S/MIME Working Group S. Santesson (Microsoft) INTERNET-DRAFT Expires June 2005 December 2004 Certificate extension for S/MIME Capabilities By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, or will be disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668 Status of this Memo Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than a "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Abstract This document defines a certificate extension for inclusion of S/MIME capabilities in public key certificates defined by RFC 3280. S/MIME Capabilities provides an optional method to communicate cryptographic capabilities of the certified subject as a complement to use of the S/MIME Capabilities signed attribute in S/MIME messages according to RFC 3851. Santesson [Page 1] INTERNET DRAFT S/MIME Capabilities Extension December 2004 Table of Contents 1 Introduction ................................................ 2 2 S/MIME Capabilities Extension ............................... 3 3 Use in applications ......................................... 3 4 Security Considerations ..................................... 3 5 References .................................................. 4 Authors' Addresses ............................................. 4 Disclaimer ..................................................... 5 Copyright Statement ............................................ 5 1. Introduction The purpose of this specification is to specify a simple approach to store cryptographic capabilities in public key certificates. The S/MIME Capabilities attribute is defined in RFC 3851 for specifying cryptographic capabilities of the sender of a signed S/MIME message. This information can be used by the recipient in subsequent S/MIME secured exchanges to select appropriate cryptographic properties for future exchange with the opponent. The use of S/MIME does however introduce the scenario where e.g. a sender of an encrypted message has no prior established knowledge of the recipient's cryptographic capabilities through recent S/MIME exchanges. In such case the sender is forced to rely on its default configuration for encrypted messages to recipients with unknown capabilities. The problem is however that this default configuration may not be compatible with the recipient's capabilities and/or security policy. The solution defined in this specification leverages on the fact that S/MIME encryption requires possession of the recipient's public key certificate. This certificate contains information about the recipient's public key and the cryptographic capabilities of this key. Through the extension mechanism defined in this specification the certificate will also have the capacity to identify the subject's cryptographic capabilities for use with S/MIME, to be used as an optional additional information resource when knowledge about the subject capabilities is considered insufficient. This document is limited to the "static" approach where asserted cryptographic capabilities remain unchanged until the certificate expires or is revoked. Other "dynamic" approaches which allow retrieval of certified dynamically updatable capabilities during the lifetime of a certificate are out of scope of this document. Santesson [Page 2] INTERNET DRAFT S/MIME Capabilities Extension December 2004 2. S/MIME Capabilities Extension This section defines the S/MIME Capabilities extension. The S/MIME capabilities extension data structure used in this specification is identical to the data structure of the S/MIME capabilities attribute defined in RFC 3851. The S/MIME Capabilities extension MUST follow the definition defined in RFC 3851. (The ASN.1 structure of smimeCapabilities is included below for illustrative purposes only) smimeCapabilities OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 15} sMIMECapabilitiesExt EXTENSION ::= { SYNTAX SMIMECapabilities IDENTIFIED BY smimeCapabilities } SMIMECapabilities ::= SEQUENCE OF SMIMECapability SMIMECapability ::= SEQUENCE { capabilityID OBJECT IDENTIFIER, parameters ANY DEFINED BY capabilityID OPTIONAL } Algorithms should be ordered by preference. This extension MUST NOT be marked critical. 3. Use in applications Applications using the S/MIME Capabilities extension SHOULD NOT use information in the extension if more reliable and relevant authenticated capabilities information are available to the application. It is outside the scope of this specification to define what is, or is not, regarded as more reliable source of information by the encrypting application. 4 Security Considerations The S/MIME capabilities extension contains a statement about the subject's capabilities made at the time of certificate issuance. Implementers should therefore take into account any effect caused by Santesson [Page 3] INTERNET DRAFT S/MIME Capabilities Extension December 2004 the change of these capabilities during the lifetime of the certificate. Change in the subject's capabilities during the lifetime of a certificate may require revocation of the certificate. Revocation should however only be motivated if a listed algorithm is considered broken and/or considered too weak to use for the adopted encryption policy. Implementers should take into account that the use of this extension does not change the fact that it is always the responsibility of the sender to choose sufficiently strong encryption for its information disclosure. 5 References Normative references: [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC 3280] R. Housley, W. Polk, W. Ford, and D. Solo, "Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. [RFC 3851] B. Ramsdell, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification", RFC 3851, July 2004 Authors' Addresses Stefan Santesson Microsoft Tuborg Boulevard 12 2900 Hellerup Denmark EMail: stefans@microsoft.com Santesson [Page 4] INTERNET DRAFT S/MIME Capabilities Extension December 2004 Disclaimer This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Expires June 2005 Santesson [Page 5]