< draft-ietf-lamps-rfc5751-bis-05.txt		draft-ietf-lamps-rfc5751-bis-06.txt >
	LAMPS J. Schaad		LAMPS J. Schaad
	Internet-Draft August Cellars		Internet-Draft August Cellars
	Obsoletes: 5751 (if approved) B. Ramsdell		Obsoletes: 5751 (if approved) B. Ramsdell
	Intended status: Standards Track Brute Squad Labs, Inc.		Intended status: Standards Track Brute Squad Labs, Inc.
	Expires: October 9, 2017 S. Turner		Expires: October 16, 2017 S. Turner
	sn3rd		sn3rd
	April 7, 2017		April 14, 2017
	Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0		Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
	Message Specification		Message Specification
	draft-ietf-lamps-rfc5751-bis-05		draft-ietf-lamps-rfc5751-bis-06
	Abstract		Abstract
	This document defines Secure/Multipurpose Internet Mail Extensions		This document defines Secure/Multipurpose Internet Mail Extensions
	(S/MIME) version 4.0. S/MIME provides a consistent way to send and		(S/MIME) version 4.0. S/MIME provides a consistent way to send and
	receive secure MIME data. Digital signatures provide authentication,		receive secure MIME data. Digital signatures provide authentication,
	message integrity, and non-repudiation with proof of origin.		message integrity, and non-repudiation with proof of origin.
	Encryption provides data confidentiality. Compression can be used to		Encryption provides data confidentiality. Compression can be used to
	reduce data size. This document obsoletes RFC 5751.		reduce data size. This document obsoletes RFC 5751.
	skipping to change at page 1, line 47 ¶		skipping to change at page 1, line 47 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on October 9, 2017.		This Internet-Draft will expire on October 16, 2017.
	Copyright Notice		Copyright Notice
	Copyright (c) 2017 IETF Trust and the persons identified as the		Copyright (c) 2017 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 3, line 43 ¶		skipping to change at page 3, line 43 ¶
	4. Certificate Processing . . . . . . . . . . . . . . . . . . . 36		4. Certificate Processing . . . . . . . . . . . . . . . . . . . 36
	4.1. Key Pair Generation . . . . . . . . . . . . . . . . . . . 37		4.1. Key Pair Generation . . . . . . . . . . . . . . . . . . . 37
	4.2. Signature Generation . . . . . . . . . . . . . . . . . . 37		4.2. Signature Generation . . . . . . . . . . . . . . . . . . 37
	4.3. Signature Verification . . . . . . . . . . . . . . . . . 37		4.3. Signature Verification . . . . . . . . . . . . . . . . . 37
	4.4. Encryption . . . . . . . . . . . . . . . . . . . . . . . 38		4.4. Encryption . . . . . . . . . . . . . . . . . . . . . . . 38
	4.5. Decryption . . . . . . . . . . . . . . . . . . . . . . . 38		4.5. Decryption . . . . . . . . . . . . . . . . . . . . . . . 38
	5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 38		5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 38
	5.1. Media Type for application/pkcs7-mime . . . . . . . . . . 38		5.1. Media Type for application/pkcs7-mime . . . . . . . . . . 38
	5.2. Media Type for application/pkcs7-signature . . . . . . . 39		5.2. Media Type for application/pkcs7-signature . . . . . . . 39
	5.3. Register authEnveloped-data smime-type . . . . . . . . . 40		5.3. Register authEnveloped-data smime-type . . . . . . . . . 40
	6. IANA Considertions . . . . . . . . . . . . . . . . . . . . . 40		6. Security Considerations . . . . . . . . . . . . . . . . . . . 40
	7. Security Considerations . . . . . . . . . . . . . . . . . . . 41		7. References . . . . . . . . . . . . . . . . . . . . . . . . . 44
	8. References . . . . . . . . . . . . . . . . . . . . . . . . . 44		7.1. Normative References . . . . . . . . . . . . . . . . . . 44
	8.1. Normative References . . . . . . . . . . . . . . . . . . 44		7.2. Informative References . . . . . . . . . . . . . . . . . 48
	8.2. Informative References . . . . . . . . . . . . . . . . . 48
	Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 51		Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 51
	Appendix B. Historic Mail Considerations . . . . . . . . . . . . 53		Appendix B. Historic Mail Considerations . . . . . . . . . . . . 53
	B.1. DigestAlgorithmIdentifier . . . . . . . . . . . . . . . . 54		B.1. DigestAlgorithmIdentifier . . . . . . . . . . . . . . . . 53
	B.2. Signature Algorithms . . . . . . . . . . . . . . . . . . 54		B.2. Signature Algorithms . . . . . . . . . . . . . . . . . . 54
	B.3. ContentEncryptionAlgorithmIdentifier . . . . . . . . . . 56		B.3. ContentEncryptionAlgorithmIdentifier . . . . . . . . . . 56
	B.4. KeyEncryptionAlgorithmIdentifier . . . . . . . . . . . . 56		B.4. KeyEncryptionAlgorithmIdentifier . . . . . . . . . . . . 56
	Appendix C. Moving S/MIME v2 Message Specification to Historic		Appendix C. Moving S/MIME v2 Message Specification to Historic
	Status . . . . . . . . . . . . . . . . . . . . . . . 56		Status . . . . . . . . . . . . . . . . . . . . . . . 56
	Appendix D. Acknowledgments . . . . . . . . . . . . . . . . . . 57		Appendix D. Acknowledgments . . . . . . . . . . . . . . . . . . 57
	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 57		Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 57
	1. Introduction		1. Introduction
	skipping to change at page 9, line 24 ¶		skipping to change at page 9, line 24 ¶
	Section 4: Updated reference to CERT v3.2.		Section 4: Updated reference to CERT v3.2.
	Section 4.1: Updated RSA and DSA key size discussion. Moved last		Section 4.1: Updated RSA and DSA key size discussion. Moved last
	four sentences to security considerations. Updated reference to		four sentences to security considerations. Updated reference to
	randomness requirements for security.		randomness requirements for security.
	Section 5: Added IANA registration templates to update media type		Section 5: Added IANA registration templates to update media type
	registry to point to this document as opposed to RFC 2311.		registry to point to this document as opposed to RFC 2311.
	Section 7: Updated security considerations.		Section 6: Updated security considerations.
	Section 7: Moved references from Appendix B to this section. Updated		Section 7: Moved references from Appendix B to this section. Updated
	references. Added informational references to SMIMEv2, SMIMEv3, and		references. Added informational references to SMIMEv2, SMIMEv3, and
	SMIMEv3.1.		SMIMEv3.1.
	Appendix C: Added Appendix C to move S/MIME v2 to Historic status.		Appendix C: Added Appendix C to move S/MIME v2 to Historic status.
	1.7. Changes for S/MIME v4.0		1.7. Changes for S/MIME v4.0
	- Add the use of AuthEnvelopedData, including defining and		- Add the use of AuthEnvelopedData, including defining and
	skipping to change at page 40, line 44 ¶		skipping to change at page 40, line 44 ¶
	5.3. Register authEnveloped-data smime-type		5.3. Register authEnveloped-data smime-type
	IANA is required to register the following value in the "Parameter		IANA is required to register the following value in the "Parameter
	Values for the smime-type Parameter" registry. The values to be		Values for the smime-type Parameter" registry. The values to be
	registered are:		registered are:
	smime-type value: authEnveloped-data		smime-type value: authEnveloped-data
	Reference: [[This Document, Section 3.2.2]]		Reference: [[This Document, Section 3.2.2]]
	6. IANA Considertions		6. Security Considerations
	This document has no new IANA considerations.
	7. Security Considerations
	Cryptographic algorithms will be broken or weakened over time.		Cryptographic algorithms will be broken or weakened over time.
