RFC 3853 (rfc3853) - Page 3 of 6


S/MIME Advanced Encryption Standard (AES) Requirement for the Session Initiation Protocol (SIP)



Alternative Format: Original Text Document

< Previous
Next >


RFC 3853             S/MIME AES Requirement for SIP            July 2004


2.  Terminology

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
   RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
   described in BCP 14, RFC 2119 [2] and indicate requirement levels for
   compliant SIP implementations.

3.  S/MIME Ciphersuite Requirements for SIP

   The following updates the text of RFC 3261 Section 23.3, specifically
   the fifth bullet point.  The text currently reads:

   o  S/MIME implementations MUST at a minimum support SHA1 as a digital
      signature algorithm, and 3DES as an encryption algorithm.  All
      other signature and encryption algorithms MAY be supported.
      Implementations can negotiate support for these algorithms with
      the "SMIMECapabilities" attribute.

   This text is updated with the following:

   S/MIME implementations MUST at a minimum support RSA as a digital
   signature algorithm and SHA1 as a digest algorithm [5], and AES as an
   encryption algorithm (as specified in [4].  For key transport, S/MIME
   implementations MUST support RSA key transport as specified in
   section 4.2.1. of [5].  S/MIME implementations of AES MUST support
   128-bit AES keys, and SHOULD support 192 and 256-bit keys.  Note that
   the S/MIME specification [8] mandates support for 3DES as an
   encryption algorithm, DH for key encryption and DSS as a signature
   algorithm.  In the SIP profile of S/MIME, support for 3DES, DH and
   DSS is RECOMMENDED but not required.  All other signature and
   encryption algorithms MAY be supported.  Implementations can
   negotiate support for algorithms with the "SMIMECapabilities"
   attribute.

   Since SIP is 8-bit clean, all implementations MUST use 8-bit binary
   Content-Transfer-Encoding for S/MIME in SIP.  Implementations MAY
   also be able to receive base-64 Content-Transfer-Encoding.

4.  Security Considerations

   The migration of the S/MIME requirement from Triple-DES to AES is not
   known to introduce any new security considerations.








Peterson                    Standards Track


< Previous
Next >


Web Standards & Support:

Link to and support eLook.org Powered by LoadedWeb Web Hosting
Valid XHTML 1.0! Valid CSS! eLook.org FireFox Extensions