draft-ietf-smime-certcapa-04.txt   draft-ietf-smime-certcapa-05.txt 
S/MIME Working Group S. Santesson (Microsoft) S/MIME Working Group S. Santesson (Microsoft)
INTERNET-DRAFT INTERNET-DRAFT
Expires September 2005 Expires November 2005 May 2005
March 2005
X.509 Certificate Extension for S/MIME Capabilities X.509 Certificate Extension for S/MIME Capabilities
<draft-ietf-smime-certcapa-04.txt> <draft-ietf-smime-certcapa-05.txt>
By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed,
or will be disclosed, and any of which I become aware will be
disclosed, in accordance with RFC 3668
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than a "work in progress." material or to cite them other than a "work in progress."
skipping to change at page 2, line 27 skipping to change at page 2, line 27
1 Introduction 1 Introduction
This document defines a certificate extension for inclusion of S/MIME This document defines a certificate extension for inclusion of S/MIME
capabilities in X.509 public key certificates, as defined by RFC 3280 capabilities in X.509 public key certificates, as defined by RFC 3280
[RFC 3280]. [RFC 3280].
The S/MIME Capabilities attribute, defined in RFC 3851, is defined to The S/MIME Capabilities attribute, defined in RFC 3851, is defined to
indicate cryptographic capabilities of the sender of a signed S/MIME indicate cryptographic capabilities of the sender of a signed S/MIME
message. This information can be used by the recipient in subsequent message. This information can be used by the recipient in subsequent
S/MIME secured exchanges to select appropriate cryptographic S/MIME secured exchanges to select appropriate cryptographic
properties for future exchange with the opponent. properties.
S/MIME does however involve also the scenario where e.g. a sender of S/MIME does however involve also the scenario where e.g. a sender of
an encrypted message has no prior established knowledge of the an encrypted message has no prior established knowledge of the
recipient's cryptographic capabilities through recent S/MIME recipient's cryptographic capabilities through recent S/MIME
exchanges. exchanges.
In such case the sender is forced to rely on out-of-band means or its In such case the sender is forced to rely on out-of-band means or its
default configuration to select content encryption algorithm for default configuration to select content encryption algorithm for
encrypted messages to recipients with unknown capabilities. Such encrypted messages to recipients with unknown capabilities. Such
default configuration may however be incompatible with the default configuration may however be incompatible with the
skipping to change at page 3, line 27 skipping to change at page 3, line 27
The S/MIME capabilities extension data structure used in this The S/MIME capabilities extension data structure used in this
specification is identical to the data structure of the specification is identical to the data structure of the
SMIMECapabilities attribute defined in RFC 3851 [RFC 3851] (The ASN.1 SMIMECapabilities attribute defined in RFC 3851 [RFC 3851] (The ASN.1
structure of smimeCapabilities is included below for illustrative structure of smimeCapabilities is included below for illustrative
purposes only). purposes only).
smimeCapabilities OBJECT IDENTIFIER ::= smimeCapabilities OBJECT IDENTIFIER ::=
{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) 15} pkcs-9(9) 15}
sMIMECapabilitiesExt EXTENSION ::= {
SYNTAX SMIMECapabilities
IDENTIFIED BY smimeCapabilities }
SMIMECapabilities ::= SEQUENCE OF SMIMECapability SMIMECapabilities ::= SEQUENCE OF SMIMECapability
SMIMECapability ::= SEQUENCE { SMIMECapability ::= SEQUENCE {
capabilityID OBJECT IDENTIFIER, capabilityID OBJECT IDENTIFIER,
parameters ANY DEFINED BY capabilityID OPTIONAL } parameters ANY DEFINED BY capabilityID OPTIONAL }
All content requirements defined for the SMIMECapabilities attribute All content requirements defined for the SMIMECapabilities attribute
in RFC 3851 applies also to this extension. in RFC 3851 applies also to this extension.
There are numerous different types of S/MIME capabilities that have There are numerous different types of S/MIME capabilities that have
skipping to change at page 4, line 32 skipping to change at page 4, line 27
The S/MIME capabilities extension contains a statement about the The S/MIME capabilities extension contains a statement about the
subject's capabilities made at the time of certificate issuance. subject's capabilities made at the time of certificate issuance.
Implementers should therefore take into account any effect caused by Implementers should therefore take into account any effect caused by
the change of these capabilities during the lifetime of the the change of these capabilities during the lifetime of the
certificate. certificate.
Change in the subject's capabilities during the lifetime of a Change in the subject's capabilities during the lifetime of a
certificate may require revocation of the certificate. Revocation certificate may require revocation of the certificate. Revocation
should however only be motivated if a listed algorithm is considered should however only be motivated if a listed algorithm is considered
broken and/or considered too weak for the governing security policy. broken or considered too weak for the governing security policy.
Implementers should take into account that the use of this extension Implementers should take into account that the use of this extension
does not change the fact that it is always the responsibility of the does not change the fact that it is always the responsibility of the
sender to choose sufficiently strong encryption for its information sender to choose sufficiently strong encryption for its information
disclosure. disclosure.
5 References 5 References
Normative references: Normative references:
skipping to change at page 5, line 43 skipping to change at page 5, line 43
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject Copyright (C) The Internet Society (2005).
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Expires September 2005 This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
Expires November 2005
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/