	Implementers and users need to check that the cryptographic		Implementers and users need to check that the cryptographic
	algorithms listed in this document continue to provide the expected		algorithms listed in this document continue to provide the expected
	level of security. The IETF from time to time may issue documents		level of security. The IETF from time to time may issue documents
	dealing with the current state of the art. For example:		dealing with the current state of the art. For example:
	- The Million Message Attack described in RFC 3218 [RFC3218].		- The Million Message Attack described in RFC 3218 [RFC3218].
	- The Diffie-Hellman "small-subgroup" attacks described in RFC 2785		- The Diffie-Hellman "small-subgroup" attacks described in RFC 2785
	skipping to change at page 44, line 25 ¶		skipping to change at page 44, line 17 ¶
	All of the authenticated encryption algorithms in this document use		All of the authenticated encryption algorithms in this document use
	counter mode for the encryption portion of the algorithm. This means		counter mode for the encryption portion of the algorithm. This means
	that the length of the plain text will always be known as the cipher		that the length of the plain text will always be known as the cipher
	text length and the plain text length are always the same. This		text length and the plain text length are always the same. This
	information can enable passive observers to infer information based		information can enable passive observers to infer information based
	solely on the length of the message. Applications for which this is		solely on the length of the message. Applications for which this is
	a concern need to provide some type of padding so that the length of		a concern need to provide some type of padding so that the length of
	the message does not provide this information.		the message does not provide this information.
	8. References		7. References
	8.1. Normative References		7.1. Normative References
	[ASN.1] "Information Technology - Abstract Syntax Notation		[ASN.1] "Information Technology - Abstract Syntax Notation
	(ASN.1)".		(ASN.1)".
	ASN.1 syntax consists of the following references [X.680],		ASN.1 syntax consists of the following references [X.680],
	[X.681], [X.682], and [X.683].		[X.681], [X.682], and [X.683].
	[CHARSETS]		[CHARSETS]
	"Character sets assigned by IANA.",		"Character sets assigned by IANA.",
	<http://www.iana.org/assignments/character-sets.>.		<http://www.iana.org/assignments/character-sets.>.
	skipping to change at page 48, line 22 ¶		skipping to change at page 48, line 10 ¶
	[X.683] "Information Technology - Abstract Syntax Notation One		[X.683] "Information Technology - Abstract Syntax Notation One
	(ASN.1): Parameteriztion of ASN.1 specifications",		(ASN.1): Parameteriztion of ASN.1 specifications",
	ITU-T X.683, ISO/IEC 8824-4:2008, November 2008.		ITU-T X.683, ISO/IEC 8824-4:2008, November 2008.
	[X.690] "Information Technology - ASN.1 encoding rules:		[X.690] "Information Technology - ASN.1 encoding rules:
	Specification of Basic Encoding Rules (BER), Canonical		Specification of Basic Encoding Rules (BER), Canonical
	Encoding Rules (CER) and Distinguished Encoding Rules		Encoding Rules (CER) and Distinguished Encoding Rules
	(DER).", ITU-T X.690, ISO/IEC 8825-1:2002, July 2002.		(DER).", ITU-T X.690, ISO/IEC 8825-1:2002, July 2002.
	8.2. Informative References		7.2. Informative References
	[FIPS186-2]		[FIPS186-2]
	National Institute of Standards and Technology (NIST),		National Institute of Standards and Technology (NIST),
	"Digital Signature Standard (DSS) [With Change Notice 1]",		"Digital Signature Standard (DSS) [With Change Notice 1]",
	Federal Information Processing Standards		Federal Information Processing Standards
	Publication 186-2, January 2000.		Publication 186-2, January 2000.
	[RFC2268] Rivest, R., "A Description of the RC2(r) Encryption		[RFC2268] Rivest, R., "A Description of the RC2(r) Encryption
	Algorithm", RFC 2268, DOI 10.17487/RFC2268, March 1998,		Algorithm", RFC 2268, DOI 10.17487/RFC2268, March 1998,
	<http://www.rfc-editor.org/info/rfc2268>.		<http://www.rfc-editor.org/info/rfc2268>.
End of changes. 11 change blocks.
	19 lines changed or deleted		14 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/