S/MIME Mail Security (smime) ---------------------------- Charter Last Modified: 2008-04-23 Current Status: Active Working Group Chair(s): Sean Turner Blake Ramsdell Security Area Director(s): Tim Polk Pasi Eronen Security Area Advisor: Tim Polk Mailing Lists: General Discussion:ietf-smime@imc.org To Subscribe: ietf-smime-request@imc.org Archive: http://www.imc.org/ietf-smime/ Description of Working Group: The S/MIME Working Group has completed a series of Proposed Standards that comprise the S/MIME version 3.1 specification. As part of the specification update, a new suite of "mandatory to implement" algorithms was be selected. Current efforts update and build upon these base specifications. The Cryptographic Message Syntax (CMS) (RFC 3852) is cryptographic algorithm independent, yet there is always more than one way to use any algorithm. To ensure interoperability, each algorithm should have a specification that describes its use with CMS. Specifications for the use of additional cryptographic algorithms will be developed. CMS, as well as S/MIME version 3 and later, permit the use of previously distributed symmetric key-encryption keys. Specifications for the distribution of symmetric key-encryption keys to multiple message recipients will be developed. Mail List Agents (MLAs) are one use of symmetric key-encryption keys. The specification will be algorithm independent. To aid initial determination of recipient's cryptographic capabilities a specification will be developed allowing S/MIME capabilities to be stored and asserted in X.509 certificates based on the X.509 certificate and CRL profile developed by the PKIX Working Group. The working group will perform necessary interoperability testing to progress the CMS and S/MIME specifications to Draft Standard. The CMS specification depends on the RFC 3280, which was developed by the PKIX working group. This profile must progress to Draft Standard before CMS and the other S/MIME specifications can progress to Draft Standard. Assuming timely progress by the PKIX Working Group, the S/MIME specification can start progressing to Draft Standard in 2005. Goals and Milestones: Done First draft of security label usage specification. Done First draft of CMS RecipientInfo extension. Done Last call on KEA and SKIPJACK algorithm specification. Done Last call on small subgroup attack avoidance Done First draft of CAST algorithm specification. Done Last call on certificate distribution specification. Done First draft of mail list key distribution. Done Submit KEA and SKIPJACK algorithm specification as Informational RFC. Done Submit small subgroup attack avoidance as Informational RFC Done Last call on CAST algorithm specification. Done Updated draft of domain security services document. Done Last call on security label usage specification. Done Last call on IDEA algorithm specification. Done Last call on CMS RecipientInfo extension. Done Last call on mail list key distribution. Done Submit CAST algorithm specification as Informational RFC. Done Submit security label usage specification as Informational RFC. Done Submit IDEA algorithm specification as Informational RFC. Done Submit CMS RecipientInfo extension to IESG for consideration as a Proposed Standard. Done Last call on domain security services document. Done Submit domain security services as Experimental RFC. Done Submit mail list key distribution as a Proposed Standard Done Submit X.400 CMS wrapper specification as a Proposed Standard Done Submit HMAC key wrap description as Proposed Standard Done Submit RSA OAEP algorithm specification as Proposed Standard Done Sumbit AES algorithm specification as Proposed Standard Done Submit X.400 transport as a Proposed Standard Done Last call on CMS and ESS examples document Done First draft of RSA KEM algorithm specification Done Submit update to MSG as Proposed Standard Done Submit update to CERT as Proposed Standard Done Last call on RSA PSS algorithm specification Done Submit RSA PSS algorithm specification as Proposed Standard Done First draft of S/MIME Capabilities Certificate Extension Done Working Group Last Call for S/MIME Capabilities Certificate Extension Done Submit S/MIME Capabilities Certificate Extension as Informational RFC Dec 2007 Submit SHA-2 algorithms with CMS as Proposed Standard Dec 2007 Submit S/MIME Certificate Handling as Proposed Standard Dec 2007 Submit