S/MIME Mail Security (smime)

Last Modified: 2008-04-23

Additional information is available at tools.ietf.org/wg/smime

Chair(s):

  • Sean Turner <turners@ieca.com>

  • Blake Ramsdell <blake@sendmail.com>

    Security Area Director(s):

  • Tim Polk <tim.polk@nist.gov>
  • Pasi Eronen <pasi.eronen@nokia.com>

    Security Area Advisor:

  • Tim Polk <tim.polk@nist.gov>

    Mailing Lists:

    General Discussion: ietf-smime@imc.org
    To Subscribe: ietf-smime-request@imc.org
    Archive: http://www.imc.org/ietf-smime/

    Description of Working Group:

    The S/MIME Working Group has completed a series of Proposed Standards
    that comprise the S/MIME version 3.1 specification. As part of the
    specification update, a new suite of "mandatory to implement"
    algorithms
    was be selected. Current efforts update and build upon these base
    specifications.

    The Cryptographic Message Syntax (CMS) (RFC 3852) is cryptographic
    algorithm independent, yet there is always more than one way to use any
    algorithm. To ensure interoperability, each algorithm should have a
    specification that describes its use with CMS. Specifications for the
    use of additional cryptographic algorithms will be developed.

    CMS, as well as S/MIME version 3 and later, permit the use of
    previously
    distributed symmetric key-encryption keys. Specifications for the
    distribution of symmetric key-encryption keys to multiple message
    recipients will be developed. Mail List Agents (MLAs) are one use of
    symmetric key-encryption keys. The specification will be algorithm
    independent.

    To aid initial determination of recipient's cryptographic capabilities
    a
    specification will be developed allowing S/MIME capabilities to be
    stored and asserted in X.509 certificates based on the X.509
    certificate
    and CRL profile developed by the PKIX Working Group.

    The working group will perform necessary interoperability testing to
    progress the CMS and S/MIME specifications to Draft Standard. The CMS
    specification depends on the RFC 3280, which was developed by the PKIX
    working group. This profile must progress to Draft Standard before CMS
    and the other S/MIME specifications can progress to Draft Standard.
    Assuming timely progress by the PKIX Working Group, the S/MIME
    specification can start progressing to Draft Standard in 2005.

    Goals and Milestones:

    Done  First draft of security label usage specification.
    Done  First draft of CMS RecipientInfo extension.
    Done  Last call on KEA and SKIPJACK algorithm specification.
    Done  Last call on small subgroup attack avoidance
    Done  First draft of CAST algorithm specification.
    Done  Last call on certificate distribution specification.
    Done  First draft of mail list key distribution.
    Done  Submit KEA and SKIPJACK algorithm specification as Informational RFC.
    Done  Submit small subgroup attack avoidance as Informational RFC
    Done  Last call on CAST algorithm specification.
    Done  Updated draft of domain security services document.
    Done  Last call on security label usage specification.
    Done  Last call on IDEA algorithm specification.
    Done  Last call on CMS RecipientInfo extension.
    Done  Last call on mail list key distribution.
    Done  Submit CAST algorithm specification as Informational RFC.
    Done  Submit security label usage specification as Informational RFC.
    Done  Submit IDEA algorithm specification as Informational RFC.
    Done  Submit CMS RecipientInfo extension to IESG for consideration as a Proposed Standard.
    Done  Last call on domain security services document.
    Done  Submit domain security services as Experimental RFC.
    Done  Submit mail list key distribution as a Proposed Standard
    Done  Submit X.400 CMS wrapper specification as a Proposed Standard
    Done  Submit HMAC key wrap description as Proposed Standard
    Done  Submit RSA OAEP algorithm specification as Proposed Standard
    Done  Sumbit AES algorithm specification as Proposed Standard
    Done  Submit X.400 transport as a Proposed Standard
    Done  Last call on CMS and ESS examples document
    Done  First draft of RSA KEM algorithm specification
    Done  Submit update to MSG as Proposed Standard
    Done  Submit update to CERT as Proposed Standard
    Done  Last call on RSA PSS algorithm specification
    Done  Submit RSA PSS algorithm specification as Proposed Standard
    Done  First draft of S/MIME Capabilities Certificate Extension
    Done  Working Group Last Call for S/MIME Capabilities Certificate Extension
    Done  Submit S/MIME Capabilities Certificate Extension as Informational RFC
    Dec 2007  Submit SHA-2 algorithms with CMS as Proposed Standard
    Dec 2007  Submit S/MIME Certificate Handling as Proposed Standard
    Dec 2007  Submit S/MIME Message Specification as Proposed Standard
    Dec 2008  Submit CMS as Draft Standard
    Dec 2008  Submit necessary algorithms documents* as Draft Standard
    Dec 2008  Submit Enhanced Security Services as Draft Standard
    Dec 2008  Submit S/MIME Message Specification as Draft Standard
    Dec 2008  Submit S/MIME Certificate Handling as Draft Standard

    Internet-Drafts:

