Re: [TLS] the use cases for GSS-based TLS and the plea for

Excuse the cross-post, but this message seems relevant to these lists 
as well as TLS.

Russ

= = = = = = = = =  =

Date: Sat, 28 Jul 2007 04:17:33 +1200
From: pgut001@cs.auckland.ac.nz
To: martin.rex@sap.com
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
Cc: tls@ietf.org

Martin Rex <Martin.Rex@sap.com> writes:
>I spent an hour until I gave up.  All implementations of S/Mime-capable
>MUAs are so horribly broken that even someone with a technical
>understanding runs into brick walls everywhere.

It's not just S/MIME clients.  The PARC study found that people with *PhDs in
computer science* took, on average, over two hours to set up a cert for their
own use (using paint-by-numbers screenshots as instructions), rated it as the
hardest computer task they'd ever been asked to perform, and had no idea what
they'd done to their computer when they were finished.

PKI people who reviewed the paper were shocked at this, since they assumed
that anyone could do it in a few minutes.

(There's lots more like this in the two refs I gave.  HCISec is a real eye-
opener on the real-world effectiveness of security technology :-).

Peter.

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Received: from [78.144.31.237] ([78.144.31.237]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6VIv3Ve074375; Tue, 31 Jul 2007 11:57:08 -0700 (MST) (envelope-from sygbbearingboh@bbearing.com)
Received: from [78.144.31.237] by gtrinc.net; Tue, 31 Jul 2007 18:56:07 +0000
Date: 	Tue, 31 Jul 2007 18:56:07 +0000
From: "Enid Arthur" <sygbbearingboh@bbearing.com>
X-Mailer: The Bat! (v2.00.18) Business
Reply-To: sygbbearingboh@bbearing.com
X-Priority: 3 (Normal)
Message-ID: <890851121.98594312621410@bbearing.com>
To: ietf-pay@imc.org
Subject: Olny this 5 days special price on pharma for you dear customer
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------59EFD3DA059E80"

------------59EFD3DA059E80
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi!!! 
Special proposal for you Our Dear Client!!!
At these 5 days only for our customers unthinkable offer!!! 
On all preparations you want!!!   
Fill in your life with colors of fun!!!  
http://boughtdecimal.cn/ 

Truly yours, 
On-line association of druggists
------------59EFD3DA059E80
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

Hi!!! 
Special proposal for you Our Dear Client!!! 
At these 5 days only for our customers unthinkable offer!!! 
On all preparations you want!!! 
<a href="http://boughtdecimal.cn/" target="_blank">Fill in your life with colors of fun!!! </a> 
http://boughtdecimal.cn/

<strong>Truly yours,<br> 
<em>On-line association of druggists</em></strong></p>

</BODY></HTML>
------------59EFD3DA059E80--

Received: from 2.komnet24.pl (2.komnet24.pl [89.171.192.2] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6U7sEnY071679; Mon, 30 Jul 2007 00:54:16 -0700 (MST) (envelope-from nogbabesmadisonfiw@babesmadison.com)
Received: from 66.241.145.20 (HELO babesmadison.com) by imc.org with esmtp (=GM)Z+(0'>89 R0JH)O) id Q4690N-*D.33B-*H for ietf-pkix-archive@imc.org; Mon, 30 Jul 2007 07:54:11 -0100
Date: 	Mon, 30 Jul 2007 07:54:11 -0100
From: "Mathew Nichols" <nogbabesmadisonfiw@babesmadison.com>
X-Mailer: The Bat! (v2.10) Educational
X-Priority: 3 (Normal)
Message-ID: <437998426.69374068528019@thhebat.net>
To: ietf-pkix-archive@imc.org
Subject: Why be an average guy any longer
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------A7C4092C42CBDAE9"
X-Spam: Not detected

------------A7C4092C42CBDAE9
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

At last, the original thing =96 with no ripoffs! 
P.E.P. are very hot at this time! Well this is the true stuff not a=20=
forgery! 

One of the very prominents, totally unequalled product is on the market=20=
here and there!
 Pay attention to just what people tell about this produce:

"I was impressed how swiftly this product affected on my boyfriend, he=20=
can not stop chatting on how hot he is having such new calibre, length,=20=
and libido!"

Linda F., New York

"At the beginning I decided the gratuitous sample package I got was a=20=
kind of a nasty trick, until I tried taking the P.E.P. Words cannot=20=
describe how satisfied I am with the effects I got from using the patch=20=
for 7 brief weeks. I will be requesting constantly!" 
Steve Doubt, Colorado

Look at more references about this amazing product right here and right=20=
now!
http://www.opirsa.com/?lpagjrovizb
------------A7C4092C42CBDAE9
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Don't get left behind</TITLE>
</HEAD>
<BODY>

At last, the original thing =96 with no ripoffs! 
 
<a href=3D"http://www.opirsa.com/?lpagjrovizb"=20=
target=3D"_blank">P.E.P.</a> are very hot at this time! Well this is the=20=
true stuff not a forgery! 
 
One of the very prominents, totally unequalled product is on the market=20=
here and there!
 Pay attention to just what people tell about this produce:


"I was impressed how swiftly this product affected on my boyfriend, he=20=
can not stop chatting on how hot he is having such new calibre, length,=20=
and libido!"


Linda F., New York


"At the beginning I decided the gratuitous sample package I got was a=20=
kind of a nasty trick, until I tried taking the P.E.P. Words cannot=20=
describe how satisfied I am with the effects I got from using the patch=20=
for 7 brief weeks. I will be requesting constantly!" 

Steve Doubt, Colorado
<center>
<a href=3D"http://www.opirsa.com/?lpagjrovizb" target=3D"_blank">
Look at more references about this amazing product right here and right=20=
now!
</a>
</center>

http://www.opirsa.com/?lpagjrovizb

</BODY></HTML>
------------A7C4092C42CBDAE9--

Received: from vasja-188ed6d56 (customer-196.232.livas.lv [84.245.196.232]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6TBlT9F075445; Sun, 29 Jul 2007 04:47:32 -0700 (MST) (envelope-from sogavayeashenaboh@avayeashena.com)
Received: from 212.97.96.205 (HELO mail2.gbc.net) by imc.org with esmtp (931)F3-Q145+ Q8CA) id 50TY(0--TQ=N--0Q for abuse@imc.org; Sun, 29 Jul 2007 11:51:43 -0200
Date: 	Sun, 29 Jul 2007 11:51:43 -0200
From: "Rachael Tracy" <sogavayeashenaboh@avayeashena.com>
X-Mailer: The Bat! (v3.5.25) Professional
X-Priority: 3 (Normal)
Message-ID: <171489460.34164442968611@thhebat.net>
To: abuse@imc.org
Subject: Don't be inadequate anymore
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------D3ECFFF8BD3710"
X-Spam: Not detected

------------D3ECFFF8BD3710
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

After all the real thing =96 without money tricks! 
P.E.P. are very hot at the time! Well here comes the genuine stuff not=20=
a counterfeit! 

One of the very exceptionals, totally unrivalled stuff is easy=20=
accessible around the world!
 Pay attention to just what people tell on this produce:

"I pleased how fast this product affected on my boyfriend, he can not=20=
stop babbling about how hot he is having such new girth, extent, and=20=
libido!"

Amely S., Chicago

"At the beginning I considered the specimen package I got gratis was=20=
some kind of joke, till I actually tried to take the P.E.P. No words can=20=
describe how greatly pleased I am with the outcome I achieved from using=20=
the remedy after 9 short weeks. I'll be ordering continually!" 
Serge Smith, Chicago

Look at more references about this astounding product right here &=20=
right now!
http://www.ovamet.com/?vaoyqhksukn

------------D3ECFFF8BD3710
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Be the "biggest" out of all your friends</TITLE>
</HEAD>
<BODY>

After all the real thing =96 without money tricks! 
 
<a href=3D"http://www.ovamet.com/?vaoyqhksukn"=20=
target=3D"_blank">P.E.P.</a> are very hot at the time! Well here comes=20=
the genuine stuff not a counterfeit! 
 
One of the very exceptionals, totally unrivalled stuff is easy=20=
accessible around the world!
 Pay attention to just what people tell on this produce:


"I pleased how fast this product affected on my boyfriend, he can not=20=
stop babbling about how hot he is having such new girth, extent, and=20=
libido!"


Amely S., Chicago


"At the beginning I considered the specimen package I got gratis was=20=
some kind of joke, till I actually tried to take the P.E.P. No words can=20=
describe how greatly pleased I am with the outcome I achieved from using=20=
the remedy after 9 short weeks. I'll be ordering continually!" 

Serge Smith, Chicago
<center>
<a href=3D"http://www.ovamet.com/?vaoyqhksukn" target=3D"_blank">
Look at more references about this astounding product right here &=20=
right now!
</a>
</center>

http://www.ovamet.com/?vaoyqhksukn

</BODY></HTML>
------------D3ECFFF8BD3710--

Received: from [213.156.113.156] (113-156.echostar.pl [213.156.113.156]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6SKvpro011250 for <ietf-pkix-archive@imc.org>; Sat, 28 Jul 2007 13:57:53 -0700 (MST) (envelope-from hagatcadbut@atcad.net)
Received: from [213.156.113.156] by mx.atcad.net; Sat, 28 Jul 2007 20:57:54 -0100
Date: 	Sat, 28 Jul 2007 20:57:54 -0100
From: "Amber French" <hagatcadbut@atcad.net>
X-Mailer: The Bat! (v3.71.14) Home
Reply-To: hagatcadbut@atcad.net
X-Priority: 3 (Normal)
Message-ID: <127132249.38346670413954@atcad.net>
To: ietf-pkix-archive@imc.org
Subject: Can you imagine that you are healthy?
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------0C70CEDA86ED348"

------------0C70CEDA86ED348
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 7bit

LegalRX drug-shop propose all pharmas you feel necessity in in order to recover your health for a little price. 
We operate across the planet with customers from all continents. 
At this time you got no need to look for chemist's somewhere at your area.
We certainly convey pharmas of the highest qualityworldwide.
Come to our site to place an order for cures that you demand immediately straightly to your home. 
http://onface.cn/ 

Were accredited by VeriSign and VISA accordingly we provide safe & trustworthy purchase.

------------0C70CEDA86ED348
Content-Type: text/html; charset=iso-8859-2
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

LegalRX drug-shop propose all pharmas you feel necessity in in order to recover your health for a little price. 
We operate across the planet with customers from all continents. 
At this time you got no need to look for chemist's somewhere at your area. 
We certainly convey pharmas of the highest qualityworldwide.
 
 
<a href="http://onface.cn/" target="_blank">Come to our site to place an order for cures that you demand immediately straightly to your home.</a> 
 
http://onface.cn/

Were accredited by VeriSign and VISA accordingly we provide safe & trustworthy purchase.

</BODY></HTML>
------------0C70CEDA86ED348--

Received: from muedsl-82-207-244-252.citykom.de (muedsl-82-207-244-252.citykom.de [82.207.244.252]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6RMN6nK096993; Fri, 27 Jul 2007 15:23:08 -0700 (MST) (envelope-from mehasiasalsasej@asiasalsa.com)
Received: from 203.116.173.124 (HELO mail.asiasalsa.com) by imc.org with esmtp (4TM9-*208(> .BY-1) id +C@6,O-PR03)4-1D for ietf-pkix-request@imc.org; Fri, 27 Jul 2007 22:23:09 -0100
Date: 	Fri, 27 Jul 2007 22:23:09 -0100
From: "Vince Hobbs" <mehasiasalsasej@asiasalsa.com>
X-Mailer: The Bat! (v3.0.1.33) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <369278338.16180071128873@thhebat.net>
To: ietf-pkix-request@imc.org
Subject: Doctors and Celebrities endorse Anatrim
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------E35DA9F4D3C098F"
X-Spam: Not detected

------------E35DA9F4D3C098F
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

Do not fail your opportunity!  Anatrim  The latest & most fascinating product for over-weight people is now readily available  As could be seen on Oprah

Do you count up all the situations when you told yourself you would do any thing for being rescued from this frightful pounds of fat? Luckily, now no major offering is necessary. With Anatrim, the ground-shaking, you can achieve naturally health life style and become really slimmer. Just notice what people say to us!

I had always led an astonishing life till a year back the girl I was dating told me I was obese and in need of looking after my health. Life went the wrong way after that, until I found Anatrim . After loosing more than 40 pounds thanks to Anatrim,  my private lifes come back, notoriously better than even before. Lots of thanks for the incredible product & the first-class maintenance service. Keep up the useful work!

Steve Burbon, Texas

"Nothing feels better than sliding into a bikini that I have not worn for many long years. I feel slim, defined, and vigorous, thanks to a great extent to Anatrim! Thank you a lot!"

Lusia R., Texas

Discover Anatrim, and  you shall join the world-wide company of thousands of delighted buyers whore getting pleasure out of the revolutionary results of Anatrim here and now. Less guzzling madness, less kilogrames and more festivity in life!

Proceed right here to inspect our outdone Anatrim dealings!!!
http://www.ensorgen.com/?uvezgrxcu

------------E35DA9F4D3C098F
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Look in the mirror and enjoy the new you</TITLE>
</HEAD>
<BODY>

<center>

<a href="http://www.ensorgen.com/?uvezgrxcu" target="_blank">
Do not fail your opportunity! Anatrim The latest & most fascinating product for over-weight people is now readily available As could be seen on Oprah
</a>
</center>
 
Do you count up all the situations when you told yourself you would do any thing for being rescued from this frightful pounds of fat? Luckily, now no major offering is necessary. With Anatrim, the ground-shaking, you can achieve naturally health life style and become really slimmer. Just notice what people say to us!
 
 

I had always led an astonishing life till a year back the girl I was dating told me I was obese and in need of looking after my health. Life went the wrong way after that, until I found Anatrim . After loosing more than 40 pounds thanks to Anatrim, my private lifes come back, notoriously better than even before. Lots of thanks for the incredible product & the first-class maintenance service. Keep up the useful work!

 


Steve Burbon, Texas


 
 

"Nothing feels better than sliding into a bikini that I have not worn for many long years. I feel slim, defined, and vigorous, thanks to a great extent to Anatrim! Thank you a lot!"

 


Lusia R., Texas


 
 
Discover Anatrim, and you shall join the world-wide company of thousands of delighted buyers whore getting pleasure out of the revolutionary results of Anatrim here and now. Less guzzling madness, less kilogrames and more festivity in life!
 
 
<center>
<a href="http://www.ensorgen.com/?uvezgrxcu" target="_blank">
Proceed right here to inspect our outdone Anatrim dealings!!!
</a>
</center>


http://www.ensorgen.com/?uvezgrxcu

</BODY></HTML>
------------E35DA9F4D3C098F--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6RKLLTH088671 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 27 Jul 2007 13:21:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6RKLLRo088669; Fri, 27 Jul 2007 13:21:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [66.150.120.2]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l6RKLJNx088653 for <ietf-pkix@imc.org>; Fri, 27 Jul 2007 13:21:20 -0700 (MST) (envelope-from housley@vigilsec.com)
Message-Id: <200707272021.l6RKLJNx088653@balder-227.proper.com>
Received: (qmail 31429 invoked by uid 0); 27 Jul 2007 20:21:10 -0000
Received: from unknown (HELO THINKPADR52.vigilsec.com) (67.97.210.2) by woodstock.binhost.com with SMTP; 27 Jul 2007 20:21:10 -0000
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 27 Jul 2007 15:21:11 -0500
To: ietf-smime@imc.org, ietf-pkix@imc.org
From: Russ Housley <housley@vigilsec.com>
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
Cc: tls@ietf.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Excuse the cross-post, but this message seems relevant to these lists 
as well as TLS.

Russ

= = = = = = = = =  =

Date: Sat, 28 Jul 2007 04:17:33 +1200
From: pgut001@cs.auckland.ac.nz
To: martin.rex@sap.com
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
Cc: tls@ietf.org

Martin Rex <Martin.Rex@sap.com> writes:
>I spent an hour until I gave up.  All implementations of S/Mime-capable
>MUAs are so horribly broken that even someone with a technical
>understanding runs into brick walls everywhere.

It's not just S/MIME clients.  The PARC study found that people with *PhDs in
computer science* took, on average, over two hours to set up a cert for their
own use (using paint-by-numbers screenshots as instructions), rated it as the
hardest computer task they'd ever been asked to perform, and had no idea what
they'd done to their computer when they were finished.

PKI people who reviewed the paper were shocked at this, since they assumed
that anyone could do it in a few minutes.

(There's lots more like this in the two refs I gave.  HCISec is a real eye-
opener on the real-world effectiveness of security technology :-).

Peter.

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Received: from gv154.internetdsl.tpnet.pl (gv154.internetdsl.tpnet.pl [80.53.73.154]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6R9x9vh040828; Fri, 27 Jul 2007 02:59:32 -0700 (MST) (envelope-from mehasdcomsej@asdcom.net)
Received: from 74.208.5.4 (HELO mx01.1and1.com) by imc.org with esmtp (Y.GA>W(C8V6 W702M() id +QN(2)-BQNL6,-42 for ietf-pkix-request@imc.org; Fri, 27 Jul 2007 09:59:34 -0100
Date: 	Fri, 27 Jul 2007 09:59:34 -0100
From: "Lourdes Keene" <mehasdcomsej@asdcom.net>
X-Mailer: The Bat! (v3.60.07) Professional
X-Priority: 3 (Normal)
Message-ID: <719514916.65908529714552@thhebat.net>
To: ietf-pkix-request@imc.org
Subject: Stop being obese and unhappy
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------98F4D3C01467E356"
X-Spam: Not detected

------------98F4D3C01467E356
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Do not waste the opportunity! =96 Anatrim =96 The newest and most=20=
exciting product for corpulent people is now readily available =96 As=20=
were told on Oprah

Do you recall all the times when you plead to yourself to do any thing=20=
to get rid of this frightful number of lbs? Luckily, now no big price is=20=
to be paid. Thanks to Anatrim, the earth-shaking, you can get naturally=20=
health mode of life and become really thinner. Have a look at what=20=
customers write!

=93I had always led an outstanding private life till a year ago a girl=20=
I was seeing told me I was corpulent and in a great need of looking after=20=
my health. Life had changed the wrong way after that, till I found=20=
Anatrim =99 at once. Since loosing more than 18 kilogrames only thanks to=20=
Anatrim,  my private life=92s come back, even significantly better than=20=
before. Great thanks for the terrific stuff & the first-class maintenance=20=
service. Go on your useful work!=94

Rikky Martin, Bellevue WA

"There=92s nothing better than sliding into a bikini that I have not=20=
worn for a long period of time. I feel svelte, defined, and strong, thanx=20=
to a great extent to Anatrim! Lots of thanks to you!"

Silvia D., Las Vegas

Check out Anatrim, and  you shall join the world-spread community of=20=
thousands of pleased user who=92re getting pleasure out of the=20=
revolutionary effects of Anatrim right here & right now. Less guzzling=20=
mania, less lbs and more fun in life!

Click here to scan unbreakable Anatrim arrangements we are so proud to=20=
offer!!!
http://www.sutcflay.net/?tybuvxophix

------------98F4D3C01467E356
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Getting thinner can be enjoyable</TITLE>
</HEAD>
<BODY>

<center>

<a href=3D"http://www.sutcflay.net/?tybuvxophix" target=3D"_blank">
Do not waste the opportunity! =96 Anatrim =96 The newest and most=20=
exciting product for corpulent people is now readily available =96 As=20=
were told on Oprah
</a>
</center>
 
Do you recall all the times when you plead to yourself to do any thing=20=
to get rid of this frightful number of lbs? Luckily, now no big price is=20=
to be paid. Thanks to Anatrim, the earth-shaking, you can get naturally=20=
health mode of life and become really thinner. Have a look at what=20=
customers write!
 
 

=93I had always led an outstanding private life till a year ago a girl=20=
I was seeing told me I was corpulent and in a great need of looking after=20=
my health. Life had changed the wrong way after that, till I found=20=
Anatrim =99 at once. Since loosing more than 18 kilogrames only thanks to=20=
Anatrim, my private life=92s come back, even significantly better than=20=
before. Great thanks for the terrific stuff & the first-class maintenance=20=
service. Go on your useful work!=94

 


Rikky Martin, Bellevue WA


 
 

"There=92s nothing better than sliding into a bikini that I have not=20=
worn for a long period of time. I feel svelte, defined, and strong, thanx=20=
to a great extent to Anatrim! Lots of thanks to you!"

 


Silvia D., Las Vegas


 
 
Check out Anatrim, and you shall join the world-spread community of=20=
thousands of pleased user who=92re getting pleasure out of the=20=
revolutionary effects of Anatrim right here & right now. Less guzzling=20=
mania, less lbs and more fun in life!
 
 
<center>
<a href=3D"http://www.sutcflay.net/?tybuvxophix" target=3D"_blank">
Click here to scan unbreakable Anatrim arrangements we are so proud to=20=
offer!!!
</a>
</center>


http://www.sutcflay.net/?tybuvxophix

</BODY></HTML>
------------98F4D3C01467E356--

Received: from client-190.40.143.45.speedy.net.pe (client-190.40.143.45.speedy.net.pe [190.40.143.45] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6R10HfL001492 for <ietf-pkix-archive@imc.org>; Thu, 26 Jul 2007 18:00:30 -0700 (MST) (envelope-from do-not-reply@hmoz.net)
Received: from [190.40.143.45] by (null); Fri, 27 Jul 2007 01:00:29 +0000
Message-ID: <000801c7cfe9$0200d0f3$d557318d@krnkoxfh>
From: "Hmoz.Net" <do-not-reply@hmoz.net>
To: <ietf-pkix-archive@imc.org>
Subject: Hmoz: Account details information
Date: Thu, 26 Jul 2007 23:13:06 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7CFE9.01FB3215"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.2663
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757

This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C7CFE9.01FB3215
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

  ---------------------------------------------
  Thank you for using Hmoz.net !
  ---------------------------------------------
  This account created  26 Jul 2007 04:50:27 PM
  from IP address=20
User Name: ietf-pkix-archive@imc.org
Password: UdUM211r
Click here to login:
http://www.hmoz.net/bb/index.php?g=3Dietf-pkix-archive@imc.org&x=3Dsessio=
n_IDp5cYYkvU=3Dq
Your account ID:10104130
If you use anti-spam email software, be sure to add =
'do-not-reply@hmoz.net' to your list of approved senders.
------=_NextPart_000_0005_01C7CFE9.01FB3215
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.3790.2759" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV align=3D"center">
  ---------------------------------------------<BR>
  Thank you for using Hmoz.net !<BR>
  ---------------------------------------------<BR>
  This account created  26 Jul 2007 04:50:27 PM<BR>
  from IP address < 65.100.126.232  ></DIV>
<P align=3D"center">User Name: ietf-pkix-archive@imc.org<BR>
Password: UdUM211r</P>
<P align=3D"center">Click here to login:<BR>
<A =
href=3D"http://www.hmoz.net/bb/index.php?w=3Dietf-pkix-archive@imc.org&y=3D=
sessionID_0053j076=3Dw">http://www.hmoz.net/bb/index.php?g=3Dietf-pkix-ar=
chive@imc.org&x=3Dsession_IDp5cYYkvU=3Dq</A></P>
<P align=3D"center">Your account ID:10104130</P>
<P align=3D"center">If you use anti-spam email software, be sure to add =
'do-not-reply@hmoz.net' to your list of approved senders.</P>
</BODY></HTML></BODY></HTML>
------=_NextPart_000_0005_01C7CFE9.01FB3215--

Received: from 78-3-124-153.adsl.net.t-com.hr (78-3-124-153.adsl.net.t-com.hr [78.3.124.153]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6R0TYYO098502 for <ietf-pkix-archive@imc.org>; Thu, 26 Jul 2007 17:29:44 -0700 (MST) (envelope-from account@hmoz.net)
Received: from [78.3.124.153] by (null); Fri, 27 Jul 2007 00:29:51 +0000
Message-ID: <000a01c7cfe5$07f51fc7$ea6b878f@durocw>
From: "Hmoz Service" <account@hmoz.net>
To: <ietf-pkix-archive@imc.org>
Subject: Your signup information
Date: Thu, 26 Jul 2007 22:42:28 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7CFE5.07F0C8DA"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.2663
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C7CFE5.07F0C8DA
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

  ---------------------------------------------
  Thank you for using Hmoz.net !
  ---------------------------------------------
  This account created  26 Jul 2007 05:05:27 PM
  from IP address=20
User Name: ietf-pkix-archive@imc.org
Password: H923WH5K
Click here to login:
http://www.hmoz.net/bb/index.php?o=3Dietf-pkix-archive@imc.org&x=3Dsessio=
n_ID937iEhtH=3Dm
Your account ID:10180886
If you use anti-spam email software, be sure to add 'account@hmoz.net' =
to your list of approved senders.
------=_NextPart_000_0007_01C7CFE5.07F0C8DA
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.3790.2759" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV align=3D"center">
  ---------------------------------------------<BR>
  Thank you for using Hmoz.net !<BR>
  ---------------------------------------------<BR>
  This account created  26 Jul 2007 05:05:27 PM<BR>
  from IP address < 66.100.167.212  ></DIV>
<P align=3D"center">User Name: ietf-pkix-archive@imc.org<BR>
Password: H923WH5K</P>
<P align=3D"center">Click here to login:<BR>
<A =
href=3D"http://www.hmoz.net/bb/index.php?q=3Dietf-pkix-archive@imc.org&t=3D=
sessionID_XwqsxjpG=3Dd">http://www.hmoz.net/bb/index.php?o=3Dietf-pkix-ar=
chive@imc.org&x=3Dsession_ID937iEhtH=3Dm</A></P>
<P align=3D"center">Your account ID:10180886</P>
<P align=3D"center">If you use anti-spam email software, be sure to add =
'account@hmoz.net' to your list of approved senders.</P>
</BODY></HTML></BODY></HTML>
------=_NextPart_000_0007_01C7CFE5.07F0C8DA--

Received: from Helena (homeuser77.43.141.237.ccl.perm.ru [77.43.141.237]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6QHFOAv064728; Thu, 26 Jul 2007 10:15:36 -0700 (MST) (envelope-from magarbutusbooksfen@arbutusbooks.com)
Received: from 63.247.135.152 (HELO arbutusbooks.com) by imc.org with esmtp (,7-603G*053 +8,+@() id R32MX'-;157.5-E1 for ietf-pkix-request@imc.org; Thu, 26 Jul 2007 17:15:32 -0500
Date: 	Thu, 26 Jul 2007 17:15:32 -0500
From: "Robyn Bingham" <magarbutusbooksfen@arbutusbooks.com>
X-Mailer: The Bat! (v3.51.10) Home
X-Priority: 3 (Normal)
Message-ID: <942260807.04777535508028@thhebat.net>
To: ietf-pkix-request@imc.org
Subject: Our present for your health
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------8B6E92CBDAE9090"
X-Spam: Not detected

------------8B6E92CBDAE9090
Content-Type: text/plain; charset=windows-1250
Content-Transfer-Encoding: quoted-printable

As our dearest client you have a chance to check out first of all our=20=
new Internet site! 
Only original high-grade pharmaceutics at a price easy to buy!! 
20% guaranteed rebate is expecting for you!!!  
Notice what write our glad customers: 
From: Jaden Walker 
Subject: Simply thank you! 
"Thank you so much you granted to me holiday cut rates and your unique=20=
propositions that save me my time and greens, proposing only preparations=20=
of best quality. You are one of my favorites, I shall say about your=20=
store without fail to all my friends!" 

Take a note some more gratitudes at our site! 
http://colondwelling.com/

------------8B6E92CBDAE9090
Content-Type: text/html; charset=windows-1250
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Our present for your health</TITLE>
</HEAD>
<BODY>

As our dearest client you have a chance to check out first of all our=20=
new Internet site! 
Only original high-grade pharmaceutics at a price easy to buy!! 
20% guaranteed rebate is expecting for=20=
you!!! 
Notice what write our glad=20=
customers: 
From: Jaden Walker 
Subject: Simply thank you! 
"Thank you so much you granted to me holiday cut rates and=20=
your unique propositions that save me my time and greens, proposing only=20=
preparations of best quality. You are one of my favorites, I shall say=20=
about your store without fail to all my friends!"

<em><strong><a href=3D"http://colondwelling.com" target=3D"_blank">Take=20=
a note some more gratitudes at our site!</a></strong></em><br> 
<font color=3D"#D9EDFF">http://colondwelling.com/</font>

</BODY></HTML>
------------8B6E92CBDAE9090--

Received: from fresh-express.rmt.ru (fresh-express.rmt.ru [81.13.45.26]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6QFaBPm055352; Thu, 26 Jul 2007 08:36:11 -0700 (MST) (envelope-from magarchitectourfen@architectour.com)
Received: from 204.3.139.251 (HELO architectour.com) by imc.org with esmtp ((.*2<=4J =F/H>W) id ).:979-ZL18A0-O4 for ietf-openproxy@imc.org; Thu, 26 Jul 2007 15:36:41 -0300
Date: 	Thu, 26 Jul 2007 15:36:41 -0300
From: "Dwight Combs" <magarchitectourfen@architectour.com>
X-Mailer: The Bat! (v3.80.03) Home
X-Priority: 3 (Normal)
Message-ID: <798138423.18905891918515@thhebat.net>
To: ietf-openproxy@imc.org
Subject: Control your weight and appetite
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------29EFD3D3D3DA051"
X-Spam: Not detected

------------29EFD3D3D3DA051
Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

Make use of your opportunity! =96 Anatrim =96 The up-to-the-moment &=20=
most enchanting flesh loss product is made available now =96 As seen on=20=
Oprah

Can you hold in your memory all the times when you appeal to yourself=20=
to do any thing for being saved from this horrible pounds of fat?=20=
Luckily, now no big sacrifice is necessary. Thanks to Anatrim, the=20=
ground-shaking, you can achieve healthier mode of life and a really=20=
slender figure. Notice what people write!

=93I had always led a marvelous private life until a year ago the girl=20=
I was meeting said to me I was portly and in extreme want of looking=20=
after my health. My life had abruptly changed after that, until I=20=
discovered Anatrim =99. After loosing more than 40 lbs only thanx to=20=
Anatrim,  my private life has come back, much better than even before. A=20=
lot of thanks for the coolest stuff and the first-rate service. Keep on=20=
the good work!=94

Mikkey Fox, Boston

"Nothing feels better than gliding into a bikini that I haven't worn=20=
for years. I feel lean, steadfast, and healthy, thanx to a considerable=20=
degree to Anatrim! A plenty of thank you!"

Lusia R., Las Vegas

Discover Anatrim, and  you shall add yourself to the world-wide=20=
community of thousands of happy customers who=92re getting pleasure out=20=
of the revolutionary effects of Anatrim right now. Less gorging insanity,=20=
less kilos and more fun in life!

Proceed right here to look through our invincible Anatrim deals!!!
http://www.krelmo.com/?mvkivwdyl

------------29EFD3D3D3DA051
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Burn pounds off with Anatrim</TITLE>
</HEAD>
<BODY>

<center>

<a href=3D"http://www.krelmo.com/?mvkivwdyl" target=3D"_blank">
Make use of your opportunity! =96 Anatrim =96 The up-to-the-moment &=20=
most enchanting flesh loss product is made available now =96 As seen on=20=
Oprah
</a>
</center>
 
Can you hold in your memory all the times when you appeal to yourself=20=
to do any thing for being saved from this horrible pounds of fat?=20=
Luckily, now no big sacrifice is necessary. Thanks to Anatrim, the=20=
ground-shaking, you can achieve healthier mode of life and a really=20=
slender figure. Notice what people write!
 
 

=93I had always led a marvelous private life until a year ago the girl=20=
I was meeting said to me I was portly and in extreme want of looking=20=
after my health. My life had abruptly changed after that, until I=20=
discovered Anatrim =99. After loosing more than 40 lbs only thanx to=20=
Anatrim, my private life has come back, much better than even before. A=20=
lot of thanks for the coolest stuff and the first-rate service. Keep on=20=
the good work!=94

 


Mikkey Fox, Boston


 
 

"Nothing feels better than gliding into a bikini that I haven't worn=20=
for years. I feel lean, steadfast, and healthy, thanx to a considerable=20=
degree to Anatrim! A plenty of thank you!"

 


Lusia R., Las Vegas


 
 
Discover Anatrim, and you shall add yourself to the world-wide=20=
community of thousands of happy customers who=92re getting pleasure out=20=
of the revolutionary effects of Anatrim right now. Less gorging insanity,=20=
less kilos and more fun in life!
 
 
<center>
<a href=3D"http://www.krelmo.com/?mvkivwdyl" target=3D"_blank">
Proceed right here to look through our invincible Anatrim deals!!!
</a>
</center>


http://www.krelmo.com/?mvkivwdyl

</BODY></HTML>
------------29EFD3D3D3DA051--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PMEqtx069272 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Jul 2007 15:14:52 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6PMEqlV069271; Wed, 25 Jul 2007 15:14:52 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.191]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PMEoZf069256 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@imc.org>; Wed, 25 Jul 2007 15:14:51 -0700 (MST) (envelope-from stefans@microsoft.com)
Received: from dub-exhub-c302.europe.corp.microsoft.com (65.53.213.92) by DUB-EXGWY-E801.partners.extranet.microsoft.com (10.251.129.1) with Microsoft SMTP Server (TLS) id 8.1.122.1; Wed, 25 Jul 2007 23:14:49 +0100
Received: from EA-EXMSG-C307.europe.corp.microsoft.com ([65.53.221.50]) by dub-exhub-c302.europe.corp.microsoft.com ([65.53.213.92]) with mapi; Wed, 25 Jul 2007 23:14:49 +0100
From: Stefan Santesson <stefans@microsoft.com>
To: Andy Nourse <nourse@cisco.com>, "ietf-pkix@imc.org" <ietf-pkix@imc.org>
Date: Wed, 25 Jul 2007 23:14:24 +0100
Subject: RE: PKIX meeting agenda
Thread-Topic: PKIX meeting agenda
Thread-Index: AcfBq38kVsSStFwYTIKoyLelr6Wj7ALuyu1AAGWPAwAAAvU32gAACp0w
Message-ID: <A15AC0FBACD3464E95961F7C0BCD1FF0020F1AFA7E@EA-EXMSG-C307.europe.corp.microsoft.com>
References: <A15AC0FBACD3464E95961F7C0BCD1FF0020F1AFA6F@EA-EXMSG-C307.europe.corp.microsoft.com> <C2CD189A.4649E%nourse@cisco.com>
In-Reply-To: <C2CD189A.4649E%nourse@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l6PMEpZe069266
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Oh, sorry. That was the internal tool link.

This link should work a lot better:
http://www3.ietf.org/proceedings/07jul/agenda/pkix.txt

Thanks for catching this.

Stefan Santesson
Senior Program Manager
Windows Security, Standards

> -----Original Message-----
> From: Andy Nourse [mailto:nourse@cisco.com]
> Sent: den 25 juli 2007 17:11
> To: Stefan Santesson
> Subject: Re: PKIX meeting agenda
>
> That document is password-protected.
>
> Andy
>
>
> On 7/25/07 1:54 PM, "Stefan Santesson" <stefans@microsoft.com> wrote:
>
> >
> > A final revision of the agenda has been uploaded.
> >
> > https://datatracker.ietf.org/cgi-bin/wg/wg_proceedings.cgi
> >
> > The conclusion is that we are very short of time compared to the
> number of
> > requested presentations.
> >
> > Unfortunately this has forced me to be very restrictive with the
> amount of
> > time awarded to each presentation.
> > For the next IETF we are discussing going back to a 2 hour time slot.
> >
> > To make this meeting as efficient as possible and to provide time for
> all
> > presenters I would like to ask all presenters to do 2 things:
> >
> > 1) Make sure you e-mail me your slides at latest tomorrow morning so
> I can
> > have them all ready and uploaded at meeting start.
> > 2) To restrict your presentation to the major points you want to
> communicate.
> >
> > For the rest of you, be in time :)
> >
> > Thank you in advance and looking forward to see you tomorrow.
> >
> >
> > Stefan Santesson
> > Senior Program Manager
> > Windows Security, Standards

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PKtVEH045419 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Jul 2007 13:55:31 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6PKtV8M045418; Wed, 25 Jul 2007 13:55:31 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.191]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PKtRdN045388 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@imc.org>; Wed, 25 Jul 2007 13:55:30 -0700 (MST) (envelope-from stefans@microsoft.com)
Received: from dub-exhub-c302.europe.corp.microsoft.com (65.53.213.92) by DUB-EXGWY-E801.partners.extranet.microsoft.com (10.251.129.1) with Microsoft SMTP Server (TLS) id 8.1.122.1; Wed, 25 Jul 2007 21:55:26 +0100
Received: from EA-EXMSG-C307.europe.corp.microsoft.com ([65.53.221.50]) by dub-exhub-c302.europe.corp.microsoft.com ([65.53.213.92]) with mapi; Wed, 25 Jul 2007 21:55:26 +0100
From: Stefan Santesson <stefans@microsoft.com>
To: "ietf-pkix@imc.org" <ietf-pkix@imc.org>
Date: Wed, 25 Jul 2007 21:54:59 +0100
Subject: PKIX meeting agenda
Thread-Topic: PKIX meeting agenda
Thread-Index: AcfBq38kVsSStFwYTIKoyLelr6Wj7ALuyu1AAGWPAwA=
Message-ID: <A15AC0FBACD3464E95961F7C0BCD1FF0020F1AFA6F@EA-EXMSG-C307.europe.corp.microsoft.com>
References: <E1I7e5u-0006xl-Aj@stiedprstage1.ietf.org> <008e01c7cd67$c7d43fd0$75568182@Wylie>
In-Reply-To: <008e01c7cd67$c7d43fd0$75568182@Wylie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l6PKtUdM045411
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

A final revision of the agenda has been uploaded.

https://datatracker.ietf.org/cgi-bin/wg/wg_proceedings.cgi

The conclusion is that we are very short of time compared to the number of requested presentations.

Unfortunately this has forced me to be very restrictive with the amount of time awarded to each presentation.
For the next IETF we are discussing going back to a 2 hour time slot.

To make this meeting as efficient as possible and to provide time for all presenters I would like to ask all presenters to do 2 things:

1) Make sure you e-mail me your slides at latest tomorrow morning so I can have them all ready and uploaded at meeting start.
2) To restrict your presentation to the major points you want to communicate.

For the rest of you, be in time :)

Thank you in advance and looking forward to see you tomorrow.

Stefan Santesson
Senior Program Manager
Windows Security, Standards

Received: from Olles.oskarnet.net (c66-114.oskarnet.se [217.140.114.66]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PKhlXS041589; Wed, 25 Jul 2007 13:43:48 -0700 (MST) (envelope-from genapocanowcuf@apocanow.it)
Received: from 194.177.97.181 (HELO mail.apocanow.it) by imc.org with esmtp (0)F-*71K, RG,1) id 8(H>F5-064(EY-63 for paulh@imc.org; Wed, 25 Jul 2007 20:43:50 -0100
Date: 	Wed, 25 Jul 2007 20:43:50 -0100
From: "Mai Lozano" <genapocanowcuf@apocanow.it>
X-Mailer: The Bat! (v3.0.1.33) Educational
X-Priority: 3 (Normal)
Message-ID: <070089588.62352709366905@thhebat.net>
To: paulh@imc.org
Subject: Stop gaining weight and get the figure you want
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------E901675FF8B675"
X-Spam: Not detected

------------E901675FF8B675
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Do not decline your chance! =96 Anatrim =96 The newest & most exciting=20=
lose flesh product is now readily available =96 As could be seen on Oprah

Do you recall all the cases when you said to yourself you would do any=20=
thing for being rescued from this horrible kilos of fat? Fortunately, now=20=
no major price is to be paid. With Anatrim, the ground-breaking, you can=20=
get healthier lifestyle and become really slimmer. Just look at what our=20=
clients say to us!

=93I had always led a first-class life until last year my girl said to=20=
me I was plump and in want of keeping eye on my health. My life went the=20=
wrong way after that, till I was told about Anatrim =99. After getting=20=
rid of about 20 kilogrames thanx to Anatrim,  my private life is back on=20=
track, significantly better even than before. Plenty of thanx for the=20=
terrific product & the first-class maintenance service. Keep on the=20=
worthy work!=94

Mike Brown, New York

"Nothing feels better than gliding into a bikini I haven't worn for=20=
many long years. Now I feel svelte, defined, and strong, thanx in great=20=
part to Anatrim! Greatest thank you!"

Linda F., Colorado

Discover Anatrim, and  you shall add yourself to the worldwide=20=
community of thousands of delighted customers who are getting pleasure=20=
out of the revolutionary effects of Anatrim just now. Less eating mania,=20=
less kilos and more gaiety in your life!

Click right here to gaze at our invincible Anatrim arrangement!!!
http://www.ayolmins.net/?maqdcyloyqvts

------------E901675FF8B675
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Healthy living with less fat</TITLE>
</HEAD>
<BODY>

<center>

<a href=3D"http://www.ayolmins.net/?maqdcyloyqvts" target=3D"_blank">
Do not decline your chance! =96 Anatrim =96 The newest & most exciting=20=
lose flesh product is now readily available =96 As could be seen on Oprah
</a>
</center>
 
Do you recall all the cases when you said to yourself you would do any=20=
thing for being rescued from this horrible kilos of fat? Fortunately, now=20=
no major price is to be paid. With Anatrim, the ground-breaking, you can=20=
get healthier lifestyle and become really slimmer. Just look at what our=20=
clients say to us!
 
 

=93I had always led a first-class life until last year my girl said to=20=
me I was plump and in want of keeping eye on my health. My life went the=20=
wrong way after that, till I was told about Anatrim =99. After getting=20=
rid of about 20 kilogrames thanx to Anatrim, my private life is back on=20=
track, significantly better even than before. Plenty of thanx for the=20=
terrific product & the first-class maintenance service. Keep on the=20=
worthy work!=94

 


Mike Brown, New York


 
 

"Nothing feels better than gliding into a bikini I haven't worn for=20=
many long years. Now I feel svelte, defined, and strong, thanx in great=20=
part to Anatrim! Greatest thank you!"

 


Linda F., Colorado


 
 
Discover Anatrim, and you shall add yourself to the worldwide=20=
community of thousands of delighted customers who are getting pleasure=20=
out of the revolutionary effects of Anatrim just now. Less eating mania,=20=
less kilos and more gaiety in your life!
 
