WG Review: Limited Additional Mechanisms for PKIX and SMIME (lamps)

The IESG <iesg-secretary@ietf.org> Fri, 01 November 2019 16:26 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 294A11209B4; Fri, 1 Nov 2019 09:26:47 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Subject: WG Review: Limited Additional Mechanisms for PKIX and SMIME (lamps)
X-Test-IDTracker: no
X-IETF-IDTracker: 6.108.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: spasm@ietf.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <157262560712.31927.6791798644775959972.idtracker@ietfa.amsl.com>
Date: Fri, 01 Nov 2019 09:26:47 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/XVHn26r-bAvL4xaJuijlCmTHxzk>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 16:26:47 -0000

The Limited Additional Mechanisms for PKIX and SMIME (lamps) WG in the
Security Area of the IETF is undergoing rechartering. The IESG has not made
any determination yet. The following draft charter was submitted, and is
provided for informational purposes only. Please send your comments to the
IESG mailing list (iesg@ietf.org) by 2019-11-11.

Limited Additional Mechanisms for PKIX and SMIME (lamps)
-----------------------------------------------------------------------
Current status: Active WG

Chairs:
  Russ Housley <housley@vigilsec.com>
  Tim Hollebeek <tim.hollebeek@digicert.com>

Assigned Area Director:
  Roman Danyliw <rdd@cert.org>

Security Area Directors:
  Benjamin Kaduk <kaduk@mit.edu>
  Roman Danyliw <rdd@cert.org>

Mailing list:
  Address: spasm@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/spasm
  Archive: https://mailarchive.ietf.org/arch/browse/spasm/

Group page: https://datatracker.ietf.org/group/lamps/

Charter: https://datatracker.ietf.org/doc/charter-ietf-lamps/

The PKIX and S/MIME Working Groups have been closed for some time. Some
updates have been proposed to the X.509 certificate documents produced
by the PKIX Working Group and the electronic mail security documents
produced by the S/MIME Working Group.

The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working
Group is chartered to make updates where there is a known constituency
interested in real deployment and there is at least one sufficiently
well specified approach to the update so that the working group can
sensibly evaluate whether to adopt a proposal.

The LAMPS WG is now tackling these topics:

1. Specify the use of short-lived X.509 certificates for which no
revocation information is made available by the Certification Authority.
Short-lived certificates have a lifespan that is shorter than the time
needed to detect, report, and distribute revocation information.  As a
result, revoking short-lived certificates is unnecessary and pointless.

2. Update the specification for the cryptographic protection of email
headers -- both for signatures and encryption -- to improve the
implementation situation with respect to privacy, security, usability
and interoperability in cryptographically-protected electronic mail.
Most current implementations of cryptographically-protected electronic
mail protect only the body of the message, which leaves significant
room for attacks against otherwise-protected messages.

3. The Certificate Management Protocol (CMP) is specified in RFC 4210,
and it offers a vast range of certificate management options.  CMP is
currently being used in many different industrial environments, but it
needs to be tailored to the specific needs of some environments.  The
LAMPS WG will develop a "lightweight" profile of CMP to more efficiently
support of these environments and better facilitate interoperable
implementation, while preserving cryptographic algorithm agility.  In
addition, necessary updates and clarifications to CMP will be specified
in a separate document.  This work will be coordinated with the LWIG WG.

In addition, the LAMPS WG may investigate other updates to documents
produced by the PKIX and S/MIME WG. The LAMPS WG may produce
clarifications where needed, but the LAMPS WG shall not adopt
anything beyond clarifications without rechartering.

Milestones:

  Nov 2019 - Adopt a draft for short-lived certificate conventions

  Dec 2019 - Adopt a draft for header protection conventions

  Dec 2019 - Adopt a draft for CMP updates

  Dec 2019 - Adopt a draft for Lightweight CMP profile

  Nov 2020 - Short-lived certificate conventions sent to IESG for BCP
  publication

  Nov 2020 - CMP updates sent to IESG for  standards track publication

  Nov 2020 - Lightweight CMP profile sent to IESG for informational
  publication

  Mar 2021 - Header protection conventions sent to IESG for standards track
  publication