ANNOUNCE: TIS/MOSS 7.2 (with support for FORTEZZA)

[Jeff Cook <jvc@tis.com>]

Trusted Information Systems, Inc. (TIS) is pleased to provide TIS/MOSS, a
reference implementation of MIME Object Security Services (MOSS).
TIS/MOSS is a security toolkit that provides digital signature and
encryption services for MIME objects.  TIS/MOSS includes the "glue"
necessary for integration with Version 6.8.3 of the Rand MH Message
Handling System, in addition to generic Bourne shell scripts that make it
possible to use it with email user agents supporting UNIX shell escapes.

In order to foster acceptance of MOSS and provide the community with a
usable, working version of this technology, TIS/MOSS is being made
available for broad use on the following basis.

TIS/MOSS is distributed in source code form, with all modules written in
the C programming language.  It runs on many UNIX derived platforms.  It
includes a DOS compilation directive that facilitates its port to
DOS/WINDOWS.

TIS/MOSS requires RSAREF, a cryptographic toolkit distributed by RSA Data
Security, Inc. (RSADSI).  TIS/MOSS makes use of undocumented features of
RSAREF.  RSADSI has given permission for users of TIS/MOSS to use these
features, subject to the terms and conditions of both the TIS/MOSS and
RSAREF licenses, as distributed with each software package.

TIS/MOSS now supports the FORTEZZA cryptographic PCMCIA card and algorithm
suite, using either the Litronic or SPYRUS drivers.

TIS/MOSS is a product of Trusted Information Systems, Inc.  It may be used
by organizations and users for exchanging MOSS email messages, subject to
the terms and conditions of its license.  Enclosed below is the TIS/MOSS
Frequently Asked Questions, which includes instructions on how to retrieve
the software.

TIS/MOSS is export controlled by the U.S. Government.  As a result it is
only available to U.S. and Canadian sites and individuals.  Please see
the FAQ (enclosed below) for more information.


		  TIS/MOSS Frequently Asked Questions
		      Last Updated 28 August 1996
	 Send questions and comments to tismoss-support@tis.com

Questions answered:

   0) What is TIS/MOSS?
   1) What is MIME Object Security Services (MOSS)?
   2) What is MIME?
   3) How does MOSS compare to PEM, PGP, and S/MIME?
   4) Where are MIME, MOSS, PEM, PGP, and S/MIME defined?
   5) Are there implementations of MOSS available?
   6) How do I get TIS/MOSS?
   7) Why is TIS/MOSS only available in the US and Canada?
   8) Are special privileges (e.g., root access) required to install
      TIS/MOSS?
+  9) What cryptographic algorithm suites are supported by TIS/MOSS?
  10) What about integrating TIS/MOSS into email user agents?
  11) What about DOS and other non-UNIX platforms?
  12) Is there a forum for MOSS users and developers?
  13) What about certificates?
* 14) What is the Internet Certification hierarchy?
  15) What if I have questions or problems with TIS/MOSS?

 * means that this entry has been recently updated.
 + means that this entry has been added recently.


0
Q: What is TIS/MOSS?

A: Trusted Information Systems' implementation of MIME Object Security
   Services (MOSS).  It is a security toolkit that provides digital
   signature and encryption services for MIME objects.

1
Q: What is MIME Object Security Services (MOSS)?

A: MOSS is a Privacy Enhanced Mail (PEM) derivative that is a Proposed
   Internet Standard (RFC 1847 & RFC 1848) for adding security
   services to Multi-purpose Internet Mail Extensions (MIME).  It uses
   the cryptographic techniques of digital signature and encryption to
   provide origin authentication, integrity, and confidentiality to
   MIME objects.  Users of MOSS can know who originated a message,
   that the message has not been changed en route, and that the message
   was kept secret from everyone except the intended recipients.

   MOSS depends on the existence of public/private key pairs to
   support its security services.  Users must exchange public keys
   with those other users with whom they wish to exchange MOSS email.
   This may be accomplished manually, via mechanisms available in the
   protocol, via X.509 certificates, or any other suitable mechanism.

2
Q: What is MIME?

A: MIME is an Internet Standard (RFC 1521) that defines the format of
   email message bodies to allow multi-part textual and non-textual
   message bodies to be represented and exchanged without loss of
   information.  MIME does for message bodies what RFC822 does for
   message headers.

3
Q: How does MOSS compare to PEM, PGP, and S/MIME?

   PEM provides digital signature and encryption services to text-based
   electronic mail.  It depends on X.509 certificates that are issued
   within the Internet certification hierarchy.  PEM is a standard in
   the Internet.

   PGP can provide the same services.  It is not integrated with MIME
   (although MIME can carry a PGP object) so the interpretation of the
   protected content is necessarily user controlled.  PGP depends on
   public/private key pairs and does not support X.509 certificates.
   PGP is not a standard.

   S/MIME provides the same services.  It is not integrated with MIME
   although it is intended to be carried by MIME.  S/MIME is an RSADSI
   standard.

   MOSS is a PEM derivative.  It integrates the security services of PEM
   and the user friendly functions of PGP with MIME, taking advantage of
   the extensive structuring and formatting facilities of MIME.  MOSS is
   a standard in the Internet.

4
Q: Where are MIME, MOSS, PEM, PGP, and S/MIME defined?

A: MIME, MOSS, and PEM are Internet standards and are published as RFCS.
   RFCs may be found in your favorite RFC repository.  Details on
   obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL
   message to "rfc-info@ISI.EDU" with the message body "help:
   ways_to_get_rfcs".  For example:

        To: rfc-info@ISI.EDU
        Subject: getting rfcs

        help: ways_to_get_rfcs

   Copies of the MOSS-related RFCs are available via anonymous ftp
   from ftp.tis.com in the /pub/MOSS/doc directory.

   PGP is defined by the document distributed with the software.

   S/MIME is defined in the PKCS series of RSADSI standards.  They may
   be obtained on the host "ftp.rsa.com" via anonymous FTP.

5
Q: Are there implementations of MOSS available?

A: Yes, Trusted Information Systems (TIS), under ARPA sponsorship, has
   released a reference implementation of MOSS (TIS/MOSS) to the
   Internet community.

   TIS/MOSS is a UNIX-based implementation that is easily integrated
   with email user agents.  TIS/MOSS includes the "glue" necessary for
   integration with Version 6.8.3 of the Rand MH Message Handling
   System.  In addition, it includes generic Bourne shell scripts that
   make it possible to use it with email user agents supporting UNIX
   shell escapes.

   The source code is openly available in the United States and Canada
   for non-commercial use.  The current version of TIS/MOSS is 7.2.

   Vendors interested in including TIS/MOSS in their products or
   integrating it with their services should contact Trusted Information
   Systems about licensing Trusted Mail (tm) by sending email to
   tismoss-support@tis.com.

6
Q: How do I get TIS/MOSS?

A: TIS/MOSS is available via anonymous ftp in the United States and
   Canada to US and Canadian citizens and people with a US "green
   card."  To retrieve TIS/MOSS please FTP to

     host:   ftp.tis.com
     login:  anonymous

   and retrieve the files

     pub/MOSS/README
     pub/MOSS/LICENSE
     pub/MOSS/BUGS

   The README file contains further instructions.  

7
Q: Why is TIS/MOSS only available in the US and Canada?

A: The export from the United States of the cryptography used in
   TIS/MOSS is controlled by the United States government.

8
Q: Are special privileges (e.g., root access) required to install TIS/MOSS?

A: No.

9
Q: What cryptographic algorithm suites are supported by TIS/MOSS?

A: Two algorithm suites are currently supported by TIS/MOSS.  The first
   is the suite that uses either MD2 or MD5 for hashing, uses RSA for
   signature and key exchange, and uses DES for encryption.  The second
   is the suite of algorithms supported by the FORTEZZA cryptographic
   PC card.  In the FORTEZZA suite, SHA-1 is used for hashing, DSA for
   signature, KEA for key exchange, and Skipjack-CBC for encryption.
   The Internet Draft entitled "Privacy Enhancement for Internet
   Electronic Mail: Part IIIB: Algorithms, Modes, and Identifiers for
   FORTEZZA Cryptography" describes the integration of FORTEZZA with MOSS. 

