S/MIME Mail Security (smime)
----------------------------

Charter
Last Modified: 2007-05-21

Current Status: Active Working Group

Chair(s):
    Sean Turner  <[email protected]>
    Blake Ramsdell  <[email protected]>

Security Area Director(s):
    Tim Polk  <[email protected]>
    Sam Hartman  <[email protected]>

Security Area Advisor:
    Tim Polk  <[email protected]>

Mailing Lists:
    General Discussion:[email protected]
    To Subscribe:      [email protected]
    Archive:           http://www.imc.org/ietf-smime/

Description of Working Group:

The S/MIME WG was established in the winter of 1997 to define MIME
encapsulation techniques of objects whose format was based on PKCS#7
(RFC2315). These encapsulation techniques can be used to provide
security services for an arbitrary encapsulated content.

Initially the Cryptographic Message Syntax (CMS) (RFC2630) was not
algorithm independent; however, the 1st revision separated the syntax
(RFC3369) and the algorithms (RFC3370) to allow the two to be
updated without affecting one another. Since this split, other
documents have been written to document the use of CMS with other
algorithms (e.g., ECDSA, AES, GOST). Also since the initial CMS,
additional key management techniques (e.g., password-based and an
extensible type) and encapsulation techniques (e.g., compression) have
been added and other documents have been written to add additional
security services. CMS is also transport independent, and documents
have been written to define a consistent way to transport MIME objects.

The S/MIME specifications, one for the message specification and
another for certificate handling, have been updated to migrate
algorithms over time.

Appropriate WG topics are as follows:

- Specifications for the use of additional cryptographic algorithms
with CMS.
- Specifications that define additional CMS content types.
- Specifications to document algorithm migration of S/MIME.
- With the approval of the area director, specifications that define
additional CMS security services.

The WG will perform interoperability testing to progress the CMS and
S/MIME Specifications to Draft Standard.

Goals and Milestones:

  Done         First draft of security label usage specification.

  Done         First draft of CMS RecipientInfo extension.

  Done         Last call on KEA and SKIPJACK algorithm specification.

  Done         Last call on small subgroup attack avoidance

  Done         First draft of CAST algorithm specification.

  Done         Last call on certificate distribution specification.

  Done         First draft of mail list key distribution.

  Done         Submit KEA and SKIPJACK algorithm specification as
               Informational RFC.

  Done         Submit small subgroup attack avoidance as Informational RFC

  Done         Last call on CAST algorithm specification.

  Done         Updated draft of domain security services document.

  Done         Last call on security label usage specification.

  Done         Last call on IDEA algorithm specification.

  Done         Last call on CMS RecipientInfo extension.

  Done         Last call on mail list key distribution.

  Done         Submit CAST algorithm specification as Informational RFC.

  Done         Submit security label usage specification as Informational RFC.

  Done         Submit IDEA algorithm specification as Informational RFC.

  Done         Submit CMS RecipientInfo extension to IESG for consideration as
               a Proposed Standard.

  Done         Last call on domain security services document.

  Done         Submit domain security services as Experimental RFC.

  Done         Submit mail list key distribution as a Proposed Standard

  Done         Submit X.400 CMS wrapper specification as a Proposed Standard

  Done         Submit HMAC key wrap description as Proposed Standard

  Done         Submit RSA OAEP algorithm specification as Proposed Standard

  Done         Sumbit AES algorithm specification as Proposed Standard

  Done         Submit X.400 transport as a Proposed Standard

  Done         Last call on CMS and ESS examples document

  Done         First draft of RSA KEM algorithm specification

  Done         Submit update to MSG as Proposed Standard

  Done         Submit update to CERT as Proposed Standard

  Done         Last call on RSA PSS algorithm specification

  Done         Submit RSA PSS algorithm specification as Proposed Standard

  Done         First draft of S/MIME Capabilities Certificate Extension

  Done         Working Group Last Call for S/MIME Capabilities Certificate
               Extension

  Done         Submit S/MIME Capabilities Certificate Extension as
               Informational RFC

  Dec 2007       Submit SHA-2 algorithms with CMS as Proposed Standard

  Dec 2007       Submit S/MIME Certificate Handling as Proposed Standard

  Dec 2007       Submit S/MIME Message Specification as Proposed Standard

  Dec 2008       Submit CMS as Draft Standard

  Dec 2008       Submit necessary algorithms documents* as Draft Standard

  Dec 2008       Submit Enhanced Security Services as Draft Standard

  Dec 2008       Submit S/MIME Message Specification as Draft Standard

  Dec 2008       Submit S/MIME Certificate Handling as Draft Standard


Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Dec 1999 Jan 2003   <draft-ietf-smime-symkeydist-09.txt>
               CMS Symmetric Key Management and Distribution

May 2003 May 2007   <draft-ietf-smime-cms-rsa-kem-03.txt>
               Use of the RSA-KEM Key Transport Algorithm in CMS

Dec 2005 May 2007   <draft-ietf-smime-cades-02.txt>
               CMS Advanced Electronic Signatures (CAdES)

Mar 2006 Apr 2007   <draft-ietf-smime-escertid-06.txt>
               ESS Update: Adding CertID Algorithm Agility

