Re: [TLS] the use cases for GSS-based TLS and the plea for
Russ Housley <housley@vigilsec.com> Fri, 27 July 2007 21:35 UTC
Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IEXSl-0003cr-2n for pkix-archive@lists.ietf.org; Fri, 27 Jul 2007 17:35:07 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IEXSk-0007vO-JP for pkix-archive@lists.ietf.org; Fri, 27 Jul 2007 17:35:07 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6RKLLTH088671 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 27 Jul 2007 13:21:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6RKLLRo088669; Fri, 27 Jul 2007 13:21:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [66.150.120.2]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l6RKLJNx088653 for <ietf-pkix@imc.org>; Fri, 27 Jul 2007 13:21:20 -0700 (MST) (envelope-from housley@vigilsec.com)
Message-Id: <200707272021.l6RKLJNx088653@balder-227.proper.com>
Received: (qmail 31429 invoked by uid 0); 27 Jul 2007 20:21:10 -0000
Received: from unknown (HELO THINKPADR52.vigilsec.com) (67.97.210.2) by woodstock.binhost.com with SMTP; 27 Jul 2007 20:21:10 -0000
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 27 Jul 2007 15:21:11 -0500
To: ietf-smime@imc.org, ietf-pkix@imc.org
From: Russ Housley <housley@vigilsec.com>
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
Cc: tls@ietf.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 1.5 (+)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
Excuse the cross-post, but this message seems relevant to these lists as well as TLS. Russ = = = = = = = = = = Date: Sat, 28 Jul 2007 04:17:33 +1200 From: pgut001@cs.auckland.ac.nz To: martin.rex@sap.com Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for Cc: tls@ietf.org Martin Rex <Martin.Rex@sap.com> writes: >I spent an hour until I gave up. All implementations of S/Mime-capable >MUAs are so horribly broken that even someone with a technical >understanding runs into brick walls everywhere. It's not just S/MIME clients. The PARC study found that people with *PhDs in computer science* took, on average, over two hours to set up a cert for their own use (using paint-by-numbers screenshots as instructions), rated it as the hardest computer task they'd ever been asked to perform, and had no idea what they'd done to their computer when they were finished. PKI people who reviewed the paper were shocked at this, since they assumed that anyone could do it in a few minutes. (There's lots more like this in the two refs I gave. HCISec is a real eye- opener on the real-world effectiveness of security technology :-). Peter. _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls Received: from [78.144.31.237] ([78.144.31.237]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6VIv3Ve074375; Tue, 31 Jul 2007 11:57:08 -0700 (MST) (envelope-from sygbbearingboh@bbearing.com) Received: from [78.144.31.237] by gtrinc.net; Tue, 31 Jul 2007 18:56:07 +0000 Date: Tue, 31 Jul 2007 18:56:07 +0000 From: "Enid Arthur" <sygbbearingboh@bbearing.com> X-Mailer: The Bat! (v2.00.18) Business Reply-To: sygbbearingboh@bbearing.com X-Priority: 3 (Normal) Message-ID: <890851121.98594312621410@bbearing.com> To: ietf-pay@imc.org Subject: Olny this 5 days special price on pharma for you dear customer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------59EFD3DA059E80" ------------59EFD3DA059E80 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi!!! Special proposal for you Our Dear Client!!! At these 5 days only for our customers unthinkable offer!!! On all preparations you want!!! Fill in your life with colors of fun!!! http://boughtdecimal.cn/ Truly yours, On-line association of druggists ------------59EFD3DA059E80 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <strong><font color="#1CA82E"><em>Hi!!! </em></font><br> Special proposal for you <font color="#FF0000"><em>Our Dear Client!!!</em></font><br> At these <font color="#FF0000"><em>5 days only</em></font> for our customers unthinkable offer!!! <br> On all preparations you want!!! </strong> <strong><br><br> <a href="http://boughtdecimal.cn/" target="_blank"><em>Fill in your life with colors of fun!!! </em></a></strong> <font color="#D9EDFF">http://boughtdecimal.cn/</font><br><br> <strong>Truly yours,<br> <em>On-line association of druggists</em></strong></p> </BODY></HTML> ------------59EFD3DA059E80-- Received: from 2.komnet24.pl (2.komnet24.pl [89.171.192.2] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6U7sEnY071679; Mon, 30 Jul 2007 00:54:16 -0700 (MST) (envelope-from nogbabesmadisonfiw@babesmadison.com) Received: from 66.241.145.20 (HELO babesmadison.com) by imc.org with esmtp (=GM)Z+(0'>89 R0JH)O) id Q4690N-*D.33B-*H for ietf-pkix-archive@imc.org; Mon, 30 Jul 2007 07:54:11 -0100 Date: Mon, 30 Jul 2007 07:54:11 -0100 From: "Mathew Nichols" <nogbabesmadisonfiw@babesmadison.com> X-Mailer: The Bat! (v2.10) Educational X-Priority: 3 (Normal) Message-ID: <437998426.69374068528019@thhebat.net> To: ietf-pkix-archive@imc.org Subject: Why be an average guy any longer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------A7C4092C42CBDAE9" X-Spam: Not detected ------------A7C4092C42CBDAE9 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable At last, the original thing =96 with no ripoffs! P.E.P. are very hot at this time! Well this is the true stuff not a=20= forgery! One of the very prominents, totally unequalled product is on the market=20= here and there! Pay attention to just what people tell about this produce: "I was impressed how swiftly this product affected on my boyfriend, he=20= can not stop chatting on how hot he is having such new calibre, length,=20= and libido!" Linda F., New York "At the beginning I decided the gratuitous sample package I got was a=20= kind of a nasty trick, until I tried taking the P.E.P. Words cannot=20= describe how satisfied I am with the effects I got from using the patch=20= for 7 brief weeks. I will be requesting constantly!" Steve Doubt, Colorado Look at more references about this amazing product right here and right=20= now! http://www.opirsa.com/?lpagjrovizb ------------A7C4092C42CBDAE9 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Don't get left behind</TITLE> </HEAD> <BODY> <b> At last, the original thing =96 with no ripoffs! <br> <a href=3D"http://www.opirsa.com/?lpagjrovizb"=20= target=3D"_blank">P.E.P.</a> are very hot at this time! Well this is the=20= true stuff not a forgery! <br> One of the very prominents, totally unequalled product is on the market=20= here and there! <br> Pay attention to just what people tell about this produce: <p> <i> "I was impressed how swiftly this product affected on my boyfriend, he=20= can not stop chatting on how hot he is having such new calibre, length,=20= and libido!" </i> </p> Linda F., New York <p> <i> "At the beginning I decided the gratuitous sample package I got was a=20= kind of a nasty trick, until I tried taking the P.E.P. Words cannot=20= describe how satisfied I am with the effects I got from using the patch=20= for 7 brief weeks. I will be requesting constantly!" </i> </p> Steve Doubt, Colorado <center> <a href=3D"http://www.opirsa.com/?lpagjrovizb" target=3D"_blank"> Look at more references about this amazing product right here and right=20= now! </a> </center> </b> <font color=3D"#D9EDFF">http://www.opirsa.com/?lpagjrovizb</font> </BODY></HTML> ------------A7C4092C42CBDAE9-- Received: from vasja-188ed6d56 (customer-196.232.livas.lv [84.245.196.232]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6TBlT9F075445; Sun, 29 Jul 2007 04:47:32 -0700 (MST) (envelope-from sogavayeashenaboh@avayeashena.com) Received: from 212.97.96.205 (HELO mail2.gbc.net) by imc.org with esmtp (931)F3-Q145+ Q8CA) id 50TY(0--TQ=N--0Q for abuse@imc.org; Sun, 29 Jul 2007 11:51:43 -0200 Date: Sun, 29 Jul 2007 11:51:43 -0200 From: "Rachael Tracy" <sogavayeashenaboh@avayeashena.com> X-Mailer: The Bat! (v3.5.25) Professional X-Priority: 3 (Normal) Message-ID: <171489460.34164442968611@thhebat.net> To: abuse@imc.org Subject: Don't be inadequate anymore MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------D3ECFFF8BD3710" X-Spam: Not detected ------------D3ECFFF8BD3710 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable After all the real thing =96 without money tricks! P.E.P. are very hot at the time! Well here comes the genuine stuff not=20= a counterfeit! One of the very exceptionals, totally unrivalled stuff is easy=20= accessible around the world! Pay attention to just what people tell on this produce: "I pleased how fast this product affected on my boyfriend, he can not=20= stop babbling about how hot he is having such new girth, extent, and=20= libido!" Amely S., Chicago "At the beginning I considered the specimen package I got gratis was=20= some kind of joke, till I actually tried to take the P.E.P. No words can=20= describe how greatly pleased I am with the outcome I achieved from using=20= the remedy after 9 short weeks. I'll be ordering continually!" Serge Smith, Chicago Look at more references about this astounding product right here &=20= right now! http://www.ovamet.com/?vaoyqhksukn ------------D3ECFFF8BD3710 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Be the "biggest" out of all your friends</TITLE> </HEAD> <BODY> <b> After all the real thing =96 without money tricks! <br> <a href=3D"http://www.ovamet.com/?vaoyqhksukn"=20= target=3D"_blank">P.E.P.</a> are very hot at the time! Well here comes=20= the genuine stuff not a counterfeit! <br> One of the very exceptionals, totally unrivalled stuff is easy=20= accessible around the world! <br> Pay attention to just what people tell on this produce: <p> <i> "I pleased how fast this product affected on my boyfriend, he can not=20= stop babbling about how hot he is having such new girth, extent, and=20= libido!" </i> </p> Amely S., Chicago <p> <i> "At the beginning I considered the specimen package I got gratis was=20= some kind of joke, till I actually tried to take the P.E.P. No words can=20= describe how greatly pleased I am with the outcome I achieved from using=20= the remedy after 9 short weeks. I'll be ordering continually!" </i> </p> Serge Smith, Chicago <center> <a href=3D"http://www.ovamet.com/?vaoyqhksukn" target=3D"_blank"> Look at more references about this astounding product right here &=20= right now! </a> </center> </b> <font color=3D"#D9EDFF">http://www.ovamet.com/?vaoyqhksukn</font> </BODY></HTML> ------------D3ECFFF8BD3710-- Received: from [213.156.113.156] (113-156.echostar.pl [213.156.113.156]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6SKvpro011250 for <ietf-pkix-archive@imc.org>; Sat, 28 Jul 2007 13:57:53 -0700 (MST) (envelope-from hagatcadbut@atcad.net) Received: from [213.156.113.156] by mx.atcad.net; Sat, 28 Jul 2007 20:57:54 -0100 Date: Sat, 28 Jul 2007 20:57:54 -0100 From: "Amber French" <hagatcadbut@atcad.net> X-Mailer: The Bat! (v3.71.14) Home Reply-To: hagatcadbut@atcad.net X-Priority: 3 (Normal) Message-ID: <127132249.38346670413954@atcad.net> To: ietf-pkix-archive@imc.org Subject: Can you imagine that you are healthy? MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------0C70CEDA86ED348" ------------0C70CEDA86ED348 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit LegalRX drug-shop propose all pharmas you feel necessity in in order to recover your health for a little price. We operate across the planet with customers from all continents. At this time you got no need to look for chemist's somewhere at your area. We certainly convey pharmas of the highest qualityworldwide. Come to our site to place an order for cures that you demand immediately straightly to your home. http://onface.cn/ Were accredited by VeriSign and VISA accordingly we provide safe & trustworthy purchase. ------------0C70CEDA86ED348 Content-Type: text/html; charset=iso-8859-2 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <b><font color="#00CC33"><em>LegalRX</em></font> drug-shop propose all pharmas you feel necessity in in order to recover your health for a little price. <br> We operate across the planet with customers from all continents. <br> At this time you got no need to look for chemist's somewhere at your area.<br> We certainly convey pharmas of the highest qualityworldwide. <br> <br> <a href="http://onface.cn/" target="_blank"><em>Come to our site to place an order for cures that you demand immediately straightly to your home.</em></a></b> <br> <font color="#D9EDFF">http://onface.cn/</font> <br><b>Were accredited by <font color="#FF0000"><em>VeriSign</em></font> and <font color="#FF0000"><em>VISA</em></font> accordingly we provide safe & trustworthy purchase. </b> </BODY></HTML> ------------0C70CEDA86ED348-- Received: from muedsl-82-207-244-252.citykom.de (muedsl-82-207-244-252.citykom.de [82.207.244.252]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6RMN6nK096993; Fri, 27 Jul 2007 15:23:08 -0700 (MST) (envelope-from mehasiasalsasej@asiasalsa.com) Received: from 203.116.173.124 (HELO mail.asiasalsa.com) by imc.org with esmtp (4TM9-*208(> .BY-1) id +C@6,O-PR03)4-1D for ietf-pkix-request@imc.org; Fri, 27 Jul 2007 22:23:09 -0100 Date: Fri, 27 Jul 2007 22:23:09 -0100 From: "Vince Hobbs" <mehasiasalsasej@asiasalsa.com> X-Mailer: The Bat! (v3.0.1.33) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <369278338.16180071128873@thhebat.net> To: ietf-pkix-request@imc.org Subject: Doctors and Celebrities endorse Anatrim MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------E35DA9F4D3C098F" X-Spam: Not detected ------------E35DA9F4D3C098F Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Do not fail your opportunity! Anatrim The latest & most fascinating product for over-weight people is now readily available As could be seen on Oprah Do you count up all the situations when you told yourself you would do any thing for being rescued from this frightful pounds of fat? Luckily, now no major offering is necessary. With Anatrim, the ground-shaking, you can achieve naturally health life style and become really slimmer. Just notice what people say to us! I had always led an astonishing life till a year back the girl I was dating told me I was obese and in need of looking after my health. Life went the wrong way after that, until I found Anatrim . After loosing more than 40 pounds thanks to Anatrim, my private lifes come back, notoriously better than even before. Lots of thanks for the incredible product & the first-class maintenance service. Keep up the useful work! Steve Burbon, Texas "Nothing feels better than sliding into a bikini that I have not worn for many long years. I feel slim, defined, and vigorous, thanks to a great extent to Anatrim! Thank you a lot!" Lusia R., Texas Discover Anatrim, and you shall join the world-wide company of thousands of delighted buyers whore getting pleasure out of the revolutionary results of Anatrim here and now. Less guzzling madness, less kilogrames and more festivity in life! Proceed right here to inspect our outdone Anatrim dealings!!! http://www.ensorgen.com/?uvezgrxcu ------------E35DA9F4D3C098F Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Look in the mirror and enjoy the new you</TITLE> </HEAD> <BODY> <p> <center> <b> <a href="http://www.ensorgen.com/?uvezgrxcu" target="_blank"> Do not fail your opportunity! Anatrim The latest & most fascinating product for over-weight people is now readily available As could be seen on Oprah </a> </center> <br> Do you count up all the situations when you told yourself you would do any thing for being rescued from this frightful pounds of fat? Luckily, now no major offering is necessary. With Anatrim, the ground-shaking, you can achieve naturally health life style and become really slimmer. Just notice what people say to us! <br> <br> <i> I had always led an astonishing life till a year back the girl I was dating told me I was obese and in need of looking after my health. Life went the wrong way after that, until I found Anatrim . After loosing more than 40 pounds thanks to Anatrim, my private lifes come back, notoriously better than even before. Lots of thanks for the incredible product & the first-class maintenance service. Keep up the useful work! </i> <br> <b> <i> Steve Burbon, Texas </i> </b> <br> <br> <i> "Nothing feels better than sliding into a bikini that I have not worn for many long years. I feel slim, defined, and vigorous, thanks to a great extent to Anatrim! Thank you a lot!" </i> <br> <b> <i> Lusia R., Texas </i> </b> <br> <br> Discover Anatrim, and you shall join the world-wide company of thousands of delighted buyers whore getting pleasure out of the revolutionary results of Anatrim here and now. Less guzzling madness, less kilogrames and more festivity in life! <br> <br> <center> <a href="http://www.ensorgen.com/?uvezgrxcu" target="_blank"> Proceed right here to inspect our outdone Anatrim dealings!!! </a> </center> </b> </p> <font color="#D9EDFF">http://www.ensorgen.com/?uvezgrxcu</font> </BODY></HTML> ------------E35DA9F4D3C098F-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6RKLLTH088671 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 27 Jul 2007 13:21:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6RKLLRo088669; Fri, 27 Jul 2007 13:21:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from woodstock.binhost.com (woodstock.binhost.com [66.150.120.2]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l6RKLJNx088653 for <ietf-pkix@imc.org>; Fri, 27 Jul 2007 13:21:20 -0700 (MST) (envelope-from housley@vigilsec.com) Message-Id: <200707272021.l6RKLJNx088653@balder-227.proper.com> Received: (qmail 31429 invoked by uid 0); 27 Jul 2007 20:21:10 -0000 Received: from unknown (HELO THINKPADR52.vigilsec.com) (67.97.210.2) by woodstock.binhost.com with SMTP; 27 Jul 2007 20:21:10 -0000 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Fri, 27 Jul 2007 15:21:11 -0500 To: ietf-smime@imc.org, ietf-pkix@imc.org From: Russ Housley <housley@vigilsec.com> Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for Cc: tls@ietf.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Excuse the cross-post, but this message seems relevant to these lists as well as TLS. Russ = = = = = = = = = = Date: Sat, 28 Jul 2007 04:17:33 +1200 From: pgut001@cs.auckland.ac.nz To: martin.rex@sap.com Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for Cc: tls@ietf.org Martin Rex <Martin.Rex@sap.com> writes: >I spent an hour until I gave up. All implementations of S/Mime-capable >MUAs are so horribly broken that even someone with a technical >understanding runs into brick walls everywhere. It's not just S/MIME clients. The PARC study found that people with *PhDs in computer science* took, on average, over two hours to set up a cert for their own use (using paint-by-numbers screenshots as instructions), rated it as the hardest computer task they'd ever been asked to perform, and had no idea what they'd done to their computer when they were finished. PKI people who reviewed the paper were shocked at this, since they assumed that anyone could do it in a few minutes. (There's lots more like this in the two refs I gave. HCISec is a real eye- opener on the real-world effectiveness of security technology :-). Peter. _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls Received: from gv154.internetdsl.tpnet.pl (gv154.internetdsl.tpnet.pl [80.53.73.154]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6R9x9vh040828; Fri, 27 Jul 2007 02:59:32 -0700 (MST) (envelope-from mehasdcomsej@asdcom.net) Received: from 74.208.5.4 (HELO mx01.1and1.com) by imc.org with esmtp (Y.GA>W(C8V6 W702M() id +QN(2)-BQNL6,-42 for ietf-pkix-request@imc.org; Fri, 27 Jul 2007 09:59:34 -0100 Date: Fri, 27 Jul 2007 09:59:34 -0100 From: "Lourdes Keene" <mehasdcomsej@asdcom.net> X-Mailer: The Bat! (v3.60.07) Professional X-Priority: 3 (Normal) Message-ID: <719514916.65908529714552@thhebat.net> To: ietf-pkix-request@imc.org Subject: Stop being obese and unhappy MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------98F4D3C01467E356" X-Spam: Not detected ------------98F4D3C01467E356 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Do not waste the opportunity! =96 Anatrim =96 The newest and most=20= exciting product for corpulent people is now readily available =96 As=20= were told on Oprah Do you recall all the times when you plead to yourself to do any thing=20= to get rid of this frightful number of lbs? Luckily, now no big price is=20= to be paid. Thanks to Anatrim, the earth-shaking, you can get naturally=20= health mode of life and become really thinner. Have a look at what=20= customers write! =93I had always led an outstanding private life till a year ago a girl=20= I was seeing told me I was corpulent and in a great need of looking after=20= my health. Life had changed the wrong way after that, till I found=20= Anatrim =99 at once. Since loosing more than 18 kilogrames only thanks to=20= Anatrim, my private life=92s come back, even significantly better than=20= before. Great thanks for the terrific stuff & the first-class maintenance=20= service. Go on your useful work!=94 Rikky Martin, Bellevue WA "There=92s nothing better than sliding into a bikini that I have not=20= worn for a long period of time. I feel svelte, defined, and strong, thanx=20= to a great extent to Anatrim! Lots of thanks to you!" Silvia D., Las Vegas Check out Anatrim, and you shall join the world-spread community of=20= thousands of pleased user who=92re getting pleasure out of the=20= revolutionary effects of Anatrim right here & right now. Less guzzling=20= mania, less lbs and more fun in life! Click here to scan unbreakable Anatrim arrangements we are so proud to=20= offer!!! http://www.sutcflay.net/?tybuvxophix ------------98F4D3C01467E356 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Getting thinner can be enjoyable</TITLE> </HEAD> <BODY> <p> <center> <b> <a href=3D"http://www.sutcflay.net/?tybuvxophix" target=3D"_blank"> Do not waste the opportunity! =96 Anatrim =96 The newest and most=20= exciting product for corpulent people is now readily available =96 As=20= were told on Oprah </a> </center> <br> Do you recall all the times when you plead to yourself to do any thing=20= to get rid of this frightful number of lbs? Luckily, now no big price is=20= to be paid. Thanks to Anatrim, the earth-shaking, you can get naturally=20= health mode of life and become really thinner. Have a look at what=20= customers write! <br> <br> <i> =93I had always led an outstanding private life till a year ago a girl=20= I was seeing told me I was corpulent and in a great need of looking after=20= my health. Life had changed the wrong way after that, till I found=20= Anatrim =99 at once. Since loosing more than 18 kilogrames only thanks to=20= Anatrim, my private life=92s come back, even significantly better than=20= before. Great thanks for the terrific stuff & the first-class maintenance=20= service. Go on your useful work!=94 </i> <br> <b> <i> Rikky Martin, Bellevue WA </i> </b> <br> <br> <i> "There=92s nothing better than sliding into a bikini that I have not=20= worn for a long period of time. I feel svelte, defined, and strong, thanx=20= to a great extent to Anatrim! Lots of thanks to you!" </i> <br> <b> <i> Silvia D., Las Vegas </i> </b> <br> <br> Check out Anatrim, and you shall join the world-spread community of=20= thousands of pleased user who=92re getting pleasure out of the=20= revolutionary effects of Anatrim right here & right now. Less guzzling=20= mania, less lbs and more fun in life! <br> <br> <center> <a href=3D"http://www.sutcflay.net/?tybuvxophix" target=3D"_blank"> Click here to scan unbreakable Anatrim arrangements we are so proud to=20= offer!!! </a> </center> </b> </p> <font color=3D"#D9EDFF">http://www.sutcflay.net/?tybuvxophix</font> </BODY></HTML> ------------98F4D3C01467E356-- Received: from client-190.40.143.45.speedy.net.pe (client-190.40.143.45.speedy.net.pe [190.40.143.45] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6R10HfL001492 for <ietf-pkix-archive@imc.org>; Thu, 26 Jul 2007 18:00:30 -0700 (MST) (envelope-from do-not-reply@hmoz.net) Received: from [190.40.143.45] by (null); Fri, 27 Jul 2007 01:00:29 +0000 Message-ID: <000801c7cfe9$0200d0f3$d557318d@krnkoxfh> From: "Hmoz.Net" <do-not-reply@hmoz.net> To: <ietf-pkix-archive@imc.org> Subject: Hmoz: Account details information Date: Thu, 26 Jul 2007 23:13:06 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7CFE9.01FB3215" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C7CFE9.01FB3215 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --------------------------------------------- Thank you for using Hmoz.net ! --------------------------------------------- This account created 26 Jul 2007 04:50:27 PM from IP address=20 User Name: ietf-pkix-archive@imc.org Password: UdUM211r Click here to login: http://www.hmoz.net/bb/index.php?g=3Dietf-pkix-archive@imc.org&x=3Dsessio= n_IDp5cYYkvU=3Dq Your account ID:10104130 If you use anti-spam email software, be sure to add = 'do-not-reply@hmoz.net' to your list of approved senders. ------=_NextPart_000_0005_01C7CFE9.01FB3215 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.3790.2759" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY> <DIV align=3D"center"> ---------------------------------------------<BR> Thank you for using Hmoz.net !<BR> ---------------------------------------------<BR> This account created 26 Jul 2007 04:50:27 PM<BR> from IP address < 65.100.126.232 ></DIV> <P align=3D"center">User Name: ietf-pkix-archive@imc.org<BR> Password: UdUM211r</P> <P align=3D"center">Click here to login:<BR> <A = href=3D"http://www.hmoz.net/bb/index.php?w=3Dietf-pkix-archive@imc.org&y=3D= sessionID_0053j076=3Dw">http://www.hmoz.net/bb/index.php?g=3Dietf-pkix-ar= chive@imc.org&x=3Dsession_IDp5cYYkvU=3Dq</A></P> <P align=3D"center">Your account ID:10104130</P> <P align=3D"center">If you use anti-spam email software, be sure to add = 'do-not-reply@hmoz.net' to your list of approved senders.</P> </BODY></HTML></BODY></HTML> ------=_NextPart_000_0005_01C7CFE9.01FB3215-- Received: from 78-3-124-153.adsl.net.t-com.hr (78-3-124-153.adsl.net.t-com.hr [78.3.124.153]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6R0TYYO098502 for <ietf-pkix-archive@imc.org>; Thu, 26 Jul 2007 17:29:44 -0700 (MST) (envelope-from account@hmoz.net) Received: from [78.3.124.153] by (null); Fri, 27 Jul 2007 00:29:51 +0000 Message-ID: <000a01c7cfe5$07f51fc7$ea6b878f@durocw> From: "Hmoz Service" <account@hmoz.net> To: <ietf-pkix-archive@imc.org> Subject: Your signup information Date: Thu, 26 Jul 2007 22:42:28 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7CFE5.07F0C8DA" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C7CFE5.07F0C8DA Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --------------------------------------------- Thank you for using Hmoz.net ! --------------------------------------------- This account created 26 Jul 2007 05:05:27 PM from IP address=20 User Name: ietf-pkix-archive@imc.org Password: H923WH5K Click here to login: http://www.hmoz.net/bb/index.php?o=3Dietf-pkix-archive@imc.org&x=3Dsessio= n_ID937iEhtH=3Dm Your account ID:10180886 If you use anti-spam email software, be sure to add 'account@hmoz.net' = to your list of approved senders. ------=_NextPart_000_0007_01C7CFE5.07F0C8DA Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.3790.2759" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY> <DIV align=3D"center"> ---------------------------------------------<BR> Thank you for using Hmoz.net !<BR> ---------------------------------------------<BR> This account created 26 Jul 2007 05:05:27 PM<BR> from IP address < 66.100.167.212 ></DIV> <P align=3D"center">User Name: ietf-pkix-archive@imc.org<BR> Password: H923WH5K</P> <P align=3D"center">Click here to login:<BR> <A = href=3D"http://www.hmoz.net/bb/index.php?q=3Dietf-pkix-archive@imc.org&t=3D= sessionID_XwqsxjpG=3Dd">http://www.hmoz.net/bb/index.php?o=3Dietf-pkix-ar= chive@imc.org&x=3Dsession_ID937iEhtH=3Dm</A></P> <P align=3D"center">Your account ID:10180886</P> <P align=3D"center">If you use anti-spam email software, be sure to add = 'account@hmoz.net' to your list of approved senders.</P> </BODY></HTML></BODY></HTML> ------=_NextPart_000_0007_01C7CFE5.07F0C8DA-- Received: from Helena (homeuser77.43.141.237.ccl.perm.ru [77.43.141.237]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6QHFOAv064728; Thu, 26 Jul 2007 10:15:36 -0700 (MST) (envelope-from magarbutusbooksfen@arbutusbooks.com) Received: from 63.247.135.152 (HELO arbutusbooks.com) by imc.org with esmtp (,7-603G*053 +8,+@() id R32MX'-;157.5-E1 for ietf-pkix-request@imc.org; Thu, 26 Jul 2007 17:15:32 -0500 Date: Thu, 26 Jul 2007 17:15:32 -0500 From: "Robyn Bingham" <magarbutusbooksfen@arbutusbooks.com> X-Mailer: The Bat! (v3.51.10) Home X-Priority: 3 (Normal) Message-ID: <942260807.04777535508028@thhebat.net> To: ietf-pkix-request@imc.org Subject: Our present for your health MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------8B6E92CBDAE9090" X-Spam: Not detected ------------8B6E92CBDAE9090 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: quoted-printable As our dearest client you have a chance to check out first of all our=20= new Internet site! Only original high-grade pharmaceutics at a price easy to buy!! 20% guaranteed rebate is expecting for you!!! Notice what write our glad customers: From: Jaden Walker Subject: Simply thank you! "Thank you so much you granted to me holiday cut rates and your unique=20= propositions that save me my time and greens, proposing only preparations=20= of best quality. You are one of my favorites, I shall say about your=20= store without fail to all my friends!" Take a note some more gratitudes at our site! http://colondwelling.com/ ------------8B6E92CBDAE9090 Content-Type: text/html; charset=windows-1250 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Our present for your health</TITLE> </HEAD> <BODY> <strong> As our dearest client you have a chance to check out first of all our=20= new Internet site!<br> Only original high-grade pharmaceutics at a price easy to buy!!<br> <font color=3D"#FF0000">20%</font> guaranteed rebate is expecting for=20= you!!! </strong><br> <strong><font color=3D"#17960A">Notice what write our glad=20= customers:</font></strong><br> <strong>From: </strong>Jaden Walker<strong><br> Subject: </strong>Simply thank you!<br> <strong><em>"Thank you so much you granted to me holiday cut rates and=20= your unique propositions that save me my time and greens, proposing only=20= preparations of best quality. You are one of my favorites, I shall say=20= about your store without fail to all my friends!"</em></strong><br><br> <em><strong><a href=3D"http://colondwelling.com" target=3D"_blank">Take=20= a note some more gratitudes at our site!</a></strong></em><br> <font color=3D"#D9EDFF">http://colondwelling.com/</font> </BODY></HTML> ------------8B6E92CBDAE9090-- Received: from fresh-express.rmt.ru (fresh-express.rmt.ru [81.13.45.26]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6QFaBPm055352; Thu, 26 Jul 2007 08:36:11 -0700 (MST) (envelope-from magarchitectourfen@architectour.com) Received: from 204.3.139.251 (HELO architectour.com) by imc.org with esmtp ((.*2<=4J =F/H>W) id ).:979-ZL18A0-O4 for ietf-openproxy@imc.org; Thu, 26 Jul 2007 15:36:41 -0300 Date: Thu, 26 Jul 2007 15:36:41 -0300 From: "Dwight Combs" <magarchitectourfen@architectour.com> X-Mailer: The Bat! (v3.80.03) Home X-Priority: 3 (Normal) Message-ID: <798138423.18905891918515@thhebat.net> To: ietf-openproxy@imc.org Subject: Control your weight and appetite MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------29EFD3D3D3DA051" X-Spam: Not detected ------------29EFD3D3D3DA051 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable Make use of your opportunity! =96 Anatrim =96 The up-to-the-moment &=20= most enchanting flesh loss product is made available now =96 As seen on=20= Oprah Can you hold in your memory all the times when you appeal to yourself=20= to do any thing for being saved from this horrible pounds of fat?=20= Luckily, now no big sacrifice is necessary. Thanks to Anatrim, the=20= ground-shaking, you can achieve healthier mode of life and a really=20= slender figure. Notice what people write! =93I had always led a marvelous private life until a year ago the girl=20= I was meeting said to me I was portly and in extreme want of looking=20= after my health. My life had abruptly changed after that, until I=20= discovered Anatrim =99. After loosing more than 40 lbs only thanx to=20= Anatrim, my private life has come back, much better than even before. A=20= lot of thanks for the coolest stuff and the first-rate service. Keep on=20= the good work!=94 Mikkey Fox, Boston "Nothing feels better than gliding into a bikini that I haven't worn=20= for years. I feel lean, steadfast, and healthy, thanx to a considerable=20= degree to Anatrim! A plenty of thank you!" Lusia R., Las Vegas Discover Anatrim, and you shall add yourself to the world-wide=20= community of thousands of happy customers who=92re getting pleasure out=20= of the revolutionary effects of Anatrim right now. Less gorging insanity,=20= less kilos and more fun in life! Proceed right here to look through our invincible Anatrim deals!!! http://www.krelmo.com/?mvkivwdyl ------------29EFD3D3D3DA051 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Burn pounds off with Anatrim</TITLE> </HEAD> <BODY> <p> <center> <b> <a href=3D"http://www.krelmo.com/?mvkivwdyl" target=3D"_blank"> Make use of your opportunity! =96 Anatrim =96 The up-to-the-moment &=20= most enchanting flesh loss product is made available now =96 As seen on=20= Oprah </a> </center> <br> Can you hold in your memory all the times when you appeal to yourself=20= to do any thing for being saved from this horrible pounds of fat?=20= Luckily, now no big sacrifice is necessary. Thanks to Anatrim, the=20= ground-shaking, you can achieve healthier mode of life and a really=20= slender figure. Notice what people write! <br> <br> <i> =93I had always led a marvelous private life until a year ago the girl=20= I was meeting said to me I was portly and in extreme want of looking=20= after my health. My life had abruptly changed after that, until I=20= discovered Anatrim =99. After loosing more than 40 lbs only thanx to=20= Anatrim, my private life has come back, much better than even before. A=20= lot of thanks for the coolest stuff and the first-rate service. Keep on=20= the good work!=94 </i> <br> <b> <i> Mikkey Fox, Boston </i> </b> <br> <br> <i> "Nothing feels better than gliding into a bikini that I haven't worn=20= for years. I feel lean, steadfast, and healthy, thanx to a considerable=20= degree to Anatrim! A plenty of thank you!" </i> <br> <b> <i> Lusia R., Las Vegas </i> </b> <br> <br> Discover Anatrim, and you shall add yourself to the world-wide=20= community of thousands of happy customers who=92re getting pleasure out=20= of the revolutionary effects of Anatrim right now. Less gorging insanity,=20= less kilos and more fun in life! <br> <br> <center> <a href=3D"http://www.krelmo.com/?mvkivwdyl" target=3D"_blank"> Proceed right here to look through our invincible Anatrim deals!!! </a> </center> </b> </p> <font color=3D"#D9EDFF">http://www.krelmo.com/?mvkivwdyl</font> </BODY></HTML> ------------29EFD3D3D3DA051-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PMEqtx069272 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Jul 2007 15:14:52 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6PMEqlV069271; Wed, 25 Jul 2007 15:14:52 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.191]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PMEoZf069256 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@imc.org>; Wed, 25 Jul 2007 15:14:51 -0700 (MST) (envelope-from stefans@microsoft.com) Received: from dub-exhub-c302.europe.corp.microsoft.com (65.53.213.92) by DUB-EXGWY-E801.partners.extranet.microsoft.com (10.251.129.1) with Microsoft SMTP Server (TLS) id 8.1.122.1; Wed, 25 Jul 2007 23:14:49 +0100 Received: from EA-EXMSG-C307.europe.corp.microsoft.com ([65.53.221.50]) by dub-exhub-c302.europe.corp.microsoft.com ([65.53.213.92]) with mapi; Wed, 25 Jul 2007 23:14:49 +0100 From: Stefan Santesson <stefans@microsoft.com> To: Andy Nourse <nourse@cisco.com>, "ietf-pkix@imc.org" <ietf-pkix@imc.org> Date: Wed, 25 Jul 2007 23:14:24 +0100 Subject: RE: PKIX meeting agenda Thread-Topic: PKIX meeting agenda Thread-Index: AcfBq38kVsSStFwYTIKoyLelr6Wj7ALuyu1AAGWPAwAAAvU32gAACp0w Message-ID: <A15AC0FBACD3464E95961F7C0BCD1FF0020F1AFA7E@EA-EXMSG-C307.europe.corp.microsoft.com> References: <A15AC0FBACD3464E95961F7C0BCD1FF0020F1AFA6F@EA-EXMSG-C307.europe.corp.microsoft.com> <C2CD189A.4649E%nourse@cisco.com> In-Reply-To: <C2CD189A.4649E%nourse@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l6PMEpZe069266 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Oh, sorry. That was the internal tool link. This link should work a lot better: http://www3.ietf.org/proceedings/07jul/agenda/pkix.txt Thanks for catching this. Stefan Santesson Senior Program Manager Windows Security, Standards > -----Original Message----- > From: Andy Nourse [mailto:nourse@cisco.com] > Sent: den 25 juli 2007 17:11 > To: Stefan Santesson > Subject: Re: PKIX meeting agenda > > That document is password-protected. > > Andy > > > On 7/25/07 1:54 PM, "Stefan Santesson" <stefans@microsoft.com> wrote: > > > > > A final revision of the agenda has been uploaded. > > > > https://datatracker.ietf.org/cgi-bin/wg/wg_proceedings.cgi > > > > The conclusion is that we are very short of time compared to the > number of > > requested presentations. > > > > Unfortunately this has forced me to be very restrictive with the > amount of > > time awarded to each presentation. > > For the next IETF we are discussing going back to a 2 hour time slot. > > > > To make this meeting as efficient as possible and to provide time for > all > > presenters I would like to ask all presenters to do 2 things: > > > > 1) Make sure you e-mail me your slides at latest tomorrow morning so > I can > > have them all ready and uploaded at meeting start. > > 2) To restrict your presentation to the major points you want to > communicate. > > > > For the rest of you, be in time :) > > > > Thank you in advance and looking forward to see you tomorrow. > > > > > > Stefan Santesson > > Senior Program Manager > > Windows Security, Standards Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PKtVEH045419 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Jul 2007 13:55:31 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6PKtV8M045418; Wed, 25 Jul 2007 13:55:31 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.191]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PKtRdN045388 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@imc.org>; Wed, 25 Jul 2007 13:55:30 -0700 (MST) (envelope-from stefans@microsoft.com) Received: from dub-exhub-c302.europe.corp.microsoft.com (65.53.213.92) by DUB-EXGWY-E801.partners.extranet.microsoft.com (10.251.129.1) with Microsoft SMTP Server (TLS) id 8.1.122.1; Wed, 25 Jul 2007 21:55:26 +0100 Received: from EA-EXMSG-C307.europe.corp.microsoft.com ([65.53.221.50]) by dub-exhub-c302.europe.corp.microsoft.com ([65.53.213.92]) with mapi; Wed, 25 Jul 2007 21:55:26 +0100 From: Stefan Santesson <stefans@microsoft.com> To: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Date: Wed, 25 Jul 2007 21:54:59 +0100 Subject: PKIX meeting agenda Thread-Topic: PKIX meeting agenda Thread-Index: AcfBq38kVsSStFwYTIKoyLelr6Wj7ALuyu1AAGWPAwA= Message-ID: <A15AC0FBACD3464E95961F7C0BCD1FF0020F1AFA6F@EA-EXMSG-C307.europe.corp.microsoft.com> References: <E1I7e5u-0006xl-Aj@stiedprstage1.ietf.org> <008e01c7cd67$c7d43fd0$75568182@Wylie> In-Reply-To: <008e01c7cd67$c7d43fd0$75568182@Wylie> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l6PKtUdM045411 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> A final revision of the agenda has been uploaded. https://datatracker.ietf.org/cgi-bin/wg/wg_proceedings.cgi The conclusion is that we are very short of time compared to the number of requested presentations. Unfortunately this has forced me to be very restrictive with the amount of time awarded to each presentation. For the next IETF we are discussing going back to a 2 hour time slot. To make this meeting as efficient as possible and to provide time for all presenters I would like to ask all presenters to do 2 things: 1) Make sure you e-mail me your slides at latest tomorrow morning so I can have them all ready and uploaded at meeting start. 2) To restrict your presentation to the major points you want to communicate. For the rest of you, be in time :) Thank you in advance and looking forward to see you tomorrow. Stefan Santesson Senior Program Manager Windows Security, Standards Received: from Olles.oskarnet.net (c66-114.oskarnet.se [217.140.114.66]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PKhlXS041589; Wed, 25 Jul 2007 13:43:48 -0700 (MST) (envelope-from genapocanowcuf@apocanow.it) Received: from 194.177.97.181 (HELO mail.apocanow.it) by imc.org with esmtp (0)F-*71K, RG,1) id 8(H>F5-064(EY-63 for paulh@imc.org; Wed, 25 Jul 2007 20:43:50 -0100 Date: Wed, 25 Jul 2007 20:43:50 -0100 From: "Mai Lozano" <genapocanowcuf@apocanow.it> X-Mailer: The Bat! (v3.0.1.33) Educational X-Priority: 3 (Normal) Message-ID: <070089588.62352709366905@thhebat.net> To: paulh@imc.org Subject: Stop gaining weight and get the figure you want MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------E901675FF8B675" X-Spam: Not detected ------------E901675FF8B675 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Do not decline your chance! =96 Anatrim =96 The newest & most exciting=20= lose flesh product is now readily available =96 As could be seen on Oprah Do you recall all the cases when you said to yourself you would do any=20= thing for being rescued from this horrible kilos of fat? Fortunately, now=20= no major price is to be paid. With Anatrim, the ground-breaking, you can=20= get healthier lifestyle and become really slimmer. Just look at what our=20= clients say to us! =93I had always led a first-class life until last year my girl said to=20= me I was plump and in want of keeping eye on my health. My life went the=20= wrong way after that, till I was told about Anatrim =99. After getting=20= rid of about 20 kilogrames thanx to Anatrim, my private life is back on=20= track, significantly better even than before. Plenty of thanx for the=20= terrific product & the first-class maintenance service. Keep on the=20= worthy work!=94 Mike Brown, New York "Nothing feels better than gliding into a bikini I haven't worn for=20= many long years. Now I feel svelte, defined, and strong, thanx in great=20= part to Anatrim! Greatest thank you!" Linda F., Colorado Discover Anatrim, and you shall add yourself to the worldwide=20= community of thousands of delighted customers who are getting pleasure=20= out of the revolutionary effects of Anatrim just now. Less eating mania,=20= less kilos and more gaiety in your life! Click right here to gaze at our invincible Anatrim arrangement!!! http://www.ayolmins.net/?maqdcyloyqvts ------------E901675FF8B675 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Healthy living with less fat</TITLE> </HEAD> <BODY> <p> <center> <b> <a href=3D"http://www.ayolmins.net/?maqdcyloyqvts" target=3D"_blank"> Do not decline your chance! =96 Anatrim =96 The newest & most exciting=20= lose flesh product is now readily available =96 As could be seen on Oprah </a> </center> <br> Do you recall all the cases when you said to yourself you would do any=20= thing for being rescued from this horrible kilos of fat? Fortunately, now=20= no major price is to be paid. With Anatrim, the ground-breaking, you can=20= get healthier lifestyle and become really slimmer. Just look at what our=20= clients say to us! <br> <br> <i> =93I had always led a first-class life until last year my girl said to=20= me I was plump and in want of keeping eye on my health. My life went the=20= wrong way after that, till I was told about Anatrim =99. After getting=20= rid of about 20 kilogrames thanx to Anatrim, my private life is back on=20= track, significantly better even than before. Plenty of thanx for the=20= terrific product & the first-class maintenance service. Keep on the=20= worthy work!=94 </i> <br> <b> <i> Mike Brown, New York </i> </b> <br> <br> <i> "Nothing feels better than gliding into a bikini I haven't worn for=20= many long years. Now I feel svelte, defined, and strong, thanx in great=20= part to Anatrim! Greatest thank you!" </i> <br> <b> <i> Linda F., Colorado </i> </b> <br> <br> Discover Anatrim, and you shall add yourself to the worldwide=20= community of thousands of delighted customers who are getting pleasure=20= out of the revolutionary effects of Anatrim just now. Less eating mania,=20= less kilos and more gaiety in your life! <br> <br> <center> <a href=3D"http://www.ayolmins.net/?maqdcyloyqvts" target=3D"_blank"> Click right here to gaze at our invincible Anatrim arrangement!!! </a> </center> </b> </p> <font color=3D"#D9EDFF">http://www.ayolmins.net/?maqdcyloyqvts</font> </BODY></HTML> ------------E901675FF8B675-- Received: from host-81-190-63-70.lublin.mm.pl (host-81-190-63-70.lublin.mm.pl [81.190.63.70]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PJMCxR017055; Wed, 25 Jul 2007 12:22:15 -0700 (MST) (envelope-from laganneincvij@anneinc.com) Received: from [81.190.63.70] by mx1.swcp.com; Wed, 25 Jul 2007 19:22:12 -0100 Date: Wed, 25 Jul 2007 19:22:12 -0100 From: "Carol Wheeler" <laganneincvij@anneinc.com> X-Mailer: The Bat! (v3.71.14) Professional Reply-To: laganneincvij@anneinc.com X-Priority: 3 (Normal) Message-ID: <193781076.86579807948513@anneinc.com> To: ietf-pkix-archive@imc.org Subject: Olny this 5 days special price on pharma for you dear customer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------2195E0CA4F0C386" ------------2195E0CA4F0C386 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit Warm Greetings!!! Unique proposition for you Dear Client!!! Only at these five days for our byers inconceivable offer!!! On all pharma you require!!! Fill in your life with colours of festivity!!! http://seedradio.cn/ Truly yours, Online community of druggists ------------2195E0CA4F0C386 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <strong><font color="#1CA82E"><em>Warm Greetings!!! </em></font><br> Unique proposition for you <font color="#FF0000"><em>Dear Client!!!</em></font><br> Only at these <font color="#FF0000"><em>five days</em></font> for our byers inconceivable offer!!! <br> On all pharma you require!!! </strong> <strong><br><br> <a href="http://seedradio.cn/" target="_blank"><em>Fill in your life with colours of festivity!!! </em></a></strong> <p><font color="#D9EDFF">http://seedradio.cn/</font></p> <p><strong>Truly yours,<br> <em>Online community of druggists</em></strong></p> </BODY></HTML> ------------2195E0CA4F0C386-- Received: from bobek-1e08bdec1.godula.net (pc056201.godula.net [195.74.56.201]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6PHQgb9078345; Wed, 25 Jul 2007 10:26:44 -0700 (MST) (envelope-from laganimangavij@animanga.com) Received: from 193.247.238.1 (HELO oort.cohprog.com) by imc.org with esmtp (4N0+LV*72 67R8(>) id 00DY8>-IX0K</-*- for ietf-pay-request@imc.org; Wed, 25 Jul 2007 17:26:54 -0100 Date: Wed, 25 Jul 2007 17:26:54 -0100 From: "Reginald Mcdonald" <laganimangavij@animanga.com> X-Mailer: The Bat! (v3.80.06) Professional X-Priority: 3 (Normal) Message-ID: <305984096.90459039674417@thhebat.net> To: ietf-pay-request@imc.org Subject: Last offer- Discount special for PE patch almost over MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------FD30C9AD305C930" X-Spam: Not detected ------------FD30C9AD305C930 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable After all the real stuff =96 with no swindle! P.E.P. are hot right this time! Well this is the true stuff not a=20= fictitious one! One of the very originals, absolutely unique product is accessible here=20= and there! Take a look at just what people tell on this stuff: "I was really impressed how swiftly this product had an affect on my=20= boyfriend, he can no way stop jabber about how excited he is with his new=20= girth, extent, and libido!" Maria H., New York "At the beginning I considered the free sample parcel I was given was a=20= kind of jest, until I tried P.E.P. Words cannot describe how greatly=20= satisfied I am with the result from using this stuff after 3 short=20= months. I'll be asking for P.E.P. continually!" Charley Mock, Colorado Check up more recommendations about this astounding product here! http://www.elaspit.com/?yfptktwjxlh ------------FD30C9AD305C930 Content-Type: text/html; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Make her worship you</TITLE> </HEAD> <BODY> <b> After all the real stuff =96 with no swindle! <br> <a href=3D"http://www.elaspit.com/?yfptktwjxlh"=20= target=3D"_blank">P.E.P.</a> are hot right this time! Well this is the=20= true stuff not a fictitious one! <br> One of the very originals, absolutely unique product is accessible here=20= and there! <br> Take a look at just what people tell on this stuff: <p> <i> "I was really impressed how swiftly this product had an affect on my=20= boyfriend, he can no way stop jabber about how excited he is with his new=20= girth, extent, and libido!" </i> </p> Maria H., New York <p> <i> "At the beginning I considered the free sample parcel I was given was a=20= kind of jest, until I tried P.E.P. Words cannot describe how greatly=20= satisfied I am with the result from using this stuff after 3 short=20= months. I'll be asking for P.E.P. continually!" </i> </p> Charley Mock, Colorado <center> <a href=3D"http://www.elaspit.com/?yfptktwjxlh" target=3D"_blank"> Check up more recommendations about this astounding product here! </a> </center> </b> <font color=3D"#D9EDFF">http://www.elaspit.com/?yfptktwjxlh</font> </BODY></HTML> ------------FD30C9AD305C930-- Received: from static-87-245-51-24.teleos-web.de (static-87-245-51-24.teleos-web.de [87.245.51.24]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6P0tTBX063429; Tue, 24 Jul 2007 17:55:33 -0700 (MST) (envelope-from lehammitcah@ammit.de) Received: from 194.97.4.244 (HELO pirx.ammit.de) by imc.org with esmtp (+5.D/V/4M B7H45) id T<@=-W-8O.091-@( for ietf-pkix-request@imc.org; Thu, 26 Jul 2007 00:51:59 -0100 Date: Thu, 26 Jul 2007 00:51:59 -0100 From: "Stephen Rodgers" <lehammitcah@ammit.de> X-Mailer: The Bat! (v3.5.30) Educational X-Priority: 3 (Normal) Message-ID: <034169303.98347250847842@thhebat.net> To: ietf-pkix-request@imc.org Subject: She will love you more than any other guy MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------2974B821367BF6" X-Spam: Not detected ------------2974B821367BF6 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable At last, the genuine thing =96 with no more swindle! P.E.P. are tasting hot right this time! Well here comes the genuine=20= thing not a fictitious one! One of the very originals, totally unique product is accessible around=20= the world! Notice just what people tell on this produce: "I was really impressed how fast P.E.P. had an affect on my boyfriend,=20= he can no way stop jabber about how hot he is with his new size, length,=20= and libido!" Silvia D., Washington "At the beginning I considered the free sample parcel I was given was a=20= joke, till I have taken to take the P.E.P. No words can describe how=20= plume I am with the effect I got from using the stuff after 3 short=20= months. I'll be requesting regularly!" Steve Doubt, Chicago Check up more testimonies on this astounding product right here & right=20= now! http://www.ainshot.com/?hguxgqwwy ------------2974B821367BF6 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Don't be inadequate anymore</TITLE> </HEAD> <BODY> <b> At last, the genuine thing =96 with no more swindle! <br> <a href=3D"http://www.ainshot.com/?hguxgqwwy"=20= target=3D"_blank">P.E.P.</a> are tasting hot right this time! Well here=20= comes the genuine thing not a fictitious one! <br> One of the very originals, totally unique product is accessible around=20= the world! <br> Notice just what people tell on this produce: <p> <i> "I was really impressed how fast P.E.P. had an affect on my boyfriend,=20= he can no way stop jabber about how hot he is with his new size, length,=20= and libido!" </i> </p> Silvia D., Washington <p> <i> "At the beginning I considered the free sample parcel I was given was a=20= joke, till I have taken to take the P.E.P. No words can describe how=20= plume I am with the effect I got from using the stuff after 3 short=20= months. I'll be requesting regularly!" </i> </p> Steve Doubt, Chicago <center> <a href=3D"http://www.ainshot.com/?hguxgqwwy" target=3D"_blank"> Check up more testimonies on this astounding product right here & right=20= now! </a> </center> </b> <font color=3D"#D9EDFF">http://www.ainshot.com/?hguxgqwwy</font> </BODY></HTML> ------------2974B821367BF6-- Received: from behemoth.kubnet.pl (behemoth.kubnet.pl [195.117.254.2]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6OF4pqk074018; Tue, 24 Jul 2007 08:04:53 -0700 (MST) (envelope-from kegambraindih@ambrain.com) Received: from [195.117.254.2] by mail.ambrain.com; Tue, 24 Jul 2007 15:04:52 -0100 Date: Tue, 24 Jul 2007 15:04:52 -0100 From: "Solomon Harmon" <kegambraindih@ambrain.com> X-Mailer: The Bat! (v3.60.07) Professional Reply-To: kegambraindih@ambrain.com X-Priority: 3 (Normal) Message-ID: <451869160.74740050864643@ambrain.com> To: ietf-openproxy-request@imc.org Subject: Greatest artworks from top artists MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------B4F29576E0CA4F05" ------------B4F29576E0CA4F05 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit GorgeousArt is the one stop shop for the greatest in artwork from top Russian artists. All of them have been featured in many art exhibitions all over the globe, and you can purchase now all their celebrated works of art at the lowest prices anywhere! All works of art are original works of oil, and are only exclusive for our store. Not only may you find the panic prices here, but we also offer free delivery and many other bonuses to our customers. Thus for surprising prices on excellent Russian artwork, check out GorgeousArt, where we reward allegiance with astounding artwork at panic prices. Only at these five days for our clients unthinkable offer!!! Check it out here & now! http://componentunique.com/ We're approved by VISA and GeoTrust so we provide you with effectual and dependable buying. ------------B4F29576E0CA4F05 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <b><a href="http://componentunique.com/" target="_blank"><em>GorgeousArt</em></a> is the one stop shop for the greatest in artwork from top Russian artists. <br> All of them have been featured in many art exhibitions all over the globe,<br> and you can purchase now all their celebrated works of art at the <em><font color="#FF0000">lowest prices anywhere!</font></em><br> All works of art are original works of oil, and are only <em><font color="#FF0000">exclusive for our store.</font></em><br> Not only may you find the panic prices here,<br> but we also offer <em><font color="#FF0000">free delivery and many other bonuses</font></em> to our customers. <br> Thus for surprising prices on excellent Russian artwork, check out <a href="http://componentunique.com/" target="_blank"><em>GorgeousArt</em></a>, <br> where we reward allegiance with astounding artwork at panic prices. <br> <br> Only at these <font color="#FF0000"><em>five days</em></font> for our clients unthinkable offer!!! <br> <br> <a href="http://componentunique.com/" target="_blank"><em>Check it out here & now!</em></a> <br> <font color="#D9EDFF">http://componentunique.com/</font><br> We're approved by <font color="#FF0000"><em>VISA</em></font> and <font color="#FF0000"><em>GeoTrust</em></font> so we provide you with effectual and dependable buying. </b> </BODY></HTML> ------------B4F29576E0CA4F05-- Received: from 142564544 ([121.136.134.224]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l6O3nfnX061057 for <ietf-pkix-archive@imc.org>; Mon, 23 Jul 2007 20:51:03 -0700 (MST) (envelope-from shofinla@granitetransportation.com) Received: from granitetransportation.com (144249080 [143716224]) by greyard.com (Qmailv1) with ESMTP id 1F25DEFE9D for <ietf-pkix-archive@imc.org>; Tue, 24 Jul 2007 03:51:04 +0000 Date: Tue, 24 Jul 2007 03:51:04 +0000 From: US NMA <shofinla@granitetransportation.com> X-Mailer: The Bat! (v2.00.6) Personal X-Priority: 3 Message-ID: <7319669186.20070724035104@granitetransportation.com> To: Ietf <ietf-pkix-archive@imc.org> Subject: The United States National Medical Association MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------474F598A110DC4D" X-AntiVirus: OK! AntiVir MailGate Version 2.0.1; AVE: 6.15.0.0; VDF: 6.15.0.6 This is a multi-part message in MIME format. ------------474F598A110DC4D Content-Type: text/plain Content-Transfer-Encoding: 7bit The United States National Medical Association Do you buy pharmaceuticals online? The US NMA was specifically established to protect the consumer. Our experts check every online shop for bogus medicines. The blacklist of unreliable or simply fraud shops is updated every week. We strongly recommend to visit our site before buying any medical products online. visit us Our site http://www.us-nma.com/ The common ways of online cheating are: - delivery of low quality or fraud products. - an enormous delay (up to 2-3 months) in delivery of products. - shops obtain all the credit cards numbers and other credit information and then simply send nothing. - shops sell unlicensed products they know nothing or very little about. - shops themselves don't have a license to sell the pharmaceuticals. Please check our blacklist of unreliable and fraud shops before buying any medical products online!!! Protect your family and yourself. mismartilendmarks WFdHUhhBWVpMGFBAUFxcR1dzXVhSHFxGUg== http://www.us-nma.com/ With all due respect and care. The US NMA. ------------474F598A110DC4D Content-Type: text/html Content-Transfer-Encoding: 7bit <html> <body bgColor="#FFFFFF"> <table width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td height="60" bgcolor="#999999"><font color="#FFFFFF" size="5" face="Verdana, Arial, Helvetica, sans-serif"><strong>The United States National Medical Association</strong></font></td> </tr> <tr> <td><p><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif">Do you buy pharmaceuticals online? The US NMA was specifically established to protect the consumer. Our experts check every online shop for bogus medicines. The blacklist of unreliable or simply fraud shops is updated every week. We strongly recommend to visit our site before buying any medical products online</font> <a href="http://eurinmesae.com/?IJEMEOWFdHUhhBWVpMGFBAUFxcR1dzXVhSHFxGUg=="><font color="#FFFFFF">.</font></a> </p> <p><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif">Our site <a href="http://eurinmesae.com/?EILJSMWFdHUhhBWVpMGFBAUFxcR1dzXVhSHFxGUg==">http://www.us-nma.com/</a></font></p> <p><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif">The common ways of online cheating are:<br> </font><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif">- delivery of low quality or fraud products.<br> - an enormous delay (up to 2-3 months) in delivery of products.<br> - shops obtain all the credit cards numbers and other credit information and then simply send nothing. <br> - shops sell unlicensed products they know nothing or very little about.<br> - shops themselves don't have a license to sell the pharmaceuticals.</font></p> <p><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif">Please check our blacklist of unreliable and fraud shops before buying any medical products online!!! Protect your family and yourself.</font></p> <p><font color="#666666" size="2" face="Verdana, Arial, Helvetica, sans-serif"> <a href="http://eurinmesae.com/?EILJSMWFdHUhhBWVpMGFBAUFxcR1dzXVhSHFxGUg==">http://www.us-nma.com/<br> </a></font></p> </td> </tr> <tr> <td height="80" bgcolor="#8FABBE"><p><strong><font color="#FFFFFF" size="3" face="Verdana, Arial, Helvetica, sans-serif">With all due respect and care.<br> The US NMA. </font></strong></p> </td> </tr> </table> </body> </html> ------------474F598A110DC4D-- Received: from matiask44.vpn1.redcom.ru (matiask44.vpn1.redcom.ru [212.19.6.230]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6O2cakQ040046; Mon, 23 Jul 2007 19:38:37 -0700 (MST) (envelope-from megalmsalasved@almsalas.com) Received: from 195.219.72.201 (HELO mail.almsalas.com) by imc.org with esmtp (,P,(?H0)77/ :>I9) id N(45L/-3:=N*R-BW for ietf-msgtrk@imc.org; Tue, 24 Jul 2007 02:39:58 -1000 Date: Tue, 24 Jul 2007 02:39:58 -1000 From: "Dave Joyce" <megalmsalasved@almsalas.com> X-Mailer: The Bat! (v2.00.8) Business X-Priority: 3 (Normal) Message-ID: <666304911.00050582525469@thhebat.net> To: ietf-msgtrk@imc.org Subject: Losing weight has never been so easy MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------B486E05E05767D" X-Spam: Not detected ------------B486E05E05767D Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Don't decline the chance! =96 Anatrim =96 The very up-to-date & most=20= fascinating product for corpulent people is now available =96 As told on=20= Oprah Can you retain all the situations when you appeal to yourself to do=20= anything for being saved from this frightful fat? Fortunately, now no=20= major sacrifice is required. Thanks to Anatrim, the ground-breaking, you=20= can achieve naturally health mode of life and become really slimmer. Just=20= notice what people write to us! =93I always had a top private life until a year ago my girlfriend told=20= me I was fat and in want of looking after my health. My life had changed=20= the wrong way after that, until I discovered Anatrim =99 for me at once.=20= After getting rid of about 20 kilos thanx to Anatrim, my private life is=20= back on track, notoriously better than even before. A plenty of thanx to=20= you for the coolest stuff and the first-rate service. Go on your useful=20= action!=94 Dave Klark, Boston "Nothing to compare with gliding into a bikini that I have not been=20= dressed in for years. Now I feel slender, defined, and sturdy, thanks to=20= a considerable degree to Anatrim! A lot of thank you!" Silvia D., San Diego Check out Anatrim, and you shall join the world-wide association of=20= thousands of pleased user who=92re getting pleasure out of the=20= revolutionary effects of Anatrim right now. Less gorging insanity, less=20= lbs and more happiness in your life! Proceed here to see our unbreakable Anatrim deal!!! http://www.alitprin.com/?yxrygikbeebwj ------------B486E05E05767D Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Make your fat friends envy you</TITLE> </HEAD> <BODY> <p> <center> <b> <a href=3D"http://www.alitprin.com/?yxrygikbeebwj" target=3D"_blank"> Don't decline the chance! =96 Anatrim =96 The very up-to-date & most=20= fascinating product for corpulent people is now available =96 As told on=20= Oprah </a> </center> <br> Can you retain all the situations when you appeal to yourself to do=20= anything for being saved from this frightful fat? Fortunately, now no=20= major sacrifice is required. Thanks to Anatrim, the ground-breaking, you=20= can achieve naturally health mode of life and become really slimmer. Just=20= notice what people write to us! <br> <br> <i> =93I always had a top private life until a year ago my girlfriend told=20= me I was fat and in want of looking after my health. My life had changed=20= the wrong way after that, until I discovered Anatrim =99 for me at once.=20= After getting rid of about 20 kilos thanx to Anatrim, my private life is=20= back on track, notoriously better than even before. A plenty of thanx to=20= you for the coolest stuff and the first-rate service. Go on your useful=20= action!=94 </i> <br> <b> <i> Dave Klark, Boston </i> </b> <br> <br> <i> "Nothing to compare with gliding into a bikini that I have not been=20= dressed in for years. Now I feel slender, defined, and sturdy, thanks to=20= a considerable degree to Anatrim! A lot of thank you!" </i> <br> <b> <i> Silvia D., San Diego </i> </b> <br> <br> Check out Anatrim, and you shall join the world-wide association of=20= thousands of pleased user who=92re getting pleasure out of the=20= revolutionary effects of Anatrim right now. Less gorging insanity, less=20= lbs and more happiness in your life! <br> <br> <center> <a href=3D"http://www.alitprin.com/?yxrygikbeebwj" target=3D"_blank"> Proceed here to see our unbreakable Anatrim deal!!! </a> </center> </b> </p> <font color=3D"#D9EDFF">http://www.alitprin.com/?yxrygikbeebwj</font> </BODY></HTML> ------------B486E05E05767D-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6NKainZ019114 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Jul 2007 13:36:44 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6NKai1n019113; Mon, 23 Jul 2007 13:36:44 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp106.biz.mail.mud.yahoo.com (smtp106.biz.mail.mud.yahoo.com [68.142.200.254]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l6NKahFt019097 for <ietf-pkix@imc.org>; Mon, 23 Jul 2007 13:36:43 -0700 (MST) (envelope-from turners@ieca.com) Received: (qmail 3908 invoked from network); 23 Jul 2007 20:36:42 -0000 Received: from unknown (HELO Wylie) (turners@ieca.com@130.129.86.117 with login) by smtp106.biz.mail.mud.yahoo.com with SMTP; 23 Jul 2007 20:36:41 -0000 X-YMail-OSG: HItI11AVM1nseU1jnoyBOUw0gHklqgVzf4bJ9m8LgoJBB005RdtqMqXFhMjAINHn2fUXcySA9A-- Reply-To: <turners@ieca.com> From: "Turner, Sean P." <turners@ieca.com> To: <ietf-pkix@imc.org> References: <E1I7e5u-0006xl-Aj@stiedprstage1.ietf.org> Subject: RE: I-D ACTION:draft-ietf-pkix-sha2-dsa-ecdsa-01.txt Date: Mon, 23 Jul 2007 15:26:41 -0500 Organization: IECA, Inc. Message-ID: <008e01c7cd67$c7d43fd0$75568182@Wylie> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <E1I7e5u-0006xl-Aj@stiedprstage1.ietf.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Thread-Index: AcfBq38kVsSStFwYTIKoyLelr6Wj7ALuyu1A Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> In section 3.1, the OID for id-dsa-with-sha256 doesn't match the OIDs in the ASN.1 module. I think it needs to be 2 vice 1 in the text. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6NFqEX9022416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Jul 2007 08:52:14 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6NFqEns022414; Mon, 23 Jul 2007 08:52:14 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ns0.neustar.com (ns0.neustar.com [156.154.16.158]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6NFqCNO022400 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-pkix@imc.org>; Mon, 23 Jul 2007 08:52:13 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns0.neustar.com (Postfix) with ESMTP id D548932939; Mon, 23 Jul 2007 15:52:11 +0000 (GMT) Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1ID0Ch-0002Qu-Oc; Mon, 23 Jul 2007 11:52:11 -0400 X-test-idtracker: no From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>, pkix mailing list <ietf-pkix@imc.org>, pkix chair <pkix-chairs@tools.ietf.org> Subject: Protocol Action: 'Lightweight OCSP Profile for High Volume Environments' to Proposed Standard Message-Id: <E1ID0Ch-0002Qu-Oc@stiedprstage1.ietf.org> Date: Mon, 23 Jul 2007 11:52:11 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The IESG has approved the following document: - 'Lightweight OCSP Profile for High Volume Environments ' <draft-ietf-pkix-lightweight-ocsp-profile-11.txt> as a Proposed Standard This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact persons are Russ Housley and Sam Hartman. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-lightweight-ocsp-profile-11.txt Technical Summary This document defines a lightweight profile of the Online Certificate Status Protocol (OCSP) that can be used to allow distributed local provision of cashed pre-calculated OCSP responses from a central OCSP server. It is intended that the normative requirements defined in this profile will be adopted by OCSP clients and OCSP responders operating in either very large scale (high volume) PKI environments or environments that need minimize bandwidth or client-side processing power (or both). This document addresses the scalability issues, and defines a message profiles for and OCSP client and responder. The document includes: 1) OCSP response pre-production and distribution; 2) Reduced OCSP message size to lower bandwidth usage; and 3) Response message caching in OCSP responders and clients. Working Group Summary The PKIX working group expressed consensus to advance the document as Informational RFC. Protocol Quality This document has been reviewed by members of the ietf-pkix@imc.org mailing list and by the PKIX working group chairs. This document was reviewed by Russ Housley for the IESG. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6ML0LCB071907 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 22 Jul 2007 14:00:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6ML0LVc071905; Sun, 22 Jul 2007 14:00:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail.cs.dartmouth.edu (mail.cs.dartmouth.edu [129.170.212.100]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6ML0J7J071887 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Sun, 22 Jul 2007 14:00:20 -0700 (MST) (envelope-from pala@cs.dartmouth.edu) Received: from [130.129.17.245] (dhcp-11f5.ietf69.org [130.129.17.245]) (authenticated bits=0) by mail.cs.dartmouth.edu (8.13.8/8.13.8) with ESMTP id l6ML0FUn018982 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 22 Jul 2007 17:00:18 -0400 Message-ID: <46A3C4C6.6050908@cs.dartmouth.edu> Date: Sun, 22 Jul 2007 16:57:42 -0400 From: Massimiliano Pala <pala@cs.dartmouth.edu> Organization: Dartmouth College - Computer Science Department User-Agent: Thunderbird 2.0a1 (X11/20060724) MIME-Version: 1.0 To: Anders Rundgren <anders.rundgren@telia.com> CC: pkix <ietf-pkix@imc.org> Subject: Re: PKI Resource Discovery - Proposal for a new Working Item References: <46969D31.1000803@cs.dartmouth.edu> <008601c7c69c$720de6e0$82c5a8c0@arport2v> <469A52B8.1040304@cs.dartmouth.edu> <004f01c7cb5d$941771f0$82c5a8c0@arport2v> In-Reply-To: <004f01c7cb5d$941771f0$82c5a8c0@arport2v> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000508090907050400050106" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms000508090907050400050106 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hello Anders, thanks for the comments. Anyhow I do not think there is competition between SCVP and PRQP in the sense that PRQP do not deal with certificate validation in any way. It provides only addresses to PKI resources. An SCVP server can actually use PRQP to have a dynamic resource discovery and to be updates about available services. Also DKIM/SPFS/etc.. provide a different approach specific for E/Mail and do not deal with digital certificates (in most cases they just use keys published in DNS). Again, PRQP is thought to be general, not application specific. It can be used to improve efficiency of servers (SCVP is a good example - where does the server find the resources it needs ?), or directly by clients (e.g., where do I send a revocation request ?) I am not familiar with the TAMP, but if you could provide some pointers I'll try to take a look at that. I hope I addresses your comments, if not, let me know :D Cheers, Max Anders Rundgren wrote: > Max, > > Leaving the provisioning stuff out, I have some comments to your examples > <snip> > >> Another scenario where PRQP could be very useful is for service rollover. >> For example if a CA starts with providing CRLs and then it wants to provide >> OCSP only because CRLs are too big (e.g., DoD problems with CRLs), the >> PRPQ responder can dynamically redirect clients from one service to another. > >> Another scenario could be adding new servers to existing ones to provide >> fall back servers to clients without requiring configuring round-robin or >> other more complicated load-balancing DNS-based service. > > These are valid examples but I feel that PRQP may get competition > from SCVP which if implemented in Outlook and similar e-mail clients > would move these issues to the SCVP responder level where they can > be dealt with much easier. In fact, SCVP is potentially not only > addressing these problems, but may also eliminate intermediaries > like http://ec.europa.eu/idabc/en/document/2318/5644, since SCVP > allows each organization to centrally manage their own trusted partners; > something which they probably did before PKI came into the picture. > > Further advantages with SCVP is that it can efficiently deal with the > kind of PKIs that the financial sector is plotting with; i.e. where you > have to pay for validations, requiring each client having a specific > credential in order to access an OCSP responder. Moving these > hassles to the server-level make such schemes work also for more > traditional PKI-using applications. > > I hope I don't sound too negative but if the primary PRQP target is > secure e-mail, I believe there are way too many protocols out there > trying to make secure e-mail work better, including SCVP, TAMP > and DKIM. Personally, I doubt that S/MIME will ever be a security > solution for the masses. According to Cisco, 20000 domains > currently use DKIM which probably means that DKIM has already > eclipsed S/MIME in terms of signed message volume (using DKIM, > messages become signed by default without requiring any action by > the user). > > Although PRQP of course could be applied to the server-level, > I believe the need for such a protocol here is less obvious but of > course it would be very easy to implement compared to getting > MSFT and Mozilla implementing a new protocol in their e-mail > clients. EU's unsuccessful standardization attempts in the area of > on-line signatures indicate that getting vendor support is a close > to an insurmountable hurdle when it comes to standard clients. > > Right now it seems that the fate of TAMP is on the table. > Since TAMP is somewhat like a reversed SCVP, I believe this > discussion will take considerable resources from other things. -- Best Regards, Massimiliano Pala --o------------------------------------------------------------------------ Massimiliano Pala [OpenCA Project Manager] pala@cs.dartmouth.edu project.manager@openca.org Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883 PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179 --o------------------------------------------------------------------------ --------------ms000508090907050400050106 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII2jCC BGkwggNRoAMCAQICAh3jMA0GCSqGSIb3DQEBBAUAMHcxEzARBgoJkiaJk/IsZAEZFgNlZHUx GTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0 bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFydG1vdXRoIENlcnRBdXRoMTAeFw0wNjA0MDcx NTE4MzNaFw0xMDA0MDgxNTE4MzNaMIGnMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRRGFydG1v dXRoIENvbGxlZ2UxJDAiBgNVBAsTG0NvbXB1dGVyIFNjaWVuY2UgRGVwYXJ0bWVudDEUMBIG CgmSJomT8ixkAQETBHBhbGExGjAYBgNVBAMTEU1hc3NpbWlsaWFubyBQYWxhMSQwIgYJKoZI hvcNAQkBFhVwYWxhQGNzLmRhcnRtb3V0aC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBALHoVbyJOrdrYLdA9qV5FNo8dmX6eNKj0ZgiwCsovlhhYZeYbduMJ3G91dTHZiX31lwg bhsTwl3gStQtgGBDzUn9oxJET9cO5ORfwNN9P0ZCuq1fLy38CpUEQNgjhzXYuD1PUFBDwvp8 fCvBGMXop7Rw6cCFTBnABN2R+XOpAKT9AgMBAAGjggFQMIIBTDAOBgNVHQ8BAf8EBAMCBeAw EQYJYIZIAYb4QgEBBAQDAgWgMB8GA1UdIwQYMBaAFD/A1senTwB+7waZZ2y8lh5No3cSMIGi BgNVHSAEgZowgZcwgZQGCisGAQQBQQIBAQEwgYUwPQYIKwYBBQUHAgIwMTAYFhFEYXJ0bW91 dGggQ29sbGVnZTADAgEBGhVEYXJ0bW91dGggQ29sbGVnZSBDUFMwRAYIKwYBBQUHAgEWOGh0 dHA6Ly93d3cuZGFydG1vdXRoLmVkdS9+cGtpbGFiL0RhcnRtb3V0aENQU180U2VwMDMucGRm MCAGA1UdEQQZMBeBFXBhbGFAY3MuZGFydG1vdXRoLmVkdTA/BggrBgEFBQcBAQQzMDEwLwYI KwYBBQUHMAGGI2h0dHA6Ly9jb2xsZWdlY2EuZGFydG1vdXRoLmVkdS9vY3NwMA0GCSqGSIb3 DQEBBAUAA4IBAQDOqoLRDppYBEFAtYdM5lvsbZ97q97SW7HCyNysOBtadfRH2QulfH8h+RZ6 AikMTt8yGl4JTJE5II89IPT5gRbSUadDT+Uyh1TAwNvJDxspcBS4Z4KsNw2wPwgHM1uM9xYG nS+xMcDUHCvPjSgD52HSi27alulq7jrNJMjUIK8qLI21NnDvVDVMPUIdGOz5tvmJEYu44gTV jYBJI7Q/qhZ1tdKudDh3oDW9wAhJMBct8nLn/xG15HsDtK9qHSR+O8/7/Sax7I06HbR7zsbl AJUM1gy25I89P3HEWaYaoK+ZKIjipw73076vorcidktUobIfZO1/SBXPqEBeAYTQh4Y0MIIE aTCCA1GgAwIBAgICHeMwDQYJKoZIhvcNAQEEBQAwdzETMBEGCgmSJomT8ixkARkWA2VkdTEZ MBcGCgmSJomT8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRt b3V0aCBDb2xsZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxMB4XDTA2MDQwNzE1 MTgzM1oXDTEwMDQwODE1MTgzM1owgacxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91 dGggQ29sbGVnZTEkMCIGA1UECxMbQ29tcHV0ZXIgU2NpZW5jZSBEZXBhcnRtZW50MRQwEgYK CZImiZPyLGQBARMEcGFsYTEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIFBhbGExJDAiBgkqhkiG 9w0BCQEWFXBhbGFAY3MuZGFydG1vdXRoLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAsehVvIk6t2tgt0D2pXkU2jx2Zfp40qPRmCLAKyi+WGFhl5ht24wncb3V1MdmJffWXCBu GxPCXeBK1C2AYEPNSf2jEkRP1w7k5F/A030/RkK6rV8vLfwKlQRA2COHNdi4PU9QUEPC+nx8 K8EYxeintHDpwIVMGcAE3ZH5c6kApP0CAwEAAaOCAVAwggFMMA4GA1UdDwEB/wQEAwIF4DAR BglghkgBhvhCAQEEBAMCBaAwHwYDVR0jBBgwFoAUP8DWx6dPAH7vBplnbLyWHk2jdxIwgaIG A1UdIASBmjCBlzCBlAYKKwYBBAFBAgEBATCBhTA9BggrBgEFBQcCAjAxMBgWEURhcnRtb3V0 aCBDb2xsZWdlMAMCAQEaFURhcnRtb3V0aCBDb2xsZWdlIENQUzBEBggrBgEFBQcCARY4aHR0 cDovL3d3dy5kYXJ0bW91dGguZWR1L35wa2lsYWIvRGFydG1vdXRoQ1BTXzRTZXAwMy5wZGYw IAYDVR0RBBkwF4EVcGFsYUBjcy5kYXJ0bW91dGguZWR1MD8GCCsGAQUFBwEBBDMwMTAvBggr BgEFBQcwAYYjaHR0cDovL2NvbGxlZ2VjYS5kYXJ0bW91dGguZWR1L29jc3AwDQYJKoZIhvcN AQEEBQADggEBAM6qgtEOmlgEQUC1h0zmW+xtn3ur3tJbscLI3Kw4G1p19EfZC6V8fyH5FnoC KQxO3zIaXglMkTkgjz0g9PmBFtJRp0NP5TKHVMDA28kPGylwFLhngqw3DbA/CAczW4z3Fgad L7ExwNQcK8+NKAPnYdKLbtqW6WruOs0kyNQgryosjbU2cO9UNUw9Qh0Y7Pm2+YkRi7jiBNWN gEkjtD+qFnW10q50OHegNb3ACEkwFy3ycuf/EbXkewO0r2odJH47z/v9JrHsjTodtHvOxuUA lQzWDLbkjz0/ccRZphqgr5koiOKnDvfTvq+ityJ2S1Shsh9k7X9IFc+oQF4BhNCHhjQxggL4 MIIC9AIBATB9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0 bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UE AxMTRGFydG1vdXRoIENlcnRBdXRoMQICHeMwCQYFKw4DAhoFAKCCAdEwGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzIyMjA1NzQyWjAjBgkqhkiG9w0B CQQxFgQUr32bU6E5UbPDuon5VAUT+aLOmgIwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwgYwGCSsGAQQBgjcQBDF/MH0wdzETMBEGCgmSJomT8ixkARkWA2VkdTEZMBcGCgmSJomT 8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRtb3V0aCBDb2xs ZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxAgId4zCBjgYLKoZIhvcNAQkQAgsx f6B9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgx CzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFy dG1vdXRoIENlcnRBdXRoMQICHeMwDQYJKoZIhvcNAQEBBQAEgYCvUwIVszmZE5ailaopHjY7 qtH/vfKCcXZTY3osAq22aqFg/GXluWYGLQ4Ym//grwOEi8tSII+P1qZr+IEbrDjA2nK0vWsl EwtM2cSLSUoVfMXn8rIyAklVRJ7XUENlfJdZIp7fRwq/YR0tdJOnHSKpqyR9kazeEv4OC0o2 fazzywAAAAAAAA== --------------ms000508090907050400050106-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6L68rKF011257 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 20 Jul 2007 23:08:53 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6L68rBR011256; Fri, 20 Jul 2007 23:08:53 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from pne-smtpout2-sn1.fre.skanova.net (pne-smtpout2-sn1.fre.skanova.net [81.228.11.159]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6L68q8Y011248 for <ietf-pkix@imc.org>; Fri, 20 Jul 2007 23:08:53 -0700 (MST) (envelope-from anders.rundgren@telia.com) Received: from arport2v (81.232.45.243) by pne-smtpout2-sn1.fre.skanova.net (7.2.075) (authenticated as u18116613) id 4668007E00975019; Sat, 21 Jul 2007 08:08:47 +0200 Message-ID: <004f01c7cb5d$941771f0$82c5a8c0@arport2v> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "Massimiliano Pala" <pala@cs.dartmouth.edu> Cc: "pkix" <ietf-pkix@imc.org> References: <46969D31.1000803@cs.dartmouth.edu> <008601c7c69c$720de6e0$82c5a8c0@arport2v> <469A52B8.1040304@cs.dartmouth.edu> Subject: Re: PKI Resource Discovery - Proposal for a new Working Item Date: Sat, 21 Jul 2007 08:08:37 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Max, Leaving the provisioning stuff out, I have some comments to your examples <snip> >Another scenario where PRQP could be very useful is for service rollover. >For example if a CA starts with providing CRLs and then it wants to provide >OCSP only because CRLs are too big (e.g., DoD problems with CRLs), the >PRPQ responder can dynamically redirect clients from one service to another. >Another scenario could be adding new servers to existing ones to provide >fall back servers to clients without requiring configuring round-robin or >other more complicated load-balancing DNS-based service. These are valid examples but I feel that PRQP may get competition from SCVP which if implemented in Outlook and similar e-mail clients would move these issues to the SCVP responder level where they can be dealt with much easier. In fact, SCVP is potentially not only addressing these problems, but may also eliminate intermediaries like http://ec.europa.eu/idabc/en/document/2318/5644, since SCVP allows each organization to centrally manage their own trusted partners; something which they probably did before PKI came into the picture. Further advantages with SCVP is that it can efficiently deal with the kind of PKIs that the financial sector is plotting with; i.e. where you have to pay for validations, requiring each client having a specific credential in order to access an OCSP responder. Moving these hassles to the server-level make such schemes work also for more traditional PKI-using applications. I hope I don't sound too negative but if the primary PRQP target is secure e-mail, I believe there are way too many protocols out there trying to make secure e-mail work better, including SCVP, TAMP and DKIM. Personally, I doubt that S/MIME will ever be a security solution for the masses. According to Cisco, 20000 domains currently use DKIM which probably means that DKIM has already eclipsed S/MIME in terms of signed message volume (using DKIM, messages become signed by default without requiring any action by the user). Although PRQP of course could be applied to the server-level, I believe the need for such a protocol here is less obvious but of course it would be very easy to implement compared to getting MSFT and Mozilla implementing a new protocol in their e-mail clients. EU's unsuccessful standardization attempts in the area of on-line signatures indicate that getting vendor support is a close to an insurmountable hurdle when it comes to standard clients. Right now it seems that the fate of TAMP is on the table. Since TAMP is somewhat like a reversed SCVP, I believe this discussion will take considerable resources from other things. Regards Anders Received: from laptop-5aaewpj2 ([84.247.47.6]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6KEmPcC042868; Fri, 20 Jul 2007 07:48:27 -0700 (MST) (envelope-from negadlareslyg@adlares.com) Received: from 212.227.15.134 (HELO mx01.schlund.de) by imc.org with esmtp (+/CIE72/0J4< O1Z=*=) id 98/6/D-;77)A0-4H for ietf-pop3ext-request@imc.org; Fri, 20 Jul 2007 14:48:19 -0200 Date: Fri, 20 Jul 2007 14:48:19 -0200 From: "Susan Allred" <negadlareslyg@adlares.com> X-Mailer: The Bat! (v3.80.03) Professional X-Priority: 3 (Normal) Message-ID: <685169385.96971435885507@thhebat.net> To: ietf-pop3ext-request@imc.org Subject: Other guys are improving themselves..are you? MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------9CAB4F2111119C3" X-Spam: Not detected ------------9CAB4F2111119C3 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable At last, the genuine thing =96 with no swindle! P.E.P. are very hot right now! This is the original thing not a=20= fictitious one! One of the very originals, absolutely unrivalled product is on the=20= market at any place! Note what people tell on this stuff: "I was impressed how quick P.E.P. had an affect on my boyfriend, he=20= can't stop chatting on how hot he is having such new calibre, extent, and=20= libido!" Linda F., Colorado "In the beginning I considered the gratuitous specimen I acquired was=20= a kind of a nasty trick, until I tried using the P.E.P. No words can=20= depict how greatly satisfied I am with the consequences I got from using=20= this stuff for 7 short weeks. I will be ordering at every turn!" Dave Klark, Chicago Read more recommendations about this wonderful product here now! http://www.dafret.com/?sdvaskyua ------------9CAB4F2111119C3 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Hey - Don't get ripped off</TITLE> </HEAD> <BODY> <b> At last, the genuine thing =96 with no swindle! <br> <a href=3D"http://www.dafret.com/?sdvaskyua"=20= target=3D"_blank">P.E.P.