draft-ietf-smime-3850bis-07.txt   draft-ietf-smime-3850bis-08.txt 
S/MIME WG Blake Ramsdell, Brute Squad Labs S/MIME WG Blake Ramsdell, Brute Squad Labs
Internet Draft Sean Turner, IECA Internet Draft Sean Turner, IECA
Intended Status: Standard Track September 24, 2008 Intended Status: Standard Track October 2, 2008
Obsoletes: 3850 (once approved) Obsoletes: 3850 (once approved)
Expires: March 24, 2009 Expires: April 2, 2009
Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2
Certificate Handling Certificate Handling
draft-ietf-smime-3850bis-07.txt draft-ietf-smime-3850bis-08.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 35 skipping to change at page 1, line 35
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on March 24, 2008. This Internet-Draft will expire on April 2, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2008). Copyright (C) The IETF Trust (2008).
Abstract Abstract
This document specifies conventions for X.509 certificate usage by This document specifies conventions for X.509 certificate usage by
Secure/Multipurpose Internet Mail Extensions (S/MIME) agents. S/MIME Secure/Multipurpose Internet Mail Extensions (S/MIME) agents. S/MIME
provides a method to send and receive secure MIME messages, and provides a method to send and receive secure MIME messages, and
skipping to change at page 2, line 40 skipping to change at page 2, line 40
3. Using Distinguished Names For Internet Mail....................8 3. Using Distinguished Names For Internet Mail....................8
4. Certificate Processing.........................................9 4. Certificate Processing.........................................9
4.1. Certificate Revocation Lists.............................10 4.1. Certificate Revocation Lists.............................10
4.2. Certificate Path Validation..............................10 4.2. Certificate Path Validation..............................10
4.3. Certificate and CRL Signing Algorithms and Key Sizes.....11 4.3. Certificate and CRL Signing Algorithms and Key Sizes.....11
4.4. PKIX Certificate Extensions..............................12 4.4. PKIX Certificate Extensions..............................12
5. IANA Considerations...........................................14 5. IANA Considerations...........................................14
6. Security Considerations.......................................14 6. Security Considerations.......................................14
7. References....................................................16 7. References....................................................16
7.1. Normative References.....................................16 7.1. Normative References.....................................16
7.2. Informative References...................................17 7.2. Informative References...................................18
Appendix A. Moving S/MIME v2 Certificate Handling to Historic Appendix A. Moving S/MIME v2 Certificate Handling to Historic
Status...............................................19 Status...............................................20
Appendix B. Acknowledgements.....................................19 Appendix B. Acknowledgements.....................................20
1. Introduction 1. Introduction
S/MIME (Secure/Multipurpose Internet Mail Extensions), described in S/MIME (Secure/Multipurpose Internet Mail Extensions), described in
[SMIME-MSG], provides a method to send and receive secure MIME [SMIME-MSG], provides a method to send and receive secure MIME
messages. Before using a public key to provide security services, messages. Before using a public key to provide security services,
the S/MIME agent MUST verify that the public key is valid. S/MIME the S/MIME agent MUST verify that the public key is valid. S/MIME
agents MUST use PKIX certificates to validate public keys as agents MUST use PKIX certificates to validate public keys as
described in the Internet X.509 Public Key Infrastructure (PKIX) described in the Internet X.509 Public Key Infrastructure (PKIX)
Certificate and CRL Profile [KEYM]. S/MIME agents MUST meet the Certificate and CRL Profile [KEYM]. S/MIME agents MUST meet the
certificate processing requirements documented in this document in certificate processing requirements documented in this document in
addition to those stated in [KEYM]. addition to those stated in [KEYM].
This specification is compatible with the Cryptographic Message This specification is compatible with the Cryptographic Message
Syntax [CMS] in that it uses the data types defined by CMS. It also Syntax (CMS) RFC 3852 and RFC 4853 [CMS] in that it uses the data
inherits all the varieties of architectures for certificate-based key types defined by CMS. It also inherits all the varieties of
management supported by CMS. architectures for certificate-based key management supported by CMS.
1.1. Definitions 1.1. Definitions
For the purposes of this document, the following definitions apply. For the purposes of this document, the following definitions apply.
ASN.1: Abstract Syntax Notation One, as defined in ITU-T X.680 ASN.1: Abstract Syntax Notation One, as defined in ITU-T X.680
[X.680]. [X.680].
Attribute Certificate (AC): An X.509 AC is a separate structure from Attribute Certificate (AC): An X.509 AC is a separate structure from
a subject's public key X.509 Certificate. A subject may have a subject's public key X.509 Certificate. A subject may have
skipping to change at page 4, line 21 skipping to change at page 4, line 21
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [MUSTSHOULD]. document are to be interpreted as described in [MUSTSHOULD].