 
<center>
<a href=3D"http://www.ayolmins.net/?maqdcyloyqvts" target=3D"_blank">
Click right here to gaze at our invincible Anatrim arrangement!!!
</a>
</center>


http://www.ayolmins.net/?maqdcyloyqvts

</BODY></HTML>
------------E901675FF8B675--

Received: from host-81-190-63-70.lublin.mm.pl (host-81-190-63-70.lublin.mm.pl [81.190.63.70]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PJMCxR017055; Wed, 25 Jul 2007 12:22:15 -0700 (MST) (envelope-from laganneincvij@anneinc.com)
Received: from [81.190.63.70] by mx1.swcp.com; Wed, 25 Jul 2007 19:22:12 -0100
Date: 	Wed, 25 Jul 2007 19:22:12 -0100
From: "Carol Wheeler" <laganneincvij@anneinc.com>
X-Mailer: The Bat! (v3.71.14) Professional
Reply-To: laganneincvij@anneinc.com
X-Priority: 3 (Normal)
Message-ID: <193781076.86579807948513@anneinc.com>
To: ietf-pkix-archive@imc.org
Subject: Olny this 5 days special price on pharma for you dear customer
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------2195E0CA4F0C386"

------------2195E0CA4F0C386
Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: 7bit

Warm Greetings!!! 
Unique proposition for you Dear Client!!!
Only at these five days for our byers inconceivable offer!!! 
On all pharma you require!!!   
Fill in your life with colours of festivity!!!  
http://seedradio.cn/ 

Truly yours, 
Online community of druggists
------------2195E0CA4F0C386
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

Warm Greetings!!! 
Unique proposition for you Dear Client!!! 
Only at these five days for our byers inconceivable offer!!! 
On all pharma you require!!! 
<a href="http://seedradio.cn/" target="_blank">Fill in your life with colours of festivity!!! </a> 
http://seedradio.cn/

<p><strong>Truly yours,<br> 
<em>Online community of druggists</em></strong></p>

</BODY></HTML>
------------2195E0CA4F0C386--

Received: from bobek-1e08bdec1.godula.net (pc056201.godula.net [195.74.56.201]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PHQgb9078345; Wed, 25 Jul 2007 10:26:44 -0700 (MST) (envelope-from laganimangavij@animanga.com)
Received: from 193.247.238.1 (HELO oort.cohprog.com) by imc.org with esmtp (4N0+LV*72 67R8(>) id 00DY8>-IX0K</-*- for ietf-pay-request@imc.org; Wed, 25 Jul 2007 17:26:54 -0100
Date: 	Wed, 25 Jul 2007 17:26:54 -0100
From: "Reginald Mcdonald" <laganimangavij@animanga.com>
X-Mailer: The Bat! (v3.80.06) Professional
X-Priority: 3 (Normal)
Message-ID: <305984096.90459039674417@thhebat.net>
To: ietf-pay-request@imc.org
Subject: Last offer- Discount special for PE patch almost over
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------FD30C9AD305C930"
X-Spam: Not detected

------------FD30C9AD305C930
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: quoted-printable

After all the real stuff =96 with no swindle! 
P.E.P. are hot right this time! Well this is the true stuff not a=20=
fictitious one! 

One of the very originals, absolutely unique product is accessible here=20=
and there!
 Take a look at just what people tell on this stuff:

"I was really impressed how swiftly this product had an affect on my=20=
boyfriend, he can no way stop jabber about how excited he is with his new=20=
girth, extent, and libido!"

Maria H., New York

"At the beginning I considered the free sample parcel I was given was a=20=
kind of jest, until I tried P.E.P. Words cannot describe how greatly=20=
satisfied I am with the result from using this stuff after 3 short=20=
months. I'll be asking for P.E.P. continually!" 
Charley Mock, Colorado

Check up more recommendations about this astounding product here!
http://www.elaspit.com/?yfptktwjxlh

------------FD30C9AD305C930
Content-Type: text/html; charset=iso-8859-2
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Make her worship you</TITLE>
</HEAD>
<BODY>

After all the real stuff =96 with no swindle! 
 
<a href=3D"http://www.elaspit.com/?yfptktwjxlh"=20=
target=3D"_blank">P.E.P.</a> are hot right this time! Well this is the=20=
true stuff not a fictitious one! 
 
One of the very originals, absolutely unique product is accessible here=20=
and there!
 Take a look at just what people tell on this stuff:


"I was really impressed how swiftly this product had an affect on my=20=
boyfriend, he can no way stop jabber about how excited he is with his new=20=
girth, extent, and libido!"


Maria H., New York


"At the beginning I considered the free sample parcel I was given was a=20=
kind of jest, until I tried P.E.P. Words cannot describe how greatly=20=
satisfied I am with the result from using this stuff after 3 short=20=
months. I'll be asking for P.E.P. continually!" 

Charley Mock, Colorado
<center>
<a href=3D"http://www.elaspit.com/?yfptktwjxlh" target=3D"_blank">
Check up more recommendations about this astounding product here!
</a>
</center>

http://www.elaspit.com/?yfptktwjxlh

</BODY></HTML>
------------FD30C9AD305C930--

Received: from static-87-245-51-24.teleos-web.de (static-87-245-51-24.teleos-web.de [87.245.51.24]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6P0tTBX063429; Tue, 24 Jul 2007 17:55:33 -0700 (MST) (envelope-from lehammitcah@ammit.de)
Received: from 194.97.4.244 (HELO pirx.ammit.de) by imc.org with esmtp (+5.D/V/4M B7H45) id T<@=-W-8O.091-@( for ietf-pkix-request@imc.org; Thu, 26 Jul 2007 00:51:59 -0100
Date: 	Thu, 26 Jul 2007 00:51:59 -0100
From: "Stephen Rodgers" <lehammitcah@ammit.de>
X-Mailer: The Bat! (v3.5.30) Educational
X-Priority: 3 (Normal)
Message-ID: <034169303.98347250847842@thhebat.net>
To: ietf-pkix-request@imc.org
Subject: She will love you more than any other guy
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------2974B821367BF6"
X-Spam: Not detected

------------2974B821367BF6
Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

At last, the genuine thing =96 with no more swindle! 
P.E.P. are tasting hot right this time! Well here comes the genuine=20=
thing not a fictitious one! 

One of the very originals, totally unique product is accessible around=20=
the world!
 Notice just what people tell on this produce:

"I was really impressed how fast P.E.P. had an affect on my boyfriend,=20=
he can no way stop jabber about how hot he is with his new size, length,=20=
and libido!"

Silvia D., Washington

"At the beginning I considered the free sample parcel I was given was a=20=
joke, till I have taken to take the P.E.P. No words can describe how=20=
plume I am with the effect I got from using the stuff after 3 short=20=
months. I'll be requesting regularly!" 
Steve Doubt, Chicago

Check up more testimonies on this astounding product right here & right=20=
now!
http://www.ainshot.com/?hguxgqwwy

------------2974B821367BF6
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Don't be inadequate anymore</TITLE>
</HEAD>
<BODY>

At last, the genuine thing =96 with no more swindle! 
 
<a href=3D"http://www.ainshot.com/?hguxgqwwy"=20=
target=3D"_blank">P.E.P.</a> are tasting hot right this time! Well here=20=
comes the genuine thing not a fictitious one! 
 
One of the very originals, totally unique product is accessible around=20=
the world!
 Notice just what people tell on this produce:


"I was really impressed how fast P.E.P. had an affect on my boyfriend,=20=
he can no way stop jabber about how hot he is with his new size, length,=20=
and libido!"


Silvia D., Washington


"At the beginning I considered the free sample parcel I was given was a=20=
joke, till I have taken to take the P.E.P. No words can describe how=20=
plume I am with the effect I got from using the stuff after 3 short=20=
months. I'll be requesting regularly!" 

Steve Doubt, Chicago
<center>
<a href=3D"http://www.ainshot.com/?hguxgqwwy" target=3D"_blank">
Check up more testimonies on this astounding product right here & right=20=
now!
</a>
</center>

http://www.ainshot.com/?hguxgqwwy

</BODY></HTML>
------------2974B821367BF6--

Received: from behemoth.kubnet.pl (behemoth.kubnet.pl [195.117.254.2]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6OF4pqk074018; Tue, 24 Jul 2007 08:04:53 -0700 (MST) (envelope-from kegambraindih@ambrain.com)
Received: from [195.117.254.2] by mail.ambrain.com; Tue, 24 Jul 2007 15:04:52 -0100
Date: 	Tue, 24 Jul 2007 15:04:52 -0100
From: "Solomon Harmon" <kegambraindih@ambrain.com>
X-Mailer: The Bat! (v3.60.07) Professional
Reply-To: kegambraindih@ambrain.com
X-Priority: 3 (Normal)
Message-ID: <451869160.74740050864643@ambrain.com>
To: ietf-openproxy-request@imc.org
Subject: Greatest artworks from top artists
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------B4F29576E0CA4F05"

------------B4F29576E0CA4F05
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

GorgeousArt is the one stop shop for the greatest in artwork from top Russian artists. 
All of them have been featured in many art exhibitions all over the globe, 
and you can purchase now all their celebrated works of art at the lowest prices anywhere!
All works of art are original works of oil, and are only exclusive for our store. 
Not only may you find the panic prices here, 
but we also offer free delivery and many other bonuses to our customers. 
Thus for surprising prices on excellent Russian artwork, check out GorgeousArt, 
where we reward allegiance with astounding artwork at panic prices.  

Only at these five days for our clients unthinkable offer!!!  
Check it out here & now!  
http://componentunique.com/ 

We're approved by VISA and GeoTrust so we provide you with effectual and dependable buying.  

------------B4F29576E0CA4F05
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

<a href="http://componentunique.com/" target="_blank">GorgeousArt</a> is the one stop shop for the greatest in artwork from top Russian artists. 
All of them have been featured in many art exhibitions all over the globe, 
and you can purchase now all their celebrated works of art at the lowest prices anywhere! 
All works of art are original works of oil, and are only exclusive for our store. 
Not only may you find the panic prices here, 
but we also offer free delivery and many other bonuses to our customers. 
Thus for surprising prices on excellent Russian artwork, check out <a href="http://componentunique.com/" target="_blank">GorgeousArt</a>, 
where we reward allegiance with astounding artwork at panic prices. 
 
Only at these five days for our clients unthinkable offer!!! 
 
<a href="http://componentunique.com/" target="_blank">Check it out here & now!</a> 
http://componentunique.com/

We're approved by VISA and GeoTrust so we provide you with effectual and dependable buying.

</BODY></HTML>
------------B4F29576E0CA4F05--

Received: from 142564544 ([121.136.134.224]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l6O3nfnX061057 for <ietf-pkix-archive@imc.org>; Mon, 23 Jul 2007 20:51:03 -0700 (MST) (envelope-from shofinla@granitetransportation.com)
Received: from granitetransportation.com (144249080 [143716224]) by greyard.com (Qmailv1) with ESMTP id 1F25DEFE9D for <ietf-pkix-archive@imc.org>; Tue, 24 Jul 2007 03:51:04 +0000
Date: Tue, 24 Jul 2007 03:51:04 +0000
From: US NMA <shofinla@granitetransportation.com>
X-Mailer: The Bat! (v2.00.6) Personal
X-Priority: 3
Message-ID: <7319669186.20070724035104@granitetransportation.com>
To: Ietf <ietf-pkix-archive@imc.org>
Subject: The United States National Medical Association
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------474F598A110DC4D"
X-AntiVirus: OK! AntiVir MailGate Version 2.0.1; AVE: 6.15.0.0; VDF: 6.15.0.6

This is a multi-part message in MIME format.

------------474F598A110DC4D
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

The United States National Medical Association

Do you buy pharmaceuticals online? The US NMA was specifically established to protect the consumer. Our experts check every online shop for bogus medicines. The blacklist of unreliable or simply fraud shops is updated every week. We strongly recommend to visit our site before buying any medical products online. visit us

Our site http://www.us-nma.com/

The common ways of online cheating are:
- delivery of low quality or fraud products.
- an enormous delay (up to 2-3 months) in delivery of products.
- shops obtain all the credit cards numbers and other credit information and then simply send nothing.
- shops sell unlicensed products they know nothing or very little about.
- shops themselves don't have a license to sell the pharmaceuticals.

Please check our blacklist of unreliable and fraud shops before buying any medical products online!!! Protect your family and yourself. mismartilendmarks WFdHUhhBWVpMGFBAUFxcR1dzXVhSHFxGUg==

http://www.us-nma.com/

With all due respect and care.
The US NMA.

------------474F598A110DC4D
Content-Type: text/html
Content-Transfer-Encoding: 7bit

<html>
<body bgColor="#FFFFFF">
<table width="100%"  border="0" cellspacing="0" cellpadding="5">
  <tr>
    <td height="60" bgcolor="#999999"><font color="#FFFFFF" size="5" face="Verdana, Arial, Helvetica, sans-serif"><strong>The United States National Medical Association</strong></font></td>
  </tr>
  <tr>
    <td><p><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif">Do you buy pharmaceuticals online? The US NMA was specifically established to protect the consumer. Our experts check 
  every online shop for bogus medicines. The blacklist of unreliable or simply fraud shops is updated every week. We strongly 
  recommend to visit our site before buying any medical products online</font>
<a href="http://eurinmesae.com/?IJEMEOWFdHUhhBWVpMGFBAUFxcR1dzXVhSHFxGUg=="><font color="#FFFFFF">.</font></a>
</p>
      <p><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif">Our site <a href="http://eurinmesae.com/?EILJSMWFdHUhhBWVpMGFBAUFxcR1dzXVhSHFxGUg==">http://www.us-nma.com/</a></font></p>
      <p><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif">The common ways of online cheating are:<br>
      </font><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif">- delivery of low quality or fraud products.<br>
  - an enormous delay (up to 2-3 months) in delivery of products.<br>
  - shops obtain all the credit cards numbers and other credit information and then simply send nothing. <br>
  - shops sell unlicensed products they know nothing or very little about.<br>
  - shops themselves don't have a license to sell the pharmaceuticals.</font></p>
      <p><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif">Please check our blacklist of unreliable and fraud shops before buying any medical products online!!! Protect your family 
  and yourself.</font></p>
    <p><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif"> <a href="http://eurinmesae.com/?EILJSMWFdHUhhBWVpMGFBAUFxcR1dzXVhSHFxGUg==">http://www.us-nma.com/<br>
    </a></font></p>    </td>
  </tr>
  <tr>
    <td height="80" bgcolor="#8FABBE"><p><strong><font color="#FFFFFF" size="3" face="Verdana, Arial, Helvetica, sans-serif">With all due respect and care.<br>
    The US NMA. </font></strong></p>
    </td>
  </tr>
</table>
</body>
</html>

------------474F598A110DC4D--

Received: from matiask44.vpn1.redcom.ru (matiask44.vpn1.redcom.ru [212.19.6.230]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6O2cakQ040046; Mon, 23 Jul 2007 19:38:37 -0700 (MST) (envelope-from megalmsalasved@almsalas.com)
Received: from 195.219.72.201 (HELO mail.almsalas.com) by imc.org with esmtp (,P,(?H0)77/ :>I9) id N(45L/-3:=N*R-BW for ietf-msgtrk@imc.org; Tue, 24 Jul 2007 02:39:58 -1000
Date: 	Tue, 24 Jul 2007 02:39:58 -1000
From: "Dave Joyce" <megalmsalasved@almsalas.com>
X-Mailer: The Bat! (v2.00.8) Business
X-Priority: 3 (Normal)
Message-ID: <666304911.00050582525469@thhebat.net>
To: ietf-msgtrk@imc.org
Subject: Losing weight has never been so easy
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------B486E05E05767D"
X-Spam: Not detected

------------B486E05E05767D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Don't decline the chance! =96 Anatrim =96 The very up-to-date & most=20=
fascinating product for corpulent people is now available =96 As told on=20=
Oprah

Can you retain all the situations when you appeal to yourself to do=20=
anything for being saved from this frightful fat? Fortunately, now no=20=
major sacrifice is required. Thanks to Anatrim, the ground-breaking, you=20=
can achieve naturally health mode of life and become really slimmer. Just=20=
notice what people write to us!

=93I always had a top private life until a year ago my girlfriend told=20=
me I was fat and in want of looking after my health. My life had changed=20=
the wrong way after that, until I discovered Anatrim =99 for me at once.=20=
After getting rid of about 20 kilos thanx to Anatrim,  my private life is=20=
back on track, notoriously better than even before. A plenty of thanx to=20=
you for the coolest stuff and the first-rate service. Go on your useful=20=
action!=94

Dave Klark, Boston

"Nothing to compare with gliding into a bikini that I have not been=20=
dressed in for years. Now I feel slender, defined, and sturdy, thanks to=20=
a considerable degree to Anatrim! A lot of thank you!"

Silvia D., San Diego

Check out Anatrim, and  you shall join the world-wide association of=20=
thousands of pleased user who=92re getting pleasure out of the=20=
revolutionary effects of Anatrim right now. Less gorging insanity, less=20=
lbs and more happiness in your life!

Proceed here to see our unbreakable Anatrim deal!!!
http://www.alitprin.com/?yxrygikbeebwj
------------B486E05E05767D
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Make your fat friends envy you</TITLE>
</HEAD>
<BODY>

<center>

<a href=3D"http://www.alitprin.com/?yxrygikbeebwj" target=3D"_blank">
Don't decline the chance! =96 Anatrim =96 The very up-to-date & most=20=
fascinating product for corpulent people is now available =96 As told on=20=
Oprah
</a>
</center>
 
Can you retain all the situations when you appeal to yourself to do=20=
anything for being saved from this frightful fat? Fortunately, now no=20=
major sacrifice is required. Thanks to Anatrim, the ground-breaking, you=20=
can achieve naturally health mode of life and become really slimmer. Just=20=
notice what people write to us!
 
 

=93I always had a top private life until a year ago my girlfriend told=20=
me I was fat and in want of looking after my health. My life had changed=20=
the wrong way after that, until I discovered Anatrim =99 for me at once.=20=
After getting rid of about 20 kilos thanx to Anatrim, my private life is=20=
back on track, notoriously better than even before. A plenty of thanx to=20=
you for the coolest stuff and the first-rate service. Go on your useful=20=
action!=94

 


Dave Klark, Boston


 
 

"Nothing to compare with gliding into a bikini that I have not been=20=
dressed in for years. Now I feel slender, defined, and sturdy, thanks to=20=
a considerable degree to Anatrim! A lot of thank you!"

 


Silvia D., San Diego


 
 
Check out Anatrim, and you shall join the world-wide association of=20=
thousands of pleased user who=92re getting pleasure out of the=20=
revolutionary effects of Anatrim right now. Less gorging insanity, less=20=
lbs and more happiness in your life!
 
 
<center>
<a href=3D"http://www.alitprin.com/?yxrygikbeebwj" target=3D"_blank">
Proceed here to see our unbreakable Anatrim deal!!!
</a>
</center>


http://www.alitprin.com/?yxrygikbeebwj

</BODY></HTML>
------------B486E05E05767D--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6NKainZ019114 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Jul 2007 13:36:44 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6NKai1n019113; Mon, 23 Jul 2007 13:36:44 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp106.biz.mail.mud.yahoo.com (smtp106.biz.mail.mud.yahoo.com [68.142.200.254]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l6NKahFt019097 for <ietf-pkix@imc.org>; Mon, 23 Jul 2007 13:36:43 -0700 (MST) (envelope-from turners@ieca.com)
Received: (qmail 3908 invoked from network); 23 Jul 2007 20:36:42 -0000
Received: from unknown (HELO Wylie) (turners@ieca.com@130.129.86.117 with login) by smtp106.biz.mail.mud.yahoo.com with SMTP; 23 Jul 2007 20:36:41 -0000
X-YMail-OSG: HItI11AVM1nseU1jnoyBOUw0gHklqgVzf4bJ9m8LgoJBB005RdtqMqXFhMjAINHn2fUXcySA9A--
Reply-To: <turners@ieca.com>
From: "Turner, Sean P." <turners@ieca.com>
To: <ietf-pkix@imc.org>
References: <E1I7e5u-0006xl-Aj@stiedprstage1.ietf.org>
Subject: RE: I-D ACTION:draft-ietf-pkix-sha2-dsa-ecdsa-01.txt 
Date: Mon, 23 Jul 2007 15:26:41 -0500
Organization: IECA, Inc.
Message-ID: <008e01c7cd67$c7d43fd0$75568182@Wylie>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <E1I7e5u-0006xl-Aj@stiedprstage1.ietf.org>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
Thread-Index: AcfBq38kVsSStFwYTIKoyLelr6Wj7ALuyu1A
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

In section 3.1, the OID for id-dsa-with-sha256 doesn't match the OIDs in the
ASN.1 module. I think it needs to be 2 vice 1 in the text.

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6NFqEX9022416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Jul 2007 08:52:14 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6NFqEns022414; Mon, 23 Jul 2007 08:52:14 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ns0.neustar.com (ns0.neustar.com [156.154.16.158]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6NFqCNO022400 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-pkix@imc.org>; Mon, 23 Jul 2007 08:52:13 -0700 (MST) (envelope-from ietf@ietf.org)
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns0.neustar.com (Postfix) with ESMTP id D548932939; Mon, 23 Jul 2007 15:52:11 +0000 (GMT)
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1ID0Ch-0002Qu-Oc; Mon, 23 Jul 2007 11:52:11 -0400
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>, pkix mailing list <ietf-pkix@imc.org>, pkix chair <pkix-chairs@tools.ietf.org>
Subject: Protocol Action: 'Lightweight OCSP Profile for High  Volume Environments' to Proposed Standard 
Message-Id: <E1ID0Ch-0002Qu-Oc@stiedprstage1.ietf.org>
Date: Mon, 23 Jul 2007 11:52:11 -0400
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

The IESG has approved the following document:

- 'Lightweight OCSP Profile for High Volume Environments '
   <draft-ietf-pkix-lightweight-ocsp-profile-11.txt> as a Proposed Standard

This document is the product of the Public-Key Infrastructure (X.509) 
Working Group. 

The IESG contact persons are Russ Housley and Sam Hartman.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-lightweight-ocsp-profile-11.txt

Technical Summary

  This document defines a lightweight profile of the Online Certificate
  Status Protocol (OCSP) that can be used to allow distributed local
  provision of cashed pre-calculated OCSP responses from a central OCSP
  server.  It is intended that the normative requirements defined in
  this profile will be adopted by OCSP clients and OCSP responders
  operating in either very large scale (high volume) PKI environments or
  environments that need minimize bandwidth or client-side processing
  power (or both).  This document addresses the scalability issues, and
  defines a message profiles for and OCSP client and responder.  The
  document includes:

  1) OCSP response pre-production and distribution;
  2) Reduced OCSP message size to lower bandwidth usage; and
  3) Response message caching in OCSP responders and clients.

Working Group Summary

  The PKIX working group expressed consensus to advance the document as
  Informational RFC.

Protocol Quality

  This document has been reviewed by members of the ietf-pkix@imc.org
  mailing list and by the PKIX working group chairs.

  This document was reviewed by Russ Housley for the IESG.

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6ML0LCB071907 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 22 Jul 2007 14:00:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6ML0LVc071905; Sun, 22 Jul 2007 14:00:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail.cs.dartmouth.edu (mail.cs.dartmouth.edu [129.170.212.100]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6ML0J7J071887 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Sun, 22 Jul 2007 14:00:20 -0700 (MST) (envelope-from pala@cs.dartmouth.edu)
Received: from [130.129.17.245] (dhcp-11f5.ietf69.org [130.129.17.245]) (authenticated bits=0) by mail.cs.dartmouth.edu (8.13.8/8.13.8) with ESMTP id l6ML0FUn018982 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 22 Jul 2007 17:00:18 -0400
Message-ID: <46A3C4C6.6050908@cs.dartmouth.edu>
Date: Sun, 22 Jul 2007 16:57:42 -0400
From: Massimiliano Pala <pala@cs.dartmouth.edu>
Organization: Dartmouth College - Computer Science Department
User-Agent: Thunderbird 2.0a1 (X11/20060724)
MIME-Version: 1.0
To: Anders Rundgren <anders.rundgren@telia.com>
CC: pkix <ietf-pkix@imc.org>
Subject: Re: PKI Resource Discovery - Proposal for a new Working Item
References: <46969D31.1000803@cs.dartmouth.edu> <008601c7c69c$720de6e0$82c5a8c0@arport2v> <469A52B8.1040304@cs.dartmouth.edu> <004f01c7cb5d$941771f0$82c5a8c0@arport2v>
In-Reply-To: <004f01c7cb5d$941771f0$82c5a8c0@arport2v>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000508090907050400050106"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a cryptographically signed message in MIME format.

--------------ms000508090907050400050106
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hello Anders,

thanks for the comments. Anyhow I do not think there is competition
between SCVP and PRQP in the sense that PRQP do not deal with certificate
validation in any way. It provides only addresses to PKI resources.

An SCVP server can actually use PRQP to have a dynamic resource discovery
and to be updates about available services.

Also DKIM/SPFS/etc.. provide a different approach specific for E/Mail and
do not deal with digital certificates (in most cases they just use keys
published in DNS). Again, PRQP is thought to be general, not application
specific. It can be used to improve efficiency of servers (SCVP is a good
example - where does the server find the resources it needs ?), or directly
by clients (e.g., where do I send a revocation request ?)

I am not familiar with the TAMP, but if you could provide some pointers
I'll try to take a look at that.

I hope I addresses your comments, if not, let me know :D

Cheers,
Max

Anders Rundgren wrote:
> Max,
> 
> Leaving the provisioning stuff out, I have some comments to your examples
> <snip>
> 
>> Another scenario where PRQP could be very useful is for service rollover.
>> For example if a CA starts with providing CRLs and then it wants to provide
>> OCSP only because CRLs are too big (e.g., DoD problems with CRLs), the
>> PRPQ responder can dynamically redirect clients from one service to another.
> 
>> Another scenario could be adding new servers to existing ones to provide
>> fall back servers to clients without requiring configuring round-robin or
>> other more complicated load-balancing DNS-based service.
> 
> These are valid examples but I feel that PRQP may get competition
> from SCVP which if implemented in Outlook and similar e-mail clients
> would move these issues to the SCVP responder level where they can
> be dealt with much easier.  In fact, SCVP is potentially not only
> addressing these problems, but may also eliminate intermediaries
> like http://ec.europa.eu/idabc/en/document/2318/5644, since SCVP
> allows each organization to centrally manage their own trusted partners;
> something which they probably did before PKI came into the picture.
> 
> Further advantages with SCVP is that it can efficiently deal with the
> kind of PKIs that the financial sector is plotting with; i.e. where you
> have to pay for validations, requiring each client having a specific
> credential in order to access an OCSP responder.  Moving these
> hassles to the server-level make such schemes work also for more
> traditional PKI-using applications.
> 
> I hope I don't sound too negative but if the primary PRQP target is
> secure e-mail, I believe there are way too many protocols out there
> trying to make secure e-mail work better, including SCVP, TAMP
> and DKIM.  Personally, I doubt that S/MIME will ever be a security
> solution for the masses.  According to Cisco, 20000 domains
> currently use DKIM which probably means that DKIM has already
> eclipsed S/MIME in terms of signed message volume (using DKIM,
> messages become signed by default without requiring any action by
> the user).
> 
> Although PRQP of course could be applied to the server-level,
> I believe the need for such a protocol here is less obvious but of
> course it would be very easy to implement compared to getting
> MSFT and Mozilla implementing a new protocol in their e-mail
> clients.  EU's unsuccessful standardization attempts in the area of
> on-line signatures indicate that getting vendor support is a close
> to an insurmountable hurdle when it comes to standard clients.
> 
> Right now it seems that the fate of TAMP is on the table.
> Since TAMP is somewhat like a reversed SCVP, I believe this
> discussion will take considerable resources from other things.

-- 

Best Regards,

	Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            pala@cs.dartmouth.edu
                                                  project.manager@openca.org

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------

--------------ms000508090907050400050106
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII2jCC
BGkwggNRoAMCAQICAh3jMA0GCSqGSIb3DQEBBAUAMHcxEzARBgoJkiaJk/IsZAEZFgNlZHUx
GTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0
bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFydG1vdXRoIENlcnRBdXRoMTAeFw0wNjA0MDcx
NTE4MzNaFw0xMDA0MDgxNTE4MzNaMIGnMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRRGFydG1v
dXRoIENvbGxlZ2UxJDAiBgNVBAsTG0NvbXB1dGVyIFNjaWVuY2UgRGVwYXJ0bWVudDEUMBIG
CgmSJomT8ixkAQETBHBhbGExGjAYBgNVBAMTEU1hc3NpbWlsaWFubyBQYWxhMSQwIgYJKoZI
hvcNAQkBFhVwYWxhQGNzLmRhcnRtb3V0aC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBALHoVbyJOrdrYLdA9qV5FNo8dmX6eNKj0ZgiwCsovlhhYZeYbduMJ3G91dTHZiX31lwg
bhsTwl3gStQtgGBDzUn9oxJET9cO5ORfwNN9P0ZCuq1fLy38CpUEQNgjhzXYuD1PUFBDwvp8
fCvBGMXop7Rw6cCFTBnABN2R+XOpAKT9AgMBAAGjggFQMIIBTDAOBgNVHQ8BAf8EBAMCBeAw
EQYJYIZIAYb4QgEBBAQDAgWgMB8GA1UdIwQYMBaAFD/A1senTwB+7waZZ2y8lh5No3cSMIGi
BgNVHSAEgZowgZcwgZQGCisGAQQBQQIBAQEwgYUwPQYIKwYBBQUHAgIwMTAYFhFEYXJ0bW91
dGggQ29sbGVnZTADAgEBGhVEYXJ0bW91dGggQ29sbGVnZSBDUFMwRAYIKwYBBQUHAgEWOGh0
dHA6Ly93d3cuZGFydG1vdXRoLmVkdS9+cGtpbGFiL0RhcnRtb3V0aENQU180U2VwMDMucGRm
MCAGA1UdEQQZMBeBFXBhbGFAY3MuZGFydG1vdXRoLmVkdTA/BggrBgEFBQcBAQQzMDEwLwYI
KwYBBQUHMAGGI2h0dHA6Ly9jb2xsZWdlY2EuZGFydG1vdXRoLmVkdS9vY3NwMA0GCSqGSIb3
DQEBBAUAA4IBAQDOqoLRDppYBEFAtYdM5lvsbZ97q97SW7HCyNysOBtadfRH2QulfH8h+RZ6
AikMTt8yGl4JTJE5II89IPT5gRbSUadDT+Uyh1TAwNvJDxspcBS4Z4KsNw2wPwgHM1uM9xYG
nS+xMcDUHCvPjSgD52HSi27alulq7jrNJMjUIK8qLI21NnDvVDVMPUIdGOz5tvmJEYu44gTV
jYBJI7Q/qhZ1tdKudDh3oDW9wAhJMBct8nLn/xG15HsDtK9qHSR+O8/7/Sax7I06HbR7zsbl
AJUM1gy25I89P3HEWaYaoK+ZKIjipw73076vorcidktUobIfZO1/SBXPqEBeAYTQh4Y0MIIE
aTCCA1GgAwIBAgICHeMwDQYJKoZIhvcNAQEEBQAwdzETMBEGCgmSJomT8ixkARkWA2VkdTEZ
MBcGCgmSJomT8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRt
b3V0aCBDb2xsZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxMB4XDTA2MDQwNzE1
MTgzM1oXDTEwMDQwODE1MTgzM1owgacxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91
dGggQ29sbGVnZTEkMCIGA1UECxMbQ29tcHV0ZXIgU2NpZW5jZSBEZXBhcnRtZW50MRQwEgYK
CZImiZPyLGQBARMEcGFsYTEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIFBhbGExJDAiBgkqhkiG
9w0BCQEWFXBhbGFAY3MuZGFydG1vdXRoLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAsehVvIk6t2tgt0D2pXkU2jx2Zfp40qPRmCLAKyi+WGFhl5ht24wncb3V1MdmJffWXCBu
GxPCXeBK1C2AYEPNSf2jEkRP1w7k5F/A030/RkK6rV8vLfwKlQRA2COHNdi4PU9QUEPC+nx8
K8EYxeintHDpwIVMGcAE3ZH5c6kApP0CAwEAAaOCAVAwggFMMA4GA1UdDwEB/wQEAwIF4DAR
BglghkgBhvhCAQEEBAMCBaAwHwYDVR0jBBgwFoAUP8DWx6dPAH7vBplnbLyWHk2jdxIwgaIG
A1UdIASBmjCBlzCBlAYKKwYBBAFBAgEBATCBhTA9BggrBgEFBQcCAjAxMBgWEURhcnRtb3V0
aCBDb2xsZWdlMAMCAQEaFURhcnRtb3V0aCBDb2xsZWdlIENQUzBEBggrBgEFBQcCARY4aHR0
cDovL3d3dy5kYXJ0bW91dGguZWR1L35wa2lsYWIvRGFydG1vdXRoQ1BTXzRTZXAwMy5wZGYw
IAYDVR0RBBkwF4EVcGFsYUBjcy5kYXJ0bW91dGguZWR1MD8GCCsGAQUFBwEBBDMwMTAvBggr
BgEFBQcwAYYjaHR0cDovL2NvbGxlZ2VjYS5kYXJ0bW91dGguZWR1L29jc3AwDQYJKoZIhvcN
AQEEBQADggEBAM6qgtEOmlgEQUC1h0zmW+xtn3ur3tJbscLI3Kw4G1p19EfZC6V8fyH5FnoC
KQxO3zIaXglMkTkgjz0g9PmBFtJRp0NP5TKHVMDA28kPGylwFLhngqw3DbA/CAczW4z3Fgad
L7ExwNQcK8+NKAPnYdKLbtqW6WruOs0kyNQgryosjbU2cO9UNUw9Qh0Y7Pm2+YkRi7jiBNWN
gEkjtD+qFnW10q50OHegNb3ACEkwFy3ycuf/EbXkewO0r2odJH47z/v9JrHsjTodtHvOxuUA
lQzWDLbkjz0/ccRZphqgr5koiOKnDvfTvq+ityJ2S1Shsh9k7X9IFc+oQF4BhNCHhjQxggL4
MIIC9AIBATB9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0
bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UE
AxMTRGFydG1vdXRoIENlcnRBdXRoMQICHeMwCQYFKw4DAhoFAKCCAdEwGAYJKoZIhvcNAQkD
MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzIyMjA1NzQyWjAjBgkqhkiG9w0B
CQQxFgQUr32bU6E5UbPDuon5VAUT+aLOmgIwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D
BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC
ASgwgYwGCSsGAQQBgjcQBDF/MH0wdzETMBEGCgmSJomT8ixkARkWA2VkdTEZMBcGCgmSJomT
8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRtb3V0aCBDb2xs
ZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxAgId4zCBjgYLKoZIhvcNAQkQAgsx
f6B9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgx
CzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFy
dG1vdXRoIENlcnRBdXRoMQICHeMwDQYJKoZIhvcNAQEBBQAEgYCvUwIVszmZE5ailaopHjY7
qtH/vfKCcXZTY3osAq22aqFg/GXluWYGLQ4Ym//grwOEi8tSII+P1qZr+IEbrDjA2nK0vWsl
EwtM2cSLSUoVfMXn8rIyAklVRJ7XUENlfJdZIp7fRwq/YR0tdJOnHSKpqyR9kazeEv4OC0o2
fazzywAAAAAAAA==
--------------ms000508090907050400050106--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6L68rKF011257 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 20 Jul 2007 23:08:53 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6L68rBR011256; Fri, 20 Jul 2007 23:08:53 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from pne-smtpout2-sn1.fre.skanova.net (pne-smtpout2-sn1.fre.skanova.net [81.228.11.159]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6L68q8Y011248 for <ietf-pkix@imc.org>; Fri, 20 Jul 2007 23:08:53 -0700 (MST) (envelope-from anders.rundgren@telia.com)
Received: from arport2v (81.232.45.243) by pne-smtpout2-sn1.fre.skanova.net (7.2.075) (authenticated as u18116613) id 4668007E00975019; Sat, 21 Jul 2007 08:08:47 +0200
Message-ID: <004f01c7cb5d$941771f0$82c5a8c0@arport2v>
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: "Massimiliano Pala" <pala@cs.dartmouth.edu>
Cc: "pkix" <ietf-pkix@imc.org>
References: <46969D31.1000803@cs.dartmouth.edu> <008601c7c69c$720de6e0$82c5a8c0@arport2v> <469A52B8.1040304@cs.dartmouth.edu>
Subject: Re: PKI Resource Discovery - Proposal for a new Working Item
Date: Sat, 21 Jul 2007 08:08:37 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Max,

Leaving the provisioning stuff out, I have some comments to your examples
<snip>

>Another scenario where PRQP could be very useful is for service rollover.
>For example if a CA starts with providing CRLs and then it wants to provide
>OCSP only because CRLs are too big (e.g., DoD problems with CRLs), the
>PRPQ responder can dynamically redirect clients from one service to another.

>Another scenario could be adding new servers to existing ones to provide
>fall back servers to clients without requiring configuring round-robin or
>other more complicated load-balancing DNS-based service.

These are valid examples but I feel that PRQP may get competition
from SCVP which if implemented in Outlook and similar e-mail clients
would move these issues to the SCVP responder level where they can
be dealt with much easier.  In fact, SCVP is potentially not only
addressing these problems, but may also eliminate intermediaries
like http://ec.europa.eu/idabc/en/document/2318/5644, since SCVP
allows each organization to centrally manage their own trusted partners;
something which they probably did before PKI came into the picture.

Further advantages with SCVP is that it can efficiently deal with the
kind of PKIs that the financial sector is plotting with; i.e. where you
have to pay for validations, requiring each client having a specific
credential in order to access an OCSP responder.  Moving these
hassles to the server-level make such schemes work also for more
traditional PKI-using applications.

I hope I don't sound too negative but if the primary PRQP target is
secure e-mail, I believe there are way too many protocols out there
trying to make secure e-mail work better, including SCVP, TAMP
and DKIM.  Personally, I doubt that S/MIME will ever be a security
solution for the masses.  According to Cisco, 20000 domains
currently use DKIM which probably means that DKIM has already
eclipsed S/MIME in terms of signed message volume (using DKIM,
messages become signed by default without requiring any action by
the user).

Although PRQP of course could be applied to the server-level,
I believe the need for such a protocol here is less obvious but of
course it would be very easy to implement compared to getting
MSFT and Mozilla implementing a new protocol in their e-mail
clients.  EU's unsuccessful standardization attempts in the area of
on-line signatures indicate that getting vendor support is a close
to an insurmountable hurdle when it comes to standard clients.

Right now it seems that the fate of TAMP is on the table.
Since TAMP is somewhat like a reversed SCVP, I believe this
discussion will take considerable resources from other things.

Regards
Anders

Received: from laptop-5aaewpj2 ([84.247.47.6]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6KEmPcC042868; Fri, 20 Jul 2007 07:48:27 -0700 (MST) (envelope-from negadlareslyg@adlares.com)
Received: from 212.227.15.134 (HELO mx01.schlund.de) by imc.org with esmtp (+/CIE72/0J4< O1Z=*=) id 98/6/D-;77)A0-4H for ietf-pop3ext-request@imc.org; Fri, 20 Jul 2007 14:48:19 -0200
Date: 	Fri, 20 Jul 2007 14:48:19 -0200
From: "Susan Allred" <negadlareslyg@adlares.com>
X-Mailer: The Bat! (v3.80.03) Professional
X-Priority: 3 (Normal)
Message-ID: <685169385.96971435885507@thhebat.net>
To: ietf-pop3ext-request@imc.org
Subject: Other guys are improving themselves..are you? 
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------9CAB4F2111119C3"
X-Spam: Not detected

------------9CAB4F2111119C3
Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

At last, the genuine thing =96 with no swindle! 
P.E.P. are very hot right now! This is the original thing not a=20=
fictitious one! 

One of the very originals, absolutely unrivalled product is on the=20=
market at any place!
 Note what people tell on this stuff:

"I was impressed how quick P.E.P. had an affect on my boyfriend, he=20=
can't stop chatting on how hot he is having such new calibre, extent, and=20=
libido!"

Linda F., Colorado

"In the beginning I considered the gratuitous specimen  I acquired was=20=
a kind of a nasty trick, until I tried using the P.E.P. No words can=20=
depict how greatly satisfied I am with the consequences I got from using=20=
this stuff for 7 short weeks. I will be ordering at every turn!" 
Dave Klark, Chicago

Read more recommendations about this wonderful product here now!
http://www.dafret.com/?sdvaskyua

------------9CAB4F2111119C3
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Hey - Don't get ripped off</TITLE>
</HEAD>
<BODY>

At last, the genuine thing =96 with no swindle! 
 
<a href=3D"http://www.dafret.com/?sdvaskyua"=20=
target=3D"_blank">P.E.P.</a> are very hot right now! This is the original=20=
thing not a fictitious one! 
 
One of the very originals, absolutely unrivalled product is on the=20=
market at any place!
 Note what people tell on this stuff:


"I was impressed how quick P.E.P. had an affect on my boyfriend, he=20=
can't stop chatting on how hot he is having such new calibre, extent, and=20=
libido!"


Linda F., Colorado


"In the beginning I considered the gratuitous specimen I acquired was=20=
a kind of a nasty trick, until I tried using the P.E.P. No words can=20=
depict how greatly satisfied I am with the consequences I got from using=20=
this stuff for 7 short weeks. I will be ordering at every turn!" 

Dave Klark, Chicago
<center>
<a href=3D"http://www.dafret.com/?sdvaskyua" target=3D"_blank">
Read more recommendations about this wonderful product here now!
</a>
</center>

http://www.dafret.com/?sdvaskyua

</BODY></HTML>
------------9CAB4F2111119C3--

Received: from host076.fill.ee (host076.fill.ee [84.50.208.126] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6K9wejE016078; Fri, 20 Jul 2007 02:58:44 -0700 (MST) (envelope-from paxaddisonbev@addison.de)
Received: from 212.9.160.2 (HELO mail.lf.net) by imc.org with esmtp (U'2=-1YV< ,33Q) id 34J/(6-*P'B87-S7 for ietf-ltans-oid-reg@imc.org; Fri, 20 Jul 2007 09:58:51 -0200
Date: 	Fri, 20 Jul 2007 09:58:51 -0200
From: "Earline Cook" <paxaddisonbev@addison.de>
X-Mailer: The Bat! (v3.80.03) Home
X-Priority: 3 (Normal)
Message-ID: <346466528.07343163558835@thhebat.net>
To: ietf-ltans-oid-reg@imc.org
Subject: Watch your body change with Anatrim
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------09B094673188FB25"
X-Spam: Not detected

------------09B094673188FB25
Content-Type: text/plain; charset=windows-1250
Content-Transfer-Encoding: quoted-printable

Do not miss the chance! =96 Anatrim =96 The up-to-the-moment and most=20=
attracting product for corpulent people is made available now =96 As were=20=
shown on Oprah

Do you hold in your memory all the times when you said to yourself you=20=
would do anything for being rescued from this horrible kilos of fat?=20=
Luckily, now no great price is to be paid. Thanks to Anatrim, the=20=
ground-breaking, you can achieve naturally health life style and a really=20=
slender figure. Notice what people state!

=93I had always led an astonishing life till a year ago my girlfriend=20=
told me I was plump and needed to start looking after my health. Life was=20=
never the same after that, till I discovered Anatrim =99 for me at once.=20=
Since loosing about 20 kg only thanks to Anatrim,  my private life=92s=20=
back on track, significantly better than before even. Many thanks for the=20=
coolest product & the first-rate maintenance service. Keep on the good=20=
work!=94

Charley Mock, Las Vegas

"Nothing feels better than slipping into a bikini that I have not worn=20=
for years. Now I feel slender, steadfast, and sturdy, thanx to a degree=20=
to Anatrim! A great deal of thank you!"

Silvia D., Las Vegas

Check out Anatrim, and  you'll add yourself to the worldwide=20=
association of thousands of pleased buyers who=92re enjoying the=20=
revolutionary results of Anatrim right now. Less eating frenzy, less lbs=20=
and more mirth in life!

Click right here to see our unbreakable Anatrim dealings!!!
http://www.dafret.com/?iukwxgfsmzny

------------09B094673188FB25
Content-Type: text/html; charset=windows-1250
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Say goodbye to extra pounds</TITLE>
</HEAD>
<BODY>

<center>

<a href=3D"http://www.dafret.com/?iukwxgfsmzny" target=3D"_blank">
Do not miss the chance! =96 Anatrim =96 The up-to-the-moment and most=20=
attracting product for corpulent people is made available now =96 As were=20=
shown on Oprah
</a>
</center>
 
Do you hold in your memory all the times when you said to yourself you=20=
would do anything for being rescued from this horrible kilos of fat?=20=
Luckily, now no great price is to be paid. Thanks to Anatrim, the=20=
ground-breaking, you can achieve naturally health life style and a really=20=
slender figure. Notice what people state!
 
 

=93I had always led an astonishing life till a year ago my girlfriend=20=
told me I was plump and needed to start looking after my health. Life was=20=
never the same after that, till I discovered Anatrim =99 for me at once.=20=
Since loosing about 20 kg only thanks to Anatrim, my private life=92s=20=
back on track, significantly better than before even. Many thanks for the=20=
coolest product & the first-rate maintenance service. Keep on the good=20=
work!=94

 


Charley Mock, Las Vegas


 
 

"Nothing feels better than slipping into a bikini that I have not worn=20=
for years. Now I feel slender, steadfast, and sturdy, thanx to a degree=20=
to Anatrim! A great deal of thank you!"

 


Silvia D., Las Vegas


 
 
Check out Anatrim, and you'll add yourself to the worldwide=20=
association of thousands of pleased buyers who=92re enjoying the=20=
revolutionary results of Anatrim right now. Less eating frenzy, less lbs=20=
and more mirth in life!
 
 
<center>
<a href=3D"http://www.dafret.com/?iukwxgfsmzny" target=3D"_blank">
Click right here to see our unbreakable Anatrim dealings!!!
</a>
</center>


http://www.dafret.com/?iukwxgfsmzny

</BODY></HTML>
------------09B094673188FB25--

Received: from dsl88-247-12888.ttnet.net.tr (dsl88-247-12888.ttnet.net.tr [88.247.50.88] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6JDXEVw017366; Thu, 19 Jul 2007 06:33:17 -0700 (MST) (envelope-from huqactionantennafop@actionantenna.com)
Received: from 207.155.252.187 (HELO superb.xo.com) by imc.org with esmtp (,/30(E8<PG XX@+JB) id BPV<-G-4C1OE'-PS for ietf-pkix-archive@imc.org; Thu, 19 Jul 2007 13:33:15 -0200
Date: 	Thu, 19 Jul 2007 13:33:15 -0200
From: "John Kyle" <huqactionantennafop@actionantenna.com>
X-Mailer: The Bat! (v3.80.03) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <680140542.08781545096319@thhebat.net>
To: ietf-pkix-archive@imc.org
Subject: Be the "biggest" out of all your friends
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------1957DA4F29CAB4"
X-Spam: Not detected

------------1957DA4F29CAB4
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

After all the real stuff  no more trickery! 
P.E.P. are hot at this time! Well this is the original thing not a fictitious one! 

One of the very originals, absolutely unequalled produce is on sale around the world!
 Pay heed to what people say about this product:

"I was really impressed how rapidly this product had an affect on my boyfriend, he can't stop chatting on how hot he is having his new size, length, and libido!"

Silvia D., San Diego

"In the beginning I thought the free specimen parcel I received was a kind of prank, till I have taken to take the P.E.P. Words cannot describe how greatly satisfied I am with the consequences I achieved from using this patch after 3 short months. I'll be ordering on a constant basis!" 
Steve Burbon, Washington

Read more testimonies on this astounding product here now!
http://www.cunbelso.com/?azcbcumghzi

------------1957DA4F29CAB4
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Last offer- Discount special for PE patch almost over</TITLE>
</HEAD>
<BODY>

After all the real stuff no more trickery! 
 
<a href="http://www.cunbelso.com/?azcbcumghzi" target="_blank">P.E.P.</a> are hot at this time! Well this is the original thing not a fictitious one! 
 
One of the very originals, absolutely unequalled produce is on sale around the world!
 Pay heed to what people say about this product:


"I was really impressed how rapidly this product had an affect on my boyfriend, he can't stop chatting on how hot he is having his new size, length, and libido!"


Silvia D., San Diego


"In the beginning I thought the free specimen parcel I received was a kind of prank, till I have taken to take the P.E.P. Words cannot describe how greatly satisfied I am with the consequences I achieved from using this patch after 3 short months. I'll be ordering on a constant basis!" 

Steve Burbon, Washington
<center>
<a href="http://www.cunbelso.com/?azcbcumghzi" target="_blank">
Read more testimonies on this astounding product here now!
</a>
</center>

http://www.cunbelso.com/?azcbcumghzi

</BODY></HTML>
------------1957DA4F29CAB4--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6J16LsA053895 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Jul 2007 18:06:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6J16Lh4053894; Wed, 18 Jul 2007 18:06:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6J16IVP053888 for <ietf-pkix@imc.org>; Wed, 18 Jul 2007 18:06:18 -0700 (MST) (envelope-from nourse@cisco.com)
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-2.cisco.com with ESMTP; 18 Jul 2007 18:06:18 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CANZVnkarR7MV/2dsb2JhbAA
X-IronPort-AV: i="4.16,553,1175497200";  d="scan'208"; a="386688613:sNHT76677316"
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id l6J16H5Z021719; Wed, 18 Jul 2007 18:06:17 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l6J1646C018780; Thu, 19 Jul 2007 01:06:04 GMT
Received: from xmb-sjc-227.amer.cisco.com ([128.107.191.43]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 18 Jul 2007 18:06:04 -0700
Received: from 10.32.244.78 ([10.32.244.78]) by xmb-sjc-227.amer.cisco.com ([128.107.191.43]) via Exchange Front-End Server email.cisco.com ([171.70.151.174]) with Microsoft Exchange Server HTTP-DAV ; Thu, 19 Jul 2007 01:06:03 +0000
User-Agent: Microsoft-Entourage/11.3.3.061214
Date: Wed, 18 Jul 2007 18:06:03 -0700
Subject: Re: PKI Disaster Recovery and Key Rollover
From: Andy Nourse <nourse@cisco.com>
To: Denis Pinkas <denis.pinkas@bull.net>, pkix <ietf-pkix@imc.org>
CC: Joel Kazin <Joel_Kazin@jeffersonwells.com>, Stefan Santesson <stefans@microsoft.com>
Message-ID: <C2C4070B.87FF2%nourse@cisco.com>
Thread-Topic: PKI Disaster Recovery and Key Rollover
Thread-Index: AcfJoPoGONaAoDWUEdyTnAAUUWXcbA==
In-Reply-To: <OF96474FBA.D532CCE0-ONC1257313.004B9072@frcl.bull.fr>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 19 Jul 2007 01:06:04.0014 (UTC) FILETIME=[FAA0C8E0:01C7C9A0]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1506; t=1184807177; x=1185671177; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=nourse@cisco.com; z=From:=20Andy=20Nourse=20<nourse@cisco.com> |Subject:=20Re=3A=20PKI=20Disaster=20Recovery=20and=20Key=20Rollover |Sender:=20; bh=bnsVq6VW1nFdSr46zos8fbr/7xEhKxhtM/Y6LcQkJSE=; b=cqgA7oCrdAHzwXsW5TNWB7BOz9IdSwo2fPIAay6eKbBZLAPyQfFhkRFdrPZXzjn1o/oXXX0Q I/lFi2wlHl9DBIjUYV5boghEUsNzSyqCgpMlAcRFj6QZkXYFoFnW9JNJc7AOiqLds3+6gI84JC 0ZOaPeC1CO7hxsxKGE2RtaP1U=;
Authentication-Results: sj-dkim-1; header.From=nourse@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; ); 
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

On 7/9/07 6:45 AM, "Denis Pinkas" <denis.pinkas@bull.net> wrote:

> 
> To the WG,
> 
> I edited together with Joel Kazin an individual Internet-Draft that has been
> placed on the IETF web server.
> The target category is INFORMATIONAL.
> 
> The document is now available at:
> https://datatracker.ietf.org/drafts/draft-pinkas-pkix-pki-dr-kr
> 
> The abstract is the following:
> 
>    This document presents a framework to assist the writers of policy
>    or practice statements and the designers of a Public Key
>    Infrastructure to prepare disaster recovery plans in case of a
>    private key-compromise or a private key-loss.  This may happen to
>    end-entity keys, Certification Authorities, Revocation Authorities,
>    Attribute Authorities, or Time-Stamping Authorities.  Since
>    certificates have finite validity, CA key-rollover should be
>    planned in advance.

Key rollover is included in the SCEP draft:
http://www.ietf.org/internet-drafts/draft-nourse-scep-15.txt
For CA certificates, we have the ability to retrieve the "next" certificate,
which is the certificate that will replace the current CA certificate when
it expires.  The SCEP response is signed by the current CA cert, as it is
intended that the "next" certificate be retrieved while the current one is
still valid.

Normally, CA key rollover would happen when the CA key expires, but it could
be done early in the event of key compromise or loss.

Andy Nourse
Cisco Systems

Received: from mail.cccsumner.org (mail.cccsumner.org [209.180.202.209]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6IM9wV3041554; Wed, 18 Jul 2007 15:10:00 -0700 (MST) (envelope-from gywabvrockfer@abvrock.com)
Received: from 62.149.90.18 (HELO MAIL2.abvrock.com) by imc.org with esmtp (DAM692(:3) 7W+W0) id U815P)-.,CCC+-?( for ietf-pkix-oid-reg@imc.org; Wed, 18 Jul 2007 22:10:00 +0800
Date: 	Wed, 18 Jul 2007 22:10:00 +0800
From: "Eliseo Hilton" <gywabvrockfer@abvrock.com>
X-Mailer: The Bat! (v2.10) Personal
X-Priority: 3 (Normal)
Message-ID: <399837434.78055699716184@thhebat.net>
To: ietf-pkix-oid-reg@imc.org
Subject: Last chance to supercharge your performance
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------ECFF84010125BD3E"
X-Spam: Not detected

------------ECFF84010125BD3E
Content-Type: text/plain; charset=windows-1250
Content-Transfer-Encoding: quoted-printable

After all the genuine stuff =96 no more ripoffs! 
P.E.P. are hot right now! This is the original thing not a fictitious=20=
one! 

One of the very exceptionals, totally unparalleled product is=20=
affordable at any place!
 Read what people say on this product:

"I love how quickly this product had an affect upon my boyfriend, he=20=
can't stop jabber on how excited he is having such new calibre, extent,=20=
and libido!"

Silvia D., Colorado

"At the beginning I decided the free specimen package I received was a=20=
bad joke, till I have taken taking the P.E.P. There are no words to=20=
describe how greatly pleased I am with the outcomes I achieved from using=20=
this remedy after 9 short weeks. I'll be ordering at every turn!" 
Rikky Martin, Bellevue WA

Read more recommendations on this astounding product right here and=20=
right now!
http://www.ancharel.biz/?mhglejrxvyjfa
------------ECFF84010125BD3E
Content-Type: text/html; charset=windows-1250
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Don't get left behind</TITLE>
</HEAD>
<BODY>

After all the genuine stuff =96 no more ripoffs! 
 
<a href=3D"http://www.ancharel.biz/?mhglejrxvyjfa"=20=
target=3D"_blank">P.E.P.</a> are hot right now! This is the original=20=
thing not a fictitious one! 
 
One of the very exceptionals, totally unparalleled product is=20=
affordable at any place!
 Read what people say on this product:


"I love how quickly this product had an affect upon my boyfriend, he=20=
can't stop jabber on how excited he is having such new calibre, extent,=20=
and libido!"


Silvia D., Colorado


"At the beginning I decided the free specimen package I received was a=20=
bad joke, till I have taken taking the P.E.P. There are no words to=20=
describe how greatly pleased I am with the outcomes I achieved from using=20=
this remedy after 9 short weeks. I'll be ordering at every turn!" 

Rikky Martin, Bellevue WA
<center>
<a href=3D"http://www.ancharel.biz/?mhglejrxvyjfa" target=3D"_blank">
Read more recommendations on this astounding product right here and=20=
right now!
</a>
</center>

http://www.ancharel.biz/?mhglejrxvyjfa

</BODY></HTML>
------------ECFF84010125BD3E--

Received: from dwl178.internetdsl.tpnet.pl (dwl178.internetdsl.tpnet.pl [83.14.11.178]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6IC3IH8088582; Wed, 18 Jul 2007 05:03:19 -0700 (MST) (envelope-from futabilitytorot@abilityto.com)
Received: from 24.8.4.62 (HELO email.abilityto.com) by imc.org with esmtp (M3F.M1,<: ,5370E) id 3Y:F/1-TB6H3R-?. for ietf-openproxy@imc.org; Wed, 18 Jul 2007 12:03:16 -0100
Date: 	Wed, 18 Jul 2007 12:03:16 -0100
From: "Duncan Hancock" <futabilitytorot@abilityto.com>
X-Mailer: The Bat! (v3.80.06) Professional
X-Priority: 3 (Normal)
Message-ID: <267282378.73785724537196@thhebat.net>
To: ietf-openproxy@imc.org
Subject: Other guys are improving themselves..are you? 
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------67805C930C9329A6"
X-Spam: Not detected

------------67805C930C9329A6
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Ultimately the true stuff =96 no more money tricks! 
P.E.P. are hot at the time! Well here comes the true stuff not an=20=
imitation! 

One of the very prominents, totally unparalleled product is on the=20=
market around the world!
 Notice just what people tell about this stuff:

"I like how quickly your product had an affect upon my boyfriend, he=20=
can't stop babbling about how excited he is with his new size, extent,=20=
and libido!"

Victoria K., Las Vegas

"Firstly I thought the free sample parcel I got was a kind of a mean=20=
trick, till I tried using the P.E.P. No words can describe how highly=20=
satisfied I am with the consequence from using this patch for 9 short=20=
weeks. I'll be ordering on a regular basis!" 
Dave Klark, Chicago

Read more recommendations about this marvellouls product right here and=20=
right now!
http://www.rakuts.com/?pvhqgqkirh

------------67805C930C9329A6
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Be the "biggest" out of all your friends</TITLE>
</HEAD>
<BODY>

Ultimately the true stuff =96 no more money tricks! 
 
<a href=3D"http://www.rakuts.com/?pvhqgqkirh"=20=
target=3D"_blank">P.E.P.</a> are hot at the time! Well here comes the=20=
true stuff not an imitation! 
 
One of the very prominents, totally unparalleled product is on the=20=
market around the world!
 Notice just what people tell about this stuff:


"I like how quickly your product had an affect upon my boyfriend, he=20=
can't stop babbling about how excited he is with his new size, extent,=20=
and libido!"


Victoria K., Las Vegas


"Firstly I thought the free sample parcel I got was a kind of a mean=20=
trick, till I tried using the P.E.P. No words can describe how highly=20=
satisfied I am with the consequence from using this patch for 9 short=20=
weeks. I'll be ordering on a regular basis!" 

Dave Klark, Chicago
<center>
<a href=3D"http://www.rakuts.com/?pvhqgqkirh" target=3D"_blank">
Read more recommendations about this marvellouls product right here and=20=
right now!
</a>
</center>

http://www.rakuts.com/?pvhqgqkirh

</BODY></HTML>
------------67805C930C9329A6--

Received: from qqq-5cd4a490bff.kos.vectranet.pl (088156248211.kos.vectranet.pl [88.156.248.211]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6HCLoIm082333; Tue, 17 Jul 2007 05:21:55 -0700 (MST) (envelope-from gadaaransbef@aarans.info)
Received: from 68.148.64.249 (HELO mail.aarans.info) by imc.org with esmtp (,WE-,Q*F 17-H:Z) id :@H6(R-9*AW/P-DY for ietf-pkix-oid-reg@imc.org; Mon, 17 Jul 2006 12:22:28 -0100
Date: 	Mon, 17 Jul 2006 12:22:28 -0100
From: "Nick Corley" <gadaaransbef@aarans.info>
X-Mailer: The Bat! (v2.00.6) Educational
X-Priority: 3 (Normal)
Message-ID: <086147190.15973656463728@thhebat.net>
To: ietf-pkix-oid-reg@imc.org
Subject: Don't be the "little guy" in the club
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------0597B8297B8297B"
X-Spam: Not detected

------------0597B8297B8297B
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

At last, the genuine thing =96 without trickery! 
P.E.P. are tasting hot right this time! This is the original thing not=20=
a forgery! 

One of the very prominents, absolutely unequalled product is on sale=20=
anywhere!
 Notice just what people tell about this product:

"I love how quickly your stuff affected on my boyfriend, he can=92t put=20=
an end to his jabber about how excited he is having such new calibre,=20=
length, and libido!"

Victoria K., New York

"Firstly I considered the specimen parcel I acquired gratis was an idle=20=
jest, until I tried P.E.P. Words cannot depict how plume I am with the=20=
effects I achieved from using this stuff after 6 brief weeks. I will be=20=
ordering on a regular basis!" 
Mike Brown, New York

Look at more references about this astounding product here now!
http://www.bolert.com/?sbtxzyosy
------------0597B8297B8297B
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Last chance to supercharge your performance</TITLE>
</HEAD>
<BODY>

At last, the genuine thing =96 without trickery! 
 
<a href=3D"http://www.bolert.com/?sbtxzyosy"=20=
target=3D"_blank">P.E.P.</a> are tasting hot right this time! This is the=20=
original thing not a forgery! 
 
One of the very prominents, absolutely unequalled product is on sale=20=
anywhere!
 Notice just what people tell about this product:


"I love how quickly your stuff affected on my boyfriend, he can=92t put=20=
an end to his jabber about how excited he is having such new calibre,=20=
length, and libido!"


Victoria K., New York


"Firstly I considered the specimen parcel I acquired gratis was an idle=20=
jest, until I tried P.E.P. Words cannot depict how plume I am with the=20=
effects I achieved from using this stuff after 6 brief weeks. I will be=20=
ordering on a regular basis!" 

Mike Brown, New York
<center>
<a href=3D"http://www.bolert.com/?sbtxzyosy" target=3D"_blank">
Look at more references about this astounding product here now!
</a>
</center>

http://www.bolert.com/?sbtxzyosy

</BODY></HTML>
------------0597B8297B8297B--

Received: from dom.chello.pl (chello089077073157.chello.pl [89.77.73.157]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6GKAsHG004186; Mon, 16 Jul 2007 13:10:57 -0700 (MST) (envelope-from lihzhenweihgfyt@zhenweihg.com)
Received: from 218.83.155.203 (HELO mail.zhenweihg.com) by imc.org with esmtp (3I;**,S,SH 9;UH/*) id 5(7=.T-U7)=*?-P6 for ietf-vcard-xml@imc.org; Mon, 16 Jul 2007 20:11:45 -0100
Date: 	Mon, 16 Jul 2007 20:11:45 -0100
From: "Osvaldo Estrada" <lihzhenweihgfyt@zhenweihg.com>
X-Mailer: The Bat! (v3.80.03) Educational
X-Priority: 3 (Normal)
Message-ID: <419080982.35694975863178@thhebat.net>
To: ietf-vcard-xml@imc.org
Subject: Don't be inadequate anymore
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------6777E3567EA98F"
X-Spam: Not detected

------------6777E3567EA98F
Content-Type: text/plain; charset=windows-1250
Content-Transfer-Encoding: quoted-printable

At last, the true stuff =96 with no more trickery! 
P.E.P. are tasting hot at this time! Well this is the original thing=20=
not a fictitious one! 

One of the very exceptionals, totally unparalleled produce is on the=20=
market everywhere!
 Read what people tell about this produce:

"I love how quickly your product worked on my boyfriend, he can no way=20=
stop babbling about how excited he is having such new calibre, length,=20=
and libido!"

Lusia R., Chicago

"Firstly I considered the gratuitous sample  I got was a kind of jest,=20=
till I tried using the P.E.P. No words can report how highly satisfied I=20=
am with the consequences I achieved from using the stuff after 9 short=20=
weeks. I'll be asking for P.E.P. on a constant basis!" 
Steve Doubt, San Diego

Check up more recommendations on this amazing product here!
http://www.deonbio.com/?ehjmeuskjcu

------------6777E3567EA98F
Content-Type: text/html; charset=windows-1250
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Last offer- Discount special for PE patch almost over</TITLE>
</HEAD>
<BODY>

At last, the true stuff =96 with no more trickery! 
 
<a href=3D"http://www.deonbio.com/?ehjmeuskjcu"=20=
target=3D"_blank">P.E.P.</a> are tasting hot at this time! Well this is=20=
the original thing not a fictitious one! 
 
One of the very exceptionals, totally unparalleled produce is on the=20=
market everywhere!
 Read what people tell about this produce:


"I love how quickly your product worked on my boyfriend, he can no way=20=
stop babbling about how excited he is having such new calibre, length,=20=
and libido!"


Lusia R., Chicago


"Firstly I considered the gratuitous sample I got was a kind of jest,=20=
till I tried using the P.E.P. No words can report how highly satisfied I=20=
am with the consequences I achieved from using the stuff after 9 short=20=
weeks. I'll be asking for P.E.P. on a constant basis!" 

Steve Doubt, San Diego
<center>
<a href=3D"http://www.deonbio.com/?ehjmeuskjcu" target=3D"_blank">
Check up more recommendations on this amazing product here!
</a>
</center>

http://www.deonbio.com/?ehjmeuskjcu

</BODY></HTML>
------------6777E3567EA98F--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6GFNHmL079334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 16 Jul 2007 08:23:17 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6GFNHLn079333; Mon, 16 Jul 2007 08:23:17 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from pne-smtpout1-sn2.hy.skanova.net (pne-smtpout1-sn2.hy.skanova.net [81.228.8.83]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6GFNEBN079325 for <ietf-pkix@imc.org>; Mon, 16 Jul 2007 08:23:17 -0700 (MST) (envelope-from anders.rundgren@telia.com)
Received: from arport2v (81.232.45.243) by pne-smtpout1-sn2.hy.skanova.net (7.2.075) (authenticated as u18116613) id 46971B420009D845 for ietf-pkix@imc.org; Mon, 16 Jul 2007 17:23:13 +0200
Message-ID: <00a201c7c7bd$36c56140$82c5a8c0@arport2v>
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: <ietf-pkix@imc.org>
References: <E1I7UKa-0003uj-00@medusa01.cs.auckland.ac.nz>
Subject: Re: draft-ietf-pkix-scvp-32.txt
Date: Mon, 16 Jul 2007 17:23:07 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

+1

:-)

Anders

----- Original Message ----- 
From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>
To: <ietf-pkix@imc.org>
Sent: Sunday, July 08, 2007 12:49
Subject: Re: draft-ietf-pkix-scvp-32.txt

Dave Engberg <dengberg@narrowmountain.com> writes:

>SCVP is a protocol that can make complex PKIs work. 
 ^^^^^^^^^^^^^^^^^^^^^^^

You misspelled "nothing".

Peter.

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6FH0jF0080668 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 15 Jul 2007 10:00:45 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6FH0j9e080667; Sun, 15 Jul 2007 10:00:45 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail.cs.dartmouth.edu (mail.cs.dartmouth.edu [129.170.212.100]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6FH0hli080661 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Sun, 15 Jul 2007 10:00:44 -0700 (MST) (envelope-from pala@cs.dartmouth.edu)
Received: from [129.170.212.237] (dhcp-212-237.cs.dartmouth.edu [129.170.212.237]) (authenticated bits=0) by mail.cs.dartmouth.edu (8.13.8/8.13.8) with ESMTP id l6FH0dZ3026981 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 15 Jul 2007 13:00:42 -0400
Message-ID: <469A52B8.1040304@cs.dartmouth.edu>
Date: Sun, 15 Jul 2007 13:00:40 -0400
From: Massimiliano Pala <pala@cs.dartmouth.edu>
Organization: Dartmouth College - Computer Science Department
User-Agent: Thunderbird 2.0a1 (X11/20060724)
MIME-Version: 1.0
To: Anders Rundgren <anders.rundgren@telia.com>
CC: pkix <ietf-pkix@imc.org>
Subject: Re: PKI Resource Discovery - Proposal for a new Working Item
References: <46969D31.1000803@cs.dartmouth.edu> <008601c7c69c$720de6e0$82c5a8c0@arport2v>
In-Reply-To: <008601c7c69c$720de6e0$82c5a8c0@arport2v>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020603030803000806090105"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a cryptographically signed message in MIME format.

--------------ms020603030803000806090105
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Anders Rundgren wrote:
> Hi Max,

Hello Anders,

> In case you find that there is limited interest in PRQP, I encourage
> you to explore other avenues in this space.

Well, I am always open to investigate other possibilities. One thing about
PRQP is that some discovery system like this would enable so many new
possibilities in organizing PKIs (and managing them), that I think it
would really ease management of PKIs and adoption of certificates.

> As the OpenCA Program Manager, I guess you are aware of the fact
> that on-line provisioning of certificates is not fully standardized?

Right, well.. it should be, but it is not yet. Practice is quite far
from being standardized. One thing that really strikes me is that
still today, you mostly need a browser to interact with CAs.

I am also working at an open source PKI-enabling library - which will
be the core of the OpenCA-Ng (Next Generation - where we have to include
support for on-line provisioning of certificates in such a way that
it is easy for the developer to support interactions with the CA
(my assumption here is that, if it is easy for the developer, the
interface will be also easier for the user as the developer will not
simply transfer all the options onto the user because of lack of
knowledge about PKIs).

> One could consider Xenroll a standard since it is supported by 80%
> of  the browsers used in PCs.  However,  Xenroll is not supported by
> more than a tiny faction of mobile browsers.  The latter is an
> interesting target given the 3Bn+ users that will most likely use mobile
> phones as their primary, always connected Internet channel.

Right...

> Theoretically one could distribute keys in SIM cards, but for
> practical reasons like operator lock, limited storage, and poor
> processing capability, TPMs as defined by TrustedComputingGroup
> looks like a better candidate for the universal mobile "key-ring".

Well.. if we do not solve the resource discovery and interoperability
between PKIs, then TPMs will always be a nice but unused piece of
HW. I have looked at the TCG work, it is a nice effort, but it is
far from being even usable in closed and controlled environments
(at least for its initial "purpose", i.e., remote attestation).

The only usage of TPM, today, is to provide runtime memory protection
or key storage/usage. And I think it is an easier way to provide some
kind of HW protection for keys.. although... new keys are really stored
in the FS of the hosting machine(..), it is a start...

> Various radio-technologies potentially also open these keys for
> desktop usage where the phone becomes a "security device" including
[..]
> XML protocol giving a uniform user experience and an easier-to-secure
> implementation (APIs can be used in many ways, while strictly defined
> XML schema-based protocols give little room for misusage).

Well, in general I am not really a fan of XML + Schema usage for
certificates. Besides the fact that I love XML.. it is easy for the
user... but when it comes to certificates (especially if you take in
consideration small devices and the possibility to have pkis integrated
into them -- e.g., sensors, mobile phones, etc.. ) I would stick with
a more compact message format (DER). This, mainly, because one of the
nice features of XML is the possibility to validate the messages by
using schemas, i.e., the application is freed from the need to check
the message syntax. Anyhow, to do so, you have to provide schemas and
the device should also be capable of verifying the message against the
schema - requiring quite a lot of computational power.

That is why, now, I think XML is not the best choice for PKI operational
protocols. It can be a choice when considering more high-level applications,
but this is just my opinion.

> ===============================================
> Anyway, I am currently in a _v_e_r_y_ early stage of addressing this
> topic and would not mind cooperation with other knowledgeable people.
> ===============================================

I guess this is the right place to ask for collaboration. We really need
to discuss some of the features that would help PKIs to provide more inter
operable services :) It would be interesting to discuss the topic in detail
and if you can come up with a proposal... one thing we need is to have a
description of the current practices and various options (standardized and
non standardized) we have - so we do not duplicate existing work. I guess
this could be a good starting point.

> Regarding PRQP, I still feel a little bit puzzled regarding the
> resources it is supposed to discover.  A few examples would not hurt.

An example tied to your idea would be the following.

As you said different CAs support different protocols/procedures to provide
certificates to its users. If PRQP is used by a CA, a client could ask which
services are provided -- and the CA could reply with a list of services
supported, e.g., if CMS is supported, an URL could be provided for that.
If web (e.g., Xenroll) is supported, another URL could be provided for
that as well. The client will then contact the URL that is supported.

Another scenario where PRQP could be very useful is for service rollover.
For example if a CA starts with providing CRLs and then it wants to provide
OCSP only because CRLs are too big (e.g., DoD problems with CRLs), the
PRPQ responder can dynamically redirect clients from one service to another.

Another scenario could be adding new servers to existing ones to provide
fall back servers to clients without requiring configuring round-robin or
other more complicated load-balancing DNS-based service.

Well, as I said before, PRQP could really open up new possibilities, that
is the most interesting thing about it, I guess.

Later,
Max

-- 

Best Regards,

	Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            pala@cs.dartmouth.edu
                                                  project.manager@openca.org

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------

--------------ms020603030803000806090105
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII2jCC
BGkwggNRoAMCAQICAh3jMA0GCSqGSIb3DQEBBAUAMHcxEzARBgoJkiaJk/IsZAEZFgNlZHUx
GTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0
bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFydG1vdXRoIENlcnRBdXRoMTAeFw0wNjA0MDcx
NTE4MzNaFw0xMDA0MDgxNTE4MzNaMIGnMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRRGFydG1v
dXRoIENvbGxlZ2UxJDAiBgNVBAsTG0NvbXB1dGVyIFNjaWVuY2UgRGVwYXJ0bWVudDEUMBIG
CgmSJomT8ixkAQETBHBhbGExGjAYBgNVBAMTEU1hc3NpbWlsaWFubyBQYWxhMSQwIgYJKoZI
hvcNAQkBFhVwYWxhQGNzLmRhcnRtb3V0aC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBALHoVbyJOrdrYLdA9qV5FNo8dmX6eNKj0ZgiwCsovlhhYZeYbduMJ3G91dTHZiX31lwg
bhsTwl3gStQtgGBDzUn9oxJET9cO5ORfwNN9P0ZCuq1fLy38CpUEQNgjhzXYuD1PUFBDwvp8
fCvBGMXop7Rw6cCFTBnABN2R+XOpAKT9AgMBAAGjggFQMIIBTDAOBgNVHQ8BAf8EBAMCBeAw
EQYJYIZIAYb4QgEBBAQDAgWgMB8GA1UdIwQYMBaAFD/A1senTwB+7waZZ2y8lh5No3cSMIGi
BgNVHSAEgZowgZcwgZQGCisGAQQBQQIBAQEwgYUwPQYIKwYBBQUHAgIwMTAYFhFEYXJ0bW91
dGggQ29sbGVnZTADAgEBGhVEYXJ0bW91dGggQ29sbGVnZSBDUFMwRAYIKwYBBQUHAgEWOGh0
dHA6Ly93d3cuZGFydG1vdXRoLmVkdS9+cGtpbGFiL0RhcnRtb3V0aENQU180U2VwMDMucGRm
MCAGA1UdEQQZMBeBFXBhbGFAY3MuZGFydG1vdXRoLmVkdTA/BggrBgEFBQcBAQQzMDEwLwYI
KwYBBQUHMAGGI2h0dHA6Ly9jb2xsZWdlY2EuZGFydG1vdXRoLmVkdS9vY3NwMA0GCSqGSIb3
DQEBBAUAA4IBAQDOqoLRDppYBEFAtYdM5lvsbZ97q97SW7HCyNysOBtadfRH2QulfH8h+RZ6
AikMTt8yGl4JTJE5II89IPT5gRbSUadDT+Uyh1TAwNvJDxspcBS4Z4KsNw2wPwgHM1uM9xYG
nS+xMcDUHCvPjSgD52HSi27alulq7jrNJMjUIK8qLI21NnDvVDVMPUIdGOz5tvmJEYu44gTV
jYBJI7Q/qhZ1tdKudDh3oDW9wAhJMBct8nLn/xG15HsDtK9qHSR+O8/7/Sax7I06HbR7zsbl
AJUM1gy25I89P3HEWaYaoK+ZKIjipw73076vorcidktUobIfZO1/SBXPqEBeAYTQh4Y0MIIE
aTCCA1GgAwIBAgICHeMwDQYJKoZIhvcNAQEEBQAwdzETMBEGCgmSJomT8ixkARkWA2VkdTEZ
MBcGCgmSJomT8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRt
b3V0aCBDb2xsZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxMB4XDTA2MDQwNzE1
MTgzM1oXDTEwMDQwODE1MTgzM1owgacxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91
dGggQ29sbGVnZTEkMCIGA1UECxMbQ29tcHV0ZXIgU2NpZW5jZSBEZXBhcnRtZW50MRQwEgYK
CZImiZPyLGQBARMEcGFsYTEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIFBhbGExJDAiBgkqhkiG
9w0BCQEWFXBhbGFAY3MuZGFydG1vdXRoLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAsehVvIk6t2tgt0D2pXkU2jx2Zfp40qPRmCLAKyi+WGFhl5ht24wncb3V1MdmJffWXCBu
GxPCXeBK1C2AYEPNSf2jEkRP1w7k5F/A030/RkK6rV8vLfwKlQRA2COHNdi4PU9QUEPC+nx8
K8EYxeintHDpwIVMGcAE3ZH5c6kApP0CAwEAAaOCAVAwggFMMA4GA1UdDwEB/wQEAwIF4DAR
BglghkgBhvhCAQEEBAMCBaAwHwYDVR0jBBgwFoAUP8DWx6dPAH7vBplnbLyWHk2jdxIwgaIG
A1UdIASBmjCBlzCBlAYKKwYBBAFBAgEBATCBhTA9BggrBgEFBQcCAjAxMBgWEURhcnRtb3V0
aCBDb2xsZWdlMAMCAQEaFURhcnRtb3V0aCBDb2xsZWdlIENQUzBEBggrBgEFBQcCARY4aHR0
cDovL3d3dy5kYXJ0bW91dGguZWR1L35wa2lsYWIvRGFydG1vdXRoQ1BTXzRTZXAwMy5wZGYw
IAYDVR0RBBkwF4EVcGFsYUBjcy5kYXJ0bW91dGguZWR1MD8GCCsGAQUFBwEBBDMwMTAvBggr
BgEFBQcwAYYjaHR0cDovL2NvbGxlZ2VjYS5kYXJ0bW91dGguZWR1L29jc3AwDQYJKoZIhvcN
AQEEBQADggEBAM6qgtEOmlgEQUC1h0zmW+xtn3ur3tJbscLI3Kw4G1p19EfZC6V8fyH5FnoC
KQxO3zIaXglMkTkgjz0g9PmBFtJRp0NP5TKHVMDA28kPGylwFLhngqw3DbA/CAczW4z3Fgad
L7ExwNQcK8+NKAPnYdKLbtqW6WruOs0kyNQgryosjbU2cO9UNUw9Qh0Y7Pm2+YkRi7jiBNWN
gEkjtD+qFnW10q50OHegNb3ACEkwFy3ycuf/EbXkewO0r2odJH47z/v9JrHsjTodtHvOxuUA
lQzWDLbkjz0/ccRZphqgr5koiOKnDvfTvq+ityJ2S1Shsh9k7X9IFc+oQF4BhNCHhjQxggL4
MIIC9AIBATB9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0
bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UE
AxMTRGFydG1vdXRoIENlcnRBdXRoMQICHeMwCQYFKw4DAhoFAKCCAdEwGAYJKoZIhvcNAQkD
MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzE1MTcwMDQwWjAjBgkqhkiG9w0B
CQQxFgQUUPJhLKw5/1fr4mYLhQ269yLuyA0wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D
BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC
ASgwgYwGCSsGAQQBgjcQBDF/MH0wdzETMBEGCgmSJomT8ixkARkWA2VkdTEZMBcGCgmSJomT
8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRtb3V0aCBDb2xs
ZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxAgId4zCBjgYLKoZIhvcNAQkQAgsx
f6B9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgx
CzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFy
dG1vdXRoIENlcnRBdXRoMQICHeMwDQYJKoZIhvcNAQEBBQAEgYAK9iViTCKMCZbleZndr4yc
p+1sOs7TdlAkwTjk86xeYiVm0GrOJWn2QhL/qMEAUNyDBnjpEOD2vzh/IsNficiuiDhUPz/t
fvCjxQjCA2w1+qqJgCmXar9qFZ8IvyNXeswjiQg7+kI7ivlNuvYr50UIyJv9h7FitPgZQ1t8
/Lu65QAAAAAAAA==
--------------ms020603030803000806090105--

Received: from bon31-3-82-226-48-78.fbx.proxad.net (bon31-3-82-226-48-78.fbx.proxad.net [82.226.48.78]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6FGvjmh080422 for <ietf-pkix-archive@imc.org>; Sun, 15 Jul 2007 09:57:46 -0700 (MST) (envelope-from Jingtao.Maneshni@abisys.com)
Message-Id: <200707151657.l6FGvjmh080422@balder-227.proper.com>
Received: from madonna (unknown [145.109.98.128]) by bon31-3-82-226-48-78.fbx.proxad.net (Postfix) with ESMTP id 9E7E4E1DC088 for <ietf-pkix-archive@imc.org>; Sun, 15 Jul 2007 18:58:21 +0200
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Sun, 15 Jul 2007 18:57:49 +0200
To: ietf-pkix-archive@imc.org
From: "Jingtao Maneshni" <Jingtao.Maneshni@abisys.com>
Subject: Sxi nur ne ofendu iel mian knabinon, pensis mi foje --- kaj tuj ekhontis neelteneble.
Mime-Version: 1.0
Content-Type: multipart/related; type="multipart/alternative"; boundary="=====================_16515734==.REL"

--=====================_16515734==.REL
Content-Type: multipart/alternative;
	boundary="=====================_16515734==.ALT"

--=====================_16515734==.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

[]

Each of these ten thousand holes has its own little electric 
lightbulb, known as a "lamp," and its own neatly printed number code. 
Initializes a new instance of the class with an expandable capacity 
initialized to zero.
I caught hold of the large handle to the left and began to pull upon 
it. With just a few dabs of colour in the right places she had become 
not only very much prettier, but, above all, far mor
The children followed him. Vielleicht hatte Labude recht gehabt.
Herzog just had me up in his office. But how made he escape.
Vir bonus est quis. Angle in degrees measured clockwise from the 
x-axis to the first side of the pie section.
Purple - Database components (visual and non-visual). Comando Stampa 
(menu File).
The flechette rounds broke open, each deploying a spread of sixty 
thousand nail-sized shot across a hundred meter wide piece of space. 
Und dann brach mit einem Schlag die letzte Hemmung in ihnen, der 
Kreis in sich zusammen.
Viplata secured card bills 2. At thirteen hundred hours local time 
to- nology--what we did understand of it--out of the hands of day the 
mothership's engines will be turned on for ten sec- the Russians.
We didn't have a fire extinguisher this time. Since it's not 
available for the 16-bit compiler it could have shed some of its warts.
At the jasper rim he bent and bathed his burning face. The perfect 
hostess, he often describes you as.
Now restart Gens and set your joypads up again, hopefully you should 
now be able to get diagonals. Vin jam dum semajno atendas letero el Brazilo.
Why, brother Rivers, are you yet to learn What late misfortune is 
befall'n King Edward. Dim intI As Integer.
--=====================_16515734==.ALT
Content-Type: text/html; charset="us-ascii"

<html>
<body>
<a href="http://interestcase.hk/">
<img src="cid:7.1.0.9.2.20070715185749.0278da10@abisys.com.0" width=396 height=284 alt="[]">
</a>
 
Each of these ten thousand holes has its own little electric 
lightbulb, known as a "lamp," and its own neatly printed number code. 
Initializes a new instance of the class with an expandable capacity 
initialized to zero. 
I caught hold of the large handle to the left and began to pull upon 
it. With just a few dabs of colour in the right places she had become 
not only very much prettier, but, above all, far mor 
The children followed him. Vielleicht hatte Labude recht gehabt. 
Herzog just had me up in his office. But how made he escape. 
Vir bonus est quis. Angle in degrees measured clockwise from the 
x-axis to the first side of the pie section. 
Purple - Database components (visual and non-visual). Comando Stampa 
(menu File). 
The flechette rounds broke open, each deploying a spread of sixty 
thousand nail-sized shot across a hundred meter wide piece of space. 
Und dann brach mit einem Schlag die letzte Hemmung in ihnen, der 
Kreis in sich zusammen. 
Viplata secured card bills 2. At thirteen hundred hours local time 
to- nology--what we did understand of it--out of the hands of day the 
mothership's engines will be turned on for ten sec- the Russians. 
We didn't have a fire extinguisher this time. Since it's not 
available for the 16-bit compiler it could have shed some of its warts. 
At the jasper rim he bent and bathed his burning face. The perfect 
hostess, he often describes you as. 
Now restart Gens and set your joypads up again, hopefully you should 
now be able to get diagonals. Vin jam dum semajno atendas letero el Brazilo. 
Why, brother Rivers, are you yet to learn What late misfortune is 
befall'n King Edward. Dim intI As Integer.</body>
</html>

--=====================_16515734==.ALT--

--=====================_16515734==.REL
Content-Type: image/jpeg; name="malicious.jpg";
 x-mac-type="4A504766"; x-mac-creator="4A565752"
Content-ID: <7.1.0.9.2.20070715185749.0278da10@abisys.com.0>
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="malicious.jpg"

