Internet Draft                                 Authors:  Blake Ramsdell,
draft-ramsdell-enc-smime-gateway-00.txt        Tumbleweed Communications
July 12, 2001                                  Ben Littauer, Consultant
Expires January 12, 2002                       Massachusetts Health Data
                                               Consortium

                                   
                        S/MIME Gateway Protocol

Status of this memo

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups.  Note that other
groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.


1. Overview

In addition to desktop-to-desktop security, S/MIME can be used for
server-to-server encryption between cooperating domains. This document
will describe a method for implementing server-to-server (gateway)
encryption with S/MIME.


1.1 Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [MUSTSHOULD].


1.2 Discussion of This Draft

<TBD>


2. Problem Overview

In order to prevent exposure of confidential content in e-mail
messages traversing the Internet, it is desirable to encrypt such
traffic between cooperating domains.  S/MIME provides the protocol and
message format for such encryption, but conventions must be
established for domain-level certificates to enable an encrypting
gateway to recognize when a message is going to a foreign domain that
requires encryption.

Note that an encryption gateway is not a signing entity for purposes
of this protocol.  Signing at the domain level is an important
function, but it is beyond the scope of this memo, and is being
addressed by the Domain Security effort as published in [DOMSEC].


3. Message Structure Overview

An encrypted message as described in [SMIMEV3MSG] or [SMIMEv2MSG] is
used in an S/MIME gateway context.  A gateway-encrypted message will
simply encapsulate an existing MIME or S/MIME message in an encryption
"wrapper".


4. Domain Certificates

A gateway is associated with one or more domains or sub-domains.
Messages between gateways are handled based on their domains, not on
the basis of individual addressees.  Gateway certificates are called
"Domain Certificates", and have the same format as S/MIME Version 3
certificates [SMIMEV3CERT] with the exception that the subject DN or a
subjectAltName extension MUST list at least one Internet mail domain
of the form "smg_encryptor@domain".  Multiple domains that are handled
by a gateway MAY be listed in a single certificate, or multiple
certificates MAY be used.

Note that the naming convention in use here uses the same notion of
domain "membership" as that used in [DOMSEC] section 3.1.1.  Loosely,
an entity is a member of a domain if its RFC-822 address has the
domain as its rightmost component.  Note further that the gateway must
process ô@domainö components in order from most specific to least
specific, i.e. if it holds domain certificates for both <sub.domain>
and domain, it MUST use the certificate for <sub.domain> when sending
to a recipient in <sub.domain>, even though the recipient is also a
member of <domain>.


5. Message Processing

An S/MIME Gateway must be associated with one or more domains.  A
message received for processing by the gateway is defined to be
"outbound" if the originator of the message is a member of one of the
domains associated with the gateway.  All other messages are defined
to be "inbound".


5.1 Outbound Message Processing

S/MIME gateway outbound processing is as follows:

When a message is received with a destination within a domain for
which the gateway has a domain certificate, the gateway MUST perform
S/MIME encryption with the domain certificate for that destination.

Mechanisms for the lookup and validity checking of destination mail
gateway certificates are beyond the scope of this document.


5.2 Inbound Message Processing

S/MIME gateway inbound processing is as follows, if a message is
received encrypted using the public key contained in the gatewayÆs
domain certificate:

  1.   The gateway MUST perform S/MIME decryption of the message.
  2.   If the decryption is unsuccessful, the gateway will process the
     failure according to local convention (log an event, etc.) The gateway
     MUST NOT relay the encrypted message onto the next hop.
  3.   The gateway MUST relay the decrypted message to the next hop.

Any other message SHOULD be relayed unaltered.


6. Security Considerations

If the gateway has valid certificates for some, but not all of the
domains represented by recipients of the outbound message, there is a
security issue, namely that the message may be encrypted on the
Internet for some destinations, but not others.  Of course, this
increases the risk of exposure for that message.  A gateway SHOULD
provide an administrative option to prevent transmission of a message
to a secured and un-secured recipient in order to reduce this risk.


A. References

[SMIMEV3MSG] "S/MIME Version 3 Message Specification", RFC 2633

[SMIMEV2MSG] "S/MIME Version 2 Message Specification", RFC 2311

[DOMSEC] "Domain Security Services using S/MIME",
http://www.ietf.org/internet-drafts/draft-ietf-smime-domsec-08.txt

[SMIMEV3CERT] "S/MIME Version 3 Certificate Handling", RFC 2632

[MUSTSHOULD] "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119


B. Acknowledgements

Comments were made by members of the staffs of: CareGroup,
Massachusetts Health Data Consortium, Tumbleweed Communications,
Baltimore Technologies, Dica Technologies, .TFS Technologies, Vanguard
Security Technologies, and Viasec (RIP).


C. Changes from last draft

Revision û01 (Littauer)
Moved handling of message to multiple domains, some secured, some not,
to ôSecurity Considerations Sectionö.
Added note regarding of handling of sub-domains in Domain Certificates
section.

Revision û02 (Littauer and Ramsdell)
Changed status from draft to informational.
Cleaned up formatting
Revised reference to latest domsec draft (-08)
Added acknowledgements


D. AuthorsÆ addresses

Blake Ramsdell
Tumbleweed Communications
17720 NE 65th St Ste 201
Redmond, WA 98052
+1 425 376 0225
blake.ramsdell@tumbleweed.com

Ben Littauer
Consultant for Massachusetts Health Data Consortium
1 Moon Hill Road
Lexington, MA 02421
+1 781 862 8784
littauer@blkk.com