FYI,
I have attached below the announcement for a recently released NIST draft
document concerning S/MIME V3. The document is intended to define an
appropriate subset of the S/MIME standards for broad application in the
U.S. Federal Government. NIST will be supporting this document through the
development of an automated conformance testing tool. We hope the
deployment of this tool will ease the development of conformant S/MIME V3
clients!
We are very interested in comments from both developers and the user
community. Please take the time to review the draft profile and NIST's
plans for the automated testing facility. We would appreciate comments on
the profile by 17 August 2001. Please send comments to Mike Chernick
(NIST's S/MIME project leader) at <chernick(_at_)nist(_dot_)gov>.
BTW, Mike will be presenting an overview of this project in the S/MIME WG
during the London IETF meeting. Both Mike and I will be there all week,
and will be available to discuss this project.
Thanks!
Tim Polk
----------------------
The U.S. National Institute of Standards and Technology (NIST) has recently
released a draft S/MIME V3 Client Profile. This profile was produced as
guidance in the development and procurement of commercial-off-the-shelf
(COTS) S/MIME-compliant products. This profile document identifies
requirements for a secure and interoperable S/MIME V3 client
implementation. The profile cites requirements for sending and receiving
both signed and encrypted messages, as well as requirements for signed
receipt processing.
Although the S/MIME specifications were designed to promote interoperable
secure electronic mail, implementations may support different optional
services and the specifications may unintentionally allow multiple
interpretations. As a result, different implementations of S/MIME may not
be fully interoperable or provide the desired level of security.
Conformance to this proposed profile will help to assure that S/MIME
implementations will be able to interoperate and provide reasonable
security assurance to users.
The Draft Profile is available (in PDF format) for public comment at:
http://csrc.ncsl.nist.gov/pki/smime/draft_SMIMEProfile.pdf
Comments are requested by 17 August 2001 and should be sent to
chernick(_at_)nist(_dot_)gov(_dot_)
NIST is developing tests and testing tools to determine the level of
conformance of an S/MIME V3 client implementation with this profile. It is
planned that within the next several months, NIST will have a remote
testing facility on-line which will allow S/MIME V3 messages to be sent to
the NIST test site for processing to determine if the remotely generated
messages conform to the profile. In addition, messages may be sent to the
test site to cause the NIST site to emit S/MIME V3 messages so that a
remote system may receive S/MIME V3 messages, and verify that remote system
can process the messages correctly.
Further information on the NIST S/MIME Program may be obtained at
http://csrc.ncsl.nist.gov/pki/smime/welcome.htm or by contacting Michael
Chernick at <chernick(_at_)nist(_dot_)gov>.