draft-ietf-pkix-scvp-25.txt
"yannick quenechdu" <yquenechdu@linagora.com> Wed, 31 May 2006 17:11 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FlUDp-0000Co-8I for pkix-archive@lists.ietf.org; Wed, 31 May 2006 13:11:05 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FlUDm-0001GK-T4 for pkix-archive@lists.ietf.org; Wed, 31 May 2006 13:11:05 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4VGC4oN036452; Wed, 31 May 2006 09:12:04 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4VGC4Yq036451; Wed, 31 May 2006 09:12:04 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from whisky.linagora.com (whisky.linagora.com [62.23.27.55]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4VGC2Ki036435 for <ietf-pkix@imc.org>; Wed, 31 May 2006 09:12:04 -0700 (MST) (envelope-from yquenechdu@linagora.com)
Received: from localhost (unknown [127.0.0.1]) by whisky.linagora.com (Postfix) with ESMTP id 0CB709A5EF2 for <ietf-pkix@imc.org>; Wed, 31 May 2006 16:11:59 +0000 (UTC)
Received: from whisky.linagora.com ([127.0.0.1]) by localhost (whisky [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05311-05 for <ietf-pkix@imc.org>; Wed, 31 May 2006 18:11:51 +0200 (CEST)
Received: from 10.0.0.2 (linagoraberri.pck.nerim.net [213.41.243.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by whisky.linagora.com (Postfix) with ESMTP id 23ED49A5E05 for <ietf-pkix@imc.org>; Wed, 31 May 2006 18:11:50 +0200 (CEST)
Received: from 10.0.0.1 (proxying for 145.242.3.30) (SquirrelMail authenticated user yquenechdu) by tomate.linagora.lan with HTTP; Wed, 31 May 2006 18:11:59 +0200 (CEST)
Message-ID: <1950.10.0.0.1.1149091919.squirrel@tomate.linagora.lan>
Date: Wed, 31 May 2006 18:11:59 +0200
Subject: draft-ietf-pkix-scvp-25.txt
From: yannick quenechdu <yquenechdu@linagora.com>
To: ietf-pkix@imc.org
Reply-To: yquenechdu@linagora.com
User-Agent: SquirrelMail/1.4.5 [CVS]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: by amavisd-new at linagora.com
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 8ac499381112328dd60aea5b1ff596ea
Hi, I would wish a clarification by the way Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4VGL7cm039001; Wed, 31 May 2006 09:21:07 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4VGL7Yl038999; Wed, 31 May 2006 09:21:07 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from whisky.linagora.com (whisky.linagora.com [62.23.27.55]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4VGL5nI038992 for <ietf-pkix@imc.org>; Wed, 31 May 2006 09:21:06 -0700 (MST) (envelope-from yquenechdu@linagora.com) Received: from localhost (unknown [127.0.0.1]) by whisky.linagora.com (Postfix) with ESMTP id 9161D9A62E7 for <ietf-pkix@imc.org>; Wed, 31 May 2006 16:21:03 +0000 (UTC) Received: from whisky.linagora.com ([127.0.0.1]) by localhost (whisky [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05601-02 for <ietf-pkix@imc.org>; Wed, 31 May 2006 18:20:56 +0200 (CEST) Received: from 10.0.0.2 (linagoraberri.pck.nerim.net [213.41.243.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by whisky.linagora.com (Postfix) with ESMTP id DB6189A52EE for <ietf-pkix@imc.org>; Wed, 31 May 2006 18:20:55 +0200 (CEST) Received: from 10.0.0.1 (proxying for 145.242.3.30) (SquirrelMail authenticated user yquenechdu) by tomate.linagora.lan with HTTP; Wed, 31 May 2006 18:21:03 +0200 (CEST) Message-ID: <2047.10.0.0.1.1149092463.squirrel@tomate.linagora.lan> Date: Wed, 31 May 2006 18:21:03 +0200 (CEST) Subject: [Fwd: draft-ietf-pkix-scvp-25.txt] From: "yannick quenechdu" <yquenechdu@linagora.com> To: ietf-pkix@imc.org Reply-To: yquenechdu@linagora.com User-Agent: SquirrelMail/1.4.5 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: by amavisd-new at linagora.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi, I would wish a clarification about section 3 : "If the extended key usage extension is present, it MUST contain either the SCVP client OID (see Section 3.10) or another OID acceptable to the SCVP server." I do not see the relation with section 3.10. It is necessary to use the field RequestorText to indicate a OID for SCVP client ? Thanks; --- Yannick quenec'hdu Security architect Linagora Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4VGC4oN036452; Wed, 31 May 2006 09:12:04 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4VGC4Yq036451; Wed, 31 May 2006 09:12:04 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from whisky.linagora.com (whisky.linagora.com [62.23.27.55]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4VGC2Ki036435 for <ietf-pkix@imc.org>; Wed, 31 May 2006 09:12:04 -0700 (MST) (envelope-from yquenechdu@linagora.com) Received: from localhost (unknown [127.0.0.1]) by whisky.linagora.com (Postfix) with ESMTP id 0CB709A5EF2 for <ietf-pkix@imc.org>; Wed, 31 May 2006 16:11:59 +0000 (UTC) Received: from whisky.linagora.com ([127.0.0.1]) by localhost (whisky [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05311-05 for <ietf-pkix@imc.org>; Wed, 31 May 2006 18:11:51 +0200 (CEST) Received: from 10.0.0.2 (linagoraberri.pck.nerim.net [213.41.243.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by whisky.linagora.com (Postfix) with ESMTP id 23ED49A5E05 for <ietf-pkix@imc.org>; Wed, 31 May 2006 18:11:50 +0200 (CEST) Received: from 10.0.0.1 (proxying for 145.242.3.30) (SquirrelMail authenticated user yquenechdu) by tomate.linagora.lan with HTTP; Wed, 31 May 2006 18:11:59 +0200 (CEST) Message-ID: <1950.10.0.0.1.1149091919.squirrel@tomate.linagora.lan> Date: Wed, 31 May 2006 18:11:59 +0200 (CEST) Subject: draft-ietf-pkix-scvp-25.txt From: "yannick quenechdu" <yquenechdu@linagora.com> To: ietf-pkix@imc.org Reply-To: yquenechdu@linagora.com User-Agent: SquirrelMail/1.4.5 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: by amavisd-new at linagora.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi, I would wish a clarification by the way Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4VCCRaj038651; Wed, 31 May 2006 05:12:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4VCCRHc038649; Wed, 31 May 2006 05:12:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4VCCQHZ038629 for <ietf-pkix@imc.org>; Wed, 31 May 2006 05:12:26 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr) Received: from [193.51.14.5] (localhost [127.0.0.1]) by edelweb.fr (8.11.7p1+Sun/8.11.7) with ESMTP id k4VCCGL09966; Wed, 31 May 2006 14:12:17 +0200 (MEST) Received: from [193.51.14.5] (emeriau.edelweb.fr [193.51.14.5]) by edelweb.fr (nospam/2.4); Wed, 31 May 2006 14:12:17 +0200 (MET DST) Message-ID: <447D87BE.7080505@edelweb.fr> Date: Wed, 31 May 2006 14:10:38 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> User-Agent: Thunderbird 1.5 (X11/20051025) MIME-Version: 1.0 To: Russ Housley <housley@vigilsec.com> CC: ietf-pkix@imc.org Subject: Re: draft-ietf-pkix-scvp-24.txt References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> <44760D47.2060907@nist.gov> <44799CA5.1060101@edelweb.fr> <7.0.0.16.2.20060530101302.037feb10@vigilsec.com> <447C5BF7.6060605@edelweb.fr> <7.0.0.16.2.20060530114140.051d5a68@vigilsec.com> <447C6D4A.6040807@edelweb.fr> <7.0.0.16.2.20060530130451.051df348@vigilsec.com> <447C9763.4090002@edelweb.fr> <7.0.0.16.2.20060530165037.06e25b30@vigilsec.com> In-Reply-To: <7.0.0.16.2.20060530165037.06e25b30@vigilsec.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms060600060808050403090900" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms060600060808050403090900 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit I am fine with this clarification. Russ Housley wrote: > > Peter: > > I can see making this point in the text to add clarity, but the need > for anything else is just not coming through. > >> - When protectResponse is TRUE, the server MUST protect the response >> independantly of the protection of the transport. > > Russ > > -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorite'; die Liste mit zuru"ckgerufenen Zertifikaten finden Sie da auch. --------------ms060600060808050403090900 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC BHIwggLfoAMCAQICBgoMz+gAPzANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNTAxMDYxMjI3MTlaFw0wNzAzMTcxMjI3MTlaMHAx CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn/izyem7Z1pUP/gpQDSzeGA/ZP4vo VaCxcPWyssTYTAl6csAql2IIcYNVb6funaMNOY1q5oSNtlguFpOK3atQElBIMsfSh0CTuvUq q2QDz1nHWOB96aU8G81+ZmC+iQOCAdG3qKWvMOzC0SzxKGbhTqDsjBvfYYk1Jk/Rb5TK0wID AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5 MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSSHP6djxj58tIi5VvjJbMZMXC/fDAfBgNV HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA A4IBfAANZYiEkyDqsT43U83wHLSYMGcEfmisT+WQrAAoHdlcIsnlHnufGnfmdpg5yvCQpl2U TI7/w3LdaItoWq5oMZitqdoPW8Z+jy2pkd/DqYG1MkpEyZ0PA37Zn5yigQXAk4Nox7Lgiom8 1WDNgPesNRX7PRNa+RkQcD8MasfbHcZ2ycs1SxUxiCy6BUzhgSB8cNb2t9LVWWynvWuK1Wa5 V2ZCd3PlbKsrbWH8pafpFWUQm0S2BfKUWLDG9cje5bL7p5EpV4a8gFpbD5dq+PPJglT0Dvs9 F0EcrfL2l3JxGIkZmW7sfiUoefB9hTS9m3/TGvXcne4RYpVpEHFV5TathMuHfKAti6PhSely LCqdPq/T9DHLJekBY0EA2yiVcKQnRZk7/pz0HImCPADOHSOWffJtc9b+Ak6HSDD1PlOSDfT+ udnrqwSAiuNN3hx1olPNxzVDu3jgiTSJFf2XJ1TnmGMT4pJmx7vkJkdE9sZvpiZwdVws37Nr LqhH5fMZMIIEcjCCAt+gAwIBAgIGCgzP6AA/MA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA1MDEwNjEyMjcxOVoXDTA3MDMxNzEy MjcxOVowcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOf+LPJ6btnWlQ/+ClAN LN4YD9k/i+hVoLFw9bKyxNhMCXpywCqXYghxg1Vvp+6dow05jWrmhI22WC4Wk4rdq1ASUEgy x9KHQJO69SqrZAPPWcdY4H3ppTwbzX5mYL6JA4IB0beopa8w7MLRLPEoZuFOoOyMG99hiTUm T9FvlMrTAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJIc/p2PGPny0iLlW+Mlsxkx cL98MB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI hvcNAQEFBQADggF8AA1liISTIOqxPjdTzfActJgwZwR+aKxP5ZCsACgd2VwiyeUee58ad+Z2 mDnK8JCmXZRMjv/Dct1oi2harmgxmK2p2g9bxn6PLamR38OpgbUySkTJnQ8DftmfnKKBBcCT g2jHsuCKibzVYM2A96w1Ffs9E1r5GRBwPwxqx9sdxnbJyzVLFTGILLoFTOGBIHxw1va30tVZ bKe9a4rVZrlXZkJ3c+VsqyttYfylp+kVZRCbRLYF8pRYsMb1yN7lsvunkSlXhryAWlsPl2r4 88mCVPQO+z0XQRyt8vaXcnEYiRmZbux+JSh58H2FNL2bf9Ma9dyd7hFilWkQcVXlNq2Ey4d8 oC2Lo+FJ6XIsKp0+r9P0Mcsl6QFjQQDbKJVwpCdFmTv+nPQciYI8AM4dI5Z98m1z1v4CTodI