Technical Summary
S/MIME version 3.1 introduced a mechanism to provide end-to-end
cryptographic protection of e-mail message headers. However, few
implementations generate messages using this mechanism, and several
legacy implementations have revealed rendering or security issues
when handling such a message.
This document updates the S/MIME specification (RFC8551) to offer a
different mechanism that provides the same cryptographic protections
but with fewer downsides when handled by legacy clients.
Furthermore, it offers more explicit usability, privacy, and security
guidance for clients when generating or handling e-mail messages with
cryptographic protection of message headers.
The Header Protection scheme defined here is also applicable to
messages with PGP/MIME cryptographic protections.
Working Group Summary
There was nothing notable in the WG review process. Refinements were made based on AD and ARTART IETF LC review.
This document was initially scheduled for IESG Review as -20. However, it was pulled back to the WG and was run through another WGLC/IETF LC to confirm the changes made due to redesign during the ARTART review and early IESG balloting.
Document Quality
There has been some code written, but so far, vendors of major email user
agents have not said whether they will implement. One did offer insightful
review of the Internet-Draft during WG Last Call.
Personnel
The Document Shepherd for this document is Russ Housley.
The Responsible Area Director is Roman Danyliw.