S/MIME Mail Security (smime)
----------------------------

 Charter
 Last Modified: 2007-05-21

 Current Status: Active Working Group

 Chair(s):
     Sean Turner  <turners@ieca.com>
     Blake Ramsdell  <blake@sendmail.com>

 Security Area Director(s):
     Tim Polk  <tim.polk@nist.gov>
     Sam Hartman  <hartmans-ietf@mit.edu>

 Security Area Advisor:
     Tim Polk  <tim.polk@nist.gov>

 Mailing Lists: 
     General Discussion:ietf-smime@imc.org
     To Subscribe:      ietf-smime-request@imc.org
     Archive:           http://www.imc.org/ietf-smime/

Description of Working Group:

The S/MIME WG was established in the winter of 1997 to define MIME 
encapsulation techniques of objects whose format was based on PKCS#7 
(RFC2315). These encapsulation techniques can be used to provide 
security services for an arbitrary encapsulated content.

Initially the Cryptographic Message Syntax (CMS) (RFC2630) was not 
algorithm independent; however, the 1st revision separated the syntax 
(RFC3369) and the algorithms (RFC3370) to allow the two to be
updated without affecting one another. Since this split, other 
documents have been written to document the use of CMS with other 
algorithms (e.g., ECDSA, AES, GOST). Also since the initial CMS, 
additional key management techniques (e.g., password-based and an 
extensible type) and encapsulation techniques (e.g., compression) have 
been added and other documents have been written to add additional 
security services. CMS is also transport independent, and documents 
have been written to define a consistent way to transport MIME objects.

The S/MIME specifications, one for the message specification and 
another for certificate handling, have been updated to migrate 
algorithms over time.

Appropriate WG topics are as follows:

- Specifications for the use of additional cryptographic algorithms 
with CMS.
- Specifications that define additional CMS content types.
- Specifications to document algorithm migration of S/MIME.
- With the approval of the area director, specifications that define 
additional CMS security services.

The WG will perform interoperability testing to progress the CMS and 
S/MIME Specifications to Draft Standard.

 Goals and Milestones:

   Done         First draft of security label usage specification. 

   Done         First draft of CMS RecipientInfo extension. 

   Done         Last call on KEA and SKIPJACK algorithm specification. 

   Done         Last call on small subgroup attack avoidance 

   Done         First draft of CAST algorithm specification. 

   Done         Last call on certificate distribution specification. 

   Done         First draft of mail list key distribution. 

   Done         Submit KEA and SKIPJACK algorithm specification as 
                Informational RFC. 

   Done         Submit small subgroup attack avoidance as Informational RFC 

   Done         Last call on CAST algorithm specification. 

   Done         Updated draft of domain security services document. 

   Done         Last call on security label usage specification. 

   Done         Last call on IDEA algorithm specification. 

   Done         Last call on CMS RecipientInfo extension. 

   Done         Last call on mail list key distribution. 

   Done         Submit CAST algorithm specification as Informational RFC. 

   Done         Submit security label usage specification as Informational RFC. 

   Done         Submit IDEA algorithm specification as Informational RFC. 

   Done         Submit CMS RecipientInfo extension to IESG for consideration as 
                a Proposed Standard. 

   Done         Last call on domain security services document. 

   Done         Submit domain security services as Experimental RFC. 

   Done         Submit mail list key distribution as a Proposed Standard 

   Done         Submit X.400 CMS wrapper specification as a Proposed Standard 

   Done         Submit HMAC key wrap description as Proposed Standard 

   Done         Submit RSA OAEP algorithm specification as Proposed Standard 

   Done         Sumbit AES algorithm specification as Proposed Standard 

   Done         Submit X.400 transport as a Proposed Standard 

   Done         Last call on CMS and ESS examples document 

   Done         First draft of RSA KEM algorithm specification 

   Done         Submit update to MSG as Proposed Standard 

   Done         Submit update to CERT as Proposed Standard 

   Done         Last call on RSA PSS algorithm specification 

   Done         Submit RSA PSS algorithm specification as Proposed Standard 

   Done         First draft of S/MIME Capabilities Certificate Extension 

   Done         Working Group Last Call for S/MIME Capabilities Certificate 
                Extension 

   Done         Submit S/MIME Capabilities Certificate Extension as 
                Informational RFC 

   Dec 2007       Submit SHA-2 algorithms with CMS as Proposed Standard 

   Dec 2007       Submit S/MIME Certificate Handling as Proposed Standard 

   Dec 2007       Submit S/MIME Message Specification as Proposed Standard 

   Dec 2008       Submit CMS as Draft Standard 

   Dec 2008       Submit necessary algorithms documents* as Draft Standard 

   Dec 2008       Submit Enhanced Security Services as Draft Standard 

   Dec 2008       Submit S/MIME Message Specification as Draft Standard 

   Dec 2008       Submit S/MIME Certificate Handling as Draft Standard 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Dec 1999 Jan 2003   <draft-ietf-smime-symkeydist-09.txt>
                CMS Symmetric Key Management and Distribution 

Mar 2006 Apr 2007   <draft-ietf-smime-escertid-06.txt>
                ESS Update: Adding CertID Algorithm Agility 

