CMS no longer includes any mandatory to implement algorithms. This was
done so that each application could assign the best algorithms for their
For S/MIME version 3.1, the mandatory to implement encryption algorithm is
Triple-DES. I do not expect this to change. However, there has been
discussion about making AES a SHOULD implement algorithm. The "Use of AES
with CMS" specification is finally nearly finished. This is intended to
send a message to implementors that AES will probably become a MUST
implement algorithm in the future. At that time, AES would become MUST and
Triple-DES would become SHOULD (to preserve interoperability with old
At 06:50 PM 3/4/2003 -0500, Peterson, Jon wrote:
I'm glad that the draft is some of interest to this WG, since we could
probably use some advice from the S/MIME experts on our direction.
This document proposes to profile S/MIME for SIP, specifically by exchanging
the mandatory Triple-DES encryption algorithm requirement for AES. Some of
the reasons why AES would be a better fit for SIP are given in the draft.
There is, however, some concern that this might lead to non-interoperability
with standard S/MIME stacks, and so on.
I see that rfc2633bis 2.7 makes Triple-DES mandatory. Is it likely that
S/MIME down the road will require AES? Does the proposal in this draft seem
like a wrong-headed profile to this WG?
> -----Original Message-----
> From: Paul Hoffman / IMC [mailto:phoffman(_at_)imc(_dot_)org]
> Sent: Tuesday, March 04, 2003 10:15 AM
> To: ietf-smime(_at_)imc(_dot_)org
> Subject: Fwd: I-D ACTION:draft-ietf-sip-smime-aes-00.txt
> Of interest to this WG...
> >To: IETF-Announce: ;
> >Cc: sip(_at_)ietf(_dot_)org
> >From: Internet-Drafts(_at_)ietf(_dot_)org
> >Reply-to: Internet-Drafts(_at_)ietf(_dot_)org
> >Subject: I-D ACTION:draft-ietf-sip-smime-aes-00.txt
> >Date: Thu, 27 Feb 2003 07:45:27 -0500
> >Sender: owner-ietf-announce(_at_)ietf(_dot_)org
> >A New Internet-Draft is available from the on-line Internet-Drafts
> >This draft is a work item of the Session Initiation Protocol Working
> >Group of the IETF.
> > Title : S/MIME AES Requirement for SIP
> > Author(s) : J. Peterson
> > Filename : draft-ietf-sip-smime-aes-00.txt
> > Pages : 6
> > Date : 2003-2-26
> >RFC3261 currently specifies 3DES as the required minimum ciphersuite
> >for implementations of S/MIME in SIP. This document updates the
> >normative guidance of RFC3261 to require the Advanced Encryption
> >Standard (AES) for S/MIME.
> >A URL for this Internet-Draft is:
> >To remove yourself from the IETF Announcement list, send a message to
> >ietf-announce-request with the word unsubscribe in the body
> of the message.
> >Internet-Drafts are also available by anonymous FTP. Login
> with the username
> >"anonymous" and a password of your e-mail address. After logging in,
> >type "cd internet-drafts" and then
> > "get draft-ietf-sip-smime-aes-00.txt".
> >A list of Internet-Drafts directories can be found in
> >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> >Internet-Drafts can also be obtained by e-mail.
> >Send a message to:
> > mailserv(_at_)ietf(_dot_)org(_dot_)
> >In the body type:
> > "FILE /internet-drafts/draft-ietf-sip-smime-aes-00.txt".
> >NOTE: The mail server at ietf.org can return the document in
> > MIME-encoded form by using the "mpack" utility. To use this
> > feature, insert the command "ENCODING mime" before the "FILE"
> > command. To decode the response(s), you will need "munpack" or
> > a MIME-compliant mail reader. Different MIME-compliant
> mail readers
> > exhibit different behavior, especially when dealing with
> > "multipart" MIME messages (i.e. documents which have been split
> > up into multiple messages), so check your local documentation on
> > how to manipulate these messages.
> >Below is the data which will enable a MIME compliant mail reader
> >implementation to automatically retrieve the ASCII version of the
> >[The following attachment must be fetched by mail. Command-click the
> >URL below and send the resulting message to get the attachment.]
>[The following attachment must be fetched by ftp. Command-click the
>URL below to ask your ftp client to fetch it.]