Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

X.509 Certificate Extension for Secure/Multipurpose Internet Mail Extensions (S/MIME) Capabilities (RFC4262)

IP.com Disclosure Number: IPCOM000132444D
Original Publication Date: 2005-Dec-01
Included in the Prior Art Database: 2005-Dec-16
Document File: 6 page(s) / 10K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Santesson: AUTHOR

Abstract

This document defines a certificate extension for inclusion of Secure/Multipurpose Internet Mail Extensions (S/MIME) Capabilities in X.509 public key certificates, as defined by RFC 3280. This certificate extension provides an optional method to indicate the cryptographic capabilities of an entity as a complement to the S/MIME Capabilities signed attribute in S/MIME messages according to RFC 3851.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 29% of the total text.

Network Working Group                                       S. Santesson
Request for Comments: 4262                                     Microsoft
Category: Standards Track                                  December 2005


                    X.509 Certificate Extension for
   Secure/Multipurpose Internet Mail Extensions (S/MIME) Capabilities

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document defines a certificate extension for inclusion of
   Secure/Multipurpose Internet Mail Extensions (S/MIME) Capabilities in
   X.509 public key certificates, as defined by RFC 3280.  This
   certificate extension provides an optional method to indicate the
   cryptographic capabilities of an entity as a complement to the S/MIME
   Capabilities signed attribute in S/MIME messages according to RFC
   3851.

1.  Introduction

   This document defines a certificate extension for inclusion of S/MIME
   Capabilities in X.509 public key certificates, as defined by RFC 3280
   [RFC3280].

   The S/MIME Capabilities attribute, defined in RFC 3851 [RFC3851], is
   defined to indicate cryptographic capabilities of the sender of a
   signed S/MIME message.  This information can be used by the recipient
   in subsequent S/MIME secured exchanges to select appropriate
   cryptographic properties.

   However, S/MIME does involve also the scenario where, for example, a
   sender of an encrypted message has no prior established knowledge of
   the recipient's cryptographic capabilities through recent S/MIME
   exchanges.

Santesson                   Standards Track                     [Page 1]
RFC 4262             S/MIME Capabilities Extensions        December 2005


   In such a case, the sender is forced to rely on out-of-band means or
   its default configuration to select a content encryption algorithm
   for encrypted messages to recipients with unknown capabilities.  Such
   default configuration may, however, be incompatible with the
   recipient's capabilities and/or security policy.

   The solution defined in this specification leverages the fact that
   S/MIME encryption requires possession of the recipient's public key
   certificate.  This certificate already contains information about the
   recipient's public key and the cryptographic capabilities of this
   key.  Through the extension mechanism defined in th...