ietf-smime
[Top] [All Lists]

Updated Charter Revision

1999-07-19 06:24:33
I have finally taken all of the comments that I received in e-mail and at the Oslo meeting.and combined them with stuff that I made up out of thin air. Here is the updateded revised charter. Please comment by 25 July 1999.

Russ

= = = = = = = = = =


S/MIME Mail Security (smime)

Chair:
     Russ Housley <housley(_at_)spyrus(_dot_)com>

Security Area Director:
     Jeffrey Schiller <jis(_at_)mit(_dot_)edu>
     Marcus Leech <mleech(_at_)nortel(_dot_)ca>

Mailing Lists:
     General Discussion: ietf-smime(_at_)imc(_dot_)org
     To Subscribe:       ietf-smime-request(_at_)imc(_dot_)org
     Archive:            http://www.imc.org/ietf-smime/

Description of Working Group:

The S/MIME Working Group has completed five Proposed Standards that
comprise the S/MIME version 3 specification.  Current efforts build
on these base specifications.

The use of Diffie-Hellman Key Agreement as the mandatory to implement
key establishment mechanism may expose some implementations to
vulnerabilities based on "small subgroup" attacks.  An informational
document will be prepared describing techniques that can be used to
avoid these attacks.

The Cryptographic Message Syntax (CMS) is cryptographic algorithm
independent, yet there is always more than one way to use any algorithm.
To ensure interoperability, each algorithm should have a specification
that describes its use with CMS.  Specifications for the use of additional
cryptographic algorithms will be developed.  An additional suite of
"mandatory to implement" algorithms may be selected.

To aid implementers, documents containing example output for CMS will
be collected and published.  Some of the examples will include structures
and signed attributed defined in the Enhanced Security Services (ESS)
document.

Current methods of publishing certificates in the Directory do not
allow the inclusion of secondary support information such as the
SMimeCapabilities attribute.  A method of publishing certificates
along with authenticated secondary support information will be
defined.

In some situations it would be advantageous for the CMS RecipientInfo
structure to support additional key management techniques, including
cryptographic keys derived from passwords.  A mechanism to facilitate
the definition of additional key management techniques will be defined.

S/MIME version 3 permits the use of previously distributed symmetric
key-encryption keys.  Specifications for the distribution of
symmetric key-encryption keys to mmultiple message recipients will
be developed.  Mail List Agents (MLAs) are one user of symmetric
key-encryption keys.  The specification will be cryptographic
algorithm independent.

S/MIME version 3 supports security labels.  Specifications that show
how this feature can be used to implement an organizational security
policy will be developed.  Security policies from large organizations
will be used as examples.

S/MIME version 3 can be used to protect electronic mail to and from a
domain.  In such an environment, S/MIME v3 processing is performed by
message transfer agents, guards, and gateways in order to provide
"Domain Security Services."  Mechanisms are needed to solve a number of
interoperability problems and technical limitations that arise when
domains supporting different security policies wish to interoperate.

The S/MIME Working Group will attempt to coordinate its efforts with the
OpenPGP Working Group in areas where the work of the two groups overlap.


Goals and Milestones:

History:
     First draft of small subgroup attack avoidance.
     First draft of certificate distribution specification.
     First draft of domain security services document.
     First draft of CMS and ESS examples document.
     First draft of KEA and SKIPJACK algorithm specification.
     First draft of IDEA algorithm specification.

July 1999:
     First draft of CMS RecipientInfo extension.
     First draft of security label usage specification.

August 1999:
     First draft of CAST algorithm specification.
     Last call on small subgroup attack avoidance.
     Last call on KEA and SKIPJACK algorithm specification.

September 1999:
     First draft of mail list key distribution.
     Last call on certificate distribution specification.

November 1999:
     Updated draft of domain security services document.
     Last call on CAST algorithm specification.
     Last call on security label usage specification.
     Submit small subgroup attack avoidance as Informational RFC.
     Submit KEA and SKIPJACK algorithm specification as Informational RFC.

December 1999:
     Last call on CMS and ESS examples document.
     Last call on IDEA algorithm specification.
     Last call on CMS RecipientInfo extension.

January 2000:
     Last call on mail list key distribution.
     Submit certificate distribution specification as a Proposed Standard.

February 2000:
     Submit CAST algorithm specification as Informational RFC.
     Submit security label usage specification as Informational RFC.

March 2000:
     Submit CMS and ESS examples document as Informational RFC.
     Submit IDEA algorithm specification as Informational RFC.
     Submit CMS RecipientInfo extension as a Proposed Standard.
     Submit mail list key distribution as a Proposed Standard.

July 2000:
     Last call on domain security services document.

September 2000:
     Submit domain security services as Experimental RFC.



<Prev in Thread] Current Thread [Next in Thread>
  • Updated Charter Revision, Russ Housley <=