draft-ietf-smime-rfc2632bis-02.txt   draft-ietf-smime-rfc2632bis-03.txt 
Internet Draft Editor: Blake Ramsdell, Internet Draft Editor: Blake Ramsdell,
draft-ietf-smime-rfc2632bis-02.txt Brute Squad Labs draft-ietf-smime-rfc2632bis-03.txt Brute Squad Labs
October 30, 2002 February 20, 2003
Expires April 30, 2003 Expires August 20, 2003
S/MIME Version 3.1 Certificate Handling S/MIME Version 3.1 Certificate Handling
Status of this memo Status of this memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other Force (IETF), its areas, and its working groups. Note that other
skipping to change at line 452 skipping to change at line 452
4.4.3 Subject Alternative Name Extension 4.4.3 Subject Alternative Name Extension
The subject alternative name extension is used in S/MIME as the The subject alternative name extension is used in S/MIME as the
preferred means to convey the RFC-2822 email address(es) that preferred means to convey the RFC-2822 email address(es) that
correspond to the entity for this certificate. Any RFC-2822 email correspond to the entity for this certificate. Any RFC-2822 email
addresses present MUST be encoded using the rfc822Name CHOICE of the addresses present MUST be encoded using the rfc822Name CHOICE of the
GeneralName type. Since the SubjectAltName type is a SEQUENCE OF GeneralName type. Since the SubjectAltName type is a SEQUENCE OF
GeneralName, multiple RFC-2822 email addresses MAY be present. GeneralName, multiple RFC-2822 email addresses MAY be present.
4.4.4 Extended Key Usage Extension
The extended key usage extension also serves to limit the technical
purposes for which a public key listed in a valid certificate may be
used. The set of technical purposes for the certificate therefore are
the intersection of the uses indicated in the key usage and extended
key usage extensions.
For example, if the certificate contains a key usage extension
indicating digital signature and an extended key usage extension which
includes the email protection OID, then the certificate may be used
for signing but not encrypting S/MIME messages. If the certificate
contains a key usage extension indicating digital signature, but no
extended key usage extension then the certificate may also be used to
sign but not encrypt S/MIME messages
If the extended key usage extension is present in the certificate then
interpersonal message S/MIME receiving agents MUST check it contains
either the emailProtection or the anyExtendedKeyUsage OID as defined
in [KEYM]. S/MIME uses other than interpersonal messaging MAY require
the explicit presence of the extended key usage extension or other
OIDs to be present in the extension or both.
5. Security Considerations 5. Security Considerations
All of the security issues faced by any cryptographic application must All of the security issues faced by any cryptographic application must
be faced by a S/MIME agent. Among these issues are protecting the be faced by a S/MIME agent. Among these issues are protecting the
user's private key, preventing various attacks, and helping the user user's private key, preventing various attacks, and helping the user
avoid mistakes such as inadvertently encrypting a message for the avoid mistakes such as inadvertently encrypting a message for the
wrong recipient. The entire list of security considerations is beyond wrong recipient. The entire list of security considerations is beyond
the scope of this document, but some significant concerns are listed the scope of this document, but some significant concerns are listed
here. here.
skipping to change at line 566 skipping to change at line 589
Blake Ramsdell Blake Ramsdell
Brute Squad Labs Brute Squad Labs
Suite 217-C Suite 217-C
16451 Redmond Way 16451 Redmond Way
Redmond, WA 98052-4482 Redmond, WA 98052-4482
blake@brutesquadlabs.com blake@brutesquadlabs.com
D. Changes from last draft D. Changes from last draft
Clarifications for the use of email addresses in certificates (David Added "4.4.4 Extended Key Usage Extension" (Trevor Freeman)
P. Kemp)
nonRepudiation and digitalSignature key usage language clarification
(Russ Housley)
Updated references to CMS and CMSALG to point to RFCs (Blake Ramsdell)
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/