Wow, thanks for finding this! I’m sure that enterprises would prefer using S/MIME. We should definitely review this and work to restore S/MIME in TRUSTNOONE if we believe it is appropriate.
Cheers,
Smith
---
Smith Kennedy
smith.kennedy at hp.com
On Apr 21, 2021, at 4:28 AM, Michael Sweet via ipp <ipp at pwg.org> wrote:
All,
Somehow we missed this, but the IETF published an update to S/MIME in April of 2019:
https://tools.ietf.org/html/rfc8551<https://tools.ietf.org/html/rfc8551>
Among other things, this update addresses the EFAIL cryptographic vulnerability in S/MIME by adding support for some new cipher suites with Galois/Counter Mode (GCM) instead of the old (insecure) Cipher Block Chaining (CBC) mode.
Using S/MIME bring the advantage that it shares most of the infrastructure that is already in place for TLS, particularly when it comes to trusting a third party. PGP depends on the "web of trust" for this and may not be as attractive to some.
Thoughts?
________________________
Michael Sweet
_______________________________________________
ipp mailing list
ipp at pwg.orghttps://www.pwg.org/mailman/listinfo/ipp<https://www.pwg.org/mailman/listinfo/ipp>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20210421/b2b95da8/attachment.html>