S/MIME Mail Security (smime)

Last modified: 2010-10-12

Chair(s)

Security Area Director(s)

Security Area Advisor

Mailing Lists:

General Discussion: smime@ietf.org
To Subscribe: smime-request@ietf.org
Archive: http://www.ietf.org/mail-archive/web/smime/

Description of Working Group:

The S/MIME Working Group has completed a series of Proposed Standards that comprise the S/MIME version 3.1 specification. As part of the specification update, a new suite of "mandatory to implement" algorithms was be selected. Current efforts update and build upon these base specifications.

The Cryptographic Message Syntax (CMS) (RFC 3852) is cryptographic algorithm independent, yet there is always more than one way to use any algorithm. To ensure interoperability, each algorithm should have a specification that describes its use with CMS. Specifications for the use of additional cryptographic algorithms will be developed.

CMS, as well as S/MIME version 3 and later, permit the use of previously distributed symmetric key-encryption keys. Specifications for the distribution of symmetric key-encryption keys to multiple message recipients will be developed. Mail List Agents (MLAs) are one use of symmetric key-encryption keys. The specification will be algorithm independent.

To aid initial determination of recipient's cryptographic capabilities a specification will be developed allowing S/MIME capabilities to be stored and asserted in X.509 certificates based on the X.509 certificate and CRL profile developed by the PKIX Working Group.

The working group will perform necessary interoperability testing to progress the CMS and S/MIME specifications to Draft Standard. The CMS specification depends on the RFC 3280, which was developed by the PKIX working group. This profile must progress to Draft Standard before CMS and the other S/MIME specifications can progress to Draft Standard. Assuming timely progress by the PKIX Working Group, the S/MIME specification can start progressing to Draft Standard in 2005.

Goals and Milestones

Done DoneFirst draft of security label usage specification.
Done First draft of CMS RecipientInfo extension.
Done Last call on KEA and SKIPJACK algorithm specification.
Done Last call on small subgroup attack avoidance
Done First draft of CAST algorithm specification.
Done Last call on certificate distribution specification.
Done First draft of mail list key distribution.
Done Submit KEA and SKIPJACK algorithm specification as Informational RFC.
Done Submit small subgroup attack avoidance as Informational RFC
Done Last call on CAST algorithm specification.
Done Last call on security label usage specification.
Done Updated draft of domain security services document.
Done Last call on IDEA algorithm specification.
Done Last call on CMS RecipientInfo extension.
Done Last call on mail list key distribution.
Done Submit CAST algorithm specification as Informational RFC.
Done Submit security label usage specification as Informational RFC.
Done Submit IDEA algorithm specification as Informational RFC.
Done Submit CMS RecipientInfo extension to IESG for consideration as a Proposed Standard.
Done Last call on domain security services document.
Done Submit domain security services as Experimental RFC.
Done Submit RSA OAEP algorithm specification as Proposed Standard
Done Submit mail list key distribution as a Proposed Standard
Done Submit HMAC key wrap description as Proposed Standard
Done Submit AES algorithm specification as Proposed Standard
Done Submit X.400 CMS wrapper specification as a Proposed Standard
Done Submit X.400 transport as a Proposed Standard
Done Last call on CMS and ESS examples document
Done First draft of RSA KEM algorithm specification
Done Submit update to MSG as Proposed Standard
Done Submit update to CERT as Proposed Standard
Done Last call on RSA PSS algorithm specification
Done Submit RSA PSS algorithm specification as Proposed Standard
Done First draft of S/MIME Capabilities Certificate Extension
Done Working Group Last Call for S/MIME Capabilities Certificate Extension
Done Submit S/MIME Capabilities Certificate Extension as Informational RFC
Done Submit SHA-2 algorithms with CMS as Proposed Standard
Done Submit S/MIME Certificate Handling as Proposed Standard
Done Submit S/MIME Message Specification as Proposed Standard
Done Submit CMS as Draft Standard
Dec 2008 Submit necessary algorithms documents* as Draft Standard
Dec 2008 Submit Enhanced Security Services as Draft Standard
Dec 2008 Submit S/MIME Message Specification as Draft Standard
Dec 2008 Submit S/MIME Certificate Handling as Draft Standard

No Internet-Drafts

Request for Comments

Internet SocietyAMSHome - Tools Team - Datatracker - IASA - IAB - RFC Editor - IANA - IRTF - IETF Trust - ISOC - IETF Journal - Store - Contact Us
Secretariat services provided by Association Management Solutions, LLC (AMS).
Please send problem reports to: ietf-action@ietf.org.