RFC 4630 on Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
rfc-editor@rfc-editor.org Thu, 31 August 2006 18:59 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GIrlV-0001CJ-Jj for pkix-archive@lists.ietf.org; Thu, 31 Aug 2006 14:59:49 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GIrlU-0002hb-79 for pkix-archive@lists.ietf.org; Thu, 31 Aug 2006 14:59:49 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VI3h4h063849; Thu, 31 Aug 2006 11:03:43 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7VI3hUM063848; Thu, 31 Aug 2006 11:03:43 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from nit.isi.edu (nit.isi.edu [128.9.160.116]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VI3ehV063836 for <ietf-pkix@imc.org>; Thu, 31 Aug 2006 11:03:42 -0700 (MST) (envelope-from apache@nit.isi.edu)
Received: from nit.isi.edu (loopback [127.0.0.1]) by nit.isi.edu (8.12.11.20060308/8.12.11) with ESMTP id k7VI3crA019485; Thu, 31 Aug 2006 11:03:38 -0700
Received: (from apache@localhost) by nit.isi.edu (8.12.11.20060308/8.12.11/Submit) id k7VI3cWj019484; Thu, 31 Aug 2006 11:03:38 -0700
Date: Thu, 31 Aug 2006 11:03:38 -0700
Message-Id: <200608311803.k7VI3cWj019484@nit.isi.edu>
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
Subject: RFC 4630 on Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, ietf-pkix@imc.org
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 00e94c813bef7832af255170dca19e36
A new Request for Comments is now available in online RFC libraries.
RFC 4630
Title: Update to DirectoryString Processing in
the Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL)
Profile
Author: R. Housley, S. Santesson
Status: Standards Track
Date: August 2006
Mailbox: housley@vigilsec.com,
stefans@microsoft.com
Pages: 6
Characters: 12539
Updates: RFC3280
See-Also:
I-D Tag: draft-ietf-pkix-cert-utf8-03.txt
URL: http://www.rfc-editor.org/rfc/rfc4630.txt
This document updates the handling of DirectoryString in the Internet
X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile, which is published in RFC 3280. The
use of UTF8String and PrintableString are the preferred encoding.
The requirement for exclusive use of UTF8String after December 31,
2003 is removed. [STANDARDS TRACK]
This document is a product of the Public-Key Infrastructure (X.509)
Working Group of the IETF.
This is now a Proposed Standard Protocol.
STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and
suggestions for improvements.Please refer to the current edition of the
Internet Official Protocol Standards (STD 1) for the standardization
state and status of this protocol. Distribution of this memo is
unlimited.
This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@IETF.ORG. Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.
Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body
help: ways_to_get_rfcs. For example:
To: rfc-info@RFC-EDITOR.ORG
Subject: getting rfcs
help: ways_to_get_rfcs
Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC
Authors, for further information.
Joyce K. Reynolds and Sandy Ginoza
USC/Information Sciences Institute
...
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VI3h4h063849; Thu, 31 Aug 2006 11:03:43 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7VI3hUM063848; Thu, 31 Aug 2006 11:03:43 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from nit.isi.edu (nit.isi.edu [128.9.160.116]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VI3ehV063836 for <ietf-pkix@imc.org>; Thu, 31 Aug 2006 11:03:42 -0700 (MST) (envelope-from apache@nit.isi.edu)
Received: from nit.isi.edu (loopback [127.0.0.1]) by nit.isi.edu (8.12.11.20060308/8.12.11) with ESMTP id k7VI3crA019485; Thu, 31 Aug 2006 11:03:38 -0700
Received: (from apache@localhost) by nit.isi.edu (8.12.11.20060308/8.12.11/Submit) id k7VI3cWj019484; Thu, 31 Aug 2006 11:03:38 -0700
Date: Thu, 31 Aug 2006 11:03:38 -0700
Message-Id: <200608311803.k7VI3cWj019484@nit.isi.edu>
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
Subject: RFC 4630 on Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, ietf-pkix@imc.org
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
A new Request for Comments is now available in online RFC libraries.
RFC 4630
Title: Update to DirectoryString Processing in
the Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL)
Profile
Author: R. Housley, S. Santesson
Status: Standards Track
Date: August 2006
Mailbox: housley@vigilsec.com,
stefans@microsoft.com
Pages: 6
Characters: 12539
Updates: RFC3280
See-Also:
I-D Tag: draft-ietf-pkix-cert-utf8-03.txt
URL: http://www.rfc-editor.org/rfc/rfc4630.txt
This document updates the handling of DirectoryString in the Internet
X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile, which is published in RFC 3280. The
use of UTF8String and PrintableString are the preferred encoding.
The requirement for exclusive use of UTF8String after December 31,
2003 is removed. [STANDARDS TRACK]
This document is a product of the Public-Key Infrastructure (X.509)
Working Group of the IETF.
This is now a Proposed Standard Protocol.
STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and
suggestions for improvements.Please refer to the current edition of the
Internet Official Protocol Standards (STD 1) for the standardization
state and status of this protocol. Distribution of this memo is
unlimited.
This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@IETF.ORG. Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.
Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body
help: ways_to_get_rfcs. For example:
To: rfc-info@RFC-EDITOR.ORG
Subject: getting rfcs
help: ways_to_get_rfcs
Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC
Authors, for further information.
Joyce K. Reynolds and Sandy Ginoza
USC/Information Sciences Institute
...
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VGqvqY052823; Thu, 31 Aug 2006 09:52:57 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7VGqvSm052822; Thu, 31 Aug 2006 09:52:57 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ns0.gdgsc.com (ns0.GDGSC.Com [192.160.62.68]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VGqn91052784 for <ietf-pkix@imc.org>; Thu, 31 Aug 2006 09:52:56 -0700 (MST) (envelope-from Richard.Waterhouse@gdc4s.com)
Received: from NDHMC4SXCH.gdc4s.com (ndhmc4sxch02.gdc4s.com [155.95.153.220]) by newman.gdgsc.com (PMDF V6.2 #31127) with ESMTP id <0J4V00FNSG7SYQ@newman.gdgsc.com> for ietf-pkix@imc.org; Thu, 31 Aug 2006 12:52:40 -0400 (EDT)
Date: Thu, 31 Aug 2006 12:52:38 -0400
From: "Waterhouse, Richard" <Richard.Waterhouse@gdc4s.com>
Subject: RE: Elliptic Curve Cryptography with PKIX
In-reply-to: <7.0.0.16.2.20060831104558.03e96c18@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>, Robert Zuccherato <robert.zuccherato@entrust.com>
Cc: Daniel Brown <DBrown@certicom.com>, ietf-pkix@imc.org
Message-id: <A2623CC24E923044ACE17E5B02674FD006A13A30@NDHMC4SXCH.gdc4s.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft Exchange V6.5
Content-type: multipart/alternative; boundary="----_=_NextPart_001_01C6CD1D.DE49D9E3"
Thread-Topic: Elliptic Curve Cryptography with PKIX
Thread-Index: AcbNEcqvaho5xnKDQIuSTR4P611ClAACydUg
Content-class: urn:content-classes:message
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------_=_NextPart_001_01C6CD1D.DE49D9E3
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I liked the approach Mr Brown was proposing some time back though I =
don't know where it stands today. I need to, for example, restrict a key =
to be used with ECMQV. (I also need to, for example, inform the other =
end that the key is based on the NIST p384 curve.)
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org =
[mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Russ Housley
Sent: Thursday, August 31, 2006 10:48 AM
To: Robert Zuccherato
Cc: 'Daniel Brown'; ietf-pkix@imc.org
Subject: RE: Elliptic Curve Cryptography with PKIX
My opinion has not changed. I believe that we need to follow the =
precedent set by RFC 4055.
In my opinion, this situation is a result of the ANSI X9 process not =
allowing public review of their draft documents. However, I do not =
expect this policy to change.
Russ
At 10:24 AM 8/31/2006, Robert Zuccherato wrote:
It's been more than a few months now since Russ posted this message and =
I haven't seen any further discussion on the topic. As I said back in =
April, my preference would be for PKIX to use the AlgorithmIdentifier in =
the already approved X9.62 standard, since I don't think it is helpful =
to have more than one AlgorithmIdentifier defined.
However, whatever we decide to do, I think that we should resolve the =
issue and advance the draft as quickly as possible. Developers of ECC =
applications need to know which AlgorithmIdentifier to use. =20
Does anyone else have any opinions on this topic? When can we hope to =
see a new ID?=20
Robert Zuccherato.=20
> -----Original Message-----=20
> From: owner-ietf-pkix@mail.imc.org=20
> [ <mailto:owner-ietf-pkix@mail.imc.org> =
mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Russ Housley=20
> Sent: May 3, 2006 3:01 PM=20
> To: ietf-pkix@imc.org=20
> Subject: RE: Elliptic Curve Cryptography with PKIX=20
>=20
>=20
>=20
> RFC 3280 does not provide as much guidance as I would like. Section=20
> 4.1.2.7 says the following about the Subject Public Key Info field:=20
>=20
> This field is used to carry the public key and identify=20
> the algorithm=20
> with which the key is used (e.g., RSA, DSA, or=20
> Diffie-Hellman). The=20
> algorithm is identified using the AlgorithmIdentifier structure=20
> specified in section 4.1.1.2. The object identifiers for the=20
> supported algorithms and the methods for encoding the public key=20
> materials (public key and parameters) are specified in [PKIXALGS]. =
>=20
> Section 4.1.1.2 includes these words:=20
>=20
> The algorithm identifier is used to identify a cryptographic=20
> algorithm. The OBJECT IDENTIFIER component identifies=20
> the algorithm=20
> (such as DSA with SHA-1). The contents of the optional parameters =
> field will vary according to the algorithm identified.=20
>=20
> It does not really provide much guidance to developers of=20
> AlgorithmIdentifiers.=20
>=20
> I characterize the X9.62 approach as using the OBJECT IDENTIFIER to=20
> name a class of elliptic curve algorithms, and then using a portion=20
> of the parameters to list the members of that class that are=20
> acceptable for the subject public key.=20
>=20
> I am very interested to know how this fits with real implementations.=20
>=20
> My suspicion is that implementation that support key agreement are=20
> used to looking into the parameter to determine if the public key is=20
> a member of the same group. This is needed for static-static=20
> Diffie-Hellman (in discrete log or elliptic curve). This is also=20
> needed for MQV (and KEA, if anyone cares anymore).=20
>=20
> My suspicion is that digital signature validation does not anticipate=20
> constraints in the public key algorithm parameters. An underlying=20
> crypto routine may need the parameters, but the signature is not=20
> going to fail because of a constraint in the parameters, which could=20
> happen in this proposed syntax.=20
>=20
> I would greatly appreciate some insight from implementors.=20
>=20
> Russ=20
>=20
------_=_NextPart_001_01C6CD1D.DE49D9E3
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1555" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN =
class=3D005034616-31082006>I=20
liked the approach Mr Brown was proposing some time back though I =
don't=20
know where it stands today. I need to, for example, restrict a key to be =
used=20
with ECMQV. (I also need to, for example, inform the other end that the =
key=20
is based on the NIST p384 curve.)</SPAN></FONT></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> =
owner-ietf-pkix@mail.imc.org=20
[mailto:owner-ietf-pkix@mail.imc.org]<B>On Behalf Of </B>Russ=20
Housley<BR><B>Sent:</B> Thursday, August 31, 2006 10:48 =
AM<BR><B>To:</B>=20
Robert Zuccherato<BR><B>Cc:</B> 'Daniel Brown';=20
ietf-pkix@imc.org<BR><B>Subject:</B> RE: Elliptic Curve Cryptography =
with=20
PKIX<BR><BR></FONT></DIV>My opinion has not changed. I believe =
that we=20
need to follow the precedent set by RFC 4055.<BR><BR>In my opinion, =
this=20
situation is a result of the ANSI X9 process not allowing public =
review of=20
their draft documents. However, I do not expect this policy to=20
change.<BR><BR>Russ<BR><BR>At 10:24 AM 8/31/2006, Robert Zuccherato=20
wrote:<BR><BR>
<BLOCKQUOTE class=3Dcite cite=3D"" type=3D"cite"><FONT size=3D2>It's =
been more than=20
a few months now since Russ posted this message and I haven't seen =
any=20
further discussion on the topic. As I said back in April, my=20
preference would be for PKIX to use the AlgorithmIdentifier in the =
already=20
approved X9.62 standard, since I don't think it is helpful to have =
more than=20
one AlgorithmIdentifier defined.<BR></FONT><BR><FONT =
size=3D2>However,=20
whatever we decide to do, I think that we should resolve the issue =
and=20
advance the draft as quickly as possible. Developers of ECC=20
applications need to know which AlgorithmIdentifier to use. =20
<BR></FONT><BR><FONT size=3D2>Does anyone else have any opinions on =
this=20
topic? When can we hope to see a new ID?</FONT>=20
<BR><BR> <FONT =
size=3D2>Robert=20
Zuccherato.</FONT> <BR><BR><FONT size=3D2>> -----Original=20
Message-----</FONT> <BR><FONT size=3D2>> From: =
owner-ietf-pkix@mail.imc.org=20
</FONT><BR><FONT size=3D2>> [<A =
href=3D"mailto:owner-ietf-pkix@mail.imc.org">=20
mailto:owner-ietf-pkix@mail.imc.org</A>] On Behalf Of Russ =
Housley</FONT>=20
<BR><FONT size=3D2>> Sent: May 3, 2006 3:01 PM</FONT> <BR><FONT =
size=3D2>>=20
To: ietf-pkix@imc.org</FONT> <BR><FONT size=3D2>> Subject: RE: =
Elliptic=20
Curve Cryptography with PKIX</FONT> <BR><FONT size=3D2>> =
</FONT><BR><FONT=20
size=3D2>> </FONT><BR><FONT size=3D2>> </FONT><BR><FONT =
size=3D2>> RFC=20
3280 does not provide as much guidance as I would like. =
Section=20
</FONT><BR><FONT size=3D2>> 4.1.2.7 says the following about =
the =20
Subject Public Key Info field:</FONT> <BR><FONT size=3D2>> =
</FONT><BR><FONT=20
size=3D2>> This field is used to carry =
the public=20
key and identify </FONT><BR><FONT size=3D2>> the algorithm</FONT> =
<BR><FONT=20
size=3D2>> with which the key is used =
(e.g., RSA,=20
DSA, or </FONT><BR><FONT size=3D2>> Diffie-Hellman). =
The</FONT>=20
<BR><FONT size=3D2>> algorithm is =
identified using=20
the AlgorithmIdentifier structure</FONT> <BR><FONT=20
size=3D2>> specified in section =
4.1.1.2. The=20
object identifiers for the</FONT> <BR><FONT=20
size=3D2>> supported algorithms and the =
methods for=20
encoding the public key</FONT> <BR><FONT =
size=3D2>> =20
materials (public key and parameters) are specified in =
[PKIXALGS].</FONT>=20
<BR><FONT size=3D2>> </FONT><BR><FONT size=3D2>> Section =
4.1.1.2 includes=20
these words:</FONT> <BR><FONT size=3D2>> </FONT><BR><FONT=20
size=3D2>> The algorithm identifier is =
used to=20
identify a cryptographic</FONT> <BR><FONT=20
size=3D2>> algorithm. The OBJECT =
IDENTIFIER=20
component identifies </FONT><BR><FONT size=3D2>> the =
algorithm</FONT>=20
<BR><FONT size=3D2>> (such as DSA with=20
SHA-1). The contents of the optional parameters</FONT> =
<BR><FONT=20
size=3D2>> field will vary according to =
the=20
algorithm identified.</FONT> <BR><FONT size=3D2>> =
</FONT><BR><FONT=20
size=3D2>> It does not really provide much guidance to developers =
of=20
</FONT><BR><FONT size=3D2>> AlgorithmIdentifiers.</FONT> =
<BR><FONT=20
size=3D2>> </FONT><BR><FONT size=3D2>> I characterize the =
X9.62 approach=20
as using the OBJECT IDENTIFIER to </FONT><BR><FONT size=3D2>> =
name a class=20
of elliptic curve algorithms, and then using a portion =
</FONT><BR><FONT=20
size=3D2>> of the parameters to list the members of that class =
that are=20
</FONT><BR><FONT size=3D2>> acceptable for the subject public =
key.</FONT>=20
<BR><FONT size=3D2>> </FONT><BR><FONT size=3D2>> I am very =
interested to=20
know how this fits with real implementations.</FONT> <BR><FONT =
size=3D2>>=20
</FONT><BR><FONT size=3D2>> My suspicion is that implementation =
that=20
support key agreement are </FONT><BR><FONT size=3D2>> used to =
looking into=20
the parameter to determine if the public key is </FONT><BR><FONT =
size=3D2>>=20
a member of the same group. This is needed for static-static=20
</FONT><BR><FONT size=3D2>> Diffie-Hellman (in discrete log or =
elliptic=20
curve). This is also </FONT><BR><FONT size=3D2>> needed for =
MQV (and=20
KEA, if anyone cares anymore).</FONT> <BR><FONT size=3D2>> =
</FONT><BR><FONT=20
size=3D2>> My suspicion is that digital signature validation does =
not=20
anticipate </FONT><BR><FONT size=3D2>> constraints in the public =
key=20
algorithm parameters. An underlying </FONT><BR><FONT =
size=3D2>>=20
crypto routine may need the parameters, but the signature is not=20
</FONT><BR><FONT size=3D2>> going to fail because of a constraint =
in the=20
parameters, which could </FONT><BR><FONT size=3D2>> happen in =
this proposed=20
syntax.</FONT> <BR><FONT size=3D2>> </FONT><BR><FONT =
size=3D2>> I would=20
greatly appreciate some insight from implementors.</FONT> <BR><FONT=20
size=3D2>> </FONT><BR><FONT size=3D2>> Russ</FONT> <BR><FONT =
size=3D2>>=20
</FONT></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C6CD1D.DE49D9E3--
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VGb045050143; Thu, 31 Aug 2006 09:37:00 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7VGb0Uw050142; Thu, 31 Aug 2006 09:37:00 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [66.150.120.2]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7VGaxZH050129 for <ietf-pkix@imc.org>; Thu, 31 Aug 2006 09:36:59 -0700 (MST) (envelope-from housley@vigilsec.com)
Received: (qmail 17953 invoked by uid 0); 31 Aug 2006 16:36:54 -0000
Received: from unknown (HELO THINKPADR52.vigilsec.com) (72.83.235.104) by woodstock.binhost.com with SMTP; 31 Aug 2006 16:36:54 -0000
Message-Id: <7.0.0.16.2.20060831123401.07871730@vigilsec.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.0.16
Date: Thu, 31 Aug 2006 12:36:34 -0400
To: ietf-pkix@imc.org
From: Russ Housley <housley@vigilsec.com>
Subject: RE: Elliptic Curve Cryptography with PKIX
In-Reply-To: <OF318DC83C.C4D7AAEE-ON852571DB.005808BD-852571DB.005928DB@ certicom.com>
References: <7.0.0.16.2.20060831104558.03e96c18@vigilsec.com> <OF318DC83C.C4D7AAEE-ON852571DB.005808BD-852571DB.005928DB@certicom.com>
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
<html>
<body>
So, let's find out. Can developers of software that validates
certificates and digital signatures tell us how the proposed parameter
syntax would impact their code?<br><br>
Russ<br><br>
<br>
At 12:09 PM 8/31/2006, Daniel Brown wrote:<br>
<blockquote type=cite class=cite cite=""><font size=2>Russ,</font>
<br><br>
<font size=2>The X9.62 syntax follows the precedent set by 4055, in the
sense that it identifies the algorithm for which the public key is to be
used in the subject public key info field.</font> <br><br>
<font size=2>Section 3.3 of RFC 4055, item 3 in the list, clearly states
that an signature validation implementation MUST check the parameters
field of the subject public key info field algorithm identitifer when
validating a signature, i.e. to see if it conforms used the correct hash,
salt size specified in the cert. This seems to contradict you final
paragraph (copied below).</font> <br><br>
<font size=2>Dan Brown<br>
(905) 501-3857<br>
<a href="http://www.certicom.com/" eudora="autourl">
http://www.certicom.com</a></font> <br><br>
<tt><font face="Courier New, Courier" size=2>owner-ietf-pkix@mail.imc.org
wrote on 08/31/2006 10:47:41 AM:<br><br>
> My opinion has not changed. I believe that we need to follow
the <br>
> precedent set by RFC 4055.<br>
> <br>
> In my opinion, this situation is a result of the ANSI X9 process
not<br>
> allowing public review of their draft documents. However, I do
not <br>
> expect this policy to change.<br>
> <br>
> Russ<br>
</font></tt><br>
<tt><font face="Courier New, Courier" size=2>> ...</font></tt>
<br><br>
<tt><font face="Courier New, Courier" size=2>> > <br>
> > My suspicion is that digital signature validation does not
anticipate <br>
> > constraints in the public key algorithm parameters. An
underlying <br>
> > crypto routine may need the parameters, but the signature is
not <br>
> > going to fail because of a constraint in the parameters, which
could <br>
> > happen in this proposed syntax. <br>
> > <br>
</font></tt><br>
</blockquote></body>
</html>
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VGAVRS044863; Thu, 31 Aug 2006 09:10:31 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7VGAVMp044862; Thu, 31 Aug 2006 09:10:31 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail.ca.certicom.com (nat194.certicom.com [66.48.18.194]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VGAQoj044832 for <ietf-pkix@imc.org>; Thu, 31 Aug 2006 09:10:30 -0700 (MST) (envelope-from DBrown@certicom.com)
Received: from spamfilter.certicom.com (localhost.localdomain [127.0.0.1]) by mail.ca.certicom.com (Postfix) with ESMTP id CF40F100233CF; Thu, 31 Aug 2006 12:10:20 -0400 (EDT)
Received: from mail.ca.certicom.com ([127.0.0.1]) by spamfilter.certicom.com (storm [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14727-77; Thu, 31 Aug 2006 12:10:15 -0400 (EDT)
Received: from certicom1.certicom.com (domino1.certicom.com [10.0.1.24]) by mail.ca.certicom.com (Postfix) with ESMTP id 223601006B06B; Thu, 31 Aug 2006 12:10:15 -0400 (EDT)
In-Reply-To: <7.0.0.16.2.20060831104558.03e96c18@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>
Cc: ietf-pkix@imc.org, Robert Zuccherato <robert.zuccherato@entrust.com>
Subject: RE: Elliptic Curve Cryptography with PKIX
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.5 November 30, 2005
Message-ID: <OF318DC83C.C4D7AAEE-ON852571DB.005808BD-852571DB.005928DB@certicom.com>
From: Daniel Brown <DBrown@certicom.com>
Date: Thu, 31 Aug 2006 12:09:15 -0400
X-MIMETrack: Serialize by Router on Certicom1/Certicom(Release 6.5.4|March 27, 2005) at 08/31/2006 12:09:10 PM, Serialize complete at 08/31/2006 12:09:10 PM
Content-Type: multipart/alternative; boundary="=_alternative 005928D8852571DB_="
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multipart message in MIME format.
--=_alternative 005928D8852571DB_=
Content-Type: text/plain; charset="US-ASCII"
Russ,
The X9.62 syntax follows the precedent set by 4055, in the sense that it
identifies the algorithm for which the public key is to be used in the
subject public key info field.
Section 3.3 of RFC 4055, item 3 in the list, clearly states that an
signature validation implementation MUST check the parameters field of the
subject public key info field algorithm identitifer when validating a
signature, i.e. to see if it conforms used the correct hash, salt size
specified in the cert. This seems to contradict you final paragraph
(copied below).
Dan Brown
(905) 501-3857
http://www.certicom.com
owner-ietf-pkix@mail.imc.org wrote on 08/31/2006 10:47:41 AM:
> My opinion has not changed. I believe that we need to follow the
> precedent set by RFC 4055.
>
> In my opinion, this situation is a result of the ANSI X9 process not
> allowing public review of their draft documents. However, I do not
> expect this policy to change.
>
> Russ
> ...
> >
> > My suspicion is that digital signature validation does not anticipate
> > constraints in the public key algorithm parameters. An underlying
> > crypto routine may need the parameters, but the signature is not
> > going to fail because of a constraint in the parameters, which could
> > happen in this proposed syntax.
> >
--=_alternative 005928D8852571DB_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">Russ,</font>
<br>
<br><font size=2 face="sans-serif">The X9.62 syntax follows the precedent
set by 4055, in the sense that it identifies the algorithm for which the
public key is to be used in the subject public key info field.</font>
<br>
<br><font size=2 face="sans-serif">Section 3.3 of RFC 4055, item 3 in the
list, clearly states that an signature validation implementation MUST check
the parameters field of the subject public key info field algorithm identitifer
when validating a signature, i.e. to see if it conforms used the correct
hash, salt size specified in the cert. This seems to contradict you
final paragraph (copied below).</font>
<br>
<br><font size=2 face="sans-serif">Dan Brown<br>
(905) 501-3857<br>
http://www.certicom.com</font>
<br>
<br><tt><font size=2>owner-ietf-pkix@mail.imc.org wrote on 08/31/2006 10:47:41
AM:<br>
<br>
> My opinion has not changed. I believe that we need to follow
the <br>
> precedent set by RFC 4055.<br>
> <br>
> In my opinion, this situation is a result of the ANSI X9 process not<br>
> allowing public review of their draft documents. However, I
do not <br>
> expect this policy to change.<br>
> <br>
> Russ<br>
</font></tt>
<br><tt><font size=2>> ...</font></tt>
<br>
<br><tt><font size=2>> > <br>
> > My suspicion is that digital signature validation does not anticipate
<br>
> > constraints in the public key algorithm parameters. An
underlying <br>
> > crypto routine may need the parameters, but the signature is
not <br>
> > going to fail because of a constraint in the parameters, which
could <br>
> > happen in this proposed syntax. <br>
> > <br>
</font></tt>
<br>
<br>
--=_alternative 005928D8852571DB_=--
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VElwAM033429; Thu, 31 Aug 2006 07:47:58 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7VElwAl033428; Thu, 31 Aug 2006 07:47:58 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [66.150.120.2]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7VElreG033414 for <ietf-pkix@imc.org>; Thu, 31 Aug 2006 07:47:57 -0700 (MST) (envelope-from housley@vigilsec.com)
Received: (qmail 16372 invoked by uid 0); 31 Aug 2006 14:47:49 -0000
Received: from unknown (HELO THINKPADR52.vigilsec.com) (72.83.235.104) by woodstock.binhost.com with SMTP; 31 Aug 2006 14:47:49 -0000
Message-Id: <7.0.0.16.2.20060831104558.03e96c18@vigilsec.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.0.16
Date: Thu, 31 Aug 2006 10:47:41 -0400
To: Robert Zuccherato <robert.zuccherato@entrust.com>
From: Russ Housley <housley@vigilsec.com>
Subject: RE: Elliptic Curve Cryptography with PKIX
Cc: "'Daniel Brown'" <DBrown@certicom.com>, ietf-pkix@imc.org
In-Reply-To: <7A3E1242FA9989439AD1F9B2D71C287F07F9CD14@sottmxs05.entrust .com>
References: <7A3E1242FA9989439AD1F9B2D71C287F07F9CD14@sottmxs05.entrust.com>
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
<html>
<body>
My opinion has not changed. I believe that we need to follow the
precedent set by RFC 4055.<br><br>
In my opinion, this situation is a result of the ANSI X9 process not
allowing public review of their draft documents. However, I do not
expect this policy to change.<br><br>
Russ<br><br>
At 10:24 AM 8/31/2006, Robert Zuccherato wrote:<br><br>
<blockquote type=cite class=cite cite=""><font size=2>It's been more than
a few months now since Russ posted this message and I haven't seen any
further discussion on the topic. As I said back in April, my
preference would be for PKIX to use the AlgorithmIdentifier in the
already approved X9.62 standard, since I don't think it is helpful to
have more than one AlgorithmIdentifier defined.<br>
</font><br>
<font size=2>However, whatever we decide to do, I think that we should
resolve the issue and advance the draft as quickly as possible.
Developers of ECC applications need to know which AlgorithmIdentifier to
use. <br>
</font><br>
<font size=2>Does anyone else have any opinions on this topic? When
can we hope to see a new ID?</font> <br><br>
<font size=2>Robert
Zuccherato.</font> <br><br>
<font size=2>> -----Original Message-----</font> <br>
<font size=2>> From: owner-ietf-pkix@mail.imc.org </font><br>
<font size=2>>
[<a href="mailto:owner-ietf-pkix@mail.imc.org">
mailto:owner-ietf-pkix@mail.imc.org</a>] On Behalf Of Russ Housley</font>
<br>
<font size=2>> Sent: May 3, 2006 3:01 PM</font> <br>
<font size=2>> To: ietf-pkix@imc.org</font> <br>
<font size=2>> Subject: RE: Elliptic Curve Cryptography with
PKIX</font> <br>
<font size=2>> </font><br>
<font size=2>> </font><br>
<font size=2>> </font><br>
<font size=2>> RFC 3280 does not provide as much guidance as I would
like. Section </font><br>
<font size=2>> 4.1.2.7 says the following about the Subject
Public Key Info field:</font> <br>
<font size=2>> </font><br>
<font size=2>> This field is used to carry the
public key and identify </font><br>
<font size=2>> the algorithm</font> <br>
<font size=2>> with which the key is used
(e.g., RSA, DSA, or </font><br>
<font size=2>> Diffie-Hellman). The</font> <br>
<font size=2>> algorithm is identified using
the AlgorithmIdentifier structure</font> <br>
<font size=2>> specified in section
4.1.1.2. The object identifiers for the</font> <br>
<font size=2>> supported algorithms and the
methods for encoding the public key</font> <br>
<font size=2>> materials (public key and
parameters) are specified in [PKIXALGS].</font> <br>
<font size=2>> </font><br>
<font size=2>> Section 4.1.1.2 includes these words:</font> <br>
<font size=2>> </font><br>
<font size=2>> The algorithm identifier is
used to identify a cryptographic</font> <br>
<font size=2>> algorithm. The OBJECT
IDENTIFIER component identifies </font><br>
<font size=2>> the algorithm</font> <br>
<font size=2>> (such as DSA with SHA-1).
The contents of the optional parameters</font> <br>
<font size=2>> field will vary according to
the algorithm identified.</font> <br>
<font size=2>> </font><br>
<font size=2>> It does not really provide much guidance to developers
of </font><br>
<font size=2>> AlgorithmIdentifiers.</font> <br>
<font size=2>> </font><br>
<font size=2>> I characterize the X9.62 approach as using the OBJECT
IDENTIFIER to </font><br>
<font size=2>> name a class of elliptic curve algorithms, and then
using a portion </font><br>
<font size=2>> of the parameters to list the members of that class
that are </font><br>
<font size=2>> acceptable for the subject public key.</font> <br>
<font size=2>> </font><br>
<font size=2>> I am very interested to know how this fits with real
implementations.</font> <br>
<font size=2>> </font><br>
<font size=2>> My suspicion is that implementation that support key
agreement are </font><br>
<font size=2>> used to looking into the parameter to determine if the
public key is </font><br>
<font size=2>> a member of the same group. This is needed for
static-static </font><br>
<font size=2>> Diffie-Hellman (in discrete log or elliptic
curve). This is also </font><br>
<font size=2>> needed for MQV (and KEA, if anyone cares
anymore).</font> <br>
<font size=2>> </font><br>
<font size=2>> My suspicion is that digital signature validation does
not anticipate </font><br>
<font size=2>> constraints in the public key algorithm
parameters. An underlying </font><br>
<font size=2>> crypto routine may need the parameters, but the
signature is not </font><br>
<font size=2>> going to fail because of a constraint in the
parameters, which could </font><br>
<font size=2>> happen in this proposed syntax.</font> <br>
<font size=2>> </font><br>
<font size=2>> I would greatly appreciate some insight from
implementors.</font> <br>
<font size=2>> </font><br>
<font size=2>> Russ</font> <br>
<font size=2>> </font></blockquote></body>
</html>
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7VEOast029331; Thu, 31 Aug 2006 07:24:36 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7VEOa19029330; Thu, 31 Aug 2006 07:24:36 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from sottccs2.entrust.com (sottccs2.entrust.com [216.191.252.16]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7VEOYp6029307 for <ietf-pkix@imc.org>; Thu, 31 Aug 2006 07:24:35 -0700 (MST) (envelope-from robert.zuccherato@entrust.com)
Received: (qmail 30740 invoked from network); 31 Aug 2006 14:24:23 -0000
Received: from robert.zuccherato@entrust.com by sottccs2.entrust.com with EntrustECS-Server-8.0;31 Aug 2006 14:24:23 -0000
Received: from sottmxs00.entrust.com (10.4.61.22) by sottccs2.entrust.com with SMTP; 31 Aug 2006 14:24:23 -0000
Received: by sottmxs00.entrust.com with Internet Mail Service (5.5.2657.72) id <RJDZM19P>; Thu, 31 Aug 2006 10:24:25 -0400
Message-ID: <7A3E1242FA9989439AD1F9B2D71C287F07F9CD14@sottmxs05.entrust.com>
From: Robert Zuccherato <robert.zuccherato@entrust.com>
To: "'Russ Housley'" <housley@vigilsec.com>, ietf-pkix@imc.org
Cc: "'Daniel Brown'" <DBrown@certicom.com>
Subject: RE: Elliptic Curve Cryptography with PKIX
Date: Thu, 31 Aug 2006 10:24:25 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6CD09.28D2D066"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C6CD09.28D2D066
Content-Type: text/plain
It's been more than a few months now since Russ posted this message and I
haven't seen any further discussion on the topic. As I said back in April,
my preference would be for PKIX to use the AlgorithmIdentifier in the
already approved X9.62 standard, since I don't think it is helpful to have
more than one AlgorithmIdentifier defined.