R0lGODlhjAEcAYcHAAsAAHUACgB3AIx9AAoAcoAKiACOhb60zcDRtK3T9TUaAG0ZCnkSAJgeAMMc
ANgtDgBIDBg2CzdIAGZGAIBLDKFHA7YxAOFNCABiABZcBzhnAGNnBH9gC5dRDLJZB+tYAAGHABp1
AEmNAGCAAI6KCZSIAMV0AOR2DACrDByZAE6gClOqAHiRCJ+cCbytANaWAAK8Cx/JADS6C1i0AHW+
B6HIAMHFDufICwDmACDjBj7aDlrtA43qDp/eALjuBN3nAAAAMSsAPUsANG4AQ4YFPqIAM8oAMeQA
NwAoSSscTksgO1MWPnUtOqsTTrwWQOciOQBLTS5OQDYySFY3S3Q2Qq49Pr1ITtU7MQplNyNYSkxi
PW5uRINrCZVqPshbTtxRNQ6BPBp4RUFxOWKARnt3Nq2MR7aIOtKAPwCVQxKaOE6oOWCWPHGsQK6r
SbenQ9+mMQDDTi68NULEQl7LOIjIS6vEQbq5NdexQQLRMh7SQUDiPlPdSYnSMazjMsDlONvoQgAA
gxgAhE0Ai14GcYsEd6UCiMYFfOMOfA0Xex4rgjwaglgcgY4UfJInjsUShd0TggA6hBNEfE1GgWs0
dnQ/caRHhbk5eN4/jAZRfyRZhjFle19Ze4xpe5xsfsBtg9xlewCMeiNzd0N6iGF9e4aIg6V0crWK
eNWKgACtchibjE6eeWCugXaoeKCgdMWVeteRfADOcyzAfzjLhFG1c4Czd5W6dbO1ct/NfAzrfSDm
ijPpgVfdhnrlf5TjirPqhNbZiQUEyRwLukAEw2MDuogNuZkAyscAseEDvAIWsh0eykUTyWoptocY
yaIlwbcsxNMntwVOth5Hw0tExFw2tY4yxaczw7M9u+1LuAVjzBRlsjdYzGlWwn1ZwqJdur9ov9JR
yQ1xsSx5sUx9yFh/toJ1s5qIxsByxuh5wAChxyKhvzegyVScv4mqt6GiwL6puemdvQDNvyiytUK/
tFXIuI25vJi1svr/4aSXq3hxePQNDgv/APH/CQMA9/gJ/wD////2/yH5BAD//40ALAAAAACMARwB
Bwj/AA8IHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuX
MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKNKnUq1qtWrWLNq3cq1q9evYMOK
HUu2rNmzaNOqXcu2rdu3cOPKnUu3rt27ePPq3cu3r9+/gAMLHky4sOHDiBMrXsy4sePHkCNLxpgv
H8vKkzMfrMzZ8knMAkFv7Mx5oGjNmkmXNin6dEbVoF2jjrza9GfPIE+Xlj37Me/bIl1j/t17MfED
qgkOr42cdEHYpj0nj978uHDLy3U7p74b++rO0cE///+Ou3lxp9anV9++vjZs3LHVv094vb17+c7f
T4ceOjn58+iVt1BrBCJUIHX9bQbfgQoqJx2D44Xn4IILNpigbeZlCOBSx9mH4IX9iVcfiPg5SB9/
2k14X4QfarifgAh2uGFQ6bGXYogiCnggfxr2OJ54ILpYooktxrfdb7vNyBRxKwZpZIw6Vthkj0zC
6OSDFQZJZXnZQXmijEoChSSXWV5444jm3bjliQaSeWWLa3Lnpo8qhsmhcEKWmSGBWEqYIJ9FWqll
oCRCGOefFIaonJ92KjXffG/ax6eN3g05KJyESqrnoWnyyCOdjRqF33KZrrclqWZ2V6pBYxJpqqFq
7v+panhohmorjYLeqmtOYO7qK0y9/iqsSsEOa+yxyCar7LLMrhVAs4c9+yxB0xYUwLUJVauRttRe
y61B037bkLfYciQutEZJO5C3CJ0rkLsUiastvPAyNK+56CpFbrnvttsvuweQGzDA0qoL8MDlCrwu
uAEjvHDDBVerMLXWQqzuw/u+mzC7ChesMb/50nQxxQeFK3G/DS/M78opo/ztywNj/O/J95Ks8skq
U4xzuDrjjHLIM438MMMtp8xzzkNDTDLMFdfM8701J6100kIL7bLONhcNtEv7cnvu0VcjzHHWERNM
NNYyTz3zxD//S3bRJu+M9scHbw2T1VqnHTbTbeP/nTfMTruNtL9zw2340n0fbrfIeTduNOKGR632
42dTvnfkWR8eNbYSj3w01G8v/pLVGXdb9bplJ45x3SDTTfXVTtdNt88fG8157aiL3bbuokNbb+/A
lxz88AqxTfzxyCev/PLMN+/889BHL/301Fdv/fXYZ6/99tx37/334Icv/vjkl2/++einr/767Lfv
/vvwxy///PTXb//9+OfvFACB3XADRf9zCP+2pg99CKSAB0AgSAY4EAYWBAAQJEgEdxLAA/yvghjx
n/8OUkEMCkSDGzSIBxXiQAg6sIETNOEEw6RABYZEhQJZoQQbGEOfdJAjIyzIDTmYkBweBIYMPGEQ
/w9wQju10IBHdGEBl5hAJjbRhTQU4g+j+JMbBlCDAwGhBbdowRBmUYQhxCIWdUiQMWrxg14kohoN
IsUaFtGIToRiE+c4RycSRI78ayMbU2jCnlzwg2S04gg9aMYv7lCEPLTiFIvIyCj2MVRLNCAdI4lE
SSIQipTcYwmn6EYaUpCLVxSjIcs4RkQqEpA8zKIoAZlGFG6SjZ6MJQvjWMkD1rKOkpxkLmc4RFh2
soafvCIXt3jKYfrwj6z8YiqNyUw0wnKAb1yjNIHZKCXe8pKWvKUuFylLaFKRmtTspTTFSc5YlhOR
yUwnMZU5zECOEpXoZOYh29nJRo7znpDMZRL3qf/NJ+LxkURcYRAFKsNwmvOgBk0oPqfJzlCGcZVo
TOMZuyhMVcaTohc0YythGNBHDvSjQJOjAMviw5xEM3mRpMhJs1LKn6xUfzCNqUz7gZF+0HQiN23I
S23CD35AZKfls6lND5BTgtC0qAYRKlIFktOlKnWpRH1ICQsaQ4ICtSE9zeoBeooQrnKVIVONplWz
B9WkLqSsA2kqQtCK1gf2UZwGhStFvopVnwrwrbIEp1yl51SmDjWqNxWqUZP6V8EKtiBFPaxS0/rX
Xz7wseBkqEToOpCvZtWuXsWsVnnJybzuNXp9HexRo3oQxaaVtKhFbGlRO9pnutWX47yqQigrENr/
ZnarPqXtN2fo1hTmla9mJaphAdvW1gL2tKtl7FDV2lgJUpWRAI3sZO1KEMteFrfY3awmeQvZNXK0
en1lLmvLatzyrhW5x2UqY13LXdhKNyK6vW12c0td7XJWsgp9L2hVK97Enle86k0uaweMXir2so1y
PadkbUvf2jaYsrpVYx59CVfZLm+xgR3uUZsr3Maadr2qVe6GC8vh7wJ0oM6150LfeNkG41art71u
b6HJUZBWVaYqsfBQdIxjl/A4KD/usZCHTGSYGOAAR15IkKuy5OslGclQ1ogBpnyQIz85IWH9oQyb
fBELTzgiWZ7xZ5/35CtvxMwCsbKS8RrZA3PZ/yI81jEQf+tJqkKvzFGecpn1DOUk87nKaaZyn6NM
aAl3FrZvrogQfVvPCH45uoZ2b3sTvTU1F3rQaUYymtGM6UFbutBfbq9zRY2SV0ba0Cju7qnprFcn
5znQVMbzlfXMaSvTGtOfdiWpu0vpiYTVt96sMKSje1I9Us/Sn042ofFskFzj+tK/3OmYS2Lqb4Za
wdYmoaqPPRBly7rb4G72sjvNaVRTGKG8RreCE8zdcq7btSpWcfWYfWtNx5og9YZ1twWt7BlX1aO6
/jei1U3wNnt0y3UOdUd//W9GMxTS4iu3RSTe6/3B9M8doXhaKl7kjnv844f+yj04wvHqfbfL2/8O
OKt7MvKBjPzlGglzigW6PY7X+I3kLPlJWi4QmPMczmzGLzDtTD3o0jiPNt6tfussdJYTxOf38HnP
oz71l//81GOuNvYAHu0233fl3l06T34u9akbBOYHaPnPr81qrWuP7d707rARjpCPEn3sT0+73nv+
9KijXe29za9nvwf3oS90t2INOVDIrneeO97lewf8Y9kuaZ0vrvBh3yvlDa/4dyvU8ysuOOPRvvfS
/53vk8en5mt+YkbH/eQmpvnC3Q762hc89NT0u+SpTna/Rx71DVd5gu8OP8uDxfjvQ75XlA/y5jv/
+RthPkleulLpK9pYm8h+9hmyCYd0fyQyf+3/7D/i9pSrusZgvn76d93N2Xyf+94Hf9DlzX6Ug73p
rXbsSE1ycyynWjPvdwDaNxADOIACuH0CUYAIaIDd930MaIAHGICrNniKF3O8BXBIN1bTNESxd3RH
J3Co5mjB1npSZGxfh3+N8X4qKIAEsYIJyIIEGIMvuIAxuIIuqH8BpUkmGH0qBHdx93AbiHj3xIEH
5Xr1JIRKh18/iIKMoYLa14A3aINR+IQwWIUNWINUmGKVh24esUk9iHtz5ko/mIGOhnhhGHbm5kYn
11G79oVil4IyWBDbF4UEeIUv2IJxaIcsKIGpJ2rY1hFemG6OpXB6pHBDSIFoOGFEiGWH517W/xcX
dFiDeYiHdFiJkniHnHVgCZV4n8eFQbiIh6h/hRiKWIeEwUaKjVRh5+d+LbiACHiACeiKThiLDtiK
tXiHEBh8IBhbWXd77JZwY0iChCiIXCd3IKiJaSh3i6aBQLiL3POIcwGNziONcUGN0HeN2JiN2riN
3NiN3viN4BiO4jiO5FiO5niO6JiO6riO7NiO7viO8BiP8jiP9FiP9niP+JiP+riP/NiPxKdlOUht
XPaPR0F0z2WNdtKDxTZVATl9A4mQ8teQ4jdq0bOGM4dCEikSBLlmUmGQ0FWRbqiDGHmQHchH/Xdj
JumBWgZEb5VqCqmL/rZwDSdWB3djMpmDKf85kzQ2k8xDfLGXkWyIkyhWkwSVkSKIc0PJRyOZlDqV
gTYJlKOmlFGJdK9FlFT5lNMjlSK4R0vZlSjJlFNZd2DZkFv5lU1Jlv8HkDcZlgVVlkKJltajlVdJ
kW9plnZZl1/okV4Jl0UZlDo4lwqJlAdnVVuZkoBJlYEZl27olhh5l275mIi5k3rpmGO5ZR9Zl1BJ
kTkZkIV5lZCJmddjmaD5lJ9ZlCaJl3Mpfi3ZmKvpl0CplH35mjtJmpIZmZSJmRuJPKLJmDophh5I
mGWZlwvJkjNnmGQolq3JkysZm+MXnCx5kiF5PrmZmz4GkeA4ndZJQhbZj9zZncNCnRqZnff/+JJ/
mRGTSZdqSX5Ldp5Dtp3M2YVxZnzg+Y3kiZ69qZzNqZKyOXu/qZzPKYz9KWYqaZhCWZLzST7seYyH
aZSLtp81CZdf+YG4OZvbVaB3GaG32WOLWZmpyaAO6pL/95kZep6l2aCmmZZCVqLCqZrEWZUg6psi
WqAnyZW32ZYL+p4aeqOX6ZW8OaG0SaN8iZRiuZe8WaKNKVMnSqQd6pwfypohuqAjSpNK6qFJ6pox
taEG6puc2aJhSZsBGpsEqnIw+qP5CaH12XEHuj/Sl6b0w6ZM4aZgtZ3eOad0Wo3KB6d1yoMW2Xq+
JmcVZ2dSWY/uiaNn+VPSiKf0GZ26GKZ//xmg+TmYm6mZnrmaWCqe9eORsImiQbqXR3qiQvqWogmh
+9iZotqpOgqkVbqcFxqoiFqOOYmjqdqjYNqhF7mls2mZlpqjwQerHLqfP3p3M4qaQDqeIMWrApeq
psqpqMqQgXqkxBpwijqm44efkEqh6XmUFNqSrZqn3Nqt3vqt3bmt4GoTZ7qL2Cmn5ll9msqPg7qu
14qQ4rqO5XqTjEqX2Eqt1SqT2EqgYVqf6EqOmFqbzvqrrJqaNlqbt9qrVqmPpGqsGQqaNjqlm1qj
uYqkA6qp5Amcp+mhUTqlfQlx8viqGLujwLqkvTqxPjqwIVusI7uszlqkJxurUIqV86iB0f/qq/4J
oEEKe875oDI6rtUJtFARr0JbtEaLGER7Emy6tBWbPvM6r/4nkHE6rIZKtVPbniCbpkmbnmAWZFtr
sXtqdHY3rZJqk5Xam3Jpq/mqqhlLhsYZoQDatHaToF2qsmYrsBg6sZmKsgephaCaqQK7sDSLP+UK
s/7XthKrtv0ns8OapIxrpIN7PyS5sZnJnwUrqsa5t3CbtZcLuX+buPoTsRLZrALauU+qk5o7mlHr
uAp7qpFrP6Ibqj6ZrTH7sWCZnCW7qY/ruiALu2J7nGJatlo6uiF5ufyJn7XKuje3uCD6r0cbnlZb
tc+bYzsqVc47vdibvTjxtVPLvd76tNH0Cqc9Cohyq57jM6jQ672VuxTqO7fhu4yTWq12R6pQuaJ3
u685m5j5K5g6urw6q6/Xq5hD6rcqSrFbSrXIirmTSrGfSrAIy8B2K53266O7C5P2mcCzesAULKXJ
WsGrWr7NIroyiru8y7kTSbkZnLaJWbK0y7eu+7rmI8Ky2roWPLDMabzCqrr/6Lk8bLAgzCwy/MI9
W6oXLKF328EJi7JDepoeDLE/vCxBnLNOyqUs/LY8+6VJPK0BO6Ztm6UM+sSEB8YkV7322L4z0bfa
m8ZqvMZs3MZu/MZwHMdyPMd0XMd2fMd4nMd6vMd83Md+/MeA7CsBAQA7

--=====================_16515734==.REL--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6F4u63I041772 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 14 Jul 2007 21:56:06 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6F4u65f041771; Sat, 14 Jul 2007 21:56:06 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from pne-smtpout1-sn2.hy.skanova.net (pne-smtpout1-sn2.hy.skanova.net [81.228.8.83]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6F4u2av041764 for <ietf-pkix@imc.org>; Sat, 14 Jul 2007 21:56:05 -0700 (MST) (envelope-from anders.rundgren@telia.com)
Received: from arport2v (81.232.45.243) by pne-smtpout1-sn2.hy.skanova.net (7.2.075) (authenticated as u18116613) id 46971B4200057FB7; Sun, 15 Jul 2007 06:56:00 +0200
Message-ID: <008601c7c69c$720de6e0$82c5a8c0@arport2v>
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: "Massimiliano Pala" <pala@cs.dartmouth.edu>, "pkix" <ietf-pkix@imc.org>
References: <46969D31.1000803@cs.dartmouth.edu>
Subject: Re: PKI Resource Discovery - Proposal for a new Working Item
Date: Sun, 15 Jul 2007 06:56:02 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Hi Max,

In case you find that there is limited interest in PRQP, I encourage
you to explore other avenues in this space.

As the OpenCA Program Manager, I guess you are aware of the fact
that on-line provisioning of certificates is not fully standardized?
One could consider Xenroll a standard since it is supported by 80%
of  the browsers used in PCs.  However,  Xenroll is not supported by
more than a tiny faction of mobile browsers.  The latter is an
interesting target given the 3Bn+ users that will most likely use mobile
phones as their primary, always connected Internet channel.

Theoretically one could distribute keys in SIM cards, but for
practical reasons like operator lock, limited storage, and poor
processing capability, TPMs as defined by TrustedComputingGroup
looks like a better candidate for the universal mobile "key-ring".
Various radio-technologies potentially also open these keys for
desktop usage where the phone becomes a "security device" including
an integrated PIN-code terminal.

Although there is also the [not by MSFT supported] JavaScript method
generateCRMFrequest(), it is actually rather primitive compared to
Xenroll, since only the latter allows multiple passes which can be
quite useful.  In fact, IETF's recently launched KEYPROV activity,
deals with up to four passes (!) for the provisioning of symmetric keys.
I consider the KEYPROV way of doing things superior to Xenroll
and generateCRMFrequest, since it does not expose an API, just a pure
XML protocol giving a uniform user experience and an easier-to-secure
implementation (APIs can be used in many ways, while strictly defined
XML schema-based protocols give little room for misusage).

===============================================
Anyway, I am currently in a _v_e_r_y_ early stage of addressing this
topic and would not mind cooperation with other knowledgeable people.
===============================================

Regarding PRQP, I still feel a little bit puzzled regarding the
resources it is supposed to discover.  A few examples would not hurt.

Regards
Anders

----- Original Message ----- 
From: "Massimiliano Pala" <pala@cs.dartmouth.edu>
To: "pkix" <ietf-pkix@imc.org>
Sent: Thursday, July 12, 2007 23:29
Subject: PKI Resource Discovery - Proposal for a new Working Item

Hi all,

some times ago I posted a message about a proposal for a PKI Resource Discovery
Protocol ( PRQP ), which I finally formalized and submitted as an I-D.
Unfortunately, because the deadline was already over, it will not probably
published on the ietf archive before the next meeting.

Thanks to all of you who actually helped me and provided useful comments.

At this point we would like to know if the WG would like to take this as
a working item as we really think it could improve the usability and
interoperability of PKIs (especially for isolated PKI islands or in
environments like Grids).

The proposed I-D can also be found here:

   https://www.openca.org/projects/libprqp/docs/draft-pala-prqp-00.html

or here:

   https://www.openca.org/projects/libprqp/docs/draft-pala-prqp-00.txt

I hope there will be time to talk about the proposal at the meeting in
Chicago.

-- 

Best Regards,

Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            pala@cs.dartmouth.edu
                                                  project.manager@openca.org

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------

Received: from host-24-149-155-127.patmedia.net (host-24-149-155-127.patmedia.net [24.149.155.127]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6ENACRc023568; Sat, 14 Jul 2007 16:10:13 -0700 (MST) (envelope-from kyhwomanmanagementfop@womanmanagement.net)
Received: from 205.234.132.11 (HELO womanmanagement.net) by imc.org with esmtp ((10'7BILN4, SPGZ2) id G,LV-0-63AD;K-54 for ietf-pkix-request@imc.org; Sat, 14 Jul 2007 23:10:15 +0500
Date: 	Sat, 14 Jul 2007 23:10:15 +0500
From: "Elnora Santana" <kyhwomanmanagementfop@womanmanagement.net>
X-Mailer: The Bat! (v2.00.6) Educational
X-Priority: 3 (Normal)
Message-ID: <610942477.51243466882559@thhebat.net>
To: ietf-pkix-request@imc.org
Subject: Less weight - more pleasure and joy
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------AD30C17F67F67F"
X-Spam: Not detected

------------AD30C17F67F67F
Content-Type: text/plain; charset=windows-1250
Content-Transfer-Encoding: quoted-printable

Take advantage of the chance! =96 Anatrim =96 The very up-to-date and=20=
most exciting lose flesh product is now easily available =96 As could be=20=
seen on Oprah

Do you recall all the times when you asked yourself to do anything to=20=
get rid of this terrible number of kilos? Happily, now no big offering is=20=
required. Thanks to Anatrim, the ground-shaking, you can achieve=20=
healthier life style and become really slimmer. Just look at what our=20=
customers state!

=93I had always led a stunning life till a year ago my girl told me I=20=
was obese and in a great want of being careful to my health. Life was=20=
never the same after that, until I disclosed Anatrim =99. Since loosing=20=
more than 40 lbs thanx to Anatrim,  my private life has come back,=20=
notoriously better even than before. Many thanks to you for the=20=
astonishing stuff and the first-class maintenance service. Keep up your=20=
worthy work!=94

Dave Klark, Chicago

"Nothing to compare with gliding into a bikini I have not worn for many=20=
long years. I feel slender, steadfast, and sturdy, thanks to a=20=
considerable degree to Anatrim! A plenty of thanks to you!"

Lusia R., Chicago

Check out Anatrim, and  you'll join the worldwide community of=20=
thousands of delighted customers who take pleasure in the revolutionary=20=
effects of Anatrim just now. Less gorging madness, less kilos and more=20=
happiness in your life!

Go right here to gaze at unbreakable Anatrim arrangements we=92d like=20=
to so glad!!!
http://www.porsek.com/?fqyghpnuhm
------------AD30C17F67F67F
Content-Type: text/html; charset=windows-1250
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Watch your body change with Anatrim</TITLE>
</HEAD>
<BODY>

<center>

<a href=3D"http://www.porsek.com/?fqyghpnuhm" target=3D"_blank">
Take advantage of the chance! =96 Anatrim =96 The very up-to-date and=20=
most exciting lose flesh product is now easily available =96 As could be=20=
seen on Oprah
</a>
</center>
 
Do you recall all the times when you asked yourself to do anything to=20=
get rid of this terrible number of kilos? Happily, now no big offering is=20=
required. Thanks to Anatrim, the ground-shaking, you can achieve=20=
healthier life style and become really slimmer. Just look at what our=20=
customers state!
 
 

=93I had always led a stunning life till a year ago my girl told me I=20=
was obese and in a great want of being careful to my health. Life was=20=
never the same after that, until I disclosed Anatrim =99. Since loosing=20=
more than 40 lbs thanx to Anatrim, my private life has come back,=20=
notoriously better even than before. Many thanks to you for the=20=
astonishing stuff and the first-class maintenance service. Keep up your=20=
worthy work!=94

 


Dave Klark, Chicago


 
 

"Nothing to compare with gliding into a bikini I have not worn for many=20=
long years. I feel slender, steadfast, and sturdy, thanks to a=20=
considerable degree to Anatrim! A plenty of thanks to you!"

 


Lusia R., Chicago


 
 
Check out Anatrim, and you'll join the worldwide community of=20=
thousands of delighted customers who take pleasure in the revolutionary=20=
effects of Anatrim just now. Less gorging madness, less kilos and more=20=
happiness in your life!
 
 
<center>
<a href=3D"http://www.porsek.com/?fqyghpnuhm" target=3D"_blank">
Go right here to gaze at unbreakable Anatrim arrangements we=92d like=20=
to so glad!!!
</a>
</center>


http://www.porsek.com/?fqyghpnuhm

</BODY></HTML>
------------AD30C17F67F67F--

Received: from host-89-228-33-38.elk.mm.pl (host-89-228-33-38.elk.mm.pl [89.228.33.38]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6EEvBQ1055895; Sat, 14 Jul 2007 07:57:12 -0700 (MST) (envelope-from kyhwoodbrookfop@woodbrook.org)
Received: from [89.228.33.38] by woodbrook.org; Sat, 14 Jul 2007 14:57:12 -0100
Date: 	Sat, 14 Jul 2007 14:57:12 -0100
From: "Krystal Earl" <kyhwoodbrookfop@woodbrook.org>
X-Mailer: The Bat! (v2.00.18) Personal
Reply-To: kyhwoodbrookfop@woodbrook.org
X-Priority: 3 (Normal)
Message-ID: <224207266.64395734964709@woodbrook.org>
To: ietf-pkix-archive@imc.org
Subject: Olny this 5 days special price on pharma for you dear customer
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------B014D3567E3C01B2"

------------B014D3567E3C01B2
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 7bit

Hi!!! 
Matchless proposal for you Our Dear Clients!!!
Only during these five days for our customers unimaginable offer!!! 
On all cures you want!!!   
Fill your life with colours of gladness!!!  
http://asksay.hk/ 

Best wishes, 
On-line community of pharmaceutists
------------B014D3567E3C01B2
Content-Type: text/html; charset=iso-8859-2
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

Hi!!! 
Matchless proposal for you Our Dear Clients!!! 
Only during these five days for our customers unimaginable offer!!! 
On all cures you want!!! 
<a href="http://asksay.hk/" target="_blank">Fill your life with colours of gladness!!! </a> 
http://asksay.hk/

<p><strong>Best wishes,<br> 
<em>On-line community of pharmaceutists</em></strong></p>

</BODY></HTML>
------------B014D3567E3C01B2--

Received: from tb5kga717ao4zf1 (89.20.118.16.permonline.ru [89.20.118.16] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6DL4IZH084892; Fri, 13 Jul 2007 14:04:27 -0700 (MST) (envelope-from nifwebsreechdot@websreech.de)
Received: from 212.227.15.169 (HELO mx00.kundenserver.de) by imc.org with esmtp (<-S=-Z,/?)0R <8SF) id @,;46=-3=Y47:-.0 for ietf-pkix-oid-reg@imc.org; Fri, 13 Jul 2007 21:04:23 -0500
Date: 	Fri, 13 Jul 2007 21:04:23 -0500
From: "Dianna Wynn" <nifwebsreechdot@websreech.de>
X-Mailer: The Bat! (v3.60.07) Educational
X-Priority: 3 (Normal)
Message-ID: <070064987.30160772781983@thhebat.net>
To: ietf-pkix-oid-reg@imc.org
Subject: Watch your body change with Anatrim
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------EB80C1780555C9"
X-Spam: Not detected

------------EB80C1780555C9
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Profit by your chance! =96 Anatrim =96 The latest & most attracting=20=
lose flesh product available =96 As were seen on Oprah

Can you hold in your memory all the times when you appeal to yourself=20=
to do any thing to get rid of this terrible pounds of fat? Fortunately,=20=
now no great price is to be paid. Thanks to Anatrim, the ground-shaking,=20=
you can achieve healthier mode of life and a really slender figure.=20=
Notice what people say!

=93I always had a great life till a year back my girl told me I was=20=
obese and in need of being careful to my health. Life went the wrong way=20=
after that, until I discovered Anatrim =99. Since loosing about 40 pounds=20=
thanks to Anatrim,  my private life is back on track, significantly=20=
better than even before. A plenty of thanx to you for the marvelous=20=
product and the great maintenance service. Go on your useful action!=94

Mikkey Fox, Bellevue WA

"Nothing to compare with gliding into a bikini that I haven't worn for=20=
a long period. I feel svelte, determined, and sturdy, thanks in great=20=
part to Anatrim! A great deal of thanks to you!"

Linda F., Bellevue WA

Check out Anatrim, and  you will add yourself to the world-wide company=20=
of thousands of delighted buyers who=92re getting pleasure out of the=20=
revolutionary effects of Anatrim right now. Less gorging insanity, less=20=
kilogrammes and more joy in your life!

Proceed here to look at unbeatable Anatrim dealings we are so glad to=20=
propose!!!
http://www.sunpail.com/?ujymkwxmd

------------EB80C1780555C9
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>A simple and safe way to weigh less</TITLE>
</HEAD>
<BODY>

<center>

<a href=3D"http://www.sunpail.com/?ujymkwxmd" target=3D"_blank">
Profit by your chance! =96 Anatrim =96 The latest & most attracting=20=
lose flesh product available =96 As were seen on Oprah
</a>
</center>
 
Can you hold in your memory all the times when you appeal to yourself=20=
to do any thing to get rid of this terrible pounds of fat? Fortunately,=20=
now no great price is to be paid. Thanks to Anatrim, the ground-shaking,=20=
you can achieve healthier mode of life and a really slender figure.=20=
Notice what people say!
 
 

=93I always had a great life till a year back my girl told me I was=20=
obese and in need of being careful to my health. Life went the wrong way=20=
after that, until I discovered Anatrim =99. Since loosing about 40 pounds=20=
thanks to Anatrim, my private life is back on track, significantly=20=
better than even before. A plenty of thanx to you for the marvelous=20=
product and the great maintenance service. Go on your useful action!=94

 


Mikkey Fox, Bellevue WA


 
 

"Nothing to compare with gliding into a bikini that I haven't worn for=20=
a long period. I feel svelte, determined, and sturdy, thanks in great=20=
part to Anatrim! A great deal of thanks to you!"

 


Linda F., Bellevue WA


 
 
Check out Anatrim, and you will add yourself to the world-wide company=20=
of thousands of delighted buyers who=92re getting pleasure out of the=20=
revolutionary effects of Anatrim right now. Less gorging insanity, less=20=
kilogrammes and more joy in your life!
 
 
<center>
<a href=3D"http://www.sunpail.com/?ujymkwxmd" target=3D"_blank">
Proceed here to look at unbeatable Anatrim dealings we are so glad to=20=
propose!!!
</a>
</center>


http://www.sunpail.com/?ujymkwxmd

</BODY></HTML>
------------EB80C1780555C9--

Received: from AMontpellier-158-1-19-87.w90-37.abo.wanadoo.fr (AMontpellier-158-1-19-87.w90-37.abo.wanadoo.fr [90.37.10.87]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6DFM3Lh053035; Fri, 13 Jul 2007 08:22:07 -0700 (MST) (envelope-from nifwehrstedtdot@wehrstedt.com)
Received: from 217.160.169.52 (HELO mail.wehrstedt.com) by imc.org with esmtp (-1R<;(>-.S J?0/) id KB*X,E-D22.B0-2J for ietf-pkix-request@imc.org; Fri, 13 Jul 2007 15:22:07 -0100
Date: 	Fri, 13 Jul 2007 15:22:07 -0100
From: "Marlin Valencia" <nifwehrstedtdot@wehrstedt.com>
X-Mailer: The Bat! (v3.5.30) Home
X-Priority: 3 (Normal)
Message-ID: <286479554.22221778051955@thhebat.net>
To: ietf-pkix-request@imc.org
Subject: Last offer- Discount special for PE patch almost over
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------92CB675FF84090"
X-Spam: Not detected

------------92CB675FF84090
Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

Ultimately the true stuff =96 without swindle! 
P.E.P. are very hot right this time! This is the original thing not an=20=
imitation! 

One of the very prominents, totally unequalled produce is easy=20=
accessible anywhere!
 Pay attention to just what people tell about this produce:

"I like how swiftly this product affected on my boyfriend, he can=92t=20=
put an end to his jabber on how hot he is having such new girth, extent,=20=
and libido!"

Lusia R., San Diego

"At the beginning I considered the gratuitous sample  I acquired was a=20=
prank, till I have taken taking the P.E.P. I can not describe depict how=20=
greatly satisfied I am with the outcomes I achieved from using the stuff=20=
for 3 brief months. I'll be requesting continually!" 
Mike Brown, Bellevue WA

Check up more testimonies on this astounding product just now!
http://www.ominshir.net/?ofytnjyankj

------------92CB675FF84090
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Other guys are improving themselves..are you? </TITLE>
</HEAD>
<BODY>

Ultimately the true stuff =96 without swindle! 
 
<a href=3D"http://www.ominshir.net/?ofytnjyankj"=20=
target=3D"_blank">P.E.P.</a> are very hot right this time! This is the=20=
original thing not an imitation! 
 
One of the very prominents, totally unequalled produce is easy=20=
accessible anywhere!
 Pay attention to just what people tell about this produce:


"I like how swiftly this product affected on my boyfriend, he can=92t=20=
put an end to his jabber on how hot he is having such new girth, extent,=20=
and libido!"


Lusia R., San Diego


"At the beginning I considered the gratuitous sample I acquired was a=20=
prank, till I have taken taking the P.E.P. I can not describe depict how=20=
greatly satisfied I am with the outcomes I achieved from using the stuff=20=
for 3 brief months. I'll be requesting continually!" 

Mike Brown, Bellevue WA
<center>
<a href=3D"http://www.ominshir.net/?ofytnjyankj" target=3D"_blank">
Check up more testimonies on this astounding product just now!
</a>
</center>

http://www.ominshir.net/?ofytnjyankj

</BODY></HTML>
------------92CB675FF84090--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6DFHlGc052698 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 Jul 2007 08:17:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6DFHlBv052697; Fri, 13 Jul 2007 08:17:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp100.rog.mail.re2.yahoo.com (smtp100.rog.mail.re2.yahoo.com [206.190.36.78]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l6DFHjhW052690 for <ietf-pkix@imc.org>; Fri, 13 Jul 2007 08:17:46 -0700 (MST) (envelope-from thierry.moreau@connotech.com)
Received: (qmail 20968 invoked from network); 13 Jul 2007 15:17:27 -0000
Received: from unknown (HELO connotech.com) (t2i6@rogers.com@209.148.165.15 with plain) by smtp100.rog.mail.re2.yahoo.com with SMTP; 13 Jul 2007 15:17:27 -0000
X-YMail-OSG: 4HxEV50VM1kSp17h15zIdZfzlgHQadEh4mn_EAJG81K.YTiwwgtIHsJKLLE1GLyBQQ--
Message-ID: <469797CE.8080802@connotech.com>
Date: Fri, 13 Jul 2007 11:18:38 -0400
From: Thierry Moreau <thierry.moreau@connotech.com>
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Anders Rundgren <anders.rundgren@telia.com>
CC: ietf-pkix@imc.org
Subject: Re: Trust Anchor Management Protocol (TAMP)
References: <02fa01c7c4b6$8aa99510$82c5a8c0@arport2v>
In-Reply-To: <02fa01c7c4b6$8aa99510$82c5a8c0@arport2v>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Anders Rundgren wrote:

> NSA is reportedly developing a protocol for trust anchor management, 
> possibly intended to become a PKIX WG item.
>  
> Reference: http://cryptome.org/poet-docs.htm item 44.
>  

E.g. see

http://www.ietf.org/internet-drafts/draft-wallace-ta-mgmt-problem-statement-01.txt

Regards,

-- 

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: thierry.moreau@connotech.com

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CMAMfA080313 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jul 2007 15:10:22 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6CMAMm2080312; Thu, 12 Jul 2007 15:10:22 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from [10.20.30.108] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CMALRY080303 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Thu, 12 Jul 2007 15:10:22 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240805c2bc56c02b1e@[10.20.30.108]>
In-Reply-To: <02fa01c7c4b6$8aa99510$82c5a8c0@arport2v>
References: <02fa01c7c4b6$8aa99510$82c5a8c0@arport2v>
Date: Thu, 12 Jul 2007 15:10:19 -0700
To: <ietf-pkix@imc.org>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: Trust Anchor Management Protocol (TAMP)
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

At 8:57 PM +0200 7/12/07, Anders Rundgren wrote:
>NSA is reportedly developing a protocol for trust anchor management, 
>possibly intended to become a PKIX WG item.

No, it is meant to be a separate WG. It appears that you missed the 
announcement on this list a month ago. 
<http://www.imc.org/ietf-pkix/mail-archive/msg04747.html>.

>Although there seems to be no public data available

Except, of course, the mailing list for the BoF. 
<http://www.vpnc.org/ietf-trust-anchor/>

--Paul Hoffman, Director
--VPN Consortium

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CLTRxQ076172 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jul 2007 14:29:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6CLTRVf076171; Thu, 12 Jul 2007 14:29:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail.cs.dartmouth.edu (mail.cs.dartmouth.edu [129.170.212.100]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CLTPXh076164 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Thu, 12 Jul 2007 14:29:26 -0700 (MST) (envelope-from pala@cs.dartmouth.edu)
Received: from [129.170.212.237] (dhcp-212-237.cs.dartmouth.edu [129.170.212.237]) (authenticated bits=0) by mail.cs.dartmouth.edu (8.13.8/8.13.8) with ESMTP id l6CLTLGR021646 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <ietf-pkix@imc.org>; Thu, 12 Jul 2007 17:29:24 -0400
Message-ID: <46969D31.1000803@cs.dartmouth.edu>
Date: Thu, 12 Jul 2007 17:29:21 -0400
From: Massimiliano Pala <pala@cs.dartmouth.edu>
Organization: Dartmouth College - Computer Science Department
User-Agent: Thunderbird 2.0a1 (X11/20060724)
MIME-Version: 1.0
To: pkix <ietf-pkix@imc.org>
Subject: PKI Resource Discovery - Proposal for a new Working Item
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms050102060101060701080402"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a cryptographically signed message in MIME format.

--------------ms050102060101060701080402
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi all,

some times ago I posted a message about a proposal for a PKI Resource Discovery
Protocol ( PRQP ), which I finally formalized and submitted as an I-D.
Unfortunately, because the deadline was already over, it will not probably
published on the ietf archive before the next meeting.

Thanks to all of you who actually helped me and provided useful comments.

At this point we would like to know if the WG would like to take this as
a working item as we really think it could improve the usability and
interoperability of PKIs (especially for isolated PKI islands or in
environments like Grids).

The proposed I-D can also be found here:

   https://www.openca.org/projects/libprqp/docs/draft-pala-prqp-00.html

or here:

   https://www.openca.org/projects/libprqp/docs/draft-pala-prqp-00.txt

I hope there will be time to talk about the proposal at the meeting in
Chicago.

-- 

Best Regards,

	Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            pala@cs.dartmouth.edu
                                                  project.manager@openca.org

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------

--------------ms050102060101060701080402
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII2jCC
BGkwggNRoAMCAQICAh3jMA0GCSqGSIb3DQEBBAUAMHcxEzARBgoJkiaJk/IsZAEZFgNlZHUx
GTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0
bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFydG1vdXRoIENlcnRBdXRoMTAeFw0wNjA0MDcx
NTE4MzNaFw0xMDA0MDgxNTE4MzNaMIGnMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRRGFydG1v
dXRoIENvbGxlZ2UxJDAiBgNVBAsTG0NvbXB1dGVyIFNjaWVuY2UgRGVwYXJ0bWVudDEUMBIG
CgmSJomT8ixkAQETBHBhbGExGjAYBgNVBAMTEU1hc3NpbWlsaWFubyBQYWxhMSQwIgYJKoZI
hvcNAQkBFhVwYWxhQGNzLmRhcnRtb3V0aC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBALHoVbyJOrdrYLdA9qV5FNo8dmX6eNKj0ZgiwCsovlhhYZeYbduMJ3G91dTHZiX31lwg
bhsTwl3gStQtgGBDzUn9oxJET9cO5ORfwNN9P0ZCuq1fLy38CpUEQNgjhzXYuD1PUFBDwvp8
fCvBGMXop7Rw6cCFTBnABN2R+XOpAKT9AgMBAAGjggFQMIIBTDAOBgNVHQ8BAf8EBAMCBeAw
EQYJYIZIAYb4QgEBBAQDAgWgMB8GA1UdIwQYMBaAFD/A1senTwB+7waZZ2y8lh5No3cSMIGi
BgNVHSAEgZowgZcwgZQGCisGAQQBQQIBAQEwgYUwPQYIKwYBBQUHAgIwMTAYFhFEYXJ0bW91
dGggQ29sbGVnZTADAgEBGhVEYXJ0bW91dGggQ29sbGVnZSBDUFMwRAYIKwYBBQUHAgEWOGh0
dHA6Ly93d3cuZGFydG1vdXRoLmVkdS9+cGtpbGFiL0RhcnRtb3V0aENQU180U2VwMDMucGRm
MCAGA1UdEQQZMBeBFXBhbGFAY3MuZGFydG1vdXRoLmVkdTA/BggrBgEFBQcBAQQzMDEwLwYI
KwYBBQUHMAGGI2h0dHA6Ly9jb2xsZWdlY2EuZGFydG1vdXRoLmVkdS9vY3NwMA0GCSqGSIb3
DQEBBAUAA4IBAQDOqoLRDppYBEFAtYdM5lvsbZ97q97SW7HCyNysOBtadfRH2QulfH8h+RZ6
AikMTt8yGl4JTJE5II89IPT5gRbSUadDT+Uyh1TAwNvJDxspcBS4Z4KsNw2wPwgHM1uM9xYG
nS+xMcDUHCvPjSgD52HSi27alulq7jrNJMjUIK8qLI21NnDvVDVMPUIdGOz5tvmJEYu44gTV
jYBJI7Q/qhZ1tdKudDh3oDW9wAhJMBct8nLn/xG15HsDtK9qHSR+O8/7/Sax7I06HbR7zsbl
AJUM1gy25I89P3HEWaYaoK+ZKIjipw73076vorcidktUobIfZO1/SBXPqEBeAYTQh4Y0MIIE
aTCCA1GgAwIBAgICHeMwDQYJKoZIhvcNAQEEBQAwdzETMBEGCgmSJomT8ixkARkWA2VkdTEZ
MBcGCgmSJomT8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRt
b3V0aCBDb2xsZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxMB4XDTA2MDQwNzE1
MTgzM1oXDTEwMDQwODE1MTgzM1owgacxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91
dGggQ29sbGVnZTEkMCIGA1UECxMbQ29tcHV0ZXIgU2NpZW5jZSBEZXBhcnRtZW50MRQwEgYK
CZImiZPyLGQBARMEcGFsYTEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIFBhbGExJDAiBgkqhkiG
9w0BCQEWFXBhbGFAY3MuZGFydG1vdXRoLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAsehVvIk6t2tgt0D2pXkU2jx2Zfp40qPRmCLAKyi+WGFhl5ht24wncb3V1MdmJffWXCBu
GxPCXeBK1C2AYEPNSf2jEkRP1w7k5F/A030/RkK6rV8vLfwKlQRA2COHNdi4PU9QUEPC+nx8
K8EYxeintHDpwIVMGcAE3ZH5c6kApP0CAwEAAaOCAVAwggFMMA4GA1UdDwEB/wQEAwIF4DAR
BglghkgBhvhCAQEEBAMCBaAwHwYDVR0jBBgwFoAUP8DWx6dPAH7vBplnbLyWHk2jdxIwgaIG
A1UdIASBmjCBlzCBlAYKKwYBBAFBAgEBATCBhTA9BggrBgEFBQcCAjAxMBgWEURhcnRtb3V0
aCBDb2xsZWdlMAMCAQEaFURhcnRtb3V0aCBDb2xsZWdlIENQUzBEBggrBgEFBQcCARY4aHR0
cDovL3d3dy5kYXJ0bW91dGguZWR1L35wa2lsYWIvRGFydG1vdXRoQ1BTXzRTZXAwMy5wZGYw
IAYDVR0RBBkwF4EVcGFsYUBjcy5kYXJ0bW91dGguZWR1MD8GCCsGAQUFBwEBBDMwMTAvBggr
BgEFBQcwAYYjaHR0cDovL2NvbGxlZ2VjYS5kYXJ0bW91dGguZWR1L29jc3AwDQYJKoZIhvcN
AQEEBQADggEBAM6qgtEOmlgEQUC1h0zmW+xtn3ur3tJbscLI3Kw4G1p19EfZC6V8fyH5FnoC
KQxO3zIaXglMkTkgjz0g9PmBFtJRp0NP5TKHVMDA28kPGylwFLhngqw3DbA/CAczW4z3Fgad
L7ExwNQcK8+NKAPnYdKLbtqW6WruOs0kyNQgryosjbU2cO9UNUw9Qh0Y7Pm2+YkRi7jiBNWN
gEkjtD+qFnW10q50OHegNb3ACEkwFy3ycuf/EbXkewO0r2odJH47z/v9JrHsjTodtHvOxuUA
lQzWDLbkjz0/ccRZphqgr5koiOKnDvfTvq+ityJ2S1Shsh9k7X9IFc+oQF4BhNCHhjQxggL4
MIIC9AIBATB9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0
bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UE
AxMTRGFydG1vdXRoIENlcnRBdXRoMQICHeMwCQYFKw4DAhoFAKCCAdEwGAYJKoZIhvcNAQkD
MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzEyMjEyOTIxWjAjBgkqhkiG9w0B
CQQxFgQUHEQ421ozQgV0zqawNUALb2YFz8cwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D
BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC
ASgwgYwGCSsGAQQBgjcQBDF/MH0wdzETMBEGCgmSJomT8ixkARkWA2VkdTEZMBcGCgmSJomT
8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRtb3V0aCBDb2xs
ZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxAgId4zCBjgYLKoZIhvcNAQkQAgsx
f6B9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgx
CzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFy
dG1vdXRoIENlcnRBdXRoMQICHeMwDQYJKoZIhvcNAQEBBQAEgYCustja1NAE4xKO2c6F3Z77
f+0z1p/4Y+PgKhcZAnFv8z7gBLkrBsqySwx/Md/0WGcrkHDh88O9G9jLethlmX+6qAhHiK7S
jxr2qbpOrTzaM9FCbgzQn8Z09RoMBr8/KnqzkEgDrnZC7Lw3mIi2m0W2ZCxcimI76sm2KFq0
oENjYQAAAAAAAA==
--------------ms050102060101060701080402--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CIvpMI063111 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jul 2007 11:57:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6CIvpY1063110; Thu, 12 Jul 2007 11:57:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from pne-smtpout2-sn2.hy.skanova.net (pne-smtpout2-sn2.hy.skanova.net [81.228.8.164]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CIvoLv063104 for <ietf-pkix@imc.org>; Thu, 12 Jul 2007 11:57:51 -0700 (MST) (envelope-from anders.rundgren@telia.com)
Received: from arport2v (81.232.45.243) by pne-smtpout2-sn2.hy.skanova.net (7.2.075) (authenticated as u18116613) id 46245DE1014DDC32 for ietf-pkix@imc.org; Thu, 12 Jul 2007 20:57:49 +0200
Message-ID: <02fa01c7c4b6$8aa99510$82c5a8c0@arport2v>
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: <ietf-pkix@imc.org>
Subject: Trust Anchor Management Protocol (TAMP)
Date: Thu, 12 Jul 2007 20:57:48 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_02F5_01C7C4C7.4DB40D50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a multi-part message in MIME format.

------=_NextPart_000_02F5_01C7C4C7.4DB40D50
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

NSA is reportedly developing a protocol for trust anchor management, =
possibly intended to become a PKIX WG item.

Reference: http://cryptome.org/poet-docs.htm item 44.

Although there seems to be no public data available, I believe that the =
concept of maintaining trust anchor stores through a protocol would if =
applied to networking, be similar to a protocol for maintaining "hosts" =
files rather than using DNS.  When trust anchor handling needs =
automation, a more universal approach is to off-load validation using a =
protocol like SCVP.  In fact, SCVP principles are already widely =
deployed for in-house systems where trust management is performed in one =
place.  Off-loaded validation also copes with EE-certificate revocation, =
policy filtering, and similar things that appear to be out of scope for =
a trust-anchor-focused system.

TAMP have one advantage of SCVP and that is that it may work in =
off-scenarios as well.  Given the fact that billions of people rely on =
on-line services, the off-line argument seems pretty week.

Just my 2 cents

Anders Rundgren
------=_NextPart_000_02F5_01C7C4C7.4DB40D50
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1595" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>NSA is reportedly developing a protocol =
for trust=20
anchor management, possibly intended to become a PKIX WG =
item.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Reference: </FONT><FONT face=3DArial =
size=3D2><A=20
href=3D"http://cryptome.org/poet-docs.htm">http://cryptome.org/poet-docs.=
htm</A>&nbsp;item=20
44.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Although there seems to be no public =
data=20
available, I believe that the concept of maintaining trust anchor stores =
through=20
a protocol&nbsp;would if applied to networking, be similar to a protocol =
for=20
maintaining "hosts" files rather than using DNS.&nbsp;&nbsp;When trust =
anchor=20
handling needs automation, a more universal approach is to off-load =
validation=20
using a protocol like SCVP.&nbsp; In fact, SCVP principles are already =
widely=20
deployed for in-house systems where trust management is performed in one =

place.&nbsp; Off-loaded validation also copes with EE-certificate =
revocation,=20
policy filtering, and similar things that appear to be out of scope for =
a=20
trust-anchor-focused system.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>TAMP have one advantage of SCVP and =
that is that it=20
may work in off-scenarios as well.&nbsp; Given the fact that billions of =
people=20
rely on&nbsp;on-line services,&nbsp;the off-line argument seems pretty=20
week.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Just my 2 cents</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Anders =
Rundgren</FONT></DIV></BODY></HTML>

------=_NextPart_000_02F5_01C7C4C7.4DB40D50--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CIWcYG061036 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jul 2007 11:32:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6CIWc5m061035; Thu, 12 Jul 2007 11:32:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.llnl.gov (nspiron-2.llnl.gov [128.115.41.82]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CIWblS061029; Thu, 12 Jul 2007 11:32:38 -0700 (MST) (envelope-from azb@llnl.gov)
Received: from catalyst.llnl.gov ([128.115.222.68]) by smtp.llnl.gov with ESMTP; 12 Jul 2007 11:32:36 -0700
X-Attachments: 
X-IronPort-AV: i="4.16,533,1175497200";  d="scan'208"; a="31299701:sNHT33193340"
Message-Id: <6.0.0.22.2.20070712110548.0205d808@mail.llnl.gov>
X-Sender: bartoletti1@mail.llnl.gov
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Date: Thu, 12 Jul 2007 11:32:34 -0700
To: ietf-pkix@imc.org
From: Tony Bartoletti <azb@llnl.gov>
Subject: Re: PKI Disaster Recovery and Key Rollover
Cc: ietf-pkix@imc.org
In-Reply-To: <E1I8a1z-0008Ah-00@medusa01.cs.auckland.ac.nz>
References: <OFF13EE478.BAAAD968-ONC1257315.0026FB29@frcl.bull.fr> <E1I8a1z-0008Ah-00@medusa01.cs.auckland.ac.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

At 04:06 AM 7/11/2007, Peter Gutmann wrote:

>   - the CA shall destroy, or withdraw from use, its private keys, as defined
>     in clause 7.2.6.
>
>that's never going to happen in the real world because the only asset left to
>a CA when it goes out of business is its private key, and the liquidators are
>never going to allow the deliberate destruction of corporate assets in this
>manner.  More importantly, even if the CA had some policy related to this
>while it was still operating, once it's in receivership the policy becomes
>void. It's a bit like Tony Bartoletti's suggestion for adding a crimeFree bit
>to keyUsage, you can write whatever policy you like for it but when it comes
>to the crunch it's not going to work the way the policy says.

Stepping back a bit to look at this, it seems clear that REAL disaster 
recovery can only come by ensuring that (so qualified) CA's abide by some 
kind of "escrowed recovery/continuity arrangement" as a matter of 
course.  Some entity, ala FDIC-for-PKI (not to imply that it be a 
government entity) needs the power to either revoke CA root, or provide for 
continuity of operations (magic, yeah...)

As Peter points out, the "keys" are the last bit of leverage the CA 
retains, and the CA (in general) will have no compunction to abide by any 
policy at a time when the downside outweighs the benefit.

If the concern is really for the relying parties and overall PKI stability, 
it makes no sense to demand that the CA take ANY particular action 
"post-disaster" ("the building may collapse at any moment - for your 
safety, please walk, do not RUN to the exits").  Rather, CA's that 
(voluntarily) enter into a verifiable "continuity contract" should be able 
to tout this fact as a qualification, and let the market decide if this 
becomes a "selling point" for their services.

Thoughts?   ____tony____

Tony Bartoletti 925-422-3881 <azb@llnl.gov>
Information Operations and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900

Received: from ipa240.209.tellas.gr (ipa240.209.tellas.gr [62.169.209.240]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CE4T6M032559; Thu, 12 Jul 2007 07:04:31 -0700 (MST) (envelope-from kopwaymaticmyg@waymatic.com)
Received: from 64.18.5.10 (HELO waymatic.com.s6a1.psmtp.com) by imc.org with esmtp (@=8.38.)TWD Y0Y0D) id ;CS*PB-JT+@BC--4 for ietf-whois-request@imc.org; Thu, 12 Jul 2007 14:04:30 -0200
Date: 	Thu, 12 Jul 2007 14:04:30 -0200
From: "Lillian Honeycutt" <kopwaymaticmyg@waymatic.com>
X-Mailer: The Bat! (v3.80.06) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <201055859.14810780559187@thhebat.net>
To: ietf-whois-request@imc.org
Subject: Last chance to supercharge your performance
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------F057D3F0CAB4F211"
X-Spam: Not detected

------------F057D3F0CAB4F211
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

At last, the genuine thing  with no ripoffs! 
P.E.P. are piping hot at this time! This is the true stuff not a fictitious one! 

One of the very prominents, totally unique produce is available here and there!
 Pay attention to just what people say on this produce:

"I like how quickly your product affected on my boyfriend, he can not stop babbling about how hot he is with his new size, extent, and libido!"

Victoria K., Boston

"Firstly I considered the gratuitous sample parcel I got was a kind of jest, till I tried using the P.E.P. Words cannot report how smug I am with the result I achieved from using the patch after 3 short months. I'll be ordering regularly!" 
Rikky Martin, San Diego

Look at more testimonials on this marvellouls product right here and right now!
http://www.siomant.net/?xawfmoevuaihl

------------F057D3F0CAB4F211
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>She will love you more than any other guy</TITLE>
</HEAD>
<BODY>

At last, the genuine thing with no ripoffs! 
 
<a href="http://www.siomant.net/?xawfmoevuaihl" target="_blank">P.E.P.</a> are piping hot at this time! This is the true stuff not a fictitious one! 
 
One of the very prominents, totally unique produce is available here and there!
 Pay attention to just what people say on this produce:


"I like how quickly your product affected on my boyfriend, he can not stop babbling about how hot he is with his new size, extent, and libido!"


Victoria K., Boston


"Firstly I considered the gratuitous sample parcel I got was a kind of jest, till I tried using the P.E.P. Words cannot report how smug I am with the result I achieved from using the patch after 3 short months. I'll be ordering regularly!" 

Rikky Martin, San Diego
<center>
<a href="http://www.siomant.net/?xawfmoevuaihl" target="_blank">
Look at more testimonials on this marvellouls product right here and right now!
</a>
</center>

http://www.siomant.net/?xawfmoevuaihl

</BODY></HTML>
------------F057D3F0CAB4F211--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CChhNL026582 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jul 2007 05:43:43 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6CChhpU026581; Thu, 12 Jul 2007 05:43:43 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.181]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CCheAG026573 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@imc.org>; Thu, 12 Jul 2007 05:43:41 -0700 (MST) (envelope-from stefans@microsoft.com)
Received: from DUB-EXHUB-C301.europe.corp.microsoft.com (65.53.213.91) by DUB-EXGWY-E802.partners.extranet.microsoft.com (10.251.129.2) with Microsoft SMTP Server (TLS) id 8.1.122.1; Thu, 12 Jul 2007 13:43:36 +0100
Received: from EA-EXMSG-C307.europe.corp.microsoft.com ([65.53.221.19]) by DUB-EXHUB-C301.europe.corp.microsoft.com ([65.53.213.91]) with mapi; Thu, 12 Jul 2007 13:43:35 +0100
From: Stefan Santesson <stefans@microsoft.com>
To: pkix <ietf-pkix@imc.org>
CC: Jim Schaad <jimsch@nwlink.com>, Denis Pinkas <denis.pinkas@bull.net>
Date: Thu, 12 Jul 2007 13:43:30 +0100
Subject: PKIX agenda posted
Thread-Topic: PKIX agenda posted
Thread-Index: Ace6WW5TLUaZoDk9Ts6QzrNPf9yx1gKKEbxQ
Message-ID: <A15AC0FBACD3464E95961F7C0BCD1FF0D157B312@EA-EXMSG-C307.europe.corp.microsoft.com>
References: <A15AC0FBACD3464E95961F7C0BCD1FF0D14883C6@EA-EXMSG-C307.europe.corp.microsoft.com>
In-Reply-To: <A15AC0FBACD3464E95961F7C0BCD1FF0D14883C6@EA-EXMSG-C307.europe.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B312EAEXMSGC307euro_"
MIME-Version: 1.0
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

--_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B312EAEXMSGC307euro_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

An agenda has been posted based on the requests received so far.
http://www3.ietf.org/proceedings/07jul/agenda/pkix.txt

A few topics are still preliminary:

*         I need a confirmation from Jim Schaad whether he intends to addre=
ss the update requirements on CMC

*         I need a confirmation whether anyone intends to do any further pr=
esentation on the individual key-rollover draft now available.

Stefan Santesson
Senior Program Manager
Windows Security, Standards

From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On=
 Behalf Of Stefan Santesson
Sent: den 29 juni 2007 16:26
To: pkix
Subject: Call for agenda items for the CHicago PKIX meeting
Importance: High

All,

A number is issues has been brought to the list since last IETF meeting.

Please let me know if you have any topic you want to discuss during the PKI=
X meeting in Chicago.
As usual, I need at least one editor from each active document to send me a=
 note whether you want a time slot at the meeting beyond my general status =
report.

I need your request for agenda items before end of next week. I.e. Friday J=
uly 6.

Thank you.

Stefan Santesson
Senior Program Manager
Windows Security, Standards

--_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B312EAEXMSGC307euro_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns=
:oa=3D"urn:schemas-microsoft-com:office:activation" xmlns:html=3D"http://ww=
w.w3.org/TR/REC-html40" xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope=
/" xmlns:D=3D"DAV:" xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2=
003/xml" xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xm=
lns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:d=
s=3D"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.micros=
oft.com/sharepoint/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc"=
 xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" xmlns:sps=3D"http://schemas=
.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001/XMLSch=
ema-instance" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile"=
 xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:=
mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:=
m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels=3D"http:=
//schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t=3D"htt=
p://schemas.microsoft.com/exchange/services/2006/types" xmlns=3D"http://www=
.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0cm;
	margin-right:0cm;
	margin-bottom:0cm;
	margin-left:36.0pt;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.EmailStyle17
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
	{page:Section1;}
 /* List Definitions */
 @list l0
	{mso-list-id:1638685742;
	mso-list-type:hybrid;
	mso-list-template-ids:1028543436 69009409 69009411 69009413 69009409 69009=
411 69009413 69009409 69009411 69009413;}
@list l0:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-18.0pt;
	font-family:Symbol;}
ol
	{margin-bottom:0cm;}
ul
	{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DSV link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><a name=3D"_MailEndCompose"><span lang=3DEN-US style=
=3D'color:
#1F497D'>An agenda has been posted based on the requests received so far.<o=
:p></o:p></span></a></p>

<p class=3DMsoNormal><a
href=3D"http://www3.ietf.org/proceedings/07jul/agenda/pkix.txt"><span lang=
=3DEN-US>http://www3.ietf.org/proceedings/07jul/agenda/pkix.txt</span></a><=
span
lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p>&nbsp;=
</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'>A few topic=
s are
still preliminary:<o:p></o:p></span></p>

<p class=3DMsoListParagraph style=3D'text-indent:-18.0pt;mso-list:l0 level1=
 lfo1'><![if !supportLists]><span
lang=3DEN-US style=3D'font-family:Symbol;color:#1F497D'><span style=3D'mso-=
list:Ignore'>&middot;<span
style=3D'font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;
</span></span></span><![endif]><span lang=3DEN-US style=3D'color:#1F497D'>I=
 need a
confirmation from Jim Schaad whether he intends to address the update
requirements on CMC<o:p></o:p></span></p>

<p class=3DMsoListParagraph style=3D'text-indent:-18.0pt;mso-list:l0 level1=
 lfo1'><![if !supportLists]><span
lang=3DEN-US style=3D'font-family:Symbol;color:#1F497D'><span style=3D'mso-=
list:Ignore'>&middot;<span
style=3D'font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;
</span></span></span><![endif]><span lang=3DEN-US style=3D'color:#1F497D'>I=
 need a confirmation
whether anyone intends to do any further presentation on the individual key=
-rollover
draft now available.<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p>&nbsp;=
</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p>&nbsp;=
</o:p></span></p>

<div>

<p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f=
amily:
"Arial","sans-serif";color:maroon'>Stefan Santesson</span></b><span lang=3D=
EN-GB
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F49=
7D'><o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-GB style=3D'font-size:10.0pt;font-fami=
ly:"Arial","sans-serif";
color:#400040'>Senior Program Manager</span><span lang=3DEN-GB style=3D'fon=
t-size:
12.0pt;font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span>=
</p>

<p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f=
amily:
"Arial","sans-serif";color:#400040'>Windows Security, Standards</span></b><=
span
lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p>

</div>

<p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p>&nbsp;=
</o:p></span></p>

<div style=3D'border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm =
4.0pt'>

<div>

<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm =
0cm 0cm'>

<p class=3DMsoNormal><b><span lang=3DEN-US style=3D'font-size:10.0pt;font-f=
amily:
"Tahoma","sans-serif"'>From:</span></b><span lang=3DEN-US style=3D'font-siz=
e:10.0pt;
font-family:"Tahoma","sans-serif"'> owner-ietf-pkix@mail.imc.org
[mailto:owner-ietf-pkix@mail.imc.org] <b>On Behalf Of </b>Stefan Santesson<=
br>
<b>Sent:</b> den 29 juni 2007 16:26<br>
<b>To:</b> pkix<br>
<b>Subject:</b> Call for agenda items for the CHicago PKIX meeting<br>
<b>Importance:</b> High<o:p></o:p></span></p>

</div>

</div>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal><span lang=3DEN-US>All,<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>A number is issues has been brought=
 to the
list since last IETF meeting.<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>Please let me know if you have any =
topic
you want to discuss during the PKIX meeting in Chicago.<o:p></o:p></span></=
p>

<p class=3DMsoNormal><span lang=3DEN-US>As usual, I need at least one edito=
r from
each active document to send me a note whether you want a time slot at the
meeting beyond my general status report.<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

I need your request for agenda item=
s before
end of next week. I.e. Friday July 6.<o:p></o:p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>Thank you.<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f=
amily:
"Arial","sans-serif";color:maroon'>Stefan Santesson</span></b><span lang=3D=
EN-GB
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F49=
7D'><o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-GB style=3D'font-size:10.0pt;font-fami=
ly:"Arial","sans-serif";
color:#400040'>Senior Program Manager</span><span lang=3DEN-GB style=3D'fon=
t-size:
12.0pt;font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span>=
</p>

<p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f=
amily:
"Arial","sans-serif";color:#400040'>Windows Security, Standards</span></b><=
span
lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

</div>

</div>

</body>

</html>

--_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B312EAEXMSGC307euro_--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BMdRn0044122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 15:39:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6BMdRfk044121; Wed, 11 Jul 2007 15:39:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.181]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BMdPb7044090 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 15:39:26 -0700 (MST) (envelope-from stefans@microsoft.com)
Received: from DUB-EXHUB-C303.europe.corp.microsoft.com (65.53.213.93) by DUB-EXGWY-E802.partners.extranet.microsoft.com (10.251.129.2) with Microsoft SMTP Server (TLS) id 8.1.122.1; Wed, 11 Jul 2007 23:39:24 +0100
Received: from EA-EXMSG-C307.europe.corp.microsoft.com ([65.53.221.19]) by DUB-EXHUB-C303.europe.corp.microsoft.com ([65.53.213.93]) with mapi; Wed, 11 Jul 2007 23:39:24 +0100
From: Stefan Santesson <stefans@microsoft.com>
To: pkix <ietf-pkix@imc.org>
Date: Wed, 11 Jul 2007 23:39:18 +0100
Subject: Agenda for Chicago IEFT
Thread-Topic: Agenda for Chicago IEFT
Thread-Index: AcfEDFEVasq6E/JWRk6R7r75kXCaMA==
Message-ID: <A15AC0FBACD3464E95961F7C0BCD1FF0D157B219@EA-EXMSG-C307.europe.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B219EAEXMSGC307euro_"
MIME-Version: 1.0
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

--_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B219EAEXMSGC307euro_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I'm sorry for the delay of the Agenda. I'm currently on vacation.
I will go through all requests and post a preliminary agenda by tomorrow

It looks like we will be able to accommodate the requests received but wait=
 for the agenda tomorrow to be sure.

Thank you.

Stefan Santesson
Senior Program Manager
Windows Security, Standards

--_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B219EAEXMSGC307euro_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns=
:oa=3D"urn:schemas-microsoft-com:office:activation" xmlns:html=3D"http://ww=
w.w3.org/TR/REC-html40" xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope=
/" xmlns:D=3D"DAV:" xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2=
003/xml" xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xm=
lns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:d=
s=3D"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.micros=
oft.com/sharepoint/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc"=
 xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" xmlns:sps=3D"http://schemas=
.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001/XMLSch=
ema-instance" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile"=
 xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:=
mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:=
m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels=3D"http:=
//schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t=3D"htt=
p://schemas.microsoft.com/exchange/services/2006/types" xmlns=3D"http://www=
.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DSV link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

I&#8217;m sorry for the delay of th=
e
Agenda. I&#8217;m currently on vacation.<o:p></o:p>

<p class=3DMsoNormal><span lang=3DEN-US>I will go through all requests and =
post a
preliminary agenda by tomorrow<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>It looks like we will be able to ac=
commodate
the requests received but wait for the agenda tomorrow to be sure.<o:p></o:=
p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>Thank you.<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f=
amily:
"Arial","sans-serif";color:maroon'>Stefan Santesson</span></b><span lang=3D=
EN-GB
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F49=
7D'><o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-GB style=3D'font-size:10.0pt;font-fami=
ly:"Arial","sans-serif";
color:#400040'>Senior Program Manager</span><span lang=3DEN-GB style=3D'fon=
t-size:
12.0pt;font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span>=
</p>

<p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f=
amily:
"Arial","sans-serif";color:#400040'>Windows Security, Standards</span></b><=
span
lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

</div>

</body>

</html>

--_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B219EAEXMSGC307euro_--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BDM0vf094858 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 06:22:00 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6BDM09u094857; Wed, 11 Jul 2007 06:22:00 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mart.catcert.local (62-97-117-187.atlassolutions.net [62.97.117.187] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BDLrua094831 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 06:21:54 -0700 (MST) (envelope-from ialamillo@catcert.net)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C7C3BE.37255066"
Subject: RE: PKI Disaster Recovery and Key Rollover
Date: Wed, 11 Jul 2007 15:20:13 +0200
Message-ID: <2E0817224D030746BF4A296C5E382492B8FD90@mart.catcert.local>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: PKI Disaster Recovery and Key Rollover
Thread-Index: AcfDrLMZTVWy318BR4mnLdz4bFQLowAECrK8
References: <E1I8a1z-0008Ah-00@medusa01.cs.auckland.ac.nz>
From: "Ignacio Alamillo" <ialamillo@catcert.net>
To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <denis.pinkas@bull.net>
Cc: <ietf-pkix@imc.org>, <Joel_Kazin@jeffersonwells.com>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7C3BE.37255066
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

Not want to disturb anyone with legal stuff, but in many cases the =
applicable law establishes some minimum actions to undertake in case a =
CA stops operations. I.e. article 21 of the Spanish Law 59/2003, on =
electronic signatures, says something like "a CA wanting to cease =
operations shall inform within two months its subscribers and will be =
allowed to transfer, with their express consent, the management of valid =
certificates to another CA or revoke them".=20

Up to this, no one has any effective protection against a CA going off =
business which doesn't inform of anything, therefore the third paragraph =
of this art. 21 says that the CA will transfer the Science and =
Technology Ministry (today the Industry, Commerce and Tourism Ministry) =
the revocation information.=20

With this information, the Ministry will maintain a public service =
informing of the revocation status of the certificates.=20

Not bad at all, but even in this case a CA could not transfer this =
information to the Ministry.

Therefore, the best "continuity" strategy to be able to validate =
signatures is, in my opinion, to implement a signature completion and =
maintenance process, getting all the relevant evidential material (such =
as CRLs or OCSP responses) and store it.

ETSI CAdES and XAdES specs provide full guidance on this, just as CEN =
CWA 14171 does.

Best,

Ignacio

-----Mensaje original-----
De: owner-ietf-pkix@mail.imc.org en nombre de Peter Gutmann
Enviado el: mi=E9 11/07/2007 13:06
Para: denis.pinkas@bull.net; pgut001@cs.auckland.ac.nz
CC: ietf-pkix@imc.org; Joel_Kazin@jeffersonwells.com
Asunto: Re: PKI Disaster Recovery and Key Rollover
=20

"Denis Pinkas" <denis.pinkas@bull.net> writes:

>Here is an extract from ETSI TS 101 456:

Hmm, OK, what I was looking for was more of a list of issues from the
user/EE/relying-party point of view, things that they have to consider =
when
dealing with a CA.  To take one oft-quoted case:

  - the CA shall destroy, or withdraw from use, its private keys, as =
defined
    in clause 7.2.6.

that's never going to happen in the real world because the only asset =
left to
a CA when it goes out of business is its private key, and the =
liquidators are
never going to allow the deliberate destruction of corporate assets in =
this
manner.  More importantly, even if the CA had some policy related to =
this
while it was still operating, once it's in receivership the policy =
becomes
void. It's a bit like Tony Bartoletti's suggestion for adding a =
crimeFree bit
to keyUsage, you can write whatever policy you like for it but when it =
comes
to the crunch it's not going to work the way the policy says.

So what I was looking for, if the document is looking at PKI-related =
disaster
recovery, is advice to users on what to do when their CA vanishes, all =
support
and services stop overnight (with no continuity or responsibility), and =
the
liquidators sell the private key on eBay.

Peter.

------_=_NextPart_001_01C7C3BE.37255066
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7652.24">
<TITLE>RE: PKI Disaster Recovery and Key Rollover</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=3D2>Hi,<BR>
<BR>
Not want to disturb anyone with legal stuff, but in many cases the =
applicable law establishes some minimum actions to undertake in case a =
CA stops operations. I.e. article 21 of the Spanish Law 59/2003, on =
electronic signatures, says something like &quot;a CA wanting to cease =
operations shall inform within two months its subscribers and will be =
allowed to transfer, with their express consent, the management of valid =
certificates to another CA or revoke them&quot;.<BR>
<BR>
Up to this, no one has any effective protection against a CA going off =
business which doesn't inform of anything, therefore the third paragraph =
of this art. 21 says that the CA will transfer the Science and =
Technology Ministry (today the Industry, Commerce and Tourism Ministry) =
the revocation information.<BR>
<BR>
With this information, the Ministry will maintain a public service =
informing of the revocation status of the certificates.<BR>
<BR>
Not bad at all, but even in this case a CA could not transfer this =
information to the Ministry.<BR>
<BR>
Therefore, the best &quot;continuity&quot; strategy to be able to =
validate signatures is, in my opinion, to implement a signature =
completion and maintenance process, getting all the relevant evidential =
material (such as CRLs or OCSP responses) and store it.<BR>
<BR>
ETSI CAdES and XAdES specs provide full guidance on this, just as CEN =
CWA 14171 does.<BR>
<BR>
<BR>
Best,<BR>
<BR>
Ignacio<BR>
<BR>
<BR>
-----Mensaje original-----<BR>
De: owner-ietf-pkix@mail.imc.org en nombre de Peter Gutmann<BR>
Enviado el: mi=E9 11/07/2007 13:06<BR>
Para: denis.pinkas@bull.net; pgut001@cs.auckland.ac.nz<BR>
CC: ietf-pkix@imc.org; Joel_Kazin@jeffersonwells.com<BR>
Asunto: Re: PKI Disaster Recovery and Key Rollover<BR>
<BR>
<BR>
&quot;Denis Pinkas&quot; &lt;denis.pinkas@bull.net&gt; writes:<BR>
<BR>
&gt;Here is an extract from ETSI TS 101 456:<BR>
<BR>
Hmm, OK, what I was looking for was more of a list of issues from =
the<BR>
user/EE/relying-party point of view, things that they have to consider =
when<BR>
dealing with a CA.&nbsp; To take one oft-quoted case:<BR>
<BR>
&nbsp; - the CA shall destroy, or withdraw from use, its private keys, =
as defined<BR>
&nbsp;&nbsp;&nbsp; in clause 7.2.6.<BR>
<BR>
that's never going to happen in the real world because the only asset =
left to<BR>
a CA when it goes out of business is its private key, and the =
liquidators are<BR>
never going to allow the deliberate destruction of corporate assets in =
this<BR>
manner.&nbsp; More importantly, even if the CA had some policy related =
to this<BR>
while it was still operating, once it's in receivership the policy =
becomes<BR>
void. It's a bit like Tony Bartoletti's suggestion for adding a =
crimeFree bit<BR>
to keyUsage, you can write whatever policy you like for it but when it =
comes<BR>
to the crunch it's not going to work the way the policy says.<BR>
<BR>
So what I was looking for, if the document is looking at PKI-related =
disaster<BR>
recovery, is advice to users on what to do when their CA vanishes, all =
support<BR>
and services stop overnight (with no continuity or responsibility), and =
the<BR>
liquidators sell the private key on eBay.<BR>
<BR>
Peter.<BR>
<BR>
<BR>
<BR>
<BR>
</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C7C3BE.37255066--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BB6pk7080258 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 04:06:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6BB6pNf080256; Wed, 11 Jul 2007 04:06:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailhost.auckland.ac.nz (moe.its.auckland.ac.nz [130.216.12.35]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BB6kgZ080245 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 04:06:48 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 4FA5A480395; Wed, 11 Jul 2007 23:06:46 +1200 (NZST)
X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz
Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (moe.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-FzjYySgEYL; Wed, 11 Jul 2007 23:06:46 +1200 (NZST)
Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 35B2C48038F; Wed, 11 Jul 2007 23:06:46 +1200 (NZST)
Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id BDD9FD14CFC; Wed, 11 Jul 2007 23:06:43 +1200 (NZST)
Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1I8a1z-0008Ah-00; Wed, 11 Jul 2007 23:06:51 +1200
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: denis.pinkas@bull.net, pgut001@cs.auckland.ac.nz
Subject: Re: PKI Disaster Recovery and Key Rollover
Cc: ietf-pkix@imc.org, Joel_Kazin@jeffersonwells.com
In-Reply-To: <OFF13EE478.BAAAD968-ONC1257315.0026FB29@frcl.bull.fr>
Message-Id: <E1I8a1z-0008Ah-00@medusa01.cs.auckland.ac.nz>
Date: Wed, 11 Jul 2007 23:06:51 +1200
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

"Denis Pinkas" <denis.pinkas@bull.net> writes:

>Here is an extract from ETSI TS 101 456:

Hmm, OK, what I was looking for was more of a list of issues from the
user/EE/relying-party point of view, things that they have to consider when
dealing with a CA.  To take one oft-quoted case:

  - the CA shall destroy, or withdraw from use, its private keys, as defined
    in clause 7.2.6.

that's never going to happen in the real world because the only asset left to
a CA when it goes out of business is its private key, and the liquidators are
never going to allow the deliberate destruction of corporate assets in this
manner.  More importantly, even if the CA had some policy related to this
while it was still operating, once it's in receivership the policy becomes
void. It's a bit like Tony Bartoletti's suggestion for adding a crimeFree bit
to keyUsage, you can write whatever policy you like for it but when it comes
to the crunch it's not going to work the way the policy says.

So what I was looking for, if the document is looking at PKI-related disaster
recovery, is advice to users on what to do when their CA vanishes, all support
and services stop overnight (with no continuity or responsibility), and the
liquidators sell the private key on eBay.

Peter.

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BAmPUV078753 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 03:48:25 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6BAmPLv078752; Wed, 11 Jul 2007 03:48:25 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from EXVS01.ex.dslextreme.net (exbe04.ex.dslextreme.net [66.51.199.86]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BAmOk5078746 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 03:48:24 -0700 (MST) (envelope-from chokhani@orionsec.com)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: PKI Disaster Recovery and Key Rollover
Date: Wed, 11 Jul 2007 03:47:18 -0700
Message-ID: <82D5657AE1F54347A734BDD33637C87908622D32@EXVS01.ex.dslextreme.net>
In-Reply-To: <E1I8YdH-0006hC-00@medusa01.cs.auckland.ac.nz>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: PKI Disaster Recovery and Key Rollover
Thread-Index: AcfDnyrBCi0KEGPnSJ6VS209MI79zQACXVYg
References: <82D5657AE1F54347A734BDD33637C87908622D1F@EXVS01.ex.dslextreme.net> <E1I8YdH-0006hC-00@medusa01.cs.auckland.ac.nz>
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: "pgut001" <pgut001@cs.auckland.ac.nz>, <denis.pinkas@bull.net>, <ietf-pkix@imc.org>
Cc: <Joel_Kazin@jeffersonwells.com>, <stefans@microsoft.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l6BAmOk5078747
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Peter,

Like rest of the Policy Framework, 3647 does not specify any policies
for this or other points.  3647 is a framework and not a policy or a
sample policy.

What I have seen in some of the certificate policies seem to adequately
address this.

-----Original Message-----
From: pgut001 [mailto:pgut001@cs.auckland.ac.nz] 
Sent: Wednesday, July 11, 2007 5:37 AM
To: Santosh Chokhani; denis.pinkas@bull.net; ietf-pkix@imc.org;
pgut001@cs.auckland.ac.nz
Cc: Joel_Kazin@jeffersonwells.com; stefans@microsoft.com
Subject: RE: PKI Disaster Recovery and Key Rollover

"Santosh Chokhani" <chokhani@orionsec.com> writes:

>The Policy Framework (Informational RFC 3647) has a section on CA and
RA
>Termination.

Do you mean section 4.5.8:

   This subcomponent describes requirements relating to procedures for
   termination and termination notification of a CA or RA, including the
   identity of the custodian of CA and RA archival records.

This seems to provide about as much utility as Cygnus' corporate drugs
policy
:-).

>I have seen a number of Certificate Policies drafted that describe
>requirements as to what a CA must do prior to termination of service.

Given the number of CAs whose users I've talked to for which the
termination
of service consisted of "404 Not Found", I think this is something that
needs
to be addressed in more detail.  In particular since this draft is
supposed to
cover "PKI Disaster Recovery" and having your CA suddenly vanish is the
single
biggest possible disaster than can hit a PKI, I think a fair amount of
the
document should be devoted to this.  Where do the CA keys go?  Who
issues
CRLs?  (A real-world example there, one national PKI that evaporated
suddenly
was left with the problem that while the hardware was still in place,
there
were no staff left who knew how to issue a CRL).  Who takes over the
defunct
CA's role? Who gets the CA's keys?  (Again, real-world example, they end
up on
eBay for sale to the highest bidder).  You could easily write a small
book on
all of this, it really is the single most drastic PKI disaster recovery
issue
that we have, and probably the most frequently-occurring (CA- rather
than EE-
related) one.

Peter.

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BAGibq076210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 03:16:44 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6BAGiGh076209; Wed, 11 Jul 2007 03:16:44 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ganymede.on-x.com (ganymede.on-x.com [194.51.68.3]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BAGgwN076201 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 03:16:43 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr)
Received: from localhost (ganymede [127.0.0.1]) by ganymede.on-x.com (Postfix) with ESMTP id DEE6913; Wed, 11 Jul 2007 12:16:39 +0200 (CEST)
Received: from ganymede.on-x.com ([127.0.0.1]) by localhost (ganymede.on-x.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18286-04; Wed, 11 Jul 2007 12:16:35 +0200 (CEST)
Received: from vinea.on-x.com (sedna.puteaux.on-x [192.168.10.9]) by ganymede.on-x.com (Postfix) with ESMTP id A0EEC1F; Wed, 11 Jul 2007 12:16:35 +0200 (CEST)
Received: from [193.51.14.5] ([212.234.46.65]) by vinea.on-x.com (Lotus Domino Release 5.0.11) with ESMTP id 2007071112161902:336161 ; Wed, 11 Jul 2007 12:16:19 +0200 
Message-ID: <4694AD59.9070003@edelweb.fr>
Date: Wed, 11 Jul 2007 12:13:45 +0200
From: Peter Sylvester <Peter.Sylvester@edelweb.fr>
User-Agent: Thunderbird 1.5.0.9 (X11/20061206)
MIME-Version: 1.0
To: "David A. Cooper" <david.cooper@nist.gov>
Cc: pkix <ietf-pkix@imc.org>
Subject: Re: draft-ietf-pkix-scvp-32.txt
References: <468EB15C.4000103@nist.gov> <4690E4B9.4090802@edelweb.fr> <46923510.8020801@nist.gov> <469382E2.6090306@edelweb.fr> <4693F3A3.6030108@nist.gov>
In-Reply-To: <4693F3A3.6030108@nist.gov>
X-MIMETrack: Itemize by SMTP Server on vinea/ON-X(Release 5.0.11  |July 24, 2002) at 07/11/2007 12:16:19 PM, Serialize by Router on vinea/ON-X(Release 5.0.11  |July 24, 2002) at 07/11/2007 12:16:35 PM, Serialize complete at 07/11/2007 12:16:35 PM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040103080301050904090400"
X-Virus-Scanned: by amavisd-new at on-x.com
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a cryptographically signed message in MIME format.

--------------ms040103080301050904090400
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

David A. Cooper wrote:
> Peter Sylvester wrote:
>> If something hasn't changed since years, this doesn't mean that is 
>> correct.
> Peter,
>
> You said "Section 3.2.3  now has *reintroduced* the 'prospective' 
> certification path."  I was simply pointing out that this was not a 
> change.  Nothing was "reintroduced".
indeed, I was incorrect:

The text introduces the word 'prospective' in 3.2.3
in order to make it formally compatible withe 3.2.2.
As a resolution of what we discussed a year ago,
I would have expected something different, i.e. clarifying that

    id-stc-build-aa-path: Build a prospective certification path to a
      trust anchor for the AC issuer

is problematic if one takes the definition of 3280.  3.2.3
said before that the server returns a certificate path (and not just
a set of certs).

>
> Dave
>> David A. Cooper wrote:
>>> Peter Sylvester wrote:
>>>> Section 3.2.3  now has reintroduced the 'prospective' certification 
>>>> path.
>>>>
>>>> I think that we had understood that either this term borrowed from
>>>> 3280 only means an arbitrary sequence of n certificates and that is
>>>> not exactly what is desired here.
>>> Peter,
>>>
>>> The paragraph that you are referring to in section 3.2.3 is 
>>> discussing the use of the path building wantBacks 
>>> (id-stc-build-pkc-path and id-stc-build-aa-path), which are 
>>> described in section 3.2.2 as follows:
>>>
>>>    - id-stc-build-pkc-path: Build a prospective certification path to a
>>>       trust anchor (as defined in section 6.1 of [PKIX-1]);
>>>  
>>> - id-stc-build-aa-path: Build a prospective certification path to a
>>>       trust anchor for the AC issuer;
>>>
>>> The description of id-stc-build-pkc-path has been unchanged since 
>>> draft 18 and the description of id-stc-build-aa-path has been 
>>> unchanged since draft 24.
>>>
>>> Dave

--------------ms040103080301050904090400
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC
BHIwggLfoAMCAQICBgqvijKA3jANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G
A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs
UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNzAzMjYxMDM3MDNaFw0wOTA2MDMxMDM3MDNaMHAx
CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ
S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu
ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPB7ZSfmYsUuVIV0W2izxb1Zyvr6ZJ
IjPiqRMs77dbEQhQ6FZhhUSuABxxc8NjZvyPMRo0uuT0iVpRDktb0fWPTx3m9qTfdqrhWg2c
IOBKNbNQr8NogDJvG1AxRx4q9SXKZCVpZCoHu3fz2Rfji1kL7l597+7qBEsFd9IyvRaexQID
AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5
MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT
VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD
VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F
ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSZjq81LuJmsiiu1Yt/ezwCiUQSQTAfBgNV
HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA
A4IBfAAUq5MJ3gXhdKDpOm0ascDE9e1iMo0RQ24ujkc9IrFXhAJNS+3eNwcJEieU2vgZTsGb
zKeBZom1zVOFoh73VIRP6T08j4dDlndpDYZbxD20KzFt9zX6gV8IgR2zkkZXLQRbLyW16kw8
oFe3s//p1csCkCPAlZv1rZQYR5Psm0A1aiOiuSHhWUmgfAJxmIgfbmKtS3WpsUZVBuLQpThN
rWjLRAqJKYA++++qqo3ujqAAzJLe+MHrX5dai7+n6WBfV4qo1uDArR7XbmgVpV/EdPA75XRi
XEedLgbFDawJ9nAMN6WfL/NG6GZkEa7mZ7sH/gG34y21nq4w4mAAxn9wz7mDKMsEbJMZ5VlJ
TOp0g6TdYqGjNoc/rQg7pqjcRChVitwd1Rl8O31+bIdNSpv4UReNMDcffRQrt+pF1FxR4q6q
M9YLJU8NThx/89Mf/WF7fzrgVlsNJ78D9nJu0EhKes/9EX2qpIcHUfk/izOj8lCc1ksFgXpd
UEchE0DcMIIEcjCCAt+gAwIBAgIGCq+KMoDeMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT
AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV
BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA3MDMyNjEwMzcwM1oXDTA5MDYwMzEw
MzcwM1owcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp
Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA
ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8HtlJ+ZixS5UhXRbaL
PFvVnK+vpkkiM+KpEyzvt1sRCFDoVmGFRK4AHHFzw2Nm/I8xGjS65PSJWlEOS1vR9Y9PHeb2
pN92quFaDZwg4Eo1s1Cvw2iAMm8bUDFHHir1JcpkJWlkKge7d/PZF+OLWQvuXn3v7uoESwV3
0jK9Fp7FAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl
Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl
ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF
BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F
ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJmOrzUu4mayKK7Vi397PAKJ
RBJBMB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI
hvcNAQEFBQADggF8ABSrkwneBeF0oOk6bRqxwMT17WIyjRFDbi6ORz0isVeEAk1L7d43BwkS
J5Ta+BlOwZvMp4FmibXNU4WiHvdUhE/pPTyPh0OWd2kNhlvEPbQrMW33NfqBXwiBHbOSRlct
BFsvJbXqTDygV7ez/+nVywKQI8CVm/WtlBhHk+ybQDVqI6K5IeFZSaB8AnGYiB9uYq1Ldamx
RlUG4tClOE2taMtECokpgD7776qqje6OoADMkt74wetfl1qLv6fpYF9XiqjW4MCtHtduaBWl
X8R08DvldGJcR50uBsUNrAn2cAw3pZ8v80boZmQRruZnuwf+AbfjLbWerjDiYADGf3DPuYMo
ywRskxnlWUlM6nSDpN1ioaM2hz+tCDumqNxEKFWK3B3VGXw7fX5sh01Km/hRF40wNx99FCu3
6kXUXFHirqoz1gslTw1OHH/z0x/9YXt/OuBWWw0nvwP2cm7QSEp6z/0RfaqkhwdR+T+LM6Py
UJzWSwWBel1QRyETQNwwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL
MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL
STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0
MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj
ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI
hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M
ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe
1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt
qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd
UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH
pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS
cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB
CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C
AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV
HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3
UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy
4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz
QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u
US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj
PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq
Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf
Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y
rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6
PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL
d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18
k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg
d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD
VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ
S0kgRWRlbFdlYiBQZXJzR0VOAgYKr4oygN4wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD
MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzExMTAxMzQ1WjAjBgkqhkiG9w0B
CQQxFgQUX8vOhFtwwMIEld6+WXQIU7+wOYAwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D
BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC
ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY
MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy
c0dFTgIGCq+KMoDeMHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE
ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ
IEVkZWxXZWIgUGVyc0dFTgIGCq+KMoDeMA0GCSqGSIb3DQEBAQUABIGAOXTLtF+iVC1/EVqJ
h3ryD2kDpcRHzpHiSnwjgxwe8N/pbj+sjhdB08jy6J39jMi2WT2xTou+KTRdh64mGZdf8DfB
sU3KIv0yxCMMRd1fEicmkzblKsORl77/VGLVI7gD4lLoBzAq9O8R13eJYpYz+7IauY3txx/k
/s7WS8Q33FAAAAAAAAA=
--------------ms040103080301050904090400--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B9bCQW072812 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 02:37:13 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6B9bCxK072811; Wed, 11 Jul 2007 02:37:12 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B9bBWg072793 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 02:37:11 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 9A97B9C2D5; Wed, 11 Jul 2007 21:37:10 +1200 (NZST)
X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz
Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S6US+vA+Xgnc; Wed, 11 Jul 2007 21:37:10 +1200 (NZST)
Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 7D9429C2B4; Wed, 11 Jul 2007 21:37:10 +1200 (NZST)
Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 008CE514003; Wed, 11 Jul 2007 21:37:08 +1200 (NZST)
Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1I8YdH-0006hC-00; Wed, 11 Jul 2007 21:37:15 +1200
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: chokhani@orionsec.com, denis.pinkas@bull.net, ietf-pkix@imc.org, pgut001@cs.auckland.ac.nz
Subject: RE: PKI Disaster Recovery and Key Rollover
Cc: Joel_Kazin@jeffersonwells.com, stefans@microsoft.com
In-Reply-To: <82D5657AE1F54347A734BDD33637C87908622D1F@EXVS01.ex.dslextreme.net>
Message-Id: <E1I8YdH-0006hC-00@medusa01.cs.auckland.ac.nz>
Date: Wed, 11 Jul 2007 21:37:15 +1200
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

"Santosh Chokhani" <chokhani@orionsec.com> writes:

>The Policy Framework (Informational RFC 3647) has a section on CA and RA
>Termination.

Do you mean section 4.5.8:

   This subcomponent describes requirements relating to procedures for
   termination and termination notification of a CA or RA, including the
   identity of the custodian of CA and RA archival records.

This seems to provide about as much utility as Cygnus' corporate drugs policy
:-).

>I have seen a number of Certificate Policies drafted that describe
>requirements as to what a CA must do prior to termination of service.

Given the number of CAs whose users I've talked to for which the termination
of service consisted of "404 Not Found", I think this is something that needs
to be addressed in more detail.  In particular since this draft is supposed to
cover "PKI Disaster Recovery" and having your CA suddenly vanish is the single
biggest possible disaster than can hit a PKI, I think a fair amount of the
document should be devoted to this.  Where do the CA keys go?  Who issues
CRLs?  (A real-world example there, one national PKI that evaporated suddenly
was left with the problem that while the hardware was still in place, there
were no staff left who knew how to issue a CRL).  Who takes over the defunct
CA's role? Who gets the CA's keys?  (Again, real-world example, they end up on
eBay for sale to the highest bidder).  You could easily write a small book on
all of this, it really is the single most drastic PKI disaster recovery issue
that we have, and probably the most frequently-occurring (CA- rather than EE-
related) one.

Peter.

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B8tFHn069193 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 01:55:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6B8tFDD069192; Wed, 11 Jul 2007 01:55:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from EXVS01.ex.dslextreme.net (exbe04.ex.dslextreme.net [66.51.199.86]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B8tDqS069185 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 01:55:14 -0700 (MST) (envelope-from chokhani@orionsec.com)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: PKI Disaster Recovery and Key Rollover
Date: Wed, 11 Jul 2007 01:54:03 -0700
Message-ID: <82D5657AE1F54347A734BDD33637C87908622D1F@EXVS01.ex.dslextreme.net>
In-Reply-To: <E1I8VyH-0003vS-00@medusa01.cs.auckland.ac.nz>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: PKI Disaster Recovery and Key Rollover
Thread-Index: AcfDkLF3iZT8OkB9QYiXitNfvp2x9QACBV5A
References: <OF96474FBA.D532CCE0-ONC1257313.004B9072@frcl.bull.fr> <E1I8VyH-0003vS-00@medusa01.cs.auckland.ac.nz>
From: "Santosh Chokhani" <chokhani@orionsec.com>
To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <denis.pinkas@bull.net>, <ietf-pkix@imc.org>
Cc: <Joel_Kazin@jeffersonwells.com>, <stefans@microsoft.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l6B8tEqS069186
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Peter,

The Policy Framework (Informational RFC 3647) has a section on CA and RA
Termination.  I have seen a number of Certificate Policies drafted that
describe requirements as to what a CA must do prior to termination of
service.

-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Peter Gutmann
Sent: Wednesday, July 11, 2007 2:47 AM
To: denis.pinkas@bull.net; ietf-pkix@imc.org
Cc: Joel_Kazin@jeffersonwells.com; stefans@microsoft.com
Subject: Re: PKI Disaster Recovery and Key Rollover

"Denis Pinkas" <denis.pinkas@bull.net> writes:

>This document presents a framework to assist the writers of policy or
>practice statements and the designers of a Public Key Infrastructure to
>prepare disaster recovery plans in case of a private key-compromise or
a
>private key-loss. This may happen to end-entity keys, Certification
>Authorities, Revocation Authorities, Attribute Authorities, or
Time-Stamping
>Authorities.  Since certificates have finite validity, CA key-rollover
should
>be planned in advance.

Should it also cover the far more serious problem of the CA going out of
business?  I've talked to users of a number of CAs that have failed and
the
effect has been pretty chaotic on relying parties and users: one day the
CA
just isn't there any more, and everything stops working.  This seems to
be by
far the most serious real-world-impact CA issue that I've encountered,
but
it's not even considered in any PKI documentation that I know of.

Peter.

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B76TrA059875 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 00:06:29 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6B76TWt059874; Wed, 11 Jul 2007 00:06:29 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from odin2.bull.net (odin2.bull.net [129.184.85.11]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B76PFM059864 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 00:06:26 -0700 (MST) (envelope-from denis.pinkas@bull.net)
Received: from MSGA-001.frcl.bull.fr (msga-001.frcl.bull.fr [129.184.87.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id JAA07194; Wed, 11 Jul 2007 09:12:21 +0200
Received: from frcls4013 ([129.182.108.120]) by MSGA-001.frcl.bull.fr (Lotus Domino Release 5.0.11) with SMTP id 2007071109054664:30379 ; Wed, 11 Jul 2007 09:05:46 +0200 
Date: Wed, 11 Jul 2007 09:05:44 +0200
From: "Denis Pinkas" <denis.pinkas@bull.net>
To: "pgut001" <pgut001@cs.auckland.ac.nz>
Cc: "Joel_Kazin@jeffersonwells.com" <Joel_Kazin@jeffersonwells.com>, "ietf-pkix@imc.org" <ietf-pkix@imc.org>
Subject: Re: PKI Disaster Recovery and Key Rollover
X-mailer: Foxmail 5.0 [-fr-]
Mime-Version: 1.0
X-MIMETrack: Itemize by SMTP Server on MSGA-001/FR/BULL(Release 5.0.11  |July 24, 2002) at 11/07/2007 09:05:46, Serialize by Router on MSGA-001/FR/BULL(Release 5.0.11  |July 24, 2002) at 11/07/2007 09:06:18, Serialize complete at 11/07/2007 09:06:18
Message-ID: <OFF13EE478.BAAAD968-ONC1257315.0026FB29@frcl.bull.fr>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Peter,

The point you mention, seems to me in between technical matters and juridical matters.

It is addressed in different ETSI documents that may be downloaded free of charge from: 
http://www.etsi.org/services_products/freestandard/home.htm

In particular ETSI TS 101 456 and ETSI TS 102 042.

Here is an extract from ETSI TS 101 456:

7.4.9	CA termination

The CA shall ensure that potential disruptions to subscribers and relying parties are minimized 
as a result of the cessation of the CA's services, and ensure continued maintenance of records 
required to provide evidence of certification for the purposes of legal proceedings (see the 
Directive [1], annex II (i)). In particular:

a)	Before the CA terminates its services the following procedures shall be executed as a minimum:

-	the CA shall inform all subscribers, relying parties and other CAs with which it has agreements 
    or other form of established relations.

NOTE:	The CA is not required to have a prior relationship with the relying party.

-	the CA shall terminate all authorization of subcontractors to act on behalf of the CA
    in the performance of any functions related to the process of issuing certificates;
-	the CA shall perform necessary undertakings to transfer obligations for maintaining 
    registration information (see clause 7.3.1) and event log archives (see clause 7.4.11) 
    for their respective period of time as indicated to the subscriber and relying party (see clause 7.3.4);
-	the CA shall destroy, or withdraw from use, its private keys, as defined in clause 7.2.6.

b)	The CA shall have an arrangement to cover the costs to fulfil these minimum requirements 
      in case the CA becomes bankrupt or for other reasons is unable to cover the costs by itself.

c)	The CA shall state in its practices the provisions made for termination of service. 
    This shall include:
-	the notification of affected entities;
-	the transfer of its obligations to other parties;
-	the handling of the revocation status for unexpired certificates that have been issued.

Do you think that some parts of this text should be incorporated in the current draft ?

Denis

===============================================================

>"Denis Pinkas" <denis.pinkas@bull.net> writes:
>
>>This document presents a framework to assist the writers of policy or
>>practice statements and the designers of a Public Key Infrastructure to
>>prepare disaster recovery plans in case of a private key-compromise or a
>>private key-loss. This may happen to end-entity keys, Certification
>>Authorities, Revocation Authorities, Attribute Authorities, or Time-Stamping
>>Authorities.  Since certificates have finite validity, CA key-rollover should
>>be planned in advance.
>
>Should it also cover the far more serious problem of the CA going out of
>business?  I've talked to users of a number of CAs that have failed and the
>effect has been pretty chaotic on relying parties and users: one day the CA
>just isn't there any more, and everything stops working.  This seems to be by
>far the most serious real-world-impact CA issue that I've encountered, but
>it's not even considered in any PKI documentation that I know of.
>
>Peter.
>
>

Regards,

Denis Pinkas

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B6kp5n058749 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Jul 2007 23:46:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6B6kpGa058748; Tue, 10 Jul 2007 23:46:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B6kj0X058736 for <ietf-pkix@imc.org>; Tue, 10 Jul 2007 23:46:49 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 62C969C2DE; Wed, 11 Jul 2007 18:46:44 +1200 (NZST)
X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz
Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJW8gRTEFTsG; Wed, 11 Jul 2007 18:46:44 +1200 (NZST)
Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 467289C2B8; Wed, 11 Jul 2007 18:46:44 +1200 (NZST)
Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 2FB9C1280A2; Wed, 11 Jul 2007 18:46:40 +1200 (NZST)
Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1I8VyH-0003vS-00; Wed, 11 Jul 2007 18:46:45 +1200
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: denis.pinkas@bull.net, ietf-pkix@imc.org
Subject: Re: PKI Disaster Recovery and Key Rollover
Cc: Joel_Kazin@jeffersonwells.com, stefans@microsoft.com
In-Reply-To: <OF96474FBA.D532CCE0-ONC1257313.004B9072@frcl.bull.fr>
Message-Id: <E1I8VyH-0003vS-00@medusa01.cs.auckland.ac.nz>
Date: Wed, 11 Jul 2007 18:46:45 +1200
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

"Denis Pinkas" <denis.pinkas@bull.net> writes:

>This document presents a framework to assist the writers of policy or
>practice statements and the designers of a Public Key Infrastructure to
>prepare disaster recovery plans in case of a private key-compromise or a
>private key-loss. This may happen to end-entity keys, Certification
>Authorities, Revocation Authorities, Attribute Authorities, or Time-Stamping
>Authorities.  Since certificates have finite validity, CA key-rollover should
>be planned in advance.

Should it also cover the far more serious problem of the CA going out of
business?  I've talked to users of a number of CAs that have failed and the
effect has been pretty chaotic on relying parties and users: one day the CA
just isn't there any more, and everything stops working.  This seems to be by
far the most serious real-world-impact CA issue that I've encountered, but
it's not even considered in any PKI documentation that I know of.

Peter.

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6AL1l4k014621 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Jul 2007 14:01:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6AL1lfK014620; Tue, 10 Jul 2007 14:01:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6AL1hkJ014609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Tue, 10 Jul 2007 14:01:46 -0700 (MST) (envelope-from david.cooper@nist.gov)
Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id l6AL17Gw018246; Tue, 10 Jul 2007 17:01:08 -0400
Received: from st26.ncsl.nist.gov (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.7/8.13.7) with ESMTP id l6AL0uHj021658; Tue, 10 Jul 2007 17:00:57 -0400 (EDT)
Message-ID: <4693F3A3.6030108@nist.gov>
Date: Tue, 10 Jul 2007 17:01:23 -0400
From: "David A. Cooper" <david.cooper@nist.gov>
User-Agent: Thunderbird 2.0.0.4 (X11/20070620)
MIME-Version: 1.0
To: Peter Sylvester <Peter.Sylvester@edelweb.fr>
CC: pkix <ietf-pkix@imc.org>
Subject: Re: draft-ietf-pkix-scvp-32.txt
References: <468EB15C.4000103@nist.gov> <4690E4B9.4090802@edelweb.fr> <46923510.8020801@nist.gov> <469382E2.6090306@edelweb.fr>
In-Reply-To: <469382E2.6090306@edelweb.fr>
Content-Type: multipart/alternative; boundary="------------080507070501000907080208"
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: david.cooper@nist.gov
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a multi-part message in MIME format.
--------------080507070501000907080208
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Peter Sylvester wrote:
> If something hasn't changed since years, this doesn't mean that is 
> correct.
Peter,

You said "Section 3.2.3  now has *reintroduced* the 'prospective' 
certification path."  I was simply pointing out that this was not a 
change.  Nothing was "reintroduced".

Dave
> David A. Cooper wrote:
>> Peter Sylvester wrote:
>>> Section 3.2.3  now has reintroduced the 'prospective' certification 
>>> path.
>>>
>>> I think that we had understood that either this term borrowed from
>>> 3280 only means an arbitrary sequence of n certificates and that is
>>> not exactly what is desired here.
>> Peter,
>>
>> The paragraph that you are referring to in section 3.2.3 is 
>> discussing the use of the path building wantBacks 
>> (id-stc-build-pkc-path and id-stc-build-aa-path), which are described 
>> in section 3.2.2 as follows:
>>
>>    - id-stc-build-pkc-path: Build a prospective certification path to a
>>       trust anchor (as defined in section 6.1 of [PKIX-1]);
>>  
>> - id-stc-build-aa-path: Build a prospective certification path to a
>>       trust anchor for the AC issuer;
>>
>> The description of id-stc-build-pkc-path has been unchanged since 
>> draft 18 and the description of id-stc-build-aa-path has been 
>> unchanged since draft 24.
>>
>> Dave

--------------080507070501000907080208
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Peter Sylvester wrote:<br>
<blockquote cite="mid:469382E2.6090306@edelweb.fr" type="cite">If
something hasn't changed since years, this doesn't mean that is
correct.
  <br>
</blockquote>
Peter,<br>
<br>
You said "Section 3.2.3&nbsp; now has <b>reintroduced</b> the 'prospective'
certification path."&nbsp; I was simply pointing out that this was not a
change.&nbsp; Nothing was "reintroduced".<br>
<br>
Dave<br>
<blockquote cite="mid:469382E2.6090306@edelweb.fr" type="cite">David A.
Cooper wrote:
  <br>
  <blockquote type="cite">Peter Sylvester wrote:
    <br>
    <blockquote type="cite">Section 3.2.3&nbsp; now has reintroduced the
'prospective' certification path.
      <br>
      <br>
I think that we had understood that either this term borrowed from
      <br>
3280 only means an arbitrary sequence of n certificates and that is
      <br>
not exactly what is desired here.
      <br>
    </blockquote>
Peter,
    <br>
    <br>
The paragraph that you are referring to in section 3.2.3 is discussing
the use of the path building wantBacks (id-stc-build-pkc-path and
id-stc-build-aa-path), which are described in section 3.2.2 as follows:
    <br>
    <br>
&nbsp;&nbsp; - id-stc-build-pkc-path: Build a prospective certification path to a
    <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; trust anchor (as defined in section 6.1 of [PKIX-1]);
    <br>
&nbsp;
    <br>
- id-stc-build-aa-path: Build a prospective certification path to a
    <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; trust anchor for the AC issuer;
    <br>
    <br>
The description of id-stc-build-pkc-path has been unchanged since draft
18 and the description of id-stc-build-aa-path has been unchanged since
draft 24.
    <br>
    <br>
Dave<br>
  </blockquote>
</blockquote>
</body>
</html>

--------------080507070501000907080208--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6AD3392061185 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Jul 2007 06:03:03 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6AD33Mn061184; Tue, 10 Jul 2007 06:03:03 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ganymede.on-x.com (ganymede.on-x.com [194.51.68.3]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6AD31sn061176 for <ietf-pkix@imc.org>; Tue, 10 Jul 2007 06:03:02 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr)
Received: from localhost (ganymede [127.0.0.1]) by ganymede.on-x.com (Postfix) with ESMTP id C7CEE1E; Tue, 10 Jul 2007 15:02:55 +0200 (CEST)
Received: from ganymede.on-x.com ([127.0.0.1]) by localhost (ganymede.on-x.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05435-01; Tue, 10 Jul 2007 15:02:53 +0200 (CEST)
Received: from vinea.on-x.com (sedna.puteaux.on-x [192.168.10.9]) by ganymede.on-x.com (Postfix) with ESMTP id EB67213; Tue, 10 Jul 2007 15:02:52 +0200 (CEST)
Received: from [193.51.14.5] ([212.234.46.65]) by vinea.on-x.com (Lotus Domino Release 5.0.11) with ESMTP id 2007071015025220:334743 ; Tue, 10 Jul 2007 15:02:52 +0200 
Message-ID: <469382E2.6090306@edelweb.fr>
Date: Tue, 10 Jul 2007 15:00:18 +0200
From: Peter Sylvester <Peter.Sylvester@edelweb.fr>
User-Agent: Thunderbird 1.5.0.9 (X11/20061206)
MIME-Version: 1.0
To: "David A. Cooper" <david.cooper@nist.gov>
Cc: pkix <ietf-pkix@imc.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: draft-ietf-pkix-scvp-32.txt
References: <468EB15C.4000103@nist.gov> <4690E4B9.4090802@edelweb.fr> <46923510.8020801@nist.gov>
In-Reply-To: <46923510.8020801@nist.gov>
X-MIMETrack: Itemize by SMTP Server on vinea/ON-X(Release 5.0.11  |July 24, 2002) at 07/10/2007 03:02:52 PM, Serialize by Router on vinea/ON-X(Release 5.0.11  |July 24, 2002) at 07/10/2007 03:02:52 PM, Serialize complete at 07/10/2007 03:02:52 PM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070002070609040806030106"
X-Virus-Scanned: by amavisd-new at on-x.com
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a cryptographically signed message in MIME format.

--------------ms070002070609040806030106
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

David,

If something hasn't changed since years, this doesn't mean that is correct.
You wrote the following in May 2006 where you indicate that your
understanding of 'prospective path' was not correct.

At the end you say 'certification path', but is is a totally arbitary 
sequence
of  certficates. What the protocol allows is that a MIM can create a DOS 
attack
by throwing all kinds of certificates and tell that it has more info in 
case
the client doesn't like.
what defense ha the client, how and when can it detect that something is 
wrong?
It can apply some heuristics, assuming that a server would at least return
certs where the names are chaining, and maybe the signature verify for 
example.
But that is not currently in the protocol.

If you take a directory implementation and a client that searches
in that to build a path, the directory does not return arbitrary certs,
or at least, if it does, the client stops immediately and detects a faulty
behaviour.

Your suggestion is useful but it has not found its way into the text
in any way. Furthermore, because you have misread 3820, I think that
the your citation of the definition of
     id-stc-build-aa-path
also means you had the same error in mind.

I think just encouraging is a little bit weak.
A server MUST return a "propective path" that least verifies some 
conditions.
(which doesn't mean that the client does not verify them).  Otherwise
the client has no means to decide whether to stop talking to the server.

David A. Cooper wrote:
> Peter,
>
> Your initial response to my message was correct.  I simply read RFC 
> 3280 too
> quickly when responding to Thomas's message and quoted the wrong text 
> for the
> definition of prospective certification path.  RFC 3280 does define a
> prospective certification path as a sequence of n certificates and 
> indicates
> that path validation involves (among other things) verifying the items 
> listed in
> a) - d).
>
> I agree that the description of id-stc-build-aa-path should be change 
> to be
> consistent with the description for id-stc-build-pkc-path.  By design, 
> it should
> be possible to operate a DPD server as an untrusted system, which 
> means that the
> client cannot necessarily rely on any of the information returned by 
> the server.
>  The client must perform all of the steps of path validation and 
> cannot assume
> that the path returned by the server satisfies certain conditions.  Of 
> course,
> it would be preferable from the client's point of view for the server 
> not to
> send it invalid certification paths, so I would encourage DPD servers 
> to perform
> at least some checks on the certification paths that they return to 
> clients,
> even if this is not a requirement of the protocol.
>
> Dave
>   

David A. Cooper wrote:
> Peter Sylvester wrote:
>> Section 3.2.3  now has reintroduced the 'prospective' certification 
>> path.
>>
>> I think that we had understood that either this term borrowed from
>> 3280 only means an arbitrary sequence of n certificates and that is
>> not exactly what is desired here.
> Peter,
>
> The paragraph that you are referring to in section 3.2.3 is discussing 
> the use of the path building wantBacks (id-stc-build-pkc-path and 
> id-stc-build-aa-path), which are described in section 3.2.2 as follows:
>
>    - id-stc-build-pkc-path: Build a prospective certification path to a
>       trust anchor (as defined in section 6.1 of [PKIX-1]);
>  
> - id-stc-build-aa-path: Build a prospective certification path to a
>       trust anchor for the AC issuer;
>
> The description of id-stc-build-pkc-path has been unchanged since 
> draft 18 and the description of id-stc-build-aa-path has been 
> unchanged since draft 24.
>
> Dave
>
>

--------------ms070002070609040806030106
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC
BHIwggLfoAMCAQICBgqvijKA3jANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G
A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs
UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNzAzMjYxMDM3MDNaFw0wOTA2MDMxMDM3MDNaMHAx
CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ
S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu
ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPB7ZSfmYsUuVIV0W2izxb1Zyvr6ZJ
IjPiqRMs77dbEQhQ6FZhhUSuABxxc8NjZvyPMRo0uuT0iVpRDktb0fWPTx3m9qTfdqrhWg2c
IOBKNbNQr8NogDJvG1AxRx4q9SXKZCVpZCoHu3fz2Rfji1kL7l597+7qBEsFd9IyvRaexQID
AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5
MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT
VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD
VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F
ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSZjq81LuJmsiiu1Yt/ezwCiUQSQTAfBgNV
HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA
A4IBfAAUq5MJ3gXhdKDpOm0ascDE9e1iMo0RQ24ujkc9IrFXhAJNS+3eNwcJEieU2vgZTsGb
zKeBZom1zVOFoh73VIRP6T08j4dDlndpDYZbxD20KzFt9zX6gV8IgR2zkkZXLQRbLyW16kw8
oFe3s//p1csCkCPAlZv1rZQYR5Psm0A1aiOiuSHhWUmgfAJxmIgfbmKtS3WpsUZVBuLQpThN
rWjLRAqJKYA++++qqo3ujqAAzJLe+MHrX5dai7+n6WBfV4qo1uDArR7XbmgVpV/EdPA75XRi
XEedLgbFDawJ9nAMN6WfL/NG6GZkEa7mZ7sH/gG34y21nq4w4mAAxn9wz7mDKMsEbJMZ5VlJ
TOp0g6TdYqGjNoc/rQg7pqjcRChVitwd1Rl8O31+bIdNSpv4UReNMDcffRQrt+pF1FxR4q6q
M9YLJU8NThx/89Mf/WF7fzrgVlsNJ78D9nJu0EhKes/9EX2qpIcHUfk/izOj8lCc1ksFgXpd
UEchE0DcMIIEcjCCAt+gAwIBAgIGCq+KMoDeMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT
AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV
BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA3MDMyNjEwMzcwM1oXDTA5MDYwMzEw
MzcwM1owcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp
Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA
ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8HtlJ+ZixS5UhXRbaL
PFvVnK+vpkkiM+KpEyzvt1sRCFDoVmGFRK4AHHFzw2Nm/I8xGjS65PSJWlEOS1vR9Y9PHeb2
pN92quFaDZwg4Eo1s1Cvw2iAMm8bUDFHHir1JcpkJWlkKge7d/PZF+OLWQvuXn3v7uoESwV3
0jK9Fp7FAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl
Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl
ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF
BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F
ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJmOrzUu4mayKK7Vi397PAKJ
RBJBMB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI
hvcNAQEFBQADggF8ABSrkwneBeF0oOk6bRqxwMT17WIyjRFDbi6ORz0isVeEAk1L7d43BwkS
J5Ta+BlOwZvMp4FmibXNU4WiHvdUhE/pPTyPh0OWd2kNhlvEPbQrMW33NfqBXwiBHbOSRlct
BFsvJbXqTDygV7ez/+nVywKQI8CVm/WtlBhHk+ybQDVqI6K5IeFZSaB8AnGYiB9uYq1Ldamx
RlUG4tClOE2taMtECokpgD7776qqje6OoADMkt74wetfl1qLv6fpYF9XiqjW4MCtHtduaBWl
X8R08DvldGJcR50uBsUNrAn2cAw3pZ8v80boZmQRruZnuwf+AbfjLbWerjDiYADGf3DPuYMo
ywRskxnlWUlM6nSDpN1ioaM2hz+tCDumqNxEKFWK3B3VGXw7fX5sh01Km/hRF40wNx99FCu3
6kXUXFHirqoz1gslTw1OHH/z0x/9YXt/OuBWWw0nvwP2cm7QSEp6z/0RfaqkhwdR+T+LM6Py
UJzWSwWBel1QRyETQNwwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL
MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL
STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0
MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj
ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI
hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M
ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe
1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt
qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd
UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH
pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS
cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB
CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C
AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV
HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3
UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy
4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz
QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u
US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj
PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq
Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf
Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y
rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6
PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL
d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18
k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg
d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD
VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ
S0kgRWRlbFdlYiBQZXJzR0VOAgYKr4oygN4wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD
MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzEwMTMwMDE4WjAjBgkqhkiG9w0B
CQQxFgQU9Ki1V0vlJWuUGYCGN3IgndcUkNgwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D
BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC
ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY
MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy
c0dFTgIGCq+KMoDeMHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE
ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ
IEVkZWxXZWIgUGVyc0dFTgIGCq+KMoDeMA0GCSqGSIb3DQEBAQUABIGAGbItWns073Q4GGYb
weDDazfAwuSb2/9Ot2zMe1FoeqZ6FmR6/meVpKofgs6S3Uu1HYHAulq0FzIifyuG07fuDVrj
oA26KHw5ht1GU8BMesHGQt+xNLMlhk6PQsdbIs4S59Bt2beC5TwOGsycAWoGfYqklH9WLSKU
wiPDwFAqLksAAAAAAAA=
--------------ms070002070609040806030106--

Received: from RYU ([125.130.45.30]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6ACOFeP057270; Tue, 10 Jul 2007 05:24:17 -0700 (MST) (envelope-from kervallesturatubidop@vallesturatubi.it)
Received: from 217.18.103.84 (HELO mbox1.vallesturatubi.it) by imc.org with esmtp (8-+S?ZM(8/I /IE(=) id ,17(=P-TRV*0H--5 for ietf-xml-mime@imc.org; Tue, 10 Jul 2007 12:24:00 -0900
Date: 	Tue, 10 Jul 2007 12:24:00 -0900
From: "Effie Doss" <kervallesturatubidop@vallesturatubi.it>
X-Mailer: The Bat! (v3.0.0.15) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <726535727.00748215053263@thhebat.net>
To: ietf-xml-mime@imc.org
Subject: Don't get left behind
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------67821E4BFDA67F6"
X-Spam: Not detected

------------67821E4BFDA67F6
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Finally the true stuff  with no trickery! 
P.E.P. are tasting hot right this time! This is the real stuff not an imitation! 

One of the very exceptionals, totally unrivalled stuff is easy accessible all over the world!
 Pay heed to what people say about this stuff:

"I like how quick your product had an affect upon my boyfriend, he can't stop chatting on how hot he is having his new calibre, extent, and libido!"

Amely S., San Diego

"Firstly I thought the gratuitous sample  I acquired was a jest, till I tried using the P.E.P. I cant describe report how plume I am with the effects I achieved from using the remedy after 7 short weeks. I will be ordering continually!" 
Steve Doubt, San Diego

Look at more references about this amazing product right here and right now!
http://www.periast.net/?qyjrhfkjha

------------67821E4BFDA67F6
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>She will love you more than any other guy</TITLE>
</HEAD>
<BODY>

Finally the true stuff with no trickery! 
 
<a href="http://www.periast.net/?qyjrhfkjha" target="_blank">P.E.P.</a> are tasting hot right this time! This is the real stuff not an imitation! 
 
One of the very exceptionals, totally unrivalled stuff is easy accessible all over the world!
 Pay heed to what people say about this stuff:


"I like how quick your product had an affect upon my boyfriend, he can't stop chatting on how hot he is having his new calibre, extent, and libido!"


Amely S., San Diego


"Firstly I thought the gratuitous sample I acquired was a jest, till I tried using the P.E.P. I cant describe report how plume I am with the effects I achieved from using the remedy after 7 short weeks. I will be ordering continually!" 

Steve Doubt, San Diego
<center>
<a href="http://www.periast.net/?qyjrhfkjha" target="_blank">
Look at more references about this amazing product right here and right now!
</a>
</center>

http://www.periast.net/?qyjrhfkjha

</BODY></HTML>
------------67821E4BFDA67F6--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69JSlcV026216 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2007 12:28:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l69JSlGw026215; Mon, 9 Jul 2007 12:28:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69JSjMW026177 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-pkix@imc.org>; Mon, 9 Jul 2007 12:28:46 -0700 (MST) (envelope-from vkg@alcatel-lucent.com)
Received: from ihmail.ih.lucent.com (h135-1-218-70.lucent.com [135.1.218.70]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id l69JSViM024313; Mon, 9 Jul 2007 14:28:36 -0500 (CDT)
Received: from [135.185.244.90] (il0015vkg1.ih.lucent.com [135.185.244.90]) by ihmail.ih.lucent.com (8.11.7p1+Sun/8.12.11) with ESMTP id l69JSQa14071; Mon, 9 Jul 2007 14:28:26 -0500 (CDT)
Message-ID: <46928C5A.8000104@alcatel-lucent.com>
Date: Mon, 09 Jul 2007 14:28:26 -0500
From: "Vijay K. Gurbani" <vkg@alcatel-lucent.com>
Organization: Bell Labs Security Technology Research Group
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ietf-pkix@imc.org
CC: Scott Lawrence <slawrence@pingtel.com>, "Jeffrey, Alan S A (Alan)" <ajeffrey@alcatel-lucent.com>
Subject: Updated draft-gurbani-sip-domain-certs-06
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

On Fri, 2007-06-22 at 16:12 -0500, Vijay K. Gurbani wrote:
 > Folks: draft-gurbani-sip-domain-certs-05 has been submitted to
 > the IETF archives.  This version includes the guidance we
 > got from the pkix WG in Prague.  More specifically, this version
 > focuses strictly on:
 >
 > - How to use and interpret the SIP identities in a X.509 certificate.
 > - How to indicate that this particular certificate is for SIP
 >   usage.

We got some excellent late-breaking comments from Stephen Kent, and
reissued this as -06 just ahead of the deadline for Chicago.  Since such
a late submission may take some days to get through the pipeline, you
can get it here now:

http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-06.txt
http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-06.html

Most of Stephen's comments were incorporated in -06.  There were
a couple that we felt would benefit from a larger discussion in
the SIP WG; as such, we will be presenting this draft at the
Chicago SIP WG to get some consensus around these.

We would like to thank Stephen and the other pkix WG members who
have taken the time to give us better guidance on the draft.

- vijay
-- 
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA)
Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org}
WWW:   http://www.alcatel-lucent.com/bell-labs

Received: from host-81-190-104-97.rzeszow.mm.pl (host-81-190-104-97.rzeszow.mm.pl [81.190.104.97]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69I93QQ016204; Mon, 9 Jul 2007 11:09:04 -0700 (MST) (envelope-from jytuntermuehlgop@untermuehl.com)
Received: from [81.190.104.97] by mail.untermuehl.com; Mon, 9 Jul 2007 18:11:28 -0100
Date: 	Mon, 9 Jul 2007 18:11:28 -0100
From: "Rod Caldwell" <jytuntermuehlgop@untermuehl.com>
X-Mailer: The Bat! (v2.00.9) Educational
Reply-To: jytuntermuehlgop@untermuehl.com
X-Priority: 3 (Normal)
Message-ID: <264306626.96639395916736@untermuehl.com>
To: imc-snacc@imc.org
Subject: Olny this 5 days special price on pharma for you dear customer
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------9ADADADAD30C1782"

------------9ADADADAD30C1782
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Best greetings!!! 
Unique offer for you Dear Customer!!!
At these 5 days only for our customers incredible offer!!! 
On all meds you require!!!   
Fill your life with colours of merriment!!!  
http://eventmay.hk/ 

Truly yours, 
On-line community of druggists
------------9ADADADAD30C1782
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

Best greetings!!! 
Unique offer for you Dear Customer!!! 
At these 5 days only for our customers incredible offer!!! 
On all meds you require!!! 
<a href="http://eventmay.hk/" target="_blank">Fill your life with colours of merriment!!! </a> 
http://eventmay.hk/

<p><strong>Truly yours,<br> 
<em>On-line community of druggists</em></strong></p>

</BODY></HTML>
------------9ADADADAD30C1782--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69ETmjg093426 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2007 07:29:48 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l69ETmXf093425; Mon, 9 Jul 2007 07:29:48 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mx12.bbn.com (mx12.bbn.com [128.33.0.81]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69ETkLS093417 for <ietf-pkix@imc.org>; Mon, 9 Jul 2007 07:29:47 -0700 (MST) (envelope-from kent@bbn.com)
Received: from dhcp89-089-071.bbn.com ([128.89.89.71]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1I7uFF-0000uh-54; Mon, 09 Jul 2007 10:29:45 -0400
Mime-Version: 1.0
Message-Id: <p06240502c2b7f6b18182@[128.89.89.71]>
In-Reply-To: <008c01c7c0a4$45793790$82c5a8c0@arport2v>
References: <468EB15C.4000103@nist.gov> <008c01c7c0a4$45793790$82c5a8c0@arport2v>
Date: Mon, 9 Jul 2007 10:30:02 -0400
To: "Anders Rundgren" <anders.rundgren@telia.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re: draft-ietf-pkix-scvp-32.txt
Cc: "David A. Cooper" <david.cooper@nist.gov>, "pkix" <ietf-pkix@imc.org>
Content-Type: multipart/alternative; boundary="============_-1028131091==_ma============"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

--============_-1028131091==_ma============
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: quoted-printable

At 4:36 PM +0200 7/7/07, Anders Rundgren wrote:
>Although probably not NIST's intentions with=20
>SCVP, I would not be surprised if SCVP long-term=20
>will put the final nail in the Bridge CA coffin.
>
>Off-loaded validation is a MUCH better concept=20
>since it is fully dynamic, allows arbitrary=20
>granularity down to individual EE certificates,=20
>and most of all does not rely on a centrally=20
>funded/trusted "=FCber-CA".  In fact, a successful=20
>rollout of SCVP will probably eliminate most=20
>other uses of cross-certification as well.
>
>Anders
>

David asked a question about HTTP use in SCVP, for which this is NOT an answ=
er.

Try to keep on topic.

Steve
--============_-1028131091==_ma============
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type=3D"text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
 --></style><title>Re:
draft-ietf-pkix-scvp-32.txt</title></head><body>
<div>At 4:36 PM +0200 7/7/07, Anders Rundgren wrote:</div>
<blockquote type=3D"cite" cite><font face=3D"Arial" size=3D"-1">Although
probably not NIST's intentions with SCVP, I would not be surprised if
SCVP long-term will put the final nail in the Bridge CA
coffin.</font></blockquote>
<blockquote type=3D"cite" cite><font face=3D"Arial" size=3D"-1"><br>
Off-loaded validation is a MUCH better concept since it is fully
dynamic, allows arbitrary granularity down to individual EE
certificates, and most of all does not rely on a centrally
funded/trusted &quot;=FCber-CA&quot;.&nbsp; In fact, a successful
rollout of SCVP will probably eliminate most other uses of
cross-certification&nbsp;as well.</font><br>
<font face=3D"Arial" size=3D"-1"></font></blockquote>
<blockquote type=3D"cite" cite><font face=3D"Arial"
size=3D"-1">Anders</font><br>
<font face=3D"Arial" size=3D"-1"></font></blockquote>
<div><font face=3D"Arial" size=3D"-1"><br></font></div>
<div>David asked a question about HTTP use in SCVP, for which this is
NOT an answer.</div>
<div><br></div>
<div>Try to keep on topic.</div>
<div><br></div>
<div>Steve</div>
</body>
</html>
--============_-1028131091==_ma============--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DjVPZ090670 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2007 06:45:32 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l69DjVv2090669; Mon, 9 Jul 2007 06:45:31 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from odin2.bull.net (odin2.bull.net [129.184.85.11]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DjTDf090660 for <ietf-pkix@imc.org>; Mon, 9 Jul 2007 06:45:30 -0700 (MST) (envelope-from denis.pinkas@bull.net)
Received: from MSGA-001.frcl.bull.fr (msga-mcl1.frcl.bull.fr [129.184.87.20]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA25836; Mon, 9 Jul 2007 15:51:26 +0200
Received: from frcls4013 ([129.182.108.120]) by MSGA-001.frcl.bull.fr (Lotus Domino Release 5.0.11) with SMTP id 2007070915452177:155410 ; Mon, 9 Jul 2007 15:45:21 +0200 
Date: Mon, 9 Jul 2007 15:45:18 +0200
From: "Denis Pinkas" <denis.pinkas@bull.net>
To: "pkix" <ietf-pkix@imc.org>
Cc: "Joel Kazin" <Joel_Kazin@jeffersonwells.com>, "Stefan Santesson " <stefans@microsoft.com>
Subject: PKI Disaster Recovery and Key Rollover
X-mailer: Foxmail 5.0 [-fr-]
Mime-Version: 1.0
X-MIMETrack: Itemize by SMTP Server on MSGA-001/FR/BULL(Release 5.0.11  |July 24, 2002) at 09/07/2007 15:45:21, Serialize by Router on MSGA-001/FR/BULL(Release 5.0.11  |July 24, 2002) at 09/07/2007 15:45:25, Serialize complete at 09/07/2007 15:45:25
Message-ID: <OF96474FBA.D532CCE0-ONC1257313.004B9072@frcl.bull.fr>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

To the WG,

I edited together with Joel Kazin an individual Internet-Draft that has been placed on the IETF web server.
The target category is INFORMATIONAL.

The document is now available at:
https://datatracker.ietf.org/drafts/draft-pinkas-pkix-pki-dr-kr

The abstract is the following:

   This document presents a framework to assist the writers of policy 
   or practice statements and the designers of a Public Key 
   Infrastructure to prepare disaster recovery plans in case of a
   private key-compromise or a private key-loss.  This may happen to 
   end-entity keys, Certification Authorities, Revocation Authorities, 
   Attribute Authorities, or Time-Stamping Authorities.  Since 
   certificates have finite validity, CA key-rollover should be 
   planned in advance. 

   In addition, denial of service attacks on Repositories holding 
   CRLs has also to be considered.
   This framework provides a comprehensive list of potential key-
   compromise or key-loss conditions that, in the opinion of the 
   authors, should be addressed so that it is possible to quickly 
   recover from exceptional situations.

I ask the WG to consider whether this document should be progressed 
as an individual contribution or as a PKIX WG document.

I will not be present at the next meeting, but I plan to prepare a few slides to present the draft.

To this respect, I ask whether it would be possible to get a time slot (5 minutes) 
at the next meeting. 

Denis

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DPco3089412 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2007 06:25:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l69DPcvd089411; Mon, 9 Jul 2007 06:25:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ncsusraimgo01-ext.na.jnj.com (NCSUSRAIMGo01-EXT.na.jnj.com [148.177.2.32]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DPaaw089404 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL) for <ietf-pkix@imc.org>; Mon, 9 Jul 2007 06:25:37 -0700 (MST) (envelope-from RGuida@CORUS.JNJ.com)
X-IronPort-AV: E=Sophos;i="4.16,517,1175486400"; d="scan'208,217";a="65924089"
Received: from unknown (HELO JNJUSRAGMH01.na.jnj.com) ([10.35.55.202]) by ncsusraimgo01-int.na.jnj.com with ESMTP; 09 Jul 2007 09:20:13 -0400
Received: from JNJUSNBGMS01.na.jnj.com ([10.5.0.150]) by JNJUSRAGMH01.na.jnj.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 9 Jul 2007 09:25:35 -0400
Received: from JNJUSNBGMS02.na.jnj.com ([10.5.0.152]) by JNJUSNBGMS01.na.jnj.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 9 Jul 2007 09:25:35 -0400
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C7C22C.A1B9F659"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: RE: draft-ietf-pkix-scvp-32.txt
Date: Mon, 9 Jul 2007 09:25:35 -0400
Message-ID: <68238D548DFAED4C8FAE02502B175A4262BD3E@JNJUSNBGMS02.na.jnj.com>
In-Reply-To: <008c01c7c0a4$45793790$82c5a8c0@arport2v>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: draft-ietf-pkix-scvp-32.txt
Thread-Index: AcfAprAHK6kpP3BZR2iidkggkXDscQBha7Zg
From: "Guida, Richard [JJCUS]" <RGuida@CORUS.JNJ.com>
To: "Anders Rundgren" <anders.rundgren@telia.com>, "David A. Cooper" <david.cooper@nist.gov>, "pkix" <ietf-pkix@imc.org>
X-OriginalArrivalTime: 09 Jul 2007 13:25:35.0449 (UTC) FILETIME=[A1EEF490:01C7C22C]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7C22C.A1B9F659
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Anders - a bridge CA is most certainly not a centrally trusted =
"Ueber-CA" - in fact to the contrary, a bridge optimally has no =
self-signed cert and appears in no-ones trust list as an anchor.  That =
is why it is called a "bridge" - between other CAs.  Bridge CAs and SCVP =
seem to me to fit together harmoniously and in a complementary fashion.
=20

-----Original Message-----
From: owner-ietf-pkix@mail.imc.org =
[mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Anders Rundgren
Sent: Saturday, July 07, 2007 10:37 AM
To: David A. Cooper; pkix
Subject: Re: draft-ietf-pkix-scvp-32.txt

Although probably not NIST's intentions with SCVP, I would not be =
surprised if SCVP long-term will put the final nail in the Bridge CA =
coffin.

Off-loaded validation is a MUCH better concept since it is fully =
dynamic, allows arbitrary granularity down to individual EE =
certificates, and most of all does not rely on a centrally =
funded/trusted "=FCber-CA".  In fact, a successful rollout of SCVP will =
probably eliminate most other uses of cross-certification as well.

Anders

----- Original Message -----=20
From: "David A. Cooper" <  <mailto:david.cooper@nist.gov> =
david.cooper@nist.gov>
To: "pkix" <  <mailto:ietf-pkix@imc.org> ietf-pkix@imc.org>
Sent: Friday, July 06, 2007 23:17
Subject: draft-ietf-pkix-scvp-32.txt

All,

I just submitted draft 32 of SCVP for posting. This draft contains some
editorial changes to address comments raised as a result of IESG review,
but there are no changes to the protocol, either syntactic or semantic.
A diff file comparing drafts 31 and 32 is available at
 =
<http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-31_to=
_32.html> =
http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-31_to_=
32.html.

I should note that this draft does not address every issue raised during
the IESG review. In particular, there are still outstanding comments
from Lisa Dusseault relating to the use of HTTP, which is mainly
specified in Appendix B of SCVP. Lisa's comments may be found at
 =
<https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comment/6532=
2> =
https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comment/65322=
.
If there is someone who has a sufficient knowledge of HTTP to address
the issues that Lisa raises and who is willing to work with us to
resolve these issues, that would be appreciated.

Dave

------_=_NextPart_001_01C7C22C.A1B9F659
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">

<META content=3D"MSHTML 6.00.2800.1596" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN =
class=3D941422313-09072007>Anders=20
- a bridge CA is most certainly not a centrally trusted =
"Ueber-CA"&nbsp;- in=20
fact to the contrary, a bridge optimally has no self-signed cert and =
appears in=20
no-ones trust list as an anchor.&nbsp; That is why it is called a =
"bridge" -=20
between other CAs.&nbsp; Bridge CAs and SCVP seem to me to fit together=20
harmoniously and in a complementary fashion.</SPAN></FONT></DIV>
<DIV>&nbsp;</DIV><BR>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
  <DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
  size=3D2>-----Original Message-----<BR><B>From:</B> =
owner-ietf-pkix@mail.imc.org=20
  [mailto:owner-ietf-pkix@mail.imc.org]<B>On Behalf Of </B>Anders=20
  Rundgren<BR><B>Sent:</B> Saturday, July 07, 2007 10:37 =
AM<BR><B>To:</B> David=20
  A. Cooper; pkix<BR><B>Subject:</B> Re:=20
  draft-ietf-pkix-scvp-32.txt<BR><BR></FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>Although probably not NIST's =
intentions with=20
  SCVP, I would not be surprised if SCVP long-term will put the final =
nail in=20
  the Bridge CA coffin.</FONT></DIV><FONT face=3DArial size=3D2>
  <DIV><BR>Off-loaded validation is a MUCH better concept since it is =
fully=20
  dynamic, allows arbitrary granularity down to individual EE =
certificates, and=20
  most of all does not rely on a centrally funded/trusted =
"=FCber-CA".&nbsp; In=20
  fact, a successful rollout of SCVP will probably eliminate most other =
uses of=20
  cross-certification&nbsp;as well.<BR><BR>Anders<BR><BR>----- Original =
Message=20
  ----- <BR>From: "David A. Cooper" &lt;</FONT><A=20
  href=3D"mailto:david.cooper@nist.gov"><FONT face=3DArial=20
  size=3D2>david.cooper@nist.gov</FONT></A><FONT face=3DArial =
size=3D2>&gt;<BR>To:=20
  "pkix" &lt;</FONT><A href=3D"mailto:ietf-pkix@imc.org"><FONT =
face=3DArial=20
  size=3D2>ietf-pkix@imc.org</FONT></A><FONT face=3DArial =
size=3D2>&gt;<BR>Sent:=20
  Friday, July 06, 2007 23:17<BR>Subject:=20
  draft-ietf-pkix-scvp-32.txt<BR><BR><BR><BR>All,<BR><BR>I just =
submitted draft=20
  32 of SCVP for posting.&nbsp; This draft contains some<BR>editorial =
changes to=20
  address comments raised as a result of IESG review,<BR>but there are =
no=20
  changes to the protocol, either syntactic or semantic.<BR>A diff file=20
  comparing drafts 31 and 32 is available at<BR></FONT><A=20
  =
href=3D"http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scv=
p-31_to_32.html"><FONT=20
  face=3DArial=20
  =
size=3D2>http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-sc=
vp-31_to_32.html</FONT></A><FONT=20
  face=3DArial size=3D2>.<BR><BR>I should note that this draft does not =
address=20
  every issue raised during<BR>the IESG review.&nbsp; In particular, =
there are=20
  still outstanding comments<BR>from Lisa Dusseault relating to the use =
of HTTP,=20
  which is mainly<BR>specified in Appendix B of SCVP.&nbsp; Lisa's =
comments may=20
  be found at<BR></FONT><A=20
  =
href=3D"https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comme=
nt/65322"><FONT=20
  face=3DArial=20
  =
size=3D2>https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comm=
ent/65322</FONT></A><FONT=20
  face=3DArial size=3D2>.<BR>If there is someone who has a sufficient =
knowledge of=20
  HTTP to address<BR>the issues that Lisa raises and who is willing to =
work with=20
  us to<BR>resolve these issues, that would be=20
appreciated.<BR><BR>Dave<BR></DIV></BLOCKQUOTE></FONT></BODY></HTML>

------_=_NextPart_001_01C7C22C.A1B9F659--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DLWU3088884 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2007 06:21:32 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l69DLWlX088883; Mon, 9 Jul 2007 06:21:32 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DLSE1088872 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Mon, 9 Jul 2007 06:21:31 -0700 (MST) (envelope-from david.cooper@nist.gov)
Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id l69DFlEF019840; Mon, 9 Jul 2007 09:15:48 -0400
Received: from st26.ncsl.nist.gov (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.7/8.13.7) with ESMTP id l69DFZP4018937; Mon, 9 Jul 2007 09:15:37 -0400 (EDT)
Message-ID: <46923510.8020801@nist.gov>
Date: Mon, 09 Jul 2007 09:16:00 -0400
From: "David A. Cooper" <david.cooper@nist.gov>
User-Agent: Thunderbird 2.0.0.4 (X11/20070620)
MIME-Version: 1.0
To: Peter Sylvester <Peter.Sylvester@edelweb.fr>
CC: pkix <ietf-pkix@imc.org>
Subject: Re: draft-ietf-pkix-scvp-32.txt
References: <468EB15C.4000103@nist.gov> <4690E4B9.4090802@edelweb.fr>
In-Reply-To: <4690E4B9.4090802@edelweb.fr>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: david.cooper@nist.gov
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Peter Sylvester wrote:
> Section 3.2.3  now has reintroduced the 'prospective' certification path.
>
> I think that we had understood that either this term borrowed from
> 3280 only means an arbitrary sequence of n certificates and that is
> not exactly what is desired here.
Peter,

The paragraph that you are referring to in section 3.2.3 is discussing 
the use of the path building wantBacks (id-stc-build-pkc-path and 
id-stc-build-aa-path), which are described in section 3.2.2 as follows:

    - id-stc-build-pkc-path: Build a prospective certification path to a
       trust anchor (as defined in section 6.1 of [PKIX-1]);

 - id-stc-build-aa-path: Build a prospective certification path to a
       trust anchor for the AC issuer;

The description of id-stc-build-pkc-path has been unchanged since draft 
18 and the description of id-stc-build-aa-path has been unchanged since 
draft 24.

Dave

Received: from host-213-189-178-68.brutele.be (host-213-189-178-68.brutele.be [213.189.178.68]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l695nrV5047595; Sun, 8 Jul 2007 22:49:56 -0700 (MST) (envelope-from gefultrabaseballwot@ultrabaseball.com)
Received: from [213.189.178.68] by mx-rr.mail.national-net.com; Mon, 9 Jul 2007 05:49:59 -0100
Date: 	Mon, 9 Jul 2007 05:49:59 -0100
From: "Marty Brewer" <gefultrabaseballwot@ultrabaseball.com>
X-Mailer: The Bat! (v3.80.06) Home
Reply-To: gefultrabaseballwot@ultrabaseball.com
X-Priority: 3 (Normal)
Message-ID: <622056146.34338400154094@ultrabaseball.com>
To: ietf-pkix-archive@imc.org
Subject: Olny this 5 days special price on pharma for you dear customer
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------42C8409D3712C8"

------------42C8409D3712C8
Content-Type: text/plain; charset=windows-1250
Content-Transfer-Encoding: 7bit

Hello there!!! 
Unique proposal for you Our Dear Customer!!!
During these five days only for our byers inconceivable offer!!! 
On all medicinal preparations you require!!!   
Fill in your life with colours of delight!!!  
http://betterpiece.hk/ 

Truly Yours, 
Online community of chemists
------------42C8409D3712C8
Content-Type: text/html; charset=windows-1250
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

Hello there!!! 
Unique proposal for you Our Dear Customer!!! 
During these five days only for our byers inconceivable offer!!! 
On all medicinal preparations you require!!! 
<a href="http://betterpiece.hk/" target="_blank">Fill in your life with colours of delight!!! </a> 
http://betterpiece.hk/

<p><strong>Truly Yours,<br> 
<em>Online community of chemists</em></strong></p>

</BODY></HTML>
------------42C8409D3712C8--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68MF4Ow009950 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 8 Jul 2007 15:15:04 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l68MF4HH009949; Sun, 8 Jul 2007 15:15:04 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ns0.neustar.com (ns0.neustar.com [156.154.16.158]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68MF258009927 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 15:15:03 -0700 (MST) (envelope-from ietf@ietf.org)
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns0.neustar.com (Postfix) with ESMTP id 36A8C328EB; Sun,  8 Jul 2007 22:15:02 +0000 (GMT)
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1I7f1y-00026y-2b; Sun, 08 Jul 2007 18:15:02 -0400
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
To: i-d-announce@ietf.org
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-scvp-32.txt 
Message-Id: <E1I7f1y-00026y-2b@stiedprstage1.ietf.org>
Date: Sun, 08 Jul 2007 18:15:02 -0400
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

--NextPart

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.

	Title		: Server-based Certificate Validation Protocol (SCVP)
	Author(s)	: A. Malpani, et al.
	Filename	: draft-ietf-pkix-scvp-32.txt
	Pages		: 87
	Date		: 2007-7-8

SCVP allows a client to delegate certification path construction and
   certification path validation to a server.  The path construction or
   validation (e.g., making sure that none of the certificates in the
   path are revoked) is performed according to a validation policy,
   which contains one or more trust anchors.  It allows simplification
   of client implementations and use of a set of predefined validation
   policies.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-32.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request@ietf.org with the word unsubscribe in the body of 
the message. 
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the 
username "anonymous" and a password of your e-mail address. After 
logging in, type "cd internet-drafts" and then 
"get draft-ietf-pkix-scvp-32.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-ietf-pkix-scvp-32.txt".

NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"

--OtherAccess
Content-Type: Message/External-body;
	access-type="mail-server";
	server="mailserv@ietf.org"

Content-Type: text/plain
Content-ID:	<2007-7-8170232.I-D@ietf.org>

ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-scvp-32.txt

--OtherAccess
Content-Type: Message/External-body;
	name="draft-ietf-pkix-scvp-32.txt";
	site="ftp.ietf.org";
	access-type="anon-ftp";
	directory="internet-drafts"

Content-Type: text/plain
Content-ID:	<2007-7-8170232.I-D@ietf.org>

--OtherAccess--

--NextPart--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68LF5Fs004036 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 8 Jul 2007 14:15:06 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l68LF53V004035; Sun, 8 Jul 2007 14:15:05 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ns1.neustar.com (ns1.neustar.com [156.154.16.138]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68LF4Xu004021 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 14:15:05 -0700 (MST) (envelope-from ietf@ietf.org)
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns1.neustar.com (Postfix) with ESMTP id 4CA4626E92; Sun,  8 Jul 2007 21:15:03 +0000 (GMT)
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1I7e5u-0006xl-Aj; Sun, 08 Jul 2007 17:15:02 -0400
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
To: i-d-announce@ietf.org
Cc: ietf-pkix@imc.org
From: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-pkix-sha2-dsa-ecdsa-01.txt 
Message-Id: <E1I7e5u-0006xl-Aj@stiedprstage1.ietf.org>
Date: Sun, 08 Jul 2007 17:15:02 -0400
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

--NextPart

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.

	Title		: Internet X.509 Public Key Infrastructure: Additional Algorithms and Identifiers for DSA and ECDSA
	Author(s)	: Q. Dang, et al.
	Filename	: draft-ietf-pkix-sha2-dsa-ecdsa-01.txt
	Pages		: 16
	Date		: 2007-7-8

This document supplements RFC 3279. It 
        specifies algorithm identifiers and ASN.1 
        encoding rules for the Digital Signature 
        Algorithm (DSA) and Elliptic Curve Digital 
        Signature Algorithm (ECDSA) digital signatures 
        when using SHA-224, SHA-256, SHA-384 or SHA-
        512 as hashing algorithm. This specification 
        applies to the Internet X.509 Public Key 
        Infrastructure (PKI) when digital signatures 
        are used to sign certificates and certificate 
        revocation list (CRLs).

        The key words "MUST", "MUST NOT", "REQUIRED", 
        "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", 
        "RECOMMENDED", "MAY", and "OPTIONAL" in this 
        document are to be interpreted as described in 
        [RFC 2119].

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-sha2-dsa-ecdsa-01.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request@ietf.org with the word unsubscribe in the body of 
the message. 
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the 
username "anonymous" and a password of your e-mail address. After 
logging in, type "cd internet-drafts" and then 
"get draft-ietf-pkix-sha2-dsa-ecdsa-01.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-ietf-pkix-sha2-dsa-ecdsa-01.txt".

NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"

--OtherAccess
Content-Type: Message/External-body;
	access-type="mail-server";
	server="mailserv@ietf.org"

Content-Type: text/plain
Content-ID:	<2007-7-8163038.I-D@ietf.org>

ENCODING mime
FILE /internet-drafts/draft-ietf-pkix-sha2-dsa-ecdsa-01.txt

--OtherAccess
Content-Type: Message/External-body;
	name="draft-ietf-pkix-sha2-dsa-ecdsa-01.txt";
	site="ftp.ietf.org";
	access-type="anon-ftp";
	directory="internet-drafts"

Content-Type: text/plain
Content-ID:	<2007-7-8163038.I-D@ietf.org>

--OtherAccess--

--NextPart--

Received: from Inet-E105.smoczka.ptc.pl (Inet-E105.smoczka.ptc.pl [80.244.128.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68DVOlT061962; Sun, 8 Jul 2007 06:31:27 -0700 (MST) (envelope-from taqucelemlakwir@ucelemlak.com)
Received: from [80.244.128.173] by mail.ucelemlak.com; Sun, 8 Jul 2007 13:31:14 -0100
Date: 	Sun, 8 Jul 2007 13:31:14 -0100
From: "Jordan Rush" <taqucelemlakwir@ucelemlak.com>
X-Mailer: The Bat! (v3.0.0.15) Educational
Reply-To: taqucelemlakwir@ucelemlak.com
X-Priority: 3 (Normal)
Message-ID: <026332542.52819676828264@ucelemlak.com>
To: ietf-openproxy-request@imc.org
Subject: Olny this 5 days special price on pharma for you dear customer
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------A758BD3A758B6E"

------------A758BD3A758B6E
Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: 7bit

Hi!!! 
Special proposition for you Dear Customers!!!
These five days only for our byers inconceivable offer!!! 
On all pharmas you want!!!   
Fill in your life with colours of gladness!!!  
http://wingpoint.hk/ 

Truly yours, 
Online association of pharmaceutical chemists
------------A758BD3A758B6E
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

Hi!!! 
Special proposition for you Dear Customers!!! 
These five days only for our byers inconceivable offer!!! 
On all pharmas you want!!! 
<a href="http://wingpoint.hk/" target="_blank">Fill in your life with colours of gladness!!! </a> 
http://wingpoint.hk/

<p><strong>Truly yours,<br> 
<em>Online association of pharmaceutical chemists</em></strong></p>

</BODY></HTML>
------------A758BD3A758B6E--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68DNb6L061233 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 8 Jul 2007 06:23:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l68DNbj4061232; Sun, 8 Jul 2007 06:23:37 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ganymede.on-x.com (ganymede.on-x.com [194.51.68.3]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68DNZhA061222 for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 06:23:36 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr)
Received: from localhost (ganymede [127.0.0.1]) by ganymede.on-x.com (Postfix) with ESMTP id 72FB41F; Sun,  8 Jul 2007 15:23:34 +0200 (CEST)
Received: from ganymede.on-x.com ([127.0.0.1]) by localhost (ganymede.on-x.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25725-08; Sun,  8 Jul 2007 15:23:32 +0200 (CEST)
Received: from vinea.on-x.com (sedna.puteaux.on-x [192.168.10.9]) by ganymede.on-x.com (Postfix) with ESMTP id 4838C1E; Sun,  8 Jul 2007 15:23:32 +0200 (CEST)
Received: from [193.51.14.5] ([212.234.46.65]) by vinea.on-x.com (Lotus Domino Release 5.0.11) with ESMTP id 2007070815233113:332221 ; Sun, 8 Jul 2007 15:23:31 +0200 
Message-ID: <4690E4B9.4090802@edelweb.fr>
Date: Sun, 08 Jul 2007 15:20:57 +0200
From: Peter Sylvester <Peter.Sylvester@edelweb.fr>
User-Agent: Thunderbird 1.5.0.9 (X11/20061206)
MIME-Version: 1.0
To: "David A. Cooper" <david.cooper@nist.gov>
Cc: pkix <ietf-pkix@imc.org>
Subject: Re: draft-ietf-pkix-scvp-32.txt
References: <468EB15C.4000103@nist.gov>
In-Reply-To: <468EB15C.4000103@nist.gov>
X-MIMETrack: Itemize by SMTP Server on vinea/ON-X(Release 5.0.11  |July 24, 2002) at 07/08/2007 03:23:31 PM, Serialize by Router on vinea/ON-X(Release 5.0.11  |July 24, 2002) at 07/08/2007 03:23:32 PM, Serialize complete at 07/08/2007 03:23:32 PM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030808050707080702070403"
X-Virus-Scanned: by amavisd-new at on-x.com
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a cryptographically signed message in MIME format.

--------------ms030808050707080702070403
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Section 3.2.3  now has reintroduced the 'prospective' certification path.

I think that we had understood that either this term borrowed from
3280 only means an arbitrary sequence of n certificates and that is
not exactly what is desired here.

--------------ms030808050707080702070403
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC
BHIwggLfoAMCAQICBgqvijKA3jANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G
A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs
UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNzAzMjYxMDM3MDNaFw0wOTA2MDMxMDM3MDNaMHAx
CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ
S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu
ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPB7ZSfmYsUuVIV0W2izxb1Zyvr6ZJ
IjPiqRMs77dbEQhQ6FZhhUSuABxxc8NjZvyPMRo0uuT0iVpRDktb0fWPTx3m9qTfdqrhWg2c
IOBKNbNQr8NogDJvG1AxRx4q9SXKZCVpZCoHu3fz2Rfji1kL7l597+7qBEsFd9IyvRaexQID
AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5
MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT
VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD
VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F
ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSZjq81LuJmsiiu1Yt/ezwCiUQSQTAfBgNV
HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA
A4IBfAAUq5MJ3gXhdKDpOm0ascDE9e1iMo0RQ24ujkc9IrFXhAJNS+3eNwcJEieU2vgZTsGb
zKeBZom1zVOFoh73VIRP6T08j4dDlndpDYZbxD20KzFt9zX6gV8IgR2zkkZXLQRbLyW16kw8
oFe3s//p1csCkCPAlZv1rZQYR5Psm0A1aiOiuSHhWUmgfAJxmIgfbmKtS3WpsUZVBuLQpThN
rWjLRAqJKYA++++qqo3ujqAAzJLe+MHrX5dai7+n6WBfV4qo1uDArR7XbmgVpV/EdPA75XRi
XEedLgbFDawJ9nAMN6WfL/NG6GZkEa7mZ7sH/gG34y21nq4w4mAAxn9wz7mDKMsEbJMZ5VlJ
TOp0g6TdYqGjNoc/rQg7pqjcRChVitwd1Rl8O31+bIdNSpv4UReNMDcffRQrt+pF1FxR4q6q
M9YLJU8NThx/89Mf/WF7fzrgVlsNJ78D9nJu0EhKes/9EX2qpIcHUfk/izOj8lCc1ksFgXpd
UEchE0DcMIIEcjCCAt+gAwIBAgIGCq+KMoDeMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT
AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV
BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA3MDMyNjEwMzcwM1oXDTA5MDYwMzEw
MzcwM1owcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp
Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA
ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8HtlJ+ZixS5UhXRbaL
PFvVnK+vpkkiM+KpEyzvt1sRCFDoVmGFRK4AHHFzw2Nm/I8xGjS65PSJWlEOS1vR9Y9PHeb2
pN92quFaDZwg4Eo1s1Cvw2iAMm8bUDFHHir1JcpkJWlkKge7d/PZF+OLWQvuXn3v7uoESwV3
0jK9Fp7FAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl
Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl
ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF
BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F
ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJmOrzUu4mayKK7Vi397PAKJ
RBJBMB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI
hvcNAQEFBQADggF8ABSrkwneBeF0oOk6bRqxwMT17WIyjRFDbi6ORz0isVeEAk1L7d43BwkS
J5Ta+BlOwZvMp4FmibXNU4WiHvdUhE/pPTyPh0OWd2kNhlvEPbQrMW33NfqBXwiBHbOSRlct
BFsvJbXqTDygV7ez/+nVywKQI8CVm/WtlBhHk+ybQDVqI6K5IeFZSaB8AnGYiB9uYq1Ldamx
RlUG4tClOE2taMtECokpgD7776qqje6OoADMkt74wetfl1qLv6fpYF9XiqjW4MCtHtduaBWl
X8R08DvldGJcR50uBsUNrAn2cAw3pZ8v80boZmQRruZnuwf+AbfjLbWerjDiYADGf3DPuYMo
ywRskxnlWUlM6nSDpN1ioaM2hz+tCDumqNxEKFWK3B3VGXw7fX5sh01Km/hRF40wNx99FCu3
6kXUXFHirqoz1gslTw1OHH/z0x/9YXt/OuBWWw0nvwP2cm7QSEp6z/0RfaqkhwdR+T+LM6Py
UJzWSwWBel1QRyETQNwwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL
MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL
STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0
MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj
ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI
hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M
ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe
1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt
qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd
UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH
pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS
cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB
CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C
AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV
HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3
UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy
4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz
QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u
US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj
PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq
Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf
Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y
rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6
PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL
d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18
k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg
d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD
VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ
S0kgRWRlbFdlYiBQZXJzR0VOAgYKr4oygN4wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD
MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzA4MTMyMDU3WjAjBgkqhkiG9w0B
CQQxFgQUQSkDmJg/C9QYXhLXrbppkOBqWVYwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D
BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC
ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY
MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy
c0dFTgIGCq+KMoDeMHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE
ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ
IEVkZWxXZWIgUGVyc0dFTgIGCq+KMoDeMA0GCSqGSIb3DQEBAQUABIGAm5Hdfa8uBtS6OqCz
02qWW0nbFp+rPl1LdqZWCUlj8NVp4OoJUOLptcbTceH7LLJlmufUU9M5RXrJynEGGUmTbID8
UbXrf1Thh/wFHiF80K4lIioEYZLZ5TxI9GKPWIEcvgczbYQ19VHl7HFSvq2WhJcbBlruR920
oWqSU3oAM98AAAAAAAA=
--------------ms030808050707080702070403--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68AnXla044552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 8 Jul 2007 03:49:33 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l68AnXO2044551; Sun, 8 Jul 2007 03:49:33 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68AnSWk044537 for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 03:49:33 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 67EFB182B4 for <ietf-pkix@imc.org>; Sun,  8 Jul 2007 22:49:27 +1200 (NZST)
X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz
Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h1NCOV-EnL2q for <ietf-pkix@imc.org>; Sun,  8 Jul 2007 22:49:27 +1200 (NZST)
Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 5030B182AF for <ietf-pkix@imc.org>; Sun,  8 Jul 2007 22:49:27 +1200 (NZST)
Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 97E97D14CFC for <ietf-pkix@imc.org>; Sun,  8 Jul 2007 22:49:24 +1200 (NZST)
Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1I7UKa-0003uj-00 for <ietf-pkix@imc.org>; Sun, 08 Jul 2007 22:49:32 +1200
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: ietf-pkix@imc.org
Subject: Re: draft-ietf-pkix-scvp-32.txt
Message-Id: <E1I7UKa-0003uj-00@medusa01.cs.auckland.ac.nz>
Date: Sun, 08 Jul 2007 22:49:32 +1200
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Dave Engberg <dengberg@narrowmountain.com> writes:

>SCVP is a protocol that can make complex PKIs work. 
 ^^^^^^^^^^^^^^^^^^^^^^^

You misspelled "nothing".

Peter.

Received: from [195.133.255.185] ([195.133.255.185]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67KiAjo080936 for <ietf-pkix-archive@imc.org>; Sat, 7 Jul 2007 13:44:12 -0700 (MST) (envelope-from huttrekkiesgur@trekkies.dk)
Received: from [195.133.255.185] by mail.trekkies.dk; Sat, 7 Jul 2007 20:44:03 -0300
Date: 	Sat, 7 Jul 2007 20:44:03 -0300
From: "Laverne Goodson" <huttrekkiesgur@trekkies.dk>
X-Mailer: The Bat! (v3.5.30) Home
Reply-To: huttrekkiesgur@trekkies.dk
X-Priority: 3 (Normal)
Message-ID: <060340004.90348341141909@trekkies.dk>
To: ietf-pkix-archive@imc.org
Subject: Olny this 5 days special price on pharma for you dear customer
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------75FFF842C40925F"

------------75FFF842C40925F
Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: 7bit

Hi there!!! 
Unique offer for you Our Dear Customers!!!
Only at these 5 days for our customers unimaginable offer!!! 
On all medicinal preparations you want!!!   
Fill in your life with colours of pleasure!!!  
http://makevillage.hk/ 

Sincerely yours, 
On-line community of druggists
------------75FFF842C40925F
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

Hi there!!! 
Unique offer for you Our Dear Customers!!! 
Only at these 5 days for our customers unimaginable offer!!! 
On all medicinal preparations you want!!! 
<a href="http://makevillage.hk/" target="_blank">Fill in your life with colours of pleasure!!! </a> 
http://makevillage.hk/

<p><strong>Sincerely yours,<br> 
<em>On-line community of druggists</em></strong></p>

</BODY></HTML>
------------75FFF842C40925F--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67HN0JP055667 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 7 Jul 2007 10:23:00 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l67HN0si055666; Sat, 7 Jul 2007 10:23:00 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from pne-smtpout1-sn1.fre.skanova.net (pne-smtpout1-sn1.fre.skanova.net [81.228.11.98]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67HMxgN055658 for <ietf-pkix@imc.org>; Sat, 7 Jul 2007 10:22:59 -0700 (MST) (envelope-from anders.rundgren@telia.com)
Received: from arport2v (81.232.45.243) by pne-smtpout1-sn1.fre.skanova.net (7.2.076.2) (authenticated as u18116613) id 46758F190047DB59; Sat, 7 Jul 2007 19:22:56 +0200
Message-ID: <00bc01c7c0bb$74cabed0$82c5a8c0@arport2v>
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: "Dave Engberg" <dengberg@narrowmountain.com>, "pkix" <ietf-pkix@imc.org>
References: <468EB15C.4000103@nist.gov> <008c01c7c0a4$45793790$82c5a8c0@arport2v> <468FB61F.6030908@narrowmountain.com>
Subject: Re: draft-ietf-pkix-scvp-32.txt
Date: Sat, 7 Jul 2007 19:22:54 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00B9_01C7C0CC.37ED2BE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a multi-part message in MIME format.

------=_NextPart_000_00B9_01C7C0CC.37ED2BE0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Dave,

There are many other problems with bridge CAs:

http://csrc.nist.gov/pki/documents/B2B-article.pdf

Although private sector competitors funding a common bridge CA indeed is =
a cute idea it simply has nothing to do with reality.
Using SCVP (and similar), each company can administer PKI trust in a =
completely distributed way and being as discriminative they want as =
well.

The day VISA, Amex and MasterCard cross-certifies each other in order to =
simplify trust management for merchants, I will though back from my =
position that "The Bridge CA is dead, long live the Bridge CA".

Regards
Anders Rundgren

----- Original Message -----=20
From: Dave Engberg=20
To: pkix=20
Sent: Saturday, July 07, 2007 17:49
Subject: Re: draft-ietf-pkix-scvp-32.txt

I disagree.

SCVP is a protocol that can make complex PKIs work.  The big problem =
with a federated PKI using bridged and cross-certified CAs is that it =
forces the relying party to do too much work in crawling the CA network =
and checking the revocation of every link.  This has an unacceptable =
risk of failure unless every server and service in the network is 100% =
reliable and available.  SCVP moves the path discovery and validation to =
a server which can be configured to do much more intelligent caching, =
pre-fetching, etc.  SCVP in DPD mode is perfect for this.  As new CAs =
join the bridged network, they will "automatically" be usable by the =
server and clients without having to add yet another hard-coded root CA =
into a massive trust list.

Anders Rundgren wrote:=20
  Although probably not NIST's intentions with SCVP, I would not be =
surprised if SCVP long-term will put the final nail in the Bridge CA =
coffin.

  Off-loaded validation is a MUCH better concept since it is fully =
dynamic, allows arbitrary granularity down to individual EE =
certificates, and most of all does not rely on a centrally =
funded/trusted "=FCber-CA".  In fact, a successful rollout of SCVP will =
probably eliminate most other uses of cross-certification as well.

  Anders

------=_NextPart_000_00B9_01C7C0CC.37ED2BE0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
<META http-equiv=3DContent-Type =
content=3Dtext/html;charset=3DISO-8859-1>
<META content=3D"MSHTML 6.00.2800.1595" name=3DGENERATOR></HEAD>
<BODY text=3D#000000 bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Dave,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>There are many other problems with =
bridge=20
CAs:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://csrc.nist.gov/pki/documents/B2B-article.pdf">http://csrc.n=
ist.gov/pki/documents/B2B-article.pdf</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Although private sector competitors =
funding a=20
common bridge CA indeed is a cute idea it simply has nothing to do with=20
reality.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Using SCVP (and similar),&nbsp;each =
company can=20
administer PKI trust in a completely distributed way and being as =
discriminative=20
they want as well.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>The day VISA, Amex&nbsp;and MasterCard=20
cross-certifies each other&nbsp;in order to simplify trust management =
for=20
merchants, I will though back from my position that "The Bridge =
CA&nbsp;is dead,=20
long live the Bridge CA".</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Regards</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Anders Rundgren</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV style=3D"FONT: 10pt arial">----- Original Message -----=20
<DIV style=3D"BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A=20
title=3Ddengberg@narrowmountain.com =
href=3D"mailto:dengberg@narrowmountain.com">Dave=20
Engberg</A> </DIV>
<DIV><B>To:</B> <A title=3Dietf-pkix@imc.org=20
href=3D"mailto:ietf-pkix@imc.org">pkix</A> </DIV>
<DIV><B>Sent:</B> Saturday, July 07, 2007 17:49</DIV>
<DIV><B>Subject:</B> Re: draft-ietf-pkix-scvp-32.txt</DIV></DIV>
<DIV><BR></DIV><FONT size=3D-1><FONT face=3D"Helvetica, Arial, =
sans-serif"><BR>I=20
disagree.<BR><BR>SCVP is a protocol that can make complex PKIs =
work.&nbsp; The=20
big problem with a federated PKI using bridged and cross-certified CAs =
is that=20
it forces the relying party to do too much work in crawling the CA =
network and=20
checking the revocation of every link.&nbsp; This has an unacceptable =
risk of=20
failure unless every server and service in the network is 100% reliable =
and=20
available.&nbsp; SCVP moves the path discovery and validation to a =
server which=20
can be configured to do much more intelligent caching, pre-fetching, =
etc.&nbsp;=20
SCVP in DPD mode is perfect for this.&nbsp; As new CAs join the bridged =
network,=20
they will "automatically" be usable by the server and clients without =
having to=20
add yet another hard-coded root CA into a massive trust=20
list.<BR><BR><BR></FONT></FONT>Anders Rundgren wrote:=20
<BLOCKQUOTE cite=3Dmid:008c01c7c0a4$45793790$82c5a8c0@arport2v =
type=3D"cite">
  <META content=3D"MSHTML 6.00.2800.1595" name=3DGENERATOR>
  <STYLE></STYLE>

  <DIV><FONT face=3DArial size=3D2>Although probably not NIST's =
intentions with=20
  SCVP, I would not be surprised if SCVP long-term will put the final =
nail in=20
  the Bridge CA coffin.</FONT></DIV><FONT face=3DArial size=3D2></FONT>
  <DIV><FONT face=3DArial size=3D2><BR>Off-loaded validation is a MUCH =
better=20
  concept since it is fully dynamic, allows arbitrary granularity down =
to=20
  individual EE certificates, and most of all does not rely on a =
centrally=20
  funded/trusted "=FCber-CA".&nbsp; In fact, a successful rollout of =
SCVP will=20
  probably eliminate most other uses of cross-certification&nbsp;as=20
  well.<BR><BR>Anders</FONT></DIV></BLOCKQUOTE><BR></BODY></HTML>

------=_NextPart_000_00B9_01C7C0CC.37ED2BE0--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67FntZa044591 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 7 Jul 2007 08:49:55 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l67FntRj044590; Sat, 7 Jul 2007 08:49:55 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from sccrmhc15.comcast.net (sccrmhc15.comcast.net [63.240.77.85]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67Fnsth044578 for <ietf-pkix@imc.org>; Sat, 7 Jul 2007 08:49:54 -0700 (MST) (envelope-from dengberg@narrowmountain.com)
Received: from [192.168.123.101] (c-69-181-68-76.hsd1.ca.comcast.net[69.181.68.76]) by comcast.net (sccrmhc15) with ESMTP id <2007070715495301500j05f2e>; Sat, 7 Jul 2007 15:49:53 +0000
Message-ID: <468FB61F.6030908@narrowmountain.com>
Date: Sat, 07 Jul 2007 08:49:51 -0700
From: Dave Engberg <dengberg@narrowmountain.com>
Organization: Narrow Mountain Consulting, LLC
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: pkix <ietf-pkix@imc.org>
Subject: Re: draft-ietf-pkix-scvp-32.txt
References: <468EB15C.4000103@nist.gov> <008c01c7c0a4$45793790$82c5a8c0@arport2v>
In-Reply-To: <008c01c7c0a4$45793790$82c5a8c0@arport2v>
Content-Type: multipart/alternative; boundary="------------030001040704070502000301"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a multi-part message in MIME format.
--------------030001040704070502000301
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

I disagree.

SCVP is a protocol that can make complex PKIs work.  The big problem 
with a federated PKI using bridged and cross-certified CAs is that it 
forces the relying party to do too much work in crawling the CA network 
and checking the revocation of every link.  This has an unacceptable 
risk of failure unless every server and service in the network is 100% 
reliable and available.  SCVP moves the path discovery and validation to 
a server which can be configured to do much more intelligent caching, 
pre-fetching, etc.  SCVP in DPD mode is perfect for this.  As new CAs 
join the bridged network, they will "automatically" be usable by the 
server and clients without having to add yet another hard-coded root CA 
into a massive trust list.

Anders Rundgren wrote:
> Although probably not NIST's intentions with SCVP, I would not be 
> surprised if SCVP long-term will put the final nail in the Bridge CA 
> coffin.
>
> Off-loaded validation is a MUCH better concept since it is fully 
> dynamic, allows arbitrary granularity down to individual EE 
> certificates, and most of all does not rely on a centrally 
> funded/trusted "über-CA".  In fact, a successful rollout of SCVP will 
> probably eliminate most other uses of cross-certification as well.
>
> Anders

--------------030001040704070502000301
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Helvetica, Arial, sans-serif"><br>
I disagree.<br>
<br>
SCVP is a protocol that can make complex PKIs work.&nbsp; The big problem
with a federated PKI using bridged and cross-certified CAs is that it
forces the relying party to do too much work in crawling the CA network
and checking the revocation of every link.&nbsp; This has an unacceptable
risk of failure unless every server and service in the network is 100%
reliable and available.&nbsp; SCVP moves the path discovery and validation
to a server which can be configured to do much more intelligent
caching, pre-fetching, etc.&nbsp; SCVP in DPD mode is perfect for this.&nbsp; As
new CAs join the bridged network, they will "automatically" be usable
by the server and clients without having to add yet another hard-coded
root CA into a massive trust list.<br>
<br>
<br>
</font></font>Anders Rundgren wrote:
<blockquote cite="mid:008c01c7c0a4$45793790$82c5a8c0@arport2v"
 type="cite">
  <meta http-equiv="Content-Type" content="text/html; ">
  <meta content="MSHTML 6.00.2800.1595" name="GENERATOR">
  <style></style>
  <div><font face="Arial" size="2">Although probably not NIST's
intentions with SCVP, I would not be surprised if SCVP long-term will
put the final nail in the Bridge CA coffin.</font></div>
  <font face="Arial" size="2"></font>
  <div><font face="Arial" size="2"><br>
Off-loaded validation is a MUCH better concept since it is fully
dynamic, allows arbitrary granularity down to individual EE
certificates, and most of all does not rely on a centrally
funded/trusted "&uuml;ber-CA".&nbsp; In fact, a successful rollout of SCVP will
probably eliminate most other uses of cross-certification&nbsp;as well.<br>
  <br>
Anders</font></div>
</blockquote>
<br>
</body>
</html>

--------------030001040704070502000301--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67Eb5ru037191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 7 Jul 2007 07:37:05 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l67Eb53Q037190; Sat, 7 Jul 2007 07:37:05 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from pne-smtpout1-sn1.fre.skanova.net (pne-smtpout1-sn1.fre.skanova.net [81.228.11.98]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67Eb2fX037176 for <ietf-pkix@imc.org>; Sat, 7 Jul 2007 07:37:05 -0700 (MST) (envelope-from anders.rundgren@telia.com)
Received: from arport2v (81.232.45.243) by pne-smtpout1-sn1.fre.skanova.net (7.2.076.2) (authenticated as u18116613) id 46758F1900478A91; Sat, 7 Jul 2007 16:36:59 +0200
Message-ID: <008c01c7c0a4$45793790$82c5a8c0@arport2v>
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: "David A. Cooper" <david.cooper@nist.gov>, "pkix" <ietf-pkix@imc.org>
References: <468EB15C.4000103@nist.gov>
Subject: Re: draft-ietf-pkix-scvp-32.txt
Date: Sat, 7 Jul 2007 16:36:54 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0085_01C7C0B5.072EA720"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a multi-part message in MIME format.

------=_NextPart_000_0085_01C7C0B5.072EA720
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Although probably not NIST's intentions with SCVP, I would not be =
surprised if SCVP long-term will put the final nail in the Bridge CA =
coffin.

Off-loaded validation is a MUCH better concept since it is fully =
dynamic, allows arbitrary granularity down to individual EE =
certificates, and most of all does not rely on a centrally =
funded/trusted "=FCber-CA".  In fact, a successful rollout of SCVP will =
probably eliminate most other uses of cross-certification as well.

Anders

----- Original Message -----=20
From: "David A. Cooper" <david.cooper@nist.gov>
To: "pkix" <ietf-pkix@imc.org>
Sent: Friday, July 06, 2007 23:17
Subject: draft-ietf-pkix-scvp-32.txt

All,

I just submitted draft 32 of SCVP for posting.  This draft contains some
editorial changes to address comments raised as a result of IESG review,
but there are no changes to the protocol, either syntactic or semantic.
A diff file comparing drafts 31 and 32 is available at
http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-31_to_=
32.html.

I should note that this draft does not address every issue raised during
the IESG review.  In particular, there are still outstanding comments
from Lisa Dusseault relating to the use of HTTP, which is mainly
specified in Appendix B of SCVP.  Lisa's comments may be found at
https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comment/65322=
.
If there is someone who has a sufficient knowledge of HTTP to address
the issues that Lisa raises and who is willing to work with us to
resolve these issues, that would be appreciated.

Dave

------=_NextPart_000_0085_01C7C0B5.072EA720
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1595" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2>Although probably not NIST's intentions =
with SCVP,=20
I would not be surprised if SCVP long-term will put the final nail in =
the Bridge=20
CA coffin.</FONT></DIV><FONT face=3DArial size=3D2>
<DIV><BR>Off-loaded validation is a MUCH better concept since it is =
fully=20
dynamic, allows arbitrary granularity down to individual EE =
certificates, and=20
most of all does not rely on a centrally funded/trusted =
"=FCber-CA".&nbsp; In=20
fact, a successful rollout of SCVP will probably eliminate most other =
uses of=20
cross-certification&nbsp;as well.<BR><BR>Anders<BR><BR>----- Original =
Message=20
----- <BR>From: "David A. Cooper" &lt;</FONT><A=20
href=3D"mailto:david.cooper@nist.gov"><FONT face=3DArial=20
size=3D2>david.cooper@nist.gov</FONT></A><FONT face=3DArial =
size=3D2>&gt;<BR>To:=20
"pkix" &lt;</FONT><A href=3D"mailto:ietf-pkix@imc.org"><FONT =
face=3DArial=20
size=3D2>ietf-pkix@imc.org</FONT></A><FONT face=3DArial =
size=3D2>&gt;<BR>Sent: Friday,=20
July 06, 2007 23:17<BR>Subject:=20
draft-ietf-pkix-scvp-32.txt<BR><BR><BR><BR>All,<BR><BR>I just submitted =
draft 32=20
of SCVP for posting.&nbsp; This draft contains some<BR>editorial changes =
to=20
address comments raised as a result of IESG review,<BR>but there are no =
changes=20
to the protocol, either syntactic or semantic.<BR>A diff file comparing =
drafts=20
31 and 32 is available at<BR></FONT><A=20
href=3D"http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scv=
p-31_to_32.html"><FONT=20
face=3DArial=20
size=3D2>http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-sc=
vp-31_to_32.html</FONT></A><FONT=20
face=3DArial size=3D2>.<BR><BR>I should note that this draft does not =
address every=20
issue raised during<BR>the IESG review.&nbsp; In particular, there are =
still=20
outstanding comments<BR>from Lisa Dusseault relating to the use of HTTP, =
which=20
is mainly<BR>specified in Appendix B of SCVP.&nbsp; Lisa's comments may =
be found=20
at<BR></FONT><A=20
href=3D"https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comme=
nt/65322"><FONT=20
face=3DArial=20
size=3D2>https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comm=
ent/65322</FONT></A><FONT=20
face=3DArial size=3D2>.<BR>If there is someone who has a sufficient =
knowledge of=20
HTTP to address<BR>the issues that Lisa raises and who is willing to =
work with=20
us to<BR>resolve these issues, that would be=20
appreciated.<BR><BR>Dave<BR></DIV></FONT></BODY></HTML>

------=_NextPart_000_0085_01C7C0B5.072EA720--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l66LHE0I046993 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 Jul 2007 14:17:14 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l66LHEA5046992; Fri, 6 Jul 2007 14:17:14 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l66LHCWH046984 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Fri, 6 Jul 2007 14:17:14 -0700 (MST) (envelope-from david.cooper@nist.gov)
Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id l66LH7Kg031546 for <ietf-pkix@imc.org>; Fri, 6 Jul 2007 17:17:08 -0400
Received: from st26.ncsl.nist.gov (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.7/8.13.7) with ESMTP id l66LGuif019254 for <ietf-pkix@imc.org>; Fri, 6 Jul 2007 17:17:01 -0400 (EDT)
Message-ID: <468EB15C.4000103@nist.gov>
Date: Fri, 06 Jul 2007 17:17:16 -0400
From: "David A. Cooper" <david.cooper@nist.gov>
User-Agent: Thunderbird 2.0.0.4 (X11/20070620)
MIME-Version: 1.0
To: pkix <ietf-pkix@imc.org>
Subject: draft-ietf-pkix-scvp-32.txt
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: david.cooper@nist.gov
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

All,

I just submitted draft 32 of SCVP for posting.  This draft contains some 
editorial changes to address comments raised as a result of IESG review, 
but there are no changes to the protocol, either syntactic or semantic.  
A diff file comparing drafts 31 and 32 is available at 
http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-31_to_32.html.

I should note that this draft does not address every issue raised during 
the IESG review.  In particular, there are still outstanding comments 
from Lisa Dusseault relating to the use of HTTP, which is mainly 
specified in Appendix B of SCVP.  Lisa's comments may be found at 
https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comment/65322.  
If there is someone who has a sufficient knowledge of HTTP to address 
the issues that Lisa raises and who is willing to work with us to 
resolve these issues, that would be appreciated.

Dave

Received: from fibhost-232-78.fibernet.bacs-net.hu (fibhost-232-78.fibernet.bacs-net.hu [85.66.232.78]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l66GNWbc015035 for <ietf-pkix-archive@imc.org>; Fri, 6 Jul 2007 09:23:33 -0700 (MST) (envelope-from byrtinystarsdot@tinystars.org)
Received: from [85.66.232.78] by mx1.biz.mail.yahoo.com; Fri, 6 Jul 2007 16:23:32 -0100
Date: 	Fri, 6 Jul 2007 16:23:32 -0100
From: "Lupe Clements" <byrtinystarsdot@tinystars.org>
X-Mailer: The Bat! (v3.0.0.15) Professional
Reply-To: byrtinystarsdot@tinystars.org
X-Priority: 3 (Normal)
Message-ID: <205263081.73579471919008@tinystars.org>
To: ietf-pkix-archive@imc.org
Subject: Olny this 5 days special price on pharma for you dear customer
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------A3712C84096E5409"

------------A3712C84096E5409
Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: 7bit

Greetings!!! 
Special proposal for you Our Dear Customers!!!
These 5 days only for our byers unimaginable offer!!! 
On all medicinal agents you want!!!   
Fill your life with colours of gaiety!!!  
http://carpossible.hk/ 

Truly yours, 
On-line association of chemists
------------A3712C84096E5409
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

Greetings!!! 
Special proposal for you Our Dear Customers!!! 
These 5 days only for our byers unimaginable offer!!! 
On all medicinal agents you want!!! 
<a href="http://carpossible.hk/" target="_blank">Fill your life with colours of gaiety!!! </a> 
http://carpossible.hk/

<p><strong>Truly yours,<br> 
<em>On-line association of chemists</em></strong></p>

</BODY></HTML>
------------A3712C84096E5409--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l666qqsZ059425 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 5 Jul 2007 23:52:52 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l666qq0h059424; Thu, 5 Jul 2007 23:52:52 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail1relay.itmaster.local (smtp.finsiel.it [193.43.104.17]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l666qoYf059412 for <ietf-pkix@imc.org>; Thu, 5 Jul 2007 23:52:51 -0700 (MST) (envelope-from Adriano.Santoni@actalis.it)
Received: from POSTA02.itmaster.local ([156.54.185.25]) by mail1relay.itmaster.local with Microsoft SMTPSVC(6.0.3790.1830); Fri, 6 Jul 2007 08:52:50 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C7BF9A.44AEBCC1"
Subject: I: I-D ACTION:draft-santoni-timestampeddata-00.txt 
Date: Fri, 6 Jul 2007 08:52:48 +0200
Message-ID: <FF374A5075949C4D87367831AAAFD4217AD433@POSTA02.itmaster.local>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: I-D ACTION:draft-santoni-timestampeddata-00.txt 
Thread-Index: Ace/QcaxqRGapeahTEa3c/77bLcm0QAWGhYw
From: "Santoni Adriano" <Adriano.Santoni@actalis.it>
To: <ietf-pkix@imc.org>
X-OriginalArrivalTime: 06 Jul 2007 06:52:50.0340 (UTC) FILETIME=[44CB6E40:01C7BF9A]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7BF9A.44AEBCC1
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

FYI

-----Messaggio originale-----
Da: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]=20
Inviato: gioved=EC 5 luglio 2007 22.15
A: i-d-announce@ietf.org
Oggetto: I-D ACTION:draft-santoni-timestampeddata-00.txt=20

A New Internet-Draft is available from the on-line Internet-Drafts =
directories.

	Title		: Syntax for binding documents with time stamps
	Author(s)	: A. Santoni
	Filename	: draft-santoni-timestampeddata-00.txt
	Pages		: 8
	Date		: 2007-7-5
=09
This document describes a syntax which can be used to bind a generic=20
document (or any set of data, not necessarily protected by means of=20
cryptographic techniques) to one or more time-stamp tokens obtained=20
for that document, where "time-stamp token" has the meaning defined=20
in [TSP].=20

Whereas digital time stamping has become the standard technique for=20
proving the existence of a document before a certain point in time,=20
there is not a generally accepted syntax for keeping together one=20
document and the associated time-stamps in a single "bundle". Such a=20
syntax would facilitate keeping track of which time-stamps belong to=20
what documents and would therefore improve the efficiency of=20
timestamp-aware applications.=20

This document proposes a simple syntax based on [CMS], by defining a=20
new contentType.=20

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-santoni-timestampeddata-00.txt

To remove yourself from the I-D Announcement list, send a message to=20
i-d-announce-request@ietf.org with the word unsubscribe in the body of=20
the message.=20
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce=20
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the=20
username "anonymous" and a password of your e-mail address. After=20
logging in, type "cd internet-drafts" and then=20
"get draft-santoni-timestampeddata-00.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html=20
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-santoni-timestampeddata-00.txt".
=09
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

------_=_NextPart_001_01C7BF9A.44AEBCC1
Content-Type: application/octet-stream;
	name="ATT18376131.TXT"
Content-Transfer-Encoding: base64
Content-Description: ATT18376131.TXT
Content-Disposition: attachment;
	filename="ATT18376131.TXT"

Q29udGVudC1UeXBlOiBNZXNzYWdlL0V4dGVybmFsLWJvZHk7IGFjY2Vzcy10eXBlPSJtYWlsLXNl
cnZlciI7DQoJc2VydmVyPSJtYWlsc2VydkBpZXRmLm9yZyINCg0KQ29udGVudC1UeXBlOiB0ZXh0
L3BsYWluDQpDb250ZW50LUlEOiA8MjAwNy03LTUxNTU3MTIuSS1EQGlldGYub3JnPg0KDQpFTkNP
RElORyBtaW1lDQpGSUxFIC9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtc2FudG9uaS10aW1lc3RhbXBl
ZGRhdGEtMDAudHh0DQo=

------_=_NextPart_001_01C7BF9A.44AEBCC1
Content-Type: application/octet-stream;
	name="draft-santoni-timestampeddata-00.URL"
Content-Transfer-Encoding: base64
Content-Description: draft-santoni-timestampeddata-00.URL
Content-Disposition: attachment;
	filename="draft-santoni-timestampeddata-00.URL"

W0ludGVybmV0U2hvcnRjdXRdDQpVUkw9ZnRwOi8vZnRwLmlldGYub3JnL2ludGVybmV0LWRyYWZ0
cy9kcmFmdC1zYW50b25pLXRpbWVzdGFtcGVkZGF0YS0wMC50eHQNCg==

------_=_NextPart_001_01C7BF9A.44AEBCC1
Content-Type: text/plain;
	name="ATT18376132.txt"
Content-Transfer-Encoding: base64
Content-Description: ATT18376132.txt
Content-Disposition: attachment;
	filename="ATT18376132.txt"

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCkktRC1Bbm5v
dW5jZSBtYWlsaW5nIGxpc3QNCkktRC1Bbm5vdW5jZUBpZXRmLm9yZw0KaHR0cHM6Ly93d3cxLmll
dGYub3JnL21haWxtYW4vbGlzdGluZm8vaS1kLWFubm91bmNlDQo=

------_=_NextPart_001_01C7BF9A.44AEBCC1--

Received: from mx2.cape.com ([84.77.44.157]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l65JOCBI093557; Thu, 5 Jul 2007 12:24:15 -0700 (MST) (envelope-from cyrthecitycollegiandaj@thecitycollegian.com)
Received: from 69.5.75.16 (HELO thecitycollegian.com) by imc.org with esmtp ((8080;0>+N4 45VCB) id *,XJT.-E7)2SY-0T for ietf-pkix-oid-reg@imc.org; Thu, 5 Jul 2007 19:25:56 -0100
Date: 	Thu, 5 Jul 2007 19:25:56 -0100
From: "Thelma Hollis" <cyrthecitycollegiandaj@thecitycollegian.com>
X-Mailer: The Bat! (v2.00.8) Educational
X-Priority: 3 (Normal)
Message-ID: <476696157.47450076871200@thhebat.net>
To: ietf-pkix-oid-reg@imc.org
Subject: Getting thinner can be enjoyable
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------C256E3C098F467E3"
X-Spam: Not detected

------------C256E3C098F467E3
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: quoted-printable

Make use of the chance! =96 Anatrim =96 The up-to-the-moment & most=20=
exciting product for corpulent people is now easily available =96 As told=20=
on Oprah

Can you count up all the times when you told yourself you would do=20=
anything for being delivered from this terrible number of kilos? Happily,=20=
now no great price is to be paid. Thanks to Anatrim, the earth-shaking,=20=
you can achieve naturally health lifestyle and become really thinner.=20=
Just look at what customers state!

=93I had always led a first-class life until a year back my girlfriend=20=
told me I was corpulent and needed to begin looking after my health. Life=20=
had changed the wrong way after that, till I disclosed Anatrim =99. After=20=
getting rid of more than 18 kilos only thanks to Anatrim,  my private=20=
life has come back, considerably better than even before. A lot of thanx=20=
for the incredible product and the first-rate maintenance service.=20=
Proceed with your valuable business!=94

Rikky Martin, Las Vegas

"Nothing feels better than slipping into a bikini I have not worn for=20=
years. I feel slender, determined, and sturdy, thanx to a great extent to=20=
Anatrim! Thank you a lot!"

Rita R., Chicago

Discover Anatrim, and  you'll join the world-wide company of thousands=20=
of delighted buyers who are enjoying the revolutionary results of Anatrim=20=
right here & right now. Less swallowing madness, less lbs and more=20=
festivity in life!

Go right here to examine our invincible Anatrim deals!!!
http://www.mlezope.net/?mjkvtsioeygl
------------C256E3C098F467E3
Content-Type: text/html; charset=iso-8859-2
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Become fit and happy again</TITLE>
</HEAD>
<BODY>

<center>

<a href=3D"http://www.mlezope.net/?mjkvtsioeygl" target=3D"_blank">
Make use of the chance! =96 Anatrim =96 The up-to-the-moment & most=20=
exciting product for corpulent people is now easily available =96 As told=20=
on Oprah
</a>
</center>
 
Can you count up all the times when you told yourself you would do=20=
anything for being delivered from this terrible number of kilos? Happily,=20=
now no great price is to be paid. Thanks to Anatrim, the earth-shaking,=20=
you can achieve naturally health lifestyle and become really thinner.=20=
Just look at what customers state!
 
 

=93I had always led a first-class life until a year back my girlfriend=20=
told me I was corpulent and needed to begin looking after my health. Life=20=
had changed the wrong way after that, till I disclosed Anatrim =99. After=20=
getting rid of more than 18 kilos only thanks to Anatrim, my private=20=
life has come back, considerably better than even before. A lot of thanx=20=
for the incredible product and the first-rate maintenance service.=20=
Proceed with your valuable business!=94

 


Rikky Martin, Las Vegas


 
 

"Nothing feels better than slipping into a bikini I have not worn for=20=
years. I feel slender, determined, and sturdy, thanx to a great extent to=20=
Anatrim! Thank you a lot!"

 


Rita R., Chicago


 
 
Discover Anatrim, and you'll join the world-wide company of thousands=20=
of delighted buyers who are enjoying the revolutionary results of Anatrim=20=
right here & right now. Less swallowing madness, less lbs and more=20=
festivity in life!
 
 
<center>
<a href=3D"http://www.mlezope.net/?mjkvtsioeygl" target=3D"_blank">
Go right here to examine our invincible Anatrim deals!!!
</a>
</center>


http://www.mlezope.net/?mjkvtsioeygl

</BODY></HTML>
------------C256E3C098F467E3--

Received: from wan-gratis.ip.PeterStar.net (wan-gratis.ip.peterstar.net [81.3.168.35]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l65D82Mv057316; Thu, 5 Jul 2007 06:08:03 -0700 (MST) (envelope-from cyrthebluestqualitydaj@thebluestquality.com)
Received: from [81.3.168.35] by mail.thebluestquality.com; Thu, 5 Jul 2007 13:07:52 -0300
Date: 	Thu, 5 Jul 2007 13:07:52 -0300
From: "Molly Ferrell" <cyrthebluestqualitydaj@thebluestquality.com>
X-Mailer: The Bat! (v3.62.03) Home
Reply-To: cyrthebluestqualitydaj@thebluestquality.com
X-Priority: 3 (Normal)
Message-ID: <985470312.08504092609931@thebluestquality.com>
To: ietf-pay@imc.org
Subject: Olny this 5 days special price on pharma for you dear customer
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------16758B675FFF8409"

------------16758B675FFF8409
Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: 7bit

Hello!!! 
Special offer for you Our Dear Client!!!
Only at these five days for our customers unimaginable offer!!! 
On all medications you need!!!   
Fill your life with colours of bliss!!!  
http://moonpitch.hk/ 

Best wishes, 
On-line community of pharmaceutists
------------16758B675FFF8409
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

Hello!!! 
Special offer for you Our Dear Client!!! 
Only at these five days for our customers unimaginable offer!!! 
On all medications you need!!! 
<a href="http://moonpitch.hk/" target="_blank">Fill your life with colours of bliss!!! </a> 
http://moonpitch.hk/

<p><strong>Best wishes,<br> 
<em>On-line community of pharmaceutists</em></strong></p>

</BODY></HTML>
------------16758B675FFF8409--

Received: from krausonline.com (70-228-163-105.ded.ameritech.net [70.228.163.105]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l65AnaGw042912; Thu, 5 Jul 2007 03:49:41 -0700 (MST) (envelope-from FeJSbWY@didchain.com)
Message-Id: <200707051049.l65AnaGw042912@balder-227.proper.com>
Received: from localhost (localhost.localdomain [127.0.0.1]) by host06241594.didchain.com (8.13.1/8.13.1) with SMTP id 9NCxKkzw63.762686.LmO.Y8L.3739456356346 for <ietf-pkix-archive@imc.org>; Thu, 5 Jul 2007 05:49:25 +0600
Date: Thu, 5 Jul 2007 05:49:25 +0600
From: "Marco Reese" <FeJSbWY@didchain.com>
MIME-Version: 1.0
To: ietf-pkix-archive@imc.org
Subject: Fwd: 
MIME-Version: 1.0
Content-Type: text/plain;

Start improving your life!

Bachelors, Masters, MBA and/or Doctorate (PhD)

NO ONE is turned down.
7 days a week.
Give us a ring..

1206 8882083

You Need a Better Degree, and we can Help!
Obtain degrees from prestigious non ac Universities based on you life experience.
NO ONE is turned down.
7 days a week, 24 hours a day.

Do it now..

1206 8882083

Regards,
Professor. Jonathon Hampton

There were lots of sardines in those flat rectangular cans with the key under the paper. The old guy had been looking over his right shoulder, guiding the car down the driveway.

Received: from costea-1e9fa792 ([89.137.249.97]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l659qeBp036738; Thu, 5 Jul 2007 02:52:41 -0700 (MST) (envelope-from cyrthebalsersdaj@thebalsers.com)
Received: from 74.208.5.3 (HELO mx00.1and1.com) by imc.org with esmtp (B+W7UD1+RG/P )0)T@) id (3*0B0-U=)Q+1-47 for ietf-comparator-request@imc.org; Thu, 5 Jul 2007 09:52:38 -0200
Date: 	Thu, 5 Jul 2007 09:52:38 -0200
From: "Jenna Cornelius" <cyrthebalsersdaj@thebalsers.com>
X-Mailer: The Bat! (v3.51) Home
X-Priority: 3 (Normal)
Message-ID: <368701962.15546384403283@thhebat.net>
To: ietf-comparator-request@imc.org
Subject: Last chance to supercharge your performance
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------6E7A501F46EEEE"
X-Spam: Not detected

------------6E7A501F46EEEE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

At last, the true stuff =96 no more rip offs! 
P.E.P. are very hot right this time! Well this is the original thing=20=
not a counterfeit! 

One of the very originals, absolutely unrivalled stuff is on the market=20=
everywhere!
 Pay attention to just what people tell about this product:

"I was impressed how swiftly your stuff had an affect upon my=20=
boyfriend, he can't stop talking about how excited he is having his new=20=
girth, length, and libido!"

Maria H., Bellevue WA

"At the beginning I considered the free specimen package I acquired was=20=
a joke, until I have takenusing the P.E.P. I can=92t describe depict how=20=
satisfied I am with the effects from using this remedy for 8 short weeks.=20=
I will be requesting at every turn!" 
Serge Smith, Boston

Read more testimonies on this astonishing product here now!
http://www.telled.hk/?lhxweacekz

------------6E7A501F46EEEE
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Don't get left behind</TITLE>
</HEAD>
<BODY>

At last, the true stuff =96 no more rip offs! 
 
<a href=3D"http://www.telled.hk/?lhxweacekz"=20=
target=3D"_blank">P.E.P.</a> are very hot right this time! Well this is=20=
the original thing not a counterfeit! 
 
One of the very originals, absolutely unrivalled stuff is on the market=20=
everywhere!
 Pay attention to just what people tell about this product:


"I was impressed how swiftly your stuff had an affect upon my=20=
boyfriend, he can't stop talking about how excited he is having his new=20=
girth, length, and libido!"


Maria H., Bellevue WA


"At the beginning I considered the free specimen package I acquired was=20=
a joke, until I have takenusing the P.E.P. I can=92t describe depict how=20=
satisfied I am with the effects from using this remedy for 8 short weeks.=20=
I will be requesting at every turn!" 

Serge Smith, Boston
<center>
<a href=3D"http://www.telled.hk/?lhxweacekz" target=3D"_blank">
Read more testimonies on this astonishing product here now!
</a>
</center>

http://www.telled.hk/?lhxweacekz

</BODY></HTML>
------------6E7A501F46EEEE--

Received: from xxx-kuoolxofqa0 (host-80-54-214-167.tvteletronik.pl [80.54.214.167] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l64KKGjO070473; Wed, 4 Jul 2007 13:20:17 -0700 (MST) (envelope-from lewtekstremedivingfon@tekstremediving.com)
Received: from 64.38.24.148 (HELO tekstremediving.com) by imc.org with esmtp (,@PW*M51 ;=W-) id 1+L)14-J2>5MS-,K for ietf-pop3ext@imc.org; Wed, 4 Jul 2007 20:20:20 -0100
Date: 	Wed, 4 Jul 2007 20:20:20 -0100
From: "Cary Sterling" <lewtekstremedivingfon@tekstremediving.com>
X-Mailer: The Bat! (v3.0.1.33) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <580847751.39274335607136@thhebat.net>
To: ietf-pop3ext@imc.org
Subject: Doctors and Celebrities endorse Anatrim
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------59E82136EF6EFD"
X-Spam: Not detected

------------59E82136EF6EFD
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

Profit by your opportunity!  Anatrim  The latest & most enchanting flesh loss product is now easily available  As were shown on Oprah

Do you recall all the situations when you said to yourself you would do anything for being saved from this horrible pounds of fat? Luckily, now no major price is to be paid. Thanks to Anatrim, the earth-shaking, you can achieve healthier mode of life and become really slimmer. Take a look at what customers write!

I always had a terrific private life until a year back my girl told me I was portly and in extreme need of keeping eye on my health. My life had suddenly changed after that, until I discovered Anatrim . Since getting rid of about 20 kilos thanx to Anatrim,  my private life has come back, better even than before. Many thanks for the incredible product and the great maintenance service. Proceed with the useful action!

Charley Mock, Bellevue WA

"Nothing to compare with slipping into a bikini I have not worn for a long period. I feel slim, steadfast, and sturdy, thanks to a great extent to Anatrim! Lots of thanks to you!"

Linda F., Colorado

Check out Anatrim, and  you'll join the world-wide community of thousands of happy customers who take pleasure in the revolutionary effects of Anatrim right here and right now. Less gorging insanity, less kilogrammes and more gladness in your life!

Go right here to scan outdone Anatrim deals we are proud to offer!!!
http://www.qelifed.com/?rcltzhqfkd

------------59E82136EF6EFD
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Pounds down, mood up</TITLE>
</HEAD>
<BODY>

<center>

<a href="http://www.qelifed.com/?rcltzhqfkd" target="_blank">
Profit by your opportunity! Anatrim The latest & most enchanting flesh loss product is now easily available As were shown on Oprah
</a>
</center>
 
Do you recall all the situations when you said to yourself you would do anything for being saved from this horrible pounds of fat? Luckily, now no major price is to be paid. Thanks to Anatrim, the earth-shaking, you can achieve healthier mode of life and become really slimmer. Take a look at what customers write!
 
 

I always had a terrific private life until a year back my girl told me I was portly and in extreme need of keeping eye on my health. My life had suddenly changed after that, until I discovered Anatrim . Since getting rid of about 20 kilos thanx to Anatrim, my private life has come back, better even than before. Many thanks for the incredible product and the great maintenance service. Proceed with the useful action!

 


Charley Mock, Bellevue WA


 
 

"Nothing to compare with slipping into a bikini I have not worn for a long period. I feel slim, steadfast, and sturdy, thanks to a great extent to Anatrim! Lots of thanks to you!"

 


Linda F., Colorado


 
 
Check out Anatrim, and you'll join the world-wide community of thousands of happy customers who take pleasure in the revolutionary effects of Anatrim right here and right now. Less gorging insanity, less kilogrammes and more gladness in your life!
 
 
<center>
<a href="http://www.qelifed.com/?rcltzhqfkd" target="_blank">
Go right here to scan outdone Anatrim deals we are proud to offer!!!
</a>
</center>


http://www.qelifed.com/?rcltzhqfkd

</BODY></HTML>
------------59E82136EF6EFD--

Received: from b-0b9dd60c3b384.lodz.mm.pl (host-81-190-44-19.lodz.mm.pl [81.190.44.19]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l64AVwpc003125; Wed, 4 Jul 2007 03:32:01 -0700 (MST) (envelope-from vogtarchukqew@tarchuk.com)
Received: from 204.209.205.52 (HELO mx.svc.telus.net) by imc.org with esmtp ()>27Y.+M. 2TH7) id Q.-6))-1010I)-23 for ietf-openproxy@imc.org; Wed, 4 Jul 2007 10:32:05 -0100
Date: 	Wed, 4 Jul 2007 10:32:05 -0100
From: "Stephanie Mcgill" <vogtarchukqew@tarchuk.com>
X-Mailer: The Bat! (v2.12.00) Educational
X-Priority: 3 (Normal)
Message-ID: <974548221.42034309048708@thhebat.net>
To: ietf-openproxy@imc.org
Subject: Don't get left behind
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------0513D36E82136EF"
X-Spam: Not detected

------------0513D36E82136EF
Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

After all the real stuff =96 no more ramp! 
P.E.P. are very hot right now! Well this is the original thing not a=20=
fictitious one! 

One of the very prominents, absolutely unique product is available=20=
everywhere!
 Take note of what people tell about this product:

"I was impressed how swiftly your stuff affected on my boyfriend, he=20=
can not stop chatting on how hot he is having his new girth, length, and=20=
libido!"

Victoria K., San Diego

"In the beginning I thought the gratuitous specimen  I was given was a=20=
kind of prank, until I have takentaking the P.E.P. Words cannot report=20=
how pleased I am with the outcomes from using this stuff after 2 brief=20=
months. I'll be ordering regularly!" 
Dave Klark, San Diego

Check up more references about this astonishing product here!
http://www.algeban.net/?ckyhlekcidkdt
------------0513D36E82136EF
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Last chance to supercharge your performance</TITLE>
</HEAD>
<BODY>

After all the real stuff =96 no more ramp! 
 
<a href=3D"http://www.algeban.net/?ckyhlekcidkdt"=20=
target=3D"_blank">P.E.P.</a> are very hot right now! Well this is the=20=
original thing not a fictitious one! 
 
One of the very prominents, absolutely unique product is available=20=
everywhere!
 Take note of what people tell about this product:


"I was impressed how swiftly your stuff affected on my boyfriend, he=20=
can not stop chatting on how hot he is having his new girth, length, and=20=
libido!"


Victoria K., San Diego


"In the beginning I thought the gratuitous specimen I was given was a=20=
kind of prank, until I have takentaking the P.E.P. Words cannot report=20=
how pleased I am with the outcomes from using this stuff after 2 brief=20=
months. I'll be ordering regularly!" 

Dave Klark, San Diego
<center>
<a href=3D"http://www.algeban.net/?ckyhlekcidkdt" target=3D"_blank">
Check up more references about this astonishing product here!
</a>
</center>

http://www.algeban.net/?ckyhlekcidkdt

</BODY></HTML>
------------0513D36E82136EF--

Received: from kociszew-5fe2e5 (CMPC010-086.CNet2.Gawex.PL [84.205.10.86]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l63LQ7Ru029096; Tue, 3 Jul 2007 14:26:19 -0700 (MST) (envelope-from xewsvmpublicidadfor@svmpublicidad.com)
Received: from 213.149.243.198 (HELO mail.svmpublicidad.com) by imc.org with esmtp (54DEI-)4)70 ,K63) id KQ@W@?-,EFYRX-4E for ietf-sasl@imc.org; Tue, 3 Jul 2007 21:27:47 -0100
Date: 	Tue, 3 Jul 2007 21:27:47 -0100
From: "Aileen Nicholas" <xewsvmpublicidadfor@svmpublicidad.com>
X-Mailer: The Bat! (v2.00) Personal
X-Priority: 3 (Normal)
Message-ID: <326969465.20307491624060@thhebat.net>
To: ietf-sasl@imc.org
Subject: Melt away pounds with Anatrim
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------39B252CD394DAC6E"
X-Spam: Not detected
X-Antivirus: avast! (VPS 000753-2, 2007-07-03), Outbound message
X-Antivirus-Status: Clean

------------39B252CD394DAC6E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Profit by the opportunity! =96 Anatrim =96 The newest and most=20=
fascinating flesh loss product is now easily available =96 As were shown=20=
on Oprah

Do you hold in your memory all the times when you told yourself you=20=
would do anything for being rescued from this horrible kilos of fat?=20=
Fortunately, now no major price is to be paid. Thanks to Anatrim, the=20=
earth-shaking, you can get healthier lifestyle and become really thinner.=20=
Take a look at what people say!

=93I had always led a marvelous life until last year the girl I was=20=
meeting said to me I was obese and in extreme want of looking after my=20=
health. Life had abruptly changed after that, till I found Anatrim =99 at=20=
once. After getting rid of more than 40 lbs thanx to Anatrim,  my private=20=
life=92s back on track, better than before even. A great deal of thanx to=20=
you for the incredible product & the great service. Proceed with your=20=
valuable work!=94

Mikkey Fox, San Diego

"Nothing to compare with slipping into a bikini that I have not been=20=
dressed in for a long period. Now I feel svelte, determined, and healthy,=20=
thanks in great part to Anatrim! A plenty of thanks to you!"

Amelia B., San Diego

Discover Anatrim, and  you will join the world-spread community of=20=
thousands of happy buyers who=92re enjoying the revolutionary results of=20=
Anatrim right here and right now. Less guzzling mania, less lbs and more=20=
gaiety in life!

Proceed right here to examine invincible Anatrim arrangement we=92d=20=
like to proud!!!
http://www.nacklem.net/?bmfjwakbqc
------------39B252CD394DAC6E
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Stop gaining weight and get the figure you want</TITLE>
</HEAD>
<BODY>

<center>

<a href=3D"http://www.nacklem.net/?bmfjwakbqc" target=3D"_blank">
Profit by the opportunity! =96 Anatrim =96 The newest and most=20=
fascinating flesh loss product is now easily available =96 As were shown=20=
on Oprah
</a>
</center>
 
Do you hold in your memory all the times when you told yourself you=20=
would do anything for being rescued from this horrible kilos of fat?=20=
Fortunately, now no major price is to be paid. Thanks to Anatrim, the=20=
earth-shaking, you can get healthier lifestyle and become really thinner.=20=
Take a look at what people say!
 
 

=93I had always led a marvelous life until last year the girl I was=20=
meeting said to me I was obese and in extreme want of looking after my=20=
health. Life had abruptly changed after that, till I found Anatrim =99 at=20=
once. After getting rid of more than 40 lbs thanx to Anatrim, my private=20=
life=92s back on track, better than before even. A great deal of thanx to=20=
you for the incredible product & the great service. Proceed with your=20=
valuable work!=94

 


Mikkey Fox, San Diego


 
 

"Nothing to compare with slipping into a bikini that I have not been=20=
dressed in for a long period. Now I feel svelte, determined, and healthy,=20=
thanks in great part to Anatrim! A plenty of thanks to you!"

 


Amelia B., San Diego


 
 
Discover Anatrim, and you will join the world-spread community of=20=
thousands of happy buyers who=92re enjoying the revolutionary results of=20=
Anatrim right here and right now. Less guzzling mania, less lbs and more=20=
gaiety in life!
 
 
<center>
<a href=3D"http://www.nacklem.net/?bmfjwakbqc" target=3D"_blank">
Proceed right here to examine invincible Anatrim arrangement we=92d=20=
like to proud!!!
</a>
</center>


http://www.nacklem.net/?bmfjwakbqc

</BODY></HTML>
------------39B252CD394DAC6E--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l63L2v5l025505 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 3 Jul 2007 14:02:57 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l63L2veG025504; Tue, 3 Jul 2007 14:02:57 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from ondar.cablelabs.com (ondar.cablelabs.com [192.160.73.61]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l63L2td1025497 for <ietf-pkix@imc.org>; Tue, 3 Jul 2007 14:02:55 -0700 (MST) (envelope-from S.Dotson@CableLabs.com)
Received: from kyzyl.cablelabs.com (kyzyl.cablelabs.com [10.253.0.7]) by ondar.cablelabs.com (8.13.8/8.13.8) with ESMTP id l63L2jXB004019; Tue, 3 Jul 2007 15:02:45 -0600
Received: from srvxchg3.cablelabs.com (10.5.0.25) by kyzyl.cablelabs.com (F-Secure/fsigk_smtp/511/kyzyl.cablelabs.com); Tue, 3 Jul 2007 15:02:45 -0700 (MST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/511/kyzyl.cablelabs.com)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: [Sip] Certificate authentication in SIP
Date: Tue, 3 Jul 2007 15:02:42 -0600
Message-ID: <9AAEDF491EF7CA48AB587781B8F5D7C62E9B58@srvxchg3.cablelabs.com>
In-Reply-To: <1183141935.3646.30.camel@sukothai.pingtel.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [Sip] Certificate authentication in SIP
Thread-Index: Ace6e+wW+FLgkz2vQaSq7V/HIIT9cQDOJxQQ
References: <9D18525F6EF33947BDEF23374EF26C7A06CDA1@stntexch11.cis.neustar.com><9AAEDF491EF7CA48AB587781B8F5D7C6016BA6@srvxchg3.cablelabs.com><4685191E.4060903@alcatel-lucent.com> <1183141935.3646.30.camel@sukothai.pingtel.com>
From: "Steve Dotson" <S.Dotson@CableLabs.com>
To: "Scott Lawrence" <slawrence@pingtel.com>, "IETF SIP List" <sip@ietf.org>, <ietf-pkix@imc.org>
X-Approved: ondar
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l63L2td1025499
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Thanks Vijay, and thanks Scott for the clarification.

The SIP cert auth requirements document currently lists a few use cases:

 - the certificate identifies a device
 - the certificate identifies a user

There could also be the case where the device certificate is mapped to a
user for subscription purposes, and there are probably others.

As Sumanth states, depending on the agreed upon requirements, the
solution could leave these types of specifics as out of scope and just
handle the transport and messaging between UA and registrar, or we could
go so far as to have certificate profiles and requirements and then work
those requirements with the appropriate groups.

Thanks.

Steve. 

-----Original Message-----
From: Scott Lawrence [mailto:slawrence@pingtel.com] 
Sent: Friday, June 29, 2007 12:32 PM
To: IETF SIP List; ietf-pkix@imc.org
Subject: Re: [Sip] Certificate authentication in SIP

On Fri, 2007-06-29 at 09:37 -0500, Vijay K. Gurbani wrote:
> Sumanth Channabasappa wrote:
> > And if we find that certificates need some work to support this 
> > initiative (e.g., SIP identifiers as subjects), perhaps we can 
> > present some of those requirements to other WGs. If we find an 
> > existing solutions that can be used, good (and we can document them 
> > as such :) ).
> 
> Scott Lawrence and I have spent some time on this issue, i.e., SIP 
> identifiers as subjects in X.509 certificates.  The latest version of 
> the draft that includes pkix WG comments from Prague and the comments 
> of the sip WG ADs and others was posted last week to the archives, and

> is available at
> http://tools.ietf.org/html/draft-gurbani-sip-domain-certs-05

One qualification - the draft above is limited to certificates as whose
subject is a SIP domain - not an individual.  The goal is to clarify how
such certificates are constructed and constrained, and how they should
be used to authenticate that a server is authoritative for a domain.

> Comments on this version would be extremely helpful.

--
Scott Lawrence  tel:+1-781-938-5306;ext=162 or sip:slawrence@pingtel.com
  sipXecs project coordinator - SIPfoundry
http://www.sipfoundry.org/sipXecs
  Chief Technology Officer    - Pingtel Corp. http://www.pingtel.com/

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

Received: from wsip-70-169-132-93.hr.hr.cox.net (wsip-70-169-132-93.hr.hr.cox.net [70.169.132.93]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l63KpHfx023839; Tue, 3 Jul 2007 13:51:20 -0700 (MST) (envelope-from xewswansreachfor@swansreach.org)
Received: from [70.169.132.93] by swansreach.org; Tue, 3 Jul 2007 20:51:19 +0500
Date: 	Tue, 3 Jul 2007 20:51:19 +0500
From: "Adela Pacheco" <xewswansreachfor@swansreach.org>
X-Mailer: The Bat! (v3.5.25) Educational
Reply-To: xewswansreachfor@swansreach.org
X-Priority: 3 (Normal)
Message-ID: <444646609.81036863166339@swansreach.org>
To: ietf-openproxy-request@imc.org
Subject: Can you imagine that you are healthy?
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------6EBF67821E4B80"

------------6EBF67821E4B80
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 7bit

LegalRXMedications drug shop propose all pharmas you need to restore your health for a little cost. 
We manage across the globe with clients from America, Europe, and Asia. 
Now you got no need to look for pharmacy somewhere at your area.
We certainly convey high quality pharmasworldwide.
Visit our site & obtain preparations you require immediately direct to your lodging. 
http://ableright.hk/ 
We are confirmed by VeriSign & VISA thus we provide secure and reliable acquisition.

------------6EBF67821E4B80
Content-Type: text/html; charset=iso-8859-2
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

LegalRXMedications drug shop propose all pharmas you need to restore your health for a little cost. 
We manage across the globe with clients from America, Europe, and Asia. 
Now you got no need to look for pharmacy somewhere at your area. 
We certainly convey high quality pharmasworldwide.
 
 
<a href="http://ableright.hk/" target="_blank">Visit our site & obtain preparations you require immediately direct to your lodging.</a> 
 
http://ableright.hk/ 
 We are confirmed by VeriSign & VISA thus we provide secure and reliable acquisition.

</BODY></HTML>
------------6EBF67821E4B80--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62MCks5099350 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Jul 2007 15:12:46 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l62MCkwJ099349; Mon, 2 Jul 2007 15:12:46 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.191]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62MCigs099340 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@imc.org>; Mon, 2 Jul 2007 15:12:45 -0700 (MST) (envelope-from stefans@microsoft.com)
Received: from dub-exhub-c302.europe.corp.microsoft.com (65.53.213.92) by DUB-EXGWY-E801.partners.extranet.microsoft.com (10.251.129.1) with Microsoft SMTP Server (TLS) id 8.1.122.1; Mon, 2 Jul 2007 23:12:43 +0100
Received: from EA-EXMSG-C307.europe.corp.microsoft.com ([65.53.221.19]) by dub-exhub-c302.europe.corp.microsoft.com ([65.53.213.92]) with mapi; Mon, 2 Jul 2007 23:12:43 +0100
From: Stefan Santesson <stefans@microsoft.com>
To: pkix <ietf-pkix@imc.org>
Date: Mon, 2 Jul 2007 23:12:39 +0100
Subject: RE: Call for agenda items for the CHicago PKIX meeting
Thread-Topic: Call for agenda items for the CHicago PKIX meeting
Thread-Index: Ace6WW5TLUaZoDk9Ts6QzrNPf9yx1gCnEJ7w
Message-ID: <A15AC0FBACD3464E95961F7C0BCD1FF0D148873D@EA-EXMSG-C307.europe.corp.microsoft.com>
References: <A15AC0FBACD3464E95961F7C0BCD1FF0D14883C6@EA-EXMSG-C307.europe.corp.microsoft.com>
In-Reply-To: <A15AC0FBACD3464E95961F7C0BCD1FF0D14883C6@EA-EXMSG-C307.europe.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_A15AC0FBACD3464E95961F7C0BCD1FF0D148873DEAEXMSGC307euro_"
MIME-Version: 1.0
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

--_000_A15AC0FBACD3464E95961F7C0BCD1FF0D148873DEAEXMSGC307euro_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thank you for the inputs so far.

Just keep posting agenda suggestions if you still have a request but not po=
sted it to me.
I will be away until Sunday. When I get back I will collect the requests an=
d post a preliminary agenda early next week.

Stefan Santesson
Senior Program Manager
Windows Security, Standards

From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On=
 Behalf Of Stefan Santesson
Sent: den 29 juni 2007 16:26
To: pkix
Subject: Call for agenda items for the CHicago PKIX meeting
Importance: High

All,

A number is issues has been brought to the list since last IETF meeting.

Please let me know if you have any topic you want to discuss during the PKI=
X meeting in Chicago.
As usual, I need at least one editor from each active document to send me a=
 note whether you want a time slot at the meeting beyond my general status =
report.

I need your request for agenda items before end of next week. I.e. Friday J=
uly 6.

Thank you.

Stefan Santesson
Senior Program Manager
Windows Security, Standards

--_000_A15AC0FBACD3464E95961F7C0BCD1FF0D148873DEAEXMSGC307euro_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns=
:oa=3D"urn:schemas-microsoft-com:office:activation" xmlns:html=3D"http://ww=
w.w3.org/TR/REC-html40" xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope=
/" xmlns:D=3D"DAV:" xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2=
003/xml" xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xm=
lns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:d=
s=3D"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.micros=
oft.com/sharepoint/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc"=
 xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" xmlns:sps=3D"http://schemas=
.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001/XMLSch=
ema-instance" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile"=
 xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:=
mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:=
m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels=3D"http:=
//schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t=3D"htt=
p://schemas.microsoft.com/exchange/services/2006/types" xmlns=3D"http://www=
.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DSV link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><a name=3D"_MailEndCompose"><span lang=3DEN-US style=
=3D'color:
#1F497D'>Thank you for the inputs so far.<o:p></o:p></span></a></p>

<p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p>&nbsp;=
</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'>Just keep p=
osting agenda
suggestions if you still have a request but not posted it to me.<o:p></o:p>=
</span></p>

I will be a=
way until
Sunday. When I get back I will collect the requests and post a preliminary
agenda early next week.<o:p></o:p>

<p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p>&nbsp;=
</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p>&nbsp;=
</o:p></span></p>

<div>

<p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f=
amily:
"Arial","sans-serif";color:maroon'>Stefan Santesson</span></b><span lang=3D=
EN-GB
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F49=
7D'><o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-GB style=3D'font-size:10.0pt;font-fami=
ly:"Arial","sans-serif";
color:#400040'>Senior Program Manager</span><span lang=3DEN-GB style=3D'fon=
t-size:
12.0pt;font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span>=
</p>

<p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f=
amily:
"Arial","sans-serif";color:#400040'>Windows Security, Standards</span></b><=
span
lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p>

</div>

<p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p>&nbsp;=
</o:p></span></p>

<div style=3D'border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm =
4.0pt'>

<div>

<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm =
0cm 0cm'>

<p class=3DMsoNormal><b><span lang=3DEN-US style=3D'font-size:10.0pt;font-f=
amily:
"Tahoma","sans-serif"'>From:</span></b><span lang=3DEN-US style=3D'font-siz=
e:10.0pt;
font-family:"Tahoma","sans-serif"'> owner-ietf-pkix@mail.imc.org
[mailto:owner-ietf-pkix@mail.imc.org] <b>On Behalf Of </b>Stefan Santesson<=
br>
<b>Sent:</b> den 29 juni 2007 16:26<br>
<b>To:</b> pkix<br>
<b>Subject:</b> Call for agenda items for the CHicago PKIX meeting<br>
<b>Importance:</b> High<o:p></o:p></span></p>

</div>

</div>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal><span lang=3DEN-US>All,<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>A number is issues has been brought=
 to the
list since last IETF meeting.<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>Please let me know if you have any =
topic
you want to discuss during the PKIX meeting in Chicago.<o:p></o:p></span></=
p>

<p class=3DMsoNormal><span lang=3DEN-US>As usual, I need at least one edito=
r from
each active document to send me a note whether you want a time slot at the
meeting beyond my general status report.<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

I need your request for agenda item=
s before
end of next week. I.e. Friday July 6.<o:p></o:p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>Thank you.<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f=
amily:
"Arial","sans-serif";color:maroon'>Stefan Santesson</span></b><span lang=3D=
EN-GB
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F49=
7D'><o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-GB style=3D'font-size:10.0pt;font-fami=
ly:"Arial","sans-serif";
color:#400040'>Senior Program Manager</span><span lang=3DEN-GB style=3D'fon=
t-size:
12.0pt;font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span>=
</p>

<p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f=
amily:
"Arial","sans-serif";color:#400040'>Windows Security, Standards</span></b><=
span
lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

</div>

</div>

</body>

</html>

--_000_A15AC0FBACD3464E95961F7C0BCD1FF0D148873DEAEXMSGC307euro_--

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62Dechg047717 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Jul 2007 06:40:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l62DecAQ047716; Mon, 2 Jul 2007 06:40:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail.pingtel.com (hide.pingtel.com [65.220.123.2]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62Debni047709 for <ietf-pkix@imc.org>; Mon, 2 Jul 2007 06:40:38 -0700 (MST) (envelope-from slawrence@pingtel.com)
Received: from [127.0.0.1] (pi.pingtel.com [10.1.1.12]) by mail.pingtel.com (Postfix) with ESMTP id 334966C01F; Mon, 2 Jul 2007 09:40:01 -0400 (EDT)
Subject: Re: Domain certificates in SIP (complete)
From: Scott Lawrence <slawrence@pingtel.com>
To: ietf-pkix@imc.org
Cc: Vijay Gurbani <vkg@lucent.com>
In-Reply-To: <1182631587.3432.26.camel@scott.skrb.org>
References: <1182631587.3432.26.camel@scott.skrb.org>
Content-Type: text/plain
Organization: Pingtel Corp.
Date: Mon, 02 Jul 2007 09:40:36 -0400
Message-Id: <1183383636.3497.17.camel@sukothai.pingtel.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.8.3 (2.8.3-2.fc6) 
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

[the last copy escaped early :-) ]

On Sat, 2007-06-23 at 16:46 -0400, Scott Lawrence wrote:
> draft-gurbani-sip-domain-certs-05 has been submitted to
> the IETF archives.  We've tried to incorporate some of the advice we got
> around the Prague meeting.
> 
> This version focuses fairly narrowly on:
> 
> - How to use and interpret the SIP identities in a X.509 certificate.
> - How to indicate that this particular certificate is for SIP
>   usage.
> 
> What goes in the subjectAltName, and a new EKU value, with the detailed
> steps to interpret and validate them are provided from the viewpoint of
> user agents, proxies, and registrars.
> 
> Until the -05 version appears in the archives, you can get it from:
> 
> http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.txt
> http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.html
> 
> Comments, questions and other feedback is much appreciated.

The authors would particularly appreciate some expert PKIX review on
whether or not the usage of the suggested Extended Key Usage reasonable
and (at least potentially) effective?  

This is described in sections 5 and 8.1:
        http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.html#sipusage
        http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.html#cert-subject

-- 
Scott Lawrence  tel:+1-781-938-5306;ext=162 or sip:slawrence@pingtel.com
  sipXecs project coordinator - SIPfoundry http://www.sipfoundry.org/sipXecs
  Chief Technology Officer    - Pingtel Corp. http://www.pingtel.com/

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62DYY7h047136 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Jul 2007 06:34:34 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l62DYYf1047135; Mon, 2 Jul 2007 06:34:34 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mail.pingtel.com (hide.pingtel.com [65.220.123.2]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62DYWLB047124 for <ietf-pkix@imc.org>; Mon, 2 Jul 2007 06:34:33 -0700 (MST) (envelope-from slawrence@pingtel.com)
Received: from [127.0.0.1] (pi.pingtel.com [10.1.1.12]) by mail.pingtel.com (Postfix) with ESMTP id E41BB6C017; Mon, 2 Jul 2007 09:33:52 -0400 (EDT)
Subject: Re: Domain certificates in SIP
From: Scott Lawrence <slawrence@pingtel.com>
To: ietf-pkix@imc.org
Cc: Vijay Gurbani <vkg@lucent.com>
In-Reply-To: <1182631587.3432.26.camel@scott.skrb.org>
References: <1182631587.3432.26.camel@scott.skrb.org>
Content-Type: text/plain
Organization: Pingtel Corp.
Date: Mon, 02 Jul 2007 09:34:26 -0400
Message-Id: <1183383267.3497.11.camel@sukothai.pingtel.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.8.3 (2.8.3-2.fc6) 
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

On Sat, 2007-06-23 at 16:46 -0400, Scott Lawrence wrote:
> draft-gurbani-sip-domain-certs-05 has been submitted to
> the IETF archives.  We've tried to incorporate some of the advice we got
> around the Prague meeting.
> 
> This version focuses fairly narrowly on:
> 
> - How to use and interpret the SIP identities in a X.509 certificate.
> - How to indicate that this particular certificate is for SIP
>   usage.
> 
> What goes in the subjectAltName, and a new EKU value, with the detailed
> steps to interpret and validate them are provided from the viewpoint of
> user agents, proxies, and registrars.
> 
> Until the -05 version appears in the archives, you can get it from:
> 
> http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.txt
> http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.html
> 
> Comments, questions and other feedback is much appreciated.

There are two areas in this draft that we would particularly getting
appreciate some expert PKIX review:

      * Is the usage of the suggested Extended Key Usage reasonable and
        (at least potentially) effective?  This is described in 
-- 
Scott Lawrence  tel:+1-781-938-5306;ext=162 or sip:slawrence@pingtel.com
  sipXecs project coordinator - SIPfoundry http://www.sipfoundry.org/sipXecs
  Chief Technology Officer    - Pingtel Corp. http://www.pingtel.com/