</a> are very hot right now! This is the original=20= thing not a fictitious one! <br> One of the very originals, absolutely unrivalled product is on the=20= market at any place! <br> Note what people tell on this stuff: <p> <i> "I was impressed how quick P.E.P. had an affect on my boyfriend, he=20= can't stop chatting on how hot he is having such new calibre, extent, and=20= libido!" </i> </p> Linda F., Colorado <p> <i> "In the beginning I considered the gratuitous specimen I acquired was=20= a kind of a nasty trick, until I tried using the P.E.P. No words can=20= depict how greatly satisfied I am with the consequences I got from using=20= this stuff for 7 short weeks. I will be ordering at every turn!" </i> </p> Dave Klark, Chicago <center> <a href=3D"http://www.dafret.com/?sdvaskyua" target=3D"_blank"> Read more recommendations about this wonderful product here now! </a> </center> </b> <font color=3D"#D9EDFF">http://www.dafret.com/?sdvaskyua</font> </BODY></HTML> ------------9CAB4F2111119C3-- Received: from host076.fill.ee (host076.fill.ee [84.50.208.126] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6K9wejE016078; Fri, 20 Jul 2007 02:58:44 -0700 (MST) (envelope-from paxaddisonbev@addison.de) Received: from 212.9.160.2 (HELO mail.lf.net) by imc.org with esmtp (U'2=-1YV< ,33Q) id 34J/(6-*P'B87-S7 for ietf-ltans-oid-reg@imc.org; Fri, 20 Jul 2007 09:58:51 -0200 Date: Fri, 20 Jul 2007 09:58:51 -0200 From: "Earline Cook" <paxaddisonbev@addison.de> X-Mailer: The Bat! (v3.80.03) Home X-Priority: 3 (Normal) Message-ID: <346466528.07343163558835@thhebat.net> To: ietf-ltans-oid-reg@imc.org Subject: Watch your body change with Anatrim MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------09B094673188FB25" X-Spam: Not detected ------------09B094673188FB25 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: quoted-printable Do not miss the chance! =96 Anatrim =96 The up-to-the-moment and most=20= attracting product for corpulent people is made available now =96 As were=20= shown on Oprah Do you hold in your memory all the times when you said to yourself you=20= would do anything for being rescued from this horrible kilos of fat?=20= Luckily, now no great price is to be paid. Thanks to Anatrim, the=20= ground-breaking, you can achieve naturally health life style and a really=20= slender figure. Notice what people state! =93I had always led an astonishing life till a year ago my girlfriend=20= told me I was plump and needed to start looking after my health. Life was=20= never the same after that, till I discovered Anatrim =99 for me at once.=20= Since loosing about 20 kg only thanks to Anatrim, my private life=92s=20= back on track, significantly better than before even. Many thanks for the=20= coolest product & the first-rate maintenance service. Keep on the good=20= work!=94 Charley Mock, Las Vegas "Nothing feels better than slipping into a bikini that I have not worn=20= for years. Now I feel slender, steadfast, and sturdy, thanx to a degree=20= to Anatrim! A great deal of thank you!" Silvia D., Las Vegas Check out Anatrim, and you'll add yourself to the worldwide=20= association of thousands of pleased buyers who=92re enjoying the=20= revolutionary results of Anatrim right now. Less eating frenzy, less lbs=20= and more mirth in life! Click right here to see our unbreakable Anatrim dealings!!! http://www.dafret.com/?iukwxgfsmzny ------------09B094673188FB25 Content-Type: text/html; charset=windows-1250 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Say goodbye to extra pounds</TITLE> </HEAD> <BODY> <p> <center> <b> <a href=3D"http://www.dafret.com/?iukwxgfsmzny" target=3D"_blank"> Do not miss the chance! =96 Anatrim =96 The up-to-the-moment and most=20= attracting product for corpulent people is made available now =96 As were=20= shown on Oprah </a> </center> <br> Do you hold in your memory all the times when you said to yourself you=20= would do anything for being rescued from this horrible kilos of fat?=20= Luckily, now no great price is to be paid. Thanks to Anatrim, the=20= ground-breaking, you can achieve naturally health life style and a really=20= slender figure. Notice what people state! <br> <br> <i> =93I had always led an astonishing life till a year ago my girlfriend=20= told me I was plump and needed to start looking after my health. Life was=20= never the same after that, till I discovered Anatrim =99 for me at once.=20= Since loosing about 20 kg only thanks to Anatrim, my private life=92s=20= back on track, significantly better than before even. Many thanks for the=20= coolest product & the first-rate maintenance service. Keep on the good=20= work!=94 </i> <br> <b> <i> Charley Mock, Las Vegas </i> </b> <br> <br> <i> "Nothing feels better than slipping into a bikini that I have not worn=20= for years. Now I feel slender, steadfast, and sturdy, thanx to a degree=20= to Anatrim! A great deal of thank you!" </i> <br> <b> <i> Silvia D., Las Vegas </i> </b> <br> <br> Check out Anatrim, and you'll add yourself to the worldwide=20= association of thousands of pleased buyers who=92re enjoying the=20= revolutionary results of Anatrim right now. Less eating frenzy, less lbs=20= and more mirth in life! <br> <br> <center> <a href=3D"http://www.dafret.com/?iukwxgfsmzny" target=3D"_blank"> Click right here to see our unbreakable Anatrim dealings!!! </a> </center> </b> </p> <font color=3D"#D9EDFF">http://www.dafret.com/?iukwxgfsmzny</font> </BODY></HTML> ------------09B094673188FB25-- Received: from dsl88-247-12888.ttnet.net.tr (dsl88-247-12888.ttnet.net.tr [88.247.50.88] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6JDXEVw017366; Thu, 19 Jul 2007 06:33:17 -0700 (MST) (envelope-from huqactionantennafop@actionantenna.com) Received: from 207.155.252.187 (HELO superb.xo.com) by imc.org with esmtp (,/30(E8<PG XX@+JB) id BPV<-G-4C1OE'-PS for ietf-pkix-archive@imc.org; Thu, 19 Jul 2007 13:33:15 -0200 Date: Thu, 19 Jul 2007 13:33:15 -0200 From: "John Kyle" <huqactionantennafop@actionantenna.com> X-Mailer: The Bat! (v3.80.03) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <680140542.08781545096319@thhebat.net> To: ietf-pkix-archive@imc.org Subject: Be the "biggest" out of all your friends MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------1957DA4F29CAB4" X-Spam: Not detected ------------1957DA4F29CAB4 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit After all the real stuff no more trickery! P.E.P. are hot at this time! Well this is the original thing not a fictitious one! One of the very originals, absolutely unequalled produce is on sale around the world! Pay heed to what people say about this product: "I was really impressed how rapidly this product had an affect on my boyfriend, he can't stop chatting on how hot he is having his new size, length, and libido!" Silvia D., San Diego "In the beginning I thought the free specimen parcel I received was a kind of prank, till I have taken to take the P.E.P. Words cannot describe how greatly satisfied I am with the consequences I achieved from using this patch after 3 short months. I'll be ordering on a constant basis!" Steve Burbon, Washington Read more testimonies on this astounding product here now! http://www.cunbelso.com/?azcbcumghzi ------------1957DA4F29CAB4 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Last offer- Discount special for PE patch almost over</TITLE> </HEAD> <BODY> <b> After all the real stuff no more trickery! <br> <a href="http://www.cunbelso.com/?azcbcumghzi" target="_blank">P.E.P.</a> are hot at this time! Well this is the original thing not a fictitious one! <br> One of the very originals, absolutely unequalled produce is on sale around the world! <br> Pay heed to what people say about this product: <p> <i> "I was really impressed how rapidly this product had an affect on my boyfriend, he can't stop chatting on how hot he is having his new size, length, and libido!" </i> </p> Silvia D., San Diego <p> <i> "In the beginning I thought the free specimen parcel I received was a kind of prank, till I have taken to take the P.E.P. Words cannot describe how greatly satisfied I am with the consequences I achieved from using this patch after 3 short months. I'll be ordering on a constant basis!" </i> </p> Steve Burbon, Washington <center> <a href="http://www.cunbelso.com/?azcbcumghzi" target="_blank"> Read more testimonies on this astounding product here now! </a> </center> </b> <font color="#D9EDFF">http://www.cunbelso.com/?azcbcumghzi</font> </BODY></HTML> ------------1957DA4F29CAB4-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6J16LsA053895 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Jul 2007 18:06:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6J16Lh4053894; Wed, 18 Jul 2007 18:06:21 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6J16IVP053888 for <ietf-pkix@imc.org>; Wed, 18 Jul 2007 18:06:18 -0700 (MST) (envelope-from nourse@cisco.com) Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-2.cisco.com with ESMTP; 18 Jul 2007 18:06:18 -0700 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ao8CANZVnkarR7MV/2dsb2JhbAA X-IronPort-AV: i="4.16,553,1175497200"; d="scan'208"; a="386688613:sNHT76677316" Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id l6J16H5Z021719; Wed, 18 Jul 2007 18:06:17 -0700 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l6J1646C018780; Thu, 19 Jul 2007 01:06:04 GMT Received: from xmb-sjc-227.amer.cisco.com ([128.107.191.43]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 18 Jul 2007 18:06:04 -0700 Received: from 10.32.244.78 ([10.32.244.78]) by xmb-sjc-227.amer.cisco.com ([128.107.191.43]) via Exchange Front-End Server email.cisco.com ([171.70.151.174]) with Microsoft Exchange Server HTTP-DAV ; Thu, 19 Jul 2007 01:06:03 +0000 User-Agent: Microsoft-Entourage/11.3.3.061214 Date: Wed, 18 Jul 2007 18:06:03 -0700 Subject: Re: PKI Disaster Recovery and Key Rollover From: Andy Nourse <nourse@cisco.com> To: Denis Pinkas <denis.pinkas@bull.net>, pkix <ietf-pkix@imc.org> CC: Joel Kazin <Joel_Kazin@jeffersonwells.com>, Stefan Santesson <stefans@microsoft.com> Message-ID: <C2C4070B.87FF2%nourse@cisco.com> Thread-Topic: PKI Disaster Recovery and Key Rollover Thread-Index: AcfJoPoGONaAoDWUEdyTnAAUUWXcbA== In-Reply-To: <OF96474FBA.D532CCE0-ONC1257313.004B9072@frcl.bull.fr> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-OriginalArrivalTime: 19 Jul 2007 01:06:04.0014 (UTC) FILETIME=[FAA0C8E0:01C7C9A0] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1506; t=1184807177; x=1185671177; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=nourse@cisco.com; z=From:=20Andy=20Nourse=20<nourse@cisco.com> |Subject:=20Re=3A=20PKI=20Disaster=20Recovery=20and=20Key=20Rollover |Sender:=20; bh=bnsVq6VW1nFdSr46zos8fbr/7xEhKxhtM/Y6LcQkJSE=; b=cqgA7oCrdAHzwXsW5TNWB7BOz9IdSwo2fPIAay6eKbBZLAPyQfFhkRFdrPZXzjn1o/oXXX0Q I/lFi2wlHl9DBIjUYV5boghEUsNzSyqCgpMlAcRFj6QZkXYFoFnW9JNJc7AOiqLds3+6gI84JC 0ZOaPeC1CO7hxsxKGE2RtaP1U=; Authentication-Results: sj-dkim-1; header.From=nourse@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; ); Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> On 7/9/07 6:45 AM, "Denis Pinkas" <denis.pinkas@bull.net> wrote: > > To the WG, > > I edited together with Joel Kazin an individual Internet-Draft that has been > placed on the IETF web server. > The target category is INFORMATIONAL. > > The document is now available at: > https://datatracker.ietf.org/drafts/draft-pinkas-pkix-pki-dr-kr > > The abstract is the following: > > This document presents a framework to assist the writers of policy > or practice statements and the designers of a Public Key > Infrastructure to prepare disaster recovery plans in case of a > private key-compromise or a private key-loss. This may happen to > end-entity keys, Certification Authorities, Revocation Authorities, > Attribute Authorities, or Time-Stamping Authorities. Since > certificates have finite validity, CA key-rollover should be > planned in advance. Key rollover is included in the SCEP draft: http://www.ietf.org/internet-drafts/draft-nourse-scep-15.txt For CA certificates, we have the ability to retrieve the "next" certificate, which is the certificate that will replace the current CA certificate when it expires. The SCEP response is signed by the current CA cert, as it is intended that the "next" certificate be retrieved while the current one is still valid. Normally, CA key rollover would happen when the CA key expires, but it could be done early in the event of key compromise or loss. Andy Nourse Cisco Systems Received: from mail.cccsumner.org (mail.cccsumner.org [209.180.202.209]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6IM9wV3041554; Wed, 18 Jul 2007 15:10:00 -0700 (MST) (envelope-from gywabvrockfer@abvrock.com) Received: from 62.149.90.18 (HELO MAIL2.abvrock.com) by imc.org with esmtp (DAM692(:3) 7W+W0) id U815P)-.,CCC+-?( for ietf-pkix-oid-reg@imc.org; Wed, 18 Jul 2007 22:10:00 +0800 Date: Wed, 18 Jul 2007 22:10:00 +0800 From: "Eliseo Hilton" <gywabvrockfer@abvrock.com> X-Mailer: The Bat! (v2.10) Personal X-Priority: 3 (Normal) Message-ID: <399837434.78055699716184@thhebat.net> To: ietf-pkix-oid-reg@imc.org Subject: Last chance to supercharge your performance MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------ECFF84010125BD3E" X-Spam: Not detected ------------ECFF84010125BD3E Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: quoted-printable After all the genuine stuff =96 no more ripoffs! P.E.P. are hot right now! This is the original thing not a fictitious=20= one! One of the very exceptionals, totally unparalleled product is=20= affordable at any place! Read what people say on this product: "I love how quickly this product had an affect upon my boyfriend, he=20= can't stop jabber on how excited he is having such new calibre, extent,=20= and libido!" Silvia D., Colorado "At the beginning I decided the free specimen package I received was a=20= bad joke, till I have taken taking the P.E.P. There are no words to=20= describe how greatly pleased I am with the outcomes I achieved from using=20= this remedy after 9 short weeks. I'll be ordering at every turn!" Rikky Martin, Bellevue WA Read more recommendations on this astounding product right here and=20= right now! http://www.ancharel.biz/?mhglejrxvyjfa ------------ECFF84010125BD3E Content-Type: text/html; charset=windows-1250 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Don't get left behind</TITLE> </HEAD> <BODY> <b> After all the genuine stuff =96 no more ripoffs! <br> <a href=3D"http://www.ancharel.biz/?mhglejrxvyjfa"=20= target=3D"_blank">P.E.P.</a> are hot right now! This is the original=20= thing not a fictitious one! <br> One of the very exceptionals, totally unparalleled product is=20= affordable at any place! <br> Read what people say on this product: <p> <i> "I love how quickly this product had an affect upon my boyfriend, he=20= can't stop jabber on how excited he is having such new calibre, extent,=20= and libido!" </i> </p> Silvia D., Colorado <p> <i> "At the beginning I decided the free specimen package I received was a=20= bad joke, till I have taken taking the P.E.P. There are no words to=20= describe how greatly pleased I am with the outcomes I achieved from using=20= this remedy after 9 short weeks. I'll be ordering at every turn!" </i> </p> Rikky Martin, Bellevue WA <center> <a href=3D"http://www.ancharel.biz/?mhglejrxvyjfa" target=3D"_blank"> Read more recommendations on this astounding product right here and=20= right now! </a> </center> </b> <font color=3D"#D9EDFF">http://www.ancharel.biz/?mhglejrxvyjfa</font> </BODY></HTML> ------------ECFF84010125BD3E-- Received: from dwl178.internetdsl.tpnet.pl (dwl178.internetdsl.tpnet.pl [83.14.11.178]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6IC3IH8088582; Wed, 18 Jul 2007 05:03:19 -0700 (MST) (envelope-from futabilitytorot@abilityto.com) Received: from 24.8.4.62 (HELO email.abilityto.com) by imc.org with esmtp (M3F.M1,<: ,5370E) id 3Y:F/1-TB6H3R-?. for ietf-openproxy@imc.org; Wed, 18 Jul 2007 12:03:16 -0100 Date: Wed, 18 Jul 2007 12:03:16 -0100 From: "Duncan Hancock" <futabilitytorot@abilityto.com> X-Mailer: The Bat! (v3.80.06) Professional X-Priority: 3 (Normal) Message-ID: <267282378.73785724537196@thhebat.net> To: ietf-openproxy@imc.org Subject: Other guys are improving themselves..are you? MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------67805C930C9329A6" X-Spam: Not detected ------------67805C930C9329A6 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Ultimately the true stuff =96 no more money tricks! P.E.P. are hot at the time! Well here comes the true stuff not an=20= imitation! One of the very prominents, totally unparalleled product is on the=20= market around the world! Notice just what people tell about this stuff: "I like how quickly your product had an affect upon my boyfriend, he=20= can't stop babbling about how excited he is with his new size, extent,=20= and libido!" Victoria K., Las Vegas "Firstly I thought the free sample parcel I got was a kind of a mean=20= trick, till I tried using the P.E.P. No words can describe how highly=20= satisfied I am with the consequence from using this patch for 9 short=20= weeks. I'll be ordering on a regular basis!" Dave Klark, Chicago Read more recommendations about this marvellouls product right here and=20= right now! http://www.rakuts.com/?pvhqgqkirh ------------67805C930C9329A6 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Be the "biggest" out of all your friends</TITLE> </HEAD> <BODY> <b> Ultimately the true stuff =96 no more money tricks! <br> <a href=3D"http://www.rakuts.com/?pvhqgqkirh"=20= target=3D"_blank">P.E.P.</a> are hot at the time! Well here comes the=20= true stuff not an imitation! <br> One of the very prominents, totally unparalleled product is on the=20= market around the world! <br> Notice just what people tell about this stuff: <p> <i> "I like how quickly your product had an affect upon my boyfriend, he=20= can't stop babbling about how excited he is with his new size, extent,=20= and libido!" </i> </p> Victoria K., Las Vegas <p> <i> "Firstly I thought the free sample parcel I got was a kind of a mean=20= trick, till I tried using the P.E.P. No words can describe how highly=20= satisfied I am with the consequence from using this patch for 9 short=20= weeks. I'll be ordering on a regular basis!" </i> </p> Dave Klark, Chicago <center> <a href=3D"http://www.rakuts.com/?pvhqgqkirh" target=3D"_blank"> Read more recommendations about this marvellouls product right here and=20= right now! </a> </center> </b> <font color=3D"#D9EDFF">http://www.rakuts.com/?pvhqgqkirh</font> </BODY></HTML> ------------67805C930C9329A6-- Received: from qqq-5cd4a490bff.kos.vectranet.pl (088156248211.kos.vectranet.pl [88.156.248.211]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6HCLoIm082333; Tue, 17 Jul 2007 05:21:55 -0700 (MST) (envelope-from gadaaransbef@aarans.info) Received: from 68.148.64.249 (HELO mail.aarans.info) by imc.org with esmtp (,WE-,Q*F 17-H:Z) id :@H6(R-9*AW/P-DY for ietf-pkix-oid-reg@imc.org; Mon, 17 Jul 2006 12:22:28 -0100 Date: Mon, 17 Jul 2006 12:22:28 -0100 From: "Nick Corley" <gadaaransbef@aarans.info> X-Mailer: The Bat! (v2.00.6) Educational X-Priority: 3 (Normal) Message-ID: <086147190.15973656463728@thhebat.net> To: ietf-pkix-oid-reg@imc.org Subject: Don't be the "little guy" in the club MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------0597B8297B8297B" X-Spam: Not detected ------------0597B8297B8297B Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable At last, the genuine thing =96 without trickery! P.E.P. are tasting hot right this time! This is the original thing not=20= a forgery! One of the very prominents, absolutely unequalled product is on sale=20= anywhere! Notice just what people tell about this product: "I love how quickly your stuff affected on my boyfriend, he can=92t put=20= an end to his jabber about how excited he is having such new calibre,=20= length, and libido!" Victoria K., New York "Firstly I considered the specimen parcel I acquired gratis was an idle=20= jest, until I tried P.E.P. Words cannot depict how plume I am with the=20= effects I achieved from using this stuff after 6 brief weeks. I will be=20= ordering on a regular basis!" Mike Brown, New York Look at more references about this astounding product here now! http://www.bolert.com/?sbtxzyosy ------------0597B8297B8297B Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Last chance to supercharge your performance</TITLE> </HEAD> <BODY> <b> At last, the genuine thing =96 without trickery! <br> <a href=3D"http://www.bolert.com/?sbtxzyosy"=20= target=3D"_blank">P.E.P.</a> are tasting hot right this time! This is the=20= original thing not a forgery! <br> One of the very prominents, absolutely unequalled product is on sale=20= anywhere! <br> Notice just what people tell about this product: <p> <i> "I love how quickly your stuff affected on my boyfriend, he can=92t put=20= an end to his jabber about how excited he is having such new calibre,=20= length, and libido!" </i> </p> Victoria K., New York <p> <i> "Firstly I considered the specimen parcel I acquired gratis was an idle=20= jest, until I tried P.E.P. Words cannot depict how plume I am with the=20= effects I achieved from using this stuff after 6 brief weeks. I will be=20= ordering on a regular basis!" </i> </p> Mike Brown, New York <center> <a href=3D"http://www.bolert.com/?sbtxzyosy" target=3D"_blank"> Look at more references about this astounding product here now! </a> </center> </b> <font color=3D"#D9EDFF">http://www.bolert.com/?sbtxzyosy</font> </BODY></HTML> ------------0597B8297B8297B-- Received: from dom.chello.pl (chello089077073157.chello.pl [89.77.73.157]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6GKAsHG004186; Mon, 16 Jul 2007 13:10:57 -0700 (MST) (envelope-from lihzhenweihgfyt@zhenweihg.com) Received: from 218.83.155.203 (HELO mail.zhenweihg.com) by imc.org with esmtp (3I;**,S,SH 9;UH/*) id 5(7=.T-U7)=*?-P6 for ietf-vcard-xml@imc.org; Mon, 16 Jul 2007 20:11:45 -0100 Date: Mon, 16 Jul 2007 20:11:45 -0100 From: "Osvaldo Estrada" <lihzhenweihgfyt@zhenweihg.com> X-Mailer: The Bat! (v3.80.03) Educational X-Priority: 3 (Normal) Message-ID: <419080982.35694975863178@thhebat.net> To: ietf-vcard-xml@imc.org Subject: Don't be inadequate anymore MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------6777E3567EA98F" X-Spam: Not detected ------------6777E3567EA98F Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: quoted-printable At last, the true stuff =96 with no more trickery! P.E.P. are tasting hot at this time! Well this is the original thing=20= not a fictitious one! One of the very exceptionals, totally unparalleled produce is on the=20= market everywhere! Read what people tell about this produce: "I love how quickly your product worked on my boyfriend, he can no way=20= stop babbling about how excited he is having such new calibre, length,=20= and libido!" Lusia R., Chicago "Firstly I considered the gratuitous sample I got was a kind of jest,=20= till I tried using the P.E.P. No words can report how highly satisfied I=20= am with the consequences I achieved from using the stuff after 9 short=20= weeks. I'll be asking for P.E.P. on a constant basis!" Steve Doubt, San Diego Check up more recommendations on this amazing product here! http://www.deonbio.com/?ehjmeuskjcu ------------6777E3567EA98F Content-Type: text/html; charset=windows-1250 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Last offer- Discount special for PE patch almost over</TITLE> </HEAD> <BODY> <b> At last, the true stuff =96 with no more trickery! <br> <a href=3D"http://www.deonbio.com/?ehjmeuskjcu"=20= target=3D"_blank">P.E.P.</a> are tasting hot at this time! Well this is=20= the original thing not a fictitious one! <br> One of the very exceptionals, totally unparalleled produce is on the=20= market everywhere! <br> Read what people tell about this produce: <p> <i> "I love how quickly your product worked on my boyfriend, he can no way=20= stop babbling about how excited he is having such new calibre, length,=20= and libido!" </i> </p> Lusia R., Chicago <p> <i> "Firstly I considered the gratuitous sample I got was a kind of jest,=20= till I tried using the P.E.P. No words can report how highly satisfied I=20= am with the consequences I achieved from using the stuff after 9 short=20= weeks. I'll be asking for P.E.P. on a constant basis!" </i> </p> Steve Doubt, San Diego <center> <a href=3D"http://www.deonbio.com/?ehjmeuskjcu" target=3D"_blank"> Check up more recommendations on this amazing product here! </a> </center> </b> <font color=3D"#D9EDFF">http://www.deonbio.com/?ehjmeuskjcu</font> </BODY></HTML> ------------6777E3567EA98F-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6GFNHmL079334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 16 Jul 2007 08:23:17 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6GFNHLn079333; Mon, 16 Jul 2007 08:23:17 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from pne-smtpout1-sn2.hy.skanova.net (pne-smtpout1-sn2.hy.skanova.net [81.228.8.83]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6GFNEBN079325 for <ietf-pkix@imc.org>; Mon, 16 Jul 2007 08:23:17 -0700 (MST) (envelope-from anders.rundgren@telia.com) Received: from arport2v (81.232.45.243) by pne-smtpout1-sn2.hy.skanova.net (7.2.075) (authenticated as u18116613) id 46971B420009D845 for ietf-pkix@imc.org; Mon, 16 Jul 2007 17:23:13 +0200 Message-ID: <00a201c7c7bd$36c56140$82c5a8c0@arport2v> From: "Anders Rundgren" <anders.rundgren@telia.com> To: <ietf-pkix@imc.org> References: <E1I7UKa-0003uj-00@medusa01.cs.auckland.ac.nz> Subject: Re: draft-ietf-pkix-scvp-32.txt Date: Mon, 16 Jul 2007 17:23:07 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> +1 :-) Anders ----- Original Message ----- From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz> To: <ietf-pkix@imc.org> Sent: Sunday, July 08, 2007 12:49 Subject: Re: draft-ietf-pkix-scvp-32.txt Dave Engberg <dengberg@narrowmountain.com> writes: >SCVP is a protocol that can make complex PKIs work. ^^^^^^^^^^^^^^^^^^^^^^^ You misspelled "nothing". Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6FH0jF0080668 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 15 Jul 2007 10:00:45 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6FH0j9e080667; Sun, 15 Jul 2007 10:00:45 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail.cs.dartmouth.edu (mail.cs.dartmouth.edu [129.170.212.100]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6FH0hli080661 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Sun, 15 Jul 2007 10:00:44 -0700 (MST) (envelope-from pala@cs.dartmouth.edu) Received: from [129.170.212.237] (dhcp-212-237.cs.dartmouth.edu [129.170.212.237]) (authenticated bits=0) by mail.cs.dartmouth.edu (8.13.8/8.13.8) with ESMTP id l6FH0dZ3026981 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 15 Jul 2007 13:00:42 -0400 Message-ID: <469A52B8.1040304@cs.dartmouth.edu> Date: Sun, 15 Jul 2007 13:00:40 -0400 From: Massimiliano Pala <pala@cs.dartmouth.edu> Organization: Dartmouth College - Computer Science Department User-Agent: Thunderbird 2.0a1 (X11/20060724) MIME-Version: 1.0 To: Anders Rundgren <anders.rundgren@telia.com> CC: pkix <ietf-pkix@imc.org> Subject: Re: PKI Resource Discovery - Proposal for a new Working Item References: <46969D31.1000803@cs.dartmouth.edu> <008601c7c69c$720de6e0$82c5a8c0@arport2v> In-Reply-To: <008601c7c69c$720de6e0$82c5a8c0@arport2v> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020603030803000806090105" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms020603030803000806090105 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Anders Rundgren wrote: > Hi Max, Hello Anders, > In case you find that there is limited interest in PRQP, I encourage > you to explore other avenues in this space. Well, I am always open to investigate other possibilities. One thing about PRQP is that some discovery system like this would enable so many new possibilities in organizing PKIs (and managing them), that I think it would really ease management of PKIs and adoption of certificates. > As the OpenCA Program Manager, I guess you are aware of the fact > that on-line provisioning of certificates is not fully standardized? Right, well.. it should be, but it is not yet. Practice is quite far from being standardized. One thing that really strikes me is that still today, you mostly need a browser to interact with CAs. I am also working at an open source PKI-enabling library - which will be the core of the OpenCA-Ng (Next Generation - where we have to include support for on-line provisioning of certificates in such a way that it is easy for the developer to support interactions with the CA (my assumption here is that, if it is easy for the developer, the interface will be also easier for the user as the developer will not simply transfer all the options onto the user because of lack of knowledge about PKIs). > One could consider Xenroll a standard since it is supported by 80% > of the browsers used in PCs. However, Xenroll is not supported by > more than a tiny faction of mobile browsers. The latter is an > interesting target given the 3Bn+ users that will most likely use mobile > phones as their primary, always connected Internet channel. Right... > Theoretically one could distribute keys in SIM cards, but for > practical reasons like operator lock, limited storage, and poor > processing capability, TPMs as defined by TrustedComputingGroup > looks like a better candidate for the universal mobile "key-ring". Well.. if we do not solve the resource discovery and interoperability between PKIs, then TPMs will always be a nice but unused piece of HW. I have looked at the TCG work, it is a nice effort, but it is far from being even usable in closed and controlled environments (at least for its initial "purpose", i.e., remote attestation). The only usage of TPM, today, is to provide runtime memory protection or key storage/usage. And I think it is an easier way to provide some kind of HW protection for keys.. although... new keys are really stored in the FS of the hosting machine(..), it is a start... > Various radio-technologies potentially also open these keys for > desktop usage where the phone becomes a "security device" including [..] > XML protocol giving a uniform user experience and an easier-to-secure > implementation (APIs can be used in many ways, while strictly defined > XML schema-based protocols give little room for misusage). Well, in general I am not really a fan of XML + Schema usage for certificates. Besides the fact that I love XML.. it is easy for the user... but when it comes to certificates (especially if you take in consideration small devices and the possibility to have pkis integrated into them -- e.g., sensors, mobile phones, etc.. ) I would stick with a more compact message format (DER). This, mainly, because one of the nice features of XML is the possibility to validate the messages by using schemas, i.e., the application is freed from the need to check the message syntax. Anyhow, to do so, you have to provide schemas and the device should also be capable of verifying the message against the schema - requiring quite a lot of computational power. That is why, now, I think XML is not the best choice for PKI operational protocols. It can be a choice when considering more high-level applications, but this is just my opinion. > =============================================== > Anyway, I am currently in a _v_e_r_y_ early stage of addressing this > topic and would not mind cooperation with other knowledgeable people. > =============================================== I guess this is the right place to ask for collaboration. We really need to discuss some of the features that would help PKIs to provide more inter operable services :) It would be interesting to discuss the topic in detail and if you can come up with a proposal... one thing we need is to have a description of the current practices and various options (standardized and non standardized) we have - so we do not duplicate existing work. I guess this could be a good starting point. > Regarding PRQP, I still feel a little bit puzzled regarding the > resources it is supposed to discover. A few examples would not hurt. An example tied to your idea would be the following. As you said different CAs support different protocols/procedures to provide certificates to its users. If PRQP is used by a CA, a client could ask which services are provided -- and the CA could reply with a list of services supported, e.g., if CMS is supported, an URL could be provided for that. If web (e.g., Xenroll) is supported, another URL could be provided for that as well. The client will then contact the URL that is supported. Another scenario where PRQP could be very useful is for service rollover. For example if a CA starts with providing CRLs and then it wants to provide OCSP only because CRLs are too big (e.g., DoD problems with CRLs), the PRPQ responder can dynamically redirect clients from one service to another. Another scenario could be adding new servers to existing ones to provide fall back servers to clients without requiring configuring round-robin or other more complicated load-balancing DNS-based service. Well, as I said before, PRQP could really open up new possibilities, that is the most interesting thing about it, I guess. Later, Max -- Best Regards, Massimiliano Pala --o------------------------------------------------------------------------ Massimiliano Pala [OpenCA Project Manager] pala@cs.dartmouth.edu project.manager@openca.org Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883 PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179 --o------------------------------------------------------------------------ --------------ms020603030803000806090105 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII2jCC BGkwggNRoAMCAQICAh3jMA0GCSqGSIb3DQEBBAUAMHcxEzARBgoJkiaJk/IsZAEZFgNlZHUx GTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0 bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFydG1vdXRoIENlcnRBdXRoMTAeFw0wNjA0MDcx NTE4MzNaFw0xMDA0MDgxNTE4MzNaMIGnMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRRGFydG1v dXRoIENvbGxlZ2UxJDAiBgNVBAsTG0NvbXB1dGVyIFNjaWVuY2UgRGVwYXJ0bWVudDEUMBIG CgmSJomT8ixkAQETBHBhbGExGjAYBgNVBAMTEU1hc3NpbWlsaWFubyBQYWxhMSQwIgYJKoZI hvcNAQkBFhVwYWxhQGNzLmRhcnRtb3V0aC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBALHoVbyJOrdrYLdA9qV5FNo8dmX6eNKj0ZgiwCsovlhhYZeYbduMJ3G91dTHZiX31lwg bhsTwl3gStQtgGBDzUn9oxJET9cO5ORfwNN9P0ZCuq1fLy38CpUEQNgjhzXYuD1PUFBDwvp8 fCvBGMXop7Rw6cCFTBnABN2R+XOpAKT9AgMBAAGjggFQMIIBTDAOBgNVHQ8BAf8EBAMCBeAw EQYJYIZIAYb4QgEBBAQDAgWgMB8GA1UdIwQYMBaAFD/A1senTwB+7waZZ2y8lh5No3cSMIGi BgNVHSAEgZowgZcwgZQGCisGAQQBQQIBAQEwgYUwPQYIKwYBBQUHAgIwMTAYFhFEYXJ0bW91 dGggQ29sbGVnZTADAgEBGhVEYXJ0bW91dGggQ29sbGVnZSBDUFMwRAYIKwYBBQUHAgEWOGh0 dHA6Ly93d3cuZGFydG1vdXRoLmVkdS9+cGtpbGFiL0RhcnRtb3V0aENQU180U2VwMDMucGRm MCAGA1UdEQQZMBeBFXBhbGFAY3MuZGFydG1vdXRoLmVkdTA/BggrBgEFBQcBAQQzMDEwLwYI KwYBBQUHMAGGI2h0dHA6Ly9jb2xsZWdlY2EuZGFydG1vdXRoLmVkdS9vY3NwMA0GCSqGSIb3 DQEBBAUAA4IBAQDOqoLRDppYBEFAtYdM5lvsbZ97q97SW7HCyNysOBtadfRH2QulfH8h+RZ6 AikMTt8yGl4JTJE5II89IPT5gRbSUadDT+Uyh1TAwNvJDxspcBS4Z4KsNw2wPwgHM1uM9xYG nS+xMcDUHCvPjSgD52HSi27alulq7jrNJMjUIK8qLI21NnDvVDVMPUIdGOz5tvmJEYu44gTV jYBJI7Q/qhZ1tdKudDh3oDW9wAhJMBct8nLn/xG15HsDtK9qHSR+O8/7/Sax7I06HbR7zsbl AJUM1gy25I89P3HEWaYaoK+ZKIjipw73076vorcidktUobIfZO1/SBXPqEBeAYTQh4Y0MIIE aTCCA1GgAwIBAgICHeMwDQYJKoZIhvcNAQEEBQAwdzETMBEGCgmSJomT8ixkARkWA2VkdTEZ MBcGCgmSJomT8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRt b3V0aCBDb2xsZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxMB4XDTA2MDQwNzE1 MTgzM1oXDTEwMDQwODE1MTgzM1owgacxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91 dGggQ29sbGVnZTEkMCIGA1UECxMbQ29tcHV0ZXIgU2NpZW5jZSBEZXBhcnRtZW50MRQwEgYK CZImiZPyLGQBARMEcGFsYTEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIFBhbGExJDAiBgkqhkiG 9w0BCQEWFXBhbGFAY3MuZGFydG1vdXRoLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAsehVvIk6t2tgt0D2pXkU2jx2Zfp40qPRmCLAKyi+WGFhl5ht24wncb3V1MdmJffWXCBu GxPCXeBK1C2AYEPNSf2jEkRP1w7k5F/A030/RkK6rV8vLfwKlQRA2COHNdi4PU9QUEPC+nx8 K8EYxeintHDpwIVMGcAE3ZH5c6kApP0CAwEAAaOCAVAwggFMMA4GA1UdDwEB/wQEAwIF4DAR BglghkgBhvhCAQEEBAMCBaAwHwYDVR0jBBgwFoAUP8DWx6dPAH7vBplnbLyWHk2jdxIwgaIG A1UdIASBmjCBlzCBlAYKKwYBBAFBAgEBATCBhTA9BggrBgEFBQcCAjAxMBgWEURhcnRtb3V0 aCBDb2xsZWdlMAMCAQEaFURhcnRtb3V0aCBDb2xsZWdlIENQUzBEBggrBgEFBQcCARY4aHR0 cDovL3d3dy5kYXJ0bW91dGguZWR1L35wa2lsYWIvRGFydG1vdXRoQ1BTXzRTZXAwMy5wZGYw IAYDVR0RBBkwF4EVcGFsYUBjcy5kYXJ0bW91dGguZWR1MD8GCCsGAQUFBwEBBDMwMTAvBggr BgEFBQcwAYYjaHR0cDovL2NvbGxlZ2VjYS5kYXJ0bW91dGguZWR1L29jc3AwDQYJKoZIhvcN AQEEBQADggEBAM6qgtEOmlgEQUC1h0zmW+xtn3ur3tJbscLI3Kw4G1p19EfZC6V8fyH5FnoC KQxO3zIaXglMkTkgjz0g9PmBFtJRp0NP5TKHVMDA28kPGylwFLhngqw3DbA/CAczW4z3Fgad L7ExwNQcK8+NKAPnYdKLbtqW6WruOs0kyNQgryosjbU2cO9UNUw9Qh0Y7Pm2+YkRi7jiBNWN gEkjtD+qFnW10q50OHegNb3ACEkwFy3ycuf/EbXkewO0r2odJH47z/v9JrHsjTodtHvOxuUA lQzWDLbkjz0/ccRZphqgr5koiOKnDvfTvq+ityJ2S1Shsh9k7X9IFc+oQF4BhNCHhjQxggL4 MIIC9AIBATB9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0 bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UE AxMTRGFydG1vdXRoIENlcnRBdXRoMQICHeMwCQYFKw4DAhoFAKCCAdEwGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzE1MTcwMDQwWjAjBgkqhkiG9w0B CQQxFgQUUPJhLKw5/1fr4mYLhQ269yLuyA0wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwgYwGCSsGAQQBgjcQBDF/MH0wdzETMBEGCgmSJomT8ixkARkWA2VkdTEZMBcGCgmSJomT 8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRtb3V0aCBDb2xs ZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxAgId4zCBjgYLKoZIhvcNAQkQAgsx f6B9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgx CzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFy dG1vdXRoIENlcnRBdXRoMQICHeMwDQYJKoZIhvcNAQEBBQAEgYAK9iViTCKMCZbleZndr4yc p+1sOs7TdlAkwTjk86xeYiVm0GrOJWn2QhL/qMEAUNyDBnjpEOD2vzh/IsNficiuiDhUPz/t fvCjxQjCA2w1+qqJgCmXar9qFZ8IvyNXeswjiQg7+kI7ivlNuvYr50UIyJv9h7FitPgZQ1t8 /Lu65QAAAAAAAA== --------------ms020603030803000806090105-- Received: from bon31-3-82-226-48-78.fbx.proxad.net (bon31-3-82-226-48-78.fbx.proxad.net [82.226.48.78]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6FGvjmh080422 for <ietf-pkix-archive@imc.org>; Sun, 15 Jul 2007 09:57:46 -0700 (MST) (envelope-from Jingtao.Maneshni@abisys.com) Message-Id: <200707151657.l6FGvjmh080422@balder-227.proper.com> Received: from madonna (unknown [145.109.98.128]) by bon31-3-82-226-48-78.fbx.proxad.net (Postfix) with ESMTP id 9E7E4E1DC088 for <ietf-pkix-archive@imc.org>; Sun, 15 Jul 2007 18:58:21 +0200 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sun, 15 Jul 2007 18:57:49 +0200 To: ietf-pkix-archive@imc.org From: "Jingtao Maneshni" <Jingtao.Maneshni@abisys.com> Subject: Sxi nur ne ofendu iel mian knabinon, pensis mi foje --- kaj tuj ekhontis neelteneble. Mime-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="=====================_16515734==.REL" --=====================_16515734==.REL Content-Type: multipart/alternative; boundary="=====================_16515734==.ALT" --=====================_16515734==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed [] Each of these ten thousand holes has its own little electric lightbulb, known as a "lamp," and its own neatly printed number code. Initializes a new instance of the class with an expandable capacity initialized to zero. I caught hold of the large handle to the left and began to pull upon it. With just a few dabs of colour in the right places she had become not only very much prettier, but, above all, far mor The children followed him. Vielleicht hatte Labude recht gehabt. Herzog just had me up in his office. But how made he escape. Vir bonus est quis. Angle in degrees measured clockwise from the x-axis to the first side of the pie section. Purple - Database components (visual and non-visual). Comando Stampa (menu File). The flechette rounds broke open, each deploying a spread of sixty thousand nail-sized shot across a hundred meter wide piece of space. Und dann brach mit einem Schlag die letzte Hemmung in ihnen, der Kreis in sich zusammen. Viplata secured card bills 2. At thirteen hundred hours local time to- nology--what we did understand of it--out of the hands of day the mothership's engines will be turned on for ten sec- the Russians. We didn't have a fire extinguisher this time. Since it's not available for the 16-bit compiler it could have shed some of its warts. At the jasper rim he bent and bathed his burning face. The perfect hostess, he often describes you as. Now restart Gens and set your joypads up again, hopefully you should now be able to get diagonals. Vin jam dum semajno atendas letero el Brazilo. Why, brother Rivers, are you yet to learn What late misfortune is befall'n King Edward. Dim intI As Integer. --=====================_16515734==.ALT Content-Type: text/html; charset="us-ascii" <html> <body> <a href="http://interestcase.hk/"> <img src="cid:7.1.0.9.2.20070715185749.0278da10@abisys.com.0" width=396 height=284 alt="[]"> </a> <br> Each of these ten thousand holes has its own little electric<br> lightbulb, known as a "lamp," and its own neatly printed number code.<br> Initializes a new instance of the class with an expandable capacity<br> initialized to zero.<br> I caught hold of the large handle to the left and began to pull upon<br> it. With just a few dabs of colour in the right places she had become<br> not only very much prettier, but, above all, far mor<br> The children followed him. Vielleicht hatte Labude recht gehabt.<br> Herzog just had me up in his office. But how made he escape.<br> Vir bonus est quis. Angle in degrees measured clockwise from the<br> x-axis to the first side of the pie section.<br> Purple - Database components (visual and non-visual). Comando Stampa<br> (menu File).<br> The flechette rounds broke open, each deploying a spread of sixty<br> thousand nail-sized shot across a hundred meter wide piece of space.<br> Und dann brach mit einem Schlag die letzte Hemmung in ihnen, der<br> Kreis in sich zusammen.<br> Viplata secured card bills 2. At thirteen hundred hours local time<br> to- nology--what we did understand of it--out of the hands of day the<br> mothership's engines will be turned on for ten sec- the Russians.<br> We didn't have a fire extinguisher this time. Since it's not<br> available for the 16-bit compiler it could have shed some of its warts.<br> At the jasper rim he bent and bathed his burning face. The perfect<br> hostess, he often describes you as.<br> Now restart Gens and set your joypads up again, hopefully you should<br> now be able to get diagonals. Vin jam dum semajno atendas letero el Brazilo.<br> Why, brother Rivers, are you yet to learn What late misfortune is<br> befall'n King Edward. Dim intI As Integer.</body> </html> --=====================_16515734==.ALT-- --=====================_16515734==.REL Content-Type: image/jpeg; name="malicious.jpg"; x-mac-type="4A504766"; x-mac-creator="4A565752" Content-ID: <7.1.0.9.2.20070715185749.0278da10@abisys.com.0> Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="malicious.jpg" R0lGODlhjAEcAYcHAAsAAHUACgB3AIx9AAoAcoAKiACOhb60zcDRtK3T9TUaAG0ZCnkSAJgeAMMc ANgtDgBIDBg2CzdIAGZGAIBLDKFHA7YxAOFNCABiABZcBzhnAGNnBH9gC5dRDLJZB+tYAAGHABp1 AEmNAGCAAI6KCZSIAMV0AOR2DACrDByZAE6gClOqAHiRCJ+cCbytANaWAAK8Cx/JADS6C1i0AHW+ B6HIAMHFDufICwDmACDjBj7aDlrtA43qDp/eALjuBN3nAAAAMSsAPUsANG4AQ4YFPqIAM8oAMeQA NwAoSSscTksgO1MWPnUtOqsTTrwWQOciOQBLTS5OQDYySFY3S3Q2Qq49Pr1ITtU7MQplNyNYSkxi PW5uRINrCZVqPshbTtxRNQ6BPBp4RUFxOWKARnt3Nq2MR7aIOtKAPwCVQxKaOE6oOWCWPHGsQK6r SbenQ9+mMQDDTi68NULEQl7LOIjIS6vEQbq5NdexQQLRMh7SQUDiPlPdSYnSMazjMsDlONvoQgAA gxgAhE0Ai14GcYsEd6UCiMYFfOMOfA0Xex4rgjwaglgcgY4UfJInjsUShd0TggA6hBNEfE1GgWs0 dnQ/caRHhbk5eN4/jAZRfyRZhjFle19Ze4xpe5xsfsBtg9xlewCMeiNzd0N6iGF9e4aIg6V0crWK eNWKgACtchibjE6eeWCugXaoeKCgdMWVeteRfADOcyzAfzjLhFG1c4Czd5W6dbO1ct/NfAzrfSDm ijPpgVfdhnrlf5TjirPqhNbZiQUEyRwLukAEw2MDuogNuZkAyscAseEDvAIWsh0eykUTyWoptocY yaIlwbcsxNMntwVOth5Hw0tExFw2tY4yxaczw7M9u+1LuAVjzBRlsjdYzGlWwn1ZwqJdur9ov9JR yQ1xsSx5sUx9yFh/toJ1s5qIxsByxuh5wAChxyKhvzegyVScv4mqt6GiwL6puemdvQDNvyiytUK/ tFXIuI25vJi1svr/4aSXq3hxePQNDgv/APH/CQMA9/gJ/wD////2/yH5BAD//40ALAAAAACMARwB Bwj/AA8IHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKNKnUq1qtWrWLNq3cq1q9evYMOK HUu2rNmzaNOqXcu2rdu3cOPKnUu3rt27ePPq3cu3r9+/gAMLHky4sOHDiBMrXsy4sePHkCNLxpgv H8vKkzMfrMzZ8knMAkFv7Mx5oGjNmkmXNin6dEbVoF2jjrza9GfPIE+Xlj37Me/bIl1j/t17MfED qgkOr42cdEHYpj0nj978uHDLy3U7p74b++rO0cE///+Ou3lxp9anV9++vjZs3LHVv094vb17+c7f T4ceOjn58+iVt1BrBCJUIHX9bQbfgQoqJx2D44Xn4IILNpigbeZlCOBSx9mH4IX9iVcfiPg5SB9/ 2k14X4QfarifgAh2uGFQ6bGXYogiCnggfxr2OJ54ILpYooktxrfdb7vNyBRxKwZpZIw6Vthkj0zC 6OSDFQZJZXnZQXmijEoChSSXWV5444jm3bjliQaSeWWLa3Lnpo8qhsmhcEKWmSGBWEqYIJ9FWqll oCRCGOefFIaonJ92KjXffG/ax6eN3g05KJyESqrnoWnyyCOdjRqF33KZrrclqWZ2V6pBYxJpqqFq 7v+panhohmorjYLeqmtOYO7qK0y9/iqsSsEOa+yxyCar7LLMrhVAs4c9+yxB0xYUwLUJVauRttRe y61B037bkLfYciQutEZJO5C3CJ0rkLsUiastvPAyNK+56CpFbrnvttsvuweQGzDA0qoL8MDlCrwu uAEjvHDDBVerMLXWQqzuw/u+mzC7ChesMb/50nQxxQeFK3G/DS/M78opo/ztywNj/O/J95Ks8skq U4xzuDrjjHLIM438MMMtp8xzzkNDTDLMFdfM8701J6100kIL7bLONhcNtEv7cnvu0VcjzHHWERNM NNYyTz3zxD//S3bRJu+M9scHbw2T1VqnHTbTbeP/nTfMTruNtL9zw2340n0fbrfIeTduNOKGR632 42dTvnfkWR8eNbYSj3w01G8v/pLVGXdb9bplJ45x3SDTTfXVTtdNt88fG8157aiL3bbuokNbb+/A lxz88AqxTfzxyCev/PLMN+/889BHL/301Fdv/fXYZ6/99tx37/334Icv/vjkl2/++einr/767Lfv /vvwxy///PTXb//9+OfvFACB3XADRf9zCP+2pg99CKSAB0AgSAY4EAYWBAAQJEgEdxLAA/yvghjx n/8OUkEMCkSDGzSIBxXiQAg6sIETNOEEw6RABYZEhQJZoQQbGEOfdJAjIyzIDTmYkBweBIYMPGEQ /w9wQju10IBHdGEBl5hAJjbRhTQU4g+j+JMbBlCDAwGhBbdowRBmUYQhxCIWdUiQMWrxg14kohoN IsUaFtGIToRiE+c4RycSRI78ayMbU2jCnlzwg2S04gg9aMYv7lCEPLTiFIvIyCj2MVRLNCAdI4lE SSIQipTcYwmn6EYaUpCLVxSjIcs4RkQqEpA8zKIoAZlGFG6SjZ6MJQvjWMkD1rKOkpxkLmc4RFh2 soafvCIXt3jKYfrwj6z8YiqNyUw0wnKAb1yjNIHZKCXe8pKWvKUuFylLaFKRmtTspTTFSc5YlhOR yUwnMZU5zECOEpXoZOYh29nJRo7znpDMZRL3qf/NJ+LxkURcYRAFKsNwmvOgBk0oPqfJzlCGcZVo TOMZuyhMVcaTohc0YythGNBHDvSjQJOjAMviw5xEM3mRpMhJs1LKn6xUfzCNqUz7gZF+0HQiN23I S23CD35AZKfls6lND5BTgtC0qAYRKlIFktOlKnWpRH1ICQsaQ4ICtSE9zeoBeooQrnKVIVONplWz B9WkLqSsA2kqQtCK1gf2UZwGhStFvopVnwrwrbIEp1yl51SmDjWqNxWqUZP6V8EKtiBFPaxS0/rX Xz7wseBkqEToOpCvZtWuXsWsVnnJybzuNXp9HexRo3oQxaaVtKhFbGlRO9pnutWX47yqQigrENr/ ZnarPqXtN2fo1hTmla9mJaphAdvW1gL2tKtl7FDV2lgJUpWRAI3sZO1KEMteFrfY3awmeQvZNXK0 en1lLmvLatzyrhW5x2UqY13LXdhKNyK6vW12c0td7XJWsgp9L2hVK97Enle86k0uaweMXir2so1y PadkbUvf2jaYsrpVYx59CVfZLm+xgR3uUZsr3Maadr2qVe6GC8vh7wJ0oM6150LfeNkG41art71u b6HJUZBWVaYqsfBQdIxjl/A4KD/usZCHTGSYGOAAR15IkKuy5OslGclQ1ogBpnyQIz85IWH9oQyb fBELTzgiWZ7xZ5/35CtvxMwCsbKS8RrZA3PZ/yI81jEQf+tJqkKvzFGecpn1DOUk87nKaaZyn6NM aAl3FrZvrogQfVvPCH45uoZ2b3sTvTU1F3rQaUYymtGM6UFbutBfbq9zRY2SV0ba0Cju7qnprFcn 5znQVMbzlfXMaSvTGtOfdiWpu0vpiYTVt96sMKSje1I9Us/Sn042ofFskFzj+tK/3OmYS2Lqb4Za wdYmoaqPPRBly7rb4G72sjvNaVRTGKG8RreCE8zdcq7btSpWcfWYfWtNx5og9YZ1twWt7BlX1aO6 /jei1U3wNnt0y3UOdUd//W9GMxTS4iu3RSTe6/3B9M8doXhaKl7kjnv844f+yj04wvHqfbfL2/8O OKt7MvKBjPzlGglzigW6PY7X+I3kLPlJWi4QmPMczmzGLzDtTD3o0jiPNt6tfussdJYTxOf38HnP oz71l//81GOuNvYAHu0233fl3l06T34u9akbBOYHaPnPr81qrWuP7d707rARjpCPEn3sT0+73nv+ 9KijXe29za9nvwf3oS90t2INOVDIrneeO97lewf8Y9kuaZ0vrvBh3yvlDa/4dyvU8ysuOOPRvvfS /53vk8en5mt+YkbH/eQmpvnC3Q762hc89NT0u+SpTna/Rx71DVd5gu8OP8uDxfjvQ75XlA/y5jv/ +RthPkleulLpK9pYm8h+9hmyCYd0fyQyf+3/7D/i9pSrusZgvn76d93N2Xyf+94Hf9DlzX6Ug73p rXbsSE1ycyynWjPvdwDaNxADOIACuH0CUYAIaIDd930MaIAHGICrNniKF3O8BXBIN1bTNESxd3RH J3Co5mjB1npSZGxfh3+N8X4qKIAEsYIJyIIEGIMvuIAxuIIuqH8BpUkmGH0qBHdx93AbiHj3xIEH 5Xr1JIRKh18/iIKMoYLa14A3aINR+IQwWIUNWINUmGKVh24esUk9iHtz5ko/mIGOhnhhGHbm5kYn 11G79oVil4IyWBDbF4UEeIUv2IJxaIcsKIGpJ2rY1hFemG6OpXB6pHBDSIFoOGFEiGWH517W/xcX dFiDeYiHdFiJkniHnHVgCZV4n8eFQbiIh6h/hRiKWIeEwUaKjVRh5+d+LbiACHiACeiKThiLDtiK tXiHEBh8IBhbWXd77JZwY0iChCiIXCd3IKiJaSh3i6aBQLiL3POIcwGNziONcUGN0HeN2JiN2riN 3NiN3viN4BiO4jiO5FiO5niO6JiO6riO7NiO7viO8BiP8jiP9FiP9niP+JiP+riP/NiPxKdlOUht XPaPR0F0z2WNdtKDxTZVATl9A4mQ8teQ4jdq0bOGM4dCEikSBLlmUmGQ0FWRbqiDGHmQHchH/Xdj JumBWgZEb5VqCqmL/rZwDSdWB3djMpmDKf85kzQ2k8xDfLGXkWyIkyhWkwSVkSKIc0PJRyOZlDqV gTYJlKOmlFGJdK9FlFT5lNMjlSK4R0vZlSjJlFNZd2DZkFv5lU1Jlv8HkDcZlgVVlkKJltajlVdJ kW9plnZZl1/okV4Jl0UZlDo4lwqJlAdnVVuZkoBJlYEZl27olhh5l275mIi5k3rpmGO5ZR9Zl1BJ kTkZkIV5lZCJmddjmaD5lJ9ZlCaJl3Mpfi3ZmKvpl0CplH35mjtJmpIZmZSJmRuJPKLJmDophh5I mGWZlwvJkjNnmGQolq3JkysZm+MXnCx5kiF5PrmZmz4GkeA4ndZJQhbZj9zZncNCnRqZnff/+JJ/ mRGTSZdqSX5Ldp5Dtp3M2YVxZnzg+Y3kiZ69qZzNqZKyOXu/qZzPKYz9KWYqaZhCWZLzST7seYyH aZSLtp81CZdf+YG4OZvbVaB3GaG32WOLWZmpyaAO6pL/95kZep6l2aCmmZZCVqLCqZrEWZUg6psi WqAnyZW32ZYL+p4aeqOX6ZW8OaG0SaN8iZRiuZe8WaKNKVMnSqQd6pwfypohuqAjSpNK6qFJ6pox taEG6puc2aJhSZsBGpsEqnIw+qP5CaH12XEHuj/Sl6b0w6ZM4aZgtZ3eOad0Wo3KB6d1yoMW2Xq+ JmcVZ2dSWY/uiaNn+VPSiKf0GZ26GKZ//xmg+TmYm6mZnrmaWCqe9eORsImiQbqXR3qiQvqWogmh +9iZotqpOgqkVbqcFxqoiFqOOYmjqdqjYNqhF7mls2mZlpqjwQerHLqfP3p3M4qaQDqeIMWrApeq psqpqMqQgXqkxBpwijqm44efkEqh6XmUFNqSrZqn3Nqt3vqt3bmt4GoTZ7qL2Cmn5ll9msqPg7qu 14qQ4rqO5XqTjEqX2Eqt1SqT2EqgYVqf6EqOmFqbzvqrrJqaNlqbt9qrVqmPpGqsGQqaNjqlm1qj uYqkA6qp5Amcp+mhUTqlfQlx8viqGLujwLqkvTqxPjqwIVusI7uszlqkJxurUIqV86iB0f/qq/4J oEEKe875oDI6rtUJtFARr0JbtEaLGER7Emy6tBWbPvM6r/4nkHE6rIZKtVPbniCbpkmbnmAWZFtr sXtqdHY3rZJqk5Xam3Jpq/mqqhlLhsYZoQDatHaToF2qsmYrsBg6sZmKsgephaCaqQK7sDSLP+UK s/7XthKrtv0ns8OapIxrpIN7PyS5sZnJnwUrqsa5t3CbtZcLuX+buPoTsRLZrALauU+qk5o7mlHr uAp7qpFrP6Ibqj6ZrTH7sWCZnCW7qY/ruiALu2J7nGJatlo6uiF5ufyJn7XKuje3uCD6r0cbnlZb tc+bYzsqVc47vdibvTjxtVPLvd76tNH0Cqc9Cohyq57jM6jQ672VuxTqO7fhu4yTWq12R6pQuaJ3 u685m5j5K5g6urw6q6/Xq5hD6rcqSrFbSrXIirmTSrGfSrAIy8B2K53266O7C5P2mcCzesAULKXJ WsGrWr7NIroyiru8y7kTSbkZnLaJWbK0y7eu+7rmI8Ky2roWPLDMabzCqrr/6Lk8bLAgzCwy/MI9 W6oXLKF328EJi7JDepoeDLE/vCxBnLNOyqUs/LY8+6VJPK0BO6Ztm6UM+sSEB8YkV7322L4z0bfa m8ZqvMZs3MZu/MZwHMdyPMd0XMd2fMd4nMd6vMd83Md+/MeA7CsBAQA7 --=====================_16515734==.REL-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6F4u63I041772 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 14 Jul 2007 21:56:06 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6F4u65f041771; Sat, 14 Jul 2007 21:56:06 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from pne-smtpout1-sn2.hy.skanova.net (pne-smtpout1-sn2.hy.skanova.net [81.228.8.83]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6F4u2av041764 for <ietf-pkix@imc.org>; Sat, 14 Jul 2007 21:56:05 -0700 (MST) (envelope-from anders.rundgren@telia.com) Received: from arport2v (81.232.45.243) by pne-smtpout1-sn2.hy.skanova.net (7.2.075) (authenticated as u18116613) id 46971B4200057FB7; Sun, 15 Jul 2007 06:56:00 +0200 Message-ID: <008601c7c69c$720de6e0$82c5a8c0@arport2v> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "Massimiliano Pala" <pala@cs.dartmouth.edu>, "pkix" <ietf-pkix@imc.org> References: <46969D31.1000803@cs.dartmouth.edu> Subject: Re: PKI Resource Discovery - Proposal for a new Working Item Date: Sun, 15 Jul 2007 06:56:02 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Max, In case you find that there is limited interest in PRQP, I encourage you to explore other avenues in this space. As the OpenCA Program Manager, I guess you are aware of the fact that on-line provisioning of certificates is not fully standardized? One could consider Xenroll a standard since it is supported by 80% of the browsers used in PCs. However, Xenroll is not supported by more than a tiny faction of mobile browsers. The latter is an interesting target given the 3Bn+ users that will most likely use mobile phones as their primary, always connected Internet channel. Theoretically one could distribute keys in SIM cards, but for practical reasons like operator lock, limited storage, and poor processing capability, TPMs as defined by TrustedComputingGroup looks like a better candidate for the universal mobile "key-ring". Various radio-technologies potentially also open these keys for desktop usage where the phone becomes a "security device" including an integrated PIN-code terminal. Although there is also the [not by MSFT supported] JavaScript method generateCRMFrequest(), it is actually rather primitive compared to Xenroll, since only the latter allows multiple passes which can be quite useful. In fact, IETF's recently launched KEYPROV activity, deals with up to four passes (!) for the provisioning of symmetric keys. I consider the KEYPROV way of doing things superior to Xenroll and generateCRMFrequest, since it does not expose an API, just a pure XML protocol giving a uniform user experience and an easier-to-secure implementation (APIs can be used in many ways, while strictly defined XML schema-based protocols give little room for misusage). =============================================== Anyway, I am currently in a _v_e_r_y_ early stage of addressing this topic and would not mind cooperation with other knowledgeable people. =============================================== Regarding PRQP, I still feel a little bit puzzled regarding the resources it is supposed to discover. A few examples would not hurt. Regards Anders ----- Original Message ----- From: "Massimiliano Pala" <pala@cs.dartmouth.edu> To: "pkix" <ietf-pkix@imc.org> Sent: Thursday, July 12, 2007 23:29 Subject: PKI Resource Discovery - Proposal for a new Working Item Hi all, some times ago I posted a message about a proposal for a PKI Resource Discovery Protocol ( PRQP ), which I finally formalized and submitted as an I-D. Unfortunately, because the deadline was already over, it will not probably published on the ietf archive before the next meeting. Thanks to all of you who actually helped me and provided useful comments. At this point we would like to know if the WG would like to take this as a working item as we really think it could improve the usability and interoperability of PKIs (especially for isolated PKI islands or in environments like Grids). The proposed I-D can also be found here: https://www.openca.org/projects/libprqp/docs/draft-pala-prqp-00.html or here: https://www.openca.org/projects/libprqp/docs/draft-pala-prqp-00.txt I hope there will be time to talk about the proposal at the meeting in Chicago. -- Best Regards, Massimiliano Pala --o------------------------------------------------------------------------ Massimiliano Pala [OpenCA Project Manager] pala@cs.dartmouth.edu project.manager@openca.org Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883 PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179 --o------------------------------------------------------------------------ Received: from host-24-149-155-127.patmedia.net (host-24-149-155-127.patmedia.net [24.149.155.127]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6ENACRc023568; Sat, 14 Jul 2007 16:10:13 -0700 (MST) (envelope-from kyhwomanmanagementfop@womanmanagement.net) Received: from 205.234.132.11 (HELO womanmanagement.net) by imc.org with esmtp ((10'7BILN4, SPGZ2) id G,LV-0-63AD;K-54 for ietf-pkix-request@imc.org; Sat, 14 Jul 2007 23:10:15 +0500 Date: Sat, 14 Jul 2007 23:10:15 +0500 From: "Elnora Santana" <kyhwomanmanagementfop@womanmanagement.net> X-Mailer: The Bat! (v2.00.6) Educational X-Priority: 3 (Normal) Message-ID: <610942477.51243466882559@thhebat.net> To: ietf-pkix-request@imc.org Subject: Less weight - more pleasure and joy MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------AD30C17F67F67F" X-Spam: Not detected ------------AD30C17F67F67F Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: quoted-printable Take advantage of the chance! =96 Anatrim =96 The very up-to-date and=20= most exciting lose flesh product is now easily available =96 As could be=20= seen on Oprah Do you recall all the times when you asked yourself to do anything to=20= get rid of this terrible number of kilos? Happily, now no big offering is=20= required. Thanks to Anatrim, the ground-shaking, you can achieve=20= healthier life style and become really slimmer. Just look at what our=20= customers state! =93I had always led a stunning life till a year ago my girl told me I=20= was obese and in a great want of being careful to my health. Life was=20= never the same after that, until I disclosed Anatrim =99. Since loosing=20= more than 40 lbs thanx to Anatrim, my private life has come back,=20= notoriously better even than before. Many thanks to you for the=20= astonishing stuff and the first-class maintenance service. Keep up your=20= worthy work!=94 Dave Klark, Chicago "Nothing to compare with gliding into a bikini I have not worn for many=20= long years. I feel slender, steadfast, and sturdy, thanks to a=20= considerable degree to Anatrim! A plenty of thanks to you!" Lusia R., Chicago Check out Anatrim, and you'll join the worldwide community of=20= thousands of delighted customers who take pleasure in the revolutionary=20= effects of Anatrim just now. Less gorging madness, less kilos and more=20= happiness in your life! Go right here to gaze at unbreakable Anatrim arrangements we=92d like=20= to so glad!!! http://www.porsek.com/?fqyghpnuhm ------------AD30C17F67F67F Content-Type: text/html; charset=windows-1250 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Watch your body change with Anatrim</TITLE> </HEAD> <BODY> <p> <center> <b> <a href=3D"http://www.porsek.com/?fqyghpnuhm" target=3D"_blank"> Take advantage of the chance! =96 Anatrim =96 The very up-to-date and=20= most exciting lose flesh product is now easily available =96 As could be=20= seen on Oprah </a> </center> <br> Do you recall all the times when you asked yourself to do anything to=20= get rid of this terrible number of kilos? Happily, now no big offering is=20= required. Thanks to Anatrim, the ground-shaking, you can achieve=20= healthier life style and become really slimmer. Just look at what our=20= customers state! <br> <br> <i> =93I had always led a stunning life till a year ago my girl told me I=20= was obese and in a great want of being careful to my health. Life was=20= never the same after that, until I disclosed Anatrim =99. Since loosing=20= more than 40 lbs thanx to Anatrim, my private life has come back,=20= notoriously better even than before. Many thanks to you for the=20= astonishing stuff and the first-class maintenance service. Keep up your=20= worthy work!=94 </i> <br> <b> <i> Dave Klark, Chicago </i> </b> <br> <br> <i> "Nothing to compare with gliding into a bikini I have not worn for many=20= long years. I feel slender, steadfast, and sturdy, thanks to a=20= considerable degree to Anatrim! A plenty of thanks to you!" </i> <br> <b> <i> Lusia R., Chicago </i> </b> <br> <br> Check out Anatrim, and you'll join the worldwide community of=20= thousands of delighted customers who take pleasure in the revolutionary=20= effects of Anatrim just now. Less gorging madness, less kilos and more=20= happiness in your life! <br> <br> <center> <a href=3D"http://www.porsek.com/?fqyghpnuhm" target=3D"_blank"> Go right here to gaze at unbreakable Anatrim arrangements we=92d like=20= to so glad!!! </a> </center> </b> </p> <font color=3D"#D9EDFF">http://www.porsek.com/?fqyghpnuhm</font> </BODY></HTML> ------------AD30C17F67F67F-- Received: from host-89-228-33-38.elk.mm.pl (host-89-228-33-38.elk.mm.pl [89.228.33.38]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6EEvBQ1055895; Sat, 14 Jul 2007 07:57:12 -0700 (MST) (envelope-from kyhwoodbrookfop@woodbrook.org) Received: from [89.228.33.38] by woodbrook.org; Sat, 14 Jul 2007 14:57:12 -0100 Date: Sat, 14 Jul 2007 14:57:12 -0100 From: "Krystal Earl" <kyhwoodbrookfop@woodbrook.org> X-Mailer: The Bat! (v2.00.18) Personal Reply-To: kyhwoodbrookfop@woodbrook.org X-Priority: 3 (Normal) Message-ID: <224207266.64395734964709@woodbrook.org> To: ietf-pkix-archive@imc.org Subject: Olny this 5 days special price on pharma for you dear customer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------B014D3567E3C01B2" ------------B014D3567E3C01B2 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Hi!!! Matchless proposal for you Our Dear Clients!!! Only during these five days for our customers unimaginable offer!!! On all cures you want!!! Fill your life with colours of gladness!!! http://asksay.hk/ Best wishes, On-line community of pharmaceutists ------------B014D3567E3C01B2 Content-Type: text/html; charset=iso-8859-2 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <strong><font color="#1CA82E"><em>Hi!!! </em></font><br> Matchless proposal for you <font color="#FF0000"><em>Our Dear Clients!!!</em></font><br> Only during these <font color="#FF0000"><em>five days</em></font> for our customers unimaginable offer!!! <br> On all cures you want!!! </strong> <strong><br><br> <a href="http://asksay.hk/" target="_blank"><em>Fill your life with colours of gladness!!! </em></a></strong> <p><font color="#D9EDFF">http://asksay.hk/</font></p> <p><strong>Best wishes,<br> <em>On-line community of pharmaceutists</em></strong></p> </BODY></HTML> ------------B014D3567E3C01B2-- Received: from tb5kga717ao4zf1 (89.20.118.16.permonline.ru [89.20.118.16] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6DL4IZH084892; Fri, 13 Jul 2007 14:04:27 -0700 (MST) (envelope-from nifwebsreechdot@websreech.de) Received: from 212.227.15.169 (HELO mx00.kundenserver.de) by imc.org with esmtp (<-S=-Z,/?)0R <8SF) id @,;46=-3=Y47:-.0 for ietf-pkix-oid-reg@imc.org; Fri, 13 Jul 2007 21:04:23 -0500 Date: Fri, 13 Jul 2007 21:04:23 -0500 From: "Dianna Wynn" <nifwebsreechdot@websreech.de> X-Mailer: The Bat! (v3.60.07) Educational X-Priority: 3 (Normal) Message-ID: <070064987.30160772781983@thhebat.net> To: ietf-pkix-oid-reg@imc.org Subject: Watch your body change with Anatrim MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------EB80C1780555C9" X-Spam: Not detected ------------EB80C1780555C9 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Profit by your chance! =96 Anatrim =96 The latest & most attracting=20= lose flesh product available =96 As were seen on Oprah Can you hold in your memory all the times when you appeal to yourself=20= to do any thing to get rid of this terrible pounds of fat? Fortunately,=20= now no great price is to be paid. Thanks to Anatrim, the ground-shaking,=20= you can achieve healthier mode of life and a really slender figure.=20= Notice what people say! =93I always had a great life till a year back my girl told me I was=20= obese and in need of being careful to my health. Life went the wrong way=20= after that, until I discovered Anatrim =99. Since loosing about 40 pounds=20= thanks to Anatrim, my private life is back on track, significantly=20= better than even before. A plenty of thanx to you for the marvelous=20= product and the great maintenance service. Go on your useful action!=94 Mikkey Fox, Bellevue WA "Nothing to compare with gliding into a bikini that I haven't worn for=20= a long period. I feel svelte, determined, and sturdy, thanks in great=20= part to Anatrim! A great deal of thanks to you!" Linda F., Bellevue WA Check out Anatrim, and you will add yourself to the world-wide company=20= of thousands of delighted buyers who=92re getting pleasure out of the=20= revolutionary effects of Anatrim right now. Less gorging insanity, less=20= kilogrammes and more joy in your life! Proceed here to look at unbeatable Anatrim dealings we are so glad to=20= propose!!! http://www.sunpail.com/?ujymkwxmd ------------EB80C1780555C9 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>A simple and safe way to weigh less</TITLE> </HEAD> <BODY> <p> <center> <b> <a href=3D"http://www.sunpail.com/?ujymkwxmd" target=3D"_blank"> Profit by your chance! =96 Anatrim =96 The latest & most attracting=20= lose flesh product available =96 As were seen on Oprah </a> </center> <br> Can you hold in your memory all the times when you appeal to yourself=20= to do any thing to get rid of this terrible pounds of fat? Fortunately,=20= now no great price is to be paid. Thanks to Anatrim, the ground-shaking,=20= you can achieve healthier mode of life and a really slender figure.=20= Notice what people say! <br> <br> <i> =93I always had a great life till a year back my girl told me I was=20= obese and in need of being careful to my health. Life went the wrong way=20= after that, until I discovered Anatrim =99. Since loosing about 40 pounds=20= thanks to Anatrim, my private life is back on track, significantly=20= better than even before. A plenty of thanx to you for the marvelous=20= product and the great maintenance service. Go on your useful action!=94 </i> <br> <b> <i> Mikkey Fox, Bellevue WA </i> </b> <br> <br> <i> "Nothing to compare with gliding into a bikini that I haven't worn for=20= a long period. I feel svelte, determined, and sturdy, thanks in great=20= part to Anatrim! A great deal of thanks to you!" </i> <br> <b> <i> Linda F., Bellevue WA </i> </b> <br> <br> Check out Anatrim, and you will add yourself to the world-wide company=20= of thousands of delighted buyers who=92re getting pleasure out of the=20= revolutionary effects of Anatrim right now. Less gorging insanity, less=20= kilogrammes and more joy in your life! <br> <br> <center> <a href=3D"http://www.sunpail.com/?ujymkwxmd" target=3D"_blank"> Proceed here to look at unbeatable Anatrim dealings we are so glad to=20= propose!!! </a> </center> </b> </p> <font color=3D"#D9EDFF">http://www.sunpail.com/?ujymkwxmd</font> </BODY></HTML> ------------EB80C1780555C9-- Received: from AMontpellier-158-1-19-87.w90-37.abo.wanadoo.fr (AMontpellier-158-1-19-87.w90-37.abo.wanadoo.fr [90.37.10.87]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6DFM3Lh053035; Fri, 13 Jul 2007 08:22:07 -0700 (MST) (envelope-from nifwehrstedtdot@wehrstedt.com) Received: from 217.160.169.52 (HELO mail.wehrstedt.com) by imc.org with esmtp (-1R<;(>-.S J?0/) id KB*X,E-D22.B0-2J for ietf-pkix-request@imc.org; Fri, 13 Jul 2007 15:22:07 -0100 Date: Fri, 13 Jul 2007 15:22:07 -0100 From: "Marlin Valencia" <nifwehrstedtdot@wehrstedt.com> X-Mailer: The Bat! (v3.5.30) Home X-Priority: 3 (Normal) Message-ID: <286479554.22221778051955@thhebat.net> To: ietf-pkix-request@imc.org Subject: Last offer- Discount special for PE patch almost over MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------92CB675FF84090" X-Spam: Not detected ------------92CB675FF84090 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable Ultimately the true stuff =96 without swindle! P.E.P. are very hot right this time! This is the original thing not an=20= imitation! One of the very prominents, totally unequalled produce is easy=20= accessible anywhere! Pay attention to just what people tell about this produce: "I like how swiftly this product affected on my boyfriend, he can=92t=20= put an end to his jabber on how hot he is having such new girth, extent,=20= and libido!" Lusia R., San Diego "At the beginning I considered the gratuitous sample I acquired was a=20= prank, till I have taken taking the P.E.P. I can not describe depict how=20= greatly satisfied I am with the outcomes I achieved from using the stuff=20= for 3 brief months. I'll be requesting continually!" Mike Brown, Bellevue WA Check up more testimonies on this astounding product just now! http://www.ominshir.net/?ofytnjyankj ------------92CB675FF84090 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Other guys are improving themselves..are you? </TITLE> </HEAD> <BODY> <b> Ultimately the true stuff =96 without swindle! <br> <a href=3D"http://www.ominshir.net/?ofytnjyankj"=20= target=3D"_blank">P.E.P.</a> are very hot right this time! This is the=20= original thing not an imitation! <br> One of the very prominents, totally unequalled produce is easy=20= accessible anywhere! <br> Pay attention to just what people tell about this produce: <p> <i> "I like how swiftly this product affected on my boyfriend, he can=92t=20= put an end to his jabber on how hot he is having such new girth, extent,=20= and libido!" </i> </p> Lusia R., San Diego <p> <i> "At the beginning I considered the gratuitous sample I acquired was a=20= prank, till I have taken taking the P.E.P. I can not describe depict how=20= greatly satisfied I am with the outcomes I achieved from using the stuff=20= for 3 brief months. I'll be requesting continually!" </i> </p> Mike Brown, Bellevue WA <center> <a href=3D"http://www.ominshir.net/?ofytnjyankj" target=3D"_blank"> Check up more testimonies on this astounding product just now! </a> </center> </b> <font color=3D"#D9EDFF">http://www.ominshir.net/?ofytnjyankj</font> </BODY></HTML> ------------92CB675FF84090-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6DFHlGc052698 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 Jul 2007 08:17:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6DFHlBv052697; Fri, 13 Jul 2007 08:17:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp100.rog.mail.re2.yahoo.com (smtp100.rog.mail.re2.yahoo.com [206.190.36.78]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l6DFHjhW052690 for <ietf-pkix@imc.org>; Fri, 13 Jul 2007 08:17:46 -0700 (MST) (envelope-from thierry.moreau@connotech.com) Received: (qmail 20968 invoked from network); 13 Jul 2007 15:17:27 -0000 Received: from unknown (HELO connotech.com) (t2i6@rogers.com@209.148.165.15 with plain) by smtp100.rog.mail.re2.yahoo.com with SMTP; 13 Jul 2007 15:17:27 -0000 X-YMail-OSG: 4HxEV50VM1kSp17h15zIdZfzlgHQadEh4mn_EAJG81K.YTiwwgtIHsJKLLE1GLyBQQ-- Message-ID: <469797CE.8080802@connotech.com> Date: Fri, 13 Jul 2007 11:18:38 -0400 From: Thierry Moreau <thierry.moreau@connotech.com> User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Anders Rundgren <anders.rundgren@telia.com> CC: ietf-pkix@imc.org Subject: Re: Trust Anchor Management Protocol (TAMP) References: <02fa01c7c4b6$8aa99510$82c5a8c0@arport2v> In-Reply-To: <02fa01c7c4b6$8aa99510$82c5a8c0@arport2v> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Anders Rundgren wrote: > NSA is reportedly developing a protocol for trust anchor management, > possibly intended to become a PKIX WG item. > > Reference: http://cryptome.org/poet-docs.htm item 44. > E.g. see http://www.ietf.org/internet-drafts/draft-wallace-ta-mgmt-problem-statement-01.txt Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: thierry.moreau@connotech.com Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CMAMfA080313 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jul 2007 15:10:22 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6CMAMm2080312; Thu, 12 Jul 2007 15:10:22 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from [10.20.30.108] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CMALRY080303 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Thu, 12 Jul 2007 15:10:22 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: <p06240805c2bc56c02b1e@[10.20.30.108]> In-Reply-To: <02fa01c7c4b6$8aa99510$82c5a8c0@arport2v> References: <02fa01c7c4b6$8aa99510$82c5a8c0@arport2v> Date: Thu, 12 Jul 2007 15:10:19 -0700 To: <ietf-pkix@imc.org> From: Paul Hoffman <paul.hoffman@vpnc.org> Subject: Re: Trust Anchor Management Protocol (TAMP) Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 8:57 PM +0200 7/12/07, Anders Rundgren wrote: >NSA is reportedly developing a protocol for trust anchor management, >possibly intended to become a PKIX WG item. No, it is meant to be a separate WG. It appears that you missed the announcement on this list a month ago. <http://www.imc.org/ietf-pkix/mail-archive/msg04747.html>. >Although there seems to be no public data available Except, of course, the mailing list for the BoF. <http://www.vpnc.org/ietf-trust-anchor/> --Paul Hoffman, Director --VPN Consortium Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CLTRxQ076172 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jul 2007 14:29:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6CLTRVf076171; Thu, 12 Jul 2007 14:29:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail.cs.dartmouth.edu (mail.cs.dartmouth.edu [129.170.212.100]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CLTPXh076164 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Thu, 12 Jul 2007 14:29:26 -0700 (MST) (envelope-from pala@cs.dartmouth.edu) Received: from [129.170.212.237] (dhcp-212-237.cs.dartmouth.edu [129.170.212.237]) (authenticated bits=0) by mail.cs.dartmouth.edu (8.13.8/8.13.8) with ESMTP id l6CLTLGR021646 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <ietf-pkix@imc.org>; Thu, 12 Jul 2007 17:29:24 -0400 Message-ID: <46969D31.1000803@cs.dartmouth.edu> Date: Thu, 12 Jul 2007 17:29:21 -0400 From: Massimiliano Pala <pala@cs.dartmouth.edu> Organization: Dartmouth College - Computer Science Department User-Agent: Thunderbird 2.0a1 (X11/20060724) MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: PKI Resource Discovery - Proposal for a new Working Item Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms050102060101060701080402" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms050102060101060701080402 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi all, some times ago I posted a message about a proposal for a PKI Resource Discovery Protocol ( PRQP ), which I finally formalized and submitted as an I-D. Unfortunately, because the deadline was already over, it will not probably published on the ietf archive before the next meeting. Thanks to all of you who actually helped me and provided useful comments. At this point we would like to know if the WG would like to take this as a working item as we really think it could improve the usability and interoperability of PKIs (especially for isolated PKI islands or in environments like Grids). The proposed I-D can also be found here: https://www.openca.org/projects/libprqp/docs/draft-pala-prqp-00.html or here: https://www.openca.org/projects/libprqp/docs/draft-pala-prqp-00.txt I hope there will be time to talk about the proposal at the meeting in Chicago. -- Best Regards, Massimiliano Pala --o------------------------------------------------------------------------ Massimiliano Pala [OpenCA Project Manager] pala@cs.dartmouth.edu project.manager@openca.org Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883 PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179 --o------------------------------------------------------------------------ --------------ms050102060101060701080402 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII2jCC BGkwggNRoAMCAQICAh3jMA0GCSqGSIb3DQEBBAUAMHcxEzARBgoJkiaJk/IsZAEZFgNlZHUx GTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0 bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFydG1vdXRoIENlcnRBdXRoMTAeFw0wNjA0MDcx NTE4MzNaFw0xMDA0MDgxNTE4MzNaMIGnMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRRGFydG1v dXRoIENvbGxlZ2UxJDAiBgNVBAsTG0NvbXB1dGVyIFNjaWVuY2UgRGVwYXJ0bWVudDEUMBIG CgmSJomT8ixkAQETBHBhbGExGjAYBgNVBAMTEU1hc3NpbWlsaWFubyBQYWxhMSQwIgYJKoZI hvcNAQkBFhVwYWxhQGNzLmRhcnRtb3V0aC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBALHoVbyJOrdrYLdA9qV5FNo8dmX6eNKj0ZgiwCsovlhhYZeYbduMJ3G91dTHZiX31lwg bhsTwl3gStQtgGBDzUn9oxJET9cO5ORfwNN9P0ZCuq1fLy38CpUEQNgjhzXYuD1PUFBDwvp8 fCvBGMXop7Rw6cCFTBnABN2R+XOpAKT9AgMBAAGjggFQMIIBTDAOBgNVHQ8BAf8EBAMCBeAw EQYJYIZIAYb4QgEBBAQDAgWgMB8GA1UdIwQYMBaAFD/A1senTwB+7waZZ2y8lh5No3cSMIGi BgNVHSAEgZowgZcwgZQGCisGAQQBQQIBAQEwgYUwPQYIKwYBBQUHAgIwMTAYFhFEYXJ0bW91 dGggQ29sbGVnZTADAgEBGhVEYXJ0bW91dGggQ29sbGVnZSBDUFMwRAYIKwYBBQUHAgEWOGh0 dHA6Ly93d3cuZGFydG1vdXRoLmVkdS9+cGtpbGFiL0RhcnRtb3V0aENQU180U2VwMDMucGRm MCAGA1UdEQQZMBeBFXBhbGFAY3MuZGFydG1vdXRoLmVkdTA/BggrBgEFBQcBAQQzMDEwLwYI KwYBBQUHMAGGI2h0dHA6Ly9jb2xsZWdlY2EuZGFydG1vdXRoLmVkdS9vY3NwMA0GCSqGSIb3 DQEBBAUAA4IBAQDOqoLRDppYBEFAtYdM5lvsbZ97q97SW7HCyNysOBtadfRH2QulfH8h+RZ6 AikMTt8yGl4JTJE5II89IPT5gRbSUadDT+Uyh1TAwNvJDxspcBS4Z4KsNw2wPwgHM1uM9xYG nS+xMcDUHCvPjSgD52HSi27alulq7jrNJMjUIK8qLI21NnDvVDVMPUIdGOz5tvmJEYu44gTV jYBJI7Q/qhZ1tdKudDh3oDW9wAhJMBct8nLn/xG15HsDtK9qHSR+O8/7/Sax7I06HbR7zsbl AJUM1gy25I89P3HEWaYaoK+ZKIjipw73076vorcidktUobIfZO1/SBXPqEBeAYTQh4Y0MIIE aTCCA1GgAwIBAgICHeMwDQYJKoZIhvcNAQEEBQAwdzETMBEGCgmSJomT8ixkARkWA2VkdTEZ MBcGCgmSJomT8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRt b3V0aCBDb2xsZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxMB4XDTA2MDQwNzE1 MTgzM1oXDTEwMDQwODE1MTgzM1owgacxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91 dGggQ29sbGVnZTEkMCIGA1UECxMbQ29tcHV0ZXIgU2NpZW5jZSBEZXBhcnRtZW50MRQwEgYK CZImiZPyLGQBARMEcGFsYTEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIFBhbGExJDAiBgkqhkiG 9w0BCQEWFXBhbGFAY3MuZGFydG1vdXRoLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAsehVvIk6t2tgt0D2pXkU2jx2Zfp40qPRmCLAKyi+WGFhl5ht24wncb3V1MdmJffWXCBu GxPCXeBK1C2AYEPNSf2jEkRP1w7k5F/A030/RkK6rV8vLfwKlQRA2COHNdi4PU9QUEPC+nx8 K8EYxeintHDpwIVMGcAE3ZH5c6kApP0CAwEAAaOCAVAwggFMMA4GA1UdDwEB/wQEAwIF4DAR BglghkgBhvhCAQEEBAMCBaAwHwYDVR0jBBgwFoAUP8DWx6dPAH7vBplnbLyWHk2jdxIwgaIG A1UdIASBmjCBlzCBlAYKKwYBBAFBAgEBATCBhTA9BggrBgEFBQcCAjAxMBgWEURhcnRtb3V0 aCBDb2xsZWdlMAMCAQEaFURhcnRtb3V0aCBDb2xsZWdlIENQUzBEBggrBgEFBQcCARY4aHR0 cDovL3d3dy5kYXJ0bW91dGguZWR1L35wa2lsYWIvRGFydG1vdXRoQ1BTXzRTZXAwMy5wZGYw IAYDVR0RBBkwF4EVcGFsYUBjcy5kYXJ0bW91dGguZWR1MD8GCCsGAQUFBwEBBDMwMTAvBggr BgEFBQcwAYYjaHR0cDovL2NvbGxlZ2VjYS5kYXJ0bW91dGguZWR1L29jc3AwDQYJKoZIhvcN AQEEBQADggEBAM6qgtEOmlgEQUC1h0zmW+xtn3ur3tJbscLI3Kw4G1p19EfZC6V8fyH5FnoC KQxO3zIaXglMkTkgjz0g9PmBFtJRp0NP5TKHVMDA28kPGylwFLhngqw3DbA/CAczW4z3Fgad L7ExwNQcK8+NKAPnYdKLbtqW6WruOs0kyNQgryosjbU2cO9UNUw9Qh0Y7Pm2+YkRi7jiBNWN gEkjtD+qFnW10q50OHegNb3ACEkwFy3ycuf/EbXkewO0r2odJH47z/v9JrHsjTodtHvOxuUA lQzWDLbkjz0/ccRZphqgr5koiOKnDvfTvq+ityJ2S1Shsh9k7X9IFc+oQF4BhNCHhjQxggL4 MIIC9AIBATB9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0 bW91dGgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UE AxMTRGFydG1vdXRoIENlcnRBdXRoMQICHeMwCQYFKw4DAhoFAKCCAdEwGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzEyMjEyOTIxWjAjBgkqhkiG9w0B CQQxFgQUHEQ421ozQgV0zqawNUALb2YFz8cwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwgYwGCSsGAQQBgjcQBDF/MH0wdzETMBEGCgmSJomT8ixkARkWA2VkdTEZMBcGCgmSJomT 8ixkARkWCWRhcnRtb3V0aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEURhcnRtb3V0aCBDb2xs ZWdlMRwwGgYDVQQDExNEYXJ0bW91dGggQ2VydEF1dGgxAgId4zCBjgYLKoZIhvcNAQkQAgsx f6B9MHcxEzARBgoJkiaJk/IsZAEZFgNlZHUxGTAXBgoJkiaJk/IsZAEZFglkYXJ0bW91dGgx CzAJBgNVBAYTAlVTMRowGAYDVQQKExFEYXJ0bW91dGggQ29sbGVnZTEcMBoGA1UEAxMTRGFy dG1vdXRoIENlcnRBdXRoMQICHeMwDQYJKoZIhvcNAQEBBQAEgYCustja1NAE4xKO2c6F3Z77 f+0z1p/4Y+PgKhcZAnFv8z7gBLkrBsqySwx/Md/0WGcrkHDh88O9G9jLethlmX+6qAhHiK7S jxr2qbpOrTzaM9FCbgzQn8Z09RoMBr8/KnqzkEgDrnZC7Lw3mIi2m0W2ZCxcimI76sm2KFq0 oENjYQAAAAAAAA== --------------ms050102060101060701080402-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CIvpMI063111 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jul 2007 11:57:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6CIvpY1063110; Thu, 12 Jul 2007 11:57:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from pne-smtpout2-sn2.hy.skanova.net (pne-smtpout2-sn2.hy.skanova.net [81.228.8.164]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CIvoLv063104 for <ietf-pkix@imc.org>; Thu, 12 Jul 2007 11:57:51 -0700 (MST) (envelope-from anders.rundgren@telia.com) Received: from arport2v (81.232.45.243) by pne-smtpout2-sn2.hy.skanova.net (7.2.075) (authenticated as u18116613) id 46245DE1014DDC32 for ietf-pkix@imc.org; Thu, 12 Jul 2007 20:57:49 +0200 Message-ID: <02fa01c7c4b6$8aa99510$82c5a8c0@arport2v> From: "Anders Rundgren" <anders.rundgren@telia.com> To: <ietf-pkix@imc.org> Subject: Trust Anchor Management Protocol (TAMP) Date: Thu, 12 Jul 2007 20:57:48 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_02F5_01C7C4C7.4DB40D50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_02F5_01C7C4C7.4DB40D50 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable NSA is reportedly developing a protocol for trust anchor management, = possibly intended to become a PKIX WG item. Reference: http://cryptome.org/poet-docs.htm item 44. Although there seems to be no public data available, I believe that the = concept of maintaining trust anchor stores through a protocol would if = applied to networking, be similar to a protocol for maintaining "hosts" = files rather than using DNS. When trust anchor handling needs = automation, a more universal approach is to off-load validation using a = protocol like SCVP. In fact, SCVP principles are already widely = deployed for in-house systems where trust management is performed in one = place. Off-loaded validation also copes with EE-certificate revocation, = policy filtering, and similar things that appear to be out of scope for = a trust-anchor-focused system. TAMP have one advantage of SCVP and that is that it may work in = off-scenarios as well. Given the fact that billions of people rely on = on-line services, the off-line argument seems pretty week. Just my 2 cents Anders Rundgren ------=_NextPart_000_02F5_01C7C4C7.4DB40D50 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2800.1595" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>NSA is reportedly developing a protocol = for trust=20 anchor management, possibly intended to become a PKIX WG = item.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Reference: </FONT><FONT face=3DArial = size=3D2><A=20 href=3D"http://cryptome.org/poet-docs.htm">http://cryptome.org/poet-docs.= htm</A> item=20 44.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Although there seems to be no public = data=20 available, I believe that the concept of maintaining trust anchor stores = through=20 a protocol would if applied to networking, be similar to a protocol = for=20 maintaining "hosts" files rather than using DNS. When trust = anchor=20 handling needs automation, a more universal approach is to off-load = validation=20 using a protocol like SCVP. In fact, SCVP principles are already = widely=20 deployed for in-house systems where trust management is performed in one = place. Off-loaded validation also copes with EE-certificate = revocation,=20 policy filtering, and similar things that appear to be out of scope for = a=20 trust-anchor-focused system.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>TAMP have one advantage of SCVP and = that is that it=20 may work in off-scenarios as well. Given the fact that billions of = people=20 rely on on-line services, the off-line argument seems pretty=20 week.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Just my 2 cents</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Anders = Rundgren</FONT></DIV></BODY></HTML> ------=_NextPart_000_02F5_01C7C4C7.4DB40D50-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CIWcYG061036 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jul 2007 11:32:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6CIWc5m061035; Thu, 12 Jul 2007 11:32:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp.llnl.gov (nspiron-2.llnl.gov [128.115.41.82]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CIWblS061029; Thu, 12 Jul 2007 11:32:38 -0700 (MST) (envelope-from azb@llnl.gov) Received: from catalyst.llnl.gov ([128.115.222.68]) by smtp.llnl.gov with ESMTP; 12 Jul 2007 11:32:36 -0700 X-Attachments: X-IronPort-AV: i="4.16,533,1175497200"; d="scan'208"; a="31299701:sNHT33193340" Message-Id: <6.0.0.22.2.20070712110548.0205d808@mail.llnl.gov> X-Sender: bartoletti1@mail.llnl.gov X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Thu, 12 Jul 2007 11:32:34 -0700 To: ietf-pkix@imc.org From: Tony Bartoletti <azb@llnl.gov> Subject: Re: PKI Disaster Recovery and Key Rollover Cc: ietf-pkix@imc.org In-Reply-To: <E1I8a1z-0008Ah-00@medusa01.cs.auckland.ac.nz> References: <OFF13EE478.BAAAD968-ONC1257315.0026FB29@frcl.bull.fr> <E1I8a1z-0008Ah-00@medusa01.cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 04:06 AM 7/11/2007, Peter Gutmann wrote: > - the CA shall destroy, or withdraw from use, its private keys, as defined > in clause 7.2.6. > >that's never going to happen in the real world because the only asset left to >a CA when it goes out of business is its private key, and the liquidators are >never going to allow the deliberate destruction of corporate assets in this >manner. More importantly, even if the CA had some policy related to this >while it was still operating, once it's in receivership the policy becomes >void. It's a bit like Tony Bartoletti's suggestion for adding a crimeFree bit >to keyUsage, you can write whatever policy you like for it but when it comes >to the crunch it's not going to work the way the policy says. Stepping back a bit to look at this, it seems clear that REAL disaster recovery can only come by ensuring that (so qualified) CA's abide by some kind of "escrowed recovery/continuity arrangement" as a matter of course. Some entity, ala FDIC-for-PKI (not to imply that it be a government entity) needs the power to either revoke CA root, or provide for continuity of operations (magic, yeah...) As Peter points out, the "keys" are the last bit of leverage the CA retains, and the CA (in general) will have no compunction to abide by any policy at a time when the downside outweighs the benefit. If the concern is really for the relying parties and overall PKI stability, it makes no sense to demand that the CA take ANY particular action "post-disaster" ("the building may collapse at any moment - for your safety, please walk, do not RUN to the exits"). Rather, CA's that (voluntarily) enter into a verifiable "continuity contract" should be able to tout this fact as a qualification, and let the market decide if this becomes a "selling point" for their services. Thoughts? ____tony____ Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 Received: from ipa240.209.tellas.gr (ipa240.209.tellas.gr [62.169.209.240]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CE4T6M032559; Thu, 12 Jul 2007 07:04:31 -0700 (MST) (envelope-from kopwaymaticmyg@waymatic.com) Received: from 64.18.5.10 (HELO waymatic.com.s6a1.psmtp.com) by imc.org with esmtp (@=8.38.)TWD Y0Y0D) id ;CS*PB-JT+@BC--4 for ietf-whois-request@imc.org; Thu, 12 Jul 2007 14:04:30 -0200 Date: Thu, 12 Jul 2007 14:04:30 -0200 From: "Lillian Honeycutt" <kopwaymaticmyg@waymatic.com> X-Mailer: The Bat! (v3.80.06) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <201055859.14810780559187@thhebat.net> To: ietf-whois-request@imc.org Subject: Last chance to supercharge your performance MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------F057D3F0CAB4F211" X-Spam: Not detected ------------F057D3F0CAB4F211 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit At last, the genuine thing with no ripoffs! P.E.P. are piping hot at this time! This is the true stuff not a fictitious one! One of the very prominents, totally unique produce is available here and there! Pay attention to just what people say on this produce: "I like how quickly your product affected on my boyfriend, he can not stop babbling about how hot he is with his new size, extent, and libido!" Victoria K., Boston "Firstly I considered the gratuitous sample parcel I got was a kind of jest, till I tried using the P.E.P. Words cannot report how smug I am with the result I achieved from using the patch after 3 short months. I'll be ordering regularly!" Rikky Martin, San Diego Look at more testimonials on this marvellouls product right here and right now! http://www.siomant.net/?xawfmoevuaihl ------------F057D3F0CAB4F211 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>She will love you more than any other guy</TITLE> </HEAD> <BODY> <b> At last, the genuine thing with no ripoffs! <br> <a href="http://www.siomant.net/?xawfmoevuaihl" target="_blank">P.E.P.