The IESG has approved the Internet-Draft 'Reuse of CMS Content
Encryption Keys' <draft-ietf-smime-rcek-04.txt> as a Proposed
Standard. This document is the product of the S/MIME Mail Security
Working Group. The IESG contact persons are Jeffrey Schiller and
Marcus Leech.
Technical Summary
SMIME's Cryptographic Message Syntax (CMS) provides a way to use
public key cryptography to encrypt a symmetric key which in turn is
used to encrypt the content of the message.
There are applications where two parties may need to exchange
multiple messages and wish to avoid the overhead of the public key
operation (public key cryptography is much more computationally
expensive then symmetric algorithms).
This document defines a secure way of labeling the symmetric key
(called the Content Encryption Key or CEK) in a message such that it
may be used as a Key Encrypting Key (KEK) for a later message.
This technique is not advisable for just any application and the
document explains where it makes sense and where it doesn't.
Working Group Summary
The S/MIME Working Group came to consensus on this document.
Protocol Quality
This protocol was reviewed for the IESG by Jeffrey I. Schiller.