ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SMIME Capabilities in X.509 Certificates

2004-06-14 19:23:48
from [Stefan Santesson] [Permanent Link] 


Stefan Santesson
Program Manager, Windows Security
Principal Consultant, Microsoft Denmark
Please find attached a proposed updated charter which would incorporate
the task to define means to carry SMIME Capabilities in X.509
Certificates.

This revised charter has been reviewed and approved by Russ Hously on
the condition that this WG accept to take on this task.

We had a discussion on this issue in PKIX which some of you may have
noticed where a majority concluded that this was a good thing to do but
the post discussion, especially with Russ, also concluded that SMIME is
probably the best place to do it and not PKIX.

The background of this work item is the need to establish knowledge
about opponents SMIME Capabilities, even before a first message
exchange. We will never escape the fact that a sender of an encrypted
mail some times will have to guess the recipients cryptographic
capabilities. In other situations the sender may have access to multiple
sources of data with conflicting information so the sender should always
be prepared to use the most recent and reliable source of information.
But in absence of any information at all, the sender have to fallback to
default configuration settings.

It would thus improve the situation if CAs, especially enterprise CAs,
that knows or even have the capability to dictate the capabilities of
users, could include the PKCS#9 SMIMECapabilities attribute in
certificates.

One such solution is in practical use since quite some time now.
Both Microsoft CAs and e-mail clients have since long the capabilities
to include and extract users SMIME Capabilities in certificates using
this PKCS#9 attribute as a certificate extension.

This work item should hopefully therefore be a rather simple to conclude
since the PKCS#9 attribute is already defined and used in SMIME for this
purpose, and one way of using this attribute in certificates is already
in widespread use.

I will, given that the WG accepts this work item, volunteer to write the
first draft.

/Stefan Santesson

Attachment: SMIME Charter_SMIMECap_changes.doc
Description: SMIME Charter_SMIMECap_changes.doc

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Protocol Action: 'S/MIME Version 3.1 Certificate Handling' to Proposed Standard, The IESG
Next by Date:  Protocol Action: 'Cryptographic Message Syntax (CMS)' to Proposed Standard, The IESG
Previous by Thread:  Protocol Action: 'S/MIME Version 3.1 Certificate Handling' to Proposed Standard, The IESG
Next by Thread:  RE: SMIME Capabilities in X.509 Certificates, Blake Ramsdell
Indexes:  [Date] [Thread] [Top] [All Lists]