We define some additional terms here: We define some additional terms here:
SHOULD+ This term means the same as SHOULD. However, the authors SHOULD+ This term means the same as SHOULD. However, the authors
expect that a requirement marked as SHOULD+ will be promoted at expect that a requirement marked as SHOULD+ will be promoted at
some future time to be a MUST. some future time to be a MUST.
SHOULD- This term means the same as SHOULD. However, the authors SHOULD- This term means the same as SHOULD. However, the authors
expect a requirement marked as SHOULD- will be demoted to a MAY expect that a requirement marked as SHOULD- will be demoted to a
in a future version of this document. MAY in a future version of this document.
MUST- This term means the same as MUST. However, the authors MUST- This term means the same as MUST. However, the authors
expect that this requirement will no longer be a MUST in a future expect that this requirement will no longer be a MUST in a future
document. Although its status will be determined at a later document. Although its status will be determined at a later
time, it is reasonable to expect that if a future revision of a time, it is reasonable to expect that if a future revision of a
document alters the status of a MUST- requirement, it will remain document alters the status of a MUST- requirement, it will remain
at least a SHOULD or a SHOULD-. at least a SHOULD or a SHOULD-.
1.3. Compatibility with Prior Practice S/MIME 1.3. Compatibility with Prior Practice S/MIME
skipping to change at page 5, line 26 skipping to change at page 5, line 26
that does not have the digitalSignature or nonRepudiation bit set. that does not have the digitalSignature or nonRepudiation bit set.
Clarifications for the interpretation of the key usage and extended Clarifications for the interpretation of the key usage and extended
key usage extensions. key usage extensions.
1.5. Changes Since S/MIME v3.1 1.5. Changes Since S/MIME v3.1
Conventions Used in This Document: Moved to section 1.2. Added Conventions Used in This Document: Moved to section 1.2. Added
definitions for SHOULD+, SHOULD-, and MUST-. definitions for SHOULD+, SHOULD-, and MUST-.
Sec 1.2: Updated ASN.1 definition and reference. Sec 1.1: Updated ASN.1 definition and reference.
Sec 1.3: Added text about v3.1 RFCs. Sec 1.3: Added text about v3.1 RFCs.
Sec 3: Updated note to indicate emailAddress IA5String upper bound is Sec 3: Updated note to indicate emailAddress IA5String upper bound is
255 characters. 255 characters.
Sec 4.2: Added text to indicate how S/MIME agents locate the correct Sec 4.2: Added text to indicate how S/MIME agents locate the correct
user certificate. user certificate.
Sec 4.3: RSA with SHA-256 (PKCS #1 v1.5) added as MUST, DSA with SHA- Sec 4.3: RSA with SHA-256 (PKCS #1 v1.5) added as MUST, DSA with SHA-
256 added as SHOULD+, RSA with SHA-1 changed to SHOULD-, DSA with 256 added as SHOULD+, RSA with SHA-1, DSA with SHA-1, and RSA with
SHA-1, and RSA with MD5 changed to SHOULD-, and RSA-PSS with SHA-256 MD5 changed to SHOULD-, and RSA-PSS with SHA-256 added as SHOULD+.
added as SHOULD+. Updated key sizes and changed pointer from [KEYM] Updated key sizes and changed pointer to PKIX RFCs.
to [KEYMALG].
Sec 4.4.1: Aligned with PKIX on use of basic constraints extension in Sec 4.4.1: Aligned with PKIX on use of basic constraints extension in
CA certificates. Clarified which extension is used to constrain EEs CA certificates. Clarified which extension is used to constrain EEs
from using their keys to perform issuing authority operations. from using their keys to perform issuing authority operations.
Sec 6: Updated security considerations. Sec 6: Updated security considerations.
Sec 7: Moved references from Appendix B to section 7. Updated the Sec 7: Moved references from Appendix B to section 7. Updated the
references. references.
skipping to change at page 11, line 12 skipping to change at page 11, line 8
CRL retrieval mechanisms. Certificates and CRLs in incoming messages CRL retrieval mechanisms. Certificates and CRLs in incoming messages
are not required to be in any particular order nor are they required are not required to be in any particular order nor are they required
to be in any way related to the sender or recipient of the message to be in any way related to the sender or recipient of the message
(although in most cases they will be related to the sender). Incoming (although in most cases they will be related to the sender). Incoming
certificates and CRLs SHOULD be cached for use in path validation and certificates and CRLs SHOULD be cached for use in path validation and
optionally stored for later use. This temporary certificate and CRL optionally stored for later use. This temporary certificate and CRL
cache SHOULD be used to augment any other certificate and CRL cache SHOULD be used to augment any other certificate and CRL
retrieval mechanisms for path validation on incoming signed messages. retrieval mechanisms for path validation on incoming signed messages.
