Technical Summary
S/MIME version 3.1 introduced a mechanism to provide end-to-end
cryptographic protection of e-mail message headers. However, few
implementations generate messages using this mechanism, and several
legacy implementations have revealed rendering or security issues
when handling such a message.
This document updates the S/MIME specification ([RFC8551]) to offer a
different mechanism that provides the same cryptographic protections
but with fewer downsides when handled by legacy clients. The Header
Protection schemes described here are also applicable to messages
with PGP/MIME cryptographic protections. Furthermore, this document
offers more explicit guidance for clients when generating or handling
e-mail messages with cryptographic protection of message headers.
Working Group Summary
Was there anything in the WG process that is worth noting?
For example, was there controversy about particular points
or were there decisions where the consensus was
particularly rough?
Document Quality
Are there existing implementations of the protocol? Have a
significant number of vendors indicated their plan to
implement the specification? Are there any reviewers that
merit special mention as having done a thorough review,
e.g., one that resulted in important changes or a
conclusion that the document had no substantive issues? If
there was a MIB Doctor, Media Type, or other Expert Review,
what was its course (briefly)? In the case of a Media Type
Review, on what date was the request posted?
Personnel
The Document Shepherd for this document is Russ Housley. The Responsible
Area Director is Roman Danyliw.
IANA Note
(Insert IANA Note here or remove section)