Liaison statement
Security Area Response to Liaison on Cryptographic Message Syntax
Additional information about IETF liaison relationships is available on the
IETF webpage
and the
Internet Architecture Board liaison webpage.
| State | Posted |
|---|---|
| Submitted Date | 2015-04-03 |
| From Group | SEC |
| From Contact | Scott Mansfield |
| To Group | ITU-T-SG-17 |
| To Contacts | tsbsg17@itu.int |
| Cc | Gonzalo Camarillo <gonzalo.camarillo@ericsson.com> Stephen Farrell <stephen.farrell@cs.tcd.ie> Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> The IETF Chair <chair@ietf.org> martin.euchner@icn.siemens.de stephen.farrell@cs.tcd.ie Kathleen.Moriarty.ietf@gmail.com iesg@ietf.org |
| Response Contact | scott.mansfield@ericsson.com |
| Technical Contact | scott.mansfield@ericsson.com |
| Purpose | For action |
| Deadline | 2015-07-01 Action Taken |
| Attachments | Security Area Response to Liaison on Cryptographic Message Syntax |
| Liaisons referred by this one |
Response to liaison on Cryptographic Message Syntax
|
| Liaisons referring to this one |
LS/r on Cryptographic Message Syntax (reply to IETF Security Area)
Follow-up on Cryptographic Message Syntax communications |
| Body |
We have previously submitted a liaison [1] in reference to the Cryptographic Message Syntax (CMS) [RFC5652] in which we recommended that if new work on CMS is felt to be needed, the best place to do that is in the IETF. This ensures interaction with the active community of editors, developers, and users of that technology. We have very recently seen [2] sent to an IETF mailing list and which has as an attachment, a document that significantly overlaps with and apparently incompatibly extends RFC5652. Such a development could significantly damage security and interoperability if it affected any implementations. We note that the particular change proposed by [2] ("signcryption") could be done in a backwards compatible and interoperable manner and also seems to overlap with ISO 29150:2011 [3], though we have not analyzed whether or not there may additionally be some conflict between the new text in [2] and that ISO standard. We do not have a formal view on the document that is up for consent at the next SG17 plenary meeting in April 2015, as the document was not formally liaised. However, we would ask that ITU-T not undertake such duplicative and damaging work without first having a real dialog with those who implement, deploy and depend upon CMS. The place for such a dialog is on the IETF S/MIME mailing list [4], which remains open and active and could be used to re-activate the S/MIME working group, should new work in that area be required. The normal IETF process remains available should anyone wish to extend CMS, as has been done numerous times,(e.g. [5]) and we (as security area directors) are happy to discuss how best to approach any such proposed work within the IETF. Regards, Stephen Farrell/Kathleen Moriarty IETF Security Area Directors References: [RFC5652] https://tools.ietf.org/html/rfc5652 [1] https://datatracker.ietf.org/liaison/1294/ [2] https://www.ietf.org/mail-archive/web/pkix/current/msg33206.html [3] http://www.iso.org/iso/catalogue_detail.htm?csnumber=45173 [4] https://www.ietf.org/mail-archive/web/smime/current/maillist.html [5] https://datatracker.ietf.org/doc/rfc4073/ |