On Tue, Mar 8, 2016 at 1:58 AM, Russ Housley <housley(_at_)vigilsec(_dot_)com>
wrote:
I am hearing interest in these topics (a combination of things on this list
and side conversations).
(1) Specify the way to use authenticated encryption in S/MIME. Note that it
is already done for CMS.
(2) Specify conventions for AES-CCM, AES-GCM, and ChaCha20 with Poly1305
authenticated encryption algorithms.
(3) Specify conventions for using Curve25519 and Curve448 for key agreement.
(4) Specify conventions for using the CFRG chosen curves for elliptic curve
digital signature.
(5) Specify a way to use PGP public keys in addition to PKIX certificates.
If we are going to do this, I would like to also look at automating
enrollment for a CA issued certificate.
The biggest barrier to S/MIME use today is not the cost of the cert.
Comodo has tried giving them away for free for years. It is the
difficulty of using them that is the problem.
In my demonstration of the Mathematical Mesh, I show how to make
configuring S/MIME with a self-signed certificate so easy that the
user barely needs to be aware that it is happening.
In principal configuring a CA issued cert only requires one additional
piece of information, the DNS name of the CA to request the cert from
(and potentially there would be payment issues).
That said, I will note that items 1,2,3,4 are arguably already in
scope for CURDLE.
I am a big fan of doing (5). the point is to get people using end to
end encryption, not use one particular approach.
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime