draft-ietf-smime-3850bis-09.txt   draft-ietf-smime-3850bis-10.txt 
S/MIME WG Blake Ramsdell, Brute Squad Labs S/MIME WG B. Ramsdell
Internet Draft Sean Turner, IECA Internet Draft Brute Squad Labs
Intended Status: Standard Track April 6, 2009 Intended Status: Standard Track S. Turner
Obsoletes: 3850 (once approved) Obsoletes: 3850 (once approved) IECA
Expires: October 6, 2009 Expires: October 27, 2009 April 27, 2009
Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2
Certificate Handling Certificate Handling
draft-ietf-smime-3850bis-09.txt draft-ietf-smime-3850bis-10.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from IETF Standards Process. Without obtaining an adequate license from
skipping to change at page 1, line 43 skipping to change at page 1, line 43
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on October 6, 2009. This Internet-Draft will expire on October 27, 2009.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info). publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 3, line 5 skipping to change at page 3, line 5
2. CMS Options....................................................6 2. CMS Options....................................................6
2.1. Certificate Revocation Lists..............................6 2.1. Certificate Revocation Lists..............................6
2.2. Certificate Choices.......................................7 2.2. Certificate Choices.......................................7
2.2.1. Historical Note About CMS Certificates...............7 2.2.1. Historical Note About CMS Certificates...............7
2.3. CertificateSet............................................7 2.3. CertificateSet............................................7
3. Using Distinguished Names For Internet Mail....................8 3. Using Distinguished Names For Internet Mail....................8
4. Certificate Processing.........................................9 4. Certificate Processing.........................................9
4.1. Certificate Revocation Lists.............................10 4.1. Certificate Revocation Lists.............................10
4.2. Certificate Path Validation..............................11 4.2. Certificate Path Validation..............................11
4.3. Certificate and CRL Signing Algorithms and Key Sizes.....12 4.3. Certificate and CRL Signing Algorithms and Key Sizes.....12
4.4. PKIX Certificate Extensions..............................13 4.4. PKIX Certificate Extensions..............................12
5. IANA Considerations...........................................15 5. IANA Considerations...........................................15
6. Security Considerations.......................................16 6. Security Considerations.......................................15
7. References....................................................18 7. References....................................................18
7.1. Normative References.....................................18 7.1. Normative References.....................................18
7.2. Informative References...................................19 7.2. Informative References...................................19
Appendix A. Moving S/MIME v2 Certificate Handling to Historic Appendix A. Moving S/MIME v2 Certificate Handling to Historic
Status...............................................22 Status...............................................22
Appendix B. Acknowledgements.....................................22 Appendix B. Acknowledgements.....................................22
1. Introduction 1. Introduction
S/MIME (Secure/Multipurpose Internet Mail Extensions) v3.2, described S/MIME (Secure/Multipurpose Internet Mail Extensions) v3.2, described
skipping to change at page 6, line 10 skipping to change at page 6, line 10
Sec 3: Aligned email address text with RFC 5280. Updated note to Sec 3: Aligned email address text with RFC 5280. Updated note to
indicate emailAddress IA5String upper bound is 255 characters. Added indicate emailAddress IA5String upper bound is 255 characters. Added
text about matching email addresses. text about matching email addresses.
Sec 4.2: Added text to indicate how S/MIME agents locate the correct Sec 4.2: Added text to indicate how S/MIME agents locate the correct
user certificate. user certificate.
Sec 4.3: RSA with SHA-256 (PKCS #1 v1.5) added as MUST, DSA with SHA- Sec 4.3: RSA with SHA-256 (PKCS #1 v1.5) added as MUST, DSA with SHA-
256 added as SHOULD+, RSA with SHA-1, DSA with SHA-1, and RSA with 256 added as SHOULD+, RSA with SHA-1, DSA with SHA-1, and RSA with
MD5 changed to SHOULD-, and RSA-PSS with SHA-256 added as SHOULD+. MD5 changed to SHOULD-, and RSASSA-PSS with SHA-256 added as SHOULD+.
