[Top] [All Lists]

RE: I-D ACTION:draft-ietf-sip-smime-aes-00.txt

2003-03-10 16:29:46


CMS no longer includes any mandatory to implement algorithms. This was done so that each application could assign the best algorithms for their environment.

For S/MIME version 3.1, the mandatory to implement encryption algorithm is Triple-DES. I do not expect this to change. However, there has been discussion about making AES a SHOULD implement algorithm. The "Use of AES with CMS" specification is finally nearly finished. This is intended to send a message to implementors that AES will probably become a MUST implement algorithm in the future. At that time, AES would become MUST and Triple-DES would become SHOULD (to preserve interoperability with old algorithms).


At 06:50 PM 3/4/2003 -0500, Peterson, Jon wrote:

I'm glad that the draft is some of interest to this WG, since we could
probably use some advice from the S/MIME experts on our direction.

This document proposes to profile S/MIME for SIP, specifically by exchanging
the mandatory Triple-DES encryption algorithm requirement for AES. Some of
the reasons why AES would be a better fit for SIP are given in the draft.
There is, however, some concern that this might lead to non-interoperability
with standard S/MIME stacks, and so on.

I see that rfc2633bis 2.7 makes Triple-DES mandatory. Is it likely that
S/MIME down the road will require AES? Does the proposal in this draft seem
like a wrong-headed profile to this WG?

Jon Peterson
NeuStar, Inc.

> -----Original Message-----
> From: Paul Hoffman / IMC [mailto:phoffman(_at_)imc(_dot_)org]
> Sent: Tuesday, March 04, 2003 10:15 AM
> To: ietf-smime(_at_)imc(_dot_)org
> Subject: Fwd: I-D ACTION:draft-ietf-sip-smime-aes-00.txt
> Of interest to this WG...
> >To: IETF-Announce: ;
> >Cc: sip(_at_)ietf(_dot_)org
> >From: Internet-Drafts(_at_)ietf(_dot_)org
> >Reply-to: Internet-Drafts(_at_)ietf(_dot_)org
> >Subject: I-D ACTION:draft-ietf-sip-smime-aes-00.txt
> >Date: Thu, 27 Feb 2003 07:45:27 -0500
> >Sender: owner-ietf-announce(_at_)ietf(_dot_)org
> >
> >
> >
> >A New Internet-Draft is available from the on-line Internet-Drafts
> >directories.
> >This draft is a work item of the Session Initiation Protocol Working
> >Group of the IETF.
> >
> >     Title           : S/MIME AES Requirement for SIP
> >     Author(s)       : J. Peterson
> >     Filename        : draft-ietf-sip-smime-aes-00.txt
> >     Pages           : 6
> >     Date            : 2003-2-26
> >
> >RFC3261 currently specifies 3DES as the required minimum ciphersuite
> >for implementations of S/MIME in SIP.  This document updates the
> >normative guidance of RFC3261 to require the Advanced Encryption
> >Standard (AES) for S/MIME.
> >
> >A URL for this Internet-Draft is:
> >
> >
> >To remove yourself from the IETF Announcement list, send a message to
> >ietf-announce-request with the word unsubscribe in the body
> of the message.
> >
> >Internet-Drafts are also available by anonymous FTP. Login
> with the username
> >"anonymous" and a password of your e-mail address. After logging in,
> >type "cd internet-drafts" and then
> >     "get draft-ietf-sip-smime-aes-00.txt".
> >
> >A list of Internet-Drafts directories can be found in
> >
> >or
> >
> >
> >Internet-Drafts can also be obtained by e-mail.
> >
> >Send a message to:
> >     mailserv(_at_)ietf(_dot_)org(_dot_)
> >In the body type:
> >     "FILE /internet-drafts/draft-ietf-sip-smime-aes-00.txt".
> >
> >NOTE:        The mail server at can return the document in
> >     MIME-encoded form by using the "mpack" utility.  To use this
> >     feature, insert the command "ENCODING mime" before the "FILE"
> >     command.  To decode the response(s), you will need "munpack" or
> >     a MIME-compliant mail reader.  Different MIME-compliant
> mail readers
> >     exhibit different behavior, especially when dealing with
> >     "multipart" MIME messages (i.e. documents which have been split
> >     up into multiple messages), so check your local documentation on
> >     how to manipulate these messages.
> >
> >
> >Below is the data which will enable a MIME compliant mail reader
> >implementation to automatically retrieve the ASCII version of the
> >Internet-Draft.
> >
> >
> >[The following attachment must be fetched by mail. Command-click the
> >URL below and send the resulting message to get the attachment.]
> ><mailto:mailserv(_at_)ietf(_dot_)org?body=ENCODING%20mime%0D%0AFILE%20/i
>[The following attachment must be fetched by ftp.  Command-click the
>URL below to ask your ftp client to fetch it.]

<Prev in Thread] Current Thread [Next in Thread>