However, whatever we decide to do, I think that we should resolve the issue
and advance the draft as quickly as possible. Developers of ECC
applications need to know which AlgorithmIdentifier to use.
Does anyone else have any opinions on this topic? When can we hope to see a
new ID?
Robert Zuccherato.
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Russ Housley
> Sent: May 3, 2006 3:01 PM
> To: ietf-pkix@imc.org
> Subject: RE: Elliptic Curve Cryptography with PKIX
>
>
>
> RFC 3280 does not provide as much guidance as I would like. Section
> 4.1.2.7 says the following about the Subject Public Key Info field:
>
> This field is used to carry the public key and identify
> the algorithm
> with which the key is used (e.g., RSA, DSA, or
> Diffie-Hellman). The
> algorithm is identified using the AlgorithmIdentifier structure
> specified in section 4.1.1.2. The object identifiers for the
> supported algorithms and the methods for encoding the public key
> materials (public key and parameters) are specified in [PKIXALGS].
>
> Section 4.1.1.2 includes these words:
>
> The algorithm identifier is used to identify a cryptographic
> algorithm. The OBJECT IDENTIFIER component identifies
> the algorithm
> (such as DSA with SHA-1). The contents of the optional parameters
> field will vary according to the algorithm identified.
>
> It does not really provide much guidance to developers of
> AlgorithmIdentifiers.
>
> I characterize the X9.62 approach as using the OBJECT IDENTIFIER to
> name a class of elliptic curve algorithms, and then using a portion
> of the parameters to list the members of that class that are
> acceptable for the subject public key.
>
> I am very interested to know how this fits with real implementations.
>
> My suspicion is that implementation that support key agreement are
> used to looking into the parameter to determine if the public key is
> a member of the same group. This is needed for static-static
> Diffie-Hellman (in discrete log or elliptic curve). This is also
> needed for MQV (and KEA, if anyone cares anymore).
>
> My suspicion is that digital signature validation does not anticipate
> constraints in the public key algorithm parameters. An underlying
> crypto routine may need the parameters, but the signature is not
> going to fail because of a constraint in the parameters, which could
> happen in this proposed syntax.
>
> I would greatly appreciate some insight from implementors.
>
> Russ
>
------_=_NextPart_001_01C6CD09.28D2D066
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2658.34">
<TITLE>RE: Elliptic Curve Cryptography with PKIX</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>It's been more than a few months now since Russ =
posted this message and I haven't seen any further discussion on the =
topic. As I said back in April, my preference would be for PKIX =
to use the AlgorithmIdentifier in the already approved X9.62 standard, =
since I don't think it is helpful to have more than one =
AlgorithmIdentifier defined.</FONT></P>
<P><FONT SIZE=3D2>However, whatever we decide to do, I think that we =
should resolve the issue and advance the draft as quickly as =
possible. Developers of ECC applications need to know which =
AlgorithmIdentifier to use. </FONT></P>
<P><FONT SIZE=3D2>Does anyone else have any opinions on this =
topic? When can we hope to see a new ID?</FONT>
</P>
<P> <FONT SIZE=3D2>Robert =
Zuccherato.</FONT>
</P>
<P><FONT SIZE=3D2>> -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> From: owner-ietf-pkix@mail.imc.org </FONT>
<BR><FONT SIZE=3D2>> [<A =
HREF=3D"mailto:owner-ietf-pkix@mail.imc.org">mailto:owner-ietf-pkix@mail=
.imc.org</A>] On Behalf Of Russ Housley</FONT>
<BR><FONT SIZE=3D2>> Sent: May 3, 2006 3:01 PM</FONT>
<BR><FONT SIZE=3D2>> To: ietf-pkix@imc.org</FONT>
<BR><FONT SIZE=3D2>> Subject: RE: Elliptic Curve Cryptography with =
PKIX</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> RFC 3280 does not provide as much guidance as I =
would like. Section </FONT>
<BR><FONT SIZE=3D2>> 4.1.2.7 says the following about the =
Subject Public Key Info field:</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> This field is used to =
carry the public key and identify </FONT>
<BR><FONT SIZE=3D2>> the algorithm</FONT>
<BR><FONT SIZE=3D2>> with which the key is =
used (e.g., RSA, DSA, or </FONT>
<BR><FONT SIZE=3D2>> Diffie-Hellman). The</FONT>
<BR><FONT SIZE=3D2>> algorithm is identified =
using the AlgorithmIdentifier structure</FONT>
<BR><FONT SIZE=3D2>> specified in section =
4.1.1.2. The object identifiers for the</FONT>
<BR><FONT SIZE=3D2>> supported algorithms =
and the methods for encoding the public key</FONT>
<BR><FONT SIZE=3D2>> materials (public key =
and parameters) are specified in [PKIXALGS].</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Section 4.1.1.2 includes these words:</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> The algorithm =
identifier is used to identify a cryptographic</FONT>
<BR><FONT SIZE=3D2>> algorithm. The =
OBJECT IDENTIFIER component identifies </FONT>
<BR><FONT SIZE=3D2>> the algorithm</FONT>
<BR><FONT SIZE=3D2>> (such as DSA with =
SHA-1). The contents of the optional parameters</FONT>
<BR><FONT SIZE=3D2>> field will vary =
according to the algorithm identified.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> It does not really provide much guidance to =
developers of </FONT>
<BR><FONT SIZE=3D2>> AlgorithmIdentifiers.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> I characterize the X9.62 approach as using the =
OBJECT IDENTIFIER to </FONT>
<BR><FONT SIZE=3D2>> name a class of elliptic curve algorithms, and =
then using a portion </FONT>
<BR><FONT SIZE=3D2>> of the parameters to list the members of that =
class that are </FONT>
<BR><FONT SIZE=3D2>> acceptable for the subject public key.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> I am very interested to know how this fits with =
real implementations.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> My suspicion is that implementation that =
support key agreement are </FONT>
<BR><FONT SIZE=3D2>> used to looking into the parameter to determine =
if the public key is </FONT>
<BR><FONT SIZE=3D2>> a member of the same group. This is =
needed for static-static </FONT>
<BR><FONT SIZE=3D2>> Diffie-Hellman (in discrete log or elliptic =
curve). This is also </FONT>
<BR><FONT SIZE=3D2>> needed for MQV (and KEA, if anyone cares =
anymore).</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> My suspicion is that digital signature =
validation does not anticipate </FONT>
<BR><FONT SIZE=3D2>> constraints in the public key algorithm =
parameters. An underlying </FONT>
<BR><FONT SIZE=3D2>> crypto routine may need the parameters, but the =
signature is not </FONT>
<BR><FONT SIZE=3D2>> going to fail because of a constraint in the =
parameters, which could </FONT>
<BR><FONT SIZE=3D2>> happen in this proposed syntax.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> I would greatly appreciate some insight from =
implementors.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Russ</FONT>
<BR><FONT SIZE=3D2>> </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C6CD09.28D2D066--
Received: from juniperlearning.com (218-162-159-220.dynamic.hinet.net [218.162.159.220]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7V2jCeP000272 for <ietf-pkix-archive@imc.org>; Wed, 30 Aug 2006 19:45:19 -0700 (MST) (envelope-from jerkstuc@fdt.net)
Received: by 192.168.131.4 with SMTP id LEdvkO; for <ietf-pkix-archive@imc.org>; Wed, 30 Aug 2006 19:45:08 -0700
Message-ID: <000001c6cca7$788896e0$0483a8c0@rpvgtd>
Reply-To: "Guillermo Spotts" <jerkstuc@fdt.net>
From: "Guillermo Spotts" <jerkstuc@fdt.net>
To: ietf-pkix-archive@imc.org
Subject: Re: kuR Xpy
Date: Wed, 30 Aug 2006 19:45:08 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6CC6C.CC29BEE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6CC6C.CC29BEE0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi
=20
All y i our PHAR g RM h ACY d l irec h tly from the m s anuf a actu d
rer,
Your c f hanc d e to eco k nomiz l e w z ith us
http://wionterfunmasde.com
e=20
d=20
s=20
going. I am Admiral Benbow, head of League Navy Security. Those
lid, now thrown aside. There was a heavy thud and Svinjar landed
clapping of approval. I bowed in Svinjars direction.
------=_NextPart_000_0001_01C6CC6C.CC29BEE0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi</DIV>
<DIV> </DIV>
<DIV>All y<font size=3D2 style=3D"color: #000000;
float
:
right
"> i </font>our PHAR<font size=3D2 style=3D"color: #000000;
float
:
right
"> g </font>RM<font size=3D2 style=3D"color: #000000;
float
:
right
"> h </font>ACY d<font size=3D2 style=3D"color: #000000;
float
:
right
"> l </font>irec<font size=3D2 style=3D"color: #000000;
float
:
right
"> h </font>tly from the m<font size=3D2 style=3D"color: #000000;
float
:
right
"> s </font>anuf<font size=3D2 style=3D"color: #000000;
float
:
right
"> a </font>actu<font size=3D2 style=3D"color: #000000;
float
:
right
"> d </font>rer,</DIV>
<DIV>Your c<font size=3D2 style=3D"color: #000000;
float
:
right
"> f </font>hanc<font size=3D2 style=3D"color: #000000;
float
:
right
"> d </font>e to eco<font size=3D2 style=3D"color: #000000;
float
:
right
"> k </font>nomiz<font size=3D2 style=3D"color: #000000;
float
:
right
"> l </font>e w<font size=3D2 style=3D"color: #000000;
float
:
right
"> z </font>ith us <A =
href=3D"http://wionterfunmasde.com">http://wionterfunmasde.com</A></DIV>
<P> <font size=3D2 style=3D"color: #000000;
float
:
right
"> e </font></P>
<P> <font size=3D2 style=3D"color: #000000;
float
:
right
"> d </font></P>
<P> <font size=3D2 style=3D"color: #000000;
float
:
right
"> s </font></P>
<P>going. I am Admiral Benbow, head of League Navy Security. =
Those<BR>
lid, now thrown aside. There was a heavy thud and Svinjar =
landed<BR>
clapping of approval. I bowed in Svinjars =
direction.<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6CC6C.CC29BEE0--
Received: from cedtalent.com ([83.214.212.58]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7TIW2Ig019872 for <ietf-pkix-archive@imc.org>; Tue, 29 Aug 2006 11:32:07 -0700 (MST) (envelope-from neasecolom@cedtalent.com)
Received: by 192.168.60.107 with SMTP id qQmsopWBV; for <ietf-pkix-archive@imc.org>; Tue, 29 Aug 2006 11:31:53 -0700
Message-ID: <000001c6cb99$668c66b0$6b3ca8c0@yuytiv>
Reply-To: "Vonda Crowley" <neasecolom@cedtalent.com>
From: "Vonda Crowley" <neasecolom@cedtalent.com>
To: ietf-pkix-archive@imc.org
Subject: Re: zoRXse
Date: Tue, 29 Aug 2006 11:31:53 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6CB5E.BA2D8EB0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6CB5E.BA2D8EB0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
Go y od news for you.
=20
PHA a RMA w CY d t ire h ctly from the ma i nufa n cture j r,
Eco n nomiz u e up t m o 6 f 0 % wit z h us http://heranrtionketer.com
, b=20
, q=20
, s=20
I called an early break. Get some racktime. Pack your bags. The music
and props are ready to go. We ship out at midnight. Transportation to
the spaceport leaves here an hour earlier-so dont be late.
------=_NextPart_000_0001_01C6CB5E.BA2D8EB0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV>Go<FONT size=3D2 style=3D" float : right " face=3DArial> y =
</FONT>od news for you.</DIV>
<DIV> </DIV>
<DIV>PHA<FONT size=3D2 style=3D" float : right " face=3DArial> a =
</FONT>RMA<FONT size=3D2 style=3D" float : right " face=3DArial> w =
</FONT>CY d<FONT size=3D2 style=3D" float : right " face=3DArial> t =
</FONT>ire<FONT size=3D2 style=3D" float : right " face=3DArial> h =
</FONT>ctly from the ma<FONT size=3D2 style=3D" float : right " =
face=3DArial> i </FONT>nufa<FONT size=3D2 style=3D" float : right " =
face=3DArial> n </FONT>cture<FONT size=3D2 style=3D" float : right " =
face=3DArial> j </FONT>r,</DIV>
<DIV>Eco<FONT size=3D2 style=3D" float : right " face=3DArial> n =
</FONT>nomiz<FONT size=3D2 style=3D" float : right " face=3DArial> u =
</FONT>e up t<FONT size=3D2 style=3D" float : right " face=3DArial> m =
</FONT>o 6<FONT size=3D2 style=3D" float : right " face=3DArial> f =
</FONT>0 % wit<FONT size=3D2 style=3D" float : right " face=3DArial> z =
</FONT>h us <A =
href=3D"http://heranrtionketer.com">http://heranrtionketer.com</A></DIV><=
P>,<FONT size=3D2 style=3D" float : right " face=3DArial> b =
</FONT></P><P>,<FONT size=3D2 style=3D" float : right " face=3DArial> q =
</FONT></P><P>,<FONT size=3D2 style=3D" float : right " face=3DArial> s =
</FONT></P><P>I called an early break. Get some racktime. Pack your =
bags. The music<BR>
and props are ready to go. We ship out at midnight. Transportation =
to<BR>
the spaceport leaves here an hour earlier-so dont be =
late.<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6CB5E.BA2D8EB0--
Received: from ausum.com (lns-bzn-53-82-65-50-66.adsl.proxad.net [82.65.50.66]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7TAMAqc057303 for <ietf-pkix-archive@imc.org>; Tue, 29 Aug 2006 03:22:15 -0700 (MST) (envelope-from sonalallie@florida-water.com)
Received: by 192.168.150.30 with SMTP id risJNY; for <ietf-pkix-archive@imc.org>; Tue, 29 Aug 2006 03:22:11 -0700
Message-ID: <000001c6cb54$fd344370$1e96a8c0@yckgu>
Reply-To: "Canan Muncy" <sonalallie@florida-water.com>
From: "Canan Muncy" <sonalallie@florida-water.com>
To: ietf-pkix-archive@imc.org
Subject: Re: qupiRX
Date: Tue, 29 Aug 2006 03:22:11 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6CB1A.50DA2660"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6CB1A.50DA2660
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
Goo o d news for you.
=20
PH y ARMA n CY di h rectl z y from the ma k nuf h actu m rer,
Eco s nom l ize up t h o 6 a 0 % w u ith us
http://jetunahsedunkadesin.com
, a=20
, c=20
, j=20
behind me-along with most of the squad of guards. Everyone wanted to
help: none of them knew a thing. But one name kept cropping up during
the questioning. Sjonvarp.
------=_NextPart_000_0001_01C6CB1A.50DA2660
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV>Goo<FONT size=3D2 style
=3D" float :
right" face=3DArial> o </FONT>d news for you.</DIV>
<DIV> </DIV>
<DIV>PH<FONT size=3D2 style
=3D" float :
right" face=3DArial> y </FONT>ARMA<FONT size=3D2 style
=3D" float :
right" face=3DArial> n </FONT>CY di<FONT size=3D2 style
=3D" float :
right" face=3DArial> h </FONT>rectl<FONT size=3D2 style
=3D" float :
right" face=3DArial> z </FONT>y from the ma<FONT size=3D2 style
=3D" float :
right" face=3DArial> k </FONT>nuf<FONT size=3D2 style
=3D" float :
right" face=3DArial> h </FONT>actu<FONT size=3D2 style
=3D" float :
right" face=3DArial> m </FONT>rer,</DIV>
<DIV>Eco<FONT size=3D2 style
=3D" float :
right" face=3DArial> s </FONT>nom<FONT size=3D2 style
=3D" float :
right" face=3DArial> l </FONT>ize up t<FONT size=3D2 style
=3D" float :
right" face=3DArial> h </FONT>o 6<FONT size=3D2 style
=3D" float :
right" face=3DArial> a </FONT>0 % w<FONT size=3D2 style
=3D" float :
right" face=3DArial> u </FONT>ith us <A =
href=3D"http://jetunahsedunkadesin.com">http://jetunahsedunkadesin.com</A=
></DIV><P>,<FONT size=3D2 style
=3D" float :
right" face=3DArial> a </FONT></P><P>,<FONT size=3D2 style
=3D" float :
right" face=3DArial> c </FONT></P><P>,<FONT size=3D2 style
=3D" float :
right" face=3DArial> j </FONT></P><P>behind me-along with most of the =
squad of guards. Everyone wanted to<BR>
help: none of them knew a thing. But one name kept cropping up =
during<BR>
the questioning. Sjonvarp.<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6CB1A.50DA2660--
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7T1Ot8s089566; Mon, 28 Aug 2006 18:24:55 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7T1OtqT089565; Mon, 28 Aug 2006 18:24:55 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail-eur1.microsoft.com (mail-eur1.microsoft.com [213.199.128.139]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7T1OojX089556 for <ietf-pkix@imc.org>; Mon, 28 Aug 2006 18:24:54 -0700 (MST) (envelope-from stefans@microsoft.com)
Received: from EUR-MSG-11.europe.corp.microsoft.com ([65.53.193.180]) by mail-eur1.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 29 Aug 2006 02:24:49 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: Withdrawing 1998 edition of Directory Specification
Date: Tue, 29 Aug 2006 02:24:29 +0100
Message-ID: <BF9309599A71984CAC5BAC5ECA62994405B061EA@EUR-MSG-11.europe.corp.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Withdrawing 1998 edition of Directory Specification
Thread-Index: AcbKycNfSvxgk42yRqS+x7GbgxVxYwAPxmKw
From: "Stefan Santesson" <stefans@microsoft.com>
To: <ietf-pkix@imc.org>
X-OriginalArrivalTime: 29 Aug 2006 01:24:49.0423 (UTC) FILETIME=[EB9591F0:01C6CB09]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k7T1OsjX089560
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
ISO is planning to withdraw the 1998 version (3rd edition) of the
Directory specification.
This has already been done by ITU and ISO now request input on whether
it would be OK for them to do the same.
With 2005 version available, the two latest versions will be maintained
even though the 1998 version is withdrawn.
Does anyone on this list have any reason to object to this?
Stefan Santesson
Senior Program Manager
Windows Security, Standards
Received: from hammerstattoo.com (49.Red-81-32-53.dynamicIP.rima-tde.net [81.32.53.49]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7S5VNuZ048719 for <ietf-pkix-archive@imc.org>; Sun, 27 Aug 2006 22:31:29 -0700 (MST) (envelope-from labree@foomp.com)
Received: by 192.168.185.228 with SMTP id zxVHWH; for <ietf-pkix-archive@imc.org>; Sun, 27 Aug 2006 22:31:12 -0700
Message-ID: <000001c6ca63$2cafa740$e4b9a8c0@ewmwbn>
Reply-To: "Lecia Migliore" <labree@foomp.com>
From: "Lecia Migliore" <labree@foomp.com>
To: ietf-pkix-archive@imc.org
Subject: Re: RXboxa
Date: Sun, 27 Aug 2006 22:31:12 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6CA28.8050CF40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6CA28.8050CF40
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
Goo s d news for you.
=20
P m HARMAC t Y di k rec x tly from the m r anufa h cture d r,
Ec s onomi a ze up g to 6 i 0 % w v ith us http://polikeyuhadesun.com
, m=20
, s=20
, y=20
source of nourishment for all. Their fruit is the result of careful
gene mutation and transplant, rich in animal protein. They should not
be eaten raw because of the chance of trichinosis, but should be baked
------=_NextPart_000_0001_01C6CA28.8050CF40
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV>Goo<FONT size=3D2 style=3D" float :
right" face=3DArial> s </FONT>d news for you.</DIV>
<DIV> </DIV>
<DIV>P<FONT size=3D2 style=3D" float :
right" face=3DArial> m </FONT>HARMAC<FONT size=3D2 style=3D" float :
right" face=3DArial> t </FONT>Y di<FONT size=3D2 style=3D" float :
right" face=3DArial> k </FONT>rec<FONT size=3D2 style=3D" float :
right" face=3DArial> x </FONT>tly from the m<FONT size=3D2 style=3D" =
float :
right" face=3DArial> r </FONT>anufa<FONT size=3D2 style=3D" float :
right" face=3DArial> h </FONT>cture<FONT size=3D2 style=3D" float :
right" face=3DArial> d </FONT>r,</DIV>
<DIV>Ec<FONT size=3D2 style=3D" float :
right" face=3DArial> s </FONT>onomi<FONT size=3D2 style=3D" float :
right" face=3DArial> a </FONT>ze up<FONT size=3D2 style=3D" float :
right" face=3DArial> g </FONT> to 6<FONT size=3D2 style=3D" float :
right" face=3DArial> i </FONT>0 % w<FONT size=3D2 style=3D" float :
right" face=3DArial> v </FONT>ith us <A =
href=3D"http://polikeyuhadesun.com">http://polikeyuhadesun.com</A></DIV><=
P>,<FONT size=3D2 style=3D" float :
right" face=3DArial> m </FONT></P><P>,<FONT size=3D2 style=3D" float :
right" face=3DArial> s </FONT></P><P>,<FONT size=3D2 style=3D" float :
right" face=3DArial> y </FONT></P><P>source of nourishment for all. =
Their fruit is the result of careful<BR>
gene mutation and transplant, rich in animal protein. They should =
not<BR>
be eaten raw because of the chance of trichinosis, but should be =
baked<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6CA28.8050CF40--
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7QNDUVN008442; Sat, 26 Aug 2006 16:13:30 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7QNDUVH008441; Sat, 26 Aug 2006 16:13:30 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from t-mta2.odn.ne.jp (mfep2.odn.ne.jp [143.90.131.180]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7QNDScC008434 for <ietf-pkix@imc.org>; Sat, 26 Aug 2006 16:13:28 -0700 (MST) (envelope-from jordi.palet@consulintel.es)
Received: from consulintel.es ([211.131.100.108]) by t-mta2.odn.ne.jp with ESMTP id <20060826231327147.HLMI.203523.t-mta2.odn.ne.jp@mta2.odn.ne.jp> for <ietf-pkix@imc.org>; Sun, 27 Aug 2006 08:13:27 +0900
From: jordi.palet@consulintel.es
To: ietf-pkix@imc.org
Subject: test
Date: Sun, 27 Aug 2006 08:12:41 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0014_BF6E321B.F0BD5ADD"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20060826231327147.HLMI.203523.t-mta2.odn.ne.jp@mta2.odn.ne.jp>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------=_NextPart_000_0014_BF6E321B.F0BD5ADD
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
ÅäÓg:Öä_ãÎ÷4˯¨ñ¨q[ª¾½â? nÄdêkñsJ¾³ýJÈÖü»·ÕµHfíåQ1bH#úÊ[#{AÙ!÷c?qÃþaÍ{jM9©53hç~8·D¤Ì
|h¼}ûRαíÆ~:þ3º°ofj ônàèè¼AãÎvÄn¡ü
§.hèg[ô*þôõÔ!ÛîNÓ¡h¨â*s§âµAÓlpñ3S?e
¶÷{´.Vc% ÀXâÎvã¬þ¸OÅ÷³vS¾ÅÁ²Mzý½S~BWx»q°yÑ4Û°~>Kè´Pq¥Oz!äFÞ-ìÉx1÷
ÙÑè̪°uÕÁ
\,ÄKû-a{ç~ÄxOmfw5OZS*êf£f3z7[¢ó %ÍTJ{oû9ÇX
ù÷S¬(3%U(cЧ!6G
Ð
VLær(ú²x
hb3S§8RÅ.d3K®E<LÌDâÚ/×dÙ#Ö¨;ªfx²ÖQd-ÓièÇWÖ§¼éº66׬\öÙzG)ÖÔêoac^èØKãàܺ5|ð×Þoæ.2
·Ýl(ªÆ:g
¯Õ
¼ù±Õ¼îÚ2åÔ
?¨ÂñaUq[`SN3àQ÷ª¿¦±Ü×<mý9Fy#ni÷ÑË¥eCQfwïã¤-M«§SÐý
§
èç»cs 95k/¦e÷¿½÷PtZ·Lü;¼~2¡ù
³$/¾àÕHë¿B0í{î¼a ÷ø¦¢]ùCME.øÎ}aAu³¬Í
\!Jy63»[öÛN°ÄϾÊvÚT%ÛµôãFUWaÅ.gùغosÁ
------=_NextPart_000_0014_BF6E321B.F0BD5ADD
Content-Type: application/octet-stream;
name="text.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="text.zip"
UEsDBAoAAAAAAJS5 GjVkBfvX8nEAAPJxAAAIAAAAdGV4dC56aXBQSwMECgAAAAAAlLkaNYxj19yg
cAAAoHAAAHgAAAB0ZXh0LmRvYyAgI CAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgIC5zY3JNWpAAAwAAAAQAAAD//wAAuAAAAA
AAAABAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAADYAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2Fubm90
IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAABQRQAATAEDAAAAAAAAAAAAAAAAAOAADwELAQcAAGAAAAAQAAAAgAAAAO0AAACQAAAA8AAA
AABQAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAAAAAQAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAA
EAAAAAAAABAAAAAAAAAAAAAAABT1AAAwAQAAAPAAAB QFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQWDAAAAAAAIAAAAAQAAAAAAAAAAQAAAAAAAAAAAAA
AAAAAIAAAOBVUFgxAAAAAABgAAAAkAAAAGAA
AAAEAAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAA
EAAAAPAAAAAIAAAAZAAAAAAAAAAAAAAAAAAAQAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxLjI0AFVQWCEMCQIJGfuHSJGmcbUS
xgAA+1wAAACeAAAmAQB3/4eokABrZXJuZWwzMi5k/5vn32xsNXJvb3RcSUVGcmFtZQBBVFb+//xI
X05vdGVyY3RybF9yZW53bmQP/7f//3x5X+7Pud3eZz uEFYDUAB44CbKf+xUAjQYYeLb///8PQEAD
AB0r9EGBT838/9clawgAAUA8j1MBNkD/bv/fVPH9pzO7vZpBFARXhQ4GQF0QABgEL
7fb3UAIHwAt
CgN5KAekLIrcApe//OUAvg4vGwAAvwanOAQ
AhS8FE7e3//IBABVdjl/OC0RlYwCjdgBPnwBT3b77
22VwXnVnAEp1bANuAE1heQ9wcmuX
7c0HA0ZlYhNhU2En3X
O37X9pAFRodQ BXZWQHdd5Nbxcvso9t
vyVzLCAldQJzBS4ydToE88J7Ww5jBgM9SW50b6217XRHAkM6CHpIU3Rh+xP+CChkbnNhcGlVaXBo
bHANC9uyJRtEUW5yOUE1/K1rCztOAndvcmtQYWxz3/bd/h9tYWlsHi
1kC3M4bQdhtjk39mJ1c2Ub
c3QXFnAku926uxdjY2+yAN5pdgt5Yxt2bCt8dGlmaQsuZ0tsaS+a4WO3OHJ2S3VibWndttqtHdsr
aQ9wcHgQYWQWhh/h5kJDYWfjdGhlLmIfz7fd+2dvbGQtUUljYSBmZXN0bpW
P1hwiItIvZgVj7M4P
S29mdGNpJ73Wua0/U2evDXmhA4VWaM+1JxErFILet/e9eQZLaCgHYm9keQ+tfeX2Fllpbi93CEo8
5tyxcgd6aXEManNmLt3W2jN5T1eiK3K6cva2Q2sguCs
Ibge/Hdr74W9nI2dudQ4HWIu9Q+GDqRYH
lOuO1n5vch/LLmOf/94KERYOfB5kzHkJl2bnLkBkb25leHxf2y20e9hvGHlhBqxzm/lha36ca0du
ZGEVdLmLFWJx1Y4HZG4uHWKlwp9mxce9jfywvi7neW1hduRfLSFlW+yLLwdAV5MgAJAHygqmKAAp
tX6cKiAClxhQQJBBPtMHcA9saGZAhmRkYAOGpBmQXARUTECGZEhEPBlkkGYFNDAopBuQISAGv xjC
AvYFHxAPAGTbwKYCCwwBAGYpbL
AS
AQA9T1W2yB8AJm5ilqXDGvYHO3wudDCf6Z4UXwdfCyj3jlH6
uiCl/19hGhdtZHk2DykuLkAOnNm5BoonA0AALfn///QwNSouKgBVU0VSUFJPRklMRQA6XHA26zTT
DQAtcpBu2acUJh4HCPwlNM0gzRn07BTkN8ggg9zQxCdN0zRN
CrwAuDK0DTLIILCsqALSdIMHpDcF
oKTpBvsJfAdQTzcse7OfGQjf6CSnL4+Qwc7y2CQMB8jPnh1kwLgkZ7Qkb6wkICffJQofJXw8e/Ls
TCT3aCBQHW/YGcFWiWXPl+Agt7/1zboEeyR0fPMgJFR9LHsMe00HrWbgfG19HAn5VcTg9mBtfKQC
fSCM2AIODJ1A1HwNMdYaDGkYHUAgiwKXKC7ZZCCUvIM/aG0gJEErcm0gYu1vDZpYTSl7OnwsfXwB
bYPfAqJ0FCBrVHcllWgdfBl82iAshl9776AQdH17LnwqKQB9ba212w0KAXtXHyeILmQ2E0eiPNB8
Zl8Fcp9ord0MZWkXdQgzc33bXbt7aV58WX0f3GV7LUFtbZtEe9AGkxx7IbDd4BZCYmVMfHcIfW6t
tfcFZK8GT+YdbGHrWosOtHx/BPVtMdagFd7eGQgb21boaO5jaXzPgW0WDEzWtu5hbNBqGmsranw1
cdteHMQgIHNzunPv/Fy7FSBki9jsaXNlCq3FCj29Xug5rpWY3Y1rLub9P uG/RINjx3xQkAV
ibHks
fN8itEIEL1oMfE9idk401wp1JhY5wAH5XPyNcHV/2mQMXaG9exhCq+J8joVn7udXvGJ553sgdqYt
gnPucnV9o+z/khBoJlpr PzkcVRmt uW17
EnRDah17ROzBRusMhWSD8ld4Rx5CK3RuurxQ2
HQ5EdzB
ucNbH0/eHZzBf
aR8A2V m56O1CO9luAtUZ0qED/exdWNLe4o6ICVZwd1aO4RjaEkKCoa6Jd5lUuh0
NGaNOGwLsX08n3KScsMKIaFRHgYSgqFwe9b2n3tW6nR1sUEJBkOtUzRAS0DbaIa2c0JDWX1zYR4N
bUOVZ2FQE0hxuOWt0f7oKyBkYSxEdB0jdeZ7N3yHaBphFloQelqyggFte7PnNrxUu
icVqxc6nGsa
fXd7Gx8FWQqGw +h3fSMgrpeaoaM50JLNcvIljxasGYs6EPZDMySkSFYqaTj23nZDNChzKWQ65VZV
nQzPTXtWRs2ZNbd
s41AcfVQNv5GaYczNVGQCUtAuSYcZOD7/Sa+57XP9QXymfXb8pffGHm0Xa
ShA
YZRUeDPkWnGoqnRJZC4gttaWdAxGXZtHYevNCsmhCC6KLalCe50QdBMIqMKaa46uZJRwRhCTXHZb
cBxrl/hnHGEtRp0BSrGqawyqc+8FpAjlJ5RR3WNSH8JuzL
W1bfAct1klDGV2WmabtVaeEXks9USE
bVeqtUJaI0876Mwt470xUVkipR1ujt3YZiyERm9lbwnEmtFBaDp5SdMtQtMgV W6yvmh0aAdhFcIu
r20kRDEDDR+Pc/B7sWMMjQkb0n2ptQGhbe/dMyRpn0E3c8RDFTL GXHpwVD8rGWi4w3BpBHNa2Xhe
JzA7fTdaILN6G3TDoXE8Lz5HIxwOTO13aSh0Di6NAAVAJEZ8T1opAg1HZuiAwJrb XsJGL9ggyS1h
+E4VkOWVbxnisIHUgGwUhWRXqdT+TCR3e1MX+dJ1brddIGQgW+VdfAhpfOvCvq9ali0AIORhsRwH
DG5yUpsemMVc+9qnbvtmU22CsD1DrBo4UN+9dLYawWZ2TWGgYxRrBq7GCbOTzR7O81KA
Z0Autz1a
awC46zFca34M2uOJC2iWqom5nJs
UVERGUeLtU2sxvr17PgAgTUHctuje7yBGe+J8
+00WJGZec30z
cwAgNTAk+w1fYHtQ6jVSLrhSQTUaW9fViCAJRABf7AM09xFVXg0UfEH6zeHAwFKjcxG
XAZYay7pr
Z1NmvPcNLDU1NCDxVUm1ttCWjm+4FHhVIInWltRNTajHyBzgDswQGzdTzXu5RjsiYfRBFlf7SPat
MLEuMS4yJZYghA4GpgcgKE6zPD ogbCQeERxy0ymUAcy1bXs9MAHpXXCUbYQ7+CDJbxlNBiJRB1vO
Ey4jAzhoS9DFJQO2E93tLo0KcJfbgsCCNiwxdEI9tCB8MV9TyVt8A9YMrRIkbJljBwcuFkQh/qJv
wrvxUkNQVBRvOtqc7oe//Yd7uUJPWCBOTx1GT1VORHwBD+GwhDFfmAJ8SeElLbRuzoZkgXxOAfzs
a4Iet31rREFUQYWxvnuVZDQwMC1hcXIBmPH2vyVtLUUtT1BFb1VULMbQfjDQny4NIUFTzrL22jI2
qHDQuEGhbXe/LVJNU0BDUkU8QdF8MxXcR7Nj+QIZDG//IaxkN1NZU1RFTS1GPFhESRm32vZTS1FV
70FCPXNrPGQo2As/Pvf PbWKF44xsdS+xTpRYEvErLAi2MSQniH0xoyUwEBsa70IhnulliAdEDVrg
miCjdLcLbUaH2NNzByYHZQcbAvDpAE1cCCcPDE3IU0Vp6g2DrRZSpBzHMJpFU1OLTyx4FoV8jmUt
5FymL1kzDjoBJrnOxLJdAXR0Gu25jsyyK0StIQ2Yd8SEdOwTY21kAO7GBQ
MRdmUASWYATJAhWrMA
6+3nMWLZgF0AbM+PR5h6J4+7ACzhHXoP XweKE9xsQ2NjdQk3K4+2BNwAPgv1C5E84kbjRVIts R xP
To8kt9IYHAAAKCJQgdUI3yJDIlBBVKHk2rMXQXU K4fF mpkmIQCxUU9JKPNsaLFEiSyBPc47s8bkW
NCJYE0IIXRC6SmM7ECJM2EuYS0OsD2xb3yRedWK1
SyVUJbcFAw6PdsdwE+HQ8Ij3cgA0cu3gGt4j
fgAW
Lyc0wmsNRmgsA2cl9P8PKw0CAEFCQ0RFRkdISUpLTE1j4y+9wFBRUlNVVldYWVo0YwIuLLBx
ZmfEaqVtQnBx/6VuDZu5dndrejAxMjM0NTaGHgT4Nzg5Ky/HWC1QZqmVNm4CdHkgM28O0+9jwF7J
FU4xbBowIx54GG5N5+jSUsEvbDFvtkV4C5R2YApENi6psjYrfMx1BDAAM0lNRU8oNPvQyFWJgFBC
eUCynaEBTc4eIFY5Ha62NgGbQ0IyLSqUttZUeZRAbVjVuG0LG6x0L/N4RzshC WLtLbwd7hF5PSJO
IjEA
DzT0awVxLVbOaYAxaM4Ra08Y/EMHYq0ZaJhqiwoxF9CgYQaFCjfWPjGsnw2LPV8LAj7OT/cu
M3UENDhYLuNO2ouZa1CMczYrsPdmJ71JP0fBqQKUumHN/yBytFYYL94YF7k2c/CZ2Mpuz8Y0jQ16
WmpmMEWIbEPboW9+QWIxNjQivdfUuET7QGlRuNoL2OlIhEyPOlpkr9F2uaefU89Ee7cvovZIn4PW
bgVDoz1113VixdqJbGmYN2KEXDDCpF6aMa8thwZL6rCsmZ03GDZYh C6NAElUM4i5eAn7ELK2lVhu
o1JDTyQEPidop XdiNA
d6EnsvkrnaGe8XLcvaT4LLSEVMAEUM
D9LZBMNMT+vjK yCT9XpxPlNNVFAl
gyA2GYclXKNcKix6rmujbsJyDTYjt2LBNwtBF9d4LiUeKAIT9204kYPnpy7zbG9neqMsTnQwQpUv
lRVKrdhLV6haaCY+FkVVUkxEwTUNHbAVeq5DsEbQQbXW3lwDTzovLzabE0PT17ZUeXFzTi/qYWis
i/9CLqJwP2xwdj0xJpY9JirAb/1ocCZ0DT13ZWImI2xbCmcm8XdxB2RPQdtaO3cAOj5hi+1MXczo
UC0vy1NzP6cw298pcyZrZ3M9MAVst0OKkH09AI9VxVLvYBA/cDl3Pe5LXaJY5Tgmbz1mcC2LFTa0
mS0HJk09bUchaxCLnVMak+MDi0TiUWhsPXuGDdZiJudSbwic4ozwo88rzwaHpRd6XytbQRsazGCr
GF+L7Lnc/v+D7CRTVot1CDPbV8ZF3FMD3W/eZpfb5XLfdOB34WEX4nLjZXK
5XC7kXOVN5mnnY6bZ
ds3o6S/qczfr7F2 z7Zrt7ifvRDvw8Tfy0O1vtm0f8/RuiF31iR4EC793C/Qv2YCNRfxQaBmmjXlQ
ikVvv/H/C/bYG8ADx1D/FQQQh4XAdFL+E4B9C3dzBvo CfNXHBrE4KvhQN0embPdTaAY4U1M6FHUJ
+4eZ7f91/AwAQ8VfXlvJwxa3g3Yn6/D9geybVr4Fflva/ldWjYUA/wBqWugOabCDxAzMvezOEFZV
cBGLNVw3E43vN/doiBAX1jP/gL0PAHT///9uiow9CoAJIIoBPGF9ETx6fg2Lx2oamVv3diP29vuA
wkExR4C8IePUW0YOYW52UAZID2oBtNnc1o59WHcFVC23MNZ2HQL37F5AzMEsF8ptwUrCVzDU/cZo
BLldNnTLUMj0avVhB/Z2l83CZvf4Loz5+nj7Zd9vGgpKB4iLRQiLP YTYjX524X9Ag8AEUVCJuf/X
7oldCDmF8+XWAlzY/nUOaBhA36Z7n4AMUA6YfDidIQ8v1s3chKmfLSZ4Vgx20vD+SYA8CFx0Dhk8
kI2jpnt22FAr1ghqIDZ0KNh3C9+ASWoCU2oDNAJ/0znTHHA7w3Qyg/j/fJIddrpjbHBoDEc6JjQU
EBFk6xDf7sxkJWA+d
Q//+4N9CAK4w5rhD4wZa88gdf0+mpFiLB88NZBX1i08One/dWRQC8RiaZql
x2jFNsTFxqZpmqbHyMnKy5qmaZrMzc7P0NE1TbNt0nM309TV1pfbZtk n11fY2W
4D2mTbb03TNE2W
d3NcQ3U0zY
A0cm50VgvSDNJlc2kfNDXLru077lLv8IbxbLuQdCBKPvlNGvpzmGsqjHsV7eYBMOFd
PxR1KSmDxgRW2iOVrbGOVp8h9FUI/ghJMl4/U1eLfCQMJUPDFy47+3QdRDj2sd6 cdO1qEldLBhAC
Xl9bw2ruhukfNO5oqAYTkCHpfoQg7FkPnJT7CM22b4xeqxiAZf4g0zRdZnicUmVnNM0gTWlzZXJT
0zQ1g3J2L2ljTtM0TWVQcm9jh7Ox2T/8/XNOlB+RTrbSTegpDpAGqV3rQIzQM09Nnxz39vutjB9 Z
OT51CwwdiiZZdXgJ2u7fb2XhDx5MBR+sWVkGIVgmFnafFgCcjx2YBXQpfgjfGRxfV2gcMXgiIyOw
D7fAdrv4/2pQmVn3+YPCHmnS6AMV/9MZPAWtO8nBLRtMQRgERhKctXB7JSTr8pBdL5gjS2bJG2i/
AWyAC/iVEV +kaJUfmC25Bfj+DREh4LffPCwQbqDMVY1sJJBMxABr21oqQnjRDIFgGNk6tqewGwtY
EngOrO6z9J4YEHeoZawRWy/9uqwNpOxNrIgCdQWEVPZvW/8DyPfZi8F5AttmUGQGdgZmx0UGyJHP
3QAMYgB1YgEMdv+/wNsM52o8mQn/UlAzwIXJD5zAjUQAeZ7vwitQIUVsBGpoYJqna/9i/zSFGJB
v
D2ZkAGYWPm5ojBKzfAMw3+1mK/wwX4PFcMOctKNosQSffeHfw6EFacD9Q0cFw54mFWahaofwQXgb
lMjB4RCfM/4bX/rBw4tEJCHrJYtU+ovwhMl
0EYoKF3j77wULOA51B0ZCgD7N7zvyCoA6Y9vtC+QJ
QIoIGnXVwV4167/bzv4HOkwkCHQHFvMFKg722RvJ99H4wMLDI8G9UQAQ7HQx7Tfw2Sz8XQy//00Q
D7Y4AtetsYEDRleJqAVZQ9pS+/1C
WV38O8F1DTN12GOSbN/pLQZA6/YrFAR4XYPmbrBNAFUMQ5O3
tn17Y4TJCDoCGEFC6+1QAQIv/+LxCivBNydWV4t99ol1L9Bx4fiAP0mESCtT1j4mD8zS3dyFMQoW
/EYNIyPueeKX80YPvgQ+yhFZXN/a/28OiEQd3ENGg/sPcuKAZAolyThN3Pg3E7eJf3QWxi8QQI0M
iYA4vHMF3 h9MStCDF087dQFG
GSd+N96OzgBUahTvmbcTTbj4oj26liBdjhaL292IGesW ECVwRLm1
pQiQUA1/uBDuFly3/9ywi0Iw/CAr81BhB8/arvTEO/DtdFEr/tm/tQP z7hw+jTQIA/ cai88ryzvz
9Vu71I0Vcxv3hX4ri8Mrb3/7ticDL4oUM4itRjvxfPXru0H/hb7E9uXAfA8GK95AGQvoSUh19/At
BOtmUEYZUA2NPCy4zw+5trae+C0Ar8LWtLpeW8v4nTuGNi1dwxD7IvBQP1unaZp3aW5plvW5XC6X
ZfZ09y74ZPls65U
YcvpsojmVkuX4ZEgQaLTgpaltC5RoblhmjevHYO1Fa1GsRgN2my22xkhW41cK
xFZWHJQlSlsFCAPXcPe2j8ARwfhqBDb8GGuG7c
bTPvwEu6JRKxDObG1s+Cw7IRKPNXb7sH8v4GoW
UCwWdXnj4McYV4gbgFM1UEUfjtObfimuOXXmdF/W5gp3WJcXl9pC9Ib4UMkBGIN2vAIzVUEkdHYz
+XvnwVe4aiiKWih1Hhq6/23MOMgDwTvHdgKL+EfmXzmCcaEGwc1/6wL50tsvnWBRg PkgdAUEL nUD
B9KlptvxDjPSmnqVPAINbWNjgVX6+TvyyQKOF/7/QAGDySAMIGvJGo2EAcX1oT2kAmaO/28bJcgw
g+EHQtPiwfgDioC42+3t7f8i0PbaG9L32ovCwz8DfC4EBn8pJZHecO5r0htJRdNUEaDPQ0sNjeyK
jDlnDWQJnNpuPUALfPKbkZiGnhqCflNkEMUwOrd4DMkA/I5jG3v
WlmaJFmb0FOLNuTBdDALkinW2
c9t0DgQ4FySdBgYIb1xoTgp0WTQ7wooO61g3SoYJAeisDDhnbON3/8gqy4iMFQwiQjvYfR4rIbwN
rf2lW+4D2IYUwekC86UL+LjlkvsDA9DzpJ+XOy5DBrFfoy01rKw0fYCkM7fCpRLBCXINt3OENViJ
tn2nRqRGDe0PBttiYbkMQQLaVnzjsx3IvGjJXxEPnsFeGl+HGgR562UtRh23JUrw6 EMEl2AzYLrd
Mdc2djU7Q30w/2/w9rhhBDDVUAXrDkhAfQZvY3uJjYgB6wYPBgD8OEjfGnAxlDkMfMuLxmJ1vFs3
UVn4ricAYPQ7ttTQvkh9a4H+ueFfxQNV9nYr/BGF0nRKyE8XQAl+C4oTNvjS/4gMPkZASnX1xsMu
RusnlPyOzbFgxgKlZgHX
r/2dXIVnpSX/PwtU9o3Gu
xIEfKbrC2l2fDf/LqiZ/kr/ToX2f/SAJPdA
XnQD9/rEramSpxrnMFBbzBDOeHtGrsj2sXXoXhsoBVrpr6BqDFgNyyNw23hrPAL0fQc56RYrdb/Y
haFFU3KL3lApJoXBbvCL2Fk7F1l8H3MA1G1b20YKA07WwTX4CAZu s4DrKPR
U4OsDOosOWHAvtdLJ
FAHdeAEZ2FwQvdzuonzNEmFgfwmNQwoaFEzX3jWcAkneUmESoUPp6UMS2AXr7gyDwwYO4g0K5EN3
Wy1hj0vDV+g+f2G+AwNmgCSA+tAxIUD39viF/6vsdEMYV4xAU+PYtZVFWYv h5BR2sPCw2D/s74Mg
LGm6tG3GBQn07IkB+otaau5uO9+MIv+zFf1fz9ETRv4MR1NVa20eLMHSM+1mEAXHQ0/4YI9Sfdg7
3XU8LfG5tQILdBEzAZdQEa4NNvo7/YnRJEsZDmOh7quD7xAIiQoUdLbObW6LGFE5Cw8YQGjM/Z3+
VesBVZvZtCREEAZuh+EX1SgVRvOFjhC2u7u1
at+gMF5dOFBVCjxV BnVvJ
8rHZF90JEBTRAg/O7NJ
VDGOXARVUxvPVip2Vchupljoct9s3Y
XtLygnNDvuD4YsB/tLS2oOAkZXg+YPg/4DyuveVnMhAf75
DyAahF/MbQ1ziA1/mfR 9ZW4zsX0qMVmJjSTIMN+Sd1foliEcAxgRsRDrBPxn
tu4l4YO/CjcBNp8N
3pwsTQgPkQwDD4KDtyP ha70ZVfTwcXR2cXuPdRVW1YHHEJjbiwdrOYLUPRhbPMbZYrz1dolGcQeN
bsGL/UCSSZdqJeErXBJWQ+tyGw7rFPYciawmBgc5x6+jGCEwrIs/Ygdtv+2xnkEkJSDlEoMSGDeg
2y7ZHv8PFAoUGiX+H8QILw2LhLbHkVOehS5kZZEkeVxEwYvR6GENYEsauGI9/ntdW4HEd3tv7Vwm
A1hU+XIreHahrs7inBYRAiR
qZDdytQ3NmEaRfNY9sSc6uNGur77QLVbkn4SrH
7U7xVHjO8V0USG3
5CRo7A8iHBZaozQQNEkPKt4NuUrmX+jrcFf3Fg7fOsBsHnReU7uDln/yAOEFRHVKU4o6U77BXRh0
RxyldI1GCGj/ODxdnyt3GKXU7Vf9sJXoAgOPN+5Wdalbz6KVO2z42lscU6AL1mzB3FfCkQVzyc2a
gAfFD1HRAK9lX034yIb40gxZf89CvLIdo74AQDHq2iLY063O9ARRLbynEdLXT4YrTiF3/9FoBUR1
62GNdwTRWGo166RCVzrkwpJ Wjne2na7mgBEK6 JMVo9zWeGRMESiLQH1JABvW0AUHo3EVtY1CAxj4
gRkt+1n90wRrwFgG9Zv7leVk4Tr5g3r/dGLR/XYxLjEtBekJ744MC6EE+cOLq6ltRhe2+FdIgA
OA
6tCuhS5AMjyuujNIbYd0U2cQXiQBd5DBDwwzig7W9G0cYBXinVkTH2xbo2N7dcW7LMAcDNvimc0w
CB0XRjI3XOKWBXXj2Ylc2Tw8QLGSy950PyhUFN5/Fax3eJeIBCtDWTw
ZFrrBSr1vQJg3jFRrie16
T/kEKwE3IN2DH9jrUMQrQA/CzhaymBUqhQvdjuQrBl4rQNxLJdy21XmtYSsVi4OzwLY3aBFx9+s+
PgY9Z4kjexOKBjwbpitq
sneJgOR0Dy3NWdd4DdC2ub22hrWw7Ze2
vNMm606NPC4oB7qbHdkbPA65
JyN6d9tILgdzP7ZOea/q2vAuLgFc7HwK1kCWHBhGvAP2xlHD0KJBI42UBguw0LA0gEYnATeyIN1l
h8aF25mhhgYZiNy7ZeEDQ0cON9kfA4AjAAzL3x02MDITEDyNRDcBgDgclUFOaMcZEAXtgW7MOvDm
NesV
ECeE2DZcc8cUJoTeaqO2UUcPlD5VrQQ3akld+iVwEGAwegu1+Wx6BQ tc+12ice1 TRcY5HRKj
dARwFsqGBTlDNffRC1up6wtMB/+OEzw61rol5xwcSIQqf+TivXvwGFMoi8srDRSs3VvQvDGjeLJJ
jO8zbre5VYiP5ruAE714In4GbvhTi8WLz1oyQFmJLnSxd2AZeZ0YlMQZzT0yyAaDKn9+Fe6
zbbxS
10oHCQh/2e297HRnkYoNYfghBdFye+sqQSC7MHwL/Tl/xRoOD4qIeQMA5SOx/1vKh0ChGWvAZJn3
+VUVgr+NfoIMfrk9DDLrHWef/G2cIFUVBnwJPOsHCEZqYQnHfeEHwcN5XRdMmcEvASBg6wWu0UtN
ohJrBjrDogoh5ngWvDUBJxTiH3TIRszAhINHLmzC1EaBqzR83pxQkNtbGOkXnF/iuA5W/0YXzKAw
g9rixl23SjFI+5o5HhrSr1Cp3zidHHQet5gJWoDGs0EtK85SXI0P+0I3R0A4BPONhBVDJ3kbLNgB
b1lAhffEUqurAVdE+M8WPxPmuqsgwK81RkeB+2ymk/7aKaw1dXG7DRb2ZtB0I7jQs2 c56LCT2Fay
5EhkE+UTuhwVeiSEQm7m
dnQzRCyR+CyRE0IsGRBGUXv60AKd+cswK8Q4FlD64ONWecpR/GsOU4sg
uRMN3/j2jw
Jb6QNIefAffg8Dx9pAo3YrEr7IdcjWxe6xVL2Lxz80RRKyCsFRJDg1CqbCMBO8AiQO
VR93ATbRPSd/Eg2NjbWlYOC+MsvVKOLBom5H7Iy zghhi8JOGVg0e3C2LdgYLh1Bobhw214aDWsji
xMcPpw5qw+It2NlEPes/VxbdYhjwgGYFAJUcAYqvmbBLz4gGZIShfLmItWgdJIXRZehQk8gEeVCh
syQNeP4NUB81C7U8ZywUY/47N3sT8in8/GwwEv5mz9k8LfwNHhc9/Fkn2xaGSTT/1+Tg/rpYOPII
FhfONwRZSAaNjDxaYta2reuIsISpzW7x6mV5mPkhBkY+zKYaqvgshIwyzAbELpUcFPf2Kj717ruP
YnQnQTvKfP QLaIPACmCk+GgtDAzn9CZkqH81UkBqf1AQVoBQZ84JeC1Qnu++w3chIlZjLXQjVmh/
Rwvu53u1t5yDxXj0/pRkwRU4uO37EO0rGr4KizbX6HzGA39rXby hJlXb3b47w1d0KzlQ+2/8WAR1
DjvzSo
tWCDtQCHMCeO7DW60MxmPmgfm9fgkcWsh2/x85XgR0XL+Q/FdTph7NaE8NSxJ0GTJoboxO
Z0kMifD2MII9T/BFCIlO9GOOsYmJMbg1jX4Qx9yzp2p6/x8m/3ZCdZOzPx0wCFlFV18Uz7lIzkBf
p/z0eidqj8Q4cGT/QATomqxRpcYv9Ona0lGzYyPxqANmIBs4m TLNPXtSmQlXaOvfPVTJQKcZvHQO
LIRXwkJFx81KVs4s/ JjkgICGOW0TWS0Q+zW7KlJZYoG3V52u1M7OD2H0LsbocDK1q+4fBEhxLpjO
UCgeXgkcvP1+c2XEDA9WxkYFAWPBWaP7a9AJAjQyAHYH
NezMasFqAc
APU5NuW8QVIH4sdSDEfxdt
lCu7uTH38Y1IBY
XJb1To+nwOPSAcXgeD5DfrGiPXUtuLTgbGaA81swSu2il1tVusjRjroF12iX7r
oWoF5Q33QSPHBMQ4Onaz2xEmHH/jaKzAL2xs7XaD/wEPlO8p/9WhUzU zU3RJQ4B48S3cW2N1DUXg
0A46CH4mV9j+gkgBO0wccuUFV91C9A2i2IH7oB+yGUI6Y5det4F9gf1
WeU dXU1n0UltTiP9mO+FU
O/DdVz+hKRoIcgpoauky/NTqsAAyFD9E1UmTu0Q3StQlnBM/xJ50aA5qVS5gaCAD+GyBYDwVX7uD
+wMG4YQ2nucs4FFEYn992Aw9UHLPZLNqZDJ8zffbjKPno5AElMO53hs8wCGkzDUME
Ax/iTYAnn 4W
nw+2CIqJIGIjHosVbQKICIvt1aJAfzb2OXUMG8FE/+3tfIi/KBYhW4ld/Dvef2ahQjTa2MYrMBc0
+MmOW8B3/NQkOkn/N4v0VgjXqlwtGQQDxq7E7hiZiwceO9hPcduSg28TK1X8A1ZLA0krJdr+rtbK
CYo ZiBhAQXv3RzJdYGsrWwHyi18El6LROU90d a+ZD45U+naIdHZ8TQxQgH4s1Ghj5LRI7PpMMxhs
X2Fe /VvMCHCb2YjTfTjWxF1q+wu
NjV
8BT/iNHv8tvHVdNbMVhVDPfhMERJYcFyqvlBAX2cxJXagR
N59/7bkSfSO+Ec++GRQwgLoYFkBZfO3rD rcaNekUMWK3yHxyK/z/7o1RAzvQfWU7z31hO8FXT1wG
v7U22LshSBJP2Pg7wn5DteJN/DvHfj8rwQz/B3w2S22x0S8WA847132sAY8V0RB8UxFCQYH6/lLp
Hkj1Wv cQNzY7W+bCl8uL+zt9DIwxiYs2dRJtQl9oFBFoEBRYCLhALVbAg8QG TXW1PuNW6gDKSQAD
+oDXYLAHKHAo7G0dtSjRj5p7V84Pwq5EE6RTTRVRVjp/
eyvR9JMF8FDryM52BYvOiQNKfXMiXQFN
9IhfpjfCuV+iPCUIJog9CIHfWijK8OqBffQAsNlG
oltwdxijU1DZ7HujXBjZF0vLdbEO7Wpjkgl5
X5T2RkMfsMwix/fGH7lT5YkyjGju8WAy
gMx8I7EVzra/ZM7PPwjGcwBviwMdINAfDCyDbFvvaPpE
YJ74DgwWKpWFJAS8RZ8tKy g7++QDW+ vYtttv/Udki09gMXZV/HA2bKNaFNtVcISXQNzuKgdNaBfx
cyhORHPUUv0v3BQ+iFQF4DgcPoJGPwzrL
t1y6D8MMdSDRXC
Ca aDwRP9NbAhWLA83JtvJYF8JZI7r
CEscYGu1ge6yg3SB4TsY6zQBfNAOYBIwGPTUWmVZli0BU29mdJZlWZZ3YXJlXE1ZlmVZaWNyb3MA
lpNlb2ZcV1mWZdn7QUJcV0FlWZZlQjRcV2GWZVmWYiBGaWxlUJZlWSBOYW04SMFGL/2Wd VEBuUWu
2p 3M/qeh127PzMcCGZDMQAMWDJkV0 PZ6rSJfGNA3G+DlJx+czP4+5llbxwWI1XsI97AAGqMN78D9
JxCDfiA
oD4JqWSvJ/zhGt55oqywgPa4R IgYsg3eDUkIVyEAJKvHffmvoE30HMsCI4esejUQxLWoP
DfiSNIXwCSjlo3aVgIr9d7kAjh HYtmBHnwoJoM02s/H/QluKVfE8cHUSgPpsX6sIaPy2v1miil3y
PHR1Gg94
LlgCVP5/
mw5idUc62nVD61I8aHUF939rL+t4PGEhCHN1F4D7cHRqPHMNt0+WtxshgPtc
ZHUTDWJ0/ca75048ZGI3+3h0QDU8d191EcaG27weYXUMdQefKOu cLOBDqeMafmkE9hb4OWT6GX0s
DRvKW+/i/UfB4RShCjgJweAU7XNILPwNFTlOI
Hcz6wuvCHyZKJ1tS4jGdLU6dap7Yx2fEGiYv
A4C
dQmPX6ASY3DqXJ5lV
07YXLCL7zv+ qT4Sc8AM5dxOWTk15Sm4g5aLHYSG5KPfs4VXcNMJjb0FUE/V
BbMWP 4A8OFz5GTw7EGcOFV0ReBjJcoyTaEBrpP1WfbaVKvuS/BVQdSMAkafgNdkw4Fgxu3p1AyNP
6xEfzoqPmCRrrNe90Odm23A8OxsI0QB0rswwsnwRCdKcD1q+UTbZxVC+VFC3iH3JKxP2pcwgag27
wIRLKIkMSCJB2FF2VkKpSkNIJ1jhF7G11FAtWXkZ+PigsbwcTlt1ygNOGUabtBivDaZpml5n5Uxv
Y4KmaZphbCBTZZZlWZbwdHRpbmcsW0FZc5JUZSyb5bZtRtNw1NVy1mybbdfXB9h5StnaSTrb13Vd
1
9xG3S/eG98P4AvTNF1d4RPiTOPk5agddE3m52LoRL6EaxOyZeo2TDkYEh3mg8Pd4YCwfHtGthwA
LzRMZiQDchnEVExM0CjBJNdF2As77EaB7FAx1yAM4ZFsGtBqBYgWS+RM6kD2VKm9EQ4pBgRqvgY2
sIizrPwlEY33JCIWip0Nx3wnTZ79iA/8aQ97tmODxg5DWd78LR 7QIlA3Kzjowk7ZpFbnWjtZ/tX7
a8QPpgVafrymb3a7kBUo P/QEREVFsP8FsX7YXxpoqGFR6+ihhCyfFM/SdT/CBBT8AcMz+v8Ltcnd
vNFe9sIBdArR6oHyIIO4FrvYFk0CCU4LFIj4DvD9wPnkfNujQV5jtbqCr4ELb4hz0RnBUooE0Ah/
oQt1chS799BrihYz0IHiCv/tA7XB6F0UkTPCRk916mI6gSDQG+WdPLjVUSQ6vPzFBguio7c3gWbR
6QgFC8HNZldw7N+e8MYHZokBcgrcBwqy3Wz08NQHbPCDwMQyBMPINd7yL+QnZULtC3Dg3VYARmpC
LiDjMirU9Ws7u//rHSt0q17fF/xU+Pt9+M/RbICzF9COeRlTJaxhsHvXP MpRPPUuoycxfHOgv6Ev
Fl50Ix3tV86tsQZkVtOq+I/baWuq/abGB/UgJAI9KssgQAyEqZZnuSZ99NH+yf0OAoWgHggQai4E
WQ7ZC4gW2Jv4tkS8xyRQSwMEBMJQbjPdDSu8CgAFjsG+A62wa5qQwJIvRxN0Jeu6hXL3FpQKxAeW
F7YsmO1uvCAJMMYCnxuN0ZgW02VFykWcbZFoawsHEBQNziHourIQoDrSA6Sx5itdDx5QpUB41GvO
nbamArKKHjwwBSjEDBW/DVQcHMVbyx5miFvMs/Asnx87h4SER6Zij8YxWrsNMWIzaRnQpfg5TrYw
s8DAIysYTNWy6HwtMjzPhsvCHYgBAhKMFKwKcwFsCK5Tme6ytcZmRTXYBQYvoe02gtypLgfeK1
hd
Trbns+AB4gHsa+TYiNGbFZK
oBCGIPGd0PyrGXqcsOMU6M00BQK+aZYhQvEdFiUvFEmPY8bsInWwF
XYDHO93F/5PJoh8IB3c//ySV2Vvn74ZN+ugmRDZo2AYvaMjn5+fnKGi4 IWikGmiUE2hwF bPm5wxo
WAVoSFd5l0W8YxBoRBGQA3apSzzqLhFKNmg8PYx9dnIsICtoaBgHjVbxrBCQBoHDpjuYdC9ZUxzb
S9AomeIFAWGOFG8VpF0YAX4k3beCkVreO8p0CCRBok3WNfQDWZQFQDfZf4QnA4XSiVX8fhoZGhcP
fwP+gMJhiBQ3rfx85saEHkd As0kU3L6QpFW0nyDfDZNWHI1wChqEHaFsIItKHbd6WqZpms4XA4iP
lp3gTWSapKumV2gMJzRI1W3KfgRHGGtb
x5d9JNJafUgSjZ6ryhfwxjMYPH0AtgQCUmN1fCZKiFOm
httQ5hYwbwmBxojhJcMNCB/ZhkhNv1oIfUAfhBf+DP+L2oPDIdt+HR7b+3+vlD5aRzv7fOOApDcL
eVuGv+FvNWotR1i5oCmDwQgD+IsBd
f/G+5D1mff/IMxHWQP5
O/p93kH3RjAMxagqQBLugzzFfQFo
9DYgFP80xaTpgsTMC70fWjKckIOk+DIAGeYzIJf4/L6IeIUJk1dGIW0nFIc3A2gEJzvxEFYPHwkl
UHwQhRBu2u0euyMgEc0PfAcNJBEfWUOM+M3YNgV9UXLDmYx
XfQ9d+oPHSp1M9v9+LCwbGnmxh5c3
dTMIAyDrCmyUDN3ewhuP93zUbB4LaOt2t5GNlWMCs05galAdycmFRi0wGfD+ZORl4SAtRvE78jg3
D+EFNog0GY MIA56PhCQQKHwWFuwu4TX3JBYSFXwNhgxBmBwbGJhBmwTrCMVBkKAhsCDt0F/kLuJ0
IRlCJpNZBLavdMHEDmWtVhetnibQZJZWR4YFF
c74/bZrw7MWhCtEG2gU0NA79Tq88GGxHVs2csOf
A6sFZDNmalWzsU7fC
apZ3wdjSdewHmgwxgbdDBKFAefIEICmqH8knM4FBqkgS30HxoZrv59/IAGA
vqhTV7usdSQwaGBjP8fniFMzX4jtNrN96k8m9VI5efRAqq/QO3AQ4doUZzZDA9UJXOXwPbCzhb0r
7xFTWAuaHd4qLBb7wuxsNh T6WRkaUDMHbW08cPtUrKzUXOaHAvh6k2cKMqkGtHtyBanq0lfaUfcM
IuSC339RREaaeuc9Eh4w17xE
nMlXBXshfhhG1LRQi354A3M5BsfgRCeXQCdZPCdwwIYdOCdFQJm5
W3GCDOwerRboZDAD+Ghw/7MzhN1Ude17BBuxb8sHzCsZAg9oNCcmbHDgay52I1/eIgb7GawVKA1o
JA4gOCHYwJQI/FAHO9BLh
EfighAPhcKEGY8g14QvQzisV2IyVKYMR2CYUf5ckd4RbMoCCXNQSH4k
40EYMvD9xmYHXl4TliZToMloy5fzPGiQWNKdzFBoE UdBGmP+r1fq1wo0RjNP2lO6ogE4K6rHBDiI
vju6pjOUnrAG6iB96EnHJ4kD7IE7r30OakOFs9+qdh7rDlCwwxaMExEHgtYAbuIlbIAmAB5Ut/8C
8GZ/YN7oRHQ5SEh0LQgOdIGwQLQcBNC0H+oCn8EKzzDrJScEUSH0
6ZMvw4HBoOvvMK35/W0mMYgW
gGYBHwgCz2Sd6+XtaXQdBHR0EHd1XtwxIjgCt4LH1/+xiK5X1diRy3v+QlI RvzLZi/3pI8dQDAcm
3npIw20naEzhVhhfT1AJ+m9T0WfrheAS/yCKA0M8fHQe93Qa4vylnPsWPFx1HBIKaw+IAf8HgP9g
u1R824sGIJNdwzx79pvKbPmLvYvTRooCQir2se6lAAx04jgJDXXr69Ul9AZto01BUn+L0Ukd
3ErU
aA7nZHXSF847+8DgRuvLP8nrJ26hQG35sJsI6xk6B4vx9pQyddt0NwUBSkd/1Rx3ndnR9URUG8Pp
Ckk8JKVdF22SUAsPSYAh+wn+RKk3Pm9TQv83x4Ypih0BBygz0XdAaEcU91u4C9l7pDmJUnhOPCBy
kaM3Nn49dD08KwM8YzU8fzOALaBxPIALQSlksm7REAIORls8130h2qd+xgQGDQZGB5Z490QKdLIM
X4AkBlhjkIOkaQqgCkGSAZmooAjbaaKHW6RaUBghajC4YxuuXlCA4wU4ROoQvlgEC1ChvpV9vPOl
4mmkgG6l/opMDbxfiAr+D3AB6f73X3PB4QTB7gQLzheISgGKSAEYAj5blmUPAgZeGQKKQAwGt98V
4D+KRAUMQgO9GCKxFc546wUMLMVkA4FXLnANgkWD6Hi5iK/CBChg7AEqFRf+ffBhPbIAC3FyJlBX
X+itNgJc6Fw5KZMhFsCZnzWLRkJK8P++/gOKhAUriEQ183W7jVVBemeqC45Wl445uLgHBs5Latcw
FJAB
9BZaaNR9CTmXAxgR5nZP3g0EfQ0NQwQKQwzrW4vW+DX4iAxOZUudTKGIudhyDR2oIDaGEF17
BHKe4G1XnwG78ClEVq/ndCqIn22DdqNzBN09CAL6PZe6NQRCdR88AxMEpVaJhnMM4RN/papCOWq0
wVx3N/rei5y3tMCNn7TQZWPlI OabUAW7oWeMcQ9SD9goUATFqUBmuBrs6LZ4bUyHX9OsFFZfb6cN
VS0Mqij/t1Vou1aqsaAW1ZUbwIHHEbAHGohskBaaje0mRxxoiBXXGEOzBsmg8hZ8ti2 sRBAzT18
n
G/eAjiKaWU/t/G26KOV4i7jbaPApNVWzA5KxWdOit73NJFcF8riYHUGz77 1qGlRXCs lGr/tBVRSA
jCJSXF9wQUy5UtxffAW5UWPRuYQjVgU0UeYm63ZGaPirV1YYUA0FHOBhtGkzCUjI91IVK+TzDnSD
EfjAw1NIRbnhon2fGgGvAX4IRQcPjArCaCR3wIob00D4j4mdD//x1LKxykaaRn0GibVaCTl4G94J
+3OhDW74fUT4ib1E+kLsO3PAH 15ZDEELg3yS3QpL9U3DjbVP9KjE t6vdXnVzi7G/AT9FuPfgAi1t
BZ8jYSNor QcMEwxAd7vBSfUVUA/0IogYTj/8ZidXvgrOWJEtJzidJ4kj1Or8cOv91jldjsQXbDcJ
kOhY6xiiEpTAJjwhckHDChkxuAA0lDhHsX5yVtiCFucIUSkOJsIL2MUQOD2ZOiRRbqG9v6sF7Acy
RSFipsfeLnzqPWQUnEYBJ1X0CNrBgNJ+JRONgsjWJA5YMngJV4MUM0kCCnQKAA3ApVgDw9OX/xxA
c9IUVJaDyP/rrCIVpfeOwluLC9XgCZl2PzBFGzmkYlfGBzAfIlrVgJr2oMts/EI/wDvwVyJj6keW
kW0ICFoMURAP36D7zY5IigY8DXQMjgh1dAQ8CeZqiRITMOtCJisRI8wq/jQlmg5uYkYyPjw6kA0K
2gb1ZioCBBc9DzhADfQliTiEDf/wEHwi2s4mSc6IED6B+Y2N/V8xcr7rAU6ApBIAXcy5UAfCFVRB
AP+YobXo035KqQ8FMVe7DiQ4MTJHDbt7lTg6dWEe8CPFZKZGD9wRQOyKnrlG0soBRnTST4mmc01Y
FsG5YV1CH8vCHwpCO9d86nUMAihCuvbXdR0L4zc+CnXxBQwqXWqj6AkIMA2u6wsaYmOuIAscBwY1
DRzRFlRWhUM0UA8j6sZOjQ
rhDTbSDQCOkjVj/YVquQ11hPNHBIvCigrrH6Qo1C08Bxc4PHUU/Kxt
fBI+H4ijFfGAIgAMgYEg20Y+DGLjBqzwdDJ7ECSEaSjQUREsBjFrGHMVRMSv6QiCRL9A6zNuqcZK
UrKKlCCpvtFb+foJdRNBBzl/EoPSjQSAJvy/l9REQtAeMH3pgDktdRlpHdnUo/pUWrR/toAGQXqb
SL286NQsclM5QlAWMF3cK
qC632z kW4VWG0NdMSf8s+aSQ4wQLhvqPQFmJ92KjQWT0BWOeUkHMQBc
gB8S5WCMQFOW9P0jclWHar/lYrKuB9iD++T8LYuCyFLnp9ZTUUBfxw8WkgEEMHX4w3lhzQJvgL54
WTvGWVqXPd1sqxPPSIzjZr8F63bfIE4xiLxofARXN9ts883ENHwHPSt+LysmeHm2kTxsWjwrwUWT
8I8xPrvVGm DNt4EOZDZUUzRurU5zB7+NNvoAkuc7RDExTDyyz5w91QAszSU0ILGR7lnhtQCGj6oi
CwYeW149NIxqi6pl4+PQ6w3WG5oNQslob5n75/h17AjsR1Ho3QZCEevuO8IBAIMHLEQRDwGP05uh
cpDPBRMrBn7RicgQZ35GAknedUXeoCoFaCwq3xEO2PxqmXwfd30Y2iRga9Y+iBM
OHvdZ4IzohK/8
qsaUOIdRQpEk/tOFh0/puOR2UIPYKiPfZ0PA3K6wKmioUqAtTJpjF1z/mDUkF9CCBumf1gGxgLMz
V9keB2NIyUph8PdBjNiHBxAQXtY4+LbIRN9XH9Em2J msFZJK/LPnI368SHqCABTcKNFkAXvscgHf
7OnS3FefOPC8Ao96fec+HIi+uVScW1DgdCtqGS1yBNkO3OGyuVSYqt6p+F39sVa47Qcg9LCdS0TD
HqMA7/R1GLpyAI7KyodVGxaAK0j/7zFe0l0nWw+U9hQDKiFwWw0MS1bsPUWQkwPpUdAM7OYC+Tzs
/Oz8BTRtHmpfu4RAV9XsXShMjNacOnsIc8nIk/DwdCTsDMT/JUvu7HREixuF23XHIdSOQwvfHbpK
g+jjQN2+qkJIdDgCLkjbBAWLdGb4af5yox/Qhw/T6yV+Y3NDGLLvXSbr12jsBtAm1oBF/ jWxCAB0
WI2nZMAAyDecL/feuXh8Dy93Yq+ApVA3Ti2juyRgj1kVXeIHno7nQDPXj2iRdGD3N+fxQYiMBfyd
QD33cxEANl98GCSuF1egHtWmjhmsqYltR4FZIKjElhMkDCAJAe8sM1hZkbt09oLbdkIhinn7Edhc
dBUEbPG9xS8YxoQFIlwFBU+zzwFDr1w4iwg byGCRKw0Af1AymMDNaauWwUhcv2uQVrniQeIrktmr
DjFWwpchGFbNgBubyA+GlQE7Y2PkJp8ZLDcCMcBAD4CPjl8RAA50mt4f4HeqRjFGZlhCYIdJqsEV
jhddqvM0V1WJ83XOEr7nUjaLNdZN1s2CTUbArVObs2UQpexpGtPxkQHr+HRaAsDCecKGvlNRHY34
ypJJmu7rKKFT+Ajk5WxYF6Fd1jldgssm Vc+aW NqEXSSUlWRnv5qF5irlMLsXBkORCLbNvajzq06o
V6oNmZAAAC869qVXmCN7QDicBS32OzNIRyEkNqcUPLM9zQ+oiCWpWSDHhnQgGA0wGCODEHmsJTEC
qA8gyCDAf ERwCMF1DxY 7dzb71yhj12N4WVf1NVA8wMOKTf0QK7ZqRA1DgAv6XlZb/KjALVEL17iC
gWItchAOFyJRoVXdZjonU2YWSg0DJWRMH8PwsqCTaOAnaiAnSNYFYwBdftyivwCw0l+Lz/fxuHMR
PQ0PSwAsuOBahHra/LecIzxZIQVzB2iA69xdE96sXDiuUHMLWIS7CzlodCw
lIBpnV/J5PHMmJCcy
NXCJkfwmJdwlaXDcADcbVHMGYDV79th1BGfeaGg7LAnQGZvMkR4u1zZ8UIH6wgp/UiYn45zwhH0p
DINBcioLMj7J2ZMechcSFAoPg6gaumYoP8ZH6UMcHkLe 3FmKAjho2Cs8chO33XZKc2VC0DDrQT8H
A3t4JTdIaJj39zYEOG
M7u2zrQVk/JZRY8lKc
wGyQMxgDNAQCdqncaEhHV0tQAyUiDDsDGJW7RcC+
JCVYETCkahnVBQP5/TArOCs4zSUcfYD8/gSozkRgeLlNDl+fVMIFsv8l+HslAEVhhgCyACeKIiwD
iBKmaZrmUACEgHx4dJqmaZpwbGhkYFxpmqZpWFRQTEid+5mmREAACBUHA/iapmmWFOzk3NTMaZqm
acS8tKykpmmappyUjIR8mqZpmnRsZFxUTGmapmlEODAoIKagYaYYAASaZXe6EBMIA/gT8OhpmqZp
4NzY0MimaZqmwLy4sKzYpmmapKCUjIQTXzRNZ7aXEwNsZFiapjvbUBOrQDs4MCh/kKZpIBgMDBvR
QUJBeXbZbQBFA76++UEAAUHy/+4qgQRPXvtPQfVIjGD5QA37////FSkoMmExMy4mMyAsYSIgLy8u
NWEjJGEzNC9hKAIFYP9/BQ4SYSwuJSRvTExLZUEA+yfk7REEEw1AQqFBTkBKQEbM696TZmFRMSYs
AzHdkG/2BRdD9zxF7GwW7MEzHgxRB/a37A0GAE9FQEEAm4
RPRRQRGXGoUcQj3WQjyqEncGGdXNlg
/
1snAXNI2WCT3DH8XyeiEUR28gD+/4+l4XUnYE1IQ
0gE7T90JpRCgmMC+rI0N7ciVmlnTL5e6/+7
/98ArTgzC4ADehM4quFOvgBGCuwfkCrZB8BB//3//4zH7wG4y6Noe9/++9 VKdlcSBiStT+sjqLH8
zBnn////Duw+7wvaYBqRk8pn2rKW51JJ8CujUI5mNWDl/////+pBeFzPqdQLrcyWB2tSrRJQQplE
iL1EqXm2yNO+I6L0/v//P0D3YW9X1C/bjEwPeZy gNA4hXbCaKiQzLyQt//+FANglLS22uv4+zmNk
MmNGZG95a+vu9jlvZCK0hlY3OG8tZjtV//v/fyIoNSRBOeUrlhf2 hqmaMWFlr49W/IDuTj20u/3/
/2uHxgZSB3HpQNQHvJnZwSjutgXK8Bod/5Yj/////x3I Y1DRKtIw2bzPAjjnYEn1CCNkX7cB8gGB
EBsfZ////8/rhveoHFFulxJVBUPAp+CZibqSpqeMoGCXRnb//1/+gsZMlLWsVbe+GwREqK LoueKu
vZhDxssNa8wD///D/3i7vsC3MMZjINx
OLE15pLwFq//l6I6fCiEK/5////q3Mf3+/4c/2mm7ZuCr
xHGulURcyUV4kZWYpI/8///Ymqe5PeNeJBfthQVjaLXWvmsC5mLVeOHS8////72CGBok041Nzjy1
rr6QHMXEDj/pLqGnbb9VAkD/////4uBQSQ/DPxK2dLN7/PqTlmvQkseqRk1QV0RIT1VFSv////9R
j3WcvlZHS05UQUBDQ kJFQ0BEUC/EmkRER0Y2bkAkNf////8fmre3oAgvNSw1BkMCLi9JIk8lvqz+
oBI1IAwUzC1lzf+//f/ArX1EdhIXFithGHKB9xmxzPz5vHtymrLqh8R0t////79IQEd2uD4aOXIP
wWRByocSaoYRzMV8eW6W/hG3/9b/ygQ9vjFFvlTFUUZ6gsgELU7P/4G5egb///+YG5q8vz2Uz MR5
eREp
01BjabrQbNlQbmU4/3/7/8vNRB22np6/wbgdNbpuNU6HxURjHcndRHhGmv////8/OjbKfGFo
KyQrOUK+lsK
BQiMlRiGs8j7KDCVO7okQDP////8pGVBgE4wv+5jMfEw1woVZY7eo+/6bK0MSK0Ip
/4FaXRL/t/+5vuz6nP64KU6Oyj w9yBwl/0FLqlD/3+D/HDGupD66P2XKFKUxwqM+zM1MebrL1VTg
////sba3N7pxUL4EMUMleEQ9ncxhEhARI3oq9x66////39spGFkSURdQnplCIDZZPudOwY9hRJZc
oMgeRSh5////b/iBUy0n8TYpdDcMR77ynlrE
qXjszAT5SVmFVVbp/7f4rVytKx0XW2VJPk68Jima
jbBpFyO//f9/ew1E1U7crezgWjoBrVE9q
AcYEvJC7UHsVUn/////5T 1WSz
5En+flPxCcQS 16YJif
9odKMTdEykenLYIaatlf+P//UbhlWk7NlhX3fJhxXdZCPC1e5cyXtqJNerf/////7uW4GOKdTPgd
6dVB18p0eZOxw7CXa3miEccueSCUTXvQ////PFErUBh0gy/KvAQ
VhgRRBcJ
GEZgrQMEsjOz///+/
TUxbfcAnkQElmD/yeiHEgTVUK769FSWMJT0sGSlMv8H//5fZLR6ivoS/HxrChDWIgqrMqkvKrcKt
bf//W/sGrTdoB4/RWXVR09ZaviBxSpF6ksgUuQz+/5f+hkAWyr6uh6hzgalQcRZNFkkUGMIMtb7C
JI7f4DfNCva9+n6sxQQORWHO/2 /8/8y9JUnKRYB6A001DXKTqD9QyjS5eEXXNUQD/////5c/qi8O
PbJCdGC1xJM9TFZqxKyCvjWwRXo1kEU3YARa/////9eLGEwx0mwKP0lNTkcSl//4F/ErGEN6Rj3Y
R3+5LvW2/f///4E9VywmjrnIRdgCwrpRLO UcGvQqrdG1QZOofpmOPP+//S8zEMLBQk7Mwk/pZgD2
nCy6PCrKBnsMD33fWPj/iSt6OekRcnJu1tCBDBgBzEK2ilX/////N3gW1V9NeHE/UVEurC6aw
XZN
qLZwepc8RlfPfdkC8vT//7/wsz7tPIafPc++R9sy9pY8RXcycrcYKhRpWyv/3/7/Sf9UV113t5Wy
ArXMVXEtIVZcPE7KUMKARcgVxP+t//+ZfKyrczR+
LUCVWlJMGEgrJ29ZqN9JyXYCXej////Ch0Z6
sj1n4Gz59TGauWCFbYKwLif3OFN8GBj4Bf5fD7HEfg
O0ZRLKHEkX9cpxF63P3/j/F0WMvjJNSVNZ
yrnKxL49qudfOnbKD//////LBbhFYjLASloa0exARTLgQKiT7Lqcd073W2yGScX7RP////8JR00n
L97qNX1IxPOpnX8h7+KTnYUD
YU7DzreCHiZWEf////8mUssYI
IyqPNgqnjkgGxh4V8m9PxWq7Eeg
vj4YCMqLg
P////+gQsx9UXp/PFLKP0UBjrFfPyB4eEnIPcSdeacOD4Nyxv////95nTJ0vUagr/J+
S0c975iqURJGQ4OqUp5ZxR5JRKtqFzf+/6XhHcS3KhKqnjVkZ0ahygegLJmzdf9G//8eCXkXLU8p
H9ZfdXEjP2Gpu3ZynHJLYtH/C///UE30miwTzfjGAU1HNEWVmRnsLKjKiTBAVC//////NPfsXJ7Z
cTVPA0vCuwKrXx9GqEmuXoEBqrn/dRbHSAL+xv9LjTFOaklYrkvRUx+g67zIPLEpS9K//TeFNK3W
3Ufy7H5WF08Er8PZDLS/wf/SUfVg8yxOvcTV4sp7Yi34MkD//7cLzhZG5bi4TZmaPVlPyghPmEXC
3bw5XP////9OqlNuMnxS/7
8xbGEpJVDGvSyzWFjFGr2NjTS9HIOnD/8v9f8zUFJQd7iR8ciCamMq
2R8e+/CUw8ezSHnwv8D/2TUJ/5V0BDIxtjCJfZEWFzz5zK3///+/hN5rVcB5Lj9a
mUp6z2YrJX62
sAUeMkvkSqzgcdWd9P///whDRaKC9+jKGmMlZWcUSj1lp7Hwn
3GZz0sp2Xv//8u/QWG+dp6+9s5G
cq zWwoq+eGkYP356nD1hOv//hf8N+oW67LH/DZn/Unn/9oEvnfTWLNgsuBs9Vf9L/P9wYL51sTcg
umDkNEPKn0uXPYASXO2ANzL/v8H/BBjlZ5kWia+M3JFOtLF6tMKpQhApXXnAeKn0/7/go/ds/Z38
6cK/AXpHST9C////l013+ZzjxWW+BULCuOFPSy3+nVURPBEferE/L/8b/P+xkiVeP3b6P2QYS9Jd
VOpWrrs+CjxABwS/0f//eq89mg
LtRimFSGwcn50eX8N8tzBQgZVA/4X//018fg2Gzj5RKdEeQKJ9
L70p2sScIatur8J4/9b//201S9vNXZPuRyuvGEmNRU2J
SUB0Rb0m0afW+v//W7c/YLpUEHM+21G9
weVEvC8HX9tsBAF57d/4t66XlnDRgEwpbsmTwi83VyLO//8v9M4pU103SfRJcWO62MXscfdpVFHA
g7FjU/////9cLPcTFwTelRdzhKnZKMKQAUAYr2Z8+xyBvxWeEocEhf////9CHG/WioQuhyeGNYk2
iCCKpDP4VosziiSNHYwM
jyyWbf/////WKI4ikZBukzJ2iu8o25 KVlJdm lhaZHPKdd5gvXpslmsAL
//+dDpyMM5o0ap9engICoTSgSRyWNd3//79epWqkfqcXTqaq++8qqVaobqsGqn6tXppErP///wsl
E66xL8kcsPe12yySdLRvt7Y337m42ef3Kv/SX+i7Uro1ygWWe79tegSB/kdPEb9L////
rm5LXESQ
WcE5woMATzJYVUA0bqcsRDqIBRHb/7/BT 2Pt2OyANOaBWUFJSTGiioHgJySFuv/2tCkB56mPloYT
JCYoNAoybrf//+0zgbAHL5JKs7I3kSgiJAwm2+cRMy5tvaH/v/3/Nnc3frwyOw34DKnGwIixTwls
gW0hVxuRxqlVEv//f+td5Ih+pnEZgWwstLw0SAEfwIVggiJG9r9uMf////+6K58cnQDIR44BHqo7
mAHNoOJ4VgPIAFGBhjeGPFZoRf5G//9MX0pNDcpcRQtevN7CJ0lBT/mhXjm6hv+/8bcqMZLKbO2q
WTdV2gwrDkopu1o8Y3f/En/jHqGq9mor8k
OjB3SUfZf0WoUW2/8G/xFJcu2PNP4 pcCJcMT4E6Yis
7ADMW/z/9m5NjhHid11TQ w73vhQUyC9ZyOVh/3+JhWAMw/InniuwP1kzXPn+8qi3If/////s41rM
Bk4mWXq9R49cOkkzS5UGyEoGd/rxmvc/yCBdJP//L/1Rcq0GFElJDPZhFF1 lXYZNEYJxrdDsoGRR
5/3////lPkgWm4HE8bGqxC4UL5mXmBn6aTRW5YPhVsHD25t/gf8vS1G2RhrKunUCJT6QnxERhlML
Akn/hQv9EWyt8y7B1EU0OBRtfK09oHFGvND//0QSKVFYv9zsYJxeef3R33Hz9GX7QPEtfYMLi0uA
FVS7W4MHiP///ws2EsuZy7o9sLf+AILKu8qQgKFRJ0iAqEPgwtv////ghE3/suseGoAc5PSdvhil
wj9NQTSzhgdNA5SaEl/6/1PsdyGnI
VOCCj5Cb3usjoISCzgUKvT/qw8xhPe8XNEGergkZ/8X+lv4
H45JQgeC7NEVYDc6McjiNET/////lXkHSWKL1JupaokKgu5r7vZTBvPIH/QOqnj+5gaHTrf//
///
eo4/RwqegKJCEpqR2Sq+A47IF0U188qKAXQBMqCB9Bjf2ur/gybkiSqVhCxQYT88ygzAWvsV////
/3pKATV6gz0I2R HROYm+H+j5U5w22hFVGIR6yoa2kYdy//83+Ob/7LV4xzxnU3ZRZj3K
Xix54nBH
KH2AJvxbfK
sqDE8Xi0fvUhhG8tgXFP///y+UBrZ6FudzRgkWCHqANVBy4vQsSkqLAoM2eC28if+/
8RcfK4MfRczz6uq+Tx4LYQqsCQbH/3+rf7rh+pFDeb+5+Gbq1/zHKlA7OXU7EDmh////rWkQ9VVG
GAu1CKzrLbE0YLipwKTnol6IHAf//79VXDVDtpQE9bj2LMjI3ob+DXQ0kMJnQePfaKMrpFkiHLTV
QKpHkIr/v/1/Nl0MNK8Ralxwtwo9rYRXtpNwh4FFCDS1O5r/L9Dir1ute2kczC9FX4RhqPQLQvpv
///Neg26mK81HHq831kjkmgfScf6Olk0rjd Wf6MStwsf+u+EbCBZrXy+F/q3+moZLO7Qnx5 ZXQ6h
9H5/RQ//////NJptO8NpEkrDhUeaEngo ovMhegFyTSq5NANGIHox5jT/xv//33hfX6zDV6wQFujZ
SjyZ5ffbudpNZ4vl9Jv//7/0nJXbyg1UyA2gz4tlDuWZvV72O/fQmbklWYL+/6X/m189kWdcnfAe
kNgWiNDnJ2UiZZ2/mF4IX9Tg/98FkTUMFs69Q73qd3KIHsi9Zvrf4C+uyeB2G3Vf+SvMoQB
/ZRqS
L////xcEPaaPXtSdUSFzc51JArGXegJ
KZFXmwjxEGD7b/0L/RqzztQvyxcMpeE0SWh
HJP5Z20M3/
////LoUjxUZwLYCnQxfAww58zP1H/lcfpEJjLCTKkjJsFDG/xY3+0aGaeDQIIDVJKm24HsNZ/6DU
29sdt72JP09E0lP12xv9/9+mt0JbWEmDHao/4poUoxWR3B WJFUdC/3/rbMgBF6zbikl6Tltili/M
n0GJ//Tf6v/y0CE93ikmIQlDCDZNPw0h5AKC////dy5xegxRninK8aH/ZwZJ+lQ9qWBNXRncQtMU
9Rz/xv9b0sDoYfuOOYiIcvc1R0IXwUEmrWvp/xf+OLq+HDttVEjTXV0YORcXJx5VHcMaed/6/39D
uRYHeoefHzlqgtdFP0QztTUF/D5+DJb/L/T/ZEgX3BfdlRL2lK7q6 lHcPL03W1RUGRdG/////5M2
VHDN1uEN76rqEiYYMf0jzLZViABFF3f8NUgREG5V1f8b/ERZbINZp6nbMbAlJ80mhdEW4Tco8L+/
7dG8/FHNF+mDxq3LQL/w///FnZ8RiwCphMlAM6tEMlp5KYYvS0ZaaovJFP+3///iFEtZDsyPIq9x
hxOBWNBlH7wEzTFN5gsnLa6IX+D//59XUg40i09CqSTdOwfwGCmUzBEUY0rx9P4v9P9BE+z0Y035
hDjyq3bbcoF5QjVgAcF9Qr/9/7dDuFdCgssJvjHo3jvtTfdGh4ohQKPoV1/ g2/8cTanQCxITIvcU
jkTivWE4rIC9rt/oL/SAVT8LWbkK9L5Tw3tEqX2vL/X/
W/9zPUu+nP56o4BxqlvLX1tSwf+/1P+g
6R63mNhaiFo2S7 a+uGFYAEKLdclPB8n//7/EoWIdhU6+u000+L0X0NmxLSUZgvIRwv4F//8v9ZpV
QUJ6QGIEJoYBUs0ePzrqjK5HSb+d+/X/C//ZTTcVc1HJLE yqKfwW6uRBS01gn3tL////L7fZqhKy
5OPXD6waxE0E2FMYPA
Wp
jPzFuE
/ZpEf/Ut/6RDk2U5r59K1liEG10kLkTmDV1v+t/ndtsInZOUPA
VKpP0cqlqG+hTvf+Cxf4mUvLPfHUJr5nTUzJzD66t/3//6VSQzVoCjVWQ0q2l0rMcrZCh6ppZLk+
Kv8v9EuInnKfqlxDtpJinryD+o+8Yr/C///bSp5KVk6f9GK2Sp/PnvkQyyrXzNmvQ
nz//63/gJwv
/rEYagxpK0WSr8pJkqFFrUKcwej6gX+D//9KsfNCJ8NzH0DjbcTobkx6e2LA1xkBYrX9////T0dk
nyPoSVmZCsqXGhmig5pXvHnGCzS3H4iDOzSZ////L3R2AVF5LWxu8O8W+1HKgEJtmOQ
swG5DfoCj
Qq3j////yFMyDp6ZowOhKw
EGHvpcQA9V+xGh5GronjM
Mkv//36pTVWRXEHGztMtVUMlVSQA8yQcu
0zOz/41 +68wIvIJrhLdaF0OCMmHHSSIDWv7 /X+qtp+hAgFvCUrnh8ZDE+ngcMKLenjee1/ y/1A2e
D2q/VQvMNRBClstF3JH4v8UbnUvJRY6KM7RGHJ4JgHWX////30FOUfgDnsRs9
/d5J0fO615R/DBq
ptu9GPr5UvnB/7/U//yMkS4JM0IrORjVEDQC8ZdGzrkRSlJuIHzr//8ZY8FqFc5VR8j1AS9TzSoW
VAcaEpV6RKP61v9v8VwAEuivRElGdrSi+DagdIbiVhv/b5Qrp+BBXCiBvMG2Fr8CuUT+L/3/gt9n
TifgQ1qAwcSPzYk+1rkY2aFygIIdf//2/60ywKDE7DTeq8C4REtXJERXuSw8Ten/////A1ZGv+hR
ZELOn59Hsb58RVHtNREHOhk0PYIQF
//hIxf/jd
76tzRKSxgZ6x2znu1bEQn2HZ573+IX+EQjGapO
Cl8Qvnlm6ZG2mVo3+lv/gUIfGPkJ7kpPtXzH0St9m8Yu+v///5KWzEBcUVARbkURdbbPryxZkh9
F
TsTj6mpxGroP/xf+Nzl6YFPOrMY8Ud+kVxFtVzQ4ylEWwfS3+O3WHGvDdBEETtFYniEkJ9+n/1/i
bywnYadLNhkZG8Bb4u0RWkBZ/
YftW/z//1CJFExlnzjxXFQ3chb5K2nLPCgavxuDX/gFFvqNeYlb
emNDK6kbgAan////l1VhaF+QKYzlULQZe5CDDv8j1FFiH6sbxEkykP1f+v+WQJCrjSwy9RFgqwS9
drqunK
9O/o5hRVD/rf5LZXBqgOR9BifAUZ7s4jc9pQnY+/9f+GoHzMMG8jH6 nrP7RxIJa31HRQGe
QorJPo3+/38svElziCe2mJoL9RorbLSTgxwDTt50/1/g/0g7gKr/149HXITVbCo19w3WeoVhyrL8
Jf/////b2OXpl5B3iTlRkqlKt5qwnO7M1FflcVxjTxSpS8rcQf//wv9sYFzrkU1u8QQGDl2p/08B
JzS64wqrM7FULf9fWOiztwTq/Rg1dszMBNTC94rqRKZ/ib/198giCcZFmxOm/zEQQYCrKQw5////
/zSo0SdroZ1K6ySmse5NYdV+bw5drPe01KS6UWEQHcuU//9v/7haCjfADqc0EwW
oRXFW1O6astEN
rjyxc7Y8ra3E/1/ihofC4RrgUJq8t8dI+qAGBGhG///fugWtnqip+fTwJh5IQ619cKp8kbcn56yt
ql/i/6UxsUJzDim4X6ruONnNj
TUdai5SX+D/NzxzgaTJBKXDMf/VWjqcv8v/v8D/UD1 sl52XWU0h
nEdeq1ft+CBEGWFJHKWh////WC9ueapnPDEYYzSk7hU3WOBUMC
mNQUFrYS//v9R/SL/ap2nNUUCl
ICUHKC0kWEG/HxIkNf///0ZGLigu8rft/E4WMyhGWwIzZEoupB73AGZ/qb/UBhW4KgIuNEwtz5y3
gPczVwTw//8vViQsMRFoKUwJ8H6aL3AxB3ckSNIv9S/tLiJjv6efmt9JJDIyVWCXuP3/MiQJIC8l
Dn/6hD5FJC8iIP4uvwmA/1ZArSU0LTkPICyW/7/AfyUlM4KPQ6cEiQDqLZcnnBUpRyU9oz/W////
G4i/LLIxOA0uXQ0oIzMgMzhzxG6cIdgAuCBOLvT//zMSSS9MwfYmEw4jKzBVBDnDkV+8BSTrS/wF
Gi55KFcL2FwCFyA txN/g/39KhvckbQBODjFbCiQ4T+aYHa5Odec1+Ld/iVFJsTYyMTMxJ7o9bYrz
dLFP/+5339BRUnXzC3hFVkhAgwlTTEMySbe/SP8Z9dI
4OC4NQEMiT7PlGGVDUf8v/QbHQSeAj4/N
WkVyRhl2Grc RTXul/v// aVF GEc9kWkdCLW4YVmHtV0El/V/xTkodvHCr/8U5BCdj0b83IK pFYnoh
byX9/y8tAyD2pSpNCgFXgUHBILpFzXFCj8yJA3lGFGG+Iahj/7dtEW3MBYG+ vhbCjL6qUdEAy3vj
/41HMkYGQ Jo0Rspfwq+9TzOs+UEr3Q7YEVCBDDKuKg6lLsEHMqVwiHMzTOEd2Le6ST3CjjU1yIQv
iMJC9oQMNGEAHEwL/Ld/woBDwLxBspXCkED MVW7CvPlOSvFG7stDA5Sktqgii/7S/w30Q8KDRchG
woZFwgg2sECOqA2X2LrvFh/Itvg1qcspbc1ANsHCb/W2wX5AVspGyx5FVKk2+P2/DoFRx4Vou
cGq
qUCxO0TIaZi33xrl/0wjSIE1BMonzMV133aFcRjrshEfSb7XJQvUy///1k5JHZ3IuDhGTvZGBhEG
+BYJs+8UKTfbvzM3RshCwoJFqpkQLSCoAkQF5qr5vgC5kFujAxMlMdghaYakNec911xgm/DFMVf9
ix+DDDZIm6kHt0mq9CMAdUEKBBMPnI9R/xf2BQ0NQQAFFwARCANBFBK5yQdrGgoWEnMeMW2D1WpN
7k4ADQZcry1o8IcigaxgLLbVD0goEAxB52q1tsACzr87DahK+C8wKC81JwDzFEVYRUSBgMAajRYI
COQBADAKACRRBb9pJiCoHAFGaW5kQ0QBoPJsb3NlG0TM3hXUU2l6ZRfvf/tMTBFBDk1hcFZpZXdP
Zg9ub2FvDlVubRAuA3JzIm53wy9LRW52EG9udquKjl1WImFiGDmIu B1EDHZl2u6RipgOfVRpbUYq
4qy1VxoLUUOi27r3sQt7cF5nLUzDbl8gfkxpYnJOeUEh9kxQtFBjKEvGRDm2/WJhbEFsBmNYTGG3
PexU0ypNdQN4KBubtVtsF3JjD36wdBAH++daVh1GQ29wecVEZdqHN2sGgxclSGHnCyDdwp1FU2PZ
djv5bGVuVN9wUC9oDWELCsNXK1hEHbO3RUTxb8qRtlDEyXB5TZFsW3ZngiJNE0V4aUJB8WLdaHFk
H/G9WcAm/y+ZjfeGDbsF ZXChNkI34sLDsDNuWpxlSXsRcaLL+xdsIPxechhUb 5MVhpmiuEypDrwl
exNiEQ0IY2tDhW9PRHIB42RlQ2in3F1EbDRNb0J5dCISFC
cinJ65r7UtCmOYNipSoLK9J+FUR1Bv
aSgZSHvBZu1wRiZcvRMZhEOYMOg6bkVMuKwwaQlpnBakIiYEOk0YM9c4Q3UYfRk6JDlhb2ulRGUs
lYQgxZVotcce45vAZxtLZXkMT3Dr3KNrMQtFag6AV
lu9ABp2dWUPi8zcpYQRKXVtMAxPs80mtz9k
wvhtoKJhbodzZTCKNxdrjHIQ9gdpc2S99lwJehnyzhAUoniuW1AIIjk3oSszKmEqIQJKD2azVM0g
AaFVXA8WsN9OQnVmZkEPC0xvd/YZtiN3dklylCN3CoWbcVr0zAxNgsIAqG1Ztk3Xt9hiQP8EAhML
ZVmWZT QXEhADq2VZlg8JFHM5v/+EvDxQRUwBA+AADwELA Qeue9JsE3IqgD
IEEAOCbGexkDULAjME
mVvSzQcM0B40e
9kb2BAHBgDAeQhAgFtkeAIYBUa4wnYrZHgBHi4v2JOgmKRw kOs2f7uwBCMgC2Au
ZGF0YZgj7kK6wfsiJ3ZAvc1gG4Uu5QkAw8AGfL8pezQnQBuwew2UAABKQTwJAAAA/wAAAAAAYL4A
kFAAjb4AgP// V4PN/+sQkJCQkJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsR
wAHbc+91
CYseg+78Ed tz5DHJg+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu
/BHbEcl1IEE
B23UHix6D7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+K
AkKIB0dJdffpY////5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uQEBAACK
B0cs6DwBd/eAPwF1
8osHil8E
Z sHoCMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AMAAAIsHCcB0RYtfBI2EMBTlAAAB81CD
xwj/lozlAACVigdHCMB03In5eQcPtwdHUEe5V0jyrlX/lpDlAAAJwHQHiQODwwTr2P+WlOUAAGHp
I0T//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAMAAAAgAACADgAAAJAAAIAA
AAAAAAAAAAAAAAAAAAIAAQAAAEAAAIACAAAAaAAAgAAAAAAAAAAAAAAAAAAAAQAJBAAAWAAAANjw
AADoAgAAAAAAAAAAAAA
AAAAAA AAAAAAAAAAAAAEACQQAAIAAAADE 8wAAKAEAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAQAAANAAAICoAACAAAAAAAAAAAAAAAAAAAABAAkEAADAAAAA8PQAACIAAAAAAAAA
AAAAAAEAMADgwAAAKAAAACAAAABAAAAAAQAEAAAAAACAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AIAAAIAAAACAgACAAAAAgACAAICA AADAwMAAgICAAAAA/wAA/wAAAP//AP8AAAD/AP8A//8AAP//
/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAIiIiIiIiIiIiIiIiIiAAACP///////////// ///gAAAh///////////////9
4AA
AI9//////////////3+AAACP9/////////////f/gAAAj/9///////////9//4AAAI//9///////
///3//+AAACP//9/////////f///gAAAj///9///////9////4AAAI///3d3d3d3d3d///+AAACP
//d/f39/f39/d///gAAAj/939/f39/f39/d//4AAAI/3f39/f39/f39/d/+AAACHd/f39/f39/f3
9/d3gAAAj39/f39/f39/f39/f4AAAI////////////////8AAAAI///////////////wAAAAAI//
////////////AAAAAAAI////////////8AA AAAAAAI// /////////wAAAAAAAAAI//////////AA
AAAAAAAAAI////////8AAAAAAAAAAAAI///////wAAAAAAAAAAAAAI//////AAAAAAAAAAAAAAAI
iIiI iAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AP///////////////8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAAD
wAAAA8AAAAPAAAADwAAAA8AAAAPAAAAH4AAAD/AAAB/4AAA//AAAf/4AAP//AAH//4AD///AB///
4A//////////////////yMMAACgAAAAQAAAAIAAAAAEABAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA/wD/
AP//
AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI///////wAAiP/////4AACPj////48A
AI/4///4/wAAj4+IiI+PAACI9/f39/gAAI9/f39/fwAACPf39/fwAAAAj39/fwAAAAAI9/fwAAAA
AACIiIAAAAAAAAAAAAAAAAAAAAAAAAD//wAA//8AAMABAADAAQAAwAEAAMABAADAAQAAwAEAAMAB
AADAAQAA4AMAAPAHAAD4DwAA/B8AAP//AAD//w AA8MQAAAAAAQACACAgEAABAAQA6AIAAAEAEBAQ
AAEABAAoAQAAAgAAAAAAAAAAAAAAAAAAALz1AACM9QAAAAAAAAAAAAAAAAAA
yfUAAJz1AAAAAAAA
AAAAAAAAAADW9QAA pPUAAAAAAAAAAAAAAAAAAOH1AACs9QAAAAAAAAAAAAAAAAAA7PUAALT1AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAPb1AAAE9gAAFPYAAAAAAAAi9gAAAAAAADD2AAAAAAAAOPYAAAAA
AAA5AACAAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkzMi5kbGwATVNWQ1JULmRsbABVU0VSMzIuZ Gxs
AFdTMl8zMi5kbGwAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MAAEV4aXRQcm9jZXNzAAAA
UmVnQ2xvc2VLZXkAAABtZ W1zZXQAAH
dzcHJpbnRmQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AA
AAAAAAAAAAAAAAAAAAAAAAAAAADCY6nt/TRWED2IbKc99+1NwiZZCz3rZMc9/FjqPTY046NXmPMj
1xhzI6hnD
Vao
Zw9WqGcFnABmIJwAZm9TIHHU1XHt3zq362rr0RaLOrtDQD o5UY3o7FasOutTHDqq
xzWTO2HRfJRdpq2b/OR89Nx4Y0SDK62bms+je9qIfHgMs2pQ1QSaJMT0mmkm6YU5oNqFfiRNn6s6
koW4P5 2a0zbGiUXSF7JxD3tmqCL8eX/zKXk6Maq1FqZet+UpvmatOIl+tvw/v7VHg7/ud0VFgiKm
QB
YHSY7C6DMoty75QBYHnNJqouo9gmMn7MpZRyIlRbAiW0vy7/cZxyLZggU
iUlHt8a5dXdsqRvnX
tXlcXtjPgB5oUz7PDqZTHjS7xwGXvVJkY3+PWsOED4uBYOqLCgIViwoSWMr/Pn6Lh0HSi6aGSQd0
PRI8QOPC90db5CEV3wg6QNn5PEDgOujC4Go51MZuHO9ThuzkZHIn241sfHhOsSG7PBfzhidF86nm
aCfbjZohkpv5zn9p/NHmigHOSFBeztekXs5IVyUfRP340ai6IYl51lK32S3 NZrcj/ma0KOK32S 1w
Zjq4MLJNCPVmVyfTFCm1cCqJTvz7EE+pLx1oDvuNjAdwBjqUK35LDPuzG79j6oFfjCy Tm4xOvsiT
0UqKXL0agIyDT0WMrDTczY3BsZufRop0dw2V4rbpiWukv/Zr/P8Ga6y9JqCrmzV02XRQf20hWYqC
3DWQBErjQ/a6aUHN2he+IwEfEa ja7Z
CF4lvJpZj4ZCBuqTmceh8mI0fz9vICAPcFY28mQ6Kc8pFF
MyI30jHSWbF/zf1c5RyXKWvSDiZHzQsMLc10UODSBDjYdOhNrZuvmA9P3JNnSki24Zuvm3GE0b/o
k8RkfC+kQg+LCOXHtagel3syzf
gwDCfCezuT56BnN9FkxNoP9K9JZ+3D2modgOGo1vcEgdNjIT0C
b+F41vcHNdNjIRTTYyH261xPztX8tFgbIffSGx8djwSaWUYEGL1ZzUcOvRtHEGgjtteOHoK/rsz1
zWbTjyTlzPVFhcxQ7Q
fTjSxz04c+6ZOLUnl8ZgkafOKfmqDt9YSov4xIfOI/8q0r9i5j/
L5T2CXY
7zfttQQ3Yg77Nx75reaFI343WyscKBwsWeMR BWDVI1vmOo9jajrFbSklTCvxJRiQn+k0nRc6xW1B
64OgdiAR6a TQzWx50NiL3M
/LsInP18RRz/fDXs94lPgfRhcshAIwMLqiy2u/Nu0paz6eUbtVz6N0
OsTKd5YPMWvEJVaNxHK1Yl+MD2JITJliA4pds2SJ12ICZEW28 K/ztGsVa+5LVececXzbyCq3B
dV/
i4kBjVubHnFweAEvriIeN
dpBsnEa8nNzwChCBcnFjNHhpIzR4XhCFZcPXb6sV4zR4YblQ7wr2+NH
UAqYlpred2KpJEFnByRBZvPb40cKFScx0BrZdhz1E9vB9R4s/fUxt0vvpEm/9R9jjyUqt93qrd7N
TYza/aLPVJ+9vyBycywhkHLbJWSixGS5a+04N3LbJQrBDZI5/lptxD79HGTBRFeJPjZhHMHvBTo+
+5CWPkYe5lBLAQIUAAoAAAAAAJS5GjWMY9fcoHAAAKBwAAB4AAAAAAAAAAAAIAAAAAAAAAB0ZXh0
LmRvYyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC5z
Y3JQSwUGAAAAAAEAAQCmAAAANnEAA AAAUEsBAhQACgAAAAAAlLkaNWQF+9fycQAA8nEAAAgAAAAA
AAAAAAAgAAAAAAAAAHRleHQuemlwUEsFBgAAAAABAAEANgAAABhyAAAAAA==
------=_NextPart_000_0014_BF6E321B.F0BD5ADD--
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7PNAaiK010935; Fri, 25 Aug 2006 16:10:36 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7PNAaAL010934; Fri, 25 Aug 2006 16:10:36 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from e2.ny.us.ibm.com (e2.ny.us.ibm.com [32.97.182.142]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7PNAY6F010920 for <ietf-pkix@imc.org>; Fri, 25 Aug 2006 16:10:35 -0700 (MST) (envelope-from tgindin@us.ibm.com)
Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by e2.ny.us.ibm.com (8.13.8/8.12.11) with ESMTP id k7PNASL6026981 for <ietf-pkix@imc.org>; Fri, 25 Aug 2006 19:10:28 -0400
Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by d01relay02.pok.ibm.com (8.13.6/8.13.6/NCO v8.1.1) with ESMTP id k7PNASeu227930 for <ietf-pkix@imc.org>; Fri, 25 Aug 2006 19:10:28 -0400
Received: from d01av02.pok.ibm.com (loopback [127.0.0.1]) by d01av02.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id k7PNAS61026710 for <ietf-pkix@imc.org>; Fri, 25 Aug 2006 19:10:28 -0400
Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.56.228.115]) by d01av02.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id k7PNARa3026704; Fri, 25 Aug 2006 19:10:27 -0400
In-Reply-To: <44EE17F4.5060403@nist.gov>
To: "David A. Cooper" <david.cooper@nist.gov>
Cc: pkix <ietf-pkix@imc.org>
MIME-Version: 1.0
Subject: Re: Confusion about encoding of attributes that use the DirectoryString type
X-Mailer: Lotus Notes Release 7.0 HF144 February 01, 2006
From: Tom Gindin <tgindin@us.ibm.com>
Message-ID: <OFF3FE4A24.663EA901-ON852571D5.007EDC40-852571D5.007F433B@us.ibm.com>
Date: Fri, 25 Aug 2006 19:10:25 -0400
X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 7.0.1FP1 HF1|June 27, 2006) at 08/25/2006 19:10:26, Serialize complete at 08/25/2006 19:10:26
Content-Type: text/plain; charset="US-ASCII"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
David:
Does it make sense to point out that the DirectoryString rules
apply to all CHOICES containing both TeletexString and BMPString as types?
Both Teletex and BMP appear inside CHOICES which don't contain the other
one, but they only appear together in DirectoryString's AFAIK.
Tom Gindin
"David A. Cooper" <david.cooper@nist.gov>
Sent by: owner-ietf-pkix@mail.imc.org
08/24/2006 05:19 PM
To: pkix <ietf-pkix@imc.org>
cc:
Subject: Confusion about encoding of attributes that use
the DirectoryString type
All,
It has come to the 3280bis design team's attention that there has been
considerable confusing with respect the the rules in RFC 3280 (and
3280bis) about the choice of string type to use when encoding attributes
of type DirectoryString. The source of the confusion is the syntax used
in Appendix A of RFC 3280 (and 3280bis) to describe attributes that use
the DirectoryString encoding. For example, the common name attribute
appears in Appendix A as:
-- Naming attributes of type X520CommonName
id-at-commonName AttributeType ::= { id-at 3 }
X520CommonName ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-common-name)),
printableString PrintableString (SIZE (1..ub-common-name)),
universalString UniversalString (SIZE (1..ub-common-name)),
utf8String UTF8String (SIZE (1..ub-common-name)),
bmpString BMPString (SIZE (1..ub-common-name)) }
The editors of RFC 3280 (and RFC 2459) chose to use this syntax so that
the size constraints could be included in the ASN.1 without the need to
use a parameterized type definition. The X.520 definition of
DirectoryString includes a parameter that can be used to specify the
maximum allowable string length and the definition of each attribute
instantiates that parameter with the maximum allowable string length for
that attribute. Since not all ASN.1 compilers can process parameterized
type definitions, the PKIX profile uses the syntax show above, which has
the same encoding and semantics as the syntax used in X.520 but is
easier for ASN.1 compilers to process.
The problem with the syntax used in Appendix A of RFC 3280 is that the
word "DirectoryString" does not appear. So, many people were unaware
that attributes such as common name used the DirectoryString type and so
did not know that the rules in section 4.1.2.4 for the encoding of
attributes that used the DirectoryString type applied to these attributes.
The 3280bis design team has discussed this issue and agrees that the
ASN.1 in Appendix A should not be changed since using the syntax from
X.520 would result in incompatibility with some ASN.1 compilers.
Instead, the design team recommends adding comments into the ASN.1
module prior to the definition of each attribute that uses the
DirectoryString type that clarifies that the attribute uses the
DirectoryString type. A new paragraph can also be added to Appendix B
(ASN.1 Notes) explaining the situation.
Below is a portion of Appendix A with additional comments added for the
attributes types shown as well as the new paragraph proposed for Appendix
B.
-- Naming attributes of type X520name
id-at-name AttributeType ::= { id-at 41 }
id-at-surname AttributeType ::= { id-at 4 }
id-at-givenName AttributeType ::= { id-at 42 }
id-at-initials AttributeType ::= { id-at 43 }
id-at-generationQualifier AttributeType ::= { id-at 44 }
-- Naming attributes of type X520Name:
-- X520name ::= DirectoryString (SIZE (1..ub-name))
--
-- Expanded to avoid parameterized type:
X520name ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-name)),
printableString PrintableString (SIZE (1..ub-name)),
universalString UniversalString (SIZE (1..ub-name)),
utf8String UTF8String (SIZE (1..ub-name)),
bmpString BMPString (SIZE (1..ub-name)) }
-- Naming attributes of type X520CommonName
id-at-commonName AttributeType ::= { id-at 3 }
-- Naming attributes of type X520CommonName:
-- X520CommonName :== DirectoryName (SIZE (1..ub-common-name))
--
-- Expanded to avoid parameterized type:
X520CommonName ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-common-name)),
printableString PrintableString (SIZE (1..ub-common-name)),
universalString UniversalString (SIZE (1..ub-common-name)),
utf8String UTF8String (SIZE (1..ub-common-name)),
bmpString BMPString (SIZE (1..ub-common-name)) }
The following paragraph is proposed for inclusion in Appendix B:
For many of the attribute types defined in [X.520], the
AttributeValue uses
the DirectoryString type. Of the attributes specified in Appendix
A, the name,
surname, givenName, initials, generationQualifier, commonName,
localityName,
stateOrProvinceName, organizationName, organizationalUnitName,
title, and
pseudonym attributes all use the DirectoryString type. X.520 uses
a parameterized
type definition [X.683] of DirectoryString to specify the syntax
for each of these
attributes. The parameter is used to indicate the maximum string
length allowed for
the attribute. In Appendix A, in order to avoid the use of
parameterized type
definitions, the DirectoryString type written in its expanded form
for the definition
of each of these attribute types. So, the ASN.1 in Appendix A
describes the syntax
for each of these attributes as being a CHOICE of TeletexString,
PrintableString,
UniversalString, UTF8String, and BMPString, with the appropriate
constraints on
the string length applied to each of types in the CHOICE, rather
than using the
ASN.1 type DirectoryString to describe the syntax.
Received: from easilink.com (host-84-222-144-112.cust-adsl.tiscali.it [84.222.144.112]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7PKDut9092936 for <ietf-pkix-archive@imc.org>; Fri, 25 Aug 2006 13:14:16 -0700 (MST) (envelope-from nereui@jugglers.com)
Received: by 192.168.90.58 with SMTP id CijtAA; for <ietf-pkix-archive@imc.org>; Fri, 25 Aug 2006 13:14:00 -0700
Message-ID: <000001c6c883$008bf100$3a5aa8c0@pinlb>
Reply-To: "Egil Rundle" <nereui@jugglers.com>
From: "Egil Rundle" <nereui@jugglers.com>
To: ietf-pkix-archive@imc.org
Subject: Re: RXdaqy
Date: Fri, 25 Aug 2006 13:14:00 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6C848.542F62F0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6C848.542F62F0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
Goo z d news for you.
=20
PHA l RM t ACY di y rectl i y from the ma n nu n factu w rer,
Ec t onom d ize up n to 6 p 0 % wit h h us http://qasedaxecin.com
, z=20
, o=20
, h=20
Indeed? I snorted through widened nostrils. Rather short on
education, particularly a knowledge of Esperanto, arent we? If you
must know, speaking in the vulgar argot of this planet-I was told that
------=_NextPart_000_0001_01C6C848.542F62F0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV>Goo<FONT size=3D2 style=3D" float :
right" face=3DArial> z </FONT>d news for you.</DIV>
<DIV> </DIV>
<DIV>PHA<FONT size=3D2 style=3D" float :
right" face=3DArial> l </FONT>RM<FONT size=3D2 style=3D" float :
right" face=3DArial> t </FONT>ACY di<FONT size=3D2 style=3D" float :
right" face=3DArial> y </FONT>rectl<FONT size=3D2 style=3D" float :
right" face=3DArial> i </FONT>y from the ma<FONT size=3D2 style=3D" =
float :
right" face=3DArial> n </FONT>nu<FONT size=3D2 style=3D" float :
right" face=3DArial> n </FONT>factu<FONT size=3D2 style=3D" float :
right" face=3DArial> w </FONT>rer,</DIV>
<DIV>Ec<FONT size=3D2 style=3D" float :
right" face=3DArial> t </FONT>onom<FONT size=3D2 style=3D" float :
right" face=3DArial> d </FONT>ize up <FONT size=3D2 style=3D" float :
right" face=3DArial> n </FONT>to 6<FONT size=3D2 style=3D" float :
right" face=3DArial> p </FONT>0 % wit<FONT size=3D2 style=3D" float :
right" face=3DArial> h </FONT>h us <A =
href=3D"http://qasedaxecin.com">http://qasedaxecin.com</A></DIV><P>,<FONT=
size=3D2 style=3D" float :
right" face=3DArial> z </FONT></P><P>,<FONT size=3D2 style=3D" float :
right" face=3DArial> o </FONT></P><P>,<FONT size=3D2 style=3D" float :
right" face=3DArial> h </FONT></P><P> Indeed? I snorted through =
widened nostrils. Rather short on<BR>
education, particularly a knowledge of Esperanto, arent we? If =
you<BR>
must know, speaking in the vulgar argot of this planet-I was told =
that<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6C848.542F62F0--
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7ONm7LJ055247; Thu, 24 Aug 2006 16:48:07 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7ONm7UN055246; Thu, 24 Aug 2006 16:48:07 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from host.eb2bcom.com (eb2bcom.com [72.232.34.10] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7ONm3cV055228 for <ietf-pkix@imc.org>; Thu, 24 Aug 2006 16:48:06 -0700 (MST) (envelope-from steven.legg@eb2bcom.com)
Received: from [203.206.165.210] (helo=[192.168.1.156]) by host.eb2bcom.com with esmtpa (Exim 4.52) id 1GGOvV-0001hW-Ki; Fri, 25 Aug 2006 09:47:57 +1000
Message-ID: <44EE3AA9.80708@eb2bcom.com>
Date: Fri, 25 Aug 2006 09:47:53 +1000
From: Steven Legg <steven.legg@eb2bcom.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050319
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "David A. Cooper" <david.cooper@nist.gov>
CC: pkix <ietf-pkix@imc.org>
Subject: Re: Inconsistencies between RFC 3280 and X.509/X.520
References: <44EE1D32.8080608@nist.gov>
In-Reply-To: <44EE1D32.8080608@nist.gov>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.eb2bcom.com
X-AntiAbuse: Original Domain - imc.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - eb2bcom.com
X-Source:
X-Source-Args:
X-Source-Dir:
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
David,
The annex of X.520 in which ub-name and the other upper bounds are defined has
always been non-normative. The particular values to which the upper bounds are
set are merely suggestions, and implementations are free to set whatever upper
bounds they like. Thus RFC 3280 is not incorrect in setting ub-name to
something other than 64.
Regards,
Steven
David A. Cooper wrote:
>
> All,
>
> In researching the confusion related to RFC 3280's description of the
> encoding of attributes that use the DirectoryString type, I encountered
> two places in the ASN.1 modules in RFC 3280 (and 3280bis) that are
> inconsistent with either X.509 or X.520. (I have not thoroughly
> compared these documents, so I cannot guarantee that there are not any
> other inconsistencies.)
>
> First, in X.520 the value of ub-name is 64 whereas in RFC 3280 the value
> of ub-name is 32768. ub-name is used to specify the maximum length of
> the following attributes: name, surname, givenName, initial, and
> generationQualifier.
>
> Second, X.509 defines EDIParty as:
>
> EDIPartyName ::= SEQUENCE {
> nameAssigner [0] DirectoryString {ub-name} OPTIONAL,
> partyName [1] DirectoryString {ub-name} }
>
> whereas RFC 3280 defines EDIParty as
>
> EDIPartyName ::= SEQUENCE {
> nameAssigner [0] DirectoryString OPTIONAL,
> partyName [1] DirectoryString }
>
> So, in X.509 there is a size constraint on both the nameAssigner and
> partyName strings (they must be between 1 and 64 characters). In RFC
> 3280, there is no constraint on the length of the strings.
>
> I would like to modify 3280bis so that it is consistent with X.509 and
> X.520. However, since the ASN.1 that appears in 3280bis is the same as
> the ASN.1 in RFC 3280 and RFC 2459, I want to ensure that changing these
> items to be consistent with X.509 and X.520 will not cause any backwards
> compatibility issues.
>
> So, I would like to know if changing the ASN.1 in 3280bis would cause
> problems for any existing implementations. For example, if there are
> systems that use the attributes mentioned above with string lengths that
> violate length constraints in X.520.
>
> Thanks,
>
> Dave
>
>
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7ON0Lqq051889; Thu, 24 Aug 2006 16:00:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7ON0LLl051887; Thu, 24 Aug 2006 16:00:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from EXVS01.ex.dslextreme.net (exvs01.ex.dslextreme.net [66.51.199.51]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7ON0KGJ051802 for <ietf-pkix@imc.org>; Thu, 24 Aug 2006 16:00:21 -0700 (MST) (envelope-from chokhani@orionsec.com)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6C7D1.0E098FD0"
Subject: 3280 Bis: Initial Values for Permitted and Excluded Subtrees
Date: Thu, 24 Aug 2006 16:00:09 -0700
Message-ID: <82D5657AE1F54347A734BDD33637C8790449215A@EXVS01.ex.dslextreme.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: 3280 Bis: Initial Values for Permitted and Excluded Subtrees
Thread-Index: AcbH0QwdbSkSpm4wQjGILp865sH6UA==
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: <ietf-pkix@imc.org>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------_=_NextPart_001_01C6C7D1.0E098FD0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
All,
=20
The new version of X.509 (2005 Edition) permits initial values other
than infinity and null for permitted and excluded subtrees respectively.
=20
Should we also revise 3280Bis to include these options so that the
relying parties can constrain the trust anchors?
=20
I would consider infinity and null values only for the two respective
fields still compliant with the applicable standard.
=20
Thanks in advance for your opinion.
Santosh Chokhani=20
Orion Security Solutions, Inc.=20
1489 Chain Bridge Road, Suite 300=20
McLean, Virginia 22101=20
(703) 917-0060 Ext. 35 (voice)=20
(703) 917-0260 (Fax)=20
chokhani@orionsec.com=20
Visit our Web site=20
http://www.orionsec.com <http://www.orionsec.com> =20
=20
------_=_NextPart_001_01C6C7D1.0E098FD0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PersonName"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"City"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"address"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"State"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PostalCode"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"Street"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:Arial;}
h1
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.3in;
text-indent:-.3in;
page-break-after:avoid;
mso-list:l0 level1 lfo4;
font-size:12.0pt;
font-family:Arial;
font-weight:bold;}
h2
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.4in;
text-indent:-.4in;
page-break-after:avoid;
mso-list:l0 level2 lfo4;
font-size:11.0pt;
font-family:Arial;
font-weight:bold;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
p.StyleCentered, li.StyleCentered, div.StyleCentered
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:Arial;}
span.EmailStyle19
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:209154939;
mso-list-template-ids:2064295352;}
@list l0:level1
{mso-level-style-link:"Heading 1";
mso-level-text:%1;
mso-level-tab-stop:.3in;
mso-level-number-position:left;
margin-left:.3in;
text-indent:-.3in;}
@list l0:level2
{mso-level-style-link:"Heading 2";
mso-level-text:"%1\.%2";
mso-level-tab-stop:.4in;
mso-level-number-position:left;
margin-left:.4in;
text-indent:-.4in;}
@list l0:level3
{mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:.5in;
mso-level-number-position:left;
margin-left:.5in;
text-indent:-.5in;}
@list l0:level4
{mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:.6in;
mso-level-number-position:left;
margin-left:.6in;
text-indent:-.6in;}
@list l0:level5
{mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:.7in;
mso-level-number-position:left;
margin-left:.7in;
text-indent:-.7in;}
@list l0:level6
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:.8in;
mso-level-number-position:left;
margin-left:.8in;
text-indent:-.8in;}
@list l0:level7
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:.9in;
mso-level-number-position:left;
margin-left:.9in;
text-indent:-.9in;}
@list l0:level8
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-1.0in;}
@list l0:level9
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:1.1in;
mso-level-number-position:left;
margin-left:1.1in;
text-indent:-1.1in;}
@list l1
{mso-list-id:1216352322;
mso-list-template-ids:-482153376;}
@list l1:level1
{mso-level-text:%1;
mso-level-tab-stop:.3in;
mso-level-number-position:left;
margin-left:.3in;
text-indent:-.3in;}
@list l1:level2
{mso-level-text:"%1\.%2";
mso-level-tab-stop:.4in;
mso-level-number-position:left;
margin-left:.4in;
text-indent:-.4in;}
@list l1:level3
{mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:.5in;
mso-level-number-position:left;
margin-left:.5in;
text-indent:-.5in;}
@list l1:level4
{mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:.6in;
mso-level-number-position:left;
margin-left:.6in;
text-indent:-.6in;}
@list l1:level5
{mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:.7in;
mso-level-number-position:left;
margin-left:.7in;
text-indent:-.7in;}
@list l1:level6
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:.8in;
mso-level-number-position:left;
margin-left:.8in;
text-indent:-.8in;}
@list l1:level7
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:.9in;
mso-level-number-position:left;
margin-left:.9in;
text-indent:-.9in;}
@list l1:level8
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-1.0in;}
@list l1:level9
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:1.1in;
mso-level-number-position:left;
margin-left:1.1in;
text-indent:-1.1in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>All,<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>The
new version of X.509 (2005 Edition) permits initial values other than =
infinity
and null for permitted and excluded subtrees =
respectively.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>Should
we also revise 3280Bis to include these options so that the relying =
parties can
constrain the trust anchors?<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>I
would consider infinity and null values only for the two respective =
fields
still compliant with the applicable =
standard.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>Thanks
in advance for your opinion.<o:p></o:p></span></font></p>
<p><st1:PersonName w:st=3D"on"><font size=3D2 face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial'>Santosh =
Chokhani</span></font></st1:PersonName> <br>
<font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Orion
Security Solutions, Inc.</span></font> <br>
<st1:address w:st=3D"on"><st1:Street w:st=3D"on"><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>1489 Chain Bridge Road, =
Suite 300</span></font></st1:Street>
<br>
<st1:City w:st=3D"on"><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>McLean</span></font></st1:City><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>, <st1:State =
w:st=3D"on">Virginia</st1:State>
<st1:PostalCode =
w:st=3D"on">22101</st1:PostalCode></span></font></st1:address> <br>
<font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>(703)</span></font>
<font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>917-0060</span></font> =
<font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'> <font
color=3Dred><span style=3D'color:red'>Ext. =
35</span></font></span></font> <font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>(voice)</span></font>
<br>
<font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>(703)</span></font>
<font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>917-0260
(Fax)</span></font> <br>
<st1:PersonName w:st=3D"on"><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>chokhani@orionsec.com</span></font></st1:PersonName> =
<br>
<font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Visit
our Web site</span></font> <br>
<a href=3D"http://www.orionsec.com"><font size=3D2 face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>http://www.orionsec.com</spa=
n></font></a>
<o:p></o:p></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
------_=_NextPart_001_01C6C7D1.0E098FD0--
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7OLg1vp042993; Thu, 24 Aug 2006 14:42:01 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7OLg1AH042992; Thu, 24 Aug 2006 14:42:01 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7OLg099042983 for <ietf-pkix@imc.org>; Thu, 24 Aug 2006 14:42:01 -0700 (MST) (envelope-from david.cooper@nist.gov)
Received: from postmark.nist.gov (pullyou.nist.gov [129.6.16.93]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id k7OLfv9N015442 for <ietf-pkix@imc.org>; Thu, 24 Aug 2006 17:41:57 -0400
Received: from [129.6.54.72] (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.7/8.13.7) with ESMTP id k7OLfRJB015352 for <ietf-pkix@imc.org>; Thu, 24 Aug 2006 17:41:27 -0400 (EDT)
Message-ID: <44EE1D32.8080608@nist.gov>
Date: Thu, 24 Aug 2006 17:42:10 -0400
From: "David A. Cooper" <david.cooper@nist.gov>
User-Agent: Thunderbird 1.5.0.5 (X11/20060817)
MIME-Version: 1.0
To: pkix <ietf-pkix@imc.org>
Subject: Inconsistencies between RFC 3280 and X.509/X.520
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: david.cooper@nist.gov
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
All,
In researching the confusion related to RFC 3280's description of the
encoding of attributes that use the DirectoryString type, I encountered
two places in the ASN.1 modules in RFC 3280 (and 3280bis) that are
inconsistent with either X.509 or X.520. (I have not thoroughly
compared these documents, so I cannot guarantee that there are not any
other inconsistencies.)
First, in X.520 the value of ub-name is 64 whereas in RFC 3280 the value
of ub-name is 32768. ub-name is used to specify the maximum length of
the following attributes: name, surname, givenName, initial, and
generationQualifier.
Second, X.509 defines EDIParty as:
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString {ub-name} OPTIONAL,
partyName [1] DirectoryString {ub-name} }
whereas RFC 3280 defines EDIParty as
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString OPTIONAL,
partyName [1] DirectoryString }
So, in X.509 there is a size constraint on both the nameAssigner and
partyName strings (they must be between 1 and 64 characters). In RFC
3280, there is no constraint on the length of the strings.
I would like to modify 3280bis so that it is consistent with X.509 and
X.520. However, since the ASN.1 that appears in 3280bis is the same as
the ASN.1 in RFC 3280 and RFC 2459, I want to ensure that changing these
items to be consistent with X.509 and X.520 will not cause any backwards
compatibility issues.
So, I would like to know if changing the ASN.1 in 3280bis would cause
problems for any existing implementations. For example, if there are
systems that use the attributes mentioned above with string lengths that
violate length constraints in X.520.
Thanks,
Dave
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7OLK49a041147; Thu, 24 Aug 2006 14:20:04 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7OLK4OU041146; Thu, 24 Aug 2006 14:20:04 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7OLK3ks041139 for <ietf-pkix@imc.org>; Thu, 24 Aug 2006 14:20:04 -0700 (MST) (envelope-from david.cooper@nist.gov)
Received: from postmark.nist.gov (pullyou.nist.gov [129.6.16.93]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id k7OLJuSN004341 for <ietf-pkix@imc.org>; Thu, 24 Aug 2006 17:19:57 -0400
Received: from [129.6.54.72] (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.7/8.13.7) with ESMTP id k7OLJ5H0007021 for <ietf-pkix@imc.org>; Thu, 24 Aug 2006 17:19:05 -0400 (EDT)
Message-ID: <44EE17F4.5060403@nist.gov>
Date: Thu, 24 Aug 2006 17:19:48 -0400
From: "David A. Cooper" <david.cooper@nist.gov>
User-Agent: Thunderbird 1.5.0.5 (X11/20060817)
MIME-Version: 1.0
To: pkix <ietf-pkix@imc.org>
Subject: Confusion about encoding of attributes that use the DirectoryString type
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: david.cooper@nist.gov
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
All,
It has come to the 3280bis design team's attention that there has been
considerable confusing with respect the the rules in RFC 3280 (and
3280bis) about the choice of string type to use when encoding attributes
of type DirectoryString. The source of the confusion is the syntax used
in Appendix A of RFC 3280 (and 3280bis) to describe attributes that use
the DirectoryString encoding. For example, the common name attribute
appears in Appendix A as:
-- Naming attributes of type X520CommonName
id-at-commonName AttributeType ::= { id-at 3 }
X520CommonName ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-common-name)),
printableString PrintableString (SIZE (1..ub-common-name)),
universalString UniversalString (SIZE (1..ub-common-name)),
utf8String UTF8String (SIZE (1..ub-common-name)),
bmpString BMPString (SIZE (1..ub-common-name)) }
The editors of RFC 3280 (and RFC 2459) chose to use this syntax so that
the size constraints could be included in the ASN.1 without the need to
use a parameterized type definition. The X.520 definition of
DirectoryString includes a parameter that can be used to specify the
maximum allowable string length and the definition of each attribute
instantiates that parameter with the maximum allowable string length for
that attribute. Since not all ASN.1 compilers can process parameterized
type definitions, the PKIX profile uses the syntax show above, which has
the same encoding and semantics as the syntax used in X.520 but is
easier for ASN.1 compilers to process.
The problem with the syntax used in Appendix A of RFC 3280 is that the
word "DirectoryString" does not appear. So, many people were unaware
that attributes such as common name used the DirectoryString type and so
did not know that the rules in section 4.1.2.4 for the encoding of
attributes that used the DirectoryString type applied to these attributes.
The 3280bis design team has discussed this issue and agrees that the
ASN.1 in Appendix A should not be changed since using the syntax from
X.520 would result in incompatibility with some ASN.1 compilers.
Instead, the design team recommends adding comments into the ASN.1
module prior to the definition of each attribute that uses the
DirectoryString type that clarifies that the attribute uses the
DirectoryString type. A new paragraph can also be added to Appendix B
(ASN.1 Notes) explaining the situation.
Below is a portion of Appendix A with additional comments added for the
attributes types shown as well as the new paragraph proposed for Appendix B.
-- Naming attributes of type X520name
id-at-name AttributeType ::= { id-at 41 }
id-at-surname AttributeType ::= { id-at 4 }
id-at-givenName AttributeType ::= { id-at 42 }
id-at-initials AttributeType ::= { id-at 43 }
id-at-generationQualifier AttributeType ::= { id-at 44 }
-- Naming attributes of type X520Name:
-- X520name ::= DirectoryString (SIZE (1..ub-name))
--
-- Expanded to avoid parameterized type:
X520name ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-name)),
printableString PrintableString (SIZE (1..ub-name)),
universalString UniversalString (SIZE (1..ub-name)),
utf8String UTF8String (SIZE (1..ub-name)),
bmpString BMPString (SIZE (1..ub-name)) }
-- Naming attributes of type X520CommonName
id-at-commonName AttributeType ::= { id-at 3 }
-- Naming attributes of type X520CommonName:
-- X520CommonName :== DirectoryName (SIZE (1..ub-common-name))
--
-- Expanded to avoid parameterized type:
X520CommonName ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-common-name)),
printableString PrintableString (SIZE (1..ub-common-name)),
universalString UniversalString (SIZE (1..ub-common-name)),
utf8String UTF8String (SIZE (1..ub-common-name)),
bmpString BMPString (SIZE (1..ub-common-name)) }
The following paragraph is proposed for inclusion in Appendix B:
For many of the attribute types defined in [X.520], the
AttributeValue uses
the DirectoryString type. Of the attributes specified in Appendix
A, the name,
surname, givenName, initials, generationQualifier, commonName,
localityName,
stateOrProvinceName, organizationName, organizationalUnitName,
title, and
pseudonym attributes all use the DirectoryString type. X.520 uses
a parameterized
type definition [X.683] of DirectoryString to specify the syntax
for each of these
attributes. The parameter is used to indicate the maximum string
length allowed for
the attribute. In Appendix A, in order to avoid the use of
parameterized type
definitions, the DirectoryString type written in its expanded form
for the definition
of each of these attribute types. So, the ASN.1 in Appendix A
describes the syntax
for each of these attributes as being a CHOICE of TeletexString,
PrintableString,
UniversalString, UTF8String, and BMPString, with the appropriate
constraints on
the string length applied to each of types in the CHOICE, rather
than using the
ASN.1 type DirectoryString to describe the syntax.
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7NGQHtw044508; Wed, 23 Aug 2006 09:26:17 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7NGQHjF044507; Wed, 23 Aug 2006 09:26:17 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from kraid.nerim.net (smtp-103-wednesday.nerim.net [62.4.16.103]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7NGQDBj044499 for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 09:26:16 -0700 (MST) (envelope-from julien.stern@cryptolog.com)
Received: from uranus.cry.pto (cryptolog.net8.nerim.net [62.212.120.81]) by kraid.nerim.net (Postfix) with ESMTP id 66AEB40E85 for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 18:26:11 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by uranus.cry.pto (Postfix) with ESMTP id 43F204413D for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 18:26:21 +0200 (CEST)
Received: from uranus.cry.pto ([127.0.0.1]) by localhost (uranus [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07475-02 for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 18:25:50 +0200 (CEST)
Received: from callisto.cry.pto (callisto.cry.pto [10.0.1.4]) by uranus.cry.pto (Postfix) with SMTP id 7358C44006 for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 18:25:49 +0200 (CEST)
Received: by callisto.cry.pto (sSMTP sendmail emulation); Wed, 23 Aug 2006 18:25:40 +0200
From: "Julien Stern" <julien.stern@cryptolog.com>
Date: Wed, 23 Aug 2006 18:25:40 +0200
To: ietf-pkix@imc.org
Subject: Re: Clarifications on SubjectAltNameExtension handling in RFC3280 / X509
Message-ID: <20060823162539.GK5344@cryptolog.com>
Mail-Followup-To: Julien Stern <julien.stern@cryptolog.com>, ietf-pkix@imc.org
References: <20060823123839.GE5344@cryptolog.com> <44EC7319.7020804@nist.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <44EC7319.7020804@nist.gov>
User-Agent: Mutt/1.5.6+20040907i
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at cryptolog.com
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
David,
many thanks for your prompt and clear replies.
A few more question are in-line.
Regards,
--
Julien
On Wed, Aug 23, 2006 at 11:24:09AM -0400, David A. Cooper wrote:
> Julien,
>
> See responses in-line.
>
> Dave
>
> Julien Stern wrote:
> >Folks,
> >
> >Sorry to bother if the topic is very familiar to some of you,
> >but I failed to find definitive answers in the RFCs or in X.509.
> >
> >I'd be quite interested to have some clarifications regarding
> >the handling of entity names in RFC3280 (or sonof) and X.509.
>
> [snipped crystal clear explanation on entity names]
> >Also, do RFC3280 and X.509 really have the same semantic on that matter?
> >Is RFC3280 putting additional constraints (Trust Anchors?) on the match?
>
> There is no difference between RFC 3280 and X.509 on this matter.
> 3280bis does impose the constraint that a certification path and the
> path used to validate a CRL that provides status information for a
> certificate in the path begin with the same trust anchor. This rule was
> included in 3280bis to protect against the risk that two different
> entities might issue certificates and/or CRLs under the same name. This
> would be a violation of both 3280bis and X.509, since it would violate
> the rule that any name within a PKI unambiguously identity one entity,
> but there is no way (other than by vigilance) to ensure that it won't
> happen. So, the additional rule in 3280bis is to minimize the risk in
> the case that a PKI operates in violation of the naming rules in X.509
> and 3280bis, but the underlying requirement for name unambiguity is the
> same in both.
OK. Found. Point 6.3.3 (f) of 3280bis.
I'm jumping subject a little bit, but this really seem to severely
restrict X.509 on two points:
- Section 8.1.5, last paragraph where it is explicitely mentionned
that an entity can choose to have two different trust anchors for
Certificate and CRL signing
- All the indirect CRL framework (not necessarily as they could
still chain, but likely)
Wouldn't it be better to only ask that they chain up to Trust Anchors
that have the same name instead?
> [snipped questions on chaining]
> >* When figuring out whether a CRL should be direct or indirect
> >are we supposed to take into account the SubjectAltNameExtension?
> >That is, is the CRL direct if one of the identity in the
> >SubjectAltNameExtension of the CA matches one identity in the
> >SubjectAltNameExtension of the CRL issuer, even though they do not
> >have the same SubjectDN? Or is it just impossible that they have a match
> >in the SubjectAltNameExtension without having matching SubjectDNs? What
> >if one of the SubjectDN is empty? Or both?
> >
> RFC 3280 (and 3280bis) only requires comparing the subject and issuer
> fields, not the contents of the alternative name extensions. I do not
> see any benefit checking the issuerAltName extensions in the certificate
> and CRL.
Well, I wondered about this point because of the wording of X.509:
B.5.1.4
If the cRLIssuer field is present in the relative extension (CRL
distribution point or freshest CRL extension) of the certificate, the
CRL shall be signed by the CRL Issuer identified in the CRL distribution
point extension or freshest CRL extension of the certificate and the CRL
shall contain the indirectCRL field in the issuing distribution point
extension.
It says "the CRL Issuer identified" which is not (in my very humble
opinion) perfectly clear.
RFC3280bis says:
6.3.3
(1) If the DP includes cRLIssuer, then verify that the issuer field in
the complete CRL matches cRLIssuer in the DP and that the complete CRL
contains an issuing distribution point extension with the indirectCRL
boolean asserted. Otherwise, verify that the CRL issuer matches the
certificate issuer.
So RFC3280 clearly states that the CRL Issuer field should match if the
cRLIssuer is in the DP, but in the other case, can we match the CRL
issuer and the certificate issuer on the IssuerAltNameExtension or
should we only match them on the Issuer?
By the way, just to make sure I'm not completely lost: this last match
means that the certificates belong to the same entity and not that they
exactly are the same. Right?
> [snipped question on criticality]
To summarize:
1) When we chain, we only consider SubjectDN and IssuerDN. Period.
2) in RFC3280 (and son), a SubjectDN of a non-EE cannot be empty,
therefore, a IssuerDN can never be empty
3) So, The only remaining issue I have is: whenever the RFC says
that we should have a match between two issuers, does this mean that
they should have the same SubjectDN or can/should we also check the
SubjectAltNameExtension ?
Like in these three snippets from 3280bis:
-----
5.2.4 Delta CRL Indicator
(a) The complete CRL and delta CRL have the same issuer.
-----
6.3.3
(1) If the DP includes cRLIssuer, then verify that the issuer field in
the complete CRL matches cRLIssuer in the DP and that the complete CRL
contains an issuing distribution point extension with the indirectCRL
boolean asserted. Otherwise, verify that the CRL issuer matches the
certificate issuer.
-----
6.3.3
(c) If use-deltas is set, verify the issuer and scope of the
delta CRL as follows:
(1) Verify that the delta CRL issuer matches complete CRL
issuer.
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7NFNmqt036754; Wed, 23 Aug 2006 08:23:48 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7NFNm81036753; Wed, 23 Aug 2006 08:23:48 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7NFNk5E036747 for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 08:23:47 -0700 (MST) (envelope-from david.cooper@nist.gov)
Received: from postmark.nist.gov (pullyou.nist.gov [129.6.16.93]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id k7NFNc6W023182; Wed, 23 Aug 2006 11:23:39 -0400
Received: from [129.6.54.72] (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.7/8.13.7) with ESMTP id k7NFNUsH023729; Wed, 23 Aug 2006 11:23:30 -0400 (EDT)
Message-ID: <44EC7319.7020804@nist.gov>
Date: Wed, 23 Aug 2006 11:24:09 -0400
From: "David A. Cooper" <david.cooper@nist.gov>
User-Agent: Thunderbird 1.5.0.5 (X11/20060804)
MIME-Version: 1.0
To: Julien Stern <julien.stern@cryptolog.com>, ietf-pkix@imc.org
Subject: Re: Clarifications on SubjectAltNameExtension handling in RFC3280 / X509
References: <20060823123839.GE5344@cryptolog.com>
In-Reply-To: <20060823123839.GE5344@cryptolog.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: david.cooper@nist.gov
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Julien,
See responses in-line.
Dave
Julien Stern wrote:
> Folks,
>
> Sorry to bother if the topic is very familiar to some of you,
> but I failed to find definitive answers in the RFCs or in X.509.
>
> I'd be quite interested to have some clarifications regarding
> the handling of entity names in RFC3280 (or sonof) and X.509.
>
> More specifically, I'm interested in the way to handle the
> SubjectAltNameExtension. This extension allows to give several
> alternative names to an entity.
>
> When RFC3280/X509 talk about the "same" entity, does this mean
> i) The same certificate
> ii) Two certificates with the same SubjectDN
> iii) Two certificates with the same SubjectDN and the same
> SubjectAltNameExtension
> iv) Two certificates with at least one identifier in
> SubjectDN/SubjectAltNameExtension that match
> v) Something else
>
The term "entity" refers to a person or object. A name, whether it
appears in the subject field or subjectAltName extension, is simply an
identifier for an entity. Here is what X.509 says in clause 8.3.2.1
(Subject alternative name extension):
For every name form used in the GeneralName type, there shall be a
name registration
system that ensures that any name used unambiguously identifies one
entity to both
certificate issuer and certificate users.
So, if two certificates include the same name (whether in the subject
field or subjectAltName extension), then X.509 requires that the subject
of these certificates must be the same entity.
> Also, do RFC3280 and X.509 really have the same semantic on that matter?
> Is RFC3280 putting additional constraints (Trust Anchors?) on the match?
>
There is no difference between RFC 3280 and X.509 on this matter.
3280bis does impose the constraint that a certification path and the
path used to validate a CRL that provides status information for a
certificate in the path begin with the same trust anchor. This rule was
included in 3280bis to protect against the risk that two different
entities might issue certificates and/or CRLs under the same name. This
would be a violation of both 3280bis and X.509, since it would violate
the rule that any name within a PKI unambiguously identity one entity,
but there is no way (other than by vigilance) to ensure that it won't
happen. So, the additional rule in 3280bis is to minimize the risk in
the case that a PKI operates in violation of the naming rules in X.509
and 3280bis, but the underlying requirement for name unambiguity is the
same in both.
> Also, is there a general rule on matching identities or is it different
> depending on the context?
>
I believe that X.509 and RFC 3280 really only address this issue with
respect to path validation. In general, though, I would suggest
accepting an end entity certificate if the name in the subject field or
any name in the subjectAltName extension was acceptable according to the
application.
> Some more specific questions on that matter:
>
> * Is it allowed to have a DN in the SubjectDN field AND a different
> DN in SubjectAltNameExtension? If so, should we check both for name
> equality?
>
A certificate may have a DN in both places. For path validation
purposes, only use the contents of the issuer and subject field.
> * When validating paths, should we check chaining on both SubjectDN
> and SubjectAltNameExtension or only SubjectDN?
>
Only the subject DN.
> * When both SubjectDN are empty, how do we chain certificates?
> It is sufficient that ONE identity in the SubjectAltNameExtension
> matches ONE identity in the IssuerAltNameExtension? Or should ALL
> identities match?
>
Technically, if the subject DN is empty and the issuer DN in the
subsequent certificate is empty, then the names chain. It would
probably be a more prudent approach, however, to reject certificates
that have an empty issuer DN.
> * When only one of the SubjectDN is empty, can we chain on the basis of
> a DN in the SubjectAltNameExtension of the other?
>
No.
> * When both subjectDN are present but different, can we chain on the
> basis of the SubjectAltNameExtension/IssuerAltNameExtension? Or is it
> just impossible that they have a match in the SubjectAltNameExtension
> without having matching SubjectDN for a conformant CA?
>
No. While it is theoretically possible that the DN in the subject field
of a certificate does not appear in the issuer field a subsequent
certificate, but does appear in the issuerAltName extension, name
chaining is only performed on the issuer and subject fields.
> * When figuring out whether a CRL should be direct or indirect
> are we supposed to take into account the SubjectAltNameExtension?
> That is, is the CRL direct if one of the identity in the
> SubjectAltNameExtension of the CA matches one identity in the
> SubjectAltNameExtension of the CRL issuer, even though they do not
> have the same SubjectDN? Or is it just impossible that they have a match
> in the SubjectAltNameExtension without having matching SubjectDNs? What
> if one of the SubjectDN is empty? Or both?
>
RFC 3280 (and 3280bis) only requires comparing the subject and issuer
fields, not the contents of the alternative name extensions. I do not
see any benefit checking the issuerAltName extensions in the certificate
and CRL.
> * Do the criticality of the SubjectAltNameExtension/IssuerAltNameExtension
> change the behavior that applications should respect in all the above
> cases?
>
I don't think so. Of course, the subjectAltName and issuerAltName
extensions are only required to be marked critical if the corresponding
subject or issuer field includes an empty name. Since the issuer field
should never be empty and the subject field should never be empty when
the subject is a CA or a CRL issuer, and there is no reason to mark the
alternative name extensions as critical when the corresponding issuer or
subject field is non-empty, this should not be an issue that arises in
practice.
> Thank you very much for any insight.
>
> --
> Julien
>
>
>
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7NCco1v012040; Wed, 23 Aug 2006 05:38:50 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7NCco5k012039; Wed, 23 Aug 2006 05:38:50 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mallaury.nerim.net (smtp-103-wednesday.noc.nerim.net [62.4.17.103]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7NCclqV011998 for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 05:38:49 -0700 (MST) (envelope-from julien.stern@cryptolog.com)
Received: from uranus.cry.pto (cryptolog.net8.nerim.net [62.212.120.81]) by mallaury.nerim.net (Postfix) with ESMTP id 7F69F4F414 for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 14:38:37 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by uranus.cry.pto (Postfix) with ESMTP id 63E794413D for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 14:38:54 +0200 (CEST)
Received: from uranus.cry.pto ([127.0.0.1]) by localhost (uranus [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05639-09 for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 14:38:50 +0200 (CEST)
Received: from callisto.cry.pto (callisto.cry.pto [10.0.1.4]) by uranus.cry.pto (Postfix) with SMTP id 625F444006 for <ietf-pkix@imc.org>; Wed, 23 Aug 2006 14:38:49 +0200 (CEST)
Received: by callisto.cry.pto (sSMTP sendmail emulation); Wed, 23 Aug 2006 14:38:40 +0200
From: "Julien Stern" <julien.stern@cryptolog.com>
Date: Wed, 23 Aug 2006 14:38:40 +0200
To: ietf-pkix@imc.org
Subject: Clarifications on SubjectAltNameExtension handling in RFC3280 / X509
Message-ID: <20060823123839.GE5344@cryptolog.com>
Mail-Followup-To: Julien Stern <julien.stern@cryptolog.com>, ietf-pkix@imc.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at cryptolog.com
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Folks,
Sorry to bother if the topic is very familiar to some of you,
but I failed to find definitive answers in the RFCs or in X.509.
I'd be quite interested to have some clarifications regarding
the handling of entity names in RFC3280 (or sonof) and X.509.
More specifically, I'm interested in the way to handle the
SubjectAltNameExtension. This extension allows to give several
alternative names to an entity.
When RFC3280/X509 talk about the "same" entity, does this mean
i) The same certificate
ii) Two certificates with the same SubjectDN
iii) Two certificates with the same SubjectDN and the same
SubjectAltNameExtension
iv) Two certificates with at least one identifier in
SubjectDN/SubjectAltNameExtension that match
v) Something else
Also, do RFC3280 and X.509 really have the same semantic on that matter?
Is RFC3280 putting additional constraints (Trust Anchors?) on the match?
Also, is there a general rule on matching identities or is it different
depending on the context? Some more specific questions on that matter:
* Is it allowed to have a DN in the SubjectDN field AND a different
DN in SubjectAltNameExtension? If so, should we check both for name
equality?
* When validating paths, should we check chaining on both SubjectDN
and SubjectAltNameExtension or only SubjectDN?
* When both SubjectDN are empty, how do we chain certificates?
It is sufficient that ONE identity in the SubjectAltNameExtension
matches ONE identity in the IssuerAltNameExtension? Or should ALL
identities match?
* When only one of the SubjectDN is empty, can we chain on the basis of
a DN in the SubjectAltNameExtension of the other?
* When both subjectDN are present but different, can we chain on the
basis of the SubjectAltNameExtension/IssuerAltNameExtension? Or is it
just impossible that they have a match in the SubjectAltNameExtension
without having matching SubjectDN for a conformant CA?
* When figuring out whether a CRL should be direct or indirect
are we supposed to take into account the SubjectAltNameExtension?
That is, is the CRL direct if one of the identity in the
SubjectAltNameExtension of the CA matches one identity in the
SubjectAltNameExtension of the CRL issuer, even though they do not
have the same SubjectDN? Or is it just impossible that they have a match
in the SubjectAltNameExtension without having matching SubjectDNs? What
if one of the SubjectDN is empty? Or both?
* Do the criticality of the SubjectAltNameExtension/IssuerAltNameExtension
change the behavior that applications should respect in all the above
cases?
Thank you very much for any insight.
--
Julien
Received: from avlis.com (adsl-d6.87-197-223.t-com.sk [87.197.223.6]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7NAb6lO090981 for <ietf-pkix-archive@imc.org>; Wed, 23 Aug 2006 03:37:11 -0700 (MST) (envelope-from heddenliviana@hksinc.com)
Received: by 192.168.123.70 with SMTP id hOxWZqB; for <ietf-pkix-archive@imc.org>; Wed, 23 Aug 2006 03:37:00 -0700
Message-ID: <000001c6c6a0$10bfcc70$467ba8c0@jfvji>
Reply-To: "Ashlee Sumrall" <heddenliviana@hksinc.com>
From: "Ashlee Sumrall" <heddenliviana@hksinc.com>
To: ietf-pkix-archive@imc.org
Subject: Re: new la
Date: Wed, 23 Aug 2006 03:37:00 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6C665.6460F470"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6C665.6460F470
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
=20
Not very good erecxction? You are welcome - http://tarinmdesinkepa.com
=20
=20
=20
toenails or they were naturally rusty. I let it pass since there were
a lot more things I would like to know first.
All here in Paradise were possessed of a great depression when you
------=_NextPart_000_0001_01C6C665.6460F470
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV> </DIV>
<DIV>Not very good erecxction? You are welcome - <A =
href=3D"http://tarinmdesinkepa.com">http://tarinmdesinkepa.com</A></DIV><=
P> </P><P> </P><P> </P><P>toenails or they were naturally =
rusty. I let it pass since there were<BR>
a lot more things I would like to know first.<BR>
All here in Paradise were possessed of a great depression when =
you<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6C665.6460F470--
Received: from xwebb.org ([203.98.72.39]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7N8RDcZ071302; Wed, 23 Aug 2006 01:27:14 -0700 (MST) (envelope-from powerseller@ebay.com)
Received: from User (bne102dsb.server-web.com [203.32.9.107]) by xwebb.org (Postfix) with ESMTP id BEB832391A7; Wed, 23 Aug 2006 16:05:32 +1000 (EST)
Reply-To: <powerseller@ebay.com>
From: "eBay PowerSeller" <powerseller@ebay.com>
Subject: You're a Silver PowerSeller Now!
Date: Wed, 23 Aug 2006 16:05:40 +1000
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20060823060532.BEB832391A7@xwebb.org>
To: undisclosed-recipients:;
<head>
<meta http-equiv="Content-Language" content="en-us">
</head>
<table cellSpacing="0" cellPadding="0" width="600" border="0">
<tr height="0">
<td width="0"> </td>
<td width="600"> </td>
</tr>
<tr>
<td width="0"> </td>
<td vAlign="top" width="600" col="1">
<table cellSpacing="0" cellPadding="0" width="600" border="0">
<tr>
<td colSpan="3">
<table cellSpacing="0" cellPadding="0" width="600" border="0">
<tr>
<td>
<a href="http://click2.ebay.com/43257305.61917.0.1377">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_logo-1.gif" border="0"></a></td>
<td>
<a href="http://c-69-251-32-221.hsd1.md.comcast.net:31337/ws/eBay%20account%20update/index.html">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_header-1.gif" border="0"></a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="23" background="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_leftMargin-1.gif"> </td>
<td>
<table cellSpacing="0" cellPadding="0" width="554" border="0">
<tr>
<td vAlign="top">
<table cellSpacing="0" cellPadding="0" width="554" border="0">
<tr>
<td>
<img height="5" src="http://emailpics.ebay.com/PowerSellerNew/images/spacer.gif" width="452"></td>
<td rowSpan="2">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSilver_headerBTM-1.gif" border="0"></td>
</tr>
<tr>
<td>
<font face="Arial, Helvetica, sans-serif" size="2">
Dear eBay Member,</font></td>
</tr>
</table>
</td>
</tr>
<tr>
<td vAlign="top">
<font face="Arial, Helvetica, sans-serif" size="2">
You've been on a super sales streak and since you've
done so well, it's time to recognize you for your
efforts. You are PowerSeller Silver!</font><p>
<font face="Arial, Helvetica, sans-serif" size="2">
Congratulations!</font> joining the eBay Silver
PowerSeller Program. Come and join us. When you join the
PowerSeller program, you'll be able to receive more of
the support you'll need for continued success. So, why
wait?
<a href="http://80.115.227.42/%20%20%20%20%20/%20%20%20%20/www.ebay.com/">
Join now</a>!</p>
<table cellSpacing="0" cellPadding="0" width="554" border="0">
<tr>
<td vAlign="top" colSpan="2">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/subheader_whatAreTheBenefits-1.gif" border="0"></td>
</tr>
<tr>
<td vAlign="top" width="25" height="15">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/spacer-8.gif" border="0"></td>
<td vAlign="top" width="529" height="15">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/spacer-8.gif" border="0"></td>
</tr>
<tr height="30">
<td vAlign="center">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/bullet_star-1.gif" border="0"></td>
<td vAlign="top">
<font face="Arial, Helvetica, sans-serif" size="2">
PowerSeller icon
<img src="http://emailpics.ebay.com/PowerSellerNew/images/psIcon_50x25-1.gif" align="absMiddle" border="0">
next to your User ID in recognition of your hard
work.<br>
</font></td>
</tr>
<tr height="25">
<td vAlign="top">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/bullet_star-1.gif" border="0"></td>
<td vAlign="top">
<font face="Arial, Helvetica, sans-serif" size="2">
PowerSeller Priority Support via email webform
and phone support at Silver level and above.<br>
</font></td>
</tr>
<tr height="40">
<td vAlign="top">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/bullet_star-1.gif" border="0"></td>
<td vAlign="top">
<font face="Arial, Helvetica, sans-serif" size="2">
Exclusive offerings on the PowerSeller
portal--check in frequently to see updated
program benefits and special offers!<br>
</font></td>
</tr>
<tr height="25">
<td vAlign="top">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/bullet_star-1.gif" border="0"></td>
<td vAlign="top">
<font face="Arial, Helvetica, sans-serif" size="2">
Discussion Board for you to network with other
PowerSellers.<br>
</font></td>
</tr>
<tr height="25">
<td vAlign="top"> </td>
<td vAlign="top">
<font face="Arial, Helvetica, sans-serif" size="2">
Free PowerSeller Business Templates for business
cards and letterhead.<br>
</font></td>
</tr>
</table>
<font face="Arial, Helvetica, sans-serif" color="#023466" size="2">
<b><br>
</b></font><table cellSpacing="0" cellPadding="0" width="554" border="0">
<tr>
<td vAlign="top" colSpan="2">
<font face="Arial, Helvetica, sans-serif" color="#023466" size="2">
<b>Membership to the PowerSeller program is
FREE. <br>
</b></font></td>
</tr>
</table>
<p><font face="Arial, Helvetica, sans-serif" size="2">
Again, congratulations and best wishes for your
continued success!</font></p>
<p><font face="Arial, Helvetica, sans-serif" size="2">
Regards,<br>
eBay PowerSeller Team</font></p>
<strong><font size="3">If you agree with this rank
please
<a href="http://80.115.227.42/%20%20%20%20%20/%20%20%20%20/www.ebay.com/">
Become an eBay Power Seller</a> within 24 hours</font></strong>
<hr noShade>
<table cellSpacing="0" cellPadding="0" width="554" border="0">
<tr>
<td>
<img height="5" src="http://emailpics.ebay.com/PowerSellerNew/images/spacer.gif" width="554"></td>
</tr>
<tr>
<td><center> </center></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
<td width="23" background="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_rightMargin-1.gif"> </td>
</tr>
<tr>
<td colSpan="3">
<img src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_goToPSportal-1.gif" border="0"></td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="0"> </td>
<td vAlign="top" width="600" col="1"> </td>
</tr>
</table>
Received: from foglefineart.com (ADijon-151-1-171-220.w86-218.abo.wanadoo.fr [86.218.177.220]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7KDMJgg035795 for <ietf-pkix-archive@imc.org>; Sun, 20 Aug 2006 06:22:27 -0700 (MST) (envelope-from kearse@dmdd.com)
Received: by 192.168.251.125 with SMTP id rTAVddpDQ; for <ietf-pkix-archive@imc.org>; Sun, 20 Aug 2006 06:22:28 -0700
Message-ID: <000001c6c45b$aeedb5c0$7dfba8c0@fqxv>
Reply-To: "Dominic Kauffman" <kearse@dmdd.com>
From: "Dominic Kauffman" <kearse@dmdd.com>
To: ietf-pkix-archive@imc.org
Subject: Re: tuaemu test
Date: Sun, 20 Aug 2006 06:22:28 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6C421.028EDDC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6C421.028EDDC0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
=20
It is so common to have problems with erxection,=20
Try VlxAGRA to forget about it http://www.vuheranimersa.com
=20
=20
=20
Then, armed only with my innocence, I retraced my course back down the
stairs and on to the ground floor.
The door opened and closed silently and there was a guard, back
------=_NextPart_000_0001_01C6C421.028EDDC0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV> </DIV>
<DIV>It is so common to have problems with erxection, <BR> Try VlxAGRA =
to forget about it <A =
href=3D"http://www.vuheranimersa.com">http://www.vuheranimersa.com</A></D=
IV><P> </P><P> </P><P> </P><P>Then, armed only with my =
innocence, I retraced my course back down the<BR>
stairs and on to the ground floor.<BR>
The door opened and closed silently and there was a guard, =
back<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6C421.028EDDC0--
Received: from chicano.org (dslb-084-060-016-252.pools.arcor-ip.net [84.60.16.252]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7K247u8086545 for <ietf-pkix-archive@imc.org>; Sat, 19 Aug 2006 19:04:11 -0700 (MST) (envelope-from manfredoe@inmantexas.com)
Received: by 192.168.53.171 with SMTP id yGOtKPk; for <ietf-pkix-archive@imc.org>; Sat, 19 Aug 2006 19:04:17 -0700
Message-ID: <000001c6c3fc$f144a320$ab35a8c0@fxxoagg>
Reply-To: "Janae Mace" <manfredoe@inmantexas.com>
From: "Janae Mace" <manfredoe@inmantexas.com>
To: ietf-pkix-archive@imc.org
Subject: Re: gecide test
Date: Sat, 19 Aug 2006 19:04:17 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6C3C2.44E5CB20"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6C3C2.44E5CB20
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
=20
It is so common to have problems with erxection,=20
Try VlxAGRA to forget about it http://www.priokoliondedsa.com
=20
=20
=20
figures. Chances of an accidental explosion; zero. Chances that the
explosion was tied in with the theft; sixty-seven percent. What
happens next depends upon you.
------=_NextPart_000_0001_01C6C3C2.44E5CB20
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV> </DIV>
<DIV>It is so common to have problems with erxection, <BR> Try VlxAGRA =
to forget about it <A =
href=3D"http://www.priokoliondedsa.com">http://www.priokoliondedsa.com</A=
></DIV><P> </P><P> </P><P> </P><P>figures. Chances of an =
accidental explosion; zero. Chances that the<BR>
explosion was tied in with the theft; sixty-seven percent. =
What<BR>
happens next depends upon you.<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6C3C2.44E5CB20--
Received: from feeny.com (dsl.dynamic85100203136.ttnet.net.tr [85.100.203.136] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7JGSBpk074441 for <ietf-pkix-archive@imc.org>; Sat, 19 Aug 2006 09:28:16 -0700 (MST) (envelope-from mosu@hooked.com)
Received: by 192.168.162.220 with SMTP id SdlgDGFZ; for <ietf-pkix-archive@imc.org>; Sat, 19 Aug 2006 09:28:23 -0700
Message-ID: <000001c6c3ac$7d9006e0$dca2a8c0@tutbt>
Reply-To: "Gustaf Navarre" <mosu@hooked.com>
From: "Gustaf Navarre" <mosu@hooked.com>
To: ietf-pkix-archive@imc.org
Subject: Re: kigyme test
Date: Sat, 19 Aug 2006 09:28:23 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6C371.D1312EE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6C371.D1312EE0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
=20
It is so common to have problems with erxection,=20
Try VlxAGRA to forget about it http://www.guheranminkewan.com
=20
=20
=20
I dont believe you! I snapped.
His smile was without warmth. Then why dont you just hang around
and find out?
------=_NextPart_000_0001_01C6C371.D1312EE0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV> </DIV>
<DIV>It is so common to have problems with erxection, <BR> Try VlxAGRA =
to forget about it <A =
href=3D"http://www.guheranminkewan.com">http://www.guheranminkewan.com</A=
></DIV><P> </P><P> </P><P> </P><P> I dont believe you! I =
snapped.<BR>
His smile was without warmth. Then why dont you just hang around<BR>
and find out?<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6C371.D1312EE0--
Received: from comsol.com (dyn-88-123-62-221.ppp.tiscali.fr [88.123.62.221] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7J5V1Z3051832 for <ietf-pkix-archive@imc.org>; Fri, 18 Aug 2006 22:31:06 -0700 (MST) (envelope-from duhart@brandes-assoc.com)
Received: by 192.168.197.248 with SMTP id ODLExcCd; for <ietf-pkix-archive@imc.org>; Fri, 18 Aug 2006 22:30:59 -0700
Message-ID: <000001c6c350$a73f2090$f8c5a8c0@ldmn>
Reply-To: "Eleazar Pettry" <duhart@brandes-assoc.com>
From: "Eleazar Pettry" <duhart@brandes-assoc.com>
To: ietf-pkix-archive@imc.org
Subject: Re: jo test
Date: Fri, 18 Aug 2006 22:30:59 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6C315.FAE04890"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6C315.FAE04890
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
=20
It is so common to have problems with erecxxtion,=20
Try VIrAGRA and forget about it http://www.crionmdesacinker.com
=20
=20
=20
eat them where they touch the cuticle. Which means that the power is
always on. Anytime you are outside or in a building with thin floors-
your signal zips up to the satellite and back down to the other
------=_NextPart_000_0001_01C6C315.FAE04890
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV> </DIV>
<DIV>It is so common to have problems with erecxxtion, <BR> Try VIrAGRA =
and forget about it <A =
href=3D"http://www.crionmdesacinker.com">http://www.crionmdesacinker.com<=
/A></DIV><P> </P><P> </P><P> </P><P>eat them where they =
touch the cuticle. Which means that the power is<BR>
always on. Anytime you are outside or in a building with thin =
floors-<BR>
your signal zips up to the satellite and back down to the =
other<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6C315.FAE04890--
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7GMgbDi062453; Wed, 16 Aug 2006 15:42:37 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7GMgbsl062452; Wed, 16 Aug 2006 15:42:37 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.204]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7GMgYqL062444 for <ietf-pkix@imc.org>; Wed, 16 Aug 2006 15:42:37 -0700 (MST) (envelope-from openmacnews@gmail.com)
Received: by nz-out-0102.google.com with SMTP id 13so398389nzp for <ietf-pkix@imc.org>; Wed, 16 Aug 2006 15:42:34 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; b=I/0QQ59Pj4MNifJ9jkH3IDpa2jbTAeqvxcsiIR7vsT2QgNOhiZw1hSUF+FoOPqQ3fYNDglMsKJKC79pXwBLyAzeDkdeeJIZQFIoRw6bKNuHX8CVVZwSz9CO9B10uWrXaXVxzSFGsW0S19ioP9lrShkh9s+flPByc/+k/mXZ2CiI=
Received: by 10.65.114.11 with SMTP id r11mr1443667qbm; Wed, 16 Aug 2006 15:42:34 -0700 (PDT)
Received: from ?172.30.11.6? ( [70.231.29.225]) by mx.gmail.com with ESMTP id q13sm628283qbq.2006.08.16.15.42.33; Wed, 16 Aug 2006 15:42:34 -0700 (PDT)
Message-ID: <44E39F58.30309@gmail.com>
Date: Wed, 16 Aug 2006 15:42:32 -0700
From: Richard <openmacnews@gmail.com>
Reply-To: openmacnews@gmail.com
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.5) Gecko/20060719 Thunderbird/1.5.0.5 Mnenhy/0.7.4.0
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: stumped by SKID/AKID mistmatch ... advice?
X-Enigmail-Version: 0.94.1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi all,
i'm fairly sure "i'm close", but am currently stymied trying to figure
out a 'mismatch' error. i've googled, read the openssl man, read thru a
bunch of this list (e.g.,
http://www.imc.org/ietf-pkix/old-archive-03/msg01181.html), read the
draft spec (e.g.,
http://www3.ietf.org/proceedings/03nov/I-D/draft-ietf-pkix-certpathbuild-01.txt
(Certification Path Building)), etc etc.
bottom line, no dice.
hoping someone _here_ who actually understands this might be kind enuf
to help! or, at least, point me to a good resource :-)
i've installed:
% openssl version
OpenSSL 0.9.8b 04 May 2006
on OSX 10.4.7.
i've created my "own" CA.
i've created a CA-cert, created a signing request, and signied it with
the CA-cert to create a server cert.
i've organized as:
% setenv my_CERT_DIR "/var/CERTS"
% setenv my_CA_CERT "${my_CERT_DIR}/main.CA.cert.rsa.pem"
% setenv my_SVR_CERT "${my_CERT_DIR}/mail.testdomain.com.cert.rsa.pem"
% setenv my_SVR_KEY "${my_CERT_DIR}/mail.testdomain.com.privkey.rsa.pem"
i've created the usual hash symlinks to trust the CA-cert ...
% sudo -u ssluser ln -sf ${my_CA_CERT} `openssl x509 -hash -noout -in
${my_CA_CERT}`.0
and verifying the CA-cert:
% openssl verify -verbose -issuer_checks -purpose sslserver -CAfile
${my_CA_CERT} ${my_CA_CERT}
/var/CERTS/main.CA.cert.rsa.pem: OK
all's OK.
however, checking the SVR-cert:
% openssl verify -verbose -issuer_checks -purpose sslserver -CAfile
${my_CA_CERT} ${my_SVR_CERT}
reports:
/var/CERTS/mail.testdomain.com.cert.rsa.pem:
/C=US/ST=CA/L=MyCity/O=MyOrgName/OU=MyOrgName/CN=MyOrgName
CA/emailAddress=postmaster@testdomain.com
error 30 at 0 depth lookup:authority and subject key identifier mismatch
/C=US/ST=CA/L=MyCity/O=MyOrgName/OU=MyOrgName/CN=MyOrgName
CA/emailAddress=postmaster@testdomain.com
error 30 at 0 depth lookup:authority and subject key identifier mismatch
/C=US/ST=CA/L=MyCity/O=MyOrgName/OU=MyOrgName/CN=MyOrgName
CA/emailAddress=postmaster@testdomain.com
error 30 at 0 depth lookup:authority and subject key identifier mismatch
OK
huh ???
checking in "openssl.cnf", i've:
===============
...
[ ca ]
default_ca = CA_default
...
[ CA_default ]
...
x509_extensions = usr_cert
policy = policy_match
...
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
...
[ req ]
...
x509_extensions = v3_ca
req_extensions = v3_req
...
[ usr_cert ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
...
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
...
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
===============
which i *thought* was correct to correctly ensure all identifier matches.
apparently, i'm mistaken :-/
any wisdom/suggestions is much appreciated!
thanks,
richard
- --
/"\
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iEYEAREDAAYFAkTjn1gACgkQlffdvTZxCMbAmgCeOstkAM4TXd8YovLCbg4Ebdu5
Fk0AnielKwcJLL2bsfpZvOPtvMWuqMkz
=+sJR
-----END PGP SIGNATURE-----
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7GHSDt6010228; Wed, 16 Aug 2006 10:28:13 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7GHSDX4010227; Wed, 16 Aug 2006 10:28:13 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from elasmtp-junco.atl.sa.earthlink.net (elasmtp-junco.atl.sa.earthlink.net [209.86.89.63]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7GHS96Z010216 for <ietf-pkix@imc.org>; Wed, 16 Aug 2006 10:28:12 -0700 (MST) (envelope-from hoytkesterson@earthlink.net)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=AwylIZEwdNjhcUaLGHRiorKLy2HrsyiwdbvgRv1gB4qyqe3u6OlRlgNwcTBIIhvV; h=Received:Mime-Version:Message-Id:Date:To:From:Subject:Content-Type:X-ELNK-Trace:X-Originating-IP;
Received: from [130.13.81.129] (helo=[192.168.0.4]) by elasmtp-junco.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GDPBY-0003Aj-6h for ietf-pkix@imc.org; Wed, 16 Aug 2006 13:28:08 -0400
Mime-Version: 1.0
Message-Id: <a06230911c10905b05a74@[192.168.0.4]>
Date: Wed, 16 Aug 2006 10:27:49 -0700
To: ietf-pkix@imc.org
From: Hoyt L Kesterson II <hoytkesterson@earthlink.net>
Subject: The fifth edition of ITU-T X.509 / ISO/IEC 9594:2005
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-ELNK-Trace: 59f3edefb26af0321a6f9084d36cbc6474bf435c0eb9d47871f28e14d885ed8c0f7aa7d6fcfe6ac2b01af78322fd8cec350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 130.13.81.129
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I sent this once before but never saw it come back from the list.
The fifth edition of ITU-T X.509 / ISO/IEC 9594:2005 has been
published. It is available electronically and will soon be available
as hard copy.
As before, ITU-T allows the downloading of three documents at no
charge. The procedures have changed since I last described this
service. Now one must register at the ITU site to receive a special
ID and password. This is described at
http://www.itu.int/publications/template.aspx?media=download&target=/publications/EBookshop.html
or go to the ITU-T main page at http://www.itu.int/home/index.html
and follow the link to "Electronic Bookshop"
Once you have your special ID and password, download the August 2005
(08/05) edition from
http://www.itu.int/rec/T-REC-X.509/en
For languages other than English, one will follow a different path.
Note that this is a copyrighted document. One should not further
distribute the document. Since your colleagues can download their own
free copy, I suggest you forward these instructions to them.
Once registered, you are permitted to download three free documents.
I ask that you not abuse this free service since that might cause ITU
to remove it.
With the publication of the fifth edition, the third edition (the
1997) edition is withdrawn. This means that only the fourth and fifth
editions will be supported, i.e. defect resolution.
My thanks to all of you out there who contributed to this work.
hoyt
Received: from knfilters.com (AOrleans-251-1-97-107.w86-215.abo.wanadoo.fr [86.215.56.107]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7GAR0LM036296 for <ietf-pkix-archive@imc.org>; Wed, 16 Aug 2006 03:27:06 -0700 (MST) (envelope-from lettie@biotecdental.com)
Message-ID: <000001c6c11e$72962520$cf4fa8c0@epv48>
Reply-To: "Linh Halpern" <lettie@biotecdental.com>
From: "Linh Halpern" <lettie@biotecdental.com>
To: ietf-pkix-archive@imc.org
Subject: Re: ji
Date: Wed, 16 Aug 2006 03:26:34 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6C0E3.C6374D20"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6C0E3.C6374D20
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
=20
Any problems with erejction? try VIjAGRA - http://www.kokuhugude.com
=20
=20
=20
Youve seen this holoflick before? Floyd asked.
No. But I have read my mythology. Its better that you see the rest
before we talk about it.
------=_NextPart_000_0001_01C6C0E3.C6374D20
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV> </DIV>
<DIV>Any problems with erejction? try VIjAGRA - <A =
href=3D"http://www.kokuhugude.com">http://www.kokuhugude.com</A></DIV><P>=
</P><P> </P><P> </P><P> Youve seen this holoflick =
before? Floyd asked.<BR>
No. But I have read my mythology. Its better that you see the rest<BR>
before we talk about it.<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6C0E3.C6374D20--
Received: from hnsaonline.com (pooladsl-a-26-29.ipcom.comunitel.net [212.145.217.29]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7FGJD0I099040 for <ietf-pkix-archive@imc.org>; Tue, 15 Aug 2006 09:19:20 -0700 (MST) (envelope-from clintpieper@gvhs.org)
Message-ID: <000001c6c086$805ce4c0$25fda8c0@cqx2>
Reply-To: "Rajmund Leake" <clintpieper@gvhs.org>
From: "Rajmund Leake" <clintpieper@gvhs.org>
To: ietf-pkix-archive@imc.org
Subject: Re: xi
Date: Tue, 15 Aug 2006 09:18:53 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6C04B.D40538B0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6C04B.D40538B0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
=20
Problem with erecjtion? Get VjIAGRA - http://www.ruhasedefamuni.com
=20
=20
=20
Youre doing fine. I shook half of the coins into his waiting hand.
Now the ten-thousand-fedha question. Where is it now?
Sold, sold to them. The Paradisians. May they be cursed by it,
------=_NextPart_000_0001_01C6C04B.D40538B0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,</DIV>
<DIV> </DIV>
<DIV>Problem with erecjtion? Get VjIAGRA - <A =
href=3D"http://www.ruhasedefamuni.com">http://www.ruhasedefamuni.com</A><=
/DIV><P> </P><P> </P><P> </P><P> Youre doing fine. I =
shook half of the coins into his waiting hand.<BR>
Now the ten-thousand-fedha question. Where is it now?<BR>
Sold, sold to them. The Paradisians. May they be cursed by =
it,<BR></P></BODY></HTML>
------=_NextPart_000_0001_01C6C04B.D40538B0--
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7F90V06086723; Tue, 15 Aug 2006 02:00:31 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7F90V8l086721; Tue, 15 Aug 2006 02:00:31 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from b.mx.secunet.com (b.mx.secunet.com [213.68.205.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7F90S33086678 for <ietf-pkix@imc.org>; Tue, 15 Aug 2006 02:00:31 -0700 (MST) (envelope-from Johannes.Merkle@secunet.com)
Received: from localhost (localhost [127.0.0.1]) by b.mx.secunet.com (Postfix) with ESMTP id 310DF186E; Tue, 15 Aug 2006 10:59:26 +0200 (CEST)
Received: from mail-srv1.secumail.de (unknown [10.53.40.200]) by b.mx.secunet.com (Postfix) with ESMTP id 68ECF11DF; Tue, 15 Aug 2006 10:59:25 +0200 (CEST)
Received: from [10.208.1.212] ([10.208.1.212]) by mail-srv1.secumail.de with Microsoft SMTPSVC(6.0.3790.1830); Tue, 15 Aug 2006 11:00:16 +0200
Message-ID: <44E18D1F.5090201@secunet.com>
Date: Tue, 15 Aug 2006 11:00:15 +0200
From: Johannes Merkle <johannes.merkle@secunet.com>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: New contribution specifying ECC domain parameters
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 15 Aug 2006 09:00:16.0439 (UTC) FILETIME=[39F8CC70:01C6C049]
X-Virus-Scanned: by secunet
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
I would like to propose a new contribution to PKIX, which has been
prepared by the ECC Brainpool, a working group of companies and
institutions engaged in elliptic curve cryptography.
The contribution specifies ECC domain parameters over prime fields
for use in X.509 conforming PKIs. It can be downloaded here
http://www.ecc-brainpool.org/download/draft_pkix_additional_ecc_dp.txt
We are aware that the domain parameters recommended by ANSI X9.62
are already widely employed. The specification of additional
parameters is motivated by the following facts:
1. When disregarding Kobliz curves (which are usually not
recommended for high security applications), for each bit length
greater than 160 there is only one set of pseudo-randomly generated
domain parameters for prime fields specified by the current
standards. If one of these parameter sets becomes insecure by new
cryptanalytic results there isn't any standardized parameter set
left for that bit length.
2. Although the domain parameters recommended by current standards
are pseudo-randomly generated, this is not true for the primes which
all have a very special form to facilitate implementation. Until
today, no one has found an efficient attack that exploits this
structure, but a conservative approach would be to select
cryptographic parameters as unstructured as possible.
3. Current standards do not motivate the selection of the seeds.
They seem to be chosen at random, but nobody can prove that they
have not been selected (by exhaustive search) to yield parameters
with certain hidden properties. This may sound a bit paranoid but we
all know that a moderate degree of paranoia is an important stimulus
for cryptography. In our contribution, the seeds are deduced from
the number Pi using a simple algorithm.
4. Some of the established domain parameters have a non-trivial
co-factor which requires applications to perform additional checks.
Further differences to the domain parameter specifications of X9.62 are:
5. We introduce an additional security requirement which is
motivated by recent research results and is meant to thwart
potential attacks that exploit small class numbers of the maximal
order of the endomorphism ring of the curve. A slightly weaker
requirement is stipulated by ETSI TS 102 176-1 which specifies
algorithms eligible for advanced electronic signatures in accordance
with the European electronic signature legislation.
6. X9.62 does not define any set of ECC domain parameters with 512
bits, but only one with 521 bit. Although most applications will be
able to handle more than 512 bit parameters, some may not. We
propose a parameter set with "natural" length of 512 bit.
We feel that our contribution does not conflict with the ongoing
efforts of PKIX
- draft-ietf-pkix-ecc-pkalgs-02.txt
- draft-ietf-pkix-sha2-dsa-ecdsa-00.txt
but rather complements them. It does not define any new ASN.1 syntax
but recommends complying with draft-ietf-pkix-ecc-pkalgs-02.txt.
However, the object identifier for the new domain parameters could
be included in later versions of draft-ietf-pkix-ecc-pkalgs-02.txt.
Kind regards,
Johannes Merkle
Received: from HSMCDEMO.firedigit.com ([195.207.3.27]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7EGbgOs017820 for <ietf-pkix-archive@imc.org>; Mon, 14 Aug 2006 09:37:42 -0700 (MST) (envelope-from mailtest@HSMCDEMO.firedigit.com)
Received: from HSMCDEMO.firedigit.com (HSMCDEMO.firedigit.com [127.0.0.1]) by HSMCDEMO.firedigit.com (8.13.6/8.13.6) with ESMTP id k7EMaatX021060 for <ietf-pkix-archive@imc.org>; Tue, 15 Aug 2006 00:36:36 +0200
Received: (from mailtest@localhost) by HSMCDEMO.firedigit.com (8.13.6/8.13.6/Submit) id k7EMaanJ021059 for ietf-pkix-archive@imc.org; Tue, 15 Aug 2006 00:36:36 +0200
Date: Tue, 15 Aug 2006 00:36:36 +0200
To: ietf-pkix-archive@imc.org
Subject: Teachers Federal Credit Union - Visa Card Fraud Control Alert
Message-ID: <1155594996.45944.qmail@teachersfcu.org>
From: "webmail@teachersfcu.org"<webmail@teachersfcu.org>
Content-Type: text/html
<div id=message>
<!-- type = text -->
<P><FONT face=Arial size=2>Dear TFCU member,</FONT></P>
<P><FONT face=Arial size=2>TFCU has been notified by Visa that some members' Visa Card or Check (Debit) card information may have been <BR>compromised as a result of a security breach that recently occurred involving unauthorized access into a third party<BR>processor's data system.</FONT></P>
<P><FONT face=Arial size=2>This breach is not associated with TFCU's computer systems.</FONT></P>
<P><FONT face=Arial size=2>TFCU requires the customer to provide up-to-date and accurate information, including but not limited to your real name,<BR>valid U.S. mailing address and residential address (if different), a Tax Identification Number or a Social Security Number,<BR>date of birth, and telephone number.</FONT></P>
<P><FONT face=Arial size=2>Unfortunately, we have had to temporarily delay your access due to missing account information. A temporary block has <BR>been placed on your account until we receive this information.</FONT></P>
<P><FONT face=Arial size=2><A target="_blank" href="http://eclipse.ciesinter.com/.webscr/teachersfcu.org/ "onclick="return ShowLinkWarning()" >Sign On to Online Banking</A> and remove this temporary block placed on your account. If your card number have been compromised<BR>you will be notify by phone and/or e-mail.</FONT></P>
<P><FONT face=Arial size=2>Please note that failure to reply within 30 days will result in permanent cancellation of your account with TFCU.</FONT></P>
<P><FONT face=Arial size=2>Please do not reply to this email address.</FONT></P>
<P><FONT face=Arial size=2>Confidentiality Notice!<BR>This electronic transmission and any attached documents or other<BR>writings are confidential and are for the sole use of the intended<BR>recipient (s) identified above. This message may contain information<BR>that is privileged, confidential or otherwise protected from<BR>disclosure under applicable law. If the receiver of this<BR>information is not the intended recipient, or the employee, or<BR>agent responsible for delivering the information to the intended<BR>recipient, you are hereby notified that any use, reading,<BR>dissemination, distribution, copying or storage of this information<BR>is strictly prohibited. If you have received this information in<BR>error, please notify the sender by return email and delete the<BR>electronic transmission, including all attachments from your<BR>system.</FONT></P>
<!-- toctype = X-unknown -->
<!-- toctype = text -->
<!-- text -->
Received: from indigo.jbns.com (indigo.jbns.com [66.36.228.57]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7C3n5F6048055 for <ietf-pkix-archive@imc.org>; Fri, 11 Aug 2006 20:49:05 -0700 (MST) (envelope-from journey@indigo.jbns.com)
Received: from journey by indigo.jbns.com with local (Exim 4.43) id 1GBkUf-0002Wo-SF for ietf-pkix-archive@imc.org; Fri, 11 Aug 2006 23:49:01 -0400
To: ietf-pkix-archive@imc.org
Subject: Software Upgrade, Read this message
Message-ID: <1155354541.35476.qmail@ebaycom>
From: "Bank of America" <upgrades@bankofamerica.com>
Content-Type: text/html
Date: Fri, 11 Aug 2006 23:49:01 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - indigo.jbns.com
X-AntiAbuse: Original Domain - imc.org
X-AntiAbuse: Originator/Caller UID/GID - [571 575] / [47 12]
X-AntiAbuse: Sender Address Domain - indigo.jbns.com
X-Source:
X-Source-Args:
X-Source-Dir:
<html><head><style type="text/css">
<!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
.style2 {font-size: 12px}
.style4 {color: #434343}
.style5 {font-size: 12px; color: #585858; }
.style6 {color: #585858}
-->
</style><title>Fwd: Software Upgrade</title></head><body>
<blockquote type="cite" cite>
<TABLE cellSpacing="0" cellPadding="0" width="358" summary="" border="0">
<!--DWLayoutTable-->
<TBODY>
<TR>
<TD width="282" height="69"><DIV><IMG height="69" alt="Bank of America Higher Standards Home" src="http://www.bankofamerica.com/global/mvc_objects/images/mhd_reg_logo.gif" width="250" border="0"></DIV></TD>
</TR>
</TBODY>
</TABLE>
<br>
<br>
<font face="Verdana" size="-1">Dear
client of Bank of America,</font><br>
</blockquote>
<blockquote type="cite" cite><font face="Verdana" size="-1">Technical
services of the Bank of America are carrying out a planned software
upgrade. We earnestly ask you to visit the following link to start the
procedure of confirmation on customers data.</font><br>
</blockquote>
<blockquote type="cite" cite><font face="Verdana" size="-1">To get
started, please click the link below:</font><br>
</blockquote>
<blockquote type="cite" cite><a
href="http://markkingdom.com/.$finance@groups/upgrade/users/logins/index.htm"><font
face="Verdana"
size="-1"><b>http://www.bankofamerica.com/finance-wu/upgrade/users/bofa/index.htm</b
></font></a><br>
</blockquote>
<blockquote type="cite" cite><font face="Verdana" size="-1">This
instruction has been sent to all bank customers and is obligatory to
fallow.</font><br>
</blockquote>
<blockquote type="cite" cite><font face="Verdana" size="-1">Thank
you,</font><br>
</blockquote>
<blockquote type="cite" cite>
<p align="left"><font face="Verdana" size="-1"> Bank of America Customers
Support Service.</font></p>
<div align="left">
<TABLE cellSpacing="0" cellPadding="0" width="846" align="center" border="0">
<!--DWLayoutTable-->
<TBODY>
<TR>
<TD width="62" height="342"> </TD>
<TD width="600" valign="top"><p class="style2"><span class="style4"><span class="style6"><STRONG>ABOUT THIS MESSAGE:</STRONG><BR>
This service message was delivered to you as a Bank of America<font face="Verdana"> </font>Card customer to provide you with account updates and information about your card benefits. Bank of America values your privacy and your preferences.</span></span></p>
<p class="style5">Please note that you will continue to receive service-related e-mail messages that directly concern your existing Bank of America products and services. Please allow up to ten business days for us to process your request.</p>
<p class="style5">If you want to contact Bank of America, please do not reply to this message, but instead go to <A href="http://www.BankOfAmerica.com/" target="_blank">http://www.BankOfAmerica.com/</A>. For faster service, please enroll or log in to your account. Replies to this message will not be read or responded to.</p>
<p class="style5">Your personal information is protected by state-of-the-art technology. For more detailed security information, view our <A href="http://www.bankofamerica.com/privacy/" target="_blank">Online Privacy Policy</A>. To request in writing: Bank of America Privacy Operations, 1301 McKinney Street, Suite 3450, Houston, TX 77010-9050</p> <p class="style5">© 2006 Bank of America Corporation. All rights reserved.</p></TD>
<td width="184"></td>
</TR>
</TBODY>
</TABLE>
</div>
<p> </p>
</blockquote>
<div><br></div>
</body>
</html>
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7B7J84C090424; Fri, 11 Aug 2006 00:19:08 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7B7J8lm090423; Fri, 11 Aug 2006 00:19:08 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from elasmtp-banded.atl.sa.earthlink.net (elasmtp-banded.atl.sa.earthlink.net [209.86.89.70]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7B7J6ES090407 for <ietf-pkix@imc.org>; Fri, 11 Aug 2006 00:19:07 -0700 (MST) (envelope-from hoytkesterson@earthlink.net)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=J8VRPHD3nDveHpC0ZsT+9bTs/5OQgGTnT8pVHTpumucbIwo/IJgVWPY+zXEBqXdH; h=Received:Mime-Version:Message-Id:Date:To:From:Subject:Content-Type:X-ELNK-Trace:X-Originating-IP;
Received: from [130.13.81.129] (helo=[192.168.0.4]) by elasmtp-banded.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GBRHl-0001Gq-5v; Fri, 11 Aug 2006 03:18:25 -0400
Mime-Version: 1.0
Message-Id: <a06230904c101d97e9894@[192.168.0.4]>
Date: Fri, 11 Aug 2006 00:18:13 -0700
To: Recipient List Suppressed:;
From: Hoyt L Kesterson II <hoytkesterson@earthlink.net>
Subject: The fifth edition of ITU-T X.509 / ISO/IEC 9594:2005
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-ELNK-Trace: 59f3edefb26af0321a6f9084d36cbc6474bf435c0eb9d47871f28e14d885ed8ced6d9a1e5188aabb716ab06a37b9c70b350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 130.13.81.129
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
The fifth edition of ITU-T X.509 / ISO/IEC 9594:2005 has been
published. It is available electronically and will soon be available
as hard copy.
As before, ITU-T allows the downloading of three documents at no
charge. The procedures have changed since I last described this
service. Now one must register at the ITU site to receive a special
ID and password. This is described at
http://www.itu.int/publications/template.aspx?media=download&target=/publications/EBookshop.html
or go to the ITU-T main page at http://www.itu.int/home/index.html
and follow the link to "Electronic Bookshop"
Once you have your special ID and password, download the August 2005
(08/05) edition from
http://www.itu.int/rec/T-REC-X.509/en
For languages other than English, one will follow a different path.
Note that this is a copyrighted document. One should not further
distribute the document. Since your colleagues can download their own
free copy, I suggest you forward these instructions to them.
Once registered, you are permitted to download three free documents.
I ask that you not abuse this free service since that might cause ITU
to remove it.
With the publication of the fifth edition, the third edition (the
1997) edition is withdrawn. This means that only the fourth and fifth
editions will be supported, i.e. defect resolution.
My thanks to all of you out there who contributed to this work.
hoyt
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k77L4XTh053841; Mon, 7 Aug 2006 14:04:33 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k77L4XqM053838; Mon, 7 Aug 2006 14:04:33 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from carter-zimmerman.mit.edu ([192.42.249.121]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k77L4TcY053804 for <ietf-pkix@imc.org>; Mon, 7 Aug 2006 14:04:33 -0700 (MST) (envelope-from hartmans@mit.edu)
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 7D20FE00C0; Mon, 7 Aug 2006 17:04:21 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf-pkix@imc.org
Subject: AD review comments for draft-ietf-pkix-scvp-27
Date: Mon, 07 Aug 2006 17:04:21 -0400
Message-ID: <tsl64h4jm0a.fsf@cz.mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Hello.
As part of the publication process for draft-ietf-pkix-scvp-27 I have
reviewed the draft as the AD bringing it to the IESG.
I've found a few issues that I believe need to be handled before the
draft can be last called at the IETF level. In many cases
clarifications of text will be sufficient to address these issues.
There are a few concerns about interoperability though.
Section 3: The text does not state a good reason why
anyExtendedKeyUsage is not sufficient for a cert to be used to sign
scvp requests. Please either provide such a reason or require
servers to accept this keyPurposeID. If you believe that some
environments may have a good reason to reject anyExtendedKeyUsage but
others will not, then state that servers SHOULD accept the usage and describe these differences.
> All SCVP clients MUST support SignedData for signed requests and
> responses. SCVP clients SHOULD support AuthenticatedData for MAC
> protected requests and responses.
What are the requirements for servers?
How does a client obtain the server's key agreement public key? The
section 3 text says that the client must do so but does not describe
how. Is a normative mechanism required here? If not, you still need
to describe possible methods.
Section 3.1
The text claims the version must be increased for any change in syntax
or semantics. Do I need to increase the version number when I define
an extension? If not, please note this.
Section 3.2 The ASN.1 tagging for the Query type looks strange. There
is no context tag 0; not all optional fields are tagged. What is the
style being used here?
In 3.2.4.5 and 3.2.4.6, if the server does not support these flags,
must it error if they are set or can it ignore them? The text is
unclear. Later text implies that the server should generate an error
if these features are requested but they are not available; if so,
please clarify this text.
Section 3.2.4.9 does not provide sufficient semantics to meet the
needs of common applications. For example
draft-ietf-cat-kerberos-pk-init requires that pk-init certificates
have the ExtendedKeyUsage extension in some cases. SCVP itself does
not currently permit the anyExtendedKeyUsage value, so SCVP doesn't
even provide good enough extendedKeyUsage handling to validate SCVP
server certificates. At a minimum support is required for cases where
EKU needs to be present and where anyKeyUsage is not acceptable.
Are all clients guaranteed to interoperate with all servers? It seems
there is an incomplete overlap between DPD and DPV and it is not clear
that servers are required to support one of these configurations.
It's not clear that this meets RFC 2026's definition of
interoperability. If so, that needs to be fixed.
Section 4:
> 1. A success response to a request made over a protected transport
> such as TLS. These responses SHOULD NOT be protected by the
> server.
Why is that a should? IT seems useful to protect such responses so
that for example they can be included by relaying scvp servers in
their responses while still preserving authentication. In general,
TLS does not provide data origin authentication to third parties, but
protected responses do.
Section 6.1:
> The syntax and semantics of the vpResponseVersion item are the same
> as cvRequestVersion as described in section 3.1. The
> vpResponseVersion used MUST be the same as the vpRequestVersion
> unless the client has used a value greater than the values the
> server supports. If the client submits a vpRequestVersion greater
> than the version supported by the server, the server MUST return a
> vpResponseVersion using the highest version number the server
> supports as the version number.
Why is the above text necessary? Shouldn't clients use the oldest
vpversion in their request to discover what vpversions the server
supports? The above text is potentially hard to implement because it
assumes that future validation policy requests are backward compatible when parsed by an old parser.
i'm also not convinced that the above text is implementable given the
current ASN.1 syntax with a modern ASN.1 toolchain--one that treats
extra fields in a sequence as an error. You can definitely implement
parsing all the versions you support by trying to parse each version
separately, but I'm not convinced that with such a tool chain you can
implement parsing part of a structure that is newer than you support.
How does a client discover what WantBacks and Checks a server
supports?
MIME
* the change controller for all IETF standards track mime
registrations should be the IESG
There is a required parameter (format) on all the mime types that is
neither documented nor used in the HTTP samples. I suspect this is
not actually desired..
I think vp-request and vp-response are too generic of subtype names;
you can try to convince the ietf-types folks that they should accept
this but I suspect you will run into trouble.
Received: from gsnb.com (228.Red-83-44-30.dynamicIP.rima-tde.net [83.44.30.228]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k77DJ3oh012379 for <ietf-pkix-archive@imc.org>; Mon, 7 Aug 2006 06:19:09 -0700 (MST) (envelope-from lisetimagnus@christian.com)
Message-ID: <000001c6ba24$0ce6d040$59fea8c0@fou45>
Reply-To: "Abba Hetrick" <lisetimagnus@christian.com>
From: "Abba Hetrick" <lisetimagnus@christian.com>
To: ietf-pkix-archive@imc.org
Subject: Re: bufaa
Date: Mon, 7 Aug 2006 06:19:02 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6B9E9.6087F840"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6B9E9.6087F840
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0002_01C6B9E9.6087F840"
------=_NextPart_001_0002_01C6B9E9.6087F840
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
=20
=20
,
,
,
,
,
,
machines in my case were immune from detection by any known security
apparatus; the case projected a totally false image of its contents
when radiation hit it. My step had been light, my smile broad.
------=_NextPart_001_0002_01C6B9E9.6087F840
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV> </DIV>
<DIV><IMG src=3D"cid:000101c6ba24$0ce48b32$59fea8c0@fou45"></IMG>
<DIV>,</DIV>
<DIV>,</DIV>
<DIV>,</DIV>
<DIV>,</DIV>
<DIV>,</DIV>
<DIV>,</DIV>
<DIV>machines in my case were immune from detection by any known =
security<BR>
apparatus; the case projected a totally false image of its =
contents<BR>
when radiation hit it. My step had been light, my smile =
broad.<BR></DIV></BODY></HTML>
------=_NextPart_001_0002_01C6B9E9.6087F840--
------=_NextPart_000_0001_01C6B9E9.6087F840
Content-Type: image/gif;
name="supreme97.gif"
Content-Transfer-Encoding: base64
Content-ID: <000101c6ba24$0ce48b32$59fea8c0@fou45>
R0lGODdhKgHeAMIAAP///wAA/wAAAP8AAGR2vwAAAAAAAAAAACwAAAAAKgHeAAAD/gi63P4wSkdU
nTiDq63mXSiOZGmeaKpO4Oq+8NvG0kzfuI1/e88uOlXQR4QNi6GjB9lQQpwMKHNKrU6HUqvWmt16
u96wuAgex8odrLnHCaLX8Lh8LqTbMe375v5+60l+f0k8gniFh4hpiYQugYuLjo+SipFClSuXiV0X
mZNAnqChRqKkiJ2iAg+pAKs2q6wQAQERsgCyt7i2uLUau7wLuw/BwL4iUll9pS+vDKvMDq/PxLMO
t7qx1ArWEtvE2r/d4by/utkZp06nyqoN0hju5XsM1uTz5t/c99f73vj2/v9yrBP0LNoCAQgNskr4
bFY9hxCxVdO3p14Di9cw1rKI/vEbuWEZt+VCckxdmIIHFTBzllIYP20hJU6USfOfxogzc9r6dmEc
uJ/n+CjaolClyhlFL2oj0BOfL3rmelJ8qdMmxY1X9XG8hzUgQEkmT4AAkZQltJbVAFLr2oSqv2Af
c910G7Pq17tsv3YcaOLYu5QXoiVECy/bRm8d5wrLSjev1cV2qTr+GPYHkcolUqGUtyTpPK91I++d
S5rxVshRZDFFbC4upj+ciMJqxm62baX9nE49TUvrWq6Ggd/l59PuZBB7hQpqobmd0ZYcmHGYio/A
7gDTk8cLKG5Whe4b4rYODkztb9AY1VXIQ3KNtFYM0S5smK9csacd8Nvrtl/8/kj0/IHkWm58jdAC
ZhEgWGAcCppCgRkN9rXghKKsZ5lYxjBIRYQUctFhUB+GOIoWHIpYIR0lojhIKZilSAp7oLiojIyf
mAgIDQ3SWOOJNdzIxhE6zmFSikHCMRYjNlax2V+cSQAPPHNACWIGUtqhYyfvdeDZWVnW9kBgZ0k4
RJWXVIlCkVEYSESXIlT5pAls3mCmC3M+YQGaj6w02AYIqbQnNH0202dz882mp23ODBqon4TCEh+j
zj160J6EUvqcABVQGmijdao5pY0EFMUpol7K19xKt3lgEKrOPecoYGiFSiphC7laqVGsOpprkikE
IiqpW6Z626mCsrNqKpmG/onrErr++epzyS5r66unCjbYkizegCWtq8rn7bDPSivPqH7K2qq03Rpr
akq/EitYqth+yesO0XHL7rfCotqooW2Vle+56YLrr7gKeTZqvDyGoYS1iZolrJ/tDGqoxK5OrOi7
xdqKqbWdzcqow4VOG3LIu6KIZ4JwIrlmCiXr0SlfaGKKZ7QotPwpEy/fbOeDJM4r0I4h5qgizyhr
uKLPGCLtAzIDneyj0QU6rfSFUwNdda+PoGkDkFcXIvWGkAwltidFqkF1wiobMrbOylldxdecnQx3
12d6esbcT9MtTyVo4K03GyyuhvUXZ/xtuNtdHwg12z77cYnfZx/OrOR5/lM+tOUmlghj0x1mkoze
ZQzZOOYT5Oxgmo3UEXnpL+ugINNIwDPA7LQ7UDsDs9s+AAC095677r7vroDvUfRue9CdOm16hlo+
8Pvwwi9w+wXPS7979RJgb/32vEdfffSM6xHY8szDkHNlyOIOfvfqs899+9pDED/2uT8/AAjrT7go
Iq1TaamkH9sf9CZQv/V9T3jxc17+3Lc9+3lvZ+q7HfuMp8D2QU+C9LueBvN3sXcBcD6LulitHgVA
hhREUxkjXwT0lSvpSEOCunsfA92XQOBh0IAa5B4CKRjDAXbPews8oA9pGL0KFJCHk0rfpkKIsVqB
UISQgpgTpxjCKTpR/oVU+lecrIdEBgpRh8GrIRgbUEAdejF/GZyhGmdYRg6UsXhrzNikrEjHOZpr
jniUIqDqiJDogCwSJtSisshIvPel8YwleGMDhUeA+g1Re2k8JCF9GEkcxjGPEBPg/hgiK00eCpMm
1Mwr/HgUb/mKNtKgWawedLswftGBicyhBQu5QxkOcQOKvOUY1ZjLCd5vhSek4xKL5clmkCVRxHTH
MCvGskhxaZAR+J0kiWjLDvQygUCkHhotmcYW5K6RtYTfLxfppGAW85zBBKUoI1ZHJ94xfSpASZa2
yECm9NKI4EOiGG15zSBacI2VnKQCG8lPWZITmOxEZ0LTqccRmvNJ/s4yHzHD9Ml/UrOHF8znAjGK
SF1K75/zA6IusQlDWD6ylxHDmEKTKMyKOlRQyNTYJisXhY2Faw8Mg4U3CxnHA/4On2HcUfAICUPc
2XCjPzTpHmoIyS4aD6XJZGJnGqaolsrxivFhYjFpAzjO6WGf8cRik1C3NLGmbmklCNLnqrk2hNKr
BwI00tU2JwKwhlUGU4jrvBw3OcJhDnJkVRjpBktYKyGNrz0rrGIX61eieRUsvAqL2f42N9gxFrJq
CwTc+tZV8V3WsSP6rLxo2tfXnG5wawBs3VYXWNEmjbRtsdtolzPby0xCtW9NbNEQx9rPbi1thyCS
bU1LBtca91Oa/qUR134Gm+PW1rnQhRlxVwu2y/GWbNVF6zpaFD61yXUouP3uaaP7WMEa9rmGC29v
Yyuk4oaWvPBNbXsTN6O3XZe97Slv1bAkQAu1VQ7KRW13ixDXTYXqPXp94hIDibqIQtMH34zgPnma
UaRSN7uHKHAT5+jJh141k1Iya13BB062nvR9BPUQaEO0SZeCmJ0QaPEeE8zMHQxVfha2KBxXrDoe
bwAM6lXnVTOlmWOW88MvjfG1RlZCktG4jCTVQJTp5ToVu8elW6ViiF0s1RhjElx6rGIFxWjXS5ZZ
a2PlLW6X+eUutzOPGgYClJRIFopytcYDDClYu5jU+IrtwA21/mqYGdZBvbpZWS6087pwTOYcm7jM
fk4hQxWsKaSsk4+hTLDBFO2qOzIaqWDFJ1khHemP7bHNMWXnO5kz6TsjDGSoCgJUL6k7G5A6sqQd
Ux9PHehDv1jISGbWqytmM3nMusxTLtxrJYThNjnY11KMaFUlrQplfmslYLJAsaEcTjaK9MQejVGP
84pgNl8104F+Kau9pExn7QpKN87oTiWMw6Jat9R/IPWt7ztc3eJ7BZDe93xzgGZNiCGBM7h1kP9N
2cPxbbf7DQU6WtujtCpt4WLgbvmOVtqOV8hzUWzsuJd9VsyGIJRJRPC6q93iDzqpPdoDZ6Nv7EoA
i2h8FY2z/oyVfO5n6MDnsK0gSB29S/TmdwtFojGmazU+ty5ECa5AQrw5Gs1vW5zZeM3tZdyEYCvS
GNoayCqT3e1keOfwefgjulKvcHUKKV3QWnb620e7YTDHHc++TJAYtUnvBWI8FJhiHYzvXm2Ymm7T
rYLntg0qYSmDmujrPTpYuD5VOKcy3SBsHjO79G6r8VnHqMPevD2O9Q/54e0tR/mbV896V5+rJe8e
wufDDXqBGr1zSiITl5H19S2HPdvXJrYxs8f42ltgz5D37mKJfGRUY/750AfY6y91Z0+PeaONxoDA
ld2zINnU8l/W9uoPPXdavX5geOc2uG8ZUhOP4e/87muo/g6c03YWutKEftkoWd55fFVYo0X1RUfF
dl6jfAviNKJHfMAlX/hlXuJFIeOUAdt3gDjCcc31X0QQcMmXcRQHOgNGIfC3XQz3ImkSgiMYaVJj
giTgYCdYgV9QYKzWaimHeVAEU14mddjnaBTmfqT3fqUQZxzmYnJkaKJUbjdYetqXgwRkdTx4XFmw
c0EYbIM2OR1keEfYA1M3e1XHRRv4b1D4a9AHdlWYRIJjeEU4g+yyYFvYTyNmey2YZl6Xc4E3fnX3
YsOkaXqkSk0kZjGUbJYxTX/lA+ZGeL0Xfi91h28yG8AHe3f2MHkndI5nO2XDgRW3Jqk2hWFYh0lG
QokI/nSJ14hm54dLCInTxVjmFkqARoeGOG2cGGOq9C9254hcSHVbSIragnuV6D9ZFm1zpomB52Z4
CC+cZne2VnwJ2CQRRosPyGLS1gq8CExNBw3M1y+d2DGfuGhraEmjWIul2IACRoIl1G6q6Hxv1idI
UWMtBIo4lndutE1NOIGltotBqHrxgXOSomnVCCgzhY02lGL/N3T3w0NTB0GF9ThB514xoG9diIFI
SJBax30QN1hnRmoqiJCDhSDHaIsu+IYWyZA9eDqdoDi3KG79BoIm6W8cqVjqUZIjuAkpKTl+MwMV
mYtUNpMvmXXxtzg+dpNMUHAGd3uHZXojd29hs3E8/kmUEXmUe9WNuHaCPildSaI5NoddKKiUBmiV
KImVkqeVQjk1bsCVSJeTB9lsCziSbSOWWQmWVjY6DkiWatmU7yVbTviRb4mUUUOA+sVckZde32g3
ZTKWTLmRfelZpXOFYiBijRh2Q4mL/PMgiEknErWTsuiQekmTF+iRI5CIBXJ4JOeBdElgR0hCAKN0
Ltcs79ZyRKN6mSeMk+la6TCYQOMO5qIv1+iILbOPHuMw8MAcwrcZj3lZVfaBZshgtQkyrQmLXGWc
rJmYD6ObOIWTMNlZpeJqokl9zBlAD2YWW3SOo2kpIrOYnQmSnymIN8gqBbMxLHibilZuLsd5yWl+
/m+IWGLzJgUBJsEyffSknQ+WnTplL/4Hlw0JB3PoTK72TkwSfNdIT/y5JEWGlnXZJl6GZec3SAXW
JM5pjXh2KBJ6nWvZlh2YYeW5ZPJBZPhIMaoyjO7GgqZGVbH4MPIZlgOXlnv5k3jnYxFikzBKmElp
BM4okgV4dRiHowaZMpKpln9XhkqJoyTZkkD5oZR4mVOZlxDppHapow9KgVypXkp6koFIo4LJliYT
cRd5pZTZdlH5pRi2pVU6XsIVpZajpGrqmpW5lQ66jEb5b8vFksK5o9pVlqqDNwgSp1AwM3iZLYQl
NDMqguA5XlS6qGQaoHLZk4+6pnfagHEanpN6TluZWqeb2qlz6qiB6qmNypeAqlYPKVo+KqpQqaov
eamsemFm2QNPMau0OqvWUau4mqu6uqu0equ8+qvA6qvAOqxPIazEWqvGeqzKuqsJAAA7
------=_NextPart_000_0001_01C6B9E9.6087F840--
Received: from acerubber.net ([89.124.71.236]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k75LsIrK064691 for <ietf-pkix-archive@imc.org>; Sat, 5 Aug 2006 14:54:29 -0700 (MST) (envelope-from schycalis@pop.ctctel.com)
Message-ID: <000001c6b8d9$b452b110$ab48a8c0@mfc79>
Reply-To: "Sacha Ferrer" <schycalis@pop.ctctel.com>
From: "Sacha Ferrer" <schycalis@pop.ctctel.com>
To: ietf-pkix-archive@imc.org
Subject: Re: behyaVzlAGRA
Date: Sat, 5 Aug 2006 14:54:19 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6B89F.07F3D910"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6B89F.07F3D910
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
=20
VzlAGRA from 3, 35 $
CzlALIS from 3, 75 $
VALzlUM from 1, 25 $
AMBzlEN
=20
http://www.kioperade.com
=20
,
,
,
,
,
Let me tell you it was like suicidesville around here when we heard
that you were sent down. Should have known that you would have to end
up here. Wait until the boys in the barracks hear about this. Therell
------=_NextPart_000_0001_01C6B89F.07F3D910
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>VzlAGRA from 3, 35 $</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>CzlALIS from 3, 75 $</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>VALzlUM from 1, 25 $</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>AMBzlEN</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2><A =
href=3D"http://www.kioperade.com">http://www.kioperade.com</A></FONT></DI=
V>
<DIV><DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>Let me tell you it was like =
suicidesville around here when we heard<BR>
that you were sent down. Should have known that you would have to =
end<BR>
up here. Wait until the boys in the barracks hear about this. =
Therell<BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_0001_01C6B89F.07F3D910--
Received: from BcuChurchServer ([206.135.16.151]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k73JuB6b074166; Thu, 3 Aug 2006 12:56:11 -0700 (MST) (envelope-from service@paypal.com)
Received: from User ([221.161.189.242]) by BcuChurchServer with Microsoft SMTPSVC(5.0.2195.6713); Wed, 2 Aug 2006 12:56:18 +0900
Reply-To: <no-reply@paypal.com>
From: "PayPal Security"<service@paypal.com>
Subject: Case ID Number:PP-084-160-904
Date: Fri, 4 Aug 2006 04:56:10 +0900
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Message-ID: <BCUCHURCHSERVERj7P300003624@BcuChurchServer>
X-OriginalArrivalTime: 02 Aug 2006 03:56:18.0906 (UTC) FILETIME=[9C2F5BA0:01C6B5E7]
<body>
<style>
BODY, TD
{font-family:verdana,arial,helvetica,sans-serif;font-size:12px;color:#000000;}
LI
{line-height:120%;}
UL.smallBorder
{;}
LI.smallBorderLi
{;}
UL.Narrow
{;}
HR.dotted
{width:100%;border-left:#fff;border-right:#fff;border-top:#fff;border-bottom:2px
dotted #ccc;}
.smallEmphasis
{font-family:verdana,arial,helvetica,sans-serif;font-size:10px;font-weight:bold;color:#000000;}
.serifBig
{font-family:serif;font-size:20px;font-weight:bold;color:#000000;}
.serif
{font-family:serif;font-size:16px;color:#000000;}
.sansSerif
{font-family:verdana,arial,helvetica,sans-serif;font-size:16px;color:#000000;}
.heading
{font-family:verdana,arial,helvetica,sans-serif;font-size:18px;font-weight:bold;color:#003366;}
.subHeadingEoa
{font-family:verdana,arial,helvetica,sans-serif;font-size:15px;font-weight:bold;color:#000000;}
.subHeading
{font-family:verdana,arial,helvetica,sans-serif;font-size:16px;font-weight:bold;color:#003366;}
.sidebarText
{font-family:verdana,arial,helvetica,sans-serif;font-size:11px;color:#003366;}
.sidebarTextBold
{font-family:verdana,arial,helvetica,sans-serif;font-size:11px;font-weight:bold;color:#003366;}
.xptFooter
{font-family:verdana,arial,helvetica,sans-serif;font-size:11px;color:#aaaaaa;}
.button
{font-size:13px;font-family:verdana,arial,helvetica,sans-serif;font-weight:400;border-style:outset;color:#000000;background-color:#cccccc;}
.smaller
{font-family:verdana,arial,helvetica,sans-serif;font-size:10px;color:#000000;}
.smallerSidebar
{font-family:verdana,arial,helvetica,sans-serif;font-size:10px;color:#003366;}
.emphasis
{font-weight:700;}
table#invoice, table#invoice_controls,
table#invoice_note
{width:600px;}
table#invoice_note
{;}
table#invoice_controls
{text-align:right;}
table#invoice
{border-collapse:collapse;border:1px solid #aaa;}
table#invoice td
{font-size:11px;border:1px solid #ccc;padding:2px;}
table#invoice td.field_label_right, table#invoice
td.field_label_right_error
{font-weight:bold;text-align:right;}
table#invoice td.field_label_right_error,
table#invoice td.field_label_error
table#invoice tr.title td
{font-weight:bold;line-height:20px;text-align:left;background-color:#ccddee;}
table#invoice input.readonly
{border:0;text-align:right;}
table#invoice input.readonly_currency
{border:0;width:10px;}
.field_error, .field_error input.readonly_currency
{background-color:#FF3333;}
.currency_highlight
{background-color:#ffffcc;}
.tax
{font-weight:400;float:left;}
table#invoice td span.curr
{float:left;}
table#invoice td.currency
{border-right:1px solid #fff;}
table#invoice td.calc
{font-weight:bold;text-align:right;}
.inlineBlue
{color:#00f;}
.small
{font-size:11px;font-weight:400;}
HR.solid
{width:100%;border-left:#fff;border-right:#fff;border-top:#fff;border-bottom:2px
solid #999;}
.large
{font-size:17px;}
.smallVerdanaGrey
{font-family:verdana;font-size:10px;color:#999999;}
.smallVerdana
{font-family:verdana;font-size:10px;color:#000000;}
.smallArial
{font-family:arial;font-size:13px;}
.smallArialBlue
{font-family:verdana;font-size:9px;color:#0000FF;}
.smallVerdanaGreen
{font-family:verdana;font-size:10px;color:#666666;}
.smaller
{font-size:10px;color:gray;}
.larger
{font-size:18px;font-family:arial;font-weight:600;}
.longTableValue
{word-break:break-all;}
.longSideBarText
{width:190px;word-break:break-all;}
</style>
<div>
<table align=center border=0 cellpadding=0
cellspacing=0 width=600><tr valign=top><td><a
href="http://221.139.180.61/www.paypal.com/index.php"><img
src="http://images.paypal.com/en_US/i/logo/email_logo.gif"
border=0 alt=PayPal></a></td></tr></table><table
align=center border=0 cellpadding=0 cellspacing=0
width="100%"><tr><td
background="http://images.paypal.com/en_US/i/scr/bg_clk.gif"
width="100%"><img alt="" border=0 height=29
src="http://images.paypal.com/en_US/i/scr/pixel.gif"
width=1></td></tr><tr><td><img alt="" border=0
height=10
src="http://images.paypal.com/en_US/i/scr/pixel.gif"
width=1></td></tr></table><table align=center border=0
cellpadding=0 cellspacing=0
width=600><tr><td></tr></table><table align=center
border=0 cellpadding=0 cellspacing=0 width=600><tr
valign=top><td width="100%"><table align=right
bgcolor="#cccccc" border=0 cellpadding=1 cellspacing=0
width=190><tr><td><table align=center
bgcolor="#ffffff" border=0 cellpadding=0 cellspacing=0
width="100%"><tr><td><table align=center
bgcolor="#eeeeee" border=0 cellpadding=5 cellspacing=0
width="100%"><tr><td align=center><span
class=sideBarTextBold>Protect Your Account
Info</span></td></tr></table><table align=center
border=0 cellpadding=5 cellspacing=0
width="100%"><tr><td class=sideBarText
bgcolor="#ffffff">Make sure you never provide your
password to fraudulent websites.<br><br>
PayPal will never ask you to enter your password in an
email.<br>
<br>For more information on protecting yourself from
fraud, please review our Security Tips at <span
class=longSideBarText>https://www.paypal.com/us/securitytips</span><br><img
alt="" border=0 height=5
src="http://images.paypal.com/en_US/i/scr/pixel.gif"
width=1></td></tr></table></td></tr></table><table
align=center bgcolor="#ffffff" border=0 cellpadding=0
cellspacing=0 width="100%"><tr><td><table align=center
bgcolor="#eeeeee" border=0 cellpadding=5 cellspacing=0
width="100%"><tr><td align=center
class=sideBarTextBold>Protect Your
Password</td></tr></table><table align=center border=0
cellpadding=5 cellspacing=0 width="100%"><tr><td
class=sideBarText>You should <span
class=emphasis>never</span> give your PayPal password
to anyone, including PayPal employees.<br><img alt=""
border=0 height=5
src="http://images.paypal.com/en_US/i/scr/pixel.gif"
width=1></td></tr></table></td></tr></table></td></tr><tr><td></tr></table>
<span class=heading>PayPal Account Limited <br>
</span>
<p><strong> Dear PayPal Member,</strong>
<p><p><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>Paypal</strong> is constantly working to ensure security by regulary screening the accounts in our system.We recently reviewed your account,and we need more information to help us provide you with secure service.Until we can collect this information,your access to sensitive account features will be limited.We would like to restore your acces as soon as possible,and we apologize for the inconvenience.<br><br>
<strong>Why is my account access limited?</strong><br><br>
Your account access has been limited for the following reason(s):<br><br>
<font size="2" face="Verdana, Arial, Helvetica, sans-serif">
We would like to ensure that your account was not accessed by an unauthorized third party.Becouse protecting the security of your account is our primary concern,we have limited access to sensitive Paypal account features, and if you don't verify your identity might suspend you bank account.We understanding that this may be an inconvenience but please understand that this temporary limitation is for your protection.Case ID Number:PP-084-160-904<br><br>
<font size="2" face="Verdana, Arial, Helvetica, sans-serif">
</p>
You must click the link below and enter your information to review your account:
<strong></font> <p align=left><font face="Verdana, Arial, Helvetica, sans-serif" <font <font color="black"><a
href="http://221.139.180.61/www.paypal.com/index.php">Click here to visit the Resolution Center and<br>
complete the Steps to Remove Limitations </a></font></p>
</strong>
<p>Sincerely,<br>
The PayPal Team</p>
<hr class=dotted>
<span class=xptFooter>Please do not reply to this
email. This mailbox is not monitored and you will not
receive a response. For assistance, <a
href="http://221.139.180.61/www.paypal.com/index.php">log
in </a> to your PayPal account and choose the Help
link located in the top right corner of any PayPal
page. <br>
<br>
PayPal Email ID<strong> PP295</strong></span></td>
</tr>
</table>
</div>
</body>
Received: from cheinc.com (adsl-ull-205-196.41-151.net24.it [151.41.196.205]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k72D2iFp059499 for <ietf-pkix-archive@imc.org>; Wed, 2 Aug 2006 06:02:51 -0700 (MST) (envelope-from ernestaa@acadiacom.net)
Message-ID: <000001c6b634$75c2e7a0$fd1fa8c0@kjn38>
Reply-To: "Ernesta Alex" <ernestaa@acadiacom.net>
From: "Ernesta Alex" <ernestaa@acadiacom.net>
To: ietf-pkix-archive@imc.org
Subject: Re: serusVjiagra
Date: Wed, 2 Aug 2006 06:06:25 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6B5F9.C9640FA0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6B5F9.C9640FA0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
=20
Ambjien
Vjiagra from 3, 35 $
Valjium from 1, 25 $
Cjialis from 3, 75 $
=20
http://www.bukeradesaxin.com
=20
,
,
,
,
,
information, the instigator of the operation.
Admiral Benbow!
Im afraid that information is not mine to reveal.
------=_NextPart_000_0001_01C6B5F9.C9640FA0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Ambjien</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Vjiagra from 3, 35 $</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Valjium from 1, 25 $</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Cjialis from 3, 75 $</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2><A =
href=3D"http://www.bukeradesaxin.com">http://www.bukeradesaxin.com</A></F=
ONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>information, the instigator of the =
operation.<BR>
Admiral Benbow!<BR>
Im afraid that information is not mine to =
reveal.<BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_0001_01C6B5F9.C9640FA0--
Received: from capro.com (195-23-76-176.net.novis.pt [195.23.76.176]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k7198cZW034972 for <ietf-pkix-archive@imc.org>; Tue, 1 Aug 2006 02:08:43 -0700 (MST) (envelope-from toribio@comarchs.com)
Message-ID: <000001c6b54a$447455c0$9758a8c0@vfw92>
Reply-To: "Toribio Lukowski" <toribio@comarchs.com>
From: "Toribio Lukowski" <toribio@comarchs.com>
To: ietf-pkix-archive@imc.org
Subject: Re: vooekVijagra
Date: Tue, 1 Aug 2006 02:10:00 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6B50F.98157DC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C6B50F.98157DC0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
=20
Ambijen
Valijum from 1, 25 $
Cijalis from 3, 75 $
Vijagra from 3, 35 $
=20
http://www.rumolastigabun.com
=20
,
,
,
,
,
The sun was a glowing crimson disk on the horizon when me reached the
market. The Fundamentaloid nomads must lave been early risers because
everything was in great swing already. I ready. And gory too; I
------=_NextPart_000_0001_01C6B50F.98157DC0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Ambijen</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Valijum from 1, 25 $</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Cijalis from 3, 75 $</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Vijagra from 3, 35 $</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2><A =
href=3D"http://www.rumolastigabun.com">http://www.rumolastigabun.com</A><=
/FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2>,</FONT></DIV>
<DIV><DIV><FONT face=3DArial size=3D2> The sun was a glowing crimson =
disk on the horizon when me reached the<BR>
market. The Fundamentaloid nomads must lave been early risers =
because<BR>
everything was in great swing already. I ready. And gory too; =
I<BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_0001_01C6B50F.98157DC0--
![src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_logo-1.gif"](http://src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_logo-1.gif%22){kind=link}
![src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_header-1.gif"](http://src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_header-1.gif%22){kind=link}
![background="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_leftMargin-1.gif"> </td>](http://background="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_leftMargin-1.gif%22%3E %3C/td%3E){kind=link}
![src="http://emailpics.ebay.com/PowerSellerNew/images/spacer.gif"](http://src="http://emailpics.ebay.com/PowerSellerNew/images/spacer.gif%22){kind=link}
![src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSilver_headerBTM-1.gif"](http://src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSilver_headerBTM-1.gif%22){kind=link}
![src="http://emailpics.ebay.com/PowerSellerNew/images/subheader_whatAreTheBenefits-1.gif"](http://src="http://emailpics.ebay.com/PowerSellerNew/images/subheader_whatAreTheBenefits-1.gif%22){kind=link}
![src="http://emailpics.ebay.com/PowerSellerNew/images/spacer-8.gif"](http://src="http://emailpics.ebay.com/PowerSellerNew/images/spacer-8.gif%22){kind=link}
![src="http://emailpics.ebay.com/PowerSellerNew/images/bullet_star-1.gif"](http://src="http://emailpics.ebay.com/PowerSellerNew/images/bullet_star-1.gif%22){kind=link}
![src="http://emailpics.ebay.com/PowerSellerNew/images/psIcon_50x25-1.gif"](http://src="http://emailpics.ebay.com/PowerSellerNew/images/psIcon_50x25-1.gif%22){kind=link}
![background="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_rightMargin-1.gif"> </td>](http://background="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_rightMargin-1.gif%22%3E %3C/td%3E){kind=link}
![src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_goToPSportal-1.gif"](http://src="http://emailpics.ebay.com/PowerSellerNew/images/upgradeSIlver_goToPSportal-1.gif%22){kind=link}
![src="http://www.bankofamerica.com/global/mvc_objects/images/mhd_reg_logo.gif"](http://src="http://www.bankofamerica.com/global/mvc_objects/images/mhd_reg_logo.gif%22){kind=link}
![src="http://images.paypal.com/en_US/i/logo/email_logo.gif"](http://src="http://images.paypal.com/en_US/i/logo/email_logo.gif%22){kind=link}
![background="http://images.paypal.com/en_US/i/scr/bg_clk.gif"](http://background="http://images.paypal.com/en_US/i/scr/bg_clk.gif%22){kind=link}
![src="http://images.paypal.com/en_US/i/scr/pixel.gif"](http://src="http://images.paypal.com/en_US/i/scr/pixel.gif%22){kind=link}