Jun 2006 Jul 2007   <draft-ietf-smime-ibearch-04.txt>
               Identity-based Encryption Architecture

Jun 2006 Jul 2007   <draft-ietf-smime-bfibecms-04.txt>
               Using the Boneh-Franklin and Boneh-Boyen identity-based
               encryption algorithms with the Cryptographic Message Syntax
               (CMS)

Dec 2006 Jun 2007   <draft-ietf-smime-multisig-01.txt>
               Multiple Signatures in S/MIME

Jan 2007 Apr 2007   <draft-ietf-smime-cms-auth-enveloped-04.txt>
               Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data
               Content Type

Jan 2007 May 2007   <draft-ietf-smime-cms-aes-ccm-and-gcm-02.txt>
               Using AES-CCM and AES-GCM Authenticated Encryption in the
               Cryptographic Message Syntax (CMS)

May 2007 May 2007   <draft-ietf-smime-sha2-00.txt>
               Using SHA2 Algorithms with Cryptographic Message Syntax

Request For Comments:

 RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC2311 I    Mar 1998    S/MIME Version 2 Message Specification

RFC2312 I    Mar 1998    S/MIME Version 2 Certificate Handling

RFC2630 PS   Jul 1999    Cryptographic Message Syntax

RFC2631 PS   Jul 1999    Diffie-Hellman Key Agreement Method

RFC2632 PS   Jul 1999    S/MIME Version 3 Certificate Handling

RFC2633 PS   Jul 1999    S/MIME Version 3 Message Specification

RFC2634 PS   Jul 1999    Enhanced Security Services for S/MIME

RFC2785 I    Mar 2000    Methods for Avoiding the 'Small-Subgroup' Attacks on the
                      Diffie-Hellman Key Agreement Method for S/MIME

RFC2876 I    Jul 2000    Use of the KEA and SKIPJACK Algorithms in CMS

RFC2984 PS   Oct 2000    Use of the CAST-128 Encryption Algorithm in CMS

RFC3058 I    Feb 2001    Use of the IDEA Encryption Algorithm in CMS

RFC3125 E    Sep 2001    Electronic Signature Policies

RFC3183 E    Oct 2001    Domain Security Services using S/MIME

RFC3126 I    Oct 2001    Electronic Signature Formats for long term electronic
                      signatures

RFC3185 PS   Oct 2001    Reuse of CMS Content Encryption Keys

RFC3217 I    Dec 2001    Triple-DES and RC2 Key Wrapping

RFC3211 PS   Dec 2001    Password-based Encryption for SMS

RFC3218 I    Jan 2002    Preventing the Million Message Attack on CMS

RFC3278 I    May 2002    Use of ECC Algorithms in CMS

RFC3274 PS   Jun 2002    Compressed Data Content Type for Cryptographic Message
                      Syntax (CMS)

RFC3369 PS   Sep 2002    Cryptographic Message Syntax

RFC3370 PS   Sep 2002    Cryptographic Message Syntax (CMS) Algorithms

RFC3394 I    Oct 2002    Advanced Encryption Standard (AES) Key Wrap Algorithm

RFC3114 I    Jan 2003    Implementing Company Classification Policy with the
                      S/MIME Security Label

RFC3537 PS   Jun 2003    Wrapping a Hashed Message Authentication Code (HMAC) key
                      with a Triple-Data Encryption Standard (DES) Key or an
                      Advanced Encryption Standard (AES)Key

RFC3560 PS   Jul 2003    Use of the RSAES-OAEP Key Transport Algorithm in
                      Cryptographic Message Syntax (CMS)

RFC3565 PS   Jul 2003    Use of the Advanced Encryption Standard (AES)Encryption
                      Algorithm in Cryptographic Message Syntax (CMS)

RFC3657Standard  Jan 2004    Use of the Camellia Encryption Algorithm in CMS

RFC3851Standard  Jul 2004    S/MIME Version 3.1 Message Specification

RFC3850Standard  Jul 2004    S/MIME Version 3.1 Certificate Handling

RFC3852Standard  Jul 2004    Cryptographic Message Syntax (CMS)

RFC3854Standard  Aug 2004    Securing X.400 Content with S/MIME

RFC3855Standard  Aug 2004    Transporting S/MIME Objects in X.400

RFC4010Standard  Feb 2005    Use of the SEED Encryption Algorithm in Cryptographic
                      Message Syntax (CMS)

RFC4056Standard  Jun 2005    Use of the RSASSA-PSS Signature Algorithm in
                      Cryptographic Message Syntax (CMS)

RFC4134 I    Jul 2005    Examples of S/MIME Messages

RFC4262Standard  Dec 2005    X.509 Certificate Extension for Secure/Multipurpose
                      Internet Mail Extensions (S/MIME) Capabilities

RFC4490 PS   May 2006    Using the GOST 28147-89, GOST R 34.11-94, GOST R
                      34.10-94 and GOST R 34.10-2001 Algorithms with the
                      Cryptographic Message Syntax (CMS)

RFC4853 PS   Apr 2007    Cryptographic Message Syntax (CMS) Multiple Signer
                      Clarification

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.