Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Federal S/MIME V3 Client Profile

Published

Author(s)

C M. Chernick

Abstract

S/MIME (Secure / Multipurpose Internet Mail Extensions) is a set of specifications for securing electronic mail. S/MIME is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer's certificate(s).The S/MIME specifications were designed to promote interoperable secure electronic mail, such that two compliant implementations would be able to communicate securely with one another. However, implementations may support different optional services, and the specifications may unintentionally allow multiple interpretations. As a result, different implementations of S/MIME may not be fully interoperable or provide the desired level of security.The S/MIME specifications rely on cryptographic mechanisms and public key infrastructures (PKI) to provide security services. If the cryptographic and PKI components that are used to support the S/MIME implementation are sufficiently robust, users can obtain additional assurance that sufficiently strong cryptographic algorithms are used, and that procedures are in place to protect sensitive information.Conformance to this profile helps to assure that S/MIME implementations will be able to interoperate and provide reasonable assurance to users.NIST has developed this S/MIME client profile as guidance in the development and procurement of commercial-off-the-shelf (COTS) S/MIME-compliant products. This profile identifies requirements for a secure and interoperable S/MIME V3 client implementation. (S/MIME Version 3 is the latest version of S/MIME.)
Citation
Special Publication (NIST SP) - 800-49
Report Number
800-49

Keywords

federal IT profile, interoperability of secure electronic ma, S/MIME profile, secure e-mail standards

Citation

Chernick, C. (2002), Federal S/MIME V3 Client Profile, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=151256 (Accessed July 22, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created November 5, 2002, Updated February 19, 2017