that of the 'Certificate-Info'
        header line, of <xref target="SHTTP" /> except that the 
        &lt;Cert-Fmt&gt; specifier should be provided as the FMT attribute 
        in the tag.
      </ja:l>
      <ja:l xml:lang="ja">
        $B=q<0$O(B <xref target="SHTTP" /> $B$N(B 'Certificate-Info' $BF,$N$b$N$H!"(B
        &lt;Cert-Fmt&gt; $B;XDj;R$r%?%0$N(B FMT $BB0@-$H$9$k$3$H$r=|$$$FF10l$G$9!#(B
      </ja:l>
      </ja:pair>
    </t>
    
    <t>
      <ja:pair>
      <ja:l xml:lang="en">
        Multiple CERTS elements are permitted; it is suggested that CERTS
        elements themselves be included in the HTML document's HEAD 
        element (in the hope that the data will not be displayed by 
        S-HTTP oblivious but HTML compliant browsers.)
      </ja:l>
      <ja:l xml:lang="ja">
        $BJ#?t$N(B CERTS $BMWAG$r;H$C$F$b9=$$$^$;$s!#(B CERTS $BMWAG<+BN$O(B HTML
        $BJ8=q$N(B HEAD $BMWAGCf$K4^$a$k$3$H$r(B (S-HTTP $B$rCN$i$J$$$1$I(B HTML
        $B$K$OE,9g$7$F$$$k(B&ja.html.browser;$B$,%G!<%?$rI=<($7$J$$$3$H$r4j$C$F(B)
        $BDs0F$7$^$9!#(B
      </ja:l>
      </ja:pair>
    </t>
  </section>
  
  <section title="CRYPTOPTS Element" ja:title-ja="CRYPTOPTS $BMWAG(B"
           anchor="html-cryptopts">
    <t>
      <ja:pair>
      <ja:l xml:lang="en">
        Cryptopts may also be broken out into an element and referred 
        to in anchors by name. The NAME attribute specifies the name 
        by which this element may be referred to in a CRYPTOPTS 
        attribute in an anchor. Names must have a # as the leading 
        character.
      </ja:l>
      <ja:l xml:lang="ja">
        &ja.crypt.cryptopts;$B$bMWAGCf$K8=$l$F(B, 
        $BIECf$GL>A0$r;H$C$F;2>H$5$l$k$3$H$,=PMh$^$9!#(B NAME 
        $BB0@-$O$3$NMWAG$,(B<xref target="html-a-cryptopts">$BIECf$N(B
        CRYPTOPTS 
        $BB0@-(B</xref>$BCf$G;2>H$9$k$?$a$NL>A0$r;XDj$7$^$9!#L>A0$O@hF3J8;z$H$7$F(B
        # $B$r;}$?$J$1$l$P$J$j$^$;$s!#(B
      </ja:l>
      </ja:pair>
    </t>
  </section>
  
  <section title="HTML Example" ja:title-ja="HTML $B$NNc(B">
    <figure>
    <preamble>
      <ja:pair>
      <ja:l xml:lang="en">
        An example of cryptographic data embedded in an anchor, 
        proceeded by a certificate group is provided below. Note the 
        SGML quoting syntax used to supply embedded quotation marks.