S/MIME Message Specification as Proposed Standard Dec 2008 Submit CMS as Draft Standard Dec 2008 Submit necessary algorithms documents* as Draft Standard Dec 2008 Submit Enhanced Security Services as Draft Standard Dec 2008 Submit S/MIME Message Specification as Draft Standard Dec 2008 Submit S/MIME Certificate Handling as Draft Standard Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- May 2003 Nov 2008 Use of the RSA-KEM Key Transport Algorithm in CMS Dec 2006 Mar 2008 Multiple Signatures in S/MIME May 2007 Jan 2009 Using SHA2 Algorithms with Cryptographic Message Syntax Nov 2007 Apr 2009 Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Certificate Handling Nov 2007 Apr 2009 Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification Dec 2007 Apr 2009 New ASN.1 Modules for CMS and S/MIME Jun 2008 Apr 2009 Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC2311 I Mar 1998 S/MIME Version 2 Message Specification RFC2312 I Mar 1998 S/MIME Version 2 Certificate Handling RFC2634 PS Jul 1999 Enhanced Security Services for S/MIME RFC2633 PS Jul 1999 S/MIME Version 3 Message Specification RFC2632 PS Jul 1999 S/MIME Version 3 Certificate Handling RFC2631 PS Jul 1999 Diffie-Hellman Key Agreement Method RFC2630 PS Jul 1999 Cryptographic Message Syntax RFC2785 I Mar 2000 Methods for Avoiding the 'Small-Subgroup' Attacks on the Diffie-Hellman Key Agreement Method for S/MIME RFC2876 I Jul 2000 Use of the KEA and SKIPJACK Algorithms in CMS RFC2984 PS Oct 2000 Use of the CAST-128 Encryption Algorithm in CMS RFC3058 I Feb 2001 Use of the IDEA Encryption Algorithm in CMS RFC3125 E Sep 2001 Electronic Signature Policies RFC3183 E Oct 2001 Domain Security Services using S/MIME RFC3126 I Oct 2001 Electronic Signature Formats for long term electronic signatures RFC3185 PS Oct 2001 Reuse of CMS Content Encryption Keys RFC3217 I Dec 2001 Triple-DES and RC2 Key Wrapping RFC3211 PS Dec 2001 Password-based Encryption for SMS RFC3218 I Jan 2002 Preventing the Million Message Attack on CMS RFC3278 I May 2002 Use of ECC Algorithms in CMS RFC3274 PS Jun 2002 Compressed Data Content Type for Cryptographic Message Syntax (CMS) RFC3369 PS Sep 2002 Cryptographic Message Syntax RFC3370 PS Sep 2002 Cryptographic Message Syntax (CMS) Algorithms RFC3394 I Oct 2002 Advanced Encryption Standard (AES) Key Wrap Algorithm RFC3114 I Jan 2003 Implementing Company Classification Policy with the S/MIME Security Label RFC3537 PS Jun 2003 Wrapping a Hashed Message Authentication Code (HMAC) key with a Triple-Data Encryption Standard (DES) Key or an Advanced Encryption Standard (AES)Key RFC3560 PS Jul 2003 Use of the RSAES-OAEP Key Transport Algorithm in Cryptographic Message Syntax (CMS) RFC3565 PS Jul 2003 Use of the Advanced Encryption Standard (AES)Encryption Algorithm in Cryptographic Message Syntax (CMS) RFC3657Standard Jan 2004 Use of the Camellia Encryption Algorithm in CMS RFC3851Standard Jul 2004 S/MIME Version 3.1 Message Specification RFC3850Standard Jul 2004 S/MIME Version 3.1 Certificate Handling RFC3852Standard Jul 2004 Cryptographic Message Syntax (CMS) RFC3854Standard Aug 2004 Securing X.400 Content with S/MIME RFC3855Standard Aug 2004 Transporting S/MIME Objects in X.400 RFC4010Standard Feb 2005 Use of the SEED Encryption Algorithm in Cryptographic Message Syntax (CMS) RFC4056Standard Jun 2005 Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS) RFC4134 I Jul 2005 Examples of S/MIME Messages RFC4262Standard Dec 2005 X.509 Certificate Extension for Secure/Multipurpose Internet Mail Extensions (S/MIME) Capabilities RFC4490 PS May 2006 Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94 and GOST R 34.10-2001 Algorithms with the Cryptographic Message Syntax (CMS) RFC4853 PS Apr 2007 Cryptographic Message Syntax (CMS) Multiple Signer Clarification RFC5035 PS Aug 2007 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility RFC5083 PS Nov 2007 Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type RFC5084 PS Nov 2007 Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS) RFC5126 I Mar 2008 CMS Advanced Electronic Signatures (CAdES) RFC5275 PS Jun 2008 CMS Symmetric Key Management and Distribution RFC5409 I Jan 2009 Using the Boneh-Franklin and Boneh-Boyen Identity-Based Encryption Algorithms with the Cryptographic Message Syntax (CMS) RFC5408 I Jan 2009 Identity-Based Encryption Architecture and Supporting Data Structures