Liaison statement
Follow-up on Cryptographic Message Syntax communications
Additional information about IETF liaison relationships is available on the
IETF webpage
and the
Internet Architecture Board liaison webpage.
State | Posted |
---|---|
Submitted Date | 2016-03-18 |
From Group | SEC |
From Contact | Scott Mansfield |
To Group | ITU-T |
To Contacts | tsbsg17@itu.int |
Cc | itu-t-liaison@iab.org Scott Mansfield <Scott.Mansfield@Ericsson.com> The IETF Chair <chair@ietf.org> Stephen Farrell <stephen.farrell@cs.tcd.ie> Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> |
Response Contact | Stephen Farrell <stephen.farrell@cs.tcd.ie> Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> |
Purpose | In response |
Attachments | (None) |
Liaisons referred by this one |
Response to liaison on Cryptographic Message Syntax
Security Area Response to Liaison on Cryptographic Message Syntax LS/r on Cryptographic Message Syntax (reply to IETF Security Area) |
Body |
We have previously submitted a liaison [1] in reference to the Cryptographic Message Syntax (CMS) [RFC5652] in which we recommended that if new work on CMS is felt to be needed, the best place to do that is in the IETF. This ensures interaction with the active community of editors, developers, and users of that technology. In your response to our earlier liaison statement, you said two things. First: "ITU-T SG17, Security, thanks IETF Security Area for the liaison response about our draft Recommendation ITU-T X.cms. The main reason for the development of X.cms is to have an ITU-T Recommendation containing all the ASN.1 modules which are needed to implement Cryptographic Message Syntax with no obsolete ASN.1 features like “ANY DEFINED BY”. For ITU-T to make references, we need CMS with ASN.1 specifications conform to the in force Edition of Rec. ITU-T X.680 series." You seem to be unaware of the work in 2010 that produced modern ASN.1 modules for CMS [RFC5911]. Second: "We decided to postpone the Consent of draft Recommendation ITU-T X.cms to have the time to investigate the possibility to have an updated IETF RFC that fulfils our requirements. Our ASN.1 experts offer to participate in the work on producing that IETF RFC." We note that the particular change proposed by [2] ("signcryption") could be done in a backwards compatible and interoperable manner and also seems to overlap with ISO 29150:2011 [3]. We remain open to discussions about such a collaboration. Regards, Stephen Farrell/Kathleen Moriarty IETF Security Area Directors References: [RFC5652] https://www.rfc-editor.org/rfc/rfc5652.txt [RFC5911] https://www.rfc-editor.org/rfc/rfc5911.txt [1] https://datatracker.ietf.org/liaison/1294/ [2]https://datatracker.ietf.org/liaison/1396/ [3] http://www.iso.org/iso/catalogue_detail.htm?csnumber=45173 |