Presentation is loading. Please wait.

Presentation is loading. Please wait.

S/MIME Capabilities Certificate Extension Stefan Santesson Microsoft.

Similar presentations


Presentation on theme: "S/MIME Capabilities Certificate Extension Stefan Santesson Microsoft."— Presentation transcript:

1 S/MIME Capabilities Certificate Extension Stefan Santesson Microsoft

2 The Issue S/MIME Capabilities attribute defined in RFC 2633 (Signed attribute in signerInfo) But what if no prior signed message has been received? Today – Must revert to default settings Default setting of large installed base = 40 bit encraption.

3 Proposed solution Add cabability to add S/MIME Capabilities in certificates Preserv data structure and structure OID of the S/MIME Capabilities Attribute (RFC 2633 & PKCS&9)

4 Structure and OID smimeCapabilities OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 15} sMIMECapabilitiesExt EXTENSION ::= { SYNTAX SMIMECapabilities IDENTIFIED BY smimeCapabilities } SMIMECapabilities ::= SEQUENCE OF SMIMECapability SMIMECapability ::= SEQUENCE { capabilityID OBJECT IDENTIFIER, parameters ANY DEFINED BY capabilityID OPTIONAL }

5 Current status Capacity to process the proposed extension is allready implemented in large installed base. First draft written but not posted (available from http://www.imc.org/xxxxxxxx/draft-ietf- santesson-smimecapext-00.txt)

6 Issues Is it appropriate to include this info in certificates? Is it reasonable to assume that a CA can have suficient knowledge about the subjects cryptographic capabilities? Is it appropriate to use the existing attribute structure and OID? How does this affect other S/MIME RFC:s? How does this affect PKIX? Is the S/MIME group the right place for this?


Download ppt "S/MIME Capabilities Certificate Extension Stefan Santesson Microsoft."

Similar presentations


Ads by Google