Limited Additional Mechanisms for PKIX and SMIME

The information below is for an old version of the document
Document Proposed charter Limited Additional Mechanisms for PKIX and SMIME WG (lamps) Snapshot
Title Limited Additional Mechanisms for PKIX and SMIME
Last updated 2018-02-09
State External Review (Message to Community, Selected by Secretariat) Rechartering
WG State Active
IESG Responsible AD Roman Danyliw
Charter Edit AD Eric Rescorla
Send notices to (None)


The PKIX and S/MIME Working Groups have been closed for some time. Some
updates have been proposed to the X.509 certificate documents produced 
by the PKIX Working Group and the electronic mail security documents 
produced by the S/MIME Working Group.

The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working 
Group is chartered to make updates where there is a known constituency 
interested in real deployment and there is at least one sufficiently 
well specified approach to the update so that the working group can 
sensibly evaluate whether to adopt a proposal.

Having completed the S/MIME 4.0 specifications and updates to support
i18n email addresses in PKIX certificates, the LAMPS WG is now tackling
these topics:

1. Specify a discovery mechanism for CAA records to replace the one
   described in RFC 6844.

2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME.

RFC 6844 describes the mechanism by which CAA records relating to a
domain are discovered.  Implementation experience has demonstrated an
ambiguity in the current processing of CNAME and DNAME records during
discovery.  Subsequent discussion has suggested that a different
discovery approach would resolve limitations inherent in the current

Unlike the previous hashing standards, the SHA-3 family of functions are
the outcome of an open competition.  They have a clear design rationale
and have received a lot of public analysis, which gives great confidence
that the SHA-3 family of functions are secure.  Also, since SHA-3 uses a
very different construction from SHA-2, the SHA-3 family of functions
offers an excellent alternative.  In particular, SHAKE128/256 and
SHAKE256/512 offer security and performance benefits.

In addition, the LAMPS Working Group may investigate other updates to 
the documents produced by the PKIX and S/MIME Working Groups, but the 
LAMPS Working Group shall not adopt any of these potential work items 
without rechartering.