      </ja:l>
      <ja:l xml:lang="ja">
        $BIE$KKd$a9~$^$l$?0E9f2=%G!<%?$K>ZL@=q72$,B3$/Nc$r<!$K5s$2$^$9!#$J$*!"(B
        SGML &ja.escape-quote;$B9=J8$rKd$a9~$_0zMQId$K;H$C$F$$$^$9!#(B
      </ja:l>
      </ja:pair>
    </preamble>
    
<!--
    <ja:pair><ja:l xml:lang="en">
-->
<artwork xml:space="preserve"><![CDATA[<CERTS FMT=PKCS-7>
MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAM
IIBrTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAwH
gYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc
29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4MDIxODM4N
TdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0e
SwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZTEYMBYGA1UEA
xMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMy8Q
cW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamIDElX/qw9mIQu4xNj1FfepfJNx
zPvA0OtMKhy6+bkrlyMEU8CAwEAATANBgkqhkiG9w0BAQIFAANPAAYn7jDgi
rhiIL4wnP8nGzUisGSpsFsF4/7z2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d8
2H5+Ndfhi2mRp4YHiGHz0HlK6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANB
gkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhd
GEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2Vyd
GlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3M
jM1OTU5WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2Vjd
XJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTANB
gkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1FpI9tX
Q1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8nOkkuBi+A
QvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7xDdp49oZm9GoNc
PhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6Wqf430Xe9Et5+jgnM
Tiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFcmiin80RB8AAAMYAAAAAAA
AAAAA==
</CERTS>
<A name=foobar
DN="CN=Setec Astronomy, OU=Persona Certificate,
    O=&quot;RSA Data Security, Inc.&quot;, C=US"
CRYPTOPTS="SHTTP-Privacy-Enhancements: recv-refused=encrypt;
SHTTP-Signature-Algorithms: recv-required=NIST-DSS"
HREF="shttp://research.nsa.gov/skipjack-holes.html">
Don't read this. </A>
]]></artwork>
<!--
    </ja:l><ja:l xml:lang="ja">
<artwork xml:space="preserve"><![CDATA[<CERTS FMT=PKCS-7>
MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAM
IIBrTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAwH
gYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc
29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4MDIxODM4N
TdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0e
SwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZTEYMBYGA1UEA
xMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMy8Q
cW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamIDElX/qw9mIQu4xNj1FfepfJNx
zPvA0OtMKhy6+bkrlyMEU8CAwEAATANBgkqhkiG9w0BAQIFAANPAAYn7jDgi
rhiIL4wnP8nGzUisGSpsFsF4/7z2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d8
2H5+Ndfhi2mRp4YHiGHz0HlK6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANB
gkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhd
GEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2Vyd
GlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3M
jM1OTU5WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2Vjd
XJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTANB
gkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1FpI9tX
Q1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8nOkkuBi+A
QvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7xDdp49oZm9GoNc
PhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6Wqf430Xe9Et5+jgnM
Tiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFcmiin80RB8AAAMYAAAAAAA
AAAAA==
</CERTS>
<A name=foobar
DN="CN=Setec $BE7J83X(B, OU=$B%Z%k%=%J>ZL@=q(B,
    O=&quot;RSA Data Security, Inc.&quot;, C=US"
CRYPTOPTS="SHTTP-Privacy-Enhancements: recv-refused=encrypt;
SHTTP-Signature-Algorithms: recv-required=NIST-DSS"
HREF="shttp://research.nsa.gov/skipjack-holes.html">
$B$3$lFI$`$J!#(B</A>]]></artwork>
    <ja:note>
      $B$3$NNc(B($B$NLu(B)$B$O!"(B DN $BB0@-Cf$rLu$7$F$$$k$?$a!"(B RFC 1485
      $B$KE,9g$7$^$;$s(B:-)
    </ja:note>
    </ja:l></ja:pair>
-->
    </figure>
  </section>
</section>

<section title="Security Considerations">
  <t>
    <ja:pair>
    <ja:l xml:lang="en">
      This entire document is about security.
