ietf-smime
[Top] [All Lists]

Re: [smime] Inquiry on the usage of CAdES in S/MIME structures

2013-07-22 00:21:39
On 2013-07-21 22:05, Ayhan Sehrin wrote:
Thanks Anders for the quick info. Could you possibly elaborate just a little 
bit?
Do you mean that a CAdES-BES (for some purposes -A) signed S/MIME message 
should
not have any verification and processing problems with the various e-mail 
clients
and other REM implementations?

Hi Ayhan,

No, I meant that if REM builds on web-technology you can use whatever
signature technology you want but if you need to use standard e-mail
clients you will be stuck with S/MIME as it is today.

Regards,
Anders


Kind regards,

Ayhan Şehrin

-----Original Message-----
From: Anders Rundgren [mailto:anders(_dot_)rundgren(_at_)telia(_dot_)com] 
Sent: Sunday, July 21, 2013 10:18 AM
To: Ayhan Sehrin
Cc: smime(_at_)ietf(_dot_)org
Subject: Re: [smime] Inquiry on the usage of CAdES in S/MIME structures

On 2013-07-20 12:33, Ayhan Sehrin wrote:

Hi Ayhan,

Using CAdES in S/MIME structures should be possible with or without an RFC.

Using CAdES together with desktop clients is less feasible and it would 
probably require a minor miracle fixing it.

OTOH, it seems that your REM solution rather builds on web technology so then 
there are no hurdles at all!

Thanx
Anders Rundgren

Dear list Members,

As Verion Technology Group, a technology provider working on Registered 
E-Mail (REM) solutions since 2009, we are currently in the process of 
formulating a set of basic implementation principles and tools for REM 
Management Domain (MD)’s operative in Turkey. We need to resort to your 
experience and know-how on the subject of the S/MIME specification, and I 
was kindly prompted by Mr. Blake Ramsdell to address your list for further 
comments and insight.

The Registered E-Mail Regulatory Authority in Turkey has very recently 
mandated the use of the CAdES-A profile within the S/MIME structure and as 
we are a bit perplexed on the issue, we would like to inquire your comments 
on:

- whether it would be logical/feasible/meaningful to use the CAdES-A 
profile within an S/MIME structure (for some instances within the REM 
workflow CAdES-BES is also required)
- whether the above usage would present difficulties/problems in terms of 
interoperability of systems (i.e. e-mail clients or BPM/ERP systems, where 
the messages are expected to be utilised - e.g. a REM message received is 
downloaded and then used as the input of a business process within a core 
banking component) especially as regards the subsequent verification process 
within these systems and among different REM Service Providers in Turkey and 
in Europe (as Turkey has opted in to the ETSI TS 102640).
- whether, from a technical viewpoint, the implementation of an S/MIME 
structure with the usage of a CAdES signature presents a problem with 
the S/MIME RFC

- whether the S/MIME RFC should be expected to natively accomodate 
CAdES profiles in the near future


We would gladly provide more details on the ETSI 102640 implementation in 
Turkey, if it is of essense to the above inquiries.
We will be much obliged, should you be able to provide insight.

Thank you in advance and warm regards,


Ayhan ŞEHRİN
Man. Director
Verion Technology Group
Birlik Mah. 435. Cad. 403. Sok. No:3/3 Çankaya, Ankara - Turkey

+90 312 496 3316 <tel:%2B90%20312%20496%2033%2016> (office)
+90 533 556 3333 <tel:%2B90%20533%20556%203333> (mobile)

NB-REM implementation in Turkey in a tiny nutshell: In the typical REM 
implementation in Turkey, an original message is required to be signed with 
the sender’s Qualified Electronic Signature, two out of the currently three 
REMSPs provide tools for constructing and signing the sender’s S/MIME 
structure on the client, receive it over https (or over a web service for 
enterprise integration instances) to the REMSP servers. The third REMSP 
constructs the MIME message on its own server, hashes it an sends it for a 
CAdES signature to the sender’s client. Evidence is produced by REMSPs 
during the mail acceptance, delivery and retrieval milestones and is 
expected to be stored in WORM storage or to be archived, XadES-A for 
evidence, CAdES-A for all system logs.





_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime



_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime