Here are the minutes for the San Fransico meeting.
Minutes for the S/MIME Meeting
March 18, 2003
Agenda: Russ Housley covered the agenda for the meeting. No changes
Working Group Status: Russ Housley covered the status of the active
documents in the working group. The documents that have changed status
since the last meeting are:
Published as an RFC:
- RFC 3394 Advanced Encryption Standard (AES) Key Wrap Algorithm.
RFC Editors Queue:
- symkeydist CMS Symmetric Key Management and Distribution
With the IESG:
- Use of the RSAES-OAEP Transport Algorithm in CMS
- Transporting S/MIME Objects in X.400
- Securing X.400 Content with S/MIME
- Wrapping an HMAC key with a Triple-DES Key or an AES Key
- Use of the AES Encryption Algorithm in CMS.
Progression to Draft Standard: Need to have two interoperable
implementations (see report below) and all referenced documents advance
to Draft Standard. For CMS to advance this means RFC 3280 (Certificate
Profile) and RFC 3281 (V3 Attribute Certificate Profile) need to advance
Russ then resigned as the chair of the S/MIME working group due to his
promotion to the position of Security Area Director on the IESG. The
new co-chairs of the working group are Blake Ramsdell
(blake(_at_)brutesquadlabs(_dot_)com) and Sean Turner
and Sean chaired the balance of the meeting.
Message Update and Certificate Update Drafts: Blake Ramsdell gave a
presentation on the progress of these two documents. The message draft
has had a number of small changes between the -02 and -03 drafts. The
document was put into working group last call after the last meeting.
The comments on the list have not yet been incorporated into a published
draft but that should be done soon. The certificate draft has had some
minor changes in the extended key usage description and should go into
working group last call in the near future.
Examples Draft: Paul Hoffman said that there have been some new
examples submitted for the draft; however these contained some personal
email addresses so Paul has asked that they be regenerated. Areas of
the document that do not currently have examples have been removed.
When the new examples are placed in the document it should be ready for
working group last call.
CMS Interoperability Status: Jim Schaad stated that advancement has
been made since the last meeting for CMS interoperability. Four items
need to be tested, but implementers have been found for SignedData. The
document describing the results of the interoperability testing has been
started. This document should be ready for publishing before the next
meeting. During the process of developing the matrix an error was
discovered in the CMS ASN.1 module, an update has been submitted to the
RFC Editor to supply the missing OIDs from the module. Eventually, an
update to the RFC will be needed, perhaps when the document progresses
to Draft Standard.
RSA PSS: Jim Schaad presented two issues with the RSA PSS draft. The
first dealt with whether the key identifier and signature identifier
should use the existing OIDs or whether new ones should be assigned. The
second dealt with PSS parameter comparisons. Paul Hoffman raised a
concert about the reason for having the PSS draft, a second signature
algorithm (DSS) is already documented by the working group. Russ
Housley and others indicated that having a backup was the main reason,
and this permitted a backup within the RSA family of algorithms. Blake
Ramsdell then raised a concern over whether the working group is going
to become a location for anybody to create a document for their favorite
algorithm. Russ Housley indicated that this was within the scope of the
group's charter. If interested in the RSA PSS outcome working group
members are directed to comment on the PKIX mailing list
SIP and SIPPING: Rohan Mahy, one of the co-chairs for the SIP working
group, gave a presentation on how SIP/SIPPING are in the process of
using S/MIME and CMS in the SIP protocol for providing origin
authentication, integrity and confidentiality security services. These
were added in a hurry to RFC 3261 just before adoption. Rohan was
asking to get some help both for providing implementation assistance and
advise on what should be specified in future documents from the groups.
Camellia Draft: KATO Akihiro gave the presentation on the draft for
Camellia to be used as a content encryption algorithm with CMS. Draft
-01 contains two additional sections, one for S/MIME Capabilities and
one for Key Wrap algorithm details. Some comments have been made on the
-01 draft, after these are address the document should be ready for
working group last call. Information on Camellia can be obtained at
ESS Document Updates: Jim Schaad gave a brief description of a problem
that has been identified with the ML Expansion History update in the ESS
document. The problem is that this signed attribute currently addresses
two different problems, the detection of loops during ML expansion and
changing receipt generation behavior. This means that a work flow
application cannot easily change the receipt behavior without appearing
to be an MLA. The proposal is to split these two different requirements
into separate signed attributes. An MLA would make use of both new
attributes, but the work flow application would only make use of one of
them. An update the ESS document (RFC 2634) is needed.
- CERTbis, MSGbis, Examples, and Camellia drafts will undergo working
group last call as soon as next versions are published.
- ESS draft to be updated to address workflow issue.
- SIP/SIPPING issues to be addressed by S/MIME mailing list.
- RSA PSS signatures will be adopted as described in PKIX.