</a> are piping hot at this time! This is the true stuff not a fictitious one! <br> One of the very prominents, totally unique produce is available here and there! <br> Pay attention to just what people say on this produce: <p> <i> "I like how quickly your product affected on my boyfriend, he can not stop babbling about how hot he is with his new size, extent, and libido!" </i> </p> Victoria K., Boston <p> <i> "Firstly I considered the gratuitous sample parcel I got was a kind of jest, till I tried using the P.E.P. Words cannot report how smug I am with the result I achieved from using the patch after 3 short months. I'll be ordering regularly!" </i> </p> Rikky Martin, San Diego <center> <a href="http://www.siomant.net/?xawfmoevuaihl" target="_blank"> Look at more testimonials on this marvellouls product right here and right now! </a> </center> </b> <font color="#D9EDFF">http://www.siomant.net/?xawfmoevuaihl</font> </BODY></HTML> ------------F057D3F0CAB4F211-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CChhNL026582 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jul 2007 05:43:43 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6CChhpU026581; Thu, 12 Jul 2007 05:43:43 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.181]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6CCheAG026573 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@imc.org>; Thu, 12 Jul 2007 05:43:41 -0700 (MST) (envelope-from stefans@microsoft.com) Received: from DUB-EXHUB-C301.europe.corp.microsoft.com (65.53.213.91) by DUB-EXGWY-E802.partners.extranet.microsoft.com (10.251.129.2) with Microsoft SMTP Server (TLS) id 8.1.122.1; Thu, 12 Jul 2007 13:43:36 +0100 Received: from EA-EXMSG-C307.europe.corp.microsoft.com ([65.53.221.19]) by DUB-EXHUB-C301.europe.corp.microsoft.com ([65.53.213.91]) with mapi; Thu, 12 Jul 2007 13:43:35 +0100 From: Stefan Santesson <stefans@microsoft.com> To: pkix <ietf-pkix@imc.org> CC: Jim Schaad <jimsch@nwlink.com>, Denis Pinkas <denis.pinkas@bull.net> Date: Thu, 12 Jul 2007 13:43:30 +0100 Subject: PKIX agenda posted Thread-Topic: PKIX agenda posted Thread-Index: Ace6WW5TLUaZoDk9Ts6QzrNPf9yx1gKKEbxQ Message-ID: <A15AC0FBACD3464E95961F7C0BCD1FF0D157B312@EA-EXMSG-C307.europe.corp.microsoft.com> References: <A15AC0FBACD3464E95961F7C0BCD1FF0D14883C6@EA-EXMSG-C307.europe.corp.microsoft.com> In-Reply-To: <A15AC0FBACD3464E95961F7C0BCD1FF0D14883C6@EA-EXMSG-C307.europe.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B312EAEXMSGC307euro_" MIME-Version: 1.0 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B312EAEXMSGC307euro_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable An agenda has been posted based on the requests received so far. http://www3.ietf.org/proceedings/07jul/agenda/pkix.txt A few topics are still preliminary: * I need a confirmation from Jim Schaad whether he intends to addre= ss the update requirements on CMC * I need a confirmation whether anyone intends to do any further pr= esentation on the individual key-rollover draft now available. Stefan Santesson Senior Program Manager Windows Security, Standards From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On= Behalf Of Stefan Santesson Sent: den 29 juni 2007 16:26 To: pkix Subject: Call for agenda items for the CHicago PKIX meeting Importance: High All, A number is issues has been brought to the list since last IETF meeting. Please let me know if you have any topic you want to discuss during the PKI= X meeting in Chicago. As usual, I need at least one editor from each active document to send me a= note whether you want a time slot at the meeting beyond my general status = report. I need your request for agenda items before end of next week. I.e. Friday J= uly 6. Thank you. Stefan Santesson Senior Program Manager Windows Security, Standards --_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B312EAEXMSGC307euro_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m= icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office= :access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"= uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof= t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co= m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee= t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns= :oa=3D"urn:schemas-microsoft-com:office:activation" xmlns:html=3D"http://ww= w.w3.org/TR/REC-html40" xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope= /" xmlns:D=3D"DAV:" xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2= 003/xml" xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xm= lns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:d= s=3D"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.micros= oft.com/sharepoint/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc"= xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" xmlns:sps=3D"http://schemas= .microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001/XMLSch= ema-instance" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile"= xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:= mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:= m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels=3D"http:= //schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t=3D"htt= p://schemas.microsoft.com/exchange/services/2006/types" xmlns=3D"http://www= .w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"= > <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)"> <style> <!-- /* Font Definitions */ @font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0;} @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph {mso-style-priority:34; margin-top:0cm; margin-right:0cm; margin-bottom:0cm; margin-left:36.0pt; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} span.EmailStyle17 {mso-style-type:personal; font-family:"Calibri","sans-serif"; color:windowtext;} span.EmailStyle18 {mso-style-type:personal-reply; font-family:"Calibri","sans-serif"; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 70.85pt 70.85pt;} div.Section1 {page:Section1;} /* List Definitions */ @list l0 {mso-list-id:1638685742; mso-list-type:hybrid; mso-list-template-ids:1028543436 69009409 69009411 69009413 69009409 69009= 411 69009413 69009409 69009411 69009413;} @list l0:level1 {mso-level-number-format:bullet; mso-level-text:\F0B7; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-18.0pt; font-family:Symbol;} ol {margin-bottom:0cm;} ul {margin-bottom:0cm;} --> </style> <!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3DSV link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoNormal><a name=3D"_MailEndCompose"><span lang=3DEN-US style= =3D'color: #1F497D'>An agenda has been posted based on the requests received so far.<o= :p></o:p></span></a></p> <p class=3DMsoNormal><a href=3D"http://www3.ietf.org/proceedings/07jul/agenda/pkix.txt"><span lang= =3DEN-US>http://www3.ietf.org/proceedings/07jul/agenda/pkix.txt</span></a><= span lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p> = </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'>A few topic= s are still preliminary:<o:p></o:p></span></p> <p class=3DMsoListParagraph style=3D'text-indent:-18.0pt;mso-list:l0 level1= lfo1'><![if !supportLists]><span lang=3DEN-US style=3D'font-family:Symbol;color:#1F497D'><span style=3D'mso-= list:Ignore'>·<span style=3D'font:7.0pt "Times New Roman"'> = </span></span></span><![endif]><span lang=3DEN-US style=3D'color:#1F497D'>I= need a confirmation from Jim Schaad whether he intends to address the update requirements on CMC<o:p></o:p></span></p> <p class=3DMsoListParagraph style=3D'text-indent:-18.0pt;mso-list:l0 level1= lfo1'><![if !supportLists]><span lang=3DEN-US style=3D'font-family:Symbol;color:#1F497D'><span style=3D'mso-= list:Ignore'>·<span style=3D'font:7.0pt "Times New Roman"'> = </span></span></span><![endif]><span lang=3DEN-US style=3D'color:#1F497D'>I= need a confirmation whether anyone intends to do any further presentation on the individual key= -rollover draft now available.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p> = </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p> = </o:p></span></p> <div> <p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f= amily: "Arial","sans-serif";color:maroon'>Stefan Santesson</span></b><span lang=3D= EN-GB style=3D'font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F49= 7D'><o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-GB style=3D'font-size:10.0pt;font-fami= ly:"Arial","sans-serif"; color:#400040'>Senior Program Manager</span><span lang=3DEN-GB style=3D'fon= t-size: 12.0pt;font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span>= </p> <p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f= amily: "Arial","sans-serif";color:#400040'>Windows Security, Standards</span></b><= span lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p> </div> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p> = </o:p></span></p> <div style=3D'border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm = 4.0pt'> <div> <div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm = 0cm 0cm'> <p class=3DMsoNormal><b><span lang=3DEN-US style=3D'font-size:10.0pt;font-f= amily: "Tahoma","sans-serif"'>From:</span></b><span lang=3DEN-US style=3D'font-siz= e:10.0pt; font-family:"Tahoma","sans-serif"'> owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] <b>On Behalf Of </b>Stefan Santesson<= br> <b>Sent:</b> den 29 juni 2007 16:26<br> <b>To:</b> pkix<br> <b>Subject:</b> Call for agenda items for the CHicago PKIX meeting<br> <b>Importance:</b> High<o:p></o:p></span></p> </div> </div> <p class=3DMsoNormal><o:p> </o:p></p> <p class=3DMsoNormal><span lang=3DEN-US>All,<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>A number is issues has been brought= to the list since last IETF meeting.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>Please let me know if you have any = topic you want to discuss during the PKIX meeting in Chicago.<o:p></o:p></span></= p> <p class=3DMsoNormal><span lang=3DEN-US>As usual, I need at least one edito= r from each active document to send me a note whether you want a time slot at the meeting beyond my general status report.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>I need your request for agenda item= s before end of next week. I.e. Friday July 6.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>Thank you.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f= amily: "Arial","sans-serif";color:maroon'>Stefan Santesson</span></b><span lang=3D= EN-GB style=3D'font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F49= 7D'><o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-GB style=3D'font-size:10.0pt;font-fami= ly:"Arial","sans-serif"; color:#400040'>Senior Program Manager</span><span lang=3DEN-GB style=3D'fon= t-size: 12.0pt;font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span>= </p> <p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f= amily: "Arial","sans-serif";color:#400040'>Windows Security, Standards</span></b><= span lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> </div> </div> </body> </html> --_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B312EAEXMSGC307euro_-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BMdRn0044122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 15:39:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6BMdRfk044121; Wed, 11 Jul 2007 15:39:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.181]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BMdPb7044090 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 15:39:26 -0700 (MST) (envelope-from stefans@microsoft.com) Received: from DUB-EXHUB-C303.europe.corp.microsoft.com (65.53.213.93) by DUB-EXGWY-E802.partners.extranet.microsoft.com (10.251.129.2) with Microsoft SMTP Server (TLS) id 8.1.122.1; Wed, 11 Jul 2007 23:39:24 +0100 Received: from EA-EXMSG-C307.europe.corp.microsoft.com ([65.53.221.19]) by DUB-EXHUB-C303.europe.corp.microsoft.com ([65.53.213.93]) with mapi; Wed, 11 Jul 2007 23:39:24 +0100 From: Stefan Santesson <stefans@microsoft.com> To: pkix <ietf-pkix@imc.org> Date: Wed, 11 Jul 2007 23:39:18 +0100 Subject: Agenda for Chicago IEFT Thread-Topic: Agenda for Chicago IEFT Thread-Index: AcfEDFEVasq6E/JWRk6R7r75kXCaMA== Message-ID: <A15AC0FBACD3464E95961F7C0BCD1FF0D157B219@EA-EXMSG-C307.europe.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B219EAEXMSGC307euro_" MIME-Version: 1.0 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B219EAEXMSGC307euro_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I'm sorry for the delay of the Agenda. I'm currently on vacation. I will go through all requests and post a preliminary agenda by tomorrow It looks like we will be able to accommodate the requests received but wait= for the agenda tomorrow to be sure. Thank you. Stefan Santesson Senior Program Manager Windows Security, Standards --_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B219EAEXMSGC307euro_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m= icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office= :access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"= uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof= t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co= m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee= t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns= :oa=3D"urn:schemas-microsoft-com:office:activation" xmlns:html=3D"http://ww= w.w3.org/TR/REC-html40" xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope= /" xmlns:D=3D"DAV:" xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2= 003/xml" xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xm= lns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:d= s=3D"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.micros= oft.com/sharepoint/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc"= xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" xmlns:sps=3D"http://schemas= .microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001/XMLSch= ema-instance" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile"= xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:= mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:= m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels=3D"http:= //schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t=3D"htt= p://schemas.microsoft.com/exchange/services/2006/types" xmlns=3D"http://www= .w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"= > <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)"> <style> <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only;} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 70.85pt 70.85pt;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3DSV link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoNormal><span lang=3DEN-US>I’m sorry for the delay of th= e Agenda. I’m currently on vacation.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>I will go through all requests and = post a preliminary agenda by tomorrow<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>It looks like we will be able to ac= commodate the requests received but wait for the agenda tomorrow to be sure.<o:p></o:= p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>Thank you.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f= amily: "Arial","sans-serif";color:maroon'>Stefan Santesson</span></b><span lang=3D= EN-GB style=3D'font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F49= 7D'><o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-GB style=3D'font-size:10.0pt;font-fami= ly:"Arial","sans-serif"; color:#400040'>Senior Program Manager</span><span lang=3DEN-GB style=3D'fon= t-size: 12.0pt;font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span>= </p> <p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f= amily: "Arial","sans-serif";color:#400040'>Windows Security, Standards</span></b><= span lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> </div> </body> </html> --_000_A15AC0FBACD3464E95961F7C0BCD1FF0D157B219EAEXMSGC307euro_-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BDM0vf094858 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 06:22:00 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6BDM09u094857; Wed, 11 Jul 2007 06:22:00 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mart.catcert.local (62-97-117-187.atlassolutions.net [62.97.117.187] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BDLrua094831 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 06:21:54 -0700 (MST) (envelope-from ialamillo@catcert.net) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C7C3BE.37255066" Subject: RE: PKI Disaster Recovery and Key Rollover Date: Wed, 11 Jul 2007 15:20:13 +0200 Message-ID: <2E0817224D030746BF4A296C5E382492B8FD90@mart.catcert.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: PKI Disaster Recovery and Key Rollover Thread-Index: AcfDrLMZTVWy318BR4mnLdz4bFQLowAECrK8 References: <E1I8a1z-0008Ah-00@medusa01.cs.auckland.ac.nz> From: "Ignacio Alamillo" <ialamillo@catcert.net> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <denis.pinkas@bull.net> Cc: <ietf-pkix@imc.org>, <Joel_Kazin@jeffersonwells.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------_=_NextPart_001_01C7C3BE.37255066 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, Not want to disturb anyone with legal stuff, but in many cases the = applicable law establishes some minimum actions to undertake in case a = CA stops operations. I.e. article 21 of the Spanish Law 59/2003, on = electronic signatures, says something like "a CA wanting to cease = operations shall inform within two months its subscribers and will be = allowed to transfer, with their express consent, the management of valid = certificates to another CA or revoke them".=20 Up to this, no one has any effective protection against a CA going off = business which doesn't inform of anything, therefore the third paragraph = of this art. 21 says that the CA will transfer the Science and = Technology Ministry (today the Industry, Commerce and Tourism Ministry) = the revocation information.=20 With this information, the Ministry will maintain a public service = informing of the revocation status of the certificates.=20 Not bad at all, but even in this case a CA could not transfer this = information to the Ministry. Therefore, the best "continuity" strategy to be able to validate = signatures is, in my opinion, to implement a signature completion and = maintenance process, getting all the relevant evidential material (such = as CRLs or OCSP responses) and store it. ETSI CAdES and XAdES specs provide full guidance on this, just as CEN = CWA 14171 does. Best, Ignacio -----Mensaje original----- De: owner-ietf-pkix@mail.imc.org en nombre de Peter Gutmann Enviado el: mi=E9 11/07/2007 13:06 Para: denis.pinkas@bull.net; pgut001@cs.auckland.ac.nz CC: ietf-pkix@imc.org; Joel_Kazin@jeffersonwells.com Asunto: Re: PKI Disaster Recovery and Key Rollover =20 "Denis Pinkas" <denis.pinkas@bull.net> writes: >Here is an extract from ETSI TS 101 456: Hmm, OK, what I was looking for was more of a list of issues from the user/EE/relying-party point of view, things that they have to consider = when dealing with a CA. To take one oft-quoted case: - the CA shall destroy, or withdraw from use, its private keys, as = defined in clause 7.2.6. that's never going to happen in the real world because the only asset = left to a CA when it goes out of business is its private key, and the = liquidators are never going to allow the deliberate destruction of corporate assets in = this manner. More importantly, even if the CA had some policy related to = this while it was still operating, once it's in receivership the policy = becomes void. It's a bit like Tony Bartoletti's suggestion for adding a = crimeFree bit to keyUsage, you can write whatever policy you like for it but when it = comes to the crunch it's not going to work the way the policy says. So what I was looking for, if the document is looking at PKI-related = disaster recovery, is advice to users on what to do when their CA vanishes, all = support and services stop overnight (with no continuity or responsibility), and = the liquidators sell the private key on eBay. Peter. ------_=_NextPart_001_01C7C3BE.37255066 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 6.5.7652.24"> <TITLE>RE: PKI Disaster Recovery and Key Rollover</TITLE> </HEAD> <BODY> <!-- Converted from text/plain format --> <P><FONT SIZE=3D2>Hi,<BR> <BR> Not want to disturb anyone with legal stuff, but in many cases the = applicable law establishes some minimum actions to undertake in case a = CA stops operations. I.e. article 21 of the Spanish Law 59/2003, on = electronic signatures, says something like "a CA wanting to cease = operations shall inform within two months its subscribers and will be = allowed to transfer, with their express consent, the management of valid = certificates to another CA or revoke them".<BR> <BR> Up to this, no one has any effective protection against a CA going off = business which doesn't inform of anything, therefore the third paragraph = of this art. 21 says that the CA will transfer the Science and = Technology Ministry (today the Industry, Commerce and Tourism Ministry) = the revocation information.<BR> <BR> With this information, the Ministry will maintain a public service = informing of the revocation status of the certificates.<BR> <BR> Not bad at all, but even in this case a CA could not transfer this = information to the Ministry.<BR> <BR> Therefore, the best "continuity" strategy to be able to = validate signatures is, in my opinion, to implement a signature = completion and maintenance process, getting all the relevant evidential = material (such as CRLs or OCSP responses) and store it.<BR> <BR> ETSI CAdES and XAdES specs provide full guidance on this, just as CEN = CWA 14171 does.<BR> <BR> <BR> Best,<BR> <BR> Ignacio<BR> <BR> <BR> -----Mensaje original-----<BR> De: owner-ietf-pkix@mail.imc.org en nombre de Peter Gutmann<BR> Enviado el: mi=E9 11/07/2007 13:06<BR> Para: denis.pinkas@bull.net; pgut001@cs.auckland.ac.nz<BR> CC: ietf-pkix@imc.org; Joel_Kazin@jeffersonwells.com<BR> Asunto: Re: PKI Disaster Recovery and Key Rollover<BR> <BR> <BR> "Denis Pinkas" <denis.pinkas@bull.net> writes:<BR> <BR> >Here is an extract from ETSI TS 101 456:<BR> <BR> Hmm, OK, what I was looking for was more of a list of issues from = the<BR> user/EE/relying-party point of view, things that they have to consider = when<BR> dealing with a CA. To take one oft-quoted case:<BR> <BR> - the CA shall destroy, or withdraw from use, its private keys, = as defined<BR> in clause 7.2.6.<BR> <BR> that's never going to happen in the real world because the only asset = left to<BR> a CA when it goes out of business is its private key, and the = liquidators are<BR> never going to allow the deliberate destruction of corporate assets in = this<BR> manner. More importantly, even if the CA had some policy related = to this<BR> while it was still operating, once it's in receivership the policy = becomes<BR> void. It's a bit like Tony Bartoletti's suggestion for adding a = crimeFree bit<BR> to keyUsage, you can write whatever policy you like for it but when it = comes<BR> to the crunch it's not going to work the way the policy says.<BR> <BR> So what I was looking for, if the document is looking at PKI-related = disaster<BR> recovery, is advice to users on what to do when their CA vanishes, all = support<BR> and services stop overnight (with no continuity or responsibility), and = the<BR> liquidators sell the private key on eBay.<BR> <BR> Peter.<BR> <BR> <BR> <BR> <BR> </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C7C3BE.37255066-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BB6pk7080258 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 04:06:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6BB6pNf080256; Wed, 11 Jul 2007 04:06:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (moe.its.auckland.ac.nz [130.216.12.35]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BB6kgZ080245 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 04:06:48 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 4FA5A480395; Wed, 11 Jul 2007 23:06:46 +1200 (NZST) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (moe.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-FzjYySgEYL; Wed, 11 Jul 2007 23:06:46 +1200 (NZST) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 35B2C48038F; Wed, 11 Jul 2007 23:06:46 +1200 (NZST) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id BDD9FD14CFC; Wed, 11 Jul 2007 23:06:43 +1200 (NZST) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1I8a1z-0008Ah-00; Wed, 11 Jul 2007 23:06:51 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: denis.pinkas@bull.net, pgut001@cs.auckland.ac.nz Subject: Re: PKI Disaster Recovery and Key Rollover Cc: ietf-pkix@imc.org, Joel_Kazin@jeffersonwells.com In-Reply-To: <OFF13EE478.BAAAD968-ONC1257315.0026FB29@frcl.bull.fr> Message-Id: <E1I8a1z-0008Ah-00@medusa01.cs.auckland.ac.nz> Date: Wed, 11 Jul 2007 23:06:51 +1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Denis Pinkas" <denis.pinkas@bull.net> writes: >Here is an extract from ETSI TS 101 456: Hmm, OK, what I was looking for was more of a list of issues from the user/EE/relying-party point of view, things that they have to consider when dealing with a CA. To take one oft-quoted case: - the CA shall destroy, or withdraw from use, its private keys, as defined in clause 7.2.6. that's never going to happen in the real world because the only asset left to a CA when it goes out of business is its private key, and the liquidators are never going to allow the deliberate destruction of corporate assets in this manner. More importantly, even if the CA had some policy related to this while it was still operating, once it's in receivership the policy becomes void. It's a bit like Tony Bartoletti's suggestion for adding a crimeFree bit to keyUsage, you can write whatever policy you like for it but when it comes to the crunch it's not going to work the way the policy says. So what I was looking for, if the document is looking at PKI-related disaster recovery, is advice to users on what to do when their CA vanishes, all support and services stop overnight (with no continuity or responsibility), and the liquidators sell the private key on eBay. Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BAmPUV078753 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 03:48:25 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6BAmPLv078752; Wed, 11 Jul 2007 03:48:25 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from EXVS01.ex.dslextreme.net (exbe04.ex.dslextreme.net [66.51.199.86]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BAmOk5078746 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 03:48:24 -0700 (MST) (envelope-from chokhani@orionsec.com) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: PKI Disaster Recovery and Key Rollover Date: Wed, 11 Jul 2007 03:47:18 -0700 Message-ID: <82D5657AE1F54347A734BDD33637C87908622D32@EXVS01.ex.dslextreme.net> In-Reply-To: <E1I8YdH-0006hC-00@medusa01.cs.auckland.ac.nz> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: PKI Disaster Recovery and Key Rollover Thread-Index: AcfDnyrBCi0KEGPnSJ6VS209MI79zQACXVYg References: <82D5657AE1F54347A734BDD33637C87908622D1F@EXVS01.ex.dslextreme.net> <E1I8YdH-0006hC-00@medusa01.cs.auckland.ac.nz> From: "Santosh Chokhani" <chokhani@orionsec.com> To: "pgut001" <pgut001@cs.auckland.ac.nz>, <denis.pinkas@bull.net>, <ietf-pkix@imc.org> Cc: <Joel_Kazin@jeffersonwells.com>, <stefans@microsoft.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l6BAmOk5078747 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, Like rest of the Policy Framework, 3647 does not specify any policies for this or other points. 3647 is a framework and not a policy or a sample policy. What I have seen in some of the certificate policies seem to adequately address this. -----Original Message----- From: pgut001 [mailto:pgut001@cs.auckland.ac.nz] Sent: Wednesday, July 11, 2007 5:37 AM To: Santosh Chokhani; denis.pinkas@bull.net; ietf-pkix@imc.org; pgut001@cs.auckland.ac.nz Cc: Joel_Kazin@jeffersonwells.com; stefans@microsoft.com Subject: RE: PKI Disaster Recovery and Key Rollover "Santosh Chokhani" <chokhani@orionsec.com> writes: >The Policy Framework (Informational RFC 3647) has a section on CA and RA >Termination. Do you mean section 4.5.8: This subcomponent describes requirements relating to procedures for termination and termination notification of a CA or RA, including the identity of the custodian of CA and RA archival records. This seems to provide about as much utility as Cygnus' corporate drugs policy :-). >I have seen a number of Certificate Policies drafted that describe >requirements as to what a CA must do prior to termination of service. Given the number of CAs whose users I've talked to for which the termination of service consisted of "404 Not Found", I think this is something that needs to be addressed in more detail. In particular since this draft is supposed to cover "PKI Disaster Recovery" and having your CA suddenly vanish is the single biggest possible disaster than can hit a PKI, I think a fair amount of the document should be devoted to this. Where do the CA keys go? Who issues CRLs? (A real-world example there, one national PKI that evaporated suddenly was left with the problem that while the hardware was still in place, there were no staff left who knew how to issue a CRL). Who takes over the defunct CA's role? Who gets the CA's keys? (Again, real-world example, they end up on eBay for sale to the highest bidder). You could easily write a small book on all of this, it really is the single most drastic PKI disaster recovery issue that we have, and probably the most frequently-occurring (CA- rather than EE- related) one. Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BAGibq076210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 03:16:44 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6BAGiGh076209; Wed, 11 Jul 2007 03:16:44 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ganymede.on-x.com (ganymede.on-x.com [194.51.68.3]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6BAGgwN076201 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 03:16:43 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr) Received: from localhost (ganymede [127.0.0.1]) by ganymede.on-x.com (Postfix) with ESMTP id DEE6913; Wed, 11 Jul 2007 12:16:39 +0200 (CEST) Received: from ganymede.on-x.com ([127.0.0.1]) by localhost (ganymede.on-x.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18286-04; Wed, 11 Jul 2007 12:16:35 +0200 (CEST) Received: from vinea.on-x.com (sedna.puteaux.on-x [192.168.10.9]) by ganymede.on-x.com (Postfix) with ESMTP id A0EEC1F; Wed, 11 Jul 2007 12:16:35 +0200 (CEST) Received: from [193.51.14.5] ([212.234.46.65]) by vinea.on-x.com (Lotus Domino Release 5.0.11) with ESMTP id 2007071112161902:336161 ; Wed, 11 Jul 2007 12:16:19 +0200 Message-ID: <4694AD59.9070003@edelweb.fr> Date: Wed, 11 Jul 2007 12:13:45 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> User-Agent: Thunderbird 1.5.0.9 (X11/20061206) MIME-Version: 1.0 To: "David A. Cooper" <david.cooper@nist.gov> Cc: pkix <ietf-pkix@imc.org> Subject: Re: draft-ietf-pkix-scvp-32.txt References: <468EB15C.4000103@nist.gov> <4690E4B9.4090802@edelweb.fr> <46923510.8020801@nist.gov> <469382E2.6090306@edelweb.fr> <4693F3A3.6030108@nist.gov> In-Reply-To: <4693F3A3.6030108@nist.gov> X-MIMETrack: Itemize by SMTP Server on vinea/ON-X(Release 5.0.11 |July 24, 2002) at 07/11/2007 12:16:19 PM, Serialize by Router on vinea/ON-X(Release 5.0.11 |July 24, 2002) at 07/11/2007 12:16:35 PM, Serialize complete at 07/11/2007 12:16:35 PM Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040103080301050904090400" X-Virus-Scanned: by amavisd-new at on-x.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms040103080301050904090400 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit David A. Cooper wrote: > Peter Sylvester wrote: >> If something hasn't changed since years, this doesn't mean that is >> correct. > Peter, > > You said "Section 3.2.3 now has *reintroduced* the 'prospective' > certification path." I was simply pointing out that this was not a > change. Nothing was "reintroduced". indeed, I was incorrect: The text introduces the word 'prospective' in 3.2.3 in order to make it formally compatible withe 3.2.2. As a resolution of what we discussed a year ago, I would have expected something different, i.e. clarifying that id-stc-build-aa-path: Build a prospective certification path to a trust anchor for the AC issuer is problematic if one takes the definition of 3280. 3.2.3 said before that the server returns a certificate path (and not just a set of certs). > > Dave >> David A. Cooper wrote: >>> Peter Sylvester wrote: >>>> Section 3.2.3 now has reintroduced the 'prospective' certification >>>> path. >>>> >>>> I think that we had understood that either this term borrowed from >>>> 3280 only means an arbitrary sequence of n certificates and that is >>>> not exactly what is desired here. >>> Peter, >>> >>> The paragraph that you are referring to in section 3.2.3 is >>> discussing the use of the path building wantBacks >>> (id-stc-build-pkc-path and id-stc-build-aa-path), which are >>> described in section 3.2.2 as follows: >>> >>> - id-stc-build-pkc-path: Build a prospective certification path to a >>> trust anchor (as defined in section 6.1 of [PKIX-1]); >>> >>> - id-stc-build-aa-path: Build a prospective certification path to a >>> trust anchor for the AC issuer; >>> >>> The description of id-stc-build-pkc-path has been unchanged since >>> draft 18 and the description of id-stc-build-aa-path has been >>> unchanged since draft 24. >>> >>> Dave --------------ms040103080301050904090400 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC BHIwggLfoAMCAQICBgqvijKA3jANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNzAzMjYxMDM3MDNaFw0wOTA2MDMxMDM3MDNaMHAx CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPB7ZSfmYsUuVIV0W2izxb1Zyvr6ZJ IjPiqRMs77dbEQhQ6FZhhUSuABxxc8NjZvyPMRo0uuT0iVpRDktb0fWPTx3m9qTfdqrhWg2c IOBKNbNQr8NogDJvG1AxRx4q9SXKZCVpZCoHu3fz2Rfji1kL7l597+7qBEsFd9IyvRaexQID AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5 MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSZjq81LuJmsiiu1Yt/ezwCiUQSQTAfBgNV HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA A4IBfAAUq5MJ3gXhdKDpOm0ascDE9e1iMo0RQ24ujkc9IrFXhAJNS+3eNwcJEieU2vgZTsGb zKeBZom1zVOFoh73VIRP6T08j4dDlndpDYZbxD20KzFt9zX6gV8IgR2zkkZXLQRbLyW16kw8 oFe3s//p1csCkCPAlZv1rZQYR5Psm0A1aiOiuSHhWUmgfAJxmIgfbmKtS3WpsUZVBuLQpThN rWjLRAqJKYA++++qqo3ujqAAzJLe+MHrX5dai7+n6WBfV4qo1uDArR7XbmgVpV/EdPA75XRi XEedLgbFDawJ9nAMN6WfL/NG6GZkEa7mZ7sH/gG34y21nq4w4mAAxn9wz7mDKMsEbJMZ5VlJ TOp0g6TdYqGjNoc/rQg7pqjcRChVitwd1Rl8O31+bIdNSpv4UReNMDcffRQrt+pF1FxR4q6q M9YLJU8NThx/89Mf/WF7fzrgVlsNJ78D9nJu0EhKes/9EX2qpIcHUfk/izOj8lCc1ksFgXpd UEchE0DcMIIEcjCCAt+gAwIBAgIGCq+KMoDeMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA3MDMyNjEwMzcwM1oXDTA5MDYwMzEw MzcwM1owcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8HtlJ+ZixS5UhXRbaL PFvVnK+vpkkiM+KpEyzvt1sRCFDoVmGFRK4AHHFzw2Nm/I8xGjS65PSJWlEOS1vR9Y9PHeb2 pN92quFaDZwg4Eo1s1Cvw2iAMm8bUDFHHir1JcpkJWlkKge7d/PZF+OLWQvuXn3v7uoESwV3 0jK9Fp7FAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJmOrzUu4mayKK7Vi397PAKJ RBJBMB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI hvcNAQEFBQADggF8ABSrkwneBeF0oOk6bRqxwMT17WIyjRFDbi6ORz0isVeEAk1L7d43BwkS J5Ta+BlOwZvMp4FmibXNU4WiHvdUhE/pPTyPh0OWd2kNhlvEPbQrMW33NfqBXwiBHbOSRlct BFsvJbXqTDygV7ez/+nVywKQI8CVm/WtlBhHk+ybQDVqI6K5IeFZSaB8AnGYiB9uYq1Ldamx RlUG4tClOE2taMtECokpgD7776qqje6OoADMkt74wetfl1qLv6fpYF9XiqjW4MCtHtduaBWl X8R08DvldGJcR50uBsUNrAn2cAw3pZ8v80boZmQRruZnuwf+AbfjLbWerjDiYADGf3DPuYMo ywRskxnlWUlM6nSDpN1ioaM2hz+tCDumqNxEKFWK3B3VGXw7fX5sh01Km/hRF40wNx99FCu3 6kXUXFHirqoz1gslTw1OHH/z0x/9YXt/OuBWWw0nvwP2cm7QSEp6z/0RfaqkhwdR+T+LM6Py UJzWSwWBel1QRyETQNwwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0 MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe 1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0 dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3 UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy 4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6 PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18 k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ S0kgRWRlbFdlYiBQZXJzR0VOAgYKr4oygN4wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzExMTAxMzQ1WjAjBgkqhkiG9w0B CQQxFgQUX8vOhFtwwMIEld6+WXQIU7+wOYAwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy c0dFTgIGCq+KMoDeMHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ IEVkZWxXZWIgUGVyc0dFTgIGCq+KMoDeMA0GCSqGSIb3DQEBAQUABIGAOXTLtF+iVC1/EVqJ h3ryD2kDpcRHzpHiSnwjgxwe8N/pbj+sjhdB08jy6J39jMi2WT2xTou+KTRdh64mGZdf8DfB sU3KIv0yxCMMRd1fEicmkzblKsORl77/VGLVI7gD4lLoBzAq9O8R13eJYpYz+7IauY3txx/k /s7WS8Q33FAAAAAAAAA= --------------ms040103080301050904090400-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B9bCQW072812 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 02:37:13 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6B9bCxK072811; Wed, 11 Jul 2007 02:37:12 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B9bBWg072793 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 02:37:11 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 9A97B9C2D5; Wed, 11 Jul 2007 21:37:10 +1200 (NZST) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S6US+vA+Xgnc; Wed, 11 Jul 2007 21:37:10 +1200 (NZST) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 7D9429C2B4; Wed, 11 Jul 2007 21:37:10 +1200 (NZST) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 008CE514003; Wed, 11 Jul 2007 21:37:08 +1200 (NZST) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1I8YdH-0006hC-00; Wed, 11 Jul 2007 21:37:15 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: chokhani@orionsec.com, denis.pinkas@bull.net, ietf-pkix@imc.org, pgut001@cs.auckland.ac.nz Subject: RE: PKI Disaster Recovery and Key Rollover Cc: Joel_Kazin@jeffersonwells.com, stefans@microsoft.com In-Reply-To: <82D5657AE1F54347A734BDD33637C87908622D1F@EXVS01.ex.dslextreme.net> Message-Id: <E1I8YdH-0006hC-00@medusa01.cs.auckland.ac.nz> Date: Wed, 11 Jul 2007 21:37:15 +1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Santosh Chokhani" <chokhani@orionsec.com> writes: >The Policy Framework (Informational RFC 3647) has a section on CA and RA >Termination. Do you mean section 4.5.8: This subcomponent describes requirements relating to procedures for termination and termination notification of a CA or RA, including the identity of the custodian of CA and RA archival records. This seems to provide about as much utility as Cygnus' corporate drugs policy :-). >I have seen a number of Certificate Policies drafted that describe >requirements as to what a CA must do prior to termination of service. Given the number of CAs whose users I've talked to for which the termination of service consisted of "404 Not Found", I think this is something that needs to be addressed in more detail. In particular since this draft is supposed to cover "PKI Disaster Recovery" and having your CA suddenly vanish is the single biggest possible disaster than can hit a PKI, I think a fair amount of the document should be devoted to this. Where do the CA keys go? Who issues CRLs? (A real-world example there, one national PKI that evaporated suddenly was left with the problem that while the hardware was still in place, there were no staff left who knew how to issue a CRL). Who takes over the defunct CA's role? Who gets the CA's keys? (Again, real-world example, they end up on eBay for sale to the highest bidder). You could easily write a small book on all of this, it really is the single most drastic PKI disaster recovery issue that we have, and probably the most frequently-occurring (CA- rather than EE- related) one. Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B8tFHn069193 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 01:55:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6B8tFDD069192; Wed, 11 Jul 2007 01:55:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from EXVS01.ex.dslextreme.net (exbe04.ex.dslextreme.net [66.51.199.86]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B8tDqS069185 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 01:55:14 -0700 (MST) (envelope-from chokhani@orionsec.com) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: PKI Disaster Recovery and Key Rollover Date: Wed, 11 Jul 2007 01:54:03 -0700 Message-ID: <82D5657AE1F54347A734BDD33637C87908622D1F@EXVS01.ex.dslextreme.net> In-Reply-To: <E1I8VyH-0003vS-00@medusa01.cs.auckland.ac.nz> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: PKI Disaster Recovery and Key Rollover Thread-Index: AcfDkLF3iZT8OkB9QYiXitNfvp2x9QACBV5A References: <OF96474FBA.D532CCE0-ONC1257313.004B9072@frcl.bull.fr> <E1I8VyH-0003vS-00@medusa01.cs.auckland.ac.nz> From: "Santosh Chokhani" <chokhani@orionsec.com> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <denis.pinkas@bull.net>, <ietf-pkix@imc.org> Cc: <Joel_Kazin@jeffersonwells.com>, <stefans@microsoft.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l6B8tEqS069186 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, The Policy Framework (Informational RFC 3647) has a section on CA and RA Termination. I have seen a number of Certificate Policies drafted that describe requirements as to what a CA must do prior to termination of service. -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Peter Gutmann Sent: Wednesday, July 11, 2007 2:47 AM To: denis.pinkas@bull.net; ietf-pkix@imc.org Cc: Joel_Kazin@jeffersonwells.com; stefans@microsoft.com Subject: Re: PKI Disaster Recovery and Key Rollover "Denis Pinkas" <denis.pinkas@bull.net> writes: >This document presents a framework to assist the writers of policy or >practice statements and the designers of a Public Key Infrastructure to >prepare disaster recovery plans in case of a private key-compromise or a >private key-loss. This may happen to end-entity keys, Certification >Authorities, Revocation Authorities, Attribute Authorities, or Time-Stamping >Authorities. Since certificates have finite validity, CA key-rollover should >be planned in advance. Should it also cover the far more serious problem of the CA going out of business? I've talked to users of a number of CAs that have failed and the effect has been pretty chaotic on relying parties and users: one day the CA just isn't there any more, and everything stops working. This seems to be by far the most serious real-world-impact CA issue that I've encountered, but it's not even considered in any PKI documentation that I know of. Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B76TrA059875 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2007 00:06:29 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6B76TWt059874; Wed, 11 Jul 2007 00:06:29 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from odin2.bull.net (odin2.bull.net [129.184.85.11]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B76PFM059864 for <ietf-pkix@imc.org>; Wed, 11 Jul 2007 00:06:26 -0700 (MST) (envelope-from denis.pinkas@bull.net) Received: from MSGA-001.frcl.bull.fr (msga-001.frcl.bull.fr [129.184.87.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id JAA07194; Wed, 11 Jul 2007 09:12:21 +0200 Received: from frcls4013 ([129.182.108.120]) by MSGA-001.frcl.bull.fr (Lotus Domino Release 5.0.11) with SMTP id 2007071109054664:30379 ; Wed, 11 Jul 2007 09:05:46 +0200 Date: Wed, 11 Jul 2007 09:05:44 +0200 From: "Denis Pinkas" <denis.pinkas@bull.net> To: "pgut001" <pgut001@cs.auckland.ac.nz> Cc: "Joel_Kazin@jeffersonwells.com" <Joel_Kazin@jeffersonwells.com>, "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: Re: PKI Disaster Recovery and Key Rollover X-mailer: Foxmail 5.0 [-fr-] Mime-Version: 1.0 X-MIMETrack: Itemize by SMTP Server on MSGA-001/FR/BULL(Release 5.0.11 |July 24, 2002) at 11/07/2007 09:05:46, Serialize by Router on MSGA-001/FR/BULL(Release 5.0.11 |July 24, 2002) at 11/07/2007 09:06:18, Serialize complete at 11/07/2007 09:06:18 Message-ID: <OFF13EE478.BAAAD968-ONC1257315.0026FB29@frcl.bull.fr> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, The point you mention, seems to me in between technical matters and juridical matters. It is addressed in different ETSI documents that may be downloaded free of charge from: http://www.etsi.org/services_products/freestandard/home.htm In particular ETSI TS 101 456 and ETSI TS 102 042. Here is an extract from ETSI TS 101 456: 7.4.9 CA termination The CA shall ensure that potential disruptions to subscribers and relying parties are minimized as a result of the cessation of the CA's services, and ensure continued maintenance of records required to provide evidence of certification for the purposes of legal proceedings (see the Directive [1], annex II (i)). In particular: a) Before the CA terminates its services the following procedures shall be executed as a minimum: - the CA shall inform all subscribers, relying parties and other CAs with which it has agreements or other form of established relations. NOTE: The CA is not required to have a prior relationship with the relying party. - the CA shall terminate all authorization of subcontractors to act on behalf of the CA in the performance of any functions related to the process of issuing certificates; - the CA shall perform necessary undertakings to transfer obligations for maintaining registration information (see clause 7.3.1) and event log archives (see clause 7.4.11) for their respective period of time as indicated to the subscriber and relying party (see clause 7.3.4); - the CA shall destroy, or withdraw from use, its private keys, as defined in clause 7.2.6. b) The CA shall have an arrangement to cover the costs to fulfil these minimum requirements in case the CA becomes bankrupt or for other reasons is unable to cover the costs by itself. c) The CA shall state in its practices the provisions made for termination of service. This shall include: - the notification of affected entities; - the transfer of its obligations to other parties; - the handling of the revocation status for unexpired certificates that have been issued. Do you think that some parts of this text should be incorporated in the current draft ? Denis =============================================================== >"Denis Pinkas" <denis.pinkas@bull.net> writes: > >>This document presents a framework to assist the writers of policy or >>practice statements and the designers of a Public Key Infrastructure to >>prepare disaster recovery plans in case of a private key-compromise or a >>private key-loss. This may happen to end-entity keys, Certification >>Authorities, Revocation Authorities, Attribute Authorities, or Time-Stamping >>Authorities. Since certificates have finite validity, CA key-rollover should >>be planned in advance. > >Should it also cover the far more serious problem of the CA going out of >business? I've talked to users of a number of CAs that have failed and the >effect has been pretty chaotic on relying parties and users: one day the CA >just isn't there any more, and everything stops working. This seems to be by >far the most serious real-world-impact CA issue that I've encountered, but >it's not even considered in any PKI documentation that I know of. > >Peter. > > Regards, Denis Pinkas Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B6kp5n058749 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Jul 2007 23:46:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6B6kpGa058748; Tue, 10 Jul 2007 23:46:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6B6kj0X058736 for <ietf-pkix@imc.org>; Tue, 10 Jul 2007 23:46:49 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 62C969C2DE; Wed, 11 Jul 2007 18:46:44 +1200 (NZST) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJW8gRTEFTsG; Wed, 11 Jul 2007 18:46:44 +1200 (NZST) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 467289C2B8; Wed, 11 Jul 2007 18:46:44 +1200 (NZST) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 2FB9C1280A2; Wed, 11 Jul 2007 18:46:40 +1200 (NZST) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1I8VyH-0003vS-00; Wed, 11 Jul 2007 18:46:45 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: denis.pinkas@bull.net, ietf-pkix@imc.org Subject: Re: PKI Disaster Recovery and Key Rollover Cc: Joel_Kazin@jeffersonwells.com, stefans@microsoft.com In-Reply-To: <OF96474FBA.D532CCE0-ONC1257313.004B9072@frcl.bull.fr> Message-Id: <E1I8VyH-0003vS-00@medusa01.cs.auckland.ac.nz> Date: Wed, 11 Jul 2007 18:46:45 +1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Denis Pinkas" <denis.pinkas@bull.net> writes: >This document presents a framework to assist the writers of policy or >practice statements and the designers of a Public Key Infrastructure to >prepare disaster recovery plans in case of a private key-compromise or a >private key-loss. This may happen to end-entity keys, Certification >Authorities, Revocation Authorities, Attribute Authorities, or Time-Stamping >Authorities. Since certificates have finite validity, CA key-rollover should >be planned in advance. Should it also cover the far more serious problem of the CA going out of business? I've talked to users of a number of CAs that have failed and the effect has been pretty chaotic on relying parties and users: one day the CA just isn't there any more, and everything stops working. This seems to be by far the most serious real-world-impact CA issue that I've encountered, but it's not even considered in any PKI documentation that I know of. Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6AL1l4k014621 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Jul 2007 14:01:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6AL1lfK014620; Tue, 10 Jul 2007 14:01:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6AL1hkJ014609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Tue, 10 Jul 2007 14:01:46 -0700 (MST) (envelope-from david.cooper@nist.gov) Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id l6AL17Gw018246; Tue, 10 Jul 2007 17:01:08 -0400 Received: from st26.ncsl.nist.gov (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.7/8.13.7) with ESMTP id l6AL0uHj021658; Tue, 10 Jul 2007 17:00:57 -0400 (EDT) Message-ID: <4693F3A3.6030108@nist.gov> Date: Tue, 10 Jul 2007 17:01:23 -0400 From: "David A. Cooper" <david.cooper@nist.gov> User-Agent: Thunderbird 2.0.0.4 (X11/20070620) MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: pkix <ietf-pkix@imc.org> Subject: Re: draft-ietf-pkix-scvp-32.txt References: <468EB15C.4000103@nist.gov> <4690E4B9.4090802@edelweb.fr> <46923510.8020801@nist.gov> <469382E2.6090306@edelweb.fr> In-Reply-To: <469382E2.6090306@edelweb.fr> Content-Type: multipart/alternative; boundary="------------080507070501000907080208" X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: david.cooper@nist.gov Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------080507070501000907080208 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Peter Sylvester wrote: > If something hasn't changed since years, this doesn't mean that is > correct. Peter, You said "Section 3.2.3 now has *reintroduced* the 'prospective' certification path." I was simply pointing out that this was not a change. Nothing was "reintroduced". Dave > David A. Cooper wrote: >> Peter Sylvester wrote: >>> Section 3.2.3 now has reintroduced the 'prospective' certification >>> path. >>> >>> I think that we had understood that either this term borrowed from >>> 3280 only means an arbitrary sequence of n certificates and that is >>> not exactly what is desired here. >> Peter, >> >> The paragraph that you are referring to in section 3.2.3 is >> discussing the use of the path building wantBacks >> (id-stc-build-pkc-path and id-stc-build-aa-path), which are described >> in section 3.2.2 as follows: >> >> - id-stc-build-pkc-path: Build a prospective certification path to a >> trust anchor (as defined in section 6.1 of [PKIX-1]); >> >> - id-stc-build-aa-path: Build a prospective certification path to a >> trust anchor for the AC issuer; >> >> The description of id-stc-build-pkc-path has been unchanged since >> draft 18 and the description of id-stc-build-aa-path has been >> unchanged since draft 24. >> >> Dave --------------080507070501000907080208 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> Peter Sylvester wrote:<br> <blockquote cite="mid:469382E2.6090306@edelweb.fr" type="cite">If something hasn't changed since years, this doesn't mean that is correct. <br> </blockquote> Peter,<br> <br> You said "Section 3.2.3 now has <b>reintroduced</b> the 'prospective' certification path." I was simply pointing out that this was not a change. Nothing was "reintroduced".<br> <br> Dave<br> <blockquote cite="mid:469382E2.6090306@edelweb.fr" type="cite">David A. Cooper wrote: <br> <blockquote type="cite">Peter Sylvester wrote: <br> <blockquote type="cite">Section 3.2.3 now has reintroduced the 'prospective' certification path. <br> <br> I think that we had understood that either this term borrowed from <br> 3280 only means an arbitrary sequence of n certificates and that is <br> not exactly what is desired here. <br> </blockquote> Peter, <br> <br> The paragraph that you are referring to in section 3.2.3 is discussing the use of the path building wantBacks (id-stc-build-pkc-path and id-stc-build-aa-path), which are described in section 3.2.2 as follows: <br> <br> - id-stc-build-pkc-path: Build a prospective certification path to a <br> trust anchor (as defined in section 6.1 of [PKIX-1]); <br> <br> - id-stc-build-aa-path: Build a prospective certification path to a <br> trust anchor for the AC issuer; <br> <br> The description of id-stc-build-pkc-path has been unchanged since draft 18 and the description of id-stc-build-aa-path has been unchanged since draft 24. <br> <br> Dave<br> </blockquote> </blockquote> </body> </html> --------------080507070501000907080208-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6AD3392061185 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Jul 2007 06:03:03 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l6AD33Mn061184; Tue, 10 Jul 2007 06:03:03 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ganymede.on-x.com (ganymede.on-x.com [194.51.68.3]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6AD31sn061176 for <ietf-pkix@imc.org>; Tue, 10 Jul 2007 06:03:02 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr) Received: from localhost (ganymede [127.0.0.1]) by ganymede.on-x.com (Postfix) with ESMTP id C7CEE1E; Tue, 10 Jul 2007 15:02:55 +0200 (CEST) Received: from ganymede.on-x.com ([127.0.0.1]) by localhost (ganymede.on-x.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05435-01; Tue, 10 Jul 2007 15:02:53 +0200 (CEST) Received: from vinea.on-x.com (sedna.puteaux.on-x [192.168.10.9]) by ganymede.on-x.com (Postfix) with ESMTP id EB67213; Tue, 10 Jul 2007 15:02:52 +0200 (CEST) Received: from [193.51.14.5] ([212.234.46.65]) by vinea.on-x.com (Lotus Domino Release 5.0.11) with ESMTP id 2007071015025220:334743 ; Tue, 10 Jul 2007 15:02:52 +0200 Message-ID: <469382E2.6090306@edelweb.fr> Date: Tue, 10 Jul 2007 15:00:18 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> User-Agent: Thunderbird 1.5.0.9 (X11/20061206) MIME-Version: 1.0 To: "David A. Cooper" <david.cooper@nist.gov> Cc: pkix <ietf-pkix@imc.org>, "iesg@ietf.org" <iesg@ietf.org> Subject: Re: draft-ietf-pkix-scvp-32.txt References: <468EB15C.4000103@nist.gov> <4690E4B9.4090802@edelweb.fr> <46923510.8020801@nist.gov> In-Reply-To: <46923510.8020801@nist.gov> X-MIMETrack: Itemize by SMTP Server on vinea/ON-X(Release 5.0.11 |July 24, 2002) at 07/10/2007 03:02:52 PM, Serialize by Router on vinea/ON-X(Release 5.0.11 |July 24, 2002) at 07/10/2007 03:02:52 PM, Serialize complete at 07/10/2007 03:02:52 PM Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070002070609040806030106" X-Virus-Scanned: by amavisd-new at on-x.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms070002070609040806030106 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit David, If something hasn't changed since years, this doesn't mean that is correct. You wrote the following in May 2006 where you indicate that your understanding of 'prospective path' was not correct. At the end you say 'certification path', but is is a totally arbitary sequence of certficates. What the protocol allows is that a MIM can create a DOS attack by throwing all kinds of certificates and tell that it has more info in case the client doesn't like. what defense ha the client, how and when can it detect that something is wrong? It can apply some heuristics, assuming that a server would at least return certs where the names are chaining, and maybe the signature verify for example. But that is not currently in the protocol. If you take a directory implementation and a client that searches in that to build a path, the directory does not return arbitrary certs, or at least, if it does, the client stops immediately and detects a faulty behaviour. Your suggestion is useful but it has not found its way into the text in any way. Furthermore, because you have misread 3820, I think that the your citation of the definition of id-stc-build-aa-path also means you had the same error in mind. I think just encouraging is a little bit weak. A server MUST return a "propective path" that least verifies some conditions. (which doesn't mean that the client does not verify them). Otherwise the client has no means to decide whether to stop talking to the server. David A. Cooper wrote: > Peter, > > Your initial response to my message was correct. I simply read RFC > 3280 too > quickly when responding to Thomas's message and quoted the wrong text > for the > definition of prospective certification path. RFC 3280 does define a > prospective certification path as a sequence of n certificates and > indicates > that path validation involves (among other things) verifying the items > listed in > a) - d). > > I agree that the description of id-stc-build-aa-path should be change > to be > consistent with the description for id-stc-build-pkc-path. By design, > it should > be possible to operate a DPD server as an untrusted system, which > means that the > client cannot necessarily rely on any of the information returned by > the server. > The client must perform all of the steps of path validation and > cannot assume > that the path returned by the server satisfies certain conditions. Of > course, > it would be preferable from the client's point of view for the server > not to > send it invalid certification paths, so I would encourage DPD servers > to perform > at least some checks on the certification paths that they return to > clients, > even if this is not a requirement of the protocol. > > Dave > David A. Cooper wrote: > Peter Sylvester wrote: >> Section 3.2.3 now has reintroduced the 'prospective' certification >> path. >> >> I think that we had understood that either this term borrowed from >> 3280 only means an arbitrary sequence of n certificates and that is >> not exactly what is desired here. > Peter, > > The paragraph that you are referring to in section 3.2.3 is discussing > the use of the path building wantBacks (id-stc-build-pkc-path and > id-stc-build-aa-path), which are described in section 3.2.2 as follows: > > - id-stc-build-pkc-path: Build a prospective certification path to a > trust anchor (as defined in section 6.1 of [PKIX-1]); > > - id-stc-build-aa-path: Build a prospective certification path to a > trust anchor for the AC issuer; > > The description of id-stc-build-pkc-path has been unchanged since > draft 18 and the description of id-stc-build-aa-path has been > unchanged since draft 24. > > Dave > > --------------ms070002070609040806030106 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC BHIwggLfoAMCAQICBgqvijKA3jANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNzAzMjYxMDM3MDNaFw0wOTA2MDMxMDM3MDNaMHAx CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPB7ZSfmYsUuVIV0W2izxb1Zyvr6ZJ IjPiqRMs77dbEQhQ6FZhhUSuABxxc8NjZvyPMRo0uuT0iVpRDktb0fWPTx3m9qTfdqrhWg2c IOBKNbNQr8NogDJvG1AxRx4q9SXKZCVpZCoHu3fz2Rfji1kL7l597+7qBEsFd9IyvRaexQID AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5 MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSZjq81LuJmsiiu1Yt/ezwCiUQSQTAfBgNV HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA A4IBfAAUq5MJ3gXhdKDpOm0ascDE9e1iMo0RQ24ujkc9IrFXhAJNS+3eNwcJEieU2vgZTsGb zKeBZom1zVOFoh73VIRP6T08j4dDlndpDYZbxD20KzFt9zX6gV8IgR2zkkZXLQRbLyW16kw8 oFe3s//p1csCkCPAlZv1rZQYR5Psm0A1aiOiuSHhWUmgfAJxmIgfbmKtS3WpsUZVBuLQpThN rWjLRAqJKYA++++qqo3ujqAAzJLe+MHrX5dai7+n6WBfV4qo1uDArR7XbmgVpV/EdPA75XRi XEedLgbFDawJ9nAMN6WfL/NG6GZkEa7mZ7sH/gG34y21nq4w4mAAxn9wz7mDKMsEbJMZ5VlJ TOp0g6TdYqGjNoc/rQg7pqjcRChVitwd1Rl8O31+bIdNSpv4UReNMDcffRQrt+pF1FxR4q6q M9YLJU8NThx/89Mf/WF7fzrgVlsNJ78D9nJu0EhKes/9EX2qpIcHUfk/izOj8lCc1ksFgXpd UEchE0DcMIIEcjCCAt+gAwIBAgIGCq+KMoDeMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA3MDMyNjEwMzcwM1oXDTA5MDYwMzEw MzcwM1owcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8HtlJ+ZixS5UhXRbaL PFvVnK+vpkkiM+KpEyzvt1sRCFDoVmGFRK4AHHFzw2Nm/I8xGjS65PSJWlEOS1vR9Y9PHeb2 pN92quFaDZwg4Eo1s1Cvw2iAMm8bUDFHHir1JcpkJWlkKge7d/PZF+OLWQvuXn3v7uoESwV3 0jK9Fp7FAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJmOrzUu4mayKK7Vi397PAKJ RBJBMB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI hvcNAQEFBQADggF8ABSrkwneBeF0oOk6bRqxwMT17WIyjRFDbi6ORz0isVeEAk1L7d43BwkS J5Ta+BlOwZvMp4FmibXNU4WiHvdUhE/pPTyPh0OWd2kNhlvEPbQrMW33NfqBXwiBHbOSRlct BFsvJbXqTDygV7ez/+nVywKQI8CVm/WtlBhHk+ybQDVqI6K5IeFZSaB8AnGYiB9uYq1Ldamx RlUG4tClOE2taMtECokpgD7776qqje6OoADMkt74wetfl1qLv6fpYF9XiqjW4MCtHtduaBWl X8R08DvldGJcR50uBsUNrAn2cAw3pZ8v80boZmQRruZnuwf+AbfjLbWerjDiYADGf3DPuYMo ywRskxnlWUlM6nSDpN1ioaM2hz+tCDumqNxEKFWK3B3VGXw7fX5sh01Km/hRF40wNx99FCu3 6kXUXFHirqoz1gslTw1OHH/z0x/9YXt/OuBWWw0nvwP2cm7QSEp6z/0RfaqkhwdR+T+LM6Py UJzWSwWBel1QRyETQNwwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0 MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe 1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0 dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3 UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy 4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6 PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18 k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ S0kgRWRlbFdlYiBQZXJzR0VOAgYKr4oygN4wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzEwMTMwMDE4WjAjBgkqhkiG9w0B CQQxFgQU9Ki1V0vlJWuUGYCGN3IgndcUkNgwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy c0dFTgIGCq+KMoDeMHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ IEVkZWxXZWIgUGVyc0dFTgIGCq+KMoDeMA0GCSqGSIb3DQEBAQUABIGAGbItWns073Q4GGYb weDDazfAwuSb2/9Ot2zMe1FoeqZ6FmR6/meVpKofgs6S3Uu1HYHAulq0FzIifyuG07fuDVrj oA26KHw5ht1GU8BMesHGQt+xNLMlhk6PQsdbIs4S59Bt2beC5TwOGsycAWoGfYqklH9WLSKU wiPDwFAqLksAAAAAAAA= --------------ms070002070609040806030106-- Received: from RYU ([125.130.45.30]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l6ACOFeP057270; Tue, 10 Jul 2007 05:24:17 -0700 (MST) (envelope-from kervallesturatubidop@vallesturatubi.it) Received: from 217.18.103.84 (HELO mbox1.vallesturatubi.it) by imc.org with esmtp (8-+S?ZM(8/I /IE(=) id ,17(=P-TRV*0H--5 for ietf-xml-mime@imc.org; Tue, 10 Jul 2007 12:24:00 -0900 Date: Tue, 10 Jul 2007 12:24:00 -0900 From: "Effie Doss" <kervallesturatubidop@vallesturatubi.it> X-Mailer: The Bat! (v3.0.0.15) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <726535727.00748215053263@thhebat.net> To: ietf-xml-mime@imc.org Subject: Don't get left behind MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------67821E4BFDA67F6" X-Spam: Not detected ------------67821E4BFDA67F6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Finally the true stuff with no trickery! P.E.P. are tasting hot right this time! This is the real stuff not an imitation! One of the very exceptionals, totally unrivalled stuff is easy accessible all over the world! Pay heed to what people say about this stuff: "I like how quick your product had an affect upon my boyfriend, he can't stop chatting on how hot he is having his new calibre, extent, and libido!" Amely S., San Diego "Firstly I thought the gratuitous sample I acquired was a jest, till I tried using the P.E.P. I cant describe report how plume I am with the effects I achieved from using the remedy after 7 short weeks. I will be ordering continually!" Steve Doubt, San Diego Look at more references about this amazing product right here and right now! http://www.periast.net/?qyjrhfkjha ------------67821E4BFDA67F6 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>She will love you more than any other guy</TITLE> </HEAD> <BODY> <b> Finally the true stuff with no trickery! <br> <a href="http://www.periast.net/?qyjrhfkjha" target="_blank">P.E.P.</a> are tasting hot right this time! This is the real stuff not an imitation! <br> One of the very exceptionals, totally unrivalled stuff is easy accessible all over the world! <br> Pay heed to what people say about this stuff: <p> <i> "I like how quick your product had an affect upon my boyfriend, he can't stop chatting on how hot he is having his new calibre, extent, and libido!" </i> </p> Amely S., San Diego <p> <i> "Firstly I thought the gratuitous sample I acquired was a jest, till I tried using the P.E.P. I cant describe report how plume I am with the effects I achieved from using the remedy after 7 short weeks. I will be ordering continually!" </i> </p> Steve Doubt, San Diego <center> <a href="http://www.periast.net/?qyjrhfkjha" target="_blank"> Look at more references about this amazing product right here and right now! </a> </center> </b> <font color="#D9EDFF">http://www.periast.net/?qyjrhfkjha</font> </BODY></HTML> ------------67821E4BFDA67F6-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69JSlcV026216 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2007 12:28:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l69JSlGw026215; Mon, 9 Jul 2007 12:28:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69JSjMW026177 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-pkix@imc.org>; Mon, 9 Jul 2007 12:28:46 -0700 (MST) (envelope-from vkg@alcatel-lucent.com) Received: from ihmail.ih.lucent.com (h135-1-218-70.lucent.com [135.1.218.70]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id l69JSViM024313; Mon, 9 Jul 2007 14:28:36 -0500 (CDT) Received: from [135.185.244.90] (il0015vkg1.ih.lucent.com [135.185.244.90]) by ihmail.ih.lucent.com (8.11.7p1+Sun/8.12.11) with ESMTP id l69JSQa14071; Mon, 9 Jul 2007 14:28:26 -0500 (CDT) Message-ID: <46928C5A.8000104@alcatel-lucent.com> Date: Mon, 09 Jul 2007 14:28:26 -0500 From: "Vijay K. Gurbani" <vkg@alcatel-lucent.com> Organization: Bell Labs Security Technology Research Group User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-pkix@imc.org CC: Scott Lawrence <slawrence@pingtel.com>, "Jeffrey, Alan S A (Alan)" <ajeffrey@alcatel-lucent.com> Subject: Updated draft-gurbani-sip-domain-certs-06 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> On Fri, 2007-06-22 at 16:12 -0500, Vijay K. Gurbani wrote: > Folks: draft-gurbani-sip-domain-certs-05 has been submitted to > the IETF archives. This version includes the guidance we > got from the pkix WG in Prague. More specifically, this version > focuses strictly on: > > - How to use and interpret the SIP identities in a X.509 certificate. > - How to indicate that this particular certificate is for SIP > usage. We got some excellent late-breaking comments from Stephen Kent, and reissued this as -06 just ahead of the deadline for Chicago. Since such a late submission may take some days to get through the pipeline, you can get it here now: http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-06.txt http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-06.html Most of Stephen's comments were incorporated in -06. There were a couple that we felt would benefit from a larger discussion in the SIP WG; as such, we will be presenting this draft at the Chicago SIP WG to get some consensus around these. We would like to thank Stephen and the other pkix WG members who have taken the time to give us better guidance on the draft. - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA) Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org} WWW: http://www.alcatel-lucent.com/bell-labs Received: from host-81-190-104-97.rzeszow.mm.pl (host-81-190-104-97.rzeszow.mm.pl [81.190.104.97]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69I93QQ016204; Mon, 9 Jul 2007 11:09:04 -0700 (MST) (envelope-from jytuntermuehlgop@untermuehl.com) Received: from [81.190.104.97] by mail.untermuehl.com; Mon, 9 Jul 2007 18:11:28 -0100 Date: Mon, 9 Jul 2007 18:11:28 -0100 From: "Rod Caldwell" <jytuntermuehlgop@untermuehl.com> X-Mailer: The Bat! (v2.00.9) Educational Reply-To: jytuntermuehlgop@untermuehl.com X-Priority: 3 (Normal) Message-ID: <264306626.96639395916736@untermuehl.com> To: imc-snacc@imc.org Subject: Olny this 5 days special price on pharma for you dear customer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------9ADADADAD30C1782" ------------9ADADADAD30C1782 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Best greetings!!! Unique offer for you Dear Customer!!! At these 5 days only for our customers incredible offer!!! On all meds you require!!! Fill your life with colours of merriment!!! http://eventmay.hk/ Truly yours, On-line community of druggists ------------9ADADADAD30C1782 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <strong><font color="#1CA82E"><em>Best greetings!!! </em></font><br> Unique offer for you <font color="#FF0000"><em>Dear Customer!!!</em></font><br> At these <font color="#FF0000"><em>5 days only</em></font> for our customers incredible offer!!! <br> On all meds you require!!! </strong> <strong><br><br> <a href="http://eventmay.hk/" target="_blank"><em>Fill your life with colours of merriment!!! </em></a></strong> <p><font color="#D9EDFF">http://eventmay.hk/</font></p> <p><strong>Truly yours,<br> <em>On-line community of druggists</em></strong></p> </BODY></HTML> ------------9ADADADAD30C1782-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69ETmjg093426 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2007 07:29:48 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l69ETmXf093425; Mon, 9 Jul 2007 07:29:48 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mx12.bbn.com (mx12.bbn.com [128.33.0.81]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69ETkLS093417 for <ietf-pkix@imc.org>; Mon, 9 Jul 2007 07:29:47 -0700 (MST) (envelope-from kent@bbn.com) Received: from dhcp89-089-071.bbn.com ([128.89.89.71]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1I7uFF-0000uh-54; Mon, 09 Jul 2007 10:29:45 -0400 Mime-Version: 1.0 Message-Id: <p06240502c2b7f6b18182@[128.89.89.71]> In-Reply-To: <008c01c7c0a4$45793790$82c5a8c0@arport2v> References: <468EB15C.4000103@nist.gov> <008c01c7c0a4$45793790$82c5a8c0@arport2v> Date: Mon, 9 Jul 2007 10:30:02 -0400 To: "Anders Rundgren" <anders.rundgren@telia.com> From: Stephen Kent <kent@bbn.com> Subject: Re: draft-ietf-pkix-scvp-32.txt Cc: "David A. Cooper" <david.cooper@nist.gov>, "pkix" <ietf-pkix@imc.org> Content-Type: multipart/alternative; boundary="============_-1028131091==_ma============" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --============_-1028131091==_ma============ Content-Type: text/plain; charset="iso-8859-1" ; format="flowed" Content-Transfer-Encoding: quoted-printable At 4:36 PM +0200 7/7/07, Anders Rundgren wrote: >Although probably not NIST's intentions with=20 >SCVP, I would not be surprised if SCVP long-term=20 >will put the final nail in the Bridge CA coffin. > >Off-loaded validation is a MUCH better concept=20 >since it is fully dynamic, allows arbitrary=20 >granularity down to individual EE certificates,=20 >and most of all does not rely on a centrally=20 >funded/trusted "=FCber-CA". In fact, a successful=20 >rollout of SCVP will probably eliminate most=20 >other uses of cross-certification as well. > >Anders > David asked a question about HTTP use in SCVP, for which this is NOT an answ= er. Try to keep on topic. Steve --============_-1028131091==_ma============ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!doctype html public "-//W3C//DTD W3 HTML//EN"> <html><head><style type=3D"text/css"><!-- blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 } --></style><title>Re: draft-ietf-pkix-scvp-32.txt</title></head><body> <div>At 4:36 PM +0200 7/7/07, Anders Rundgren wrote:</div> <blockquote type=3D"cite" cite><font face=3D"Arial" size=3D"-1">Although probably not NIST's intentions with SCVP, I would not be surprised if SCVP long-term will put the final nail in the Bridge CA coffin.</font></blockquote> <blockquote type=3D"cite" cite><font face=3D"Arial" size=3D"-1"><br> Off-loaded validation is a MUCH better concept since it is fully dynamic, allows arbitrary granularity down to individual EE certificates, and most of all does not rely on a centrally funded/trusted "=FCber-CA". In fact, a successful rollout of SCVP will probably eliminate most other uses of cross-certification as well.</font><br> <font face=3D"Arial" size=3D"-1"></font></blockquote> <blockquote type=3D"cite" cite><font face=3D"Arial" size=3D"-1">Anders</font><br> <font face=3D"Arial" size=3D"-1"></font></blockquote> <div><font face=3D"Arial" size=3D"-1"><br></font></div> <div>David asked a question about HTTP use in SCVP, for which this is NOT an answer.</div> <div><br></div> <div>Try to keep on topic.</div> <div><br></div> <div>Steve</div> </body> </html> --============_-1028131091==_ma============-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DjVPZ090670 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2007 06:45:32 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l69DjVv2090669; Mon, 9 Jul 2007 06:45:31 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from odin2.bull.net (odin2.bull.net [129.184.85.11]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DjTDf090660 for <ietf-pkix@imc.org>; Mon, 9 Jul 2007 06:45:30 -0700 (MST) (envelope-from denis.pinkas@bull.net) Received: from MSGA-001.frcl.bull.fr (msga-mcl1.frcl.bull.fr [129.184.87.20]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA25836; Mon, 9 Jul 2007 15:51:26 +0200 Received: from frcls4013 ([129.182.108.120]) by MSGA-001.frcl.bull.fr (Lotus Domino Release 5.0.11) with SMTP id 2007070915452177:155410 ; Mon, 9 Jul 2007 15:45:21 +0200 Date: Mon, 9 Jul 2007 15:45:18 +0200 From: "Denis Pinkas" <denis.pinkas@bull.net> To: "pkix" <ietf-pkix@imc.org> Cc: "Joel Kazin" <Joel_Kazin@jeffersonwells.com>, "Stefan Santesson " <stefans@microsoft.com> Subject: PKI Disaster Recovery and Key Rollover X-mailer: Foxmail 5.0 [-fr-] Mime-Version: 1.0 X-MIMETrack: Itemize by SMTP Server on MSGA-001/FR/BULL(Release 5.0.11 |July 24, 2002) at 09/07/2007 15:45:21, Serialize by Router on MSGA-001/FR/BULL(Release 5.0.11 |July 24, 2002) at 09/07/2007 15:45:25, Serialize complete at 09/07/2007 15:45:25 Message-ID: <OF96474FBA.D532CCE0-ONC1257313.004B9072@frcl.bull.fr> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> To the WG, I edited together with Joel Kazin an individual Internet-Draft that has been placed on the IETF web server. The target category is INFORMATIONAL. The document is now available at: https://datatracker.ietf.org/drafts/draft-pinkas-pkix-pki-dr-kr The abstract is the following: This document presents a framework to assist the writers of policy or practice statements and the designers of a Public Key Infrastructure to prepare disaster recovery plans in case of a private key-compromise or a private key-loss. This may happen to end-entity keys, Certification Authorities, Revocation Authorities, Attribute Authorities, or Time-Stamping Authorities. Since certificates have finite validity, CA key-rollover should be planned in advance. In addition, denial of service attacks on Repositories holding CRLs has also to be considered. This framework provides a comprehensive list of potential key- compromise or key-loss conditions that, in the opinion of the authors, should be addressed so that it is possible to quickly recover from exceptional situations. I ask the WG to consider whether this document should be progressed as an individual contribution or as a PKIX WG document. I will not be present at the next meeting, but I plan to prepare a few slides to present the draft. To this respect, I ask whether it would be possible to get a time slot (5 minutes) at the next meeting. Denis Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DPco3089412 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2007 06:25:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l69DPcvd089411; Mon, 9 Jul 2007 06:25:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ncsusraimgo01-ext.na.jnj.com (NCSUSRAIMGo01-EXT.na.jnj.com [148.177.2.32]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DPaaw089404 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL) for <ietf-pkix@imc.org>; Mon, 9 Jul 2007 06:25:37 -0700 (MST) (envelope-from RGuida@CORUS.JNJ.com) X-IronPort-AV: E=Sophos;i="4.16,517,1175486400"; d="scan'208,217";a="65924089" Received: from unknown (HELO JNJUSRAGMH01.na.jnj.com) ([10.35.55.202]) by ncsusraimgo01-int.na.jnj.com with ESMTP; 09 Jul 2007 09:20:13 -0400 Received: from JNJUSNBGMS01.na.jnj.com ([10.5.0.150]) by JNJUSRAGMH01.na.jnj.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 9 Jul 2007 09:25:35 -0400 Received: from JNJUSNBGMS02.na.jnj.com ([10.5.0.152]) by JNJUSNBGMS01.na.jnj.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 9 Jul 2007 09:25:35 -0400 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C7C22C.A1B9F659" X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: draft-ietf-pkix-scvp-32.txt Date: Mon, 9 Jul 2007 09:25:35 -0400 Message-ID: <68238D548DFAED4C8FAE02502B175A4262BD3E@JNJUSNBGMS02.na.jnj.com> In-Reply-To: <008c01c7c0a4$45793790$82c5a8c0@arport2v> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: draft-ietf-pkix-scvp-32.txt Thread-Index: AcfAprAHK6kpP3BZR2iidkggkXDscQBha7Zg From: "Guida, Richard [JJCUS]" <RGuida@CORUS.JNJ.com> To: "Anders Rundgren" <anders.rundgren@telia.com>, "David A. Cooper" <david.cooper@nist.gov>, "pkix" <ietf-pkix@imc.org> X-OriginalArrivalTime: 09 Jul 2007 13:25:35.0449 (UTC) FILETIME=[A1EEF490:01C7C22C] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------_=_NextPart_001_01C7C22C.A1B9F659 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Anders - a bridge CA is most certainly not a centrally trusted = "Ueber-CA" - in fact to the contrary, a bridge optimally has no = self-signed cert and appears in no-ones trust list as an anchor. That = is why it is called a "bridge" - between other CAs. Bridge CAs and SCVP = seem to me to fit together harmoniously and in a complementary fashion. =20 -----Original Message----- From: owner-ietf-pkix@mail.imc.org = [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Anders Rundgren Sent: Saturday, July 07, 2007 10:37 AM To: David A. Cooper; pkix Subject: Re: draft-ietf-pkix-scvp-32.txt Although probably not NIST's intentions with SCVP, I would not be = surprised if SCVP long-term will put the final nail in the Bridge CA = coffin. Off-loaded validation is a MUCH better concept since it is fully = dynamic, allows arbitrary granularity down to individual EE = certificates, and most of all does not rely on a centrally = funded/trusted "=FCber-CA". In fact, a successful rollout of SCVP will = probably eliminate most other uses of cross-certification as well. Anders ----- Original Message -----=20 From: "David A. Cooper" < <mailto:david.cooper@nist.gov> = david.cooper@nist.gov> To: "pkix" < <mailto:ietf-pkix@imc.org> ietf-pkix@imc.org> Sent: Friday, July 06, 2007 23:17 Subject: draft-ietf-pkix-scvp-32.txt All, I just submitted draft 32 of SCVP for posting. This draft contains some editorial changes to address comments raised as a result of IESG review, but there are no changes to the protocol, either syntactic or semantic. A diff file comparing drafts 31 and 32 is available at = <http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-31_to= _32.html> = http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-31_to_= 32.html. I should note that this draft does not address every issue raised during the IESG review. In particular, there are still outstanding comments from Lisa Dusseault relating to the use of HTTP, which is mainly specified in Appendix B of SCVP. Lisa's comments may be found at = <https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comment/6532= 2> = https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comment/65322= . If there is someone who has a sufficient knowledge of HTTP to address the issues that Lisa raises and who is willing to work with us to resolve these issues, that would be appreciated. Dave ------_=_NextPart_001_01C7C22C.A1B9F659 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2800.1596" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY> <DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN = class=3D941422313-09072007>Anders=20 - a bridge CA is most certainly not a centrally trusted = "Ueber-CA" - in=20 fact to the contrary, a bridge optimally has no self-signed cert and = appears in=20 no-ones trust list as an anchor. That is why it is called a = "bridge" -=20 between other CAs. Bridge CAs and SCVP seem to me to fit together=20 harmoniously and in a complementary fashion.</SPAN></FONT></DIV> <DIV> </DIV><BR> <BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px"> <DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT = face=3DTahoma=20 size=3D2>-----Original Message-----<BR><B>From:</B> = owner-ietf-pkix@mail.imc.org=20 [mailto:owner-ietf-pkix@mail.imc.org]<B>On Behalf Of </B>Anders=20 Rundgren<BR><B>Sent:</B> Saturday, July 07, 2007 10:37 = AM<BR><B>To:</B> David=20 A. Cooper; pkix<BR><B>Subject:</B> Re:=20 draft-ietf-pkix-scvp-32.txt<BR><BR></FONT></DIV> <DIV><FONT face=3DArial size=3D2>Although probably not NIST's = intentions with=20 SCVP, I would not be surprised if SCVP long-term will put the final = nail in=20 the Bridge CA coffin.</FONT></DIV><FONT face=3DArial size=3D2> <DIV><BR>Off-loaded validation is a MUCH better concept since it is = fully=20 dynamic, allows arbitrary granularity down to individual EE = certificates, and=20 most of all does not rely on a centrally funded/trusted = "=FCber-CA". In=20 fact, a successful rollout of SCVP will probably eliminate most other = uses of=20 cross-certification as well.<BR><BR>Anders<BR><BR>----- Original = Message=20 ----- <BR>From: "David A. Cooper" <</FONT><A=20 href=3D"mailto:david.cooper@nist.gov"><FONT face=3DArial=20 size=3D2>david.cooper@nist.gov</FONT></A><FONT face=3DArial = size=3D2>><BR>To:=20 "pkix" <</FONT><A href=3D"mailto:ietf-pkix@imc.org"><FONT = face=3DArial=20 size=3D2>ietf-pkix@imc.org</FONT></A><FONT face=3DArial = size=3D2>><BR>Sent:=20 Friday, July 06, 2007 23:17<BR>Subject:=20 draft-ietf-pkix-scvp-32.txt<BR><BR><BR><BR>All,<BR><BR>I just = submitted draft=20 32 of SCVP for posting. This draft contains some<BR>editorial = changes to=20 address comments raised as a result of IESG review,<BR>but there are = no=20 changes to the protocol, either syntactic or semantic.<BR>A diff file=20 comparing drafts 31 and 32 is available at<BR></FONT><A=20 = href=3D"http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scv= p-31_to_32.html"><FONT=20 face=3DArial=20 = size=3D2>http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-sc= vp-31_to_32.html</FONT></A><FONT=20 face=3DArial size=3D2>.<BR><BR>I should note that this draft does not = address=20 every issue raised during<BR>the IESG review. In particular, = there are=20 still outstanding comments<BR>from Lisa Dusseault relating to the use = of HTTP,=20 which is mainly<BR>specified in Appendix B of SCVP. Lisa's = comments may=20 be found at<BR></FONT><A=20 = href=3D"https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comme= nt/65322"><FONT=20 face=3DArial=20 = size=3D2>https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comm= ent/65322</FONT></A><FONT=20 face=3DArial size=3D2>.<BR>If there is someone who has a sufficient = knowledge of=20 HTTP to address<BR>the issues that Lisa raises and who is willing to = work with=20 us to<BR>resolve these issues, that would be=20 appreciated.