S/MIME Minutes/Summary - IETF 70
3 drafts were published:
RFC5055 (ESSCertId update),
RFC 5083 (AuthEnvelopedData content type),
RFC5084 (aes-ccm/aes-gcm use of AuthEnvelopedData content type)
2 with RFC editor symkeydist and cades
3 addressing IESG LC comments rsa-kem, ibearch, bfibecms
4 active IDs:
Multiple Signatures Attribute,
S/MIME V3.2 MSG,
S/MIME v3.2 CERT
Jim Schaad discussed the Multiple Signatures Attribute draft
Only updates were to security considerations section. Consider work complete and move to issue 4-week WG LC (accounts for holidaze)
Sean Turner discussed the SHA2 algorithms draft
The draft was updated to include object identifiers for RSA and ECDSA algorithms. Consider work complete and move to issue 4-week WG LC
Sean Turner discussed the S/MIME v3.2 drafts
Intent of drafts is to update algorithms. Adopted IKEv2 language with respect to MUST, SHOULD+, and SHOULD- to provide implementors more information. Dropped RC2 support, made SHA-256 MUST, SHA-1 SHOULD-, AES 128 MUST, etc. Two comments were raised about IPR: SHA2 and ECDSA. Should we have an IPR statement from NIST (or whoever) about SHA2? Since we made ECDSA a SHOULD+ is there any IPR with respect to ECDSA and issuing certificates or using it with S/MIME?
Paul Hoffman discussed draft-hoffman-cms-new-asn1-00
Developed an ID to include ASN.1 for most S/MIME WG ASN.1 modules. Moving to support the latest ASN.1 which is made possible by the A2C compiler they have developed. Question was whether WG should adopt the draft as a WG item. The WG felt that it should be because a) the WG is place where S/MIME implmentors should discuss implementation issues b) it will be listed on the WG charter page and therefore will be easier to find. There were no objections to adding it to the WG.
WG LCs will be issued for SHA2 and Mutliple Signatures.
Ask WG what key sizes should be required, track down IPR issues.
Accept ASN ID as work item.