[plasma] FW: New Version Notification for draft-freeman-message-access-control-req-02.txt
"Jim Schaad" <ietf@augustcellars.com> Thu, 04 August 2011 02:24 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: plasma@ietfa.amsl.com
Delivered-To: plasma@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A96921F874A; Wed, 3 Aug 2011 19:24:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.149
X-Spam-Level:
X-Spam-Status: No, score=-3.149 tagged_above=-999 required=5 tests=[AWL=0.450, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id auuDJhgaVLDG; Wed, 3 Aug 2011 19:24:29 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) by ietfa.amsl.com (Postfix) with ESMTP id EEB0311E80BE; Wed, 3 Aug 2011 19:24:28 -0700 (PDT)
Received: from TITUS (unknown [207.202.179.27]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 2F3D02CA64; Wed, 3 Aug 2011 19:24:41 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: plasma@ietf.org
References: <20110804021935.31037.48432.idtracker@ietfa.amsl.com>
In-Reply-To: <20110804021935.31037.48432.idtracker@ietfa.amsl.com>
Date: Wed, 03 Aug 2011 19:58:46 -0700
Message-ID: <005f01cc5252$6ed6ab60$4c840220$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQC3pAGtK7/84McoI5riLyxIww0dIJc1W8Hg
Content-Language: en-us
X-Mailman-Approved-At: Wed, 03 Aug 2011 19:30:08 -0700
Cc: abfab@ietf.org, smime@ietf.org
Subject: [plasma] FW: New Version Notification for draft-freeman-message-access-control-req-02.txt
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2011 02:24:29 -0000
Please note there is a new version of this document posted. Trevor and I did not get finished doing all of the updates that I thought were necessary before he went on vacation, but we did get much farther towards a document I would consider acceptable. Please review the document with strong focus on the use cases, the model and the requirements. Please feel free to send comments to me and Trevor, but please remove the abfab and smime mailing lists and just leave the plasma list in your mail. I am sending this mail to a wider set of people to try and get more reviews. Thanks Jim -----Original Message----- From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] Sent: Wednesday, August 03, 2011 7:20 PM To: ietf@augustcellars.com Cc: ppatterson@carillon.ca; ietf@augustcellars.com; trevorf@microsoft.com Subject: New Version Notification for draft-freeman-message-access-control-req-02.txt A new version of I-D, draft-freeman-message-access-control-req-02.txt has been successfully submitted by Jim Schaad and posted to the IETF repository. Filename: draft-freeman-message-access-control-req Revision: 02 Title: Requirements for Message Access Control Creation date: 2011-08-03 WG ID: Individual Submission Number of pages: 33 Abstract: There are many situations where organizations want to protect information with robust access control, either for implementation of intellectual property right protections, enforcement of information contractual confidentiality agreements or because of externally imposed legal regulations. The Enhanced Security Services (ESS) for S/MIME defines an access control mechanism which is enforced by the recipient's client after decryption of the message. The ESS mechanism therefore is dependent on the correct access policy configuration of every recipient's client. This mechanism also provides full access to the data to all recipients prior to the access control check which is considered to be inadequate for due to the difficulty in demonstrating policy compliance. This document lays out the deficiencies of the current ESS security label, and presents requirements for new model for doing access control to messages where the access check is performed prior to message content decryption. This new model also does not require policy configuration on the client to simplify deployment and compliance verification. The proposed model additionally provides a method where non-X.509 certificate credentials can be used for encryption/decryption of S/MIME messages. The IETF Secretariat