Please review and comment.
= = = = = = = = = = =
S/MIME Mail Security (smime)
Russ Housley <housley(_at_)spyrus(_dot_)com>
Security Area Director:
Jeffrey Schiller <jis(_at_)mit(_dot_)edu>
Marcus Leech <mleech(_at_)nortel(_dot_)ca>
General Discussion: ietf-smime(_at_)imc(_dot_)org
To Subscribe: ietf-smime-request(_at_)imc(_dot_)org
Description of Working Group:
The S/MIME Working Group has completed five Proposed Standards that
comprise the S/MIME version 3 specification. Current efforts build
on these base specifications.
The use of Diffie-Hellman Key Agreement as the mandatory to implement
key establishment mechanism may expose some implementations to
vulnerabilities based on "small subgroup" attacks. An informational
document will be prepared describing techniques that can be used to
avoid these attacks.
The Cryptographic Message Syntax (CMS) is cryptographic algorithm
independent, yet there is always more than one way to use any algorithm.
To ensure interoperability, each algorithm should have a specification
that describes its use with CMS. Specifications for the use of additional
cryptographic algorithms will be developed. An additional suite of
"mandatory to implement" algorithms may be selected.
To aid implementers, documents containing example output for CMS will
be collected and published. Some of the examples will include structures
and signed attributed defined in the Enhanced Security Services (ESS)
Current methods of publishing certificates in the Directory do not
allow the inclusion of secondary support information such as the
SMimeCapabilities attribute. A method of publishing certificates
along with authenticated secondary support information will be
In some situations it would be advantageous for the CMS RecipientInfo
structure to support additional key management techniques, including
cryptographic keys derived from passwords. A mechanism to facilitate
the definition of additional key management techniques will be defined.
Compressing data before encrypting it or signing it has a number of
advantages. Compression improves security by removing known data
patterns, improves throughput by reducing the amount of data which needs
to be encrypted or hashed, and reduces the overall message size. Enabling
S/MIME version 3 to use compressed will provide all of these advantages.
S/MIME version 3 permits the use of previously distributed symmetric
key-encryption keys. Specifications for the distribution of
symmetric key-encryption keys to mmultiple message recipients will
be developed. Mail List Agents (MLAs) are one user of symmetric
key-encryption keys. The specification will be cryptographic
S/MIME version 3 supports security labels. Specifications that show
how this feature can be used to implement an organizational security
policy will be developed. Security policies from large organizations
will be used as examples.
S/MIME version 3 can be used to protect electronic mail to and from a
domain. In such an environment, S/MIME v3 processing is performed by
message transfer agents, guards, and gateways in order to provide
"Domain Security Services." Mechanisms are needed to solve a number of
interoperability problems and technical limitations that arise when
domains supporting different security policies wish to interoperate.
The S/MIME Working Group will attempt to coordinate its efforts with the
OpenPGP Working Group in areas where the work of the two groups overlap.
Goals and Milestones:
First draft of small subgroup attack avoidance.
First draft of certificate distribution specification.
First draft of domain security services document.
First draft of CMS and ESS examples document.
First draft of KEA and SKIPJACK algorithm specification.
First draft of IDEA algorithm specification.
First draft of CMS RecipientInfo extension.
First draft of CAST algorithm specification.
First draft of security label usage specification.
First draft of elliptic curve algorithm specification.
First draft of CMS compressed data content type specification.
Last call on certificate distribution specification.
First draft of mail list key distribution.
Updated draft of domain security services document.
Last call on CAST algorithm specification.
Last call on small subgroup attack avoidance.
Last call on KEA and SKIPJACK algorithm specification.
Submit small subgroup attack avoidance as Informational RFC.
Submit KEA and SKIPJACK algorithm specification as Informational RFC.
Last call on CMS and ESS examples document.
Last call on IDEA algorithm specification.
Last call on CMS RecipientInfo extension.
Last call on security label usage specification.
Last call on mail list key distribution.
Last call on CMS compressed data content type specification.
Submit certificate distribution specification as a Proposed Standard.
Last call on elliptic curve algorithm specification.
Submit CAST algorithm specification as Informational RFC.
Submit CMS and ESS examples document as Informational RFC.
Submit IDEA algorithm specification as Informational RFC.
Submit CMS RecipientInfo extension as a Proposed Standard.
Submit mail list key distribution as a Proposed Standard.
Submit CMS compressed data content type specification as a Proposed
Submit elliptic curve algorithm specification as a Proposed Standard.
Submit security label usage specification as Informational RFC.
Last call on domain security services document.
Submit domain security services as Experimental RFC.