    </ja:l>
    <ja:l xml:lang="ja">
      $B$3$NJ8=qA4BN$,(B&ja.security;$B$K4X$7$F$NOC$G$9!#(B
    </ja:l>
    </ja:pair>
  </t>
</section>

<ja:insert section="author-address" title-prefix="4. " />
<ja:insert section="references" title-prefix="5. " />
<ja:insert section="full-copyright" title-prefix="6. " />

</middle>
<back>

<references>
  <reference anchor="SHTTP">
    <front>
      <title>The Secure HyperText Transfer Protocol</title>
      <ja:title xml:lang="ja">$B0BA4(B&ja.html.hypertext;$BE>Aw(B&ja.protocol;</ja:title>
      <author surname="Rescorla" initials="E." />
      <author initials="A." surname="Schiffman" />
      <date month="August" year="1999" />
    </front>
    <seriesInfo name="RFC" value="2660" />
  </reference>
</references>

</back>
</rfc>
1	<?xml version="1.0" encoding="iso-2022-jp"?>
2	<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
3	<!ENTITY rfc.number "2659">
4	<!ENTITY ja.dereference "$B2r;2>H(B (dereference) ">
5	<!ENTITY ja.escape-quote " quote ">
6	<!ENTITY ja.protocol "$B%W%m%H%3%k(B">
7	<!ENTITY ja.security "$B0BA4@-(B">
8	<!ENTITY ja.crypt.advisory "$B8\Ld(B">
9	<!ENTITY ja.crypt.cryptopts " cryptopts ">
10	<!ENTITY ja.html.browser "$B%V%i%&%6!<(B">
11	<!ENTITY ja.html.form " form ">
12	<!ENTITY ja.html.hypertext "$BD6J8(B">
13	<!ENTITY ja.network.client "$B%/%i%$%"%s%H(B">
14	]>
15	<?rfc symrefs="yes"?>
16	<rfc number="&rfc.number;" category="exp"
17	xmlns:myns="mailto:julian.reschke@greenbytes.de?subject=rcf2629.xslt"
18	xmlns:ja="http://suika.fam.cx/~wakaba/lang/rfc/translation/">
19	<front>
20	<title>Security Extensions For HTML</title>
21	<ja:title xml:lang="ja">HTML$B$N(B&ja.security;$B3HD%(B</ja:title>
22	<author initials="E." surname="Rescorla" fullname="Eric Rescorla">
23	<organization>RTFM, Inc.</organization>
24	<address>
25	<postal>
26	<street>30 Newell Road, #16</street>
27	<city>East Palo Alto</city> <region>CA</region>
28	<code>94303</code>
29	<country ja:show="no">US</country>
30	</postal>
31	<phone>(650) 328-8631</phone>
32	<email>ekr@rtfm.com</email>
33	</address>
34	</author>
35	<author initials="A." surname="Schiffman" fullname="Allan M. Schiffman">
36	<organization abbrev="Terisa Systems, Inc.">SPYRUS/Terisa</organization>
37	<address>
38	<postal>
39	<street>5303 Betsy Ross Drive</street>
40	<city>Santa Clara</city> <region>CA</region>
41	<code>95054</code>
42	<country ja:show="no">US</country>
43	</postal>
44	<phone>(408) 327-1901</phone>
45	<email>ams@terisa.com</email>
46	</address>
47	</author>
48	<date month="August" year="1999" />
49	<abstract>
50	<t>
51	<ja:pair>
52	<ja:l xml:lang="en">
53	This memo describes a syntax for embedding S-HTTP negotiation
54	parameters in HTML documents. S-HTTP, as described by
55	<ja:link type="rfc" number="2660" />, contains the concept of
56	negotiation headers which reflect the potential receiver of
57	a message's preferences as to which cryptographic enhancements
58	should be applied to the message. This document describes a
59	syntax for binding these negotiation parameters to HTML anchors.
