news@flab.fujitsu.co.jp Tue, 15 March 1994 04:44 UTC

Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: news@flab.fujitsu.co.jp
Date: Tue, 15 Mar 1994 12:55:06 -0000
Message-Id: <9403150355.AA14578@flab.flab.fujitsu.co.jp>
To: info-pem-dev@ames.arc.nasa.gov

Newsgroups: info.pem-dev
Path: kikn
From: kikn@flab.Fujitsu.Co.JP (Hiroaki KIKUCHI)
Subject: FJPEM1.0, trial run on WIDE Internet in Japan
Message-ID: <KIKN.94Mar15125405@oden.flab.Fujitsu.Co.JP>
Sender: news@flab.fujitsu.co.jp
Nntp-Posting-Host: oden.center.flab.fujitsu.co.jp
Organization: I.P.N.C., Fujitsu Laboratories Ltd., Atsugi, Japan
Distribution: info
Date: Tue, 15 Mar 1994 03:54:05 GMT
Lines: 110

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type:4,MIC-CLEAR
Content-Domain:RFC822
Originator-Certificate:
 MIIBwjCCAWACAT4wDQYJKoZIhvcNAQECBQAwPjELMAkGA1UEBhMCSlAxDTALBgNV
 BAoTBFdJREUxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTkz
 MTExMDAzMDEwMFoXDTk0MTExMDAzMDEwMFowgY0xCzAJBgNVBAYTAkpQMSIwIAYD
 VQQKExlGdWppdHN1IExhYm9yYXRvcmllcyBMdGQuMRowGAYDVQQLExFJUCBOZXR3
 b3JrIENlbnRlcjE+MBYGA1UEAxMPSGlyb2FraSBLaWt1Y2hpMCQGCSqGSIb3DQEJ
 ARYXa2lrbkBmbGFiLmZ1aml0c3UuY28uanAwXDANBgkqhkiG9w0BAQEFAANLADBI
 AkEAoJXyFASQxFnwxT9QrrsVB7eGIIjh6R6VyHKcTr67i9UuKkhsYZqWq90+Ayqb
 wwtr33M+IyoWMudXe3n3DDS7NwIDAQABMA0GCSqGSIb3DQEBAgUAA00ASmshTiOd
 Ht3oq7proqr0nW38M5BNGLCbyFLeXJXZ4QBQ6JD/Kc/w4t5FEAZwKs+2lgfx7dCu
 m2NMEfTMBmC94KIW1a0v9B2DqI7QtZ==
Issuer-Certificate:
 MIIBfjCCARwCATwwDQYJKoZIhvcNAQECBQAwPjELMAkGA1UEBhMCSlAxDTALBgNV
 BAoTBFdJREUxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTkz
 MTEwOTAwMDAwMFoXDTk2MTEwOTAwMDAwMFowPjELMAkGA1UEBhMCSlAxDTALBgNV
 BAoTBFdJREUxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MGgwDQYJ
 KoZIhvcNAQEBBQADVwAwVAJNAG9zTm8/Lpu3bvxog7283OdT0oSPL2v7Vf9bqQQ+
 INVW5pZyTqQnvH8hEbTSCln/Vdjdph6j10k43WcPtSthSB4ggysVGXdHW3yQTAkC
 AwEAATANBgkqhkiG9w0BAQIFAANNADuEnfRO5r342YWhnYyn6ETxIU6dzd4JMbKg
 TzOrp0hQQtgF/9HxkhjE49NUP00VerZPKQUu7ppt2+v/ZFahBlOIhSQl3J8gUWLj
 Ie2=
MIC-Info: RSA-MD5,RSA,
 WIZ4J8oT0o9M0lLLm6xtHYnbu679kQABA4zN+D3kWd/MBxFAndtTPUKKxVpB/uAK
 8sWQs+tsD5it0EReDXHBJY==

Dear PEM developers,

On March 4th, we have started a trial run of PEM on WIDE Internet,
the biggest Japanese academic Internet. We have now about 170 users
from 63 domains including companies and universities. Our implementation,
FJPEM ver1.0, uses Osisec RSA library, GNU DES library, MD2, MD5 message 
digest, and base 64 encoding function. 

FJPEM is now running on about 10 platforms including Sun, Sony, 
IBM, and (of course) Fujitsu.
We have some interfaces to several MTAs; mhe, rmail, VM, mh.

The followings are the FJPEM specific extensions to RFC standards.

	1. Specifying DNS email addresses in Traditional DN's

	Since X.500 directory service is not so popular yet in Japan,
	we encode rfc822 style (DNS) email address in traditional DN,
	as shown the portion of this messages. For example, my certificate
	contains 

		<{C=JP}, {O="Fujitsu Laboratories Ltd."}, {OU="IP Network 
		Center"}, 
		{CN={"Hiroaki Kikuchi", RM="kikn@flab.fujitsu.co.jp"}}>.

	2. Extended canonical form for Japanese characters

	Our Japanese use several variations of Japanese Industrial Standard
	(JIS) code to communicate within Japanese Internet, just like
	ASCII and EBCDIC. In addition, these are often translated by
	MTAs or MTUs automatically. So we have to be careful
	when we communicate with MIC-CLEAR.

	FJPEM unifies several JIS codes when MIC is calculated
	on both sides.
	
	3. Single CA, and Multi notary

	We have only single certification authority, called WIDE-CA.
	Instead of partitioning WIDE Internet with several CAs, we
	decided to have a unique CA which issues only by PEM-signed certificate
	requests. Thus, every PEM user have to be authenticated by
	some other PEM user, who is called "notary".
	There are eleven organizational notaries currently available in Japan.

	4. Certificate server.

	To retrieve certificates, we use RFC954 (WHOIS) protocol.
	Try 
		% whois -h keyserv.fujitsu.co.jp jp

	which shows all PEM users in WIDE Internet.

I am curious to learn how other CAs are operated and certified each other.
Here are my questions.

	Q1. How many PEM users in the world/each CA?

	I heard there are Low-assurance CA and TIS's commercial CA in U.S. 
	and many CAs in Europa.

	Q2. For each CA, how to authenticate certificate requesters 
	for the first time? (Does PEM users have to send something 
	like a photographed ID together ?)

	Q3. Does Internet Policy Registration Authority (IPRA) establish?
	If so, how to register our Policy and how to be certified by it.


We would like to thank Burton S. Kaliski, Steve Dusse, and 
Jeff Thompson at RSA Laboratories, and Peter Williams at University 
College London for their advises.
%-------------------------------------------------------------------------
%  KIKUCHI Hiroaki, Info. Proc. Network Center, Atsugi, Fujitsu Labs. Ltd.
%  Nifty RHD01353, Tel +81-462-48-3111(Ext 3852) Facsimile +81-462-48-3233
%-------------------------------------------------------------------------
-----END PRIVACY-ENHANCED MESSAGE-----
--
%-------------------------------------------------------------------------
%  KIKUCHI Hiroaki, Info. Proc. Network Center, Atsugi, Fujitsu Labs. Ltd.
%  Nifty RHD01353, Tel +81-462-48-3111(Ext 3852) Facsimile +81-462-48-3233
%-------------------------------------------------------------------------

news