Protocol Action: 'Multiple Signatures in S/MIME' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Tue, 27 May 2008 13:44 UTC
Return-Path: <ietf-announce-bounces@ietf.org>
X-Original-To: ietf-announce-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-announce-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C559B3A6C33; Tue, 27 May 2008 06:44:06 -0700 (PDT)
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 30) id 6DA9F3A692C; Tue, 27 May 2008 06:44:05 -0700 (PDT)
X-idtracker: yes
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Multiple Signatures in S/MIME' to Proposed Standard
Message-Id: <20080527134405.6DA9F3A692C@core3.amsl.com>
Date: Tue, 27 May 2008 06:44:05 -0700
Cc: Internet Architecture Board <iab@iab.org>, smime chair <smime-chairs@tools.ietf.org>, smime mailing list <ietf-smime@imc.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Announcements <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-announce-bounces@ietf.org
Errors-To: ietf-announce-bounces@ietf.org
The IESG has approved the following document: - 'Multiple Signatures in S/MIME ' <draft-ietf-smime-multisig-05.txt> as a Proposed Standard This document is the product of the S/MIME Mail Security Working Group. The IESG contact persons are Tim Polk and Pasi Eronen. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-multisig-05.txt Technical Summary CMS SignedData includes the SignerInfo structure to convey per-signer information. SignedData supports multiple signers and multiple signature algorithms per-signer with multiple SignerInfo structures. If a signer attaches more than one SignerInfo, there are concerns that an attacker could perform a downgrade attack by removing the SignerInfo(s) with the 'strong' algorithm(s). This document defines the multiple-signatures attribute, its generation rules, and its processing rules to allow signers to convey multiple SignerInfo while protecting against downgrade attacks. Additionally, this attribute may assist during periods of algorithm migration. Working Group Summary This ID was discussed on the smime mailing list and at several IETF meetings. Initially, there was some confusion about the problem being solved but moving the general attacks against CMS hashes text to an Appendix addressed the WG's concerns. This initial confusion has really been the only major issue. Document Quality This document is new and there are no implementations - yet. There has been interest from multiple vendors about when it will be published as an RFC. Personnel Blake Ramsdell is the document Shepherd. Tim Polk is the responsible Security Area AD. RFC Editor Note Please make the following changes: a) Please remove the "Discussion" section preceding the Table of Contents. b) Please replace all occurrences of "pkcs9(9)" with "pkcs-9(9)". c) In section 2 list item 1), please make the following substitution OLD If both SignerInfo objects are not present, the relying party can easily determine that another SignerInfo has been removed. NEW Relying parties can easily determine that a SignerInfo has been removed if another SignerInfo contains a multi-sig attribute that refers to it. d) In section 8.1, Normative References, please make the following substitution: OLD [PROFILE] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. NEW [PROFILE] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce