Last Modified: 2004-02-02
The Cryptographic Message Syntax (CMS) (RFC 3369) is cryptographic algorithm independent, yet there is always more than one way to use any algorithm. To ensure interoperability, each algorithm should have a specification that describes its use with CMS. Specifications for the use of additional cryptographic algorithms will be developed.
As part of the specification update, a new suite of "mandatory to implement" algorithms will be selected. These algorithms will be reflected in updates to CERT and MSG (RFC 2632 and RFC 2633). Building on the CMS CompressedData content type specified in RFC 3274, the update to MSG will specify conventions for message compression, in addition to message signature and encryption.
To aid implementers, documents containing example output for CMS will be collected and published. Some of the examples will include structures and signed attributes defined in the Enhanced Security Services (ESS) (RFC 2634) document.
CMS, and thus S/MIME version 3 and later, permit the use of previously distributed symmetric key-encryption keys. Specifications for the distribution of symmetric key-encryption keys to multiple message recipients will be developed. Mail List Agents (MLAs) are one user of symmetric key-encryption keys. The specification will be algorithm independent.
In S/MIME version 3 and later, CMS is used to provide security to the message content if an Internet mail message. However, CMS can also be employed in an X.400 electronic messaging envionments. Specifications will be developed allowing this to be done in an interoperable manner.
The working group will perform necessary interoperability testing to progress the S/MIME specifications to Draft Standard. The CMS specification depends on the RFC 3280, the PKIX certificate and CRL profile. This profile must progress to Draft Standard before CMS and the other S/MIME specification can progress to Draft Standard. Assuming timely progress by the PKIX Working Group, the S/MIME specification can start progressing to Draft Standard toward the end of 2003.
Done | First draft of security label usage specification. | |
Done | First draft of CMS RecipientInfo extension. | |
Done | Last call on KEA and SKIPJACK algorithm specification. | |
Done | Last call on small subgroup attack avoidance | |
Done | First draft of CAST algorithm specification. | |
Done | Last call on certificate distribution specification. | |
Done | First draft of mail list key distribution. | |
Done | Submit KEA and SKIPJACK algorithm specification as Informational RFC. | |
Done | Submit small subgroup attack avoidance as Informational RFC | |
Done | Last call on CAST algorithm specification. | |
Done | Updated draft of domain security services document. | |
Done | Last call on security label usage specification. | |
Done | Last call on IDEA algorithm specification. | |
Done | Last call on CMS RecipientInfo extension. | |
Done | Last call on mail list key distribution. | |
Done | Submit CAST algorithm specification as Informational RFC. | |
Done | Submit security label usage specification as Informational RFC. | |
Done | Submit IDEA algorithm specification as Informational RFC. | |
Done | Submit CMS RecipientInfo extension to IESG for consideration as a Proposed Standard. | |
Done | Last call on domain security services document. | |
Done | Submit domain security services as Experimental RFC. | |
Done | Submit mail list key distribution as a Proposed Standard | |
Done | Submit X.400 CMS wrapper specification as a Proposed Standard | |
Done | Submit HMAC key wrap description as Proposed Standard | |
Done | Submit RSA OAEP algorithm specification as Proposed Standard | |
Done | Sumbit AES algorithm specification as Proposed Standard | |
Done | Submit X.400 transport as a Proposed Standard | |
Done | Last call on CMS and ESS examples document | |
Apr 03 | Sumbit update to MSG as Proposed Standard | |
Apr 03 | Sumbit update to CERT as Proposed Standard | |
Done | First draft of RSA KEM algorithm specification | |
