Skip to main content

Liaison statement
Follow-up on Cryptographic Message Syntax communications

Additional information about IETF liaison relationships is available on the IETF webpage and the Internet Architecture Board liaison webpage.
State Posted
Submitted Date 2016-03-18
From Group SEC
From Contact Scott Mansfield
To Group ITU-T
To Contacts
Scott Mansfield <>
The IETF Chair <>
Stephen Farrell <>
Kathleen Moriarty <>
Response Contact Stephen Farrell <>
Kathleen Moriarty <>
Purpose In response
Attachments (None)
Liaisons referred by this one Response to liaison on Cryptographic Message Syntax
Security Area Response to Liaison on Cryptographic Message Syntax
LS/r on Cryptographic Message Syntax (reply to IETF Security Area)
We have previously submitted a liaison [1] in reference to the  Cryptographic
Message Syntax (CMS) [RFC5652] in which we recommended that if new work on CMS
is felt to be needed, the best place to do that is in the IETF.  This ensures
interaction with the active community of editors, developers, and users of that

In your response to our earlier liaison statement, you said two things.

"ITU-T SG17, Security, thanks IETF Security Area for the liaison response about
our draft Recommendation ITU-T X.cms. The main reason for the development of
X.cms is to have an ITU-T Recommendation containing all the ASN.1 modules which
are needed to implement Cryptographic Message Syntax with no obsolete ASN.1
features like “ANY DEFINED BY”. For ITU-T to make references,  we need CMS with
ASN.1 specifications conform to the in force  Edition of Rec. ITU-T X.680

    You seem to be unaware of the work in 2010 that produced modern ASN.1
    modules for CMS [RFC5911].

"We decided to postpone the Consent of draft Recommendation ITU-T  X.cms to
have the time to investigate the possibility to have an  updated IETF RFC that
fulfils our requirements. Our ASN.1 experts offer to participate in the work on
producing that IETF RFC."

    We note that the particular change proposed by [2] ("signcryption") could
    be done in a backwards compatible and interoperable manner and also seems
    to overlap with ISO 29150:2011 [3].  We remain open to discussions about
    such a collaboration.

Stephen Farrell/Kathleen Moriarty
IETF Security Area Directors