IETF Logo Mail Archive

Re: [lamps] Advertising S/MIME capabilities in a certificate?

Jim Schaad <ietf@augustcellars.com> Mon, 25 November 2019 04:46 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 982CF120255 for <spasm@ietfa.amsl.com>; Sun, 24 Nov 2019 20:46:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V4yFjUTeon48 for <spasm@ietfa.amsl.com>; Sun, 24 Nov 2019 20:46:51 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2916912023E for <spasm@ietf.org>; Sun, 24 Nov 2019 20:46:51 -0800 (PST)
Received: from Jude (50.76.105.153) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sun, 24 Nov 2019 20:46:45 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: 'Daniel Kahn Gillmor' <dkg@fifthhorseman.net>, 'LAMPS WG' <spasm@ietf.org>
References: <87blt4i2ye.fsf@fifthhorseman.net>
In-Reply-To: <87blt4i2ye.fsf@fifthhorseman.net>
Date: Sun, 24 Nov 2019 20:46:42 -0800
Message-ID: <053201d5a34b$56e34fb0$04a9ef10$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGeosGC3qsIgYx4CoUCMbtvh/u2RagJURQw
Content-Language: en-us
X-Originating-IP: [50.76.105.153]
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/crK1VAawtpsSoxq52UAeXIdKXU8>
Subject: Re: [lamps] Advertising S/MIME capabilities in a certificate?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Nov 2019 04:46:53 -0000

You are looking for RFC 4262

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Daniel Kahn Gillmor
Sent: Friday, November 22, 2019 3:08 AM
To: LAMPS WG <spasm@ietf.org>
Subject: [lamps] Advertising S/MIME capabilities in a certificate?

Hi folks--

It occurs to me that i'd like at least one of the certificates in https://www.ietf.org/id/draft-dkg-lamps-samples-01.html to announce some SMIMECapabilities.  For example, maybe it could advertise that it is capable of handling a PKCS#7 Compression layer?  Or that it is capable of processing authEnveloped-data?

However, reading RFC 8551 and related specs i realize how rusty my ASN.1 is (and my knowledge of CMS is so paltry that there was never even enough of it to rust).

It looks to me like S/MIME capabilities are never advertised in the cert itself, but rather expected to be included as a signedAttribute in a signedData object.  Is that right?  Is there no way that the advertisement can be included in the certificate?

I suppose if the advertisement could be included in both the signedData object *and* the certificate itself then the algorithm in §2.7.1 of RFC
8551 would need to be much more complicated.

Any pointers or examples would be welcome,

              --dkg

v2.23.0 | Report a Bug | By Email