60	</ja:l>
61	<ja:l xml:lang="ja">
62	$B$3$N%a%b$O!"(B HTML $BJ8=qCf$K(B S-HTTP
63	$B@^>W%Q%i%a!<%?!<$rKd$a9~$`9=J8$r@bL@$7$^$9!#(B
64	<ja:link type="rfc" number="2660" /> $B$G@bL@$5$l$F$$$k(B
65	S-HTTP $B$O!"$I$N0E9f3HD%$r%a%C%;!<%8$KE,MQ$9$k$+$N!"%a%C%;!<%8$N@x:_<u?.<T$N9%$_$rH?1G$9$k@^>WF,$N35G0$r4^$s$G$$$^$9!#$3$NJ8=q$O$3$l$i$N@^>W%Q%i%a!<%?!<$r(B
66	HTML $BIE$KG{$jIU$1$k9=J8$r@bL@$7$^$9!#(B
67	</ja:l>
68	</ja:pair>
69	</t>
70	</abstract>
71	</front>
72	<ja:front>
73	<author fullname="$B$o$+$P(B" ja:id="wakaba">
74	<address>
75	<email>w@suika.fam.cx</email>
76	<uri>http://suika.fam.cx/~wakaba/</uri>
77	</address>
78	</author>
79	<ja:change>
80	<ja:item year="2002" month="05" day="12">
81	<author ja:ref="wakaba" />
82	<t>$BF\|K\8l$KK]Lu!#(B</t>
83	</ja:item>
84	<ja:item year="2002" month="05" day="26">
85	<author ja:ref="wakaba" />
86	<t><ja:link type="rfc" number="2629" /> $B$G%^!<%/IU$1!#(B</t>
87	</ja:item>
88	</ja:change><!-- $Date: 2002/07/26 11:56:16 $ -->
89	</ja:front>
90	<middle>
91
92	<section title="Introduction">
93	<ja:note>
94	<t xml:lang="ja">$B86J8$G7gMn!#(B</t>
95	</ja:note>
96	</section>
97
98	<section title="Anchor Attributes" ja:title-ja="$BIEB0@-(B">
99	<t>
100	<ja:pair>
101	<ja:l xml:lang="en">
102	We define the following new anchor (and form submission) attributes:
103	</ja:l>
104	<ja:l xml:lang="ja">
105	$B<!$N?7$7$$IE(B ($B$H(B&ja.html.form;$BAw?.(B) $BB0@-$rDj5A$7$^$9!#(B
106	</ja:l>
107	</ja:pair>
108
109	<list style="hanging">
110	<t hangText="DN" ja:anchor="html-a-dn">
111	<ja:pair>
112	<ja:l xml:lang="en">
113	The distinguished name of the principal for whom the
114	request should be encrypted when dereferencing the anchor's url.
115	This need not be specified, but failure to do so runs the risk
116	that the client will be unable to determine the DN and therefore
117	will be unable to encrypt. This should be specified in the form
118	of <ja:link type="rfc" number="1485">RFC1485</ja:link>,
119	using SGML quoting conventions as needed.
120	</ja:l>
121	<ja:l xml:lang="ja">
122	$BIE$N(B url
123	$B$r(B&ja.dereference;$B$9$k;~$KMW5a$,0E9f2=$9$k$Y$-BP>]<T$N<1JL$5$l$?L>A0!#(B
124	$B$3$l$O;XDj$9$kI,MW$O$"$j$^$;$s$,!"(B&ja.network.client;$B$,(B DN
125	$B$r7hDj=PMh$:!"$R$$$F$O0E9f2=$b=PMh$J$/$J$k4m81$rKA$9$3$H$K$J$j$^$9!#(B
126	<ja:link type="rfc" number="1485" />
127	$B$N7A<0$G!"I,MW$K1~$8$F(B SGML
128	&ja.escape-quote;$BK!$r;H$C$F!";XDj$9$k$Y$-$G$9!#(B
129	</ja:l>
130	</ja:pair>
131	</t>
132	<t hangText="NONCE" ja:anchor="html-a-nonce">
133	<ja:pair>
134	<ja:l xml:lang="en">
135	A free-format string (appropriately SGML quoted) which
136	is to be included in a SHTTP-Nonce: header (after SGML quoting
137	is removed) when the anchor is dereferenced.
