Download presentation
Presentation is loading. Please wait.
Published byDouglas Owens Modified over 9 years ago
1
S/MIME Capabilities Certificate Extension Stefan Santesson Microsoft
2
The Issue S/MIME Capabilities attribute defined in RFC 2633 (Signed attribute in signerInfo) But what if no prior signed message has been received? Today – Must revert to default settings Default setting of large installed base = 40 bit encraption.
3
Proposed solution Add cabability to add S/MIME Capabilities in certificates Preserv data structure and structure OID of the S/MIME Capabilities Attribute (RFC 2633 & PKCS&9)
4
Structure and OID smimeCapabilities OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 15} sMIMECapabilitiesExt EXTENSION ::= { SYNTAX SMIMECapabilities IDENTIFIED BY smimeCapabilities } SMIMECapabilities ::= SEQUENCE OF SMIMECapability SMIMECapability ::= SEQUENCE { capabilityID OBJECT IDENTIFIER, parameters ANY DEFINED BY capabilityID OPTIONAL }
5
Current status Capacity to process the proposed extension is allready implemented in large installed base. First draft written but not posted (available from http://www.imc.org/xxxxxxxx/draft-ietf- santesson-smimecapext-00.txt)
6
Issues Is it appropriate to include this info in certificates? Is it reasonable to assume that a CA can have suficient knowledge about the subjects cryptographic capabilities? Is it appropriate to use the existing attribute structure and OID? How does this affect other S/MIME RFC:s? How does this affect PKIX? Is the S/MIME group the right place for this?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.