When verifying a signature and the certificates are included in the When verifying a signature and the certificates are included in the
message, if a signingCertificate or a signingCertificateV2 attribute message, if a signingCertificate attribute from RFC 2634 [ESS] or a
is found in an S/MIME message, it SHALL be used to identify the signingCertificateV2 attribute from RFC 5035 [ESS] is found in an
signer's certificate. Otherwise, the certificate is identified in an S/MIME message, it SHALL be used to identify the signer's
S/MIME message, either using the issuerAndSerialNumber which certificate. Otherwise, the certificate is identified in an S/MIME
identifies the signer's certificate by the issuer's distinguished message, either using the issuerAndSerialNumber which identifies the
name and the certificate serial number, or the subjectKeyIdentifier signer's certificate by the issuer's distinguished name and the
which identifies the signer's certificate by a key identifier. certificate serial number, or the subjectKeyIdentifier which
identifies the signer's certificate by a key identifier.
When decrypting an encrypted message, if a When decrypting an encrypted message, if a
SMIMEEncryptionKeyPreference attribute is found in an encapsulating SMIMEEncryptionKeyPreference attribute is found in an encapsulating
SignedData, it SHALL be used to identify the originator's certificate SignedData, it SHALL be used to identify the originator's certificate
found in OriginatorInfo. See [CMS] for the CMS fields that reference found in OriginatorInfo. See [CMS] for the CMS fields that reference
the originator's and recipient's certificates. the originator's and recipient's certificates.
4.3. Certificate and CRL Signing Algorithms and Key Sizes 4.3. Certificate and CRL Signing Algorithms and Key Sizes
Certificates and Certificate Revocation Lists (CRLs) are signed by Certificates and Certificate Revocation Lists (CRLs) are signed by
the certificate issuer. Receiving agents: the certificate issuer. Receiving agents:
- MUST support RSA with SHA-256, as specified in [CMS-SHA2] - MUST support RSA with SHA-256
- SHOULD+ support DSA with SHA-256, as specified in [CMS-SHA2] - SHOULD+ support DSA with SHA-256
- SHOULD+ support RSA-PSS with SHA-256, as specified in [RSAPSS] - SHOULD+ support RSA-PSS with SHA-256
- SHOULD- support RSA with SHA-1, as specified in [CMSALG] - SHOULD- support RSA with SHA-1
- SHOULD- support DSA with SHA-1, as specified in [CMSALG] - SHOULD- support DSA with SHA-1
- SHOULD- support RSA with MD5, as specified in [CMSALG] - SHOULD- support RSA with MD5
The following are the RSA key size requirements for S/MIME receiving The following are the RSA key size requirements for S/MIME receiving
agents during certificate and CRL signature verification: agents during certificate and CRL signature verification:
0 < key size < 512 : MAY (see Section 6) 0 < key size < 512 : MAY (see Section 6)
512 <= key size <= 4096 : MUST (see Section 6) 512 <= key size <= 4096 : MUST (see Section 6)
4096 < key size : MAY (see Section 6) 4096 < key size : MAY (see Section 6)
The following are the DSA key size requirements for S/MIME receiving The following are the DSA key size requirements for S/MIME receiving
agents during certificate and CRL signature verification: agents during certificate and CRL signature verification:
512 <= key size <= 1024 : MAY (see Section 6) 512 <= key size <= 1023 : MAY (see Section 6)
1024 = key size : SHOULD- (see Section 6)
For 512-bit RSA with SHA-1 see [KEYMALG] and [FIPS186-2] without
Change Notice 1, for 512-bit RSA with SHA-256 see [RSAOAEP] and
[FIPS186-2] without Change Notice 1, for 1024-bit through 3072-bit
RSA with SHA-256 see [RSAOAEP] and [FIPS186-2] with Change Notice 1,
and for 4096-bit RSA with SHA-256 see [RSAOAEP] and [PKCS1]. The
first reference provides the signature algorithm's object identifier
and the second provides the signature algorithm's definition.
For 512-bit DSA with SHA-1 see [KEYMALG] and [FIPS186-2] without
Change Notice 1, for 512-bit DSA with SHA-256 see [KEYMALG2] and
[FIPS186-2] without Change Notice 1, for 1024-bit DSA with SHA-1 see
[KEYMALG] and [FIPS186-2] with Change Notice 1, for 1024-bit DSA with
SHA-256 see [KEYMALG2] and [FIPS186-3]. The first reference provides
the signature algorithm's object identifier and the second provides
the signature algorithm's definition.