May 03 | Submit CMS and ESS examples document as Informational RFC | |
Done | Last call on RSA PSS algorithm specification | |
Jul 03 | Last call on RSA KEM algorithm specification | |
Sep 03 | Submit RSA PSS algorithm specification as Proposed Standard | |
Oct 03 | Submit RSA KEM algorithm specification as Proposed Standard | |
Oct 03 | Final S/MIME version 3.1 interoperability matrix | |
Nov 03 | Request advancement of CMS Algorithms to Draft Standard | |
Nov 03 | Request advancement of CMS to Draft Standard | |
Dec 03 | Request advancement of ESS to Draft Standard | |
Dec 03 | Request advancement of CERT to Draft Standard | |
Dec 03 | Request advancement of MSG to Draft Standard |
RFC | Status | Title |
---|---|---|
RFC2311 | I | S/MIME Version 2 Message Specification |
RFC2312 | I | S/MIME Version 2 Certificate Handling |
RFC2630 | PS | Cryptographic Message Syntax |
RFC2631 | PS | Diffie-Hellman Key Agreement Method |
RFC2632 | PS | S/MIME Version 3 Certificate Handling |
RFC2633 | PS | S/MIME Version 3 Message Specification |
RFC2634 | PS | Enhanced Security Services for S/MIME |
RFC2785 | I | Methods for Avoiding the 'Small-Subgroup' Attacks on the Diffie-Hellman Key Agreement Method for S/MIME |
RFC2876 | I | Use of the KEA and SKIPJACK Algorithms in CMS |
RFC2984 | PS | Use of the CAST-128 Encryption Algorithm in CMS |
RFC3058 | I | Use of the IDEA Encryption Algorithm in CMS |
RFC3125 | E | Electronic Signature Policies |
RFC3183 | E | Domain Security Services using S/MIME |
RFC3126 | I | Electronic Signature Formats for long term electronic signatures |
RFC3185 | PS | Reuse of CMS Content Encryption Keys |
RFC3217 | I | Triple-DES and RC2 Key Wrapping |
RFC3211 | PS | Password-based Encryption for SMS |
RFC3218 | I | Preventing the Million Message Attack on CMS |
RFC3278 | I | Use of ECC Algorithms in CMS |
RFC3274 | PS | Compressed Data Content Type for Cryptographic Message Syntax (CMS) |
RFC3369 | PS | Cryptographic Message Syntax |
RFC3370 | PS | Cryptographic Message Syntax (CMS) Algorithms |
RFC3394 | I | Advanced Encryption Standard (AES) Key Wrap Algorithm |
RFC3114 | I | Implementing Company Classification Policy with the S/MIME Security Label |
RFC3537 | PS | Wrapping a Hashed Message Authentication Code (HMAC) key with a Triple-Data Encryption Standard (DES) Key or an Advanced Encryption Standard (AES)Key |
RFC3560 | PS | Use of the RSAES-OAEP Key Transport Algorithm in Cryptographic Message Syntax (CMS) |
RFC3565 | PS | Use of the Advanced Encryption Standard (AES)Encryption Algorithm in Cryptographic Message Syntax (CMS) |
RFC3657 | Standard | Use of the Camellia Encryption Algorithm in CMS |
timistic.S/MIME Minutes March 2, 2004 Seoul, Korea The meeting was chaired by Sean Turner; Blake Ramsdell was jacked in from Seattle via Jabber and iChat. The short agenda was agreed to. Sean updated the status since the last IETF meeting. New RFC (3657, Camellia) Three drafts that are with the RFC editor (symkeydist, x400wrap, and x400transport) Two drafts in WG last call (rfc2632bis and rfc2633bis) The draft that will go into WG last call when its editor finally finishes it (examples). Three drafts are currently active in the WG: cms-rsa-kem gost park-cms-seed Sean talked about the milestones and how well we are doing on them. We have a few short-term milestones and a much longer list of long-term ones. Sean gave Blake's presentation on MSGbis and CERTbis status Give the list of changes from last versions Received a bunch of editorial comments for both documents Russ said that other groups are using these docs, so please take a careful look at them. Sean gave a presentation on GOST status Added a new draft with the algorithms needed for implementing GOST Move the default parameters to different doc Added message examples Seeking more input, particularly from implementers Jongwook Park gave SEED updates Two drafts are already out there The algorithm is mandatory in Korea for government devices Approved by ISO/IEC JTC1/SC27 Looking for comments and implementations We finished in about 17 minutes. |