Jun 2006 Mar 2007   <draft-ietf-smime-ibearch-03.txt>
                Identity-based Encryption Architecture 

Jun 2006 May 2007   <draft-ietf-smime-bfibecms-03.txt>
                Using the Boneh-Franklin and Boneh-Boyen identity-based 
                encryption algorithms with the Cryptographic Message Syntax 
                (CMS) 

Dec 2006 Dec 2006   <draft-ietf-smime-multisig-00.txt>
                Multiple Signatures in S/MIME 

Jan 2007 Apr 2007   <draft-ietf-smime-cms-auth-enveloped-04.txt>
                Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data 
                Content Type 

Jan 2007 May 2007   <draft-ietf-smime-cms-aes-ccm-and-gcm-02.txt>
                Using AES-CCM and AES-GCM Authenticated Encryption in the 
                Cryptographic Message Syntax (CMS) 

May 2007 May 2007   <draft-ietf-smime-sha2-00.txt>
                Using SHA2 Algorithms with Cryptographic Message Syntax 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC2311 I    Mar 1998    S/MIME Version 2 Message Specification 

RFC2312 I    Mar 1998    S/MIME Version 2 Certificate Handling 

RFC2630 PS   Jul 1999    Cryptographic Message Syntax 

RFC2631 PS   Jul 1999    Diffie-Hellman Key Agreement Method 

RFC2632 PS   Jul 1999    S/MIME Version 3 Certificate Handling 

RFC2633 PS   Jul 1999    S/MIME Version 3 Message Specification 

RFC2634 PS   Jul 1999    Enhanced Security Services for S/MIME 

RFC2785 I    Mar 2000    Methods for Avoiding the 'Small-Subgroup' Attacks on the 
                       Diffie-Hellman Key Agreement Method for S/MIME 

RFC2876 I    Jul 2000    Use of the KEA and SKIPJACK Algorithms in CMS 

RFC2984 PS   Oct 2000    Use of the CAST-128 Encryption Algorithm in CMS 

RFC3058 I    Feb 2001    Use of the IDEA Encryption Algorithm in CMS 

RFC3125 E    Sep 2001    Electronic Signature Policies 

RFC3183 E    Oct 2001    Domain Security Services using S/MIME 

RFC3126 I    Oct 2001    Electronic Signature Formats for long term electronic 
                       signatures 

RFC3185 PS   Oct 2001    Reuse of CMS Content Encryption Keys 

RFC3217 I    Dec 2001    Triple-DES and RC2 Key Wrapping 

RFC3211 PS   Dec 2001    Password-based Encryption for SMS 

RFC3218 I    Jan 2002    Preventing the Million Message Attack on CMS 

RFC3278 I    May 2002    Use of ECC Algorithms in CMS 

RFC3274 PS   Jun 2002    Compressed Data Content Type for Cryptographic Message 
                       Syntax (CMS) 

RFC3369 PS   Sep 2002    Cryptographic Message Syntax 

RFC3370 PS   Sep 2002    Cryptographic Message Syntax (CMS) Algorithms 

RFC3394 I    Oct 2002    Advanced Encryption Standard (AES) Key Wrap Algorithm 

RFC3114 I    Jan 2003    Implementing Company Classification Policy with the 
                       S/MIME Security Label 

RFC3537 PS   Jun 2003    Wrapping a Hashed Message Authentication Code (HMAC) key 
                       with a Triple-Data Encryption Standard (DES) Key or an 
                       Advanced Encryption Standard (AES)Key 

RFC3560 PS   Jul 2003    Use of the RSAES-OAEP Key Transport Algorithm in 
                       Cryptographic Message Syntax (CMS) 

RFC3565 PS   Jul 2003    Use of the Advanced Encryption Standard (AES)Encryption 
                       Algorithm in Cryptographic Message Syntax (CMS) 

RFC3657Standard  Jan 2004    Use of the Camellia Encryption Algorithm in CMS 

RFC3851Standard  Jul 2004    S/MIME Version 3.1 Message Specification 

RFC3850Standard  Jul 2004    S/MIME Version 3.1 Certificate Handling 

RFC3852Standard  Jul 2004    Cryptographic Message Syntax (CMS) 

RFC3854Standard  Aug 2004    Securing X.400 Content with S/MIME 

RFC3855Standard  Aug 2004    Transporting S/MIME Objects in X.400 

RFC4010Standard  Feb 2005    Use of the SEED Encryption Algorithm in Cryptographic 
                       Message Syntax (CMS) 

RFC4056Standard  Jun 2005    Use of the RSASSA-PSS Signature Algorithm in 
                       Cryptographic Message Syntax (CMS) 

RFC4134 I    Jul 2005    Examples of S/MIME Messages 

RFC4262Standard  Dec 2005    X.509 Certificate Extension for Secure/Multipurpose 
                       Internet Mail Extensions (S/MIME) Capabilities 

RFC4490 PS   May 2006    Using the GOST 28147-89, GOST R 34.11-94, GOST R 
                       34.10-94 and GOST R 34.10-2001 Algorithms with the 
                       Cryptographic Message Syntax (CMS) 

RFC4853 PS   Apr 2007    Cryptographic Message Syntax (CMS) Multiple Signer 
                       Clarification