draft-ietf-smime-certcapa-01.txt   draft-ietf-smime-certcapa-02.txt 
S/MIME Working Group S. Santesson (Microsoft) S/MIME Working Group S. Santesson (Microsoft)
INTERNET-DRAFT INTERNET-DRAFT
Expires May 2005 Expires June 2005
November 2004 December 2004
Certificate extension for S/MIME Capabilities Certificate extension for S/MIME Capabilities
<draft-ietf-smime-certcapa-01.txt> <draft-ietf-smime-certcapa-02.txt>
By submitting this Internet-Draft, I certify that any applicable By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed, patent or other IPR claims of which I am aware have been disclosed,
or will be disclosed, and any of which I become aware will be or will be disclosed, and any of which I become aware will be
disclosed, in accordance with RFC 3668 disclosed, in accordance with RFC 3668
Status of this Memo Status of this Memo
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 2, line 21 skipping to change at page 2, line 21
5 References .................................................. 4 5 References .................................................. 4
Authors' Addresses ............................................. 4 Authors' Addresses ............................................. 4
Disclaimer ..................................................... 5 Disclaimer ..................................................... 5
Copyright Statement ............................................ 5 Copyright Statement ............................................ 5
1. Introduction 1. Introduction
The purpose of this specification is to specify a simple approach to The purpose of this specification is to specify a simple approach to
store cryptographic capabilities in public key certificates. store cryptographic capabilities in public key certificates.
The S/MIME Capabilities attribute is defined in RFC 3851 to identify The S/MIME Capabilities attribute is defined in RFC 3851 for
the cryptographic capabilities of the sender of a signed S/MIME specifying cryptographic capabilities of the sender of a signed
message. This information can be used by the recipient in subsequent S/MIME message. This information can be used by the recipient in
S/MIME secured exchanges to select appropriate cryptographic subsequent S/MIME secured exchanges to select appropriate
properties for future exchange with the opponent. cryptographic properties for future exchange with the opponent.
The use of S/MIME does however introduce the scenario where a sender The use of S/MIME does however introduce the scenario where e.g. a
of an encrypted message has no prior established knowledge of the sender of an encrypted message has no prior established knowledge of
recipient's cryptographic capabilities through recent S/MIME the recipient's cryptographic capabilities through recent S/MIME
exchanges. exchanges.
In such case the sender is forced to rely on its default In such case the sender is forced to rely on its default
configuration for encrypted messages to recipients with unknown configuration for encrypted messages to recipients with unknown
capabilities. The problem is however that this default configuration capabilities. The problem is however that this default configuration
may not be compatible with the recipient's capabilities and/or may not be compatible with the recipient's capabilities and/or
security policy. security policy.
The solution defined in this specification leverages on the fact that The solution defined in this specification leverages on the fact that
S/MIME encryption requires possession of the recipient's public key S/MIME encryption requires possession of the recipient's public key
skipping to change at page 4, line 10 skipping to change at page 4, line 10
The S/MIME capabilities extension contains a statement about the The S/MIME capabilities extension contains a statement about the
subject's capabilities made at the time of certificate issuance. subject's capabilities made at the time of certificate issuance.
Implementers should therefore take into account any effect caused by Implementers should therefore take into account any effect caused by
the change of these capabilities during the lifetime of the the change of these capabilities during the lifetime of the
certificate. certificate.
Change in the subject's capabilities during the lifetime of a Change in the subject's capabilities during the lifetime of a
certificate may require revocation of the certificate. Revocation certificate may require revocation of the certificate. Revocation
should however only be motivated if a listed algorithm is considered should however only be motivated if a listed algorithm is considered
broken and/or considered too week to use for the adopted encryption broken and/or considered too weak to use for the adopted encryption
policy. policy.
Implementers should take into account that the use of this extension Implementers should take into account that the use of this extension
does not change the fact that it is always the responsibility of the does not change the fact that it is always the responsibility of the
sender to choose sufficiently strong encryption for its information sender to choose sufficiently strong encryption for its information
disclosure. disclosure.
5 References 5 References
Normative references: Normative references:
[RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC [RFC 3280] R. Housley, W. Polk, W. Ford, and D. Solo, "Internet
3280] R. Housley, W. Polk, W. Ford, and D. Solo, "Internet
X.509 Public Key Infrastructure: Certificate and X.509 Public Key Infrastructure: Certificate and
Certificate Revocation List (CRL) Profile", RFC 3280, Certificate Revocation List (CRL) Profile", RFC 3280,
April 2002. April 2002.
[RFC 3851] B. Ramsdell, "Secure/Multipurpose Internet Mail [RFC 3851] B. Ramsdell, "Secure/Multipurpose Internet Mail
Extensions (S/MIME) Version 3.1 Message Specification", Extensions (S/MIME) Version 3.1 Message Specification",
RFC 3851, July 2004 RFC 3851, July 2004
Authors' Addresses Authors' Addresses
skipping to change at page 5, line 21 skipping to change at page 5, line 21
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
Expires May 2005 Expires June 2005
Attachment Converted: C:\Program Files\Qualcomm\Eudora\attachements\draft-ietf-smime-certcapa-011.nro
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/