[Top] [All Lists]

Draft NIST S/MIME Profile available (Comment Period Extended)

2001-08-09 12:02:41


At yesterday's SMIME session at the London IETF, it was suggested that
NIST extend the deadline for comments on the Draft NIST S/MIME V3 Client
Profile.  Also, it was suggested that this notice be sent to the PKIX list
as well as the SMIME list. Thus, I am resending the announcement sent out
by Tim Polk on Monday, 2 July 2001 to the SMIME list.  The deadline for 
comments has been extended until 17 September 2001.

   Mike Chernick

---------Original Message Sent by Tim Polk to SMIME List on 2 July---------

I have attached below the announcement for a recently released NIST draft 
document concerning S/MIME V3.  The document is intended to define an 
appropriate subset of the S/MIME standards for broad application in the U.S. 
Federal Government.  NIST will be supporting this document through the 
development of an automated conformance testing tool.  We hope the deployment 
of this tool will ease the development of conformant S/MIME V3 clients!

We are very interested in comments from both developers and the user 
community.  Please take the time to review the draft profile and NIST's plans 
for the automated testing facility.  We would appreciate comments on the 
profile by 17 August 2001 (now extended to 17 September).  Please send  
comments to Mike Chernick (NIST's S/MIME project leader) at 

BTW, Mike will be presenting an overview of this project in the S/MIME WG 
during the London IETF meeting.  Both Mike and I will be there all week, and 
will be available to discuss this project.


Tim Polk


The U.S. National Institute of Standards and Technology (NIST) has recently 
released a draft S/MIME V3 Client Profile. This profile was produced as 
guidance in the development and procurement of commercial-off-the-shelf (COTS) 
S/MIME-compliant products. This profile document identifies requirements for a 
secure and interoperable S/MIME V3 client implementation. The profile cites 
requirements for sending and receiving both signed and encrypted messages, as 
well as requirements for signed receipt processing.

Although the S/MIME specifications were designed to promote interoperable 
secure electronic mail, implementations may support different optional services
and the specifications may unintentionally allow multiple interpretations. As a
result, different implementations of S/MIME may not be fully interoperable or 
provide the desired level of security. Conformance to this proposed profile 
will help to assure that S/MIME implementations will be able to interoperate 
and provide reasonable security assurance to users.

The Draft Profile is available (in PDF format) for public comment at:

Comments are requested by (**was 17 August 2001**) *****NOW EXTENDED TO 
17 September 2001***** and should be sent to chernick(_at_)nist(_dot_)gov(_dot_)

NIST is developing tests and testing tools to determine the level of 
conformance of an S/MIME V3 client implementation with this profile. It is 
planned that within the next several months, NIST will have a remote testing 
facility on-line which will allow S/MIME V3 messages to be sent to the NIST 
test site for processing to determine if the remotely generated messages 
conform to the profile. In addition, messages may be sent to the test site to 
cause the NIST site to emit S/MIME V3 messages so that a remote system may 
receive S/MIME V3 messages, and verify that remote system can process the 
messages correctly.

Further information on the NIST S/MIME Program may be obtained at or by
contacting Michael Chernick  at <chernick(_at_)nist(_dot_)gov>.

C. Michael Chernick
+1-301-975-3610   chernick(_at_)nist(_dot_)gov
Computer Security Division 
National Institute of Standards and Technology (NIST)


<Prev in Thread] Current Thread [Next in Thread>
  • Draft NIST S/MIME Profile available (Comment Period Extended), C Michael Chernick <=