Updated key sizes and changed pointer to PKIX RFCs. Updated key sizes and changed pointer to PKIX RFCs.
Sec 4.4.1: Aligned with PKIX on use of basic constraints extension in Sec 4.4.1: Aligned with PKIX on use of basic constraints extension in
CA certificates. Clarified which extension is used to constrain EEs CA certificates. Clarified which extension is used to constrain EEs
from using their keys to perform issuing authority operations. from using their keys to perform issuing authority operations.
Sec 6: Updated security considerations. Sec 6: Updated security considerations.
Sec 7: Moved references from Appendix B to section 7. Updated the Sec 7: Moved references from Appendix B to section 7. Updated the
references. references.
skipping to change at page 12, line 14 skipping to change at page 12, line 14
4.3. Certificate and CRL Signing Algorithms and Key Sizes 4.3. Certificate and CRL Signing Algorithms and Key Sizes
Certificates and Certificate Revocation Lists (CRLs) are signed by Certificates and Certificate Revocation Lists (CRLs) are signed by
the certificate issuer. Receiving agents: the certificate issuer. Receiving agents:
- MUST support RSA with SHA-256 - MUST support RSA with SHA-256
- SHOULD+ support DSA with SHA-256 - SHOULD+ support DSA with SHA-256
- SHOULD+ support RSA-PSS with SHA-256 - SHOULD+ support RSASSA-PSS with SHA-256
- SHOULD- support RSA with SHA-1 - SHOULD- support RSA with SHA-1
- SHOULD- support DSA with SHA-1 - SHOULD- support DSA with SHA-1
- SHOULD- support RSA with MD5 - SHOULD- support RSA with MD5
The following are the RSA key size requirements for S/MIME receiving The following are the RSA key size requirements for S/MIME receiving
agents during certificate and CRL signature verification: agents during certificate and CRL signature verification:
skipping to change at page 13, line 4 skipping to change at page 12, line 28
- SHOULD- support DSA with SHA-1 - SHOULD- support DSA with SHA-1
- SHOULD- support RSA with MD5 - SHOULD- support RSA with MD5
The following are the RSA key size requirements for S/MIME receiving The following are the RSA key size requirements for S/MIME receiving
agents during certificate and CRL signature verification: agents during certificate and CRL signature verification:
key size <= 1023 : MAY (see Section 6) key size <= 1023 : MAY (see Section 6)
1024 <= key size <= 4096 : MUST (see Section 6) 1024 <= key size <= 4096 : MUST (see Section 6)
4096 < key size : MAY (see Section 6) 4096 < key size : MAY (see Section 6)
The following are the DSA key size requirements for S/MIME receiving The following are the DSA key size requirements for S/MIME receiving
agents during certificate and CRL signature verification: agents during certificate and CRL signature verification:
key size <= 1023 : MAY (see Section 6) key size <= 1023 : MAY (see Section 6)
1024 = key size : SHOULD- (see Section 6) 1024 = key size : SHOULD (see Section 6)
For 512-bit RSA with SHA-1 see [KEYMALG] and [FIPS186-2] without For 512-bit RSA with SHA-1 see [KEYMALG] and [FIPS186-2] without
Change Notice 1, for 512-bit RSA with SHA-256 see [RSAOAEP] and Change Notice 1, for 512-bit RSA with SHA-256 see [RSAOAEP] and
[FIPS186-2] without Change Notice 1, for 1024-bit through 3072-bit [FIPS186-2] without Change Notice 1, for 1024-bit through 3072-bit
RSA with SHA-256 see [RSAOAEP] and [FIPS186-2] with Change Notice 1, RSA with SHA-256 see [RSAOAEP] and [FIPS186-2] with Change Notice 1,
and for 4096-bit RSA with SHA-256 see [RSAOAEP] and [PKCS1]. In and for 4096-bit RSA with SHA-256 see [RSAOAEP] and [PKCS1]. In
either case, the first reference provides the signature algorithm's either case, the first reference provides the signature algorithm's
object identifier and the second provides the signature algorithm's object identifier and the second provides the signature algorithm's
definition. definition.
