There have been many things that might have happened that got called S/MIME
3. After RSA released the name, all of those fell away, since what's
important is what happens in the working group that will hopefully be
formed. RSA played it a bit loose as to what S/MIME 3 would be, but we
don't have to any longer. :-)
However, there are three separate processes at work here, and I don't
understand the relationship between them:
There is one process here: the formation of the working group. The other
groups are no longer working on any variants of S/MIME 3.
1. What is the "message syntax specification" listed above for October 97?
"Son of PKCS#7 v1.5", a.k.a. "PKCS#7 v1.7"? "PKCS#7 v2"?
Something else?
"Son of PKCS#7 v1.5", a.k.a. "PKCS#7 v1.7". We'll start with PKCS #7 1.5
and make as few changes to it as are needed to have algorithm independence.
This will *not* be called PKCS#7 v1.7, but will in fact have a name that we
come up with ourselves. The PKCS#7 v2 work will continue to happen on the
PKCS-TNG mailing list and is not related to the work we're doing here.
2. Will IETF-S/MIME v3 refer to PKCS#7 v2 before becoming a Proposed Standard
in Jan 98?
No. It will refer to our "Son of". The primary reason for this is that the
PKCS #7 v2 work is going to be completely incompatible with v1.5; "Son of"
will be a minor change and therefore much easier for S/MIME implementors to
use quickly. RSADSI estimates that PKCS#7 v2 won't be done until next summer.
3. If not 2, will IETF-S/MIME ever be based on PKCS#7 v2?
That's up to the working group. We can't really commit to it until we see
it. I believe that we should put wording into the document that tells
implementors to look at the version number, so we won't prevent v2 when it
appears, but we can't decide until it's published.
4. If not 3, what purpose is served by continuing to develop PKCS#7 to v2
and beyond, and encouraging it to use techniques compatible with the
MSP-S/MIME work?
There are non-IETF groups that want some of the changes in v2. PKCS is up
to RSA; S/MIME is up to what will hopefully be this IETF working group.
5. Will PKCS#7 v2 be submitted to the IETF in any form (Informational
or Standards Track), in any forum (IETF-S/MIME or elsewhere)?
Only RSA can commit that. It seems likely that they'll at least submit it
as an informational RFC, as they did v1.5, but there's no commitment yet
(nor should there be, given how early the v2 work is).
--Paul Hoffman, Director
--Internet Mail Consortium