NIST
S/MIME Activities
NIST is examining Secure Multipurpose Internet Mail Extension
(S/MIME) standards and products with a goal of improving the
security and interoperability of S/MIME products.
NIST has developed a Federal
S/MIME V3 Client Profile, (NIST Special Publication 800-49) for security and interoperability based on IETF
specifications. The profile includes all mandatory features of the
IETF RFCs with the EXCEPTION that implementation of RFC 2631
Diffie-Hellman Key Agreement cryptographic algorithm mandated in
IETF RFC 2630 is NOT required. (The IETF has deleted
mandatory implementation of the Diffie-Hellman Key Agreement
algorithm from the next/revised set of RFCs that will specify S/MIME
V3.) In addition, the profile mandates certain optional
features required for interoperability and security in secure email
products. The primary audience is federal agencies, but the profile
may be used by private sector and local governments as well.
NIST has an Internet-based
automated testing facility under development. This automated
"testbed" will help ensure conformance to the S/MIME V3 Client
profile, help ensure conformance to related specifications (RFCs),
and help ensure interoperability of S/MIME V3 products. As part of
the automated testing facility, a S/MIME V3 reference implementation
has been deployed. The reference implementation will include support
for both originator and recipient roles and will conform to the
proposed NIST S/MIME V3 security and interoperability profile,
including optional features. Thus, the reference implementation will
serve to validate not only S/MIME V3 implementations, but the NIST
profile as well. The test facility is expected to be available for
limited testing in the third quarter of 2003.
|