[dane] SMIMEA draft suggestion

Scott Rose <scottr.nist@gmail.com> Thu, 07 November 2013 04:39 UTC

Return-Path: <scottr.nist@gmail.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A24AE11E811D for <dane@ietfa.amsl.com>; Wed, 6 Nov 2013 20:39:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_61=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZHSktoVEQoYv for <dane@ietfa.amsl.com>; Wed, 6 Nov 2013 20:39:33 -0800 (PST)
Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id BB75011E80F5 for <dane@ietf.org>; Wed, 6 Nov 2013 20:39:32 -0800 (PST)
Received: by mail-ie0-f177.google.com with SMTP id e14so37118iej.36 for <dane@ietf.org>; Wed, 06 Nov 2013 20:39:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:date:message-id:subject:from:to:content-type; bh=okRCGJLq/hlJBGcl5Q2C9cOr8EZjP1tzVD4kb0PGEGc=; b=ffwcUSS0PNKoKb22p+q1A3JfpGL/ZrQsFhFL8qNyImUMnMu7vvD+5olmuuc6qvljlX LJ+LYfLguvNwtJ14NJfVo0EvKmOwGe1SNjiRetOTNktakimo9dhG1UXvPUWDCb24NSO2 7YFQY9gWG3JziwAcsgZUlx7WWzmsnHSHGzJnktRbXVmfNeCQdvDSVuTuULx4H5tSuacM j+XMhLP3k1WG+rhanhAXu66k9EwyJovJDKJ60vjHYxrI7qfRQDm+RR+aMWiqdvDOyBcJ 4EPTCdkjasNqU3t6SAiZXt9q3msi7wBjDmJUi5JpH/Uk5M/1Bf/2fzTo0FirgfOaqTTj KsRQ==
MIME-Version: 1.0
X-Received: by 10.50.40.37 with SMTP id u5mr663386igk.29.1383799172043; Wed, 06 Nov 2013 20:39:32 -0800 (PST)
Received: by 10.50.138.161 with HTTP; Wed, 6 Nov 2013 20:39:31 -0800 (PST)
Date: Wed, 06 Nov 2013 20:39:31 -0800
Message-ID: <CA+Xj6hCKjGsjpy0y7CcH2JzcrOHY99n0=MZZK-kg7f5NAGBfdQ@mail.gmail.com>
From: Scott Rose <scottr.nist@gmail.com>
To: dane@ietf.org
Content-Type: multipart/mixed; boundary="089e0122f4f0177f5004ea8edae5"
Subject: [dane] SMIMEA draft suggestion
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: scott.rose@nist.gov
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 04:39:38 -0000

Although I can't make the lunch meeting, there is other work going on at
NIST to add some functionality to SMIMEA that we would like to propose.

Attached is the (current) draft with added text.  In summary, the new
additions are:

- a naming convention to distinguish digital signature and encryption key
certs

- a field to flag "revoked", used to signal that a user's SMIME certs have
been revoked.  An example of that is included at the end.

- a field to indicate another certificate publication mechanism is in use
(e.g. Webfinger) and that the SMIMEA RR can be used to validate the cert.
 We're not entirely sure if that is useful, but something we kicked around
here based on other systems that are currently deployed.

Others from our division should be at the meeting, but I'll be on a plane.
 NIST would be willing to take over editorship of the SMIMEA draft if that
is desired - we just want to see this advanced.

Scott