For 512-bit DSA with SHA-1 see [KEYMALG] and [FIPS186-2] without For 512-bit DSA with SHA-1 see [KEYMALG] and [FIPS186-2] without
Change Notice 1, for 512-bit DSA with SHA-256 see [KEYMALG2] and Change Notice 1, for 512-bit DSA with SHA-256 see [KEYMALG2] and
[FIPS186-2] without Change Notice 1, for 1024-bit DSA with SHA-1 see [FIPS186-2] without Change Notice 1, for 1024-bit DSA with SHA-1 see
[KEYMALG] and [FIPS186-2] with Change Notice 1, for 1024-bit DSA with [KEYMALG] and [FIPS186-2] with Change Notice 1, for 1024-bit DSA with
SHA-256 see [KEYMALG2] and [FIPS186-3]. In either case, the first SHA-256 see [KEYMALG2] and [FIPS186-3]. In either case, the first
reference provides the signature algorithm's object identifier and reference provides the signature algorithm's object identifier and
the second provides the signature algorithm's definition. the second provides the signature algorithm's definition.
For 512-4096-bit RSA-PSS with SHA-256 see [RSAPSS]. For 512-4096-bit RSASSA-PSS with SHA-256 see [RSAPSS].
4.4. PKIX Certificate Extensions 4.4. PKIX Certificate Extensions
PKIX describes an extensible framework in which the basic certificate PKIX describes an extensible framework in which the basic certificate
information can be extended and describes how such extensions can be information can be extended and describes how such extensions can be
used to control the process of issuing and validating certificates. used to control the process of issuing and validating certificates.
The PKIX Working Group has ongoing efforts to identify and create The PKIX Working Group has ongoing efforts to identify and create
extensions which have value in particular certification environments. extensions which have value in particular certification environments.
Further, there are active efforts underway to issue PKIX certificates Further, there are active efforts underway to issue PKIX certificates
for business purposes. This document identifies the minimum required for business purposes. This document identifies the minimum required
skipping to change at page 19, line 29 skipping to change at page 19, line 13
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[PKCS1] Jonsson, J. and B. Kaliki, "Public-Key Cryptography [PKCS1] Jonsson, J. and B. Kaliki, "Public-Key Cryptography
Standards (PKCS) #1: RSA Cryptography Specifications Standards (PKCS) #1: RSA Cryptography Specifications
Version 2.1", RFC 3447, February 2003. Version 2.1", RFC 3447, February 2003.
[PKCS9] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object [PKCS9] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object
Classes and Attribute Types Version 2.0", RFC 2985, Classes and Attribute Types Version 2.0", RFC 2985,
November 2000. November 2000.
[RSAPSS] Schaad, J., "Use of RSASA-PSS Signature Algorithm in [RSAPSS] Schaad, J., "Use of RSASSA-PSS Signature Algorithm in
Cryptographic Message Syntax (CMS)", RFC 4056, June Cryptographic Message Syntax (CMS)", RFC 4056, June
2005. 2005.
[RSAOAEP] Schaad, J., Kaliski, B., and R. Housley, "Additional [RSAOAEP] Schaad, J., Kaliski, B., and R. Housley, "Additional
Algorithms and Identifiers for RSA Cryptography for use Algorithms and Identifiers for RSA Cryptography for use
in the Internet X.509 Public Key Infrastructure in the Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL) Certificate and Certificate Revocation List (CRL)
Profile", RFC 4055, June 2005. Profile", RFC 4055, June 2005.
[SMIME-MSG] Ramsdell, B., and S. Turner, "S/MIME Version 3.2 [SMIME-MSG] Ramsdell, B., and S. Turner, "S/MIME Version 3.2
Message Specification", draft-ietf-smime-3851bis- Message Specification", draft-ietf-smime-3851bis-
09.txt, work-in-progress. 10.txt, work-in-progress.
