Skip to main content

Limited Additional Mechanisms for PKIX and SMIME
charter-ietf-lamps-06

Document Charter Limited Additional Mechanisms for PKIX and SMIME WG (lamps)
Title Limited Additional Mechanisms for PKIX and SMIME
Last updated 2021-05-25
State Approved
WG State Active
IESG Responsible AD Deb Cooley
Charter edit AD Roman Danyliw
Send notices to (None)

charter-ietf-lamps-06

The PKIX and S/MIME Working Groups have been closed for some time. Some
updates have been proposed to the X.509 certificate documents produced
by the PKIX Working Group and the electronic mail security documents
produced by the S/MIME Working Group.

The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working
Group is chartered to make updates where there is a known constituency
interested in real deployment and there is at least one sufficiently
well specified approach to the update so that the working group can
sensibly evaluate whether to adopt a proposal.

The LAMPS WG is now tackling these topics:

  1. Specify the use of short-lived X.509 certificates for which no
    revocation information is made available by the Certification Authority.
    Short-lived certificates have a lifespan that is shorter than the time
    needed to detect, report, and distribute revocation information. As a
    result, revoking short-lived certificates is unnecessary and pointless.

  2. Update the specification for the cryptographic protection of email
    headers -- both for signatures and encryption -- to improve the
    implementation situation with respect to privacy, security, usability
    and interoperability in cryptographically-protected electronic mail.
    Most current implementations of cryptographically-protected electronic
    mail protect only the body of the message, which leaves significant
    room for attacks against otherwise-protected messages.

  3. The Certificate Management Protocol (CMP) is specified in RFC 4210,
    and it offers a vast range of certificate management options. CMP is
    currently being used in many different industrial environments, but it
    needs to be tailored to the specific needs of such machine-to-machine
    scenarios and communication among PKI management entities. The LAMPS
    WG will develop a "lightweight" profile of CMP to more efficiently
    support of these environments and better facilitate interoperable
    implementation, while preserving cryptographic algorithm agility. In
    addition, necessary updates and clarifications to CMP will be
    specified in a separate document. This work will be coordinated with
    the LWIG WG.

  4. Provide concrete guidance for implementers of email user agents to
    promote interoperability of end-to-end cryptographic protection of
    email messages. This may include guidance about the generation,
    interpretation, and handling of protected messages; management of
    the relevant certificates; documentation of how to avoid common
    failure modes; strategies for deployment in a mixed environment; as
    well as test vectors and examples that can be used by implementers
    and interoperability testing. The resulting robust consensus
    among email user agent implementers is expected to provide more
    usable and useful cryptographic security for email users.

  5. Recent progress in the development of quantum computers pose a
    threat to widely deployed public key algorithms. As a result,
    there is a need to prepare for a day when cryptosystems such as
    RSA, Diffie-Hellman, ECDSA, ECDH, and EdDSA cannot be depended
    upon in the PKIX and S/MIME protocols.

5.a. The US National Institute of Standards and Technology (NIST)
has a Post-Quantum Cryptography (PQC) effort to produce one or more
quantum-resistant public-key cryptographic algorithm standards.
The LAMPS WG will specify the use of these new PQC public key
algorithms with the PKIX certificates and the Cryptographic Message
Syntax (CMS). These specifications will use object identifiers
for the new algorithms that are assigned by NIST.

5.b. A lengthy transition from today's public key algorithms to
PQC public key algorithms is expected. Time will be needed to gain
full confidence in the new PQC public key algorithms.

5.b.i. The LAMPS WG will specify formats, identifiers, enrollment,
and operational practices for "hybrid key establishment" that
combines the shared secret values one or more traditional
key-establishment algorithm and one or more NIST PQC
key-establishment algorithm or a PQC key-establishment algorithm
vetted by the CFRG. The shared secret values will be combined using
HKDF (see RFC 5869), one of the key derivation functions in NIST
SP 800-56C, or a key derivation function vetted by the CFRG.

5.b.ii. The LAMPS WG will specify formats, identifiers, enrollment,
and operational practices for "dual signature" that combine one or
more traditional signature algorithm with one or more NIST PQC
signature algorithm or a PQC algorithm vetted by the CFRG.

In addition, the LAMPS WG may investigate other updates to documents
produced by the PKIX and S/MIME WG. The LAMPS WG may produce
clarifications where needed, but the LAMPS WG shall not adopt
anything beyond clarifications without rechartering.