138	</ja:l>
139	<ja:l xml:lang="ja">
140	($BE,@Z$K(B SGML &ja.escape-quote;$B$7$?(B)
141	$B<+M37A<0J8;zNs$G!"IE$,(B&ja.dereference;$B$5$l$k;~$K(B
142	(SGML $B0zMQId$r>C$7$?8e$G(B) SHTTP-Nonce: $BF,$K4^$a$i$l$k$b$N!#(B
143	</ja:l>
144	</ja:pair>
145	</t>
146	<t hangText="CRYPTOPTS" ja:anchor="html-a-cryptopts">
147	<ja:pair>
148	<ja:l xml:lang="en">
149	Cryptographic option information as described in
150	<xref target="SHTTP" />. Specifically, the
151	<cryptopt-list> production.
152	</ja:l>
153	<ja:l xml:lang="ja">
154	<xref target="SHTTP" /> $B$G@bL@$5$l$?0E9f2=ABr;h>pJs!#6qBNE$K$O(B
155	<cryptopt-list>$B!#(B
156	</ja:l>
157	</ja:pair>
158	</t>
159	</list>
160	</t>
161
162	<section title="CERTS Element" ja:title-ja="CERTS $BMWAG(B"
163	anchor="html-certs">
164	<t>
165	<ja:pair>
166	<ja:l xml:lang="en">
167	A new CERTS HTML element is defined, which carries a
168	(not necessarily related) group of certificates provided
169	as advisory data. The element contents are not intended to be
170	displayed to the user. Certificate groups may be provided
171	appropriate for either PEM or PKCS-7 implementations. Such
172	certificates are supplied in the HTML document for the
173	convenience of the recipient, who might otherwise be unable
174	to retrieve the certificate (chain) corresponding to a DN
175	specified in an anchor.
176	</ja:l>
177	<ja:l xml:lang="ja">
178	$B?7$7$$(B CERTS $B$H$$$&(B HTML
179	$BMWAG$rDj5A$7$^$9!#$3$l$O(B&ja.crypt.advisory;$B%G!<%?$H$7$FDs6!$5$l$k>ZL@=q$N(B
180	($B4XO"$7$F$$$kI,MW$OL5$$(B)
181	$B72$r1?HB$7$^$9!#MWAG$NFbMF$OMxMQ<T$KDs<($9$k$3$H$rL\E*$H$7$F$O$$$^$;$s!#>ZL@=q72$O(B
182	PEM $B$+(B PKCS-7
183	$B$N<BAu$N$I$A$i$+E,@Z$JJ}$rDs6!$7$F9=$$$^$;$s!#$3$N>ZL@=q$O<u?.<T$NJX59$N$?$a$K(B
184	HTML
185	$BJ8=qCf$KF~$l$k$b$N$G$9$,!"F~$l$F$J$1$l$P(B<xref target="html-a-dn">$BIECf$N(B
186	DN</xref>
187	$B$KBP1~$9$k>ZL@=q(B($B:?(B)$B$r<h$j=P$9$3$H$,=PMh$J$$$+$b$7$l$^$;$s!#(B
188	</ja:l>
189	</ja:pair>
190	</t>
191
192	<t>
193	<ja:pair>
194	<ja:l xml:lang="en">
195	The format should be the same as that of the 'Certificate-Info'
196	header line, of <xref target="SHTTP" /> except that the
197	<Cert-Fmt> specifier should be provided as the FMT attribute
198	in the tag.
199	</ja:l>
200	<ja:l xml:lang="ja">
201	$B=q<0$O(B <xref target="SHTTP" /> $B$N(B 'Certificate-Info' $BF,$N$b$N$H!"(B
