A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Requirements for Message Access Control
Authors : Trevor Freeman
Jim Schaad
Patrick Patterson
Filename : draft-freeman-plasma-requirements-09.txt
Pages : 47
Date : 2014-02-13
Abstract:
S/MIME has a proven track record in delving confidentiality, integrity
and data origination authentication for email. However, there are many
situations where organizations want robust access control applied to
information in messages. The Enhanced Security Services (ESS) RFC5035
for S/MIME defines an access control mechanism for email, but the
access check happens after the data is decrypted by the recipient
which devalues the protection afforded by the cryptography and
provides very week guarantees of policy compliance. Another major
issues for S/MIME is its dependency on a single type of identity
credential, an X.509 certificate. Many users on the Internet today do
not have X.509 certificates and therefore cannot use S/MIME.
Furthermore, the requirement to discover the X.509 certificate for
every recipient of an encrypted message by the sender has proven to be
an unreliable process for a number of reasons.
This document presents requirements for an alternative model to ESS to
address the identified issues with access control to deliver more
robust compliance with S/MIME protected messages. This document
describes an access control model which uses cryptographic keys to
enforce access control policy decisions where the policy check is
performed prior to the decryption of the message contents. The model
also abstracts the specifics of the authentication technology thereby
removing the dependency on X.509 certificate making it possible for
other forms of credential to be used for S/MIME enabling much broader
adoption. This model can be instantiated in many areas using existing
standards, or with only minor updates to existing standards. This
model in not intended to be a one off just for email and can also be
applied to other data types. The model also removes the dependency on
the need to discover encryption certificates at send time.
The name Plasma was assigned to this effort as part of the IETF
process. It is derived from PoLicy enhAnced Secure eMAil.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-freeman-plasma-requirements/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-freeman-plasma-requirements-09
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-freeman-plasma-requirements-09
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