10
Q: What about integrating TIS/MOSS into email user agents?

A: TIS/MOSS includes "glue", in the form of shell scripts, to integrate
   it with the Rand MH Message Handling System version 6.8.3.  It also
   includes generic scripts that make the services accessible to any
   UNIX application that supports shell escapes.  If you integrate
   TIS/MOSS with a popular email user agent, we would be happy to make
   it available to others.

11
Q: What about DOS and other non-UNIX platforms?

A: TIS/MOSS has been ported to DOS and includes a DOS compiler option
   that may be set to facilitate its installation in DOS environments.
   It has also been ported to Macintosh although it does not yet include
   a MAC compiler option.  If you port TIS/MOSS to other platforms, we
   would be happy to make the changes available to others.

12
Q: Is there a forum for MOSS users and developers?

A: Yes, there is an email list for users of TIS/MOSS called
   "tismoss-users@tis.com".  To get added to the list send a message to
   "tismoss-users-request@tis.com".

   There is an email list for implementors and discussions of the MOSS
   specifications called "pem-dev@tis.com".  This list originated with
   the PEM protocol, from which MOSS is derived.  To get added to the
   list send a message to "pem-dev-request@tis.com".

13
Q: What about certificates?

A: TIS/MOSS supports the use of X.509 certificates including creation,
   validation, certificate revocation lists, distribution, and
   destruction.  Users may embody their public key in a certificate and
   may participate in the Internet certification hierarchy or some other
   private hierarchy.  TIS/MOSS neither requires nor enforces any
   certification hierarchy policy.

14
Q: What is the Internet Certification hierarchy?

A: The Internet Certification hierarchy is defined by RFC1422.  It is a
   tree structured hierarchy of certificates with a single, global root
   called the Internet PCA Registration Authority (IPRA).  The IPRA
   issues certificates to Policy Certification Authorities (PCAs) who
   issue certificates to Certification Authorities (CAs) who may issue
   certificates to users or subordinate CAs.  Identities are based on
   distinguished names and there are restrictions on their form and
   content.

   For more information on becoming a PCA see the IPRA WWW page at:

	http://bs.mit.edu:8001/ipra.html

   or contact the IPRA at:

	ipra-info@isoc.org

15
Q: What if I have questions about or problems with TIS/MOSS?

A: Send them to "tismoss-support@tis.com".

Trusted Information Systems, Inc. (TIS) is pleased to provide TIS/MOSS, a
reference implementation of MIME Object Security Services (MOSS).
TIS/MOSS is a security toolkit that provides digital signature and
encryption services for MIME objects.  TIS/MOSS includes the "glue"
necessary for integration with Version 6.8.3 of the Rand MH Message
Handling System, in addition to generic Bourne shell scripts that make it
possible to use it with email user agents supporting UNIX shell escapes.

In order to foster acceptance of MOSS and provide the community with a
usable, working version of this technology, TIS/MOSS is being made
available for broad use on the following basis.

TIS/MOSS is distributed in source code form, with all modules written in
the C programming language.  It runs on many UNIX derived platforms.  It
includes a DOS compilation directive that facilitates its port to
DOS/WINDOWS.

TIS/MOSS requires RSAREF, a cryptographic toolkit distributed by RSA Data
Security, Inc. (RSADSI).  TIS/MOSS makes use of undocumented features of
RSAREF.  RSADSI has given permission for users of TIS/MOSS to use these
features, subject to the terms and conditions of both the TIS/MOSS and
RSAREF licenses, as distributed with each software package.

TIS/MOSS now supports the FORTEZZA cryptographic PCMCIA card and algorithm
suite, using either the Litronic or SPYRUS drivers.

TIS/MOSS is a product of Trusted Information Systems, Inc.  It may be used
by organizations and users for exchanging MOSS email messages, subject to
the terms and conditions of its license.  Enclosed below is the TIS/MOSS
Frequently Asked Questions, which includes instructions on how to retrieve
the software.

TIS/MOSS is export controlled by the U.S. Government.  As a result it is
only available to U.S. and Canadian sites and individuals.  Please see
the FAQ (enclosed below) for more information.


		  TIS/MOSS Frequently Asked Questions
		      Last Updated 28 August 1996
	 Send questions and comments to tismoss-support@tis.com

Questions answered:

   0) What is TIS/MOSS?
   1) What is MIME Object Security Services (MOSS)?
   2) What is MIME?
   3) How does MOSS compare to PEM, PGP, and S/MIME?
   4) Where are MIME, MOSS, PEM, PGP, and S/MIME defined?
   5) Are there implementations of MOSS available?
   6) How do I get TIS/MOSS?
   7) Why is TIS/MOSS only available in the US and Canada?
   8) Are special privileges (e.g., root access) required to install
      TIS/MOSS?
+  9) What cryptographic algorithm suites are supported by TIS/MOSS?
  10) What about integrating TIS/MOSS into email user agents?
  11) What about DOS and other non-UNIX platforms?
  12) Is there a forum for MOSS users and developers?
  13) What about certificates?
* 14) What is the Internet Certification hierarchy?
  15) What if I have questions or problems with TIS/MOSS?

 * means that this entry has been recently updated.
 + means that this entry has been added recently.


0
Q: What is TIS/MOSS?

A: Trusted Information Systems' implementation of MIME Object Security
   Services (MOSS).  It is a security toolkit that provides digital
   signature and encryption services for MIME objects.

1
Q: What is MIME Object Security Services (MOSS)?

A: MOSS is a Privacy Enhanced Mail (PEM) derivative that is a Proposed
   Internet Standard (RFC 1847 & RFC 1848) for adding security
   services to Multi-purpose Internet Mail Extensions (MIME).  It uses
   the cryptographic techniques of digital signature and encryption to
   provide origin authentication, integrity, and confidentiality to
   MIME objects.  Users of MOSS can know who originated a message,
   that the message has not been changed en route, and that the message
   was kept secret from everyone except the intended recipients.

   MOSS depends on the existence of public/private key pairs to
   support its security services.  Users must exchange public keys
   with those other users with whom they wish to exchange MOSS email.
   This may be accomplished manually, via mechanisms available in the
   protocol, via X.509 certificates, or any other suitable mechanism.

2
Q: What is MIME?

A: MIME is an Internet Standard (RFC 1521) that defines the format of
   email message bodies to allow multi-part textual and non-textual
   message bodies to be represented and exchanged without loss of
   information.  MIME does for message bodies what RFC822 does for
   message headers.

3
Q: How does MOSS compare to PEM, PGP, and S/MIME?

   PEM provides digital signature and encryption services to text-based
   electronic mail.  It depends on X.509 certificates that are issued
   within the Internet certification hierarchy.  PEM is a standard in
   the Internet.

   PGP can provide the same services.  It is not integrated with MIME
   (although MIME can carry a PGP object) so the interpretation of the
   protected content is necessarily user controlled.  PGP depends on
   public/private key pairs and does not support X.509 certificates.
   PGP is not a standard.

   S/MIME provides the same services.  It is not integrated with MIME
   although it is intended to be carried by MIME.  S/MIME is an RSADSI
   standard.

   MOSS is a PEM derivative.  It integrates the security services of PEM
   and the user friendly functions of PGP with MIME, taking advantage of
   the extensive structuring and formatting facilities of MIME.  MOSS is
   a standard in the Internet.

4
Q: Where are MIME, MOSS, PEM, PGP, and S/MIME defined?

A: MIME, MOSS, and PEM are Internet standards and are published as RFCS.
   RFCs may be found in your favorite RFC repository.  Details on
   obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL
   message to "rfc-info@ISI.EDU" with the message body "help:
   ways_to_get_rfcs".  For example:

        To: rfc-info@ISI.EDU
        Subject: getting rfcs

        help: ways_to_get_rfcs

   Copies of the MOSS-related RFCs are available via anonymous ftp
   from ftp.tis.com in the /pub/MOSS/doc directory.

   PGP is defined by the document distributed with the software.

   S/MIME is defined in the PKCS series of RSADSI standards.  They may
   be obtained on the host "ftp.rsa.com" via anonymous FTP.

5
Q: Are there implementations of MOSS available?

A: Yes, Trusted Information Systems (TIS), under ARPA sponsorship, has
   released a reference implementation of MOSS (TIS/MOSS) to the
   Internet community.

   TIS/MOSS is a UNIX-based implementation that is easily integrated
   with email user agents.  TIS/MOSS includes the "glue" necessary for
   integration with Version 6.8.3 of the Rand MH Message Handling
   System.  In addition, it includes generic Bourne shell scripts that
   make it possible to use it with email user agents supporting UNIX
   shell escapes.

   The source code is openly available in the United States and Canada
   for non-commercial use.  The current version of TIS/MOSS is 7.2.

   Vendors interested in including TIS/MOSS in their products or
   integrating it with their services should contact Trusted Information
   Systems about licensing Trusted Mail (tm) by sending email to
   tismoss-support@tis.com.

6
Q: How do I get TIS/MOSS?

A: TIS/MOSS is available via anonymous ftp in the United States and
   Canada to US and Canadian citizens and people with a US "green
   card."  To retrieve TIS/MOSS please FTP to

     host:   ftp.tis.com
     login:  anonymous

   and retrieve the files

     pub/MOSS/README
     pub/MOSS/LICENSE
     pub/MOSS/BUGS

   The README file contains further instructions.  

7
Q: Why is TIS/MOSS only available in the US and Canada?

A: The export from the United States of the cryptography used in
   TIS/MOSS is controlled by the United States government.

8
Q: Are special privileges (e.g., root access) required to install TIS/MOSS?

A: No.

9
Q: What cryptographic algorithm suites are supported by TIS/MOSS?

A: Two algorithm suites are currently supported by TIS/MOSS.  The first
   is the suite that uses either MD2 or MD5 for hashing, uses RSA for
   signature and key exchange, and uses DES for encryption.  The second
   is the suite of algorithms supported by the FORTEZZA cryptographic
   PC card.  In the FORTEZZA suite, SHA-1 is used for hashing, DSA for
   signature, KEA for key exchange, and Skipjack-CBC for encryption.
   The Internet Draft entitled "Privacy Enhancement for Internet
   Electronic Mail: Part IIIB: Algorithms, Modes, and Identifiers for
   FORTEZZA Cryptography" describes the integration of FORTEZZA with MOSS. 

10
Q: What about integrating TIS/MOSS into email user agents?

A: TIS/MOSS includes "glue", in the form of shell scripts, to integrate
   it with the Rand MH Message Handling System version 6.8.3.  It also
   includes generic scripts that make the services accessible to any
   UNIX application that supports shell escapes.  If you integrate
   TIS/MOSS with a popular email user agent, we would be happy to make
   it available to others.

11
Q: What about DOS and other non-UNIX platforms?

A: TIS/MOSS has been ported to DOS and includes a DOS compiler option
   that may be set to facilitate its installation in DOS environments.
   It has also been ported to Macintosh although it does not yet include
   a MAC compiler option.  If you port TIS/MOSS to other platforms, we
   would be happy to make the changes available to others.

12
Q: Is there a forum for MOSS users and developers?

A: Yes, there is an email list for users of TIS/MOSS called
   "tismoss-users@tis.com".  To get added to the list send a message to
   "tismoss-users-request@tis.com".

   There is an email list for implementors and discussions of the MOSS
   specifications called "pem-dev@tis.com".  This list originated with
   the PEM protocol, from which MOSS is derived.  To get added to the
   list send a message to "pem-dev-request@tis.com".

13
Q: What about certificates?

A: TIS/MOSS supports the use of X.509 certificates including creation,
   validation, certificate revocation lists, distribution, and
   destruction.  Users may embody their public key in a certificate and
   may participate in the Internet certification hierarchy or some other
   private hierarchy.  TIS/MOSS neither requires nor enforces any
   certification hierarchy policy.

14
Q: What is the Internet Certification hierarchy?

A: The Internet Certification hierarchy is defined by RFC1422.  It is a
   tree structured hierarchy of certificates with a single, global root
   called the Internet PCA Registration Authority (IPRA).  The IPRA
   issues certificates to Policy Certification Authorities (PCAs) who
   issue certificates to Certification Authorities (CAs) who may issue
   certificates to users or subordinate CAs.  Identities are based on
   distinguished names and there are restrictions on their form and
   content.

   For more information on becoming a PCA see the IPRA WWW page at:

	http://bs.mit.edu:8001/ipra.html

   or contact the IPRA at:

	ipra-info@isoc.org

15
Q: What if I have questions about or problems with TIS/MOSS?

A: Send them to "tismoss-support@tis.com".