Presentation is loading. Please wait.

Presentation is loading. Please wait.

S/MIME Capabilities Certificate Extension Stefan Santesson Microsoft.

Published byDouglas Owens Modified over 9 years ago

Similar presentations

Presentation on theme: "S/MIME Capabilities Certificate Extension Stefan Santesson Microsoft."— Presentation transcript:

1 S/MIME Capabilities Certificate Extension Stefan Santesson Microsoft

2 The Issue S/MIME Capabilities attribute defined in RFC 2633 (Signed attribute in signerInfo) But what if no prior signed message has been received? Today – Must revert to default settings Default setting of large installed base = 40 bit encraption.

3 Proposed solution Add cabability to add S/MIME Capabilities in certificates Preserv data structure and structure OID of the S/MIME Capabilities Attribute (RFC 2633 & PKCS&9)

4 Structure and OID smimeCapabilities OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 15} sMIMECapabilitiesExt EXTENSION ::= { SYNTAX SMIMECapabilities IDENTIFIED BY smimeCapabilities } SMIMECapabilities ::= SEQUENCE OF SMIMECapability SMIMECapability ::= SEQUENCE { capabilityID OBJECT IDENTIFIER, parameters ANY DEFINED BY capabilityID OPTIONAL }

5 Current status Capacity to process the proposed extension is allready implemented in large installed base. First draft written but not posted (available from http://www.imc.org/xxxxxxxx/draft-ietf- santesson-smimecapext-00.txt)

6 Issues Is it appropriate to include this info in certificates? Is it reasonable to assume that a CA can have suficient knowledge about the subjects cryptographic capabilities? Is it appropriate to use the existing attribute structure and OID? How does this affect other S/MIME RFC:s? How does this affect PKIX? Is the S/MIME group the right place for this?

Download ppt "S/MIME Capabilities Certificate Extension Stefan Santesson Microsoft."

Similar presentations

Mobile Devices in the DoD

Mobile Devices in the DoD
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
CRL Processing Rules Santosh Chokhani November 2004.

CRL Processing Rules Santosh Chokhani November 2004.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.

TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
International Standards Public Key Infrastructure.

International Standards Public Key Infrastructure.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
S/MIME Email and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.
CMS Advanced Electronic Signatures (CAdES) Target Category: Informational Intended to update and replace : RFC 3126 IETF Meeting Paris - August 2005 Denis.

CMS Advanced Electronic Signatures (CAdES) Target Category: Informational Intended to update and replace : RFC 3126 IETF Meeting Paris - August 2005 Denis.
ITA, 3.11.2011, 7-SecureEmail.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA)

ITA, , 7-Secure .pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA)
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.

CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.
S/MIME Freeware Library IETF S/MIME WG 13 December 2000 Getronics Government Solutions.

S/MIME Freeware Library IETF S/MIME WG 13 December 2000 Getronics Government Solutions.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

Similar presentations

Ads by Google