202	<Cert-Fmt> $B;XDj;R$r%?%0$N(B FMT $BB0@-$H$9$k$3$H$r=\|$$$FF10l$G$9!#(B
203	</ja:l>
204	</ja:pair>
205	</t>
206
207	<t>
208	<ja:pair>
209	<ja:l xml:lang="en">
210	Multiple CERTS elements are permitted; it is suggested that CERTS
211	elements themselves be included in the HTML document's HEAD
212	element (in the hope that the data will not be displayed by
213	S-HTTP oblivious but HTML compliant browsers.)
214	</ja:l>
215	<ja:l xml:lang="ja">
216	$BJ#?t$N(B CERTS $BMWAG$r;H$C$F$b9=$$$^$;$s!#(B CERTS $BMWAG<+BN$O(B HTML
217	$BJ8=q$N(B HEAD $BMWAGCf$K4^$a$k$3$H$r(B (S-HTTP $B$rCN$i$J$$$1$I(B HTML
218	$B$K$OE,9g$7$F$$$k(B&ja.html.browser;$B$,%G!<%?$rI=<($7$J$$$3$H$r4j$C$F(B)
219	$BDs0F$7$^$9!#(B
220	</ja:l>
221	</ja:pair>
222	</t>
223	</section>
224
225	<section title="CRYPTOPTS Element" ja:title-ja="CRYPTOPTS $BMWAG(B"
226	anchor="html-cryptopts">
227	<t>
228	<ja:pair>
229	<ja:l xml:lang="en">
230	Cryptopts may also be broken out into an element and referred
231	to in anchors by name. The NAME attribute specifies the name
232	by which this element may be referred to in a CRYPTOPTS
233	attribute in an anchor. Names must have a # as the leading
234	character.
235	</ja:l>
236	<ja:l xml:lang="ja">
237	&ja.crypt.cryptopts;$B$bMWAGCf$K8=$l$F(B,
238	$BIECf$GL>A0$r;H$C$F;2>H$5$l$k$3$H$,=PMh$^$9!#(B NAME
239	$BB0@-$O$3$NMWAG$,(B<xref target="html-a-cryptopts">$BIECf$N(B
240	CRYPTOPTS
241	$BB0@-(B</xref>$BCf$G;2>H$9$k$?$a$NL>A0$r;XDj$7$^$9!#L>A0$O@hF3J8;z$H$7$F(B
242	# $B$r;}$?$J$1$l$P$J$j$^$;$s!#(B
243	</ja:l>
244	</ja:pair>
245	</t>
246	</section>
247
248	<section title="HTML Example" ja:title-ja="HTML $B$NNc(B">
249	<figure>
250	<preamble>
251	<ja:pair>
252	<ja:l xml:lang="en">
253	An example of cryptographic data embedded in an anchor,
254	proceeded by a certificate group is provided below. Note the
255	SGML quoting syntax used to supply embedded quotation marks.
256	</ja:l>
257	<ja:l xml:lang="ja">
258	$BIE$KKd$a9~$^$l$?0E9f2=%G!<%?$K>ZL@=q72$,B3$/Nc$r<!$K5s$2$^$9!#$J$*!"(B
259	SGML &ja.escape-quote;$B9=J8$rKd$a9~$_0zMQId$K;H$C$F$$$^$9!#(B
260	</ja:l>
261	</ja:pair>
262	</preamble>
263
264	<!--
265	<ja:pair><ja:l xml:lang="en">
266	-->
267	<artwork xml:space="preserve"><![CDATA[<CERTS FMT=PKCS-7>
268	MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAM
269	IIBrTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAwH
270	gYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc
271	29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4MDIxODM4N
272	TdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0e
273	SwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZTEYMBYGA1UEA
274	xMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMy8Q
275	cW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamIDElX/qw9mIQu4xNj1FfepfJNx
276	zPvA0OtMKhy6+bkrlyMEU8CAwEAATANBgkqhkiG9w0BAQIFAANPAAYn7jDgi
277	rhiIL4wnP8nGzUisGSpsFsF4/7z2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d8
278	2H5+Ndfhi2mRp4YHiGHz0HlK6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANB
279	gkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhd
280	GEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2Vyd
281	GlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3M
282	jM1OTU5WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2Vjd
283	XJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTANB
284	gkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1FpI9tX
285	Q1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8nOkkuBi+A
286	QvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7xDdp49oZm9GoNc
