< draft-ietf-smime-3850bis-06.txt		draft-ietf-smime-3850bis-07.txt >
	S/MIME WG Blake Ramsdell, Brute Squad Labs		S/MIME WG Blake Ramsdell, Brute Squad Labs
	Internet Draft Sean Turner, IECA		Internet Draft Sean Turner, IECA
	Intended Status: Standard Track September 18, 2008		Intended Status: Standard Track September 24, 2008
	Obsoletes: 3850 (once approved)		Obsoletes: 3850 (once approved)
	Expires: March 18, 2009		Expires: March 24, 2009
	Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2		Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2
	Certificate Handling		Certificate Handling
	draft-ietf-smime-3850bis-06.txt		draft-ietf-smime-3850bis-07.txt
	Status of this Memo		Status of this Memo
	By submitting this Internet-Draft, each author represents that any		By submitting this Internet-Draft, each author represents that any
	applicable patent or other IPR claims of which he or she is aware		applicable patent or other IPR claims of which he or she is aware
	have been or will be disclosed, and any of which he or she becomes		have been or will be disclosed, and any of which he or she becomes
	aware will be disclosed, in accordance with Section 6 of BCP 79.		aware will be disclosed, in accordance with Section 6 of BCP 79.
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF), its areas, and its working groups. Note that		Task Force (IETF), its areas, and its working groups. Note that
	skipping to change at page 1, line 35 ¶		skipping to change at page 1, line 35 ¶
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	The list of current Internet-Drafts can be accessed at		The list of current Internet-Drafts can be accessed at
	http://www.ietf.org/ietf/1id-abstracts.txt		http://www.ietf.org/ietf/1id-abstracts.txt
	The list of Internet-Draft Shadow Directories can be accessed at		The list of Internet-Draft Shadow Directories can be accessed at
	http://www.ietf.org/shadow.html		http://www.ietf.org/shadow.html
	This Internet-Draft will expire on March 18, 2008.		This Internet-Draft will expire on March 24, 2008.
	Copyright Notice		Copyright Notice
	Copyright (C) The IETF Trust (2008).		Copyright (C) The IETF Trust (2008).
	Abstract		Abstract
	This document specifies conventions for X.509 certificate usage by		This document specifies conventions for X.509 certificate usage by
	Secure/Multipurpose Internet Mail Extensions (S/MIME) agents. S/MIME		Secure/Multipurpose Internet Mail Extensions (S/MIME) agents. S/MIME
	provides a method to send and receive secure MIME messages, and		provides a method to send and receive secure MIME messages, and
	skipping to change at page 2, line 42 ¶		skipping to change at page 2, line 42 ¶
	4.1. Certificate Revocation Lists.............................10		4.1. Certificate Revocation Lists.............................10
	4.2. Certificate Path Validation..............................10		4.2. Certificate Path Validation..............................10
	4.3. Certificate and CRL Signing Algorithms and Key Sizes.....11		4.3. Certificate and CRL Signing Algorithms and Key Sizes.....11
	4.4. PKIX Certificate Extensions..............................12		4.4. PKIX Certificate Extensions..............................12
	5. IANA Considerations...........................................14		5. IANA Considerations...........................................14
	6. Security Considerations.......................................14		6. Security Considerations.......................................14
	7. References....................................................16		7. References....................................................16
	7.1. Normative References.....................................16		7.1. Normative References.....................................16
	7.2. Informative References...................................17		7.2. Informative References...................................17
	Appendix A. Moving S/MIME v2 Certificate Handling to Historic		Appendix A. Moving S/MIME v2 Certificate Handling to Historic
	Status...............................................20		Status...............................................19
	Appendix B. Acknowledgements.....................................20		Appendix B. Acknowledgements.....................................19
	1. Introduction		1. Introduction
	S/MIME (Secure/Multipurpose Internet Mail Extensions), described in		S/MIME (Secure/Multipurpose Internet Mail Extensions), described in
	[SMIME-MSG], provides a method to send and receive secure MIME		[SMIME-MSG], provides a method to send and receive secure MIME
	messages. Before using a public key to provide security services,		messages. Before using a public key to provide security services,
	the S/MIME agent MUST verify that the public key is valid. S/MIME		the S/MIME agent MUST verify that the public key is valid. S/MIME
	agents MUST use PKIX certificates to validate public keys as		agents MUST use PKIX certificates to validate public keys as
	described in the Internet X.509 Public Key Infrastructure (PKIX)		described in the Internet X.509 Public Key Infrastructure (PKIX)
	Certificate and CRL Profile [KEYM]. S/MIME agents MUST meet the		Certificate and CRL Profile [KEYM]. S/MIME agents MUST meet the
	skipping to change at page 11, line 23 ¶		skipping to change at page 11, line 23 ¶
	is found in an S/MIME message, it SHALL be used to identify the		is found in an S/MIME message, it SHALL be used to identify the
	signer's certificate. Otherwise, the certificate is identified in an		signer's certificate. Otherwise, the certificate is identified in an
	S/MIME message, either using the issuerAndSerialNumber which		S/MIME message, either using the issuerAndSerialNumber which
	identifies the signer's certificate by the issuer's distinguished		identifies the signer's certificate by the issuer's distinguished
	name and the certificate serial number, or the subjectKeyIdentifier		name and the certificate serial number, or the subjectKeyIdentifier
	which identifies the signer's certificate by a key identifier.		which identifies the signer's certificate by a key identifier.
	When decrypting an encrypted message, if a		When decrypting an encrypted message, if a
	SMIMEEncryptionKeyPreference attribute is found in an encapsulating		SMIMEEncryptionKeyPreference attribute is found in an encapsulating
	SignedData, it SHALL be used to identify the originator's certificate		SignedData, it SHALL be used to identify the originator's certificate
	found in OriginatorInfo. Otherwise, a) for DH encrypted messages the		found in OriginatorInfo. See [CMS] for the CMS fields that reference
	certificate is identified by the KeyAgreeRecipientInfo originator		the originator's and recipient's certificates.
	field using either the issuer and serial number or subject public key
	identifier choice or the certificate is omitted and the originator's
	public key is included in originatorKey b) for RSA encrypted messages
	the originator's certificate is not required for decryption.
	4.3. Certificate and CRL Signing Algorithms and Key Sizes		4.3. Certificate and CRL Signing Algorithms and Key Sizes
	Certificates and Certificate Revocation Lists (CRLs) are signed by		Certificates and Certificate Revocation Lists (CRLs) are signed by
	the certificate issuer. Receiving agents:		the certificate issuer. Receiving agents:
	- MUST support RSA with SHA-256, as specified in [CMS-SHA2]		- MUST support RSA with SHA-256, as specified in [CMS-SHA2]
	- SHOULD+ support DSA with SHA-256, as specified in [CMS-SHA2]		- SHOULD+ support DSA with SHA-256, as specified in [CMS-SHA2]
	skipping to change at page 17, line 38 ¶		skipping to change at page 17, line 25 ¶
	November 2000.		November 2000.
	[IMF] Resnick, P., "Internet Message Format", work-in-		[IMF] Resnick, P., "Internet Message Format", work-in-
	progress.		progress.
	[RSAPSS] Schaad, J., "Use of RSASA-PSS Signature Algorithm in		[RSAPSS] Schaad, J., "Use of RSASA-PSS Signature Algorithm in
	Cryptographic Message Syntax (CMS)", RFC 4056, June		Cryptographic Message Syntax (CMS)", RFC 4056, June
	2005.		2005.
	[SMIME-MSG] Ramsdell, B., and S. Turner, "S/MIME Version 3.2		[SMIME-MSG] Ramsdell, B., and S. Turner, "S/MIME Version 3.2
	Message Specification", draft-ietf-smime-3851bis, work-		Message Specification", draft-ietf-smime-3851bis-
	in-progress.		07.txt, work-in-progress.
	[X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-		[X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-
	1:2002. Information Technology - Abstract Syntax		1:2002. Information Technology - Abstract Syntax
	Notation One (ASN.1): Specification of basic notation.		Notation One (ASN.1): Specification of basic notation.
	7.2. Informative References		7.2. Informative References
	[PKCS6] RSA Laboratories, "PKCS #6: Extended-Certificate Syntax		[PKCS6] RSA Laboratories, "PKCS #6: Extended-Certificate Syntax
	Standard", November 1993.		Standard", November 1993.
End of changes. 7 change blocks.
	14 lines changed or deleted		10 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/