I-D Action: draft-freeman-plasma-requirements-09.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : Requirements for Message Access Control
        Authors         : Trevor Freeman
                          Jim Schaad
                          Patrick Patterson
	Filename        : draft-freeman-plasma-requirements-09.txt
	Pages           : 47
	Date            : 2014-02-13

Abstract:
  S/MIME has a proven track record in delving confidentiality, integrity
  and data origination authentication for email. However, there are many
  situations where organizations want robust access control applied to
  information in messages. The Enhanced Security Services (ESS) RFC5035
  for S/MIME defines an access control mechanism for email, but the
  access check happens after the data is decrypted by the recipient
  which devalues the protection afforded by the cryptography and
  provides very week guarantees of policy compliance. Another major
  issues for S/MIME is its dependency on a single type of identity
  credential, an X.509 certificate. Many users on the Internet today do
  not have X.509 certificates and therefore cannot use S/MIME.
  Furthermore, the requirement to discover the X.509 certificate for
  every recipient of an encrypted message by the sender has proven to be
  an unreliable process for a number of reasons.

  This document presents requirements for an alternative model to ESS to
  address the identified issues with access control to deliver more
  robust compliance with S/MIME protected messages. This document
  describes an access control model which uses cryptographic keys to
  enforce access control policy decisions where the policy check is
  performed prior to the decryption of the message contents. The model
  also abstracts the specifics of the authentication technology thereby
  removing the dependency on X.509 certificate making it possible for
  other forms of credential to be used for S/MIME enabling much broader
  adoption. This model can be instantiated in many areas using existing
  standards, or with only minor updates to existing standards. This
  model in not intended to be a one off just for email and can also be
  applied to other data types. The model also removes the dependency on
  the need to discover encryption certificates at send time.

  The name Plasma was assigned to this effort as part of the IETF
  process. It is derived from PoLicy enhAnced Secure eMAil.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-freeman-plasma-requirements/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-freeman-plasma-requirements-09

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-freeman-plasma-requirements-09


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt




[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux