Liaison statement
Follow-up on Cryptographic Message Syntax communications

State Posted
Posted Date 2016-03-18
From Group SEC
From Contact Scott Mansfield
To Group ITU-T
To Contacts tsbsg17@itu.int
Ccitu-t-liaison@iab.org
Scott Mansfield
The IETF Chair
Stephen Farrell
Kathleen Moriarty
Response Contact Stephen Farrell
Kathleen Moriarty
Purpose In response
Attachments (None)
Liaisons referred by this one Response to liaison on Cryptographic Message Syntax
Security Area Response to Liaison on Cryptographic Message Syntax
LS/r on Cryptographic Message Syntax (reply to IETF Security Area)
Body
We have previously submitted a liaison [1] in reference to the  Cryptographic
Message Syntax (CMS) [RFC5652] in which we recommended that if new work on CMS
is felt to be needed, the best place to do that is in the IETF.  This ensures
interaction with the active community of editors, developers, and users of that
technology.

In your response to our earlier liaison statement, you said two things.

 First:
"ITU-T SG17, Security, thanks IETF Security Area for the liaison response about
our draft Recommendation ITU-T X.cms. The main reason for the development of
X.cms is to have an ITU-T Recommendation containing all the ASN.1 modules which
are needed to implement Cryptographic Message Syntax with no obsolete ASN.1
features like “ANY DEFINED BY”. For ITU-T to make references,  we need CMS with
ASN.1 specifications conform to the in force  Edition of Rec. ITU-T X.680
series."

    You seem to be unaware of the work in 2010 that produced modern ASN.1
    modules for CMS [RFC5911].

Second:
"We decided to postpone the Consent of draft Recommendation ITU-T  X.cms to
have the time to investigate the possibility to have an  updated IETF RFC that
fulfils our requirements. Our ASN.1 experts offer to participate in the work on
producing that IETF RFC."

    We note that the particular change proposed by [2] ("signcryption") could
    be done in a backwards compatible and interoperable manner and also seems
    to overlap with ISO 29150:2011 [3].  We remain open to discussions about
    such a collaboration.

Regards,
Stephen Farrell/Kathleen Moriarty
IETF Security Area Directors

References:
[RFC5652] https://www.rfc-editor.org/rfc/rfc5652.txt
[RFC5911] https://www.rfc-editor.org/rfc/rfc5911.txt
[1] https://datatracker.ietf.org/liaison/1294/
[2]https://datatracker.ietf.org/liaison/1396/
[3] http://www.iso.org/iso/catalogue_detail.htm?csnumber=45173