I have finally taken all of the inputs that I received and combined them
with stuff that I made up out of thin air. I had to do this because not
everyone sent in information about their plans.
Anyway, here is my proposed revised charter. Please comment.
= = = = = = = = = =
S/MIME Mail Security (smime)
Russ Housley <housley(_at_)spyrus(_dot_)com>
Security Area Director:
Jeffrey Schiller <jis(_at_)mit(_dot_)edu>
Marcus Leech <mleech(_at_)nortel(_dot_)ca>
General Discussion: ietf-smime(_at_)imc(_dot_)org
To Subscribe: ietf-smime-request(_at_)imc(_dot_)org
Description of Working Group:
The S/MIME Working Group has completed five Proposed Standards that
comprise the S/MIME version 3 specification. Current efforts build
on these base specifications.
The use of Diffie-Hellman Key Agreement as the mandatory to implement
key establishment mechanism may expose some implementations to
vulnerabilities based on "small subgroup" attacks. An informational
document will be prepared describing techniques that can be used to
avoid these attacks.
The Cryptographic Message Syntax (CMS) is cryptographic algorithm
independent, yet there is always more than one way to use any algorithm.
To ensure interoperability, each algorithm should have a specification
that decribes its use with CMS. Specifications for the use of optional
cryptographic algorithms will be developed.
To aid implementers, documents containing example output for CMS will
be collected and published. Some of the examples will include structures
and signed attributed defined in the Extended Security Services (ESS)
Current methods of publishing certificates in the Directory do not
allow the inclusion of secondary support information such as the
SMimeCapabilities attribute. A method of publishing certificates
along with authenticated secondary support information will be
In some situations it would be advantageous for the CMS RecipiontInfo
structure to support additional key management techniques, including
cryptographic keys derived from passwords. A mechanism to facilitate
the definition of additional key management techniques will be defined.
S/MIME version 3 supports encrypted mail lists. Specifications for the
distribution of symmetric mail list keys to mail list agents (MLAs) and
message recipients will be developed. The specification will be
cryptographic algorithm independent.
S/MIME version 3 supports security labels. Specifications that show
how this feature can be used to implement an organizational security
policy will be developed. Security policies from large corporations will
be used as examples.
S/MIME version 3 can be used to protect electronic mail to and from a
domain. In such an environment, S/MIME v3 processing is performed by
message transfer agents, guards, and gateways in order to provide
"Domain Security Services." Mechanisms are needed to solve a number of
interoperability problems and technical limitations that arise when
domains supporting different security policies wish to interoperate.
The S/MIME Working Group will attempt to coordinate its efforts with the
OpenPGP Working Group in areas where the work of the two groups overlap.
Goals and Milestones:
First draft of small subgroup attack avoidance.
First draft of certificate distribution specification.
First draft of domain security services document.
First draft of CMS and ESS examples document.
First draft of KEA and SKIPJACK algorithm specification.
First draft of IDEA algorithm specification.
First draft of security label usage specification.
Last call on small subgroup attack avoidance.
Last call on KEA and SKIPJACK algorithm specification.
First draft of CMS RecipiontInfo extension.
First draft of mail list key distribution.
Last call on certificate distribution specification.
Updated draft of domain security services document.
Last call on security label usage specification.
Submit small subgroup attack avoidance as Informational RFC.
Submit KEA and SKIPJACK algorithm specification as Informational RFC.
Last call on CMS and ESS examples document.
Last call on IDEA algorithm specification.
Last call on CMS RecipiontInfo extension.
Last call on mail list key distribution.
Submit certificate distribution specification as a Proposed Standard.
Submit security label usage specification as Informational RFC.
Submit CMS and ESS examples document as Informational RFC.
Submit IDEA algorithm specification as Informational RFC.
Submit CMS RecipiontInfo extension as a Proposed Standard.
Submit mail list key distribution as a Proposed Standard.
Last call on domain security services document.
Submit domain security services as Experimental RFC.