[X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824- [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-
1:2002. Information Technology - Abstract Syntax 1:2002. Information Technology - Abstract Syntax
Notation One (ASN.1): Specification of basic notation. Notation One (ASN.1): Specification of basic notation.
7.2. Informative References 7.2. Informative References
[PKCS6] RSA Laboratories, "PKCS #6: Extended-Certificate Syntax [PKCS6] RSA Laboratories, "PKCS #6: Extended-Certificate Syntax
Standard", November 1993. Standard", November 1993.
skipping to change at page 22, line 10 skipping to change at page 22, line 10
[X.500] ITU-T Recommendation X.500 (1997) | ISO/IEC 9594- [X.500] ITU-T Recommendation X.500 (1997) | ISO/IEC 9594-
1:1997, Information technology - Open Systems 1:1997, Information technology - Open Systems
Interconnection - The Directory: Overview of concepts, Interconnection - The Directory: Overview of concepts,
models and services. models and services.
Appendix A. Moving S/MIME v2 Certificate Handling to Historic Status Appendix A. Moving S/MIME v2 Certificate Handling to Historic Status
The S/MIME v3 [SMIMEv3], v3.1 [SMIMEv3.1], and v3.2 (this document) The S/MIME v3 [SMIMEv3], v3.1 [SMIMEv3.1], and v3.2 (this document)
are backwards compatible with the S/MIME v2 Certificate Handling are backwards compatible with the S/MIME v2 Certificate Handling
Specification [SMIMEv2], with the exception of the algorithms Specification [SMIMEv2], with the exception of the algorithms
(dropped RC2/40 requirement and added DSA and RSA-PSS requirements). (dropped RC2/40 requirement and added DSA and RSASSA-PSS
Therefore, it is recommended that RFC 2312 [SMIMEv2] be moved to requirements). Therefore, it is recommended that RFC 2312 [SMIMEv2]
Historic status. be moved to Historic status.
Appendix B. Acknowledgments Appendix B. Acknowledgments
Many thanks go out to the other authors of the S/MIME v2 RFC: Steve Many thanks go out to the other authors of the S/MIME v2 RFC: Steve
Dusse, Paul Hoffman and Jeff Weinstein. Without v2, there wouldn't Dusse, Paul Hoffman and Jeff Weinstein. Without v2, there wouldn't
be a v3, v3.1 or v3.2. be a v3, v3.1 or v3.2.
A number of the members of the S/MIME Working Group have also worked A number of the members of the S/MIME Working Group have also worked
very hard and contributed to this document. Any list of people is very hard and contributed to this document. Any list of people is
doomed to omission and for that I apologize. In alphabetical order, doomed to omission and for that I apologize. In alphabetical order,
skipping to change at page 22, line 33 skipping to change at page 22, line 33
the following people stand out in my mind due to the fact that they the following people stand out in my mind due to the fact that they
made direct contributions to this document. made direct contributions to this document.
Bill Flanigan, Trevor Freeman, Elliott Ginsburg, Alfred Hoenes, Paul Bill Flanigan, Trevor Freeman, Elliott Ginsburg, Alfred Hoenes, Paul
Hoffman, Russ Housley, David P. Kemp, Michael Myers, John Pawling, Hoffman, Russ Housley, David P. Kemp, Michael Myers, John Pawling,
Denis Pinkas, and Jim Schaad. Denis Pinkas, and Jim Schaad.
Authors' Addresses Authors' Addresses
Blake Ramsdell Blake Ramsdell
Brute Squad Labs, Inc. Brute Squad Labs, Inc.
Email: blaker@gmail.com EMail: blaker@gmail.com
Sean Turner Sean Turner
IECA, Inc. IECA, Inc.
3057 Nutley Street, Suite 106 3057 Nutley Street, Suite 106
Fairfax, VA 22031 Fairfax, VA 22031
USA USA
Email: turners@ieca.com EMail: turners@ieca.com
 End of changes. 16 change blocks. 
19 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/