For 512-4096-bit RSA-PSS with SHA-256 see [RSAPSS].
4.4. PKIX Certificate Extensions 4.4. PKIX Certificate Extensions
PKIX describes an extensible framework in which the basic certificate PKIX describes an extensible framework in which the basic certificate
information can be extended and describes how such extensions can be information can be extended and describes how such extensions can be
used to control the process of issuing and validating certificates. used to control the process of issuing and validating certificates.
The PKIX Working Group has ongoing efforts to identify and create The PKIX Working Group has ongoing efforts to identify and create
extensions which have value in particular certification environments. extensions which have value in particular certification environments.
Further, there are active efforts underway to issue PKIX certificates Further, there are active efforts underway to issue PKIX certificates
for business purposes. This document identifies the minimum required for business purposes. This document identifies the minimum required
skipping to change at page 16, line 13 skipping to change at page 16, line 32
Point (CRLDP) and/or Authority Information Access (AIA) addresses Point (CRLDP) and/or Authority Information Access (AIA) addresses
could be included in fake certificates to allow the originator to could be included in fake certificates to allow the originator to
detect receipt of the message even if signature verification fails. detect receipt of the message even if signature verification fails.
The 4096-bit RSA key size requirement for certificate and CRL The 4096-bit RSA key size requirement for certificate and CRL
verification is larger than the 2048-bit RSA key sizes for message verification is larger than the 2048-bit RSA key sizes for message
signature generation/verification or message encryption/decryption in signature generation/verification or message encryption/decryption in
[SMIME-MSG] because many Root CAs included in certificate stores have [SMIME-MSG] because many Root CAs included in certificate stores have
already issued Root certificates with 4096-bit key. The standard already issued Root certificates with 4096-bit key. The standard
that defines comparable key sizes for DSA is not yet available. In that defines comparable key sizes for DSA is not yet available. In
particular, [FIPS186-3] only defines DSA key sizes up to 1024 bits. particular, [FIPS186-2] without Change Notice 1 allowed DSA key sizes
A revision to support larger key sizes is being developed, and once between 512 and 1024 bits and [FIPS186-2] with Change Notice 1 only
it is available, implementors ought to support DSA key sizes allowed DSA key sizes of 1024 bits. A revision to support larger key
comparable to the RSA key sizes recommended in this specification. sizes is being developed, and once it is available, implementors
ought to support DSA key sizes comparable to the RSA key sizes
recommended in this specification.
Today, 512-bit RSA and DSA keys are considered by many experts to be Today, 512-bit RSA and DSA keys are considered by many experts to be
cryptographically insecure. cryptographically insecure.
If an implementation is concerned about compliance with NIST key size
recommendations, then see [SP800-57].
7. References 7. References
7.1. Normative References 7.1. Normative References
[ACAUTH] Farrell, S. and R. Housley, "An Internet Attribute [ACAUTH] Farrell, S. and R. Housley, "An Internet Attribute
Certificate Profile for Authorization", RFC 3281, April Certificate Profile for Authorization", RFC 3281, April
2002. 2002.
[CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC [CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC
3852, July 2004. 3852, July 2004.
Housley, R., "Cryptographic Message Syntax (CMS) Housley, R., "Cryptographic Message Syntax (CMS)
Multiple Signer Clarification", RFC 4852, April 2007. Multiple Signer Clarification", RFC 4853, April 2007.
[CMSALG] Housley, R., "Cryptographic Message Syntax (CMS) [ESS] Hoffman, P., "Enhanced Security Services for S/MIME",
Algorithms", RFC 3370, August 2002. RFC 2634, June 1999.
[CMS-SHA2] Turner. S., "Using SHA2 Algorithms with Cryptographic Schaad, J., "ESS Update: Adding CertID Algorithm
Message Syntax", draft-ietf-smime-sha2, work-in- Agility", RFC 5035, August 2007.
progress.
[FIPS186-3] National Institute of Standards and Technology (NIST), [FIPS186-2] National Institute of Standards and Technology (NIST),
"Digital Signature Standard (DSS)", FIPS Publication "Digital Signature Standard (DSS)", FIPS Publication
186-3, March 2006. 186-3, January 2000. [With Change Notice 1]
[FIPS186-3] National Institute of Standards and Technology (NIST),
FIPS Publication 186-3: Digital Signature Standard,
(draft) March 2006.