<BR><BR>Dave<BR></DIV></BLOCKQUOTE></FONT></BODY></HTML> ------_=_NextPart_001_01C7C22C.A1B9F659-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DLWU3088884 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2007 06:21:32 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l69DLWlX088883; Mon, 9 Jul 2007 06:21:32 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l69DLSE1088872 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Mon, 9 Jul 2007 06:21:31 -0700 (MST) (envelope-from david.cooper@nist.gov) Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id l69DFlEF019840; Mon, 9 Jul 2007 09:15:48 -0400 Received: from st26.ncsl.nist.gov (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.7/8.13.7) with ESMTP id l69DFZP4018937; Mon, 9 Jul 2007 09:15:37 -0400 (EDT) Message-ID: <46923510.8020801@nist.gov> Date: Mon, 09 Jul 2007 09:16:00 -0400 From: "David A. Cooper" <david.cooper@nist.gov> User-Agent: Thunderbird 2.0.0.4 (X11/20070620) MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: pkix <ietf-pkix@imc.org> Subject: Re: draft-ietf-pkix-scvp-32.txt References: <468EB15C.4000103@nist.gov> <4690E4B9.4090802@edelweb.fr> In-Reply-To: <4690E4B9.4090802@edelweb.fr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: david.cooper@nist.gov Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter Sylvester wrote: > Section 3.2.3 now has reintroduced the 'prospective' certification path. > > I think that we had understood that either this term borrowed from > 3280 only means an arbitrary sequence of n certificates and that is > not exactly what is desired here. Peter, The paragraph that you are referring to in section 3.2.3 is discussing the use of the path building wantBacks (id-stc-build-pkc-path and id-stc-build-aa-path), which are described in section 3.2.2 as follows: - id-stc-build-pkc-path: Build a prospective certification path to a trust anchor (as defined in section 6.1 of [PKIX-1]); - id-stc-build-aa-path: Build a prospective certification path to a trust anchor for the AC issuer; The description of id-stc-build-pkc-path has been unchanged since draft 18 and the description of id-stc-build-aa-path has been unchanged since draft 24. Dave Received: from host-213-189-178-68.brutele.be (host-213-189-178-68.brutele.be [213.189.178.68]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l695nrV5047595; Sun, 8 Jul 2007 22:49:56 -0700 (MST) (envelope-from gefultrabaseballwot@ultrabaseball.com) Received: from [213.189.178.68] by mx-rr.mail.national-net.com; Mon, 9 Jul 2007 05:49:59 -0100 Date: Mon, 9 Jul 2007 05:49:59 -0100 From: "Marty Brewer" <gefultrabaseballwot@ultrabaseball.com> X-Mailer: The Bat! (v3.80.06) Home Reply-To: gefultrabaseballwot@ultrabaseball.com X-Priority: 3 (Normal) Message-ID: <622056146.34338400154094@ultrabaseball.com> To: ietf-pkix-archive@imc.org Subject: Olny this 5 days special price on pharma for you dear customer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------42C8409D3712C8" ------------42C8409D3712C8 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: 7bit Hello there!!! Unique proposal for you Our Dear Customer!!! During these five days only for our byers inconceivable offer!!! On all medicinal preparations you require!!! Fill in your life with colours of delight!!! http://betterpiece.hk/ Truly Yours, Online community of chemists ------------42C8409D3712C8 Content-Type: text/html; charset=windows-1250 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <strong><font color="#1CA82E"><em>Hello there!!! </em></font><br> Unique proposal for you <font color="#FF0000"><em>Our Dear Customer!!!</em></font><br> During these <font color="#FF0000"><em>five days only</em></font> for our byers inconceivable offer!!! <br> On all medicinal preparations you require!!! </strong> <strong><br><br> <a href="http://betterpiece.hk/" target="_blank"><em>Fill in your life with colours of delight!!! </em></a></strong> <p><font color="#D9EDFF">http://betterpiece.hk/</font></p> <p><strong>Truly Yours,<br> <em>Online community of chemists</em></strong></p> </BODY></HTML> ------------42C8409D3712C8-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68MF4Ow009950 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 8 Jul 2007 15:15:04 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l68MF4HH009949; Sun, 8 Jul 2007 15:15:04 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ns0.neustar.com (ns0.neustar.com [156.154.16.158]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68MF258009927 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 15:15:03 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns0.neustar.com (Postfix) with ESMTP id 36A8C328EB; Sun, 8 Jul 2007 22:15:02 +0000 (GMT) Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1I7f1y-00026y-2b; Sun, 08 Jul 2007 18:15:02 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-scvp-32.txt Message-Id: <E1I7f1y-00026y-2b@stiedprstage1.ietf.org> Date: Sun, 08 Jul 2007 18:15:02 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Server-based Certificate Validation Protocol (SCVP) Author(s) : A. Malpani, et al. Filename : draft-ietf-pkix-scvp-32.txt Pages : 87 Date : 2007-7-8 SCVP allows a client to delegate certification path construction and certification path validation to a server. The path construction or validation (e.g., making sure that none of the certificates in the path are revoked) is performed according to a validation policy, which contains one or more trust anchors. It allows simplification of client implementations and use of a set of predefined validation policies. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-32.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-scvp-32.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-scvp-32.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2007-7-8170232.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-scvp-32.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-scvp-32.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2007-7-8170232.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68LF5Fs004036 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 8 Jul 2007 14:15:06 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l68LF53V004035; Sun, 8 Jul 2007 14:15:05 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ns1.neustar.com (ns1.neustar.com [156.154.16.138]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68LF4Xu004021 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 14:15:05 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns1.neustar.com (Postfix) with ESMTP id 4CA4626E92; Sun, 8 Jul 2007 21:15:03 +0000 (GMT) Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1I7e5u-0006xl-Aj; Sun, 08 Jul 2007 17:15:02 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-sha2-dsa-ecdsa-01.txt Message-Id: <E1I7e5u-0006xl-Aj@stiedprstage1.ietf.org> Date: Sun, 08 Jul 2007 17:15:02 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure: Additional Algorithms and Identifiers for DSA and ECDSA Author(s) : Q. Dang, et al. Filename : draft-ietf-pkix-sha2-dsa-ecdsa-01.txt Pages : 16 Date : 2007-7-8 This document supplements RFC 3279. It specifies algorithm identifiers and ASN.1 encoding rules for the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures when using SHA-224, SHA-256, SHA-384 or SHA- 512 as hashing algorithm. This specification applies to the Internet X.509 Public Key Infrastructure (PKI) when digital signatures are used to sign certificates and certificate revocation list (CRLs). The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119]. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-sha2-dsa-ecdsa-01.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-sha2-dsa-ecdsa-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-sha2-dsa-ecdsa-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2007-7-8163038.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-sha2-dsa-ecdsa-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-sha2-dsa-ecdsa-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2007-7-8163038.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from Inet-E105.smoczka.ptc.pl (Inet-E105.smoczka.ptc.pl [80.244.128.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68DVOlT061962; Sun, 8 Jul 2007 06:31:27 -0700 (MST) (envelope-from taqucelemlakwir@ucelemlak.com) Received: from [80.244.128.173] by mail.ucelemlak.com; Sun, 8 Jul 2007 13:31:14 -0100 Date: Sun, 8 Jul 2007 13:31:14 -0100 From: "Jordan Rush" <taqucelemlakwir@ucelemlak.com> X-Mailer: The Bat! (v3.0.0.15) Educational Reply-To: taqucelemlakwir@ucelemlak.com X-Priority: 3 (Normal) Message-ID: <026332542.52819676828264@ucelemlak.com> To: ietf-openproxy-request@imc.org Subject: Olny this 5 days special price on pharma for you dear customer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------A758BD3A758B6E" ------------A758BD3A758B6E Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit Hi!!! Special proposition for you Dear Customers!!! These five days only for our byers inconceivable offer!!! On all pharmas you want!!! Fill in your life with colours of gladness!!! http://wingpoint.hk/ Truly yours, Online association of pharmaceutical chemists ------------A758BD3A758B6E Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <strong><font color="#1CA82E"><em>Hi!!! </em></font><br> Special proposition for you <font color="#FF0000"><em>Dear Customers!!!</em></font><br> These <font color="#FF0000"><em>five days only</em></font> for our byers inconceivable offer!!! <br> On all pharmas you want!!! </strong> <strong><br><br> <a href="http://wingpoint.hk/" target="_blank"><em>Fill in your life with colours of gladness!!! </em></a></strong> <p><font color="#D9EDFF">http://wingpoint.hk/</font></p> <p><strong>Truly yours,<br> <em>Online association of pharmaceutical chemists</em></strong></p> </BODY></HTML> ------------A758BD3A758B6E-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68DNb6L061233 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 8 Jul 2007 06:23:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l68DNbj4061232; Sun, 8 Jul 2007 06:23:37 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ganymede.on-x.com (ganymede.on-x.com [194.51.68.3]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68DNZhA061222 for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 06:23:36 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr) Received: from localhost (ganymede [127.0.0.1]) by ganymede.on-x.com (Postfix) with ESMTP id 72FB41F; Sun, 8 Jul 2007 15:23:34 +0200 (CEST) Received: from ganymede.on-x.com ([127.0.0.1]) by localhost (ganymede.on-x.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25725-08; Sun, 8 Jul 2007 15:23:32 +0200 (CEST) Received: from vinea.on-x.com (sedna.puteaux.on-x [192.168.10.9]) by ganymede.on-x.com (Postfix) with ESMTP id 4838C1E; Sun, 8 Jul 2007 15:23:32 +0200 (CEST) Received: from [193.51.14.5] ([212.234.46.65]) by vinea.on-x.com (Lotus Domino Release 5.0.11) with ESMTP id 2007070815233113:332221 ; Sun, 8 Jul 2007 15:23:31 +0200 Message-ID: <4690E4B9.4090802@edelweb.fr> Date: Sun, 08 Jul 2007 15:20:57 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> User-Agent: Thunderbird 1.5.0.9 (X11/20061206) MIME-Version: 1.0 To: "David A. Cooper" <david.cooper@nist.gov> Cc: pkix <ietf-pkix@imc.org> Subject: Re: draft-ietf-pkix-scvp-32.txt References: <468EB15C.4000103@nist.gov> In-Reply-To: <468EB15C.4000103@nist.gov> X-MIMETrack: Itemize by SMTP Server on vinea/ON-X(Release 5.0.11 |July 24, 2002) at 07/08/2007 03:23:31 PM, Serialize by Router on vinea/ON-X(Release 5.0.11 |July 24, 2002) at 07/08/2007 03:23:32 PM, Serialize complete at 07/08/2007 03:23:32 PM Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030808050707080702070403" X-Virus-Scanned: by amavisd-new at on-x.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms030808050707080702070403 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Section 3.2.3 now has reintroduced the 'prospective' certification path. I think that we had understood that either this term borrowed from 3280 only means an arbitrary sequence of n certificates and that is not exactly what is desired here. --------------ms030808050707080702070403 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC BHIwggLfoAMCAQICBgqvijKA3jANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNzAzMjYxMDM3MDNaFw0wOTA2MDMxMDM3MDNaMHAx CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPB7ZSfmYsUuVIV0W2izxb1Zyvr6ZJ IjPiqRMs77dbEQhQ6FZhhUSuABxxc8NjZvyPMRo0uuT0iVpRDktb0fWPTx3m9qTfdqrhWg2c IOBKNbNQr8NogDJvG1AxRx4q9SXKZCVpZCoHu3fz2Rfji1kL7l597+7qBEsFd9IyvRaexQID AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5 MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSZjq81LuJmsiiu1Yt/ezwCiUQSQTAfBgNV HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA A4IBfAAUq5MJ3gXhdKDpOm0ascDE9e1iMo0RQ24ujkc9IrFXhAJNS+3eNwcJEieU2vgZTsGb zKeBZom1zVOFoh73VIRP6T08j4dDlndpDYZbxD20KzFt9zX6gV8IgR2zkkZXLQRbLyW16kw8 oFe3s//p1csCkCPAlZv1rZQYR5Psm0A1aiOiuSHhWUmgfAJxmIgfbmKtS3WpsUZVBuLQpThN rWjLRAqJKYA++++qqo3ujqAAzJLe+MHrX5dai7+n6WBfV4qo1uDArR7XbmgVpV/EdPA75XRi XEedLgbFDawJ9nAMN6WfL/NG6GZkEa7mZ7sH/gG34y21nq4w4mAAxn9wz7mDKMsEbJMZ5VlJ TOp0g6TdYqGjNoc/rQg7pqjcRChVitwd1Rl8O31+bIdNSpv4UReNMDcffRQrt+pF1FxR4q6q M9YLJU8NThx/89Mf/WF7fzrgVlsNJ78D9nJu0EhKes/9EX2qpIcHUfk/izOj8lCc1ksFgXpd UEchE0DcMIIEcjCCAt+gAwIBAgIGCq+KMoDeMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA3MDMyNjEwMzcwM1oXDTA5MDYwMzEw MzcwM1owcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8HtlJ+ZixS5UhXRbaL PFvVnK+vpkkiM+KpEyzvt1sRCFDoVmGFRK4AHHFzw2Nm/I8xGjS65PSJWlEOS1vR9Y9PHeb2 pN92quFaDZwg4Eo1s1Cvw2iAMm8bUDFHHir1JcpkJWlkKge7d/PZF+OLWQvuXn3v7uoESwV3 0jK9Fp7FAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJmOrzUu4mayKK7Vi397PAKJ RBJBMB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI hvcNAQEFBQADggF8ABSrkwneBeF0oOk6bRqxwMT17WIyjRFDbi6ORz0isVeEAk1L7d43BwkS J5Ta+BlOwZvMp4FmibXNU4WiHvdUhE/pPTyPh0OWd2kNhlvEPbQrMW33NfqBXwiBHbOSRlct BFsvJbXqTDygV7ez/+nVywKQI8CVm/WtlBhHk+ybQDVqI6K5IeFZSaB8AnGYiB9uYq1Ldamx RlUG4tClOE2taMtECokpgD7776qqje6OoADMkt74wetfl1qLv6fpYF9XiqjW4MCtHtduaBWl X8R08DvldGJcR50uBsUNrAn2cAw3pZ8v80boZmQRruZnuwf+AbfjLbWerjDiYADGf3DPuYMo ywRskxnlWUlM6nSDpN1ioaM2hz+tCDumqNxEKFWK3B3VGXw7fX5sh01Km/hRF40wNx99FCu3 6kXUXFHirqoz1gslTw1OHH/z0x/9YXt/OuBWWw0nvwP2cm7QSEp6z/0RfaqkhwdR+T+LM6Py UJzWSwWBel1QRyETQNwwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0 MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe 1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0 dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3 UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy 4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6 PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18 k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ S0kgRWRlbFdlYiBQZXJzR0VOAgYKr4oygN4wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwNzA4MTMyMDU3WjAjBgkqhkiG9w0B CQQxFgQUQSkDmJg/C9QYXhLXrbppkOBqWVYwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy c0dFTgIGCq+KMoDeMHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ IEVkZWxXZWIgUGVyc0dFTgIGCq+KMoDeMA0GCSqGSIb3DQEBAQUABIGAm5Hdfa8uBtS6OqCz 02qWW0nbFp+rPl1LdqZWCUlj8NVp4OoJUOLptcbTceH7LLJlmufUU9M5RXrJynEGGUmTbID8 UbXrf1Thh/wFHiF80K4lIioEYZLZ5TxI9GKPWIEcvgczbYQ19VHl7HFSvq2WhJcbBlruR920 oWqSU3oAM98AAAAAAAA= --------------ms030808050707080702070403-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68AnXla044552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 8 Jul 2007 03:49:33 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l68AnXO2044551; Sun, 8 Jul 2007 03:49:33 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l68AnSWk044537 for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 03:49:33 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 67EFB182B4 for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 22:49:27 +1200 (NZST) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h1NCOV-EnL2q for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 22:49:27 +1200 (NZST) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 5030B182AF for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 22:49:27 +1200 (NZST) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 97E97D14CFC for <ietf-pkix@imc.org>; Sun, 8 Jul 2007 22:49:24 +1200 (NZST) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1I7UKa-0003uj-00 for <ietf-pkix@imc.org>; Sun, 08 Jul 2007 22:49:32 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-pkix@imc.org Subject: Re: draft-ietf-pkix-scvp-32.txt Message-Id: <E1I7UKa-0003uj-00@medusa01.cs.auckland.ac.nz> Date: Sun, 08 Jul 2007 22:49:32 +1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Dave Engberg <dengberg@narrowmountain.com> writes: >SCVP is a protocol that can make complex PKIs work. ^^^^^^^^^^^^^^^^^^^^^^^ You misspelled "nothing". Peter. Received: from [195.133.255.185] ([195.133.255.185]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67KiAjo080936 for <ietf-pkix-archive@imc.org>; Sat, 7 Jul 2007 13:44:12 -0700 (MST) (envelope-from huttrekkiesgur@trekkies.dk) Received: from [195.133.255.185] by mail.trekkies.dk; Sat, 7 Jul 2007 20:44:03 -0300 Date: Sat, 7 Jul 2007 20:44:03 -0300 From: "Laverne Goodson" <huttrekkiesgur@trekkies.dk> X-Mailer: The Bat! (v3.5.30) Home Reply-To: huttrekkiesgur@trekkies.dk X-Priority: 3 (Normal) Message-ID: <060340004.90348341141909@trekkies.dk> To: ietf-pkix-archive@imc.org Subject: Olny this 5 days special price on pharma for you dear customer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------75FFF842C40925F" ------------75FFF842C40925F Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit Hi there!!! Unique offer for you Our Dear Customers!!! Only at these 5 days for our customers unimaginable offer!!! On all medicinal preparations you want!!! Fill in your life with colours of pleasure!!! http://makevillage.hk/ Sincerely yours, On-line community of druggists ------------75FFF842C40925F Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <strong><font color="#1CA82E"><em>Hi there!!! </em></font><br> Unique offer for you <font color="#FF0000"><em>Our Dear Customers!!!</em></font><br> Only at these <font color="#FF0000"><em>5 days</em></font> for our customers unimaginable offer!!! <br> On all medicinal preparations you want!!! </strong> <strong><br><br> <a href="http://makevillage.hk/" target="_blank"><em>Fill in your life with colours of pleasure!!! </em></a></strong> <p><font color="#D9EDFF">http://makevillage.hk/</font></p> <p><strong>Sincerely yours,<br> <em>On-line community of druggists</em></strong></p> </BODY></HTML> ------------75FFF842C40925F-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67HN0JP055667 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 7 Jul 2007 10:23:00 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l67HN0si055666; Sat, 7 Jul 2007 10:23:00 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from pne-smtpout1-sn1.fre.skanova.net (pne-smtpout1-sn1.fre.skanova.net [81.228.11.98]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67HMxgN055658 for <ietf-pkix@imc.org>; Sat, 7 Jul 2007 10:22:59 -0700 (MST) (envelope-from anders.rundgren@telia.com) Received: from arport2v (81.232.45.243) by pne-smtpout1-sn1.fre.skanova.net (7.2.076.2) (authenticated as u18116613) id 46758F190047DB59; Sat, 7 Jul 2007 19:22:56 +0200 Message-ID: <00bc01c7c0bb$74cabed0$82c5a8c0@arport2v> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "Dave Engberg" <dengberg@narrowmountain.com>, "pkix" <ietf-pkix@imc.org> References: <468EB15C.4000103@nist.gov> <008c01c7c0a4$45793790$82c5a8c0@arport2v> <468FB61F.6030908@narrowmountain.com> Subject: Re: draft-ietf-pkix-scvp-32.txt Date: Sat, 7 Jul 2007 19:22:54 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00B9_01C7C0CC.37ED2BE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_00B9_01C7C0CC.37ED2BE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dave, There are many other problems with bridge CAs: http://csrc.nist.gov/pki/documents/B2B-article.pdf Although private sector competitors funding a common bridge CA indeed is = a cute idea it simply has nothing to do with reality. Using SCVP (and similar), each company can administer PKI trust in a = completely distributed way and being as discriminative they want as = well. The day VISA, Amex and MasterCard cross-certifies each other in order to = simplify trust management for merchants, I will though back from my = position that "The Bridge CA is dead, long live the Bridge CA". Regards Anders Rundgren ----- Original Message -----=20 From: Dave Engberg=20 To: pkix=20 Sent: Saturday, July 07, 2007 17:49 Subject: Re: draft-ietf-pkix-scvp-32.txt I disagree. SCVP is a protocol that can make complex PKIs work. The big problem = with a federated PKI using bridged and cross-certified CAs is that it = forces the relying party to do too much work in crawling the CA network = and checking the revocation of every link. This has an unacceptable = risk of failure unless every server and service in the network is 100% = reliable and available. SCVP moves the path discovery and validation to = a server which can be configured to do much more intelligent caching, = pre-fetching, etc. SCVP in DPD mode is perfect for this. As new CAs = join the bridged network, they will "automatically" be usable by the = server and clients without having to add yet another hard-coded root CA = into a massive trust list. Anders Rundgren wrote:=20 Although probably not NIST's intentions with SCVP, I would not be = surprised if SCVP long-term will put the final nail in the Bridge CA = coffin. Off-loaded validation is a MUCH better concept since it is fully = dynamic, allows arbitrary granularity down to individual EE = certificates, and most of all does not rely on a centrally = funded/trusted "=FCber-CA". In fact, a successful rollout of SCVP will = probably eliminate most other uses of cross-certification as well. Anders ------=_NextPart_000_00B9_01C7C0CC.37ED2BE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> <META http-equiv=3DContent-Type = content=3Dtext/html;charset=3DISO-8859-1> <META content=3D"MSHTML 6.00.2800.1595" name=3DGENERATOR></HEAD> <BODY text=3D#000000 bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Dave,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>There are many other problems with = bridge=20 CAs:</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><A=20 href=3D"http://csrc.nist.gov/pki/documents/B2B-article.pdf">http://csrc.n= ist.gov/pki/documents/B2B-article.pdf</A></FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Although private sector competitors = funding a=20 common bridge CA indeed is a cute idea it simply has nothing to do with=20 reality.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Using SCVP (and similar), each = company can=20 administer PKI trust in a completely distributed way and being as = discriminative=20 they want as well.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>The day VISA, Amex and MasterCard=20 cross-certifies each other in order to simplify trust management = for=20 merchants, I will though back from my position that "The Bridge = CA is dead,=20 long live the Bridge CA".</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Regards</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Anders Rundgren</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV style=3D"FONT: 10pt arial">----- Original Message -----=20 <DIV style=3D"BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A=20 title=3Ddengberg@narrowmountain.com = href=3D"mailto:dengberg@narrowmountain.com">Dave=20 Engberg</A> </DIV> <DIV><B>To:</B> <A title=3Dietf-pkix@imc.org=20 href=3D"mailto:ietf-pkix@imc.org">pkix</A> </DIV> <DIV><B>Sent:</B> Saturday, July 07, 2007 17:49</DIV> <DIV><B>Subject:</B> Re: draft-ietf-pkix-scvp-32.txt</DIV></DIV> <DIV><BR></DIV><FONT size=3D-1><FONT face=3D"Helvetica, Arial, = sans-serif"><BR>I=20 disagree.<BR><BR>SCVP is a protocol that can make complex PKIs = work. The=20 big problem with a federated PKI using bridged and cross-certified CAs = is that=20 it forces the relying party to do too much work in crawling the CA = network and=20 checking the revocation of every link. This has an unacceptable = risk of=20 failure unless every server and service in the network is 100% reliable = and=20 available. SCVP moves the path discovery and validation to a = server which=20 can be configured to do much more intelligent caching, pre-fetching, = etc. =20 SCVP in DPD mode is perfect for this. As new CAs join the bridged = network,=20 they will "automatically" be usable by the server and clients without = having to=20 add yet another hard-coded root CA into a massive trust=20 list.<BR><BR><BR></FONT></FONT>Anders Rundgren wrote:=20 <BLOCKQUOTE cite=3Dmid:008c01c7c0a4$45793790$82c5a8c0@arport2v = type=3D"cite"> <META content=3D"MSHTML 6.00.2800.1595" name=3DGENERATOR> <STYLE></STYLE> <DIV><FONT face=3DArial size=3D2>Although probably not NIST's = intentions with=20 SCVP, I would not be surprised if SCVP long-term will put the final = nail in=20 the Bridge CA coffin.</FONT></DIV><FONT face=3DArial size=3D2></FONT> <DIV><FONT face=3DArial size=3D2><BR>Off-loaded validation is a MUCH = better=20 concept since it is fully dynamic, allows arbitrary granularity down = to=20 individual EE certificates, and most of all does not rely on a = centrally=20 funded/trusted "=FCber-CA". In fact, a successful rollout of = SCVP will=20 probably eliminate most other uses of cross-certification as=20 well.<BR><BR>Anders</FONT></DIV></BLOCKQUOTE><BR></BODY></HTML> ------=_NextPart_000_00B9_01C7C0CC.37ED2BE0-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67FntZa044591 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 7 Jul 2007 08:49:55 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l67FntRj044590; Sat, 7 Jul 2007 08:49:55 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from sccrmhc15.comcast.net (sccrmhc15.comcast.net [63.240.77.85]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67Fnsth044578 for <ietf-pkix@imc.org>; Sat, 7 Jul 2007 08:49:54 -0700 (MST) (envelope-from dengberg@narrowmountain.com) Received: from [192.168.123.101] (c-69-181-68-76.hsd1.ca.comcast.net[69.181.68.76]) by comcast.net (sccrmhc15) with ESMTP id <2007070715495301500j05f2e>; Sat, 7 Jul 2007 15:49:53 +0000 Message-ID: <468FB61F.6030908@narrowmountain.com> Date: Sat, 07 Jul 2007 08:49:51 -0700 From: Dave Engberg <dengberg@narrowmountain.com> Organization: Narrow Mountain Consulting, LLC User-Agent: Thunderbird 2.0.0.4 (Windows/20070604) MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: Re: draft-ietf-pkix-scvp-32.txt References: <468EB15C.4000103@nist.gov> <008c01c7c0a4$45793790$82c5a8c0@arport2v> In-Reply-To: <008c01c7c0a4$45793790$82c5a8c0@arport2v> Content-Type: multipart/alternative; boundary="------------030001040704070502000301" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------030001040704070502000301 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit I disagree. SCVP is a protocol that can make complex PKIs work. The big problem with a federated PKI using bridged and cross-certified CAs is that it forces the relying party to do too much work in crawling the CA network and checking the revocation of every link. This has an unacceptable risk of failure unless every server and service in the network is 100% reliable and available. SCVP moves the path discovery and validation to a server which can be configured to do much more intelligent caching, pre-fetching, etc. SCVP in DPD mode is perfect for this. As new CAs join the bridged network, they will "automatically" be usable by the server and clients without having to add yet another hard-coded root CA into a massive trust list. Anders Rundgren wrote: > Although probably not NIST's intentions with SCVP, I would not be > surprised if SCVP long-term will put the final nail in the Bridge CA > coffin. > > Off-loaded validation is a MUCH better concept since it is fully > dynamic, allows arbitrary granularity down to individual EE > certificates, and most of all does not rely on a centrally > funded/trusted "über-CA". In fact, a successful rollout of SCVP will > probably eliminate most other uses of cross-certification as well. > > Anders --------------030001040704070502000301 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> <font size="-1"><font face="Helvetica, Arial, sans-serif"><br> I disagree.<br> <br> SCVP is a protocol that can make complex PKIs work. The big problem with a federated PKI using bridged and cross-certified CAs is that it forces the relying party to do too much work in crawling the CA network and checking the revocation of every link. This has an unacceptable risk of failure unless every server and service in the network is 100% reliable and available. SCVP moves the path discovery and validation to a server which can be configured to do much more intelligent caching, pre-fetching, etc. SCVP in DPD mode is perfect for this. As new CAs join the bridged network, they will "automatically" be usable by the server and clients without having to add yet another hard-coded root CA into a massive trust list.<br> <br> <br> </font></font>Anders Rundgren wrote: <blockquote cite="mid:008c01c7c0a4$45793790$82c5a8c0@arport2v" type="cite"> <meta http-equiv="Content-Type" content="text/html; "> <meta content="MSHTML 6.00.2800.1595" name="GENERATOR"> <style></style> <div><font face="Arial" size="2">Although probably not NIST's intentions with SCVP, I would not be surprised if SCVP long-term will put the final nail in the Bridge CA coffin.</font></div> <font face="Arial" size="2"></font> <div><font face="Arial" size="2"><br> Off-loaded validation is a MUCH better concept since it is fully dynamic, allows arbitrary granularity down to individual EE certificates, and most of all does not rely on a centrally funded/trusted "über-CA". In fact, a successful rollout of SCVP will probably eliminate most other uses of cross-certification as well.<br> <br> Anders</font></div> </blockquote> <br> </body> </html> --------------030001040704070502000301-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67Eb5ru037191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 7 Jul 2007 07:37:05 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l67Eb53Q037190; Sat, 7 Jul 2007 07:37:05 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from pne-smtpout1-sn1.fre.skanova.net (pne-smtpout1-sn1.fre.skanova.net [81.228.11.98]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l67Eb2fX037176 for <ietf-pkix@imc.org>; Sat, 7 Jul 2007 07:37:05 -0700 (MST) (envelope-from anders.rundgren@telia.com) Received: from arport2v (81.232.45.243) by pne-smtpout1-sn1.fre.skanova.net (7.2.076.2) (authenticated as u18116613) id 46758F1900478A91; Sat, 7 Jul 2007 16:36:59 +0200 Message-ID: <008c01c7c0a4$45793790$82c5a8c0@arport2v> From: "Anders Rundgren" <anders.rundgren@telia.com> To: "David A. Cooper" <david.cooper@nist.gov>, "pkix" <ietf-pkix@imc.org> References: <468EB15C.4000103@nist.gov> Subject: Re: draft-ietf-pkix-scvp-32.txt Date: Sat, 7 Jul 2007 16:36:54 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0085_01C7C0B5.072EA720" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_0085_01C7C0B5.072EA720 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Although probably not NIST's intentions with SCVP, I would not be = surprised if SCVP long-term will put the final nail in the Bridge CA = coffin. Off-loaded validation is a MUCH better concept since it is fully = dynamic, allows arbitrary granularity down to individual EE = certificates, and most of all does not rely on a centrally = funded/trusted "=FCber-CA". In fact, a successful rollout of SCVP will = probably eliminate most other uses of cross-certification as well. Anders ----- Original Message -----=20 From: "David A. Cooper" <david.cooper@nist.gov> To: "pkix" <ietf-pkix@imc.org> Sent: Friday, July 06, 2007 23:17 Subject: draft-ietf-pkix-scvp-32.txt All, I just submitted draft 32 of SCVP for posting. This draft contains some editorial changes to address comments raised as a result of IESG review, but there are no changes to the protocol, either syntactic or semantic. A diff file comparing drafts 31 and 32 is available at http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-31_to_= 32.html. I should note that this draft does not address every issue raised during the IESG review. In particular, there are still outstanding comments from Lisa Dusseault relating to the use of HTTP, which is mainly specified in Appendix B of SCVP. Lisa's comments may be found at https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comment/65322= . If there is someone who has a sufficient knowledge of HTTP to address the issues that Lisa raises and who is willing to work with us to resolve these issues, that would be appreciated. Dave ------=_NextPart_000_0085_01C7C0B5.072EA720 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2800.1595" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY> <DIV><FONT face=3DArial size=3D2>Although probably not NIST's intentions = with SCVP,=20 I would not be surprised if SCVP long-term will put the final nail in = the Bridge=20 CA coffin.</FONT></DIV><FONT face=3DArial size=3D2> <DIV><BR>Off-loaded validation is a MUCH better concept since it is = fully=20 dynamic, allows arbitrary granularity down to individual EE = certificates, and=20 most of all does not rely on a centrally funded/trusted = "=FCber-CA". In=20 fact, a successful rollout of SCVP will probably eliminate most other = uses of=20 cross-certification as well.<BR><BR>Anders<BR><BR>----- Original = Message=20 ----- <BR>From: "David A. Cooper" <</FONT><A=20 href=3D"mailto:david.cooper@nist.gov"><FONT face=3DArial=20 size=3D2>david.cooper@nist.gov</FONT></A><FONT face=3DArial = size=3D2>><BR>To:=20 "pkix" <</FONT><A href=3D"mailto:ietf-pkix@imc.org"><FONT = face=3DArial=20 size=3D2>ietf-pkix@imc.org</FONT></A><FONT face=3DArial = size=3D2>><BR>Sent: Friday,=20 July 06, 2007 23:17<BR>Subject:=20 draft-ietf-pkix-scvp-32.txt<BR><BR><BR><BR>All,<BR><BR>I just submitted = draft 32=20 of SCVP for posting. This draft contains some<BR>editorial changes = to=20 address comments raised as a result of IESG review,<BR>but there are no = changes=20 to the protocol, either syntactic or semantic.<BR>A diff file comparing = drafts=20 31 and 32 is available at<BR></FONT><A=20 href=3D"http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scv= p-31_to_32.html"><FONT=20 face=3DArial=20 size=3D2>http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-sc= vp-31_to_32.html</FONT></A><FONT=20 face=3DArial size=3D2>.<BR><BR>I should note that this draft does not = address every=20 issue raised during<BR>the IESG review. In particular, there are = still=20 outstanding comments<BR>from Lisa Dusseault relating to the use of HTTP, = which=20 is mainly<BR>specified in Appendix B of SCVP. Lisa's comments may = be found=20 at<BR></FONT><A=20 href=3D"https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comme= nt/65322"><FONT=20 face=3DArial=20 size=3D2>https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comm= ent/65322</FONT></A><FONT=20 face=3DArial size=3D2>.<BR>If there is someone who has a sufficient = knowledge of=20 HTTP to address<BR>the issues that Lisa raises and who is willing to = work with=20 us to<BR>resolve these issues, that would be=20 appreciated.<BR><BR>Dave<BR></DIV></FONT></BODY></HTML> ------=_NextPart_000_0085_01C7C0B5.072EA720-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l66LHE0I046993 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 Jul 2007 14:17:14 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l66LHEA5046992; Fri, 6 Jul 2007 14:17:14 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l66LHCWH046984 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Fri, 6 Jul 2007 14:17:14 -0700 (MST) (envelope-from david.cooper@nist.gov) Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id l66LH7Kg031546 for <ietf-pkix@imc.org>; Fri, 6 Jul 2007 17:17:08 -0400 Received: from st26.ncsl.nist.gov (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.7/8.13.7) with ESMTP id l66LGuif019254 for <ietf-pkix@imc.org>; Fri, 6 Jul 2007 17:17:01 -0400 (EDT) Message-ID: <468EB15C.4000103@nist.gov> Date: Fri, 06 Jul 2007 17:17:16 -0400 From: "David A. Cooper" <david.cooper@nist.gov> User-Agent: Thunderbird 2.0.0.4 (X11/20070620) MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: draft-ietf-pkix-scvp-32.txt Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: david.cooper@nist.gov Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All, I just submitted draft 32 of SCVP for posting. This draft contains some editorial changes to address comments raised as a result of IESG review, but there are no changes to the protocol, either syntactic or semantic. A diff file comparing drafts 31 and 32 is available at http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-31_to_32.html. I should note that this draft does not address every issue raised during the IESG review. In particular, there are still outstanding comments from Lisa Dusseault relating to the use of HTTP, which is mainly specified in Appendix B of SCVP. Lisa's comments may be found at https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comment/65322. If there is someone who has a sufficient knowledge of HTTP to address the issues that Lisa raises and who is willing to work with us to resolve these issues, that would be appreciated. Dave Received: from fibhost-232-78.fibernet.bacs-net.hu (fibhost-232-78.fibernet.bacs-net.hu [85.66.232.78]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l66GNWbc015035 for <ietf-pkix-archive@imc.org>; Fri, 6 Jul 2007 09:23:33 -0700 (MST) (envelope-from byrtinystarsdot@tinystars.org) Received: from [85.66.232.78] by mx1.biz.mail.yahoo.com; Fri, 6 Jul 2007 16:23:32 -0100 Date: Fri, 6 Jul 2007 16:23:32 -0100 From: "Lupe Clements" <byrtinystarsdot@tinystars.org> X-Mailer: The Bat! (v3.0.0.15) Professional Reply-To: byrtinystarsdot@tinystars.org X-Priority: 3 (Normal) Message-ID: <205263081.73579471919008@tinystars.org> To: ietf-pkix-archive@imc.org Subject: Olny this 5 days special price on pharma for you dear customer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------A3712C84096E5409" ------------A3712C84096E5409 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit Greetings!!! Special proposal for you Our Dear Customers!!! These 5 days only for our byers unimaginable offer!!! On all medicinal agents you want!!! Fill your life with colours of gaiety!!! http://carpossible.hk/ Truly yours, On-line association of chemists ------------A3712C84096E5409 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <strong><font color="#1CA82E"><em>Greetings!!! </em></font><br> Special proposal for you <font color="#FF0000"><em>Our Dear Customers!!!</em></font><br> These <font color="#FF0000"><em>5 days only</em></font> for our byers unimaginable offer!!! <br> On all medicinal agents you want!!! </strong> <strong><br><br> <a href="http://carpossible.hk/" target="_blank"><em>Fill your life with colours of gaiety!!! </em></a></strong> <p><font color="#D9EDFF">http://carpossible.hk/</font></p> <p><strong>Truly yours,<br> <em>On-line association of chemists</em></strong></p> </BODY></HTML> ------------A3712C84096E5409-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l666qqsZ059425 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 5 Jul 2007 23:52:52 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l666qq0h059424; Thu, 5 Jul 2007 23:52:52 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail1relay.itmaster.local (smtp.finsiel.it [193.43.104.17]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l666qoYf059412 for <ietf-pkix@imc.org>; Thu, 5 Jul 2007 23:52:51 -0700 (MST) (envelope-from Adriano.Santoni@actalis.it) Received: from POSTA02.itmaster.local ([156.54.185.25]) by mail1relay.itmaster.local with Microsoft SMTPSVC(6.0.3790.1830); Fri, 6 Jul 2007 08:52:50 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C7BF9A.44AEBCC1" Subject: I: I-D ACTION:draft-santoni-timestampeddata-00.txt Date: Fri, 6 Jul 2007 08:52:48 +0200 Message-ID: <FF374A5075949C4D87367831AAAFD4217AD433@POSTA02.itmaster.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: I-D ACTION:draft-santoni-timestampeddata-00.txt Thread-Index: Ace/QcaxqRGapeahTEa3c/77bLcm0QAWGhYw From: "Santoni Adriano" <Adriano.Santoni@actalis.it> To: <ietf-pkix@imc.org> X-OriginalArrivalTime: 06 Jul 2007 06:52:50.0340 (UTC) FILETIME=[44CB6E40:01C7BF9A] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------_=_NextPart_001_01C7BF9A.44AEBCC1 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable FYI -----Messaggio originale----- Da: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]=20 Inviato: gioved=EC 5 luglio 2007 22.15 A: i-d-announce@ietf.org Oggetto: I-D ACTION:draft-santoni-timestampeddata-00.txt=20 A New Internet-Draft is available from the on-line Internet-Drafts = directories. Title : Syntax for binding documents with time stamps Author(s) : A. Santoni Filename : draft-santoni-timestampeddata-00.txt Pages : 8 Date : 2007-7-5 =09 This document describes a syntax which can be used to bind a generic=20 document (or any set of data, not necessarily protected by means of=20 cryptographic techniques) to one or more time-stamp tokens obtained=20 for that document, where "time-stamp token" has the meaning defined=20 in [TSP].=20 Whereas digital time stamping has become the standard technique for=20 proving the existence of a document before a certain point in time,=20 there is not a generally accepted syntax for keeping together one=20 document and the associated time-stamps in a single "bundle". Such a=20 syntax would facilitate keeping track of which time-stamps belong to=20 what documents and would therefore improve the efficiency of=20 timestamp-aware applications.=20 This document proposes a simple syntax based on [CMS], by defining a=20 new contentType.=20 A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-santoni-timestampeddata-00.txt To remove yourself from the I-D Announcement list, send a message to=20 i-d-announce-request@ietf.org with the word unsubscribe in the body of=20 the message.=20 You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce=20 to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the=20 username "anonymous" and a password of your e-mail address. After=20 logging in, type "cd internet-drafts" and then=20 "get draft-santoni-timestampeddata-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html=20 or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-santoni-timestampeddata-00.txt". =09 NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. ------_=_NextPart_001_01C7BF9A.44AEBCC1 Content-Type: application/octet-stream; name="ATT18376131.TXT" Content-Transfer-Encoding: base64 Content-Description: ATT18376131.TXT Content-Disposition: attachment; filename="ATT18376131.TXT" Q29udGVudC1UeXBlOiBNZXNzYWdlL0V4dGVybmFsLWJvZHk7IGFjY2Vzcy10eXBlPSJtYWlsLXNl cnZlciI7DQoJc2VydmVyPSJtYWlsc2VydkBpZXRmLm9yZyINCg0KQ29udGVudC1UeXBlOiB0ZXh0 L3BsYWluDQpDb250ZW50LUlEOiA8MjAwNy03LTUxNTU3MTIuSS1EQGlldGYub3JnPg0KDQpFTkNP RElORyBtaW1lDQpGSUxFIC9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtc2FudG9uaS10aW1lc3RhbXBl ZGRhdGEtMDAudHh0DQo= ------_=_NextPart_001_01C7BF9A.44AEBCC1 Content-Type: application/octet-stream; name="draft-santoni-timestampeddata-00.URL" Content-Transfer-Encoding: base64 Content-Description: draft-santoni-timestampeddata-00.URL Content-Disposition: attachment; filename="draft-santoni-timestampeddata-00.URL" W0ludGVybmV0U2hvcnRjdXRdDQpVUkw9ZnRwOi8vZnRwLmlldGYub3JnL2ludGVybmV0LWRyYWZ0 cy9kcmFmdC1zYW50b25pLXRpbWVzdGFtcGVkZGF0YS0wMC50eHQNCg== ------_=_NextPart_001_01C7BF9A.44AEBCC1 Content-Type: text/plain; name="ATT18376132.txt" Content-Transfer-Encoding: base64 Content-Description: ATT18376132.txt Content-Disposition: attachment; filename="ATT18376132.txt" X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCkktRC1Bbm5v dW5jZSBtYWlsaW5nIGxpc3QNCkktRC1Bbm5vdW5jZUBpZXRmLm9yZw0KaHR0cHM6Ly93d3cxLmll dGYub3JnL21haWxtYW4vbGlzdGluZm8vaS1kLWFubm91bmNlDQo= ------_=_NextPart_001_01C7BF9A.44AEBCC1-- Received: from mx2.cape.com ([84.77.44.157]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l65JOCBI093557; Thu, 5 Jul 2007 12:24:15 -0700 (MST) (envelope-from cyrthecitycollegiandaj@thecitycollegian.com) Received: from 69.5.75.16 (HELO thecitycollegian.com) by imc.org with esmtp ((8080;0>+N4 45VCB) id *,XJT.