Liaison statement
Follow-up on Cryptographic Message Syntax communications

State Posted
Posted Date 2016-03-18
From Group SEC
From Contact Scott Mansfield
To Group ITU-T
To Contacts tsbsg17@itu.int
Ccitu-t-liaison@iab.org
Scott Mansfield
The IETF Chair
Stephen Farrell
Kathleen Moriarty
Response Contact Stephen Farrell
Kathleen Moriarty
Purpose In response
Attachments (None)
Liaisons referred by this one Response to liaison on Cryptographic Message Syntax
Security Area Response to Liaison on Cryptographic Message Syntax
LS/r on Cryptographic Message Syntax (reply to IETF Security Area)
Body
We have previously submitted a liaison [1] in reference to the  Cryptographic
Message Syntax (CMS) [RFC5652] in which we recommended that if new work on CMS
is felt to be needed, the best place to do that is in the IETF.  This ensures
interaction with the active community of editors, developers, and users of
that technology. 
 
In your response to our earlier liaison statement, you said two things.
 
 First:
"ITU-T SG17, Security, thanks IETF Security Area for the liaison response
about our draft Recommendation ITU-T X.cms. The main reason for the
development of X.cms is to have an ITU-T Recommendation containing all the
ASN.1 modules which are needed to implement Cryptographic Message Syntax with
no obsolete ASN.1 features like “ANY DEFINED BY”. For ITU-T to make
references,  we need CMS with ASN.1 specifications conform to the in force 
Edition of Rec. ITU-T X.680 series."

    You seem to be unaware of the work in 2010 that produced modern ASN.1
modules for CMS [RFC5911].

Second:
"We decided to postpone the Consent of draft Recommendation ITU-T  X.cms to
have the time to investigate the possibility to have an  updated IETF RFC that
fulfils our requirements. Our ASN.1 experts offer to participate in the work
on producing that IETF RFC."

    We note that the particular change proposed by [2] ("signcryption") could
be done in a backwards compatible and interoperable manner and also seems to
overlap with ISO 29150:2011 [3].  We remain open to discussions about such a
collaboration.

Regards,
Stephen Farrell/Kathleen Moriarty
IETF Security Area Directors

References:
[RFC5652] https://www.rfc-editor.org/rfc/rfc5652.txt
[RFC5911] https://www.rfc-editor.org/rfc/rfc5911.txt
[1] https://datatracker.ietf.org/liaison/1294/
[2]https://datatracker.ietf.org/liaison/1396/
[3] http://www.iso.org/iso/catalogue_detail.htm?csnumber=45173