[KEYM] Cooper, D., Santesson, S., Farrell, S., Boeyen, S. [KEYM] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation Infrastructure Certificate and Certificate Revocation
List (CRL) Profile", RFC 5280, May 2008. List (CRL) Profile", RFC 5280, May 2008.
[KEYMALG] Bassham, L., Polk, W., and R. Housley, "Algorithms and [KEYMALG] Bassham, L., Polk, W., and R. Housley, "Algorithms and
Identifiers for the Internet X.509 Public Key Identifiers for the Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation Infrastructure Certificate and Certificate Revocation
List (CRL) Profile", RFC 3279, April 2002. List (CRL) Profile", RFC 3279, April 2002.
[KEYMALG2] Dang, Q., Santesson, S., Moriarty, K., Brown, D., and
T. Polk, "Internet X.509 Public Key Infrastructure:
Additional Algorithms and Identifiers for DSA and
ECDSA", draft-ietf-pkix-sha2-dsa-ecdsa, work-in-
progress.
[MUSTSHOULD] Bradner, S., "Key words for use in RFCs to Indicate [MUSTSHOULD] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[PKCS1] Jonsson, J. and B. Kaliki, "Public-Key Cryptography
Standards (PKCS) #1: RSA Cryptography Specifications
Version 2.1", RFC 3447, February 2003.
[PKCS9] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object [PKCS9] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object
Classes and Attribute Types Version 2.0", RFC 2985, Classes and Attribute Types Version 2.0", RFC 2985,
November 2000. November 2000.
[IMF] Resnick, P., "Internet Message Format", work-in- [IMF] Resnick, P., "Internet Message Format", RFC 5322,
progress. October 2008.
[RSAPSS] Schaad, J., "Use of RSASA-PSS Signature Algorithm in [RSAPSS] Schaad, J., "Use of RSASA-PSS Signature Algorithm in
Cryptographic Message Syntax (CMS)", RFC 4056, June Cryptographic Message Syntax (CMS)", RFC 4056, June
2005. 2005.
[RSAOAEP] Schaad, J., Kaliski, B., and R. Housley, "Additional
Algorithms and Identifiers for RSA Cryptography for use
in the Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL)
Profile", RFC 4055, June 2005.
[SMIME-MSG] Ramsdell, B., and S. Turner, "S/MIME Version 3.2 [SMIME-MSG] Ramsdell, B., and S. Turner, "S/MIME Version 3.2
Message Specification", draft-ietf-smime-3851bis- Message Specification", draft-ietf-smime-3851bis-
07.txt, work-in-progress. 07.txt, work-in-progress.
[X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824- [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-
1:2002. Information Technology - Abstract Syntax 1:2002. Information Technology - Abstract Syntax
Notation One (ASN.1): Specification of basic notation. Notation One (ASN.1): Specification of basic notation.
7.2. Informative References 7.2. Informative References
skipping to change at page 18, line 47 skipping to change at page 19, line 41
Ramsdell, B., "S/MIME Version 3.1 Message Ramsdell, B., "S/MIME Version 3.1 Message
Specification", RFC 3851, July 2004. Specification", RFC 3851, July 2004.
Hoffman, P., "Enhanced Security Services for S/MIME", Hoffman, P., "Enhanced Security Services for S/MIME",
RFC 2634, June 1999. RFC 2634, June 1999.
Schaad, J., "ESS Update: Adding CertID Algorithm Schaad, J., "ESS Update: Adding CertID Algorithm
Agility", RFC 5035, August 2007. Agility", RFC 5035, August 2007.
[SP800-57] National Institute of Standards and Technology (NIST),
Special Publication 800-57: Recommendation for Key
Management, August 2005.
[X.500] ITU-T Recommendation X.500 (1997) | ISO/IEC 9594- [X.500] ITU-T Recommendation X.500 (1997) | ISO/IEC 9594-
1:1997, Information technology - Open Systems 1:1997, Information technology - Open Systems
Interconnection - The Directory: Overview of concepts, Interconnection - The Directory: Overview of concepts,
models and services. models and services.
Appendix A. Moving S/MIME v2 Certificate Handling to Historic Status Appendix A. Moving S/MIME v2 Certificate Handling to Historic Status
The S/MIME v3 [SMIMEv3], v3.1 [SMIMEv3.1], and v3.2 (this document) The S/MIME v3 [SMIMEv3], v3.1 [SMIMEv3.1], and v3.2 (this document)
are backwards compatible with the S/MIME v2 Certificate Handling are backwards compatible with the S/MIME v2 Certificate Handling
Specification [SMIMEv2], with the exception of the algorithms Specification [SMIMEv2], with the exception of the algorithms
 End of changes. 30 change blocks. 
45 lines changed or deleted 92 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/