Re: Evaluation: draft-ietf-impp-im - Common Profile for InstantMessaging (CPIM)

[hardie@qualcomm.com]

At 10:38 PM -0400 8/6/03, Steven M. Bellovin wrote:
> In message <200307241803.OAA18923@ietf.org>, IESG Secretary writes:
> > Last Call to expire on: 2003-06-27
> >
> >         Please return the full line with your position.
> >
> >                       Yes  No-Objection  Discuss  Abstain
> > Steve Bellovin       [   ]     [   ]     [   ]     [   ]
> draft-ietf-impp-cpim-msgfmt
> 	Why isn't it using S/MIME or CMS used?  The problem statement
> 	sounds about the same.
>
> 	(I'd really like Russ to see these documents; he's the S/MIME
> 	expert.)
In section 4 of draft-ietf-impp-im, this covers the use of s/mime and
cms:

   When end-to-end security is required, the message operation MUST use
   MSGFMT, and MUST secure the MSGFMT MIME body with S/MIME [8], with
   encryption (CMS EnvelopeData) and/or S/MIME signatures (CMS
   SignedData).

Is this needed in draft-ietf-impp-cpim-msgfmt as well, or is there something
else needed entirely?



> draft-ietf-impp-pres-03.txt
> draft-ietf-impp-im-03.txt
> 	S/MIME AES has been published as an RFC.  (Fixable with an
> 	RFC editor note.)
Thanks for catching this.
				Ted



> 		--Steve Bellovin, http://www.research.att.com/~smb