287	PhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6Wqf430Xe9Et5+jgnM
288	Tiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFcmiin80RB8AAAMYAAAAAAA
289	AAAAA==
290	</CERTS>
291	<A name=foobar
292	DN="CN=Setec Astronomy, OU=Persona Certificate,
293	O="RSA Data Security, Inc.", C=US"
294	CRYPTOPTS="SHTTP-Privacy-Enhancements: recv-refused=encrypt;
295	SHTTP-Signature-Algorithms: recv-required=NIST-DSS"
296	HREF="shttp://research.nsa.gov/skipjack-holes.html">
297	Don't read this. </A>
298	]]></artwork>
299	<!--
300	</ja:l><ja:l xml:lang="ja">
301	<artwork xml:space="preserve"><![CDATA[<CERTS FMT=PKCS-7>
302	MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAM
303	IIBrTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAwH
304	gYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc
305	29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4MDIxODM4N
306	TdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0e
307	SwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZTEYMBYGA1UEA
308	xMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMy8Q
309	cW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamIDElX/qw9mIQu4xNj1FfepfJNx
310	zPvA0OtMKhy6+bkrlyMEU8CAwEAATANBgkqhkiG9w0BAQIFAANPAAYn7jDgi
311	rhiIL4wnP8nGzUisGSpsFsF4/7z2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d8
312	2H5+Ndfhi2mRp4YHiGHz0HlK6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANB
313	gkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhd
314	GEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2Vyd
315	GlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3M
316	jM1OTU5WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2Vjd
317	XJpdHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTANB
318	gkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1FpI9tX
319	Q1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8nOkkuBi+A
320	QvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7xDdp49oZm9GoNc
321	PhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6Wqf430Xe9Et5+jgnM
322	Tiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFcmiin80RB8AAAMYAAAAAAA
323	AAAAA==
324	</CERTS>
325	<A name=foobar
326	DN="CN=Setec $BE7J83X(B, OU=$B%Z%k%=%J>ZL@=q(B,
327	O="RSA Data Security, Inc.", C=US"
328	CRYPTOPTS="SHTTP-Privacy-Enhancements: recv-refused=encrypt;
329	SHTTP-Signature-Algorithms: recv-required=NIST-DSS"
330	HREF="shttp://research.nsa.gov/skipjack-holes.html">
331	$B$3$lFI$`$J!#(B</A>]]></artwork>
332	<ja:note>
333	$B$3$NNc(B($B$NLu(B)$B$O!"(B DN $BB0@-Cf$rLu$7$F$$$k$?$a!"(B RFC 1485
334	$B$KE,9g$7$^$;$s(B:-)
335	</ja:note>
336	</ja:l></ja:pair>
337	-->
338	</figure>
339	</section>
340	</section>
341
342	<section title="Security Considerations">
343	<t>
344	<ja:pair>
345	<ja:l xml:lang="en">
346	This entire document is about security.
347	</ja:l>
348	<ja:l xml:lang="ja">
349	$B$3$NJ8=qA4BN$,(B&ja.security;$B$K4X$7$F$NOC$G$9!#(B
350	</ja:l>
351	</ja:pair>
352	</t>
353	</section>
354
355	<ja:insert section="author-address" title-prefix="4. " />
356	<ja:insert section="references" title-prefix="5. " />
357	<ja:insert section="full-copyright" title-prefix="6. " />
358
359	</middle>
360	<back>
361
362	<references>
363	<reference anchor="SHTTP">
364	<front>
365	<title>The Secure HyperText Transfer Protocol</title>
366	<ja:title xml:lang="ja">$B0BA4(B&ja.html.hypertext;$BE>Aw(B&ja.protocol;</ja:title>
367	<author surname="Rescorla" initials="E." />
368	<author initials="A." surname="Schiffman" />
369	<date month="August" year="1999" />
370	</front>
371	<seriesInfo name="RFC" value="2660" />
372	</reference>
373	</references>
374
375	</back>
376	</rfc>