ietf-smime
[Top] [All Lists]

Draft NIST S/MIME Profile available

2001-07-02 14:02:47

FYI,

I have attached below the announcement for a recently released NIST draft document concerning S/MIME V3. The document is intended to define an appropriate subset of the S/MIME standards for broad application in the U.S. Federal Government. NIST will be supporting this document through the development of an automated conformance testing tool. We hope the deployment of this tool will ease the development of conformant S/MIME V3 clients!

We are very interested in comments from both developers and the user community. Please take the time to review the draft profile and NIST's plans for the automated testing facility. We would appreciate comments on the profile by 17 August 2001. Please send comments to Mike Chernick (NIST's S/MIME project leader) at <chernick(_at_)nist(_dot_)gov>.

BTW, Mike will be presenting an overview of this project in the S/MIME WG during the London IETF meeting. Both Mike and I will be there all week, and will be available to discuss this project.

Thanks!

Tim Polk


----------------------

The U.S. National Institute of Standards and Technology (NIST) has recently released a draft S/MIME V3 Client Profile. This profile was produced as guidance in the development and procurement of commercial-off-the-shelf (COTS) S/MIME-compliant products. This profile document identifies requirements for a secure and interoperable S/MIME V3 client implementation. The profile cites requirements for sending and receiving both signed and encrypted messages, as well as requirements for signed receipt processing.

Although the S/MIME specifications were designed to promote interoperable secure electronic mail, implementations may support different optional services and the specifications may unintentionally allow multiple interpretations. As a result, different implementations of S/MIME may not be fully interoperable or provide the desired level of security. Conformance to this proposed profile will help to assure that S/MIME implementations will be able to interoperate and provide reasonable security assurance to users.

The Draft Profile is available (in PDF format) for public comment at: http://csrc.ncsl.nist.gov/pki/smime/draft_SMIMEProfile.pdf

Comments are requested by 17 August 2001 and should be sent to chernick(_at_)nist(_dot_)gov(_dot_)

NIST is developing tests and testing tools to determine the level of conformance of an S/MIME V3 client implementation with this profile. It is planned that within the next several months, NIST will have a remote testing facility on-line which will allow S/MIME V3 messages to be sent to the NIST test site for processing to determine if the remotely generated messages conform to the profile. In addition, messages may be sent to the test site to cause the NIST site to emit S/MIME V3 messages so that a remote system may receive S/MIME V3 messages, and verify that remote system can process the messages correctly.

Further information on the NIST S/MIME Program may be obtained at
http://csrc.ncsl.nist.gov/pki/smime/welcome.htm or by contacting Michael Chernick at <chernick(_at_)nist(_dot_)gov>.






<Prev in Thread] Current Thread [Next in Thread>
  • Draft NIST S/MIME Profile available, Tim Polk <=