RE: proposed addition to application/pkcs7-mime smime parameter

"Blake Ramsdell" <blake@brutesquadlabs.com> Sat, 28 June 2003 04:34 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA02742 for <smime-archive@lists.ietf.org>; Sat, 28 Jun 2003 00:34:27 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5S46arb074111 for <ietf-smime-bks@above.proper.com>; Fri, 27 Jun 2003 21:06:36 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h5S46a9a074110 for ietf-smime-bks; Fri, 27 Jun 2003 21:06:36 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5S46Zrb074104 for <ietf-smime@imc.org>; Fri, 27 Jun 2003 21:06:35 -0700 (PDT) (envelope-from blake@brutesquadlabs.com)
Received: from DEXTER ([192.168.0.5]) by brutesquadlabs.com with ESMTP ; Fri, 27 Jun 2003 21:06:32 -0700
From: Blake Ramsdell <blake@brutesquadlabs.com>
To: jimsch@exmsft.com
Cc: ietf-smime@imc.org
Subject: RE: proposed addition to application/pkcs7-mime smime parameter
Date: Fri, 27 Jun 2003 21:06:32 -0700
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARMPfbnbp50SwK3EZjypY2MKAAAAQAAAA8ACLXH4Ia0COPX30/4fGBAEAAAAA@brutesquadlabs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <00a301c33d1d$636c3e50$3d0311ac@augustcellars.local>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

> -----Original Message-----
> From: Jim Schaad [mailto:jimsch@nwlink.com] 
> Sent: Friday, June 27, 2003 7:32 PM
> To: 'Blake Ramsdell'
> Cc: ietf-smime@imc.org
> Subject: RE: proposed addition to application/pkcs7-mime 
> smime parameter
> 
> Is the message document correctly titled "How to do secure MIME with
> CMS" or "How to do secure messaging with MIME and CMS"?

I agree that this is something important to understand.  As you point
out, one view of the world is:

CMS -> S/MIME -> Non-email

And another is:

CMS -> S/MIME -> Email

And combined you might have:

CMS -> S/MIME +-> Email
              |
              +-> Non-email

Where each node (other than CMS) represents a profile.

> If the answer is the first, then this should be done.  If the 
> answer is
> the latter (and this is the position that most people think from) then
> this should not be done and a separate draft should be 
> written on how to
> do the additional CMS security types.

I think that that we intended it to be "securing messaging" but its role
is starting to expand to "securing MIME in general", with recent
interest from SIP and XMPP for the latter.  Despite the title which
implies "securing MIME in general", it has things in it that are very
specific to the problem domain of interpersonal messaging, and have
nothing to do with the general problem of securing MIME in CMS
(preferences negotiation, transfer type recommendations, etc.).

We're heading in the direction of fixing this by combining the Email and
Non-email profiles of S/MIME within the S/MIME profile.  It is both a
list of ways that you use CMS with MIME in general, and a profile that
explains how to do interpersonal messaging with it.

> I don't really want to bifercate the current Message and Certificate
> drafts to have different documents for both the first and the second
> (although the latter documents would be a "simple" profile of 
> the former
> documents). But I think we need as a group to make a decision on what
> document we are writing.

I am fairly certain that a profile that defines MIME packaging for all
of the CMS types would be useful, and one group is ready to use it right
now (SIP).  I don't like the idea of scattering the registry of
smime-type between multiple documents, but perhaps that is inevitable.

I see a few ways to proceed, in my personal preference order:

1. Commit to the current direction of using the MSG draft to define how
to use MIME with everything in CMS, as well as providing a constrained
subset of CMS for the purpose of interpersonal messaging.

2. Don't put anything in MSG at all that doesn't have to do with
interpersonal messaging, but leave what's there (the definition of the
application/pkcs7-mime and the currently used smime-types).  Any
additional smime-type values are defined outside of the MSG draft.

3. Separate everything that has to do with the MIME wrapping of CMS
objects into its own draft (CMS/MIME), and don't discuss anything about
interpersonal messaging at all.  The MSG draft simply contains
references to the CMS/MIME draft, and is a profile of it.  This is
somewhat like the separation of CMS and CMSALG, I think.

I will admit that my preference order is influenced by my role as the
editor, and the desire to see MSG progress sooner rather than later.

Blake