Re: [lamps] Advertising S/MIME capabilities in a certificate?
Dmitry Belyavsky <beldmit@gmail.com> Sat, 23 November 2019 14:34 UTC
Return-Path: <beldmit@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0B8B120088 for <spasm@ietfa.amsl.com>; Sat, 23 Nov 2019 06:34:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0SABrYdOPSso for <spasm@ietfa.amsl.com>; Sat, 23 Nov 2019 06:34:16 -0800 (PST)
Received: from mail-vk1-xa33.google.com (mail-vk1-xa33.google.com [IPv6:2607:f8b0:4864:20::a33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ECBB120043 for <spasm@ietf.org>; Sat, 23 Nov 2019 06:34:16 -0800 (PST)
Received: by mail-vk1-xa33.google.com with SMTP id k19so2374631vke.10 for <spasm@ietf.org>; Sat, 23 Nov 2019 06:34:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MnqbZJr1Yi9UIHvktWPyXzUL3IiUAuBIl5tagXimBxI=; b=ZQetysyCrUsj6O46BW75uuwyKBBeyBe1nYSR1Q9xTXedQZ8b/Cd/nv+lFveWITRCu+ BtjmlrqtPNUp2c7YGtvd4NKI8lU9jD28liAdSOGbadkCmHv4lc5519mXjYpDyfyzRdUg lqR/J2glARt6QE/LYkpcIuAVREqwV0gz8hYA1MwO5xw1fxq5HJnzg9kg105FXqnfU/Uv hjMw3lkycCqPqSv9yW1NR8JTIM0VpmAKBpxSZ/bOuWe78M5R/dvIqWkP5uEGxhXeFtF1 j9d+ocjvdv6OgnsbKF264dlim6q3DibEU99EqgzVAtpI9F/H9muWC+l/n9LzSFYzLz2d QBmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MnqbZJr1Yi9UIHvktWPyXzUL3IiUAuBIl5tagXimBxI=; b=YuOeGl7uLl+smMuELosYSQhoqka77lqIi4m6DSZqNFkUdXJcURflWCvqv/Jcuj3TbB XBoA6QH9HyK1+Iz/LsAs6YX+tIlumx+bG7G43/4gCDLPW67B0faiXj4TLzBVw1OYHuLs KdKvtIJb9tAJ+O103u0XKYKsu/+eFuuTVal3x46kkqsEJhBw5qzRmyj6NGmi0CZqDhMD xV3Owngxo/uALquxC1mquMIPiJfmVLd9v9iyju/UssdQM5SHIQRGg01wO5WuDPDYCsDx zxXYEX2Nb+BwXLTcQvSP4su3YLAq7mQx06O5Z6+kGTI1mGxacUEeVQKiqMMi1Xp/OMoZ ajuw==
X-Gm-Message-State: APjAAAVMLb/wDrFcJc/qXU9b7qU3FZm5aICepfBj+8kHD7zDaKOrgM4i lFyHO/7g6R9pz+2JHifCuPsjJ0i8LNNiLY5JOyDRoB90
X-Google-Smtp-Source: APXvYqwt/RSS4Q4fyvaEvDWIWMsoE8UEHlUGBhHjfuhu2C7VdSOH2CF8uCApYwxct1o1fJLkP8sRyV/SboJOoZUQrIg=
X-Received: by 2002:a1f:e246:: with SMTP id z67mr13021751vkg.37.1574519654755; Sat, 23 Nov 2019 06:34:14 -0800 (PST)
MIME-Version: 1.0
References: <87blt4i2ye.fsf@fifthhorseman.net>
In-Reply-To: <87blt4i2ye.fsf@fifthhorseman.net>
From: Dmitry Belyavsky <beldmit@gmail.com>
Date: Sat, 23 Nov 2019 17:34:03 +0300
Message-ID: <CADqLbzLH--abXFuSEMGQdwecPVceyHv7+EnDxiK2aqEcdMk-aQ@mail.gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: LAMPS WG <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b6b0e20598046cfc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/eU3PGI0XYDAhGO87GT8ERSt40tE>
Subject: Re: [lamps] Advertising S/MIME capabilities in a certificate?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Nov 2019 14:34:18 -0000
Dear Daniel, On Fri, Nov 22, 2019 at 5:09 PM Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > Hi folks-- > > It occurs to me that i'd like at least one of the certificates in > https://www.ietf.org/id/draft-dkg-lamps-samples-01.html to announce some > SMIMECapabilities. For example, maybe it could advertise that it is > capable of handling a PKCS#7 Compression layer? Or that it is capable > of processing authEnveloped-data? > > However, reading RFC 8551 and related specs i realize how rusty my ASN.1 > is (and my knowledge of CMS is so paltry that there was never even > enough of it to rust). > > It looks to me like S/MIME capabilities are never advertised in the cert > itself, but rather expected to be included as a signedAttribute in a > signedData object. Is that right? Is there no way that the > advertisement can be included in the certificate? > OpenSSL adds a fixed list of ciphers and digests as S/MIME capabilities not looking at the certificate. -- SY, Dmitry Belyavsky
- [lamps] Advertising S/MIME capabilities in a cert… Daniel Kahn Gillmor
- Re: [lamps] Advertising S/MIME capabilities in a … Dmitry Belyavsky
- Re: [lamps] Advertising S/MIME capabilities in a … Jim Schaad
- Re: [lamps] Advertising S/MIME capabilities in a … Daniel Kahn Gillmor
- Re: [lamps] Advertising S/MIME capabilities in a … Jim Schaad
- Re: [lamps] Advertising S/MIME capabilities in a … Daniel Kahn Gillmor
- Re: [lamps] Advertising S/MIME capabilities in a … Jim Schaad
- Re: [lamps] Advertising S/MIME capabilities in a … Daniel Kahn Gillmor
- Re: [lamps] Advertising S/MIME capabilities in a … Russ Housley