    CMS Symmetric Key Management and Distribution (207722 bytes)
    Use of the RSA-KEM Key Transport Algorithm in CMS (51309 bytes)
    Identity-based Encryption Architecture (55791 bytes)
    Using the Boneh-Franklin and Boneh-Boyen identity-based encryption algorithms with the Cryptographic Message Syntax (CMS) (33019 bytes)
    Multiple Signatures in S/MIME (36476 bytes)
    Using SHA2 Algorithms with Cryptographic Message Syntax (18963 bytes)
    Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Certificate Handling (40256 bytes)
    Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification (88792 bytes)
    New ASN.1 Modules for CMS and S/MIME (66348 bytes)
    Update to Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) (47116 bytes)

    Request For Comments:

    S/MIME Version 2 Message Specification (RFC 2311) (70901 bytes)
    S/MIME Version 2 Certificate Handling (RFC 2312) (39829 bytes)
    Enhanced Security Services for S/MIME (RFC 2634) (131153 bytes) updated by RFC 5035
    S/MIME Version 3 Message Specification (RFC 2633) (67870 bytes) obsoleted by RFC 3851
    S/MIME Version 3 Certificate Handling (RFC 2632) (27925 bytes) obsoleted by RFC 3850
    Diffie-Hellman Key Agreement Method (RFC 2631) (25932 bytes)
    Cryptographic Message Syntax (RFC 2630) (128599 bytes) obsoleted by RFC 3369
    Methods for Avoiding the 'Small-Subgroup' Attacks on the Diffie-Hellman Key Agreement Method for S/MIME (RFC 2785) (24415 bytes)
    Use of the KEA and SKIPJACK Algorithms in CMS (RFC 2876) (29265 bytes)
    Use of the CAST-128 Encryption Algorithm in CMS (RFC 2984) (11591 bytes)
    Use of the IDEA Encryption Algorithm in CMS (RFC 3058) (17257 bytes)
    Electronic Signature Policies (RFC 3125) (95505 bytes)
    Domain Security Services using S/MIME (RFC 3183) (57129 bytes)
    Electronic Signature Formats for long term electronic signatures (RFC 3126) (175886 bytes) obsoleted by RFC 5126
    Reuse of CMS Content Encryption Keys (RFC 3185) (20404 bytes)
    Password-based Encryption for SMS (RFC 3211) (30527 bytes) obsoleted by RFC 3369
    Triple-DES and RC2 Key Wrapping (RFC 3217) (19855 bytes)
    Preventing the Million Message Attack on CMS (RFC 3218) (16047 bytes)
    Use of ECC Algorithms in CMS (RFC 3278) (33779 bytes)
    Compressed Data Content Type for Cryptographic Message Syntax (CMS) (RFC 3274) (11276 bytes)
    Cryptographic Message Syntax (CMS) Algorithms (RFC 3370) (51001 bytes)
    Cryptographic Message Syntax (RFC 3369) (113975 bytes) obsoletes RFC 2630,RFC 3211/ obsoleted by RFC 3852
    Advanced Encryption Standard (AES) Key Wrap Algorithm (RFC 3394) (73072 bytes)
    Implementing Company Classification Policy with the S/MIME Security Label (RFC 3114) (27764 bytes)
    Wrapping a Hashed Message Authentication Code (HMAC) key with a Triple-Data Encryption Standard (DES) Key or an Advanced Encryption Standard (AES)Key (RFC 3537) (16885 bytes)
    Use of the Advanced Encryption Standard (AES)Encryption Algorithm in Cryptographic Message Syntax (CMS) (RFC 3565) (26773 bytes)
    Use of the RSAES-OAEP Key Transport Algorithm in Cryptographic Message Syntax (CMS) (RFC 3560) (37381 bytes)
    Use of the Camellia Encryption Algorithm in CMS (RFC 3657) (26282 bytes)
    S/MIME Version 3.1 Certificate Handling (RFC 3850) (37446 bytes) obsoletes RFC 2632
    S/MIME Version 3.1 Message Specification (RFC 3851) (79612 bytes) obsoletes RFC 2633
    Cryptographic Message Syntax (CMS) (RFC 3852) (124168 bytes) obsoletes RFC 3369/ updated by RFC 4853
    Transporting S/MIME Objects in X.400 (RFC 3855) (25774 bytes)
    Securing X.400 Content with S/MIME (RFC 3854) (32801 bytes)
    Use of the SEED Encryption Algorithm in Cryptographic Message Syntax (CMS) (RFC 4010) (22403 bytes)
    Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS) (RFC 4056) (11514 bytes)
    Examples of S/MIME Messages (RFC 4134) (325865 bytes)
    X.509 Certificate Extension for Secure/Multipurpose Internet Mail Extensions (S/MIME) Capabilities (RFC 4262) (9801 bytes)
    Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94 and GOST R 34.10-2001 Algorithms with the Cryptographic Message Syntax (CMS) (RFC 4490) (54912 bytes)
    Cryptographic Message Syntax (CMS) Multiple Signer Clarification (RFC 4853) (10146 bytes) updates RFC 3852
    Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility (RFC 5035) (32674 bytes) updates RFC 2634
    Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS) (RFC 5084) (21821 bytes)
    Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type (RFC 5083) (22810 bytes)
    CMS Advanced Electronic Signatures (CAdES) (RFC 5126) (309173 bytes) obsoletes RFC 3126
    IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.

    Return to working group directory.

    Return to IETF home page.