-E7)2SY-0T for ietf-pkix-oid-reg@imc.org; Thu, 5 Jul 2007 19:25:56 -0100 Date: Thu, 5 Jul 2007 19:25:56 -0100 From: "Thelma Hollis" <cyrthecitycollegiandaj@thecitycollegian.com> X-Mailer: The Bat! (v2.00.8) Educational X-Priority: 3 (Normal) Message-ID: <476696157.47450076871200@thhebat.net> To: ietf-pkix-oid-reg@imc.org Subject: Getting thinner can be enjoyable MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------C256E3C098F467E3" X-Spam: Not detected ------------C256E3C098F467E3 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable Make use of the chance! =96 Anatrim =96 The up-to-the-moment & most=20= exciting product for corpulent people is now easily available =96 As told=20= on Oprah Can you count up all the times when you told yourself you would do=20= anything for being delivered from this terrible number of kilos? Happily,=20= now no great price is to be paid. Thanks to Anatrim, the earth-shaking,=20= you can achieve naturally health lifestyle and become really thinner.=20= Just look at what customers state! =93I had always led a first-class life until a year back my girlfriend=20= told me I was corpulent and needed to begin looking after my health. Life=20= had changed the wrong way after that, till I disclosed Anatrim =99. After=20= getting rid of more than 18 kilos only thanks to Anatrim, my private=20= life has come back, considerably better than even before. A lot of thanx=20= for the incredible product and the first-rate maintenance service.=20= Proceed with your valuable business!=94 Rikky Martin, Las Vegas "Nothing feels better than slipping into a bikini I have not worn for=20= years. I feel slender, determined, and sturdy, thanx to a great extent to=20= Anatrim! Thank you a lot!" Rita R., Chicago Discover Anatrim, and you'll join the world-wide company of thousands=20= of delighted buyers who are enjoying the revolutionary results of Anatrim=20= right here & right now. Less swallowing madness, less lbs and more=20= festivity in life! Go right here to examine our invincible Anatrim deals!!! http://www.mlezope.net/?mjkvtsioeygl ------------C256E3C098F467E3 Content-Type: text/html; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Become fit and happy again</TITLE> </HEAD> <BODY> <p> <center> <b> <a href=3D"http://www.mlezope.net/?mjkvtsioeygl" target=3D"_blank"> Make use of the chance! =96 Anatrim =96 The up-to-the-moment & most=20= exciting product for corpulent people is now easily available =96 As told=20= on Oprah </a> </center> <br> Can you count up all the times when you told yourself you would do=20= anything for being delivered from this terrible number of kilos? Happily,=20= now no great price is to be paid. Thanks to Anatrim, the earth-shaking,=20= you can achieve naturally health lifestyle and become really thinner.=20= Just look at what customers state! <br> <br> <i> =93I had always led a first-class life until a year back my girlfriend=20= told me I was corpulent and needed to begin looking after my health. Life=20= had changed the wrong way after that, till I disclosed Anatrim =99. After=20= getting rid of more than 18 kilos only thanks to Anatrim, my private=20= life has come back, considerably better than even before. A lot of thanx=20= for the incredible product and the first-rate maintenance service.=20= Proceed with your valuable business!=94 </i> <br> <b> <i> Rikky Martin, Las Vegas </i> </b> <br> <br> <i> "Nothing feels better than slipping into a bikini I have not worn for=20= years. I feel slender, determined, and sturdy, thanx to a great extent to=20= Anatrim! Thank you a lot!" </i> <br> <b> <i> Rita R., Chicago </i> </b> <br> <br> Discover Anatrim, and you'll join the world-wide company of thousands=20= of delighted buyers who are enjoying the revolutionary results of Anatrim=20= right here & right now. Less swallowing madness, less lbs and more=20= festivity in life! <br> <br> <center> <a href=3D"http://www.mlezope.net/?mjkvtsioeygl" target=3D"_blank"> Go right here to examine our invincible Anatrim deals!!! </a> </center> </b> </p> <font color=3D"#D9EDFF">http://www.mlezope.net/?mjkvtsioeygl</font> </BODY></HTML> ------------C256E3C098F467E3-- Received: from wan-gratis.ip.PeterStar.net (wan-gratis.ip.peterstar.net [81.3.168.35]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l65D82Mv057316; Thu, 5 Jul 2007 06:08:03 -0700 (MST) (envelope-from cyrthebluestqualitydaj@thebluestquality.com) Received: from [81.3.168.35] by mail.thebluestquality.com; Thu, 5 Jul 2007 13:07:52 -0300 Date: Thu, 5 Jul 2007 13:07:52 -0300 From: "Molly Ferrell" <cyrthebluestqualitydaj@thebluestquality.com> X-Mailer: The Bat! (v3.62.03) Home Reply-To: cyrthebluestqualitydaj@thebluestquality.com X-Priority: 3 (Normal) Message-ID: <985470312.08504092609931@thebluestquality.com> To: ietf-pay@imc.org Subject: Olny this 5 days special price on pharma for you dear customer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------16758B675FFF8409" ------------16758B675FFF8409 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit Hello!!! Special offer for you Our Dear Client!!! Only at these five days for our customers unimaginable offer!!! On all medications you need!!! Fill your life with colours of bliss!!! http://moonpitch.hk/ Best wishes, On-line community of pharmaceutists ------------16758B675FFF8409 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <strong><font color="#1CA82E"><em>Hello!!! </em></font><br> Special offer for you <font color="#FF0000"><em>Our Dear Client!!!</em></font><br> Only at these <font color="#FF0000"><em>five days</em></font> for our customers unimaginable offer!!! <br> On all medications you need!!! </strong> <strong><br><br> <a href="http://moonpitch.hk/" target="_blank"><em>Fill your life with colours of bliss!!! </em></a></strong> <p><font color="#D9EDFF">http://moonpitch.hk/</font></p> <p><strong>Best wishes,<br> <em>On-line community of pharmaceutists</em></strong></p> </BODY></HTML> ------------16758B675FFF8409-- Received: from krausonline.com (70-228-163-105.ded.ameritech.net [70.228.163.105]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l65AnaGw042912; Thu, 5 Jul 2007 03:49:41 -0700 (MST) (envelope-from FeJSbWY@didchain.com) Message-Id: <200707051049.l65AnaGw042912@balder-227.proper.com> Received: from localhost (localhost.localdomain [127.0.0.1]) by host06241594.didchain.com (8.13.1/8.13.1) with SMTP id 9NCxKkzw63.762686.LmO.Y8L.3739456356346 for <ietf-pkix-archive@imc.org>; Thu, 5 Jul 2007 05:49:25 +0600 Date: Thu, 5 Jul 2007 05:49:25 +0600 From: "Marco Reese" <FeJSbWY@didchain.com> MIME-Version: 1.0 To: ietf-pkix-archive@imc.org Subject: Fwd: MIME-Version: 1.0 Content-Type: text/plain; Start improving your life! Bachelors, Masters, MBA and/or Doctorate (PhD) NO ONE is turned down. 7 days a week. Give us a ring.. 1206 8882083 You Need a Better Degree, and we can Help! Obtain degrees from prestigious non ac Universities based on you life experience. NO ONE is turned down. 7 days a week, 24 hours a day. Do it now.. 1206 8882083 Regards, Professor. Jonathon Hampton There were lots of sardines in those flat rectangular cans with the key under the paper. The old guy had been looking over his right shoulder, guiding the car down the driveway. Received: from costea-1e9fa792 ([89.137.249.97]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l659qeBp036738; Thu, 5 Jul 2007 02:52:41 -0700 (MST) (envelope-from cyrthebalsersdaj@thebalsers.com) Received: from 74.208.5.3 (HELO mx00.1and1.com) by imc.org with esmtp (B+W7UD1+RG/P )0)T@) id (3*0B0-U=)Q+1-47 for ietf-comparator-request@imc.org; Thu, 5 Jul 2007 09:52:38 -0200 Date: Thu, 5 Jul 2007 09:52:38 -0200 From: "Jenna Cornelius" <cyrthebalsersdaj@thebalsers.com> X-Mailer: The Bat! (v3.51) Home X-Priority: 3 (Normal) Message-ID: <368701962.15546384403283@thhebat.net> To: ietf-comparator-request@imc.org Subject: Last chance to supercharge your performance MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------6E7A501F46EEEE" X-Spam: Not detected ------------6E7A501F46EEEE Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable At last, the true stuff =96 no more rip offs! P.E.P. are very hot right this time! Well this is the original thing=20= not a counterfeit! One of the very originals, absolutely unrivalled stuff is on the market=20= everywhere! Pay attention to just what people tell about this product: "I was impressed how swiftly your stuff had an affect upon my=20= boyfriend, he can't stop talking about how excited he is having his new=20= girth, length, and libido!" Maria H., Bellevue WA "At the beginning I considered the free specimen package I acquired was=20= a joke, until I have takenusing the P.E.P. I can=92t describe depict how=20= satisfied I am with the effects from using this remedy for 8 short weeks.=20= I will be requesting at every turn!" Serge Smith, Boston Read more testimonies on this astonishing product here now! http://www.telled.hk/?lhxweacekz ------------6E7A501F46EEEE Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Don't get left behind</TITLE> </HEAD> <BODY> <b> At last, the true stuff =96 no more rip offs! <br> <a href=3D"http://www.telled.hk/?lhxweacekz"=20= target=3D"_blank">P.E.P.</a> are very hot right this time! Well this is=20= the original thing not a counterfeit! <br> One of the very originals, absolutely unrivalled stuff is on the market=20= everywhere! <br> Pay attention to just what people tell about this product: <p> <i> "I was impressed how swiftly your stuff had an affect upon my=20= boyfriend, he can't stop talking about how excited he is having his new=20= girth, length, and libido!" </i> </p> Maria H., Bellevue WA <p> <i> "At the beginning I considered the free specimen package I acquired was=20= a joke, until I have takenusing the P.E.P. I can=92t describe depict how=20= satisfied I am with the effects from using this remedy for 8 short weeks.=20= I will be requesting at every turn!" </i> </p> Serge Smith, Boston <center> <a href=3D"http://www.telled.hk/?lhxweacekz" target=3D"_blank"> Read more testimonies on this astonishing product here now! </a> </center> </b> <font color=3D"#D9EDFF">http://www.telled.hk/?lhxweacekz</font> </BODY></HTML> ------------6E7A501F46EEEE-- Received: from xxx-kuoolxofqa0 (host-80-54-214-167.tvteletronik.pl [80.54.214.167] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l64KKGjO070473; Wed, 4 Jul 2007 13:20:17 -0700 (MST) (envelope-from lewtekstremedivingfon@tekstremediving.com) Received: from 64.38.24.148 (HELO tekstremediving.com) by imc.org with esmtp (,@PW*M51 ;=W-) id 1+L)14-J2>5MS-,K for ietf-pop3ext@imc.org; Wed, 4 Jul 2007 20:20:20 -0100 Date: Wed, 4 Jul 2007 20:20:20 -0100 From: "Cary Sterling" <lewtekstremedivingfon@tekstremediving.com> X-Mailer: The Bat! (v3.0.1.33) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <580847751.39274335607136@thhebat.net> To: ietf-pop3ext@imc.org Subject: Doctors and Celebrities endorse Anatrim MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------59E82136EF6EFD" X-Spam: Not detected ------------59E82136EF6EFD Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Profit by your opportunity! Anatrim The latest & most enchanting flesh loss product is now easily available As were shown on Oprah Do you recall all the situations when you said to yourself you would do anything for being saved from this horrible pounds of fat? Luckily, now no major price is to be paid. Thanks to Anatrim, the earth-shaking, you can achieve healthier mode of life and become really slimmer. Take a look at what customers write! I always had a terrific private life until a year back my girl told me I was portly and in extreme need of keeping eye on my health. My life had suddenly changed after that, until I discovered Anatrim . Since getting rid of about 20 kilos thanx to Anatrim, my private life has come back, better even than before. Many thanks for the incredible product and the great maintenance service. Proceed with the useful action! Charley Mock, Bellevue WA "Nothing to compare with slipping into a bikini I have not worn for a long period. I feel slim, steadfast, and sturdy, thanks to a great extent to Anatrim! Lots of thanks to you!" Linda F., Colorado Check out Anatrim, and you'll join the world-wide community of thousands of happy customers who take pleasure in the revolutionary effects of Anatrim right here and right now. Less gorging insanity, less kilogrammes and more gladness in your life! Go right here to scan outdone Anatrim deals we are proud to offer!!! http://www.qelifed.com/?rcltzhqfkd ------------59E82136EF6EFD Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Pounds down, mood up</TITLE> </HEAD> <BODY> <p> <center> <b> <a href="http://www.qelifed.com/?rcltzhqfkd" target="_blank"> Profit by your opportunity! Anatrim The latest & most enchanting flesh loss product is now easily available As were shown on Oprah </a> </center> <br> Do you recall all the situations when you said to yourself you would do anything for being saved from this horrible pounds of fat? Luckily, now no major price is to be paid. Thanks to Anatrim, the earth-shaking, you can achieve healthier mode of life and become really slimmer. Take a look at what customers write! <br> <br> <i> I always had a terrific private life until a year back my girl told me I was portly and in extreme need of keeping eye on my health. My life had suddenly changed after that, until I discovered Anatrim . Since getting rid of about 20 kilos thanx to Anatrim, my private life has come back, better even than before. Many thanks for the incredible product and the great maintenance service. Proceed with the useful action! </i> <br> <b> <i> Charley Mock, Bellevue WA </i> </b> <br> <br> <i> "Nothing to compare with slipping into a bikini I have not worn for a long period. I feel slim, steadfast, and sturdy, thanks to a great extent to Anatrim! Lots of thanks to you!" </i> <br> <b> <i> Linda F., Colorado </i> </b> <br> <br> Check out Anatrim, and you'll join the world-wide community of thousands of happy customers who take pleasure in the revolutionary effects of Anatrim right here and right now. Less gorging insanity, less kilogrammes and more gladness in your life! <br> <br> <center> <a href="http://www.qelifed.com/?rcltzhqfkd" target="_blank"> Go right here to scan outdone Anatrim deals we are proud to offer!!! </a> </center> </b> </p> <font color="#D9EDFF">http://www.qelifed.com/?rcltzhqfkd</font> </BODY></HTML> ------------59E82136EF6EFD-- Received: from b-0b9dd60c3b384.lodz.mm.pl (host-81-190-44-19.lodz.mm.pl [81.190.44.19]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l64AVwpc003125; Wed, 4 Jul 2007 03:32:01 -0700 (MST) (envelope-from vogtarchukqew@tarchuk.com) Received: from 204.209.205.52 (HELO mx.svc.telus.net) by imc.org with esmtp ()>27Y.+M. 2TH7) id Q.-6))-1010I)-23 for ietf-openproxy@imc.org; Wed, 4 Jul 2007 10:32:05 -0100 Date: Wed, 4 Jul 2007 10:32:05 -0100 From: "Stephanie Mcgill" <vogtarchukqew@tarchuk.com> X-Mailer: The Bat! (v2.12.00) Educational X-Priority: 3 (Normal) Message-ID: <974548221.42034309048708@thhebat.net> To: ietf-openproxy@imc.org Subject: Don't get left behind MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------0513D36E82136EF" X-Spam: Not detected ------------0513D36E82136EF Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable After all the real stuff =96 no more ramp! P.E.P. are very hot right now! Well this is the original thing not a=20= fictitious one! One of the very prominents, absolutely unique product is available=20= everywhere! Take note of what people tell about this product: "I was impressed how swiftly your stuff affected on my boyfriend, he=20= can not stop chatting on how hot he is having his new girth, length, and=20= libido!" Victoria K., San Diego "In the beginning I thought the gratuitous specimen I was given was a=20= kind of prank, until I have takentaking the P.E.P. Words cannot report=20= how pleased I am with the outcomes from using this stuff after 2 brief=20= months. I'll be ordering regularly!" Dave Klark, San Diego Check up more references about this astonishing product here! http://www.algeban.net/?ckyhlekcidkdt ------------0513D36E82136EF Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Last chance to supercharge your performance</TITLE> </HEAD> <BODY> <b> After all the real stuff =96 no more ramp! <br> <a href=3D"http://www.algeban.net/?ckyhlekcidkdt"=20= target=3D"_blank">P.E.P.</a> are very hot right now! Well this is the=20= original thing not a fictitious one! <br> One of the very prominents, absolutely unique product is available=20= everywhere! <br> Take note of what people tell about this product: <p> <i> "I was impressed how swiftly your stuff affected on my boyfriend, he=20= can not stop chatting on how hot he is having his new girth, length, and=20= libido!" </i> </p> Victoria K., San Diego <p> <i> "In the beginning I thought the gratuitous specimen I was given was a=20= kind of prank, until I have takentaking the P.E.P. Words cannot report=20= how pleased I am with the outcomes from using this stuff after 2 brief=20= months. I'll be ordering regularly!" </i> </p> Dave Klark, San Diego <center> <a href=3D"http://www.algeban.net/?ckyhlekcidkdt" target=3D"_blank"> Check up more references about this astonishing product here! </a> </center> </b> <font color=3D"#D9EDFF">http://www.algeban.net/?ckyhlekcidkdt</font> </BODY></HTML> ------------0513D36E82136EF-- Received: from kociszew-5fe2e5 (CMPC010-086.CNet2.Gawex.PL [84.205.10.86]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l63LQ7Ru029096; Tue, 3 Jul 2007 14:26:19 -0700 (MST) (envelope-from xewsvmpublicidadfor@svmpublicidad.com) Received: from 213.149.243.198 (HELO mail.svmpublicidad.com) by imc.org with esmtp (54DEI-)4)70 ,K63) id KQ@W@?-,EFYRX-4E for ietf-sasl@imc.org; Tue, 3 Jul 2007 21:27:47 -0100 Date: Tue, 3 Jul 2007 21:27:47 -0100 From: "Aileen Nicholas" <xewsvmpublicidadfor@svmpublicidad.com> X-Mailer: The Bat! (v2.00) Personal X-Priority: 3 (Normal) Message-ID: <326969465.20307491624060@thhebat.net> To: ietf-sasl@imc.org Subject: Melt away pounds with Anatrim MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------39B252CD394DAC6E" X-Spam: Not detected X-Antivirus: avast! (VPS 000753-2, 2007-07-03), Outbound message X-Antivirus-Status: Clean ------------39B252CD394DAC6E Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Profit by the opportunity! =96 Anatrim =96 The newest and most=20= fascinating flesh loss product is now easily available =96 As were shown=20= on Oprah Do you hold in your memory all the times when you told yourself you=20= would do anything for being rescued from this horrible kilos of fat?=20= Fortunately, now no major price is to be paid. Thanks to Anatrim, the=20= earth-shaking, you can get healthier lifestyle and become really thinner.=20= Take a look at what people say! =93I had always led a marvelous life until last year the girl I was=20= meeting said to me I was obese and in extreme want of looking after my=20= health. Life had abruptly changed after that, till I found Anatrim =99 at=20= once. After getting rid of more than 40 lbs thanx to Anatrim, my private=20= life=92s back on track, better than before even. A great deal of thanx to=20= you for the incredible product & the great service. Proceed with your=20= valuable work!=94 Mikkey Fox, San Diego "Nothing to compare with slipping into a bikini that I have not been=20= dressed in for a long period. Now I feel svelte, determined, and healthy,=20= thanks in great part to Anatrim! A plenty of thanks to you!" Amelia B., San Diego Discover Anatrim, and you will join the world-spread community of=20= thousands of happy buyers who=92re enjoying the revolutionary results of=20= Anatrim right here and right now. Less guzzling mania, less lbs and more=20= gaiety in life! Proceed right here to examine invincible Anatrim arrangement we=92d=20= like to proud!!! http://www.nacklem.net/?bmfjwakbqc ------------39B252CD394DAC6E Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Stop gaining weight and get the figure you want</TITLE> </HEAD> <BODY> <p> <center> <b> <a href=3D"http://www.nacklem.net/?bmfjwakbqc" target=3D"_blank"> Profit by the opportunity! =96 Anatrim =96 The newest and most=20= fascinating flesh loss product is now easily available =96 As were shown=20= on Oprah </a> </center> <br> Do you hold in your memory all the times when you told yourself you=20= would do anything for being rescued from this horrible kilos of fat?=20= Fortunately, now no major price is to be paid. Thanks to Anatrim, the=20= earth-shaking, you can get healthier lifestyle and become really thinner.=20= Take a look at what people say! <br> <br> <i> =93I had always led a marvelous life until last year the girl I was=20= meeting said to me I was obese and in extreme want of looking after my=20= health. Life had abruptly changed after that, till I found Anatrim =99 at=20= once. After getting rid of more than 40 lbs thanx to Anatrim, my private=20= life=92s back on track, better than before even. A great deal of thanx to=20= you for the incredible product & the great service. Proceed with your=20= valuable work!=94 </i> <br> <b> <i> Mikkey Fox, San Diego </i> </b> <br> <br> <i> "Nothing to compare with slipping into a bikini that I have not been=20= dressed in for a long period. Now I feel svelte, determined, and healthy,=20= thanks in great part to Anatrim! A plenty of thanks to you!" </i> <br> <b> <i> Amelia B., San Diego </i> </b> <br> <br> Discover Anatrim, and you will join the world-spread community of=20= thousands of happy buyers who=92re enjoying the revolutionary results of=20= Anatrim right here and right now. Less guzzling mania, less lbs and more=20= gaiety in life! <br> <br> <center> <a href=3D"http://www.nacklem.net/?bmfjwakbqc" target=3D"_blank"> Proceed right here to examine invincible Anatrim arrangement we=92d=20= like to proud!!! </a> </center> </b> </p> <font color=3D"#D9EDFF">http://www.nacklem.net/?bmfjwakbqc</font> </BODY></HTML> ------------39B252CD394DAC6E-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l63L2v5l025505 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 3 Jul 2007 14:02:57 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l63L2veG025504; Tue, 3 Jul 2007 14:02:57 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from ondar.cablelabs.com (ondar.cablelabs.com [192.160.73.61]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l63L2td1025497 for <ietf-pkix@imc.org>; Tue, 3 Jul 2007 14:02:55 -0700 (MST) (envelope-from S.Dotson@CableLabs.com) Received: from kyzyl.cablelabs.com (kyzyl.cablelabs.com [10.253.0.7]) by ondar.cablelabs.com (8.13.8/8.13.8) with ESMTP id l63L2jXB004019; Tue, 3 Jul 2007 15:02:45 -0600 Received: from srvxchg3.cablelabs.com (10.5.0.25) by kyzyl.cablelabs.com (F-Secure/fsigk_smtp/511/kyzyl.cablelabs.com); Tue, 3 Jul 2007 15:02:45 -0700 (MST) X-Virus-Status: clean(F-Secure/fsigk_smtp/511/kyzyl.cablelabs.com) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: [Sip] Certificate authentication in SIP Date: Tue, 3 Jul 2007 15:02:42 -0600 Message-ID: <9AAEDF491EF7CA48AB587781B8F5D7C62E9B58@srvxchg3.cablelabs.com> In-Reply-To: <1183141935.3646.30.camel@sukothai.pingtel.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Sip] Certificate authentication in SIP Thread-Index: Ace6e+wW+FLgkz2vQaSq7V/HIIT9cQDOJxQQ References: <9D18525F6EF33947BDEF23374EF26C7A06CDA1@stntexch11.cis.neustar.com><9AAEDF491EF7CA48AB587781B8F5D7C6016BA6@srvxchg3.cablelabs.com><4685191E.4060903@alcatel-lucent.com> <1183141935.3646.30.camel@sukothai.pingtel.com> From: "Steve Dotson" <S.Dotson@CableLabs.com> To: "Scott Lawrence" <slawrence@pingtel.com>, "IETF SIP List" <sip@ietf.org>, <ietf-pkix@imc.org> X-Approved: ondar Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l63L2td1025499 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Thanks Vijay, and thanks Scott for the clarification. The SIP cert auth requirements document currently lists a few use cases: - the certificate identifies a device - the certificate identifies a user There could also be the case where the device certificate is mapped to a user for subscription purposes, and there are probably others. As Sumanth states, depending on the agreed upon requirements, the solution could leave these types of specifics as out of scope and just handle the transport and messaging between UA and registrar, or we could go so far as to have certificate profiles and requirements and then work those requirements with the appropriate groups. Thanks. Steve. -----Original Message----- From: Scott Lawrence [mailto:slawrence@pingtel.com] Sent: Friday, June 29, 2007 12:32 PM To: IETF SIP List; ietf-pkix@imc.org Subject: Re: [Sip] Certificate authentication in SIP On Fri, 2007-06-29 at 09:37 -0500, Vijay K. Gurbani wrote: > Sumanth Channabasappa wrote: > > And if we find that certificates need some work to support this > > initiative (e.g., SIP identifiers as subjects), perhaps we can > > present some of those requirements to other WGs. If we find an > > existing solutions that can be used, good (and we can document them > > as such :) ). > > Scott Lawrence and I have spent some time on this issue, i.e., SIP > identifiers as subjects in X.509 certificates. The latest version of > the draft that includes pkix WG comments from Prague and the comments > of the sip WG ADs and others was posted last week to the archives, and > is available at > http://tools.ietf.org/html/draft-gurbani-sip-domain-certs-05 One qualification - the draft above is limited to certificates as whose subject is a SIP domain - not an individual. The goal is to clarify how such certificates are constructed and constrained, and how they should be used to authenticate that a server is authoritative for a domain. > Comments on this version would be extremely helpful. -- Scott Lawrence tel:+1-781-938-5306;ext=162 or sip:slawrence@pingtel.com sipXecs project coordinator - SIPfoundry http://www.sipfoundry.org/sipXecs Chief Technology Officer - Pingtel Corp. http://www.pingtel.com/ _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip Received: from wsip-70-169-132-93.hr.hr.cox.net (wsip-70-169-132-93.hr.hr.cox.net [70.169.132.93]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l63KpHfx023839; Tue, 3 Jul 2007 13:51:20 -0700 (MST) (envelope-from xewswansreachfor@swansreach.org) Received: from [70.169.132.93] by swansreach.org; Tue, 3 Jul 2007 20:51:19 +0500 Date: Tue, 3 Jul 2007 20:51:19 +0500 From: "Adela Pacheco" <xewswansreachfor@swansreach.org> X-Mailer: The Bat! (v3.5.25) Educational Reply-To: xewswansreachfor@swansreach.org X-Priority: 3 (Normal) Message-ID: <444646609.81036863166339@swansreach.org> To: ietf-openproxy-request@imc.org Subject: Can you imagine that you are healthy? MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------6EBF67821E4B80" ------------6EBF67821E4B80 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit LegalRXMedications drug shop propose all pharmas you need to restore your health for a little cost. We manage across the globe with clients from America, Europe, and Asia. Now you got no need to look for pharmacy somewhere at your area. We certainly convey high quality pharmasworldwide. Visit our site & obtain preparations you require immediately direct to your lodging. http://ableright.hk/ We are confirmed by VeriSign & VISA thus we provide secure and reliable acquisition. ------------6EBF67821E4B80 Content-Type: text/html; charset=iso-8859-2 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> <b><font color="#00CC33"><em>LegalRXMedications</em></font> drug shop propose all pharmas you need to restore your health for a little cost. <br> We manage across the globe with clients from America, Europe, and Asia. <br> Now you got no need to look for pharmacy somewhere at your area.<br> We certainly convey high quality pharmasworldwide. <br> <br> <a href="http://ableright.hk/" target="_blank"><em>Visit our site & obtain preparations you require immediately direct to your lodging.</em></a></b> <br> <font color="#D9EDFF">http://ableright.hk/</font> <br><b>We are confirmed by <font color="#FF0000"><em>VeriSign</em></font> & <font color="#FF0000"><em>VISA</em></font> thus we provide secure and reliable acquisition. </b> </BODY></HTML> ------------6EBF67821E4B80-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62MCks5099350 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Jul 2007 15:12:46 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l62MCkwJ099349; Mon, 2 Jul 2007 15:12:46 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.191]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62MCigs099340 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@imc.org>; Mon, 2 Jul 2007 15:12:45 -0700 (MST) (envelope-from stefans@microsoft.com) Received: from dub-exhub-c302.europe.corp.microsoft.com (65.53.213.92) by DUB-EXGWY-E801.partners.extranet.microsoft.com (10.251.129.1) with Microsoft SMTP Server (TLS) id 8.1.122.1; Mon, 2 Jul 2007 23:12:43 +0100 Received: from EA-EXMSG-C307.europe.corp.microsoft.com ([65.53.221.19]) by dub-exhub-c302.europe.corp.microsoft.com ([65.53.213.92]) with mapi; Mon, 2 Jul 2007 23:12:43 +0100 From: Stefan Santesson <stefans@microsoft.com> To: pkix <ietf-pkix@imc.org> Date: Mon, 2 Jul 2007 23:12:39 +0100 Subject: RE: Call for agenda items for the CHicago PKIX meeting Thread-Topic: Call for agenda items for the CHicago PKIX meeting Thread-Index: Ace6WW5TLUaZoDk9Ts6QzrNPf9yx1gCnEJ7w Message-ID: <A15AC0FBACD3464E95961F7C0BCD1FF0D148873D@EA-EXMSG-C307.europe.corp.microsoft.com> References: <A15AC0FBACD3464E95961F7C0BCD1FF0D14883C6@EA-EXMSG-C307.europe.corp.microsoft.com> In-Reply-To: <A15AC0FBACD3464E95961F7C0BCD1FF0D14883C6@EA-EXMSG-C307.europe.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_A15AC0FBACD3464E95961F7C0BCD1FF0D148873DEAEXMSGC307euro_" MIME-Version: 1.0 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --_000_A15AC0FBACD3464E95961F7C0BCD1FF0D148873DEAEXMSGC307euro_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thank you for the inputs so far. Just keep posting agenda suggestions if you still have a request but not po= sted it to me. I will be away until Sunday. When I get back I will collect the requests an= d post a preliminary agenda early next week. Stefan Santesson Senior Program Manager Windows Security, Standards From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On= Behalf Of Stefan Santesson Sent: den 29 juni 2007 16:26 To: pkix Subject: Call for agenda items for the CHicago PKIX meeting Importance: High All, A number is issues has been brought to the list since last IETF meeting. Please let me know if you have any topic you want to discuss during the PKI= X meeting in Chicago. As usual, I need at least one editor from each active document to send me a= note whether you want a time slot at the meeting beyond my general status = report. I need your request for agenda items before end of next week. I.e. Friday J= uly 6. Thank you. Stefan Santesson Senior Program Manager Windows Security, Standards --_000_A15AC0FBACD3464E95961F7C0BCD1FF0D148873DEAEXMSGC307euro_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m= icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office= :access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"= uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof= t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co= m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee= t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns= :oa=3D"urn:schemas-microsoft-com:office:activation" xmlns:html=3D"http://ww= w.w3.org/TR/REC-html40" xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope= /" xmlns:D=3D"DAV:" xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2= 003/xml" xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xm= lns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:d= s=3D"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.micros= oft.com/sharepoint/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc"= xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" xmlns:sps=3D"http://schemas= .microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001/XMLSch= ema-instance" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile"= xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:= mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:= m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels=3D"http:= //schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t=3D"htt= p://schemas.microsoft.com/exchange/services/2006/types" xmlns=3D"http://www= .w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"= > <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)"> <style> <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal; font-family:"Calibri","sans-serif"; color:windowtext;} span.EmailStyle18 {mso-style-type:personal-reply; font-family:"Calibri","sans-serif"; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 70.85pt 70.85pt;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3DSV link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoNormal><a name=3D"_MailEndCompose"><span lang=3DEN-US style= =3D'color: #1F497D'>Thank you for the inputs so far.<o:p></o:p></span></a></p> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p> = </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'>Just keep p= osting agenda suggestions if you still have a request but not posted it to me.<o:p></o:p>= </span></p> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'>I will be a= way until Sunday. When I get back I will collect the requests and post a preliminary agenda early next week.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p> = </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p> = </o:p></span></p> <div> <p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f= amily: "Arial","sans-serif";color:maroon'>Stefan Santesson</span></b><span lang=3D= EN-GB style=3D'font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F49= 7D'><o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-GB style=3D'font-size:10.0pt;font-fami= ly:"Arial","sans-serif"; color:#400040'>Senior Program Manager</span><span lang=3DEN-GB style=3D'fon= t-size: 12.0pt;font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span>= </p> <p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f= amily: "Arial","sans-serif";color:#400040'>Windows Security, Standards</span></b><= span lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p> </div> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'><o:p> = </o:p></span></p> <div style=3D'border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm = 4.0pt'> <div> <div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm = 0cm 0cm'> <p class=3DMsoNormal><b><span lang=3DEN-US style=3D'font-size:10.0pt;font-f= amily: "Tahoma","sans-serif"'>From:</span></b><span lang=3DEN-US style=3D'font-siz= e:10.0pt; font-family:"Tahoma","sans-serif"'> owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] <b>On Behalf Of </b>Stefan Santesson<= br> <b>Sent:</b> den 29 juni 2007 16:26<br> <b>To:</b> pkix<br> <b>Subject:</b> Call for agenda items for the CHicago PKIX meeting<br> <b>Importance:</b> High<o:p></o:p></span></p> </div> </div> <p class=3DMsoNormal><o:p> </o:p></p> <p class=3DMsoNormal><span lang=3DEN-US>All,<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>A number is issues has been brought= to the list since last IETF meeting.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>Please let me know if you have any = topic you want to discuss during the PKIX meeting in Chicago.<o:p></o:p></span></= p> <p class=3DMsoNormal><span lang=3DEN-US>As usual, I need at least one edito= r from each active document to send me a note whether you want a time slot at the meeting beyond my general status report.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>I need your request for agenda item= s before end of next week. I.e. Friday July 6.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US>Thank you.<o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> <p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f= amily: "Arial","sans-serif";color:maroon'>Stefan Santesson</span></b><span lang=3D= EN-GB style=3D'font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F49= 7D'><o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-GB style=3D'font-size:10.0pt;font-fami= ly:"Arial","sans-serif"; color:#400040'>Senior Program Manager</span><span lang=3DEN-GB style=3D'fon= t-size: 12.0pt;font-family:"Times New Roman","serif";color:navy'><o:p></o:p></span>= </p> <p class=3DMsoNormal><b><span lang=3DEN-GB style=3D'font-size:10.0pt;font-f= amily: "Arial","sans-serif";color:#400040'>Windows Security, Standards</span></b><= span lang=3DEN-US style=3D'color:#1F497D'><o:p></o:p></span></p> <p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p> </div> </div> </body> </html> --_000_A15AC0FBACD3464E95961F7C0BCD1FF0D148873DEAEXMSGC307euro_-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62Dechg047717 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Jul 2007 06:40:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l62DecAQ047716; Mon, 2 Jul 2007 06:40:38 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail.pingtel.com (hide.pingtel.com [65.220.123.2]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62Debni047709 for <ietf-pkix@imc.org>; Mon, 2 Jul 2007 06:40:38 -0700 (MST) (envelope-from slawrence@pingtel.com) Received: from [127.0.0.1] (pi.pingtel.com [10.1.1.12]) by mail.pingtel.com (Postfix) with ESMTP id 334966C01F; Mon, 2 Jul 2007 09:40:01 -0400 (EDT) Subject: Re: Domain certificates in SIP (complete) From: Scott Lawrence <slawrence@pingtel.com> To: ietf-pkix@imc.org Cc: Vijay Gurbani <vkg@lucent.com> In-Reply-To: <1182631587.3432.26.camel@scott.skrb.org> References: <1182631587.3432.26.camel@scott.skrb.org> Content-Type: text/plain Organization: Pingtel Corp. Date: Mon, 02 Jul 2007 09:40:36 -0400 Message-Id: <1183383636.3497.17.camel@sukothai.pingtel.com> Mime-Version: 1.0 X-Mailer: Evolution 2.8.3 (2.8.3-2.fc6) Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> [the last copy escaped early :-) ] On Sat, 2007-06-23 at 16:46 -0400, Scott Lawrence wrote: > draft-gurbani-sip-domain-certs-05 has been submitted to > the IETF archives. We've tried to incorporate some of the advice we got > around the Prague meeting. > > This version focuses fairly narrowly on: > > - How to use and interpret the SIP identities in a X.509 certificate. > - How to indicate that this particular certificate is for SIP > usage. > > What goes in the subjectAltName, and a new EKU value, with the detailed > steps to interpret and validate them are provided from the viewpoint of > user agents, proxies, and registrars. > > Until the -05 version appears in the archives, you can get it from: > > http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.txt > http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.html > > Comments, questions and other feedback is much appreciated. The authors would particularly appreciate some expert PKIX review on whether or not the usage of the suggested Extended Key Usage reasonable and (at least potentially) effective? This is described in sections 5 and 8.1: http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.html#sipusage http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.html#cert-subject -- Scott Lawrence tel:+1-781-938-5306;ext=162 or sip:slawrence@pingtel.com sipXecs project coordinator - SIPfoundry http://www.sipfoundry.org/sipXecs Chief Technology Officer - Pingtel Corp. http://www.pingtel.com/ Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62DYY7h047136 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Jul 2007 06:34:34 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l62DYYf1047135; Mon, 2 Jul 2007 06:34:34 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mail.pingtel.com (hide.pingtel.com [65.220.123.2]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l62DYWLB047124 for <ietf-pkix@imc.org>; Mon, 2 Jul 2007 06:34:33 -0700 (MST) (envelope-from slawrence@pingtel.com) Received: from [127.0.0.1] (pi.pingtel.com [10.1.1.12]) by mail.pingtel.com (Postfix) with ESMTP id E41BB6C017; Mon, 2 Jul 2007 09:33:52 -0400 (EDT) Subject: Re: Domain certificates in SIP From: Scott Lawrence <slawrence@pingtel.com> To: ietf-pkix@imc.org Cc: Vijay Gurbani <vkg@lucent.com> In-Reply-To: <1182631587.3432.26.camel@scott.skrb.org> References: <1182631587.3432.26.camel@scott.skrb.org> Content-Type: text/plain Organization: Pingtel Corp. Date: Mon, 02 Jul 2007 09:34:26 -0400 Message-Id: <1183383267.3497.11.camel@sukothai.pingtel.com> Mime-Version: 1.0 X-Mailer: Evolution 2.8.3 (2.8.3-2.fc6) Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> On Sat, 2007-06-23 at 16:46 -0400, Scott Lawrence wrote: > draft-gurbani-sip-domain-certs-05 has been submitted to > the IETF archives. We've tried to incorporate some of the advice we got > around the Prague meeting. > > This version focuses fairly narrowly on: > > - How to use and interpret the SIP identities in a X.509 certificate. > - How to indicate that this particular certificate is for SIP > usage. > > What goes in the subjectAltName, and a new EKU value, with the detailed > steps to interpret and validate them are provided from the viewpoint of > user agents, proxies, and registrars. > > Until the -05 version appears in the archives, you can get it from: > > http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.txt > http://svn.resiprocate.org/rep/ietf-drafts/gurbani/domain-certs/draft-gurbani-sip-domain-certs-05.html > > Comments, questions and other feedback is much appreciated. There are two areas in this draft that we would particularly getting appreciate some expert PKIX review: * Is the usage of the suggested Extended Key Usage reasonable and (at least potentially) effective? This is described in -- Scott Lawrence tel:+1-781-938-5306;ext=162 or sip:slawrence@pingtel.com sipXecs project coordinator - SIPfoundry http://www.sipfoundry.org/sipXecs Chief Technology Officer - Pingtel Corp. http://www.pingtel.com/
- Re: [TLS] the use cases for GSS-based TLS and the… Russ Housley