MPU+U5IN9P652eurBICK403eHHWiU83HNUO7eOCJNIkV/ZcnVOeYYxPikmbHu+QmR0T2xm+m JnB1XCzfs2suqEfl8xkwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0 MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe 1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0 dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3 UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy 4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6 PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18 k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ S0kgRWRlbFdlYiBQZXJzR0VOAgYKDM/oAD8wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwNTMxMTIxMDM4WjAjBgkqhkiG9w0B CQQxFgQUpOfMsrvg9f1uVhUS7W+w15ikDwcwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy c0dFTgIGCgzP6AA/MHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ IEVkZWxXZWIgUGVyc0dFTgIGCgzP6AA/MA0GCSqGSIb3DQEBAQUABIGATmUWQc0TJSix2Wrj +Nd6bKQuzsFqbsW14tVTm4Ueyq6dj3l17dQAKwo05iBibtl+Fg9yiE+PKR8MYrso0duysv5f /1hjiQmOksUFW893yvO9qL8yMmsDFr/jYsW7MhrN06lzx/G/meTvA1mDv9RdJxgihKJC1u9O P8FfWoQnNUcAAAAAAAA= --------------ms060600060808050403090900-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4UKplW3062346; Tue, 30 May 2006 13:51:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4UKplYI062345; Tue, 30 May 2006 13:51:47 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.243.4]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k4UKpktP062331 for <ietf-pkix@imc.org>; Tue, 30 May 2006 13:51:46 -0700 (MST) (envelope-from housley@vigilsec.com) Received: (qmail 18891 invoked by uid 0); 30 May 2006 20:51:39 -0000 Received: from unknown (HELO THINKPADR52.vigilsec.com) (71.126.181.72) by woodstock.binhost.com with SMTP; 30 May 2006 20:51:39 -0000 Message-Id: <7.0.0.16.2.20060530165037.06e25b30@vigilsec.com> X-Mailer: QUALCOMM Windows Eudora Version 7.0.0.16 Date: Tue, 30 May 2006 16:51:44 -0400 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> From: Russ Housley <housley@vigilsec.com> Subject: Re: draft-ietf-pkix-scvp-24.txt Cc: ietf-pkix@imc.org In-Reply-To: <447C9763.4090002@edelweb.fr> References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> <44760D47.2060907@nist.gov> <44799CA5.1060101@edelweb.fr> <7.0.0.16.2.20060530101302.037feb10@vigilsec.com> <447C5BF7.6060605@edelweb.fr> <7.0.0.16.2.20060530114140.051d5a68@vigilsec.com> <447C6D4A.6040807@edelweb.fr> <7.0.0.16.2.20060530130451.051df348@vigilsec.com> <447C9763.4090002@edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: I can see making this point in the text to add clarity, but the need for anything else is just not coming through. >- When protectResponse is TRUE, the server MUST protect the response >independantly of the protection of the transport. Russ Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4UJ723J097505; Tue, 30 May 2006 12:07:02 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4UJ72uB097502; Tue, 30 May 2006 12:07:02 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4UJ700S097480 for <ietf-pkix@imc.org>; Tue, 30 May 2006 12:07:01 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr) Received: from [193.51.14.5] (localhost [127.0.0.1]) by edelweb.fr (8.11.7p1+Sun/8.11.7) with ESMTP id k4UJ6kL23682; Tue, 30 May 2006 21:06:46 +0200 (MEST) Received: from [193.51.14.5] (emeriau.edelweb.fr [193.51.14.5]) by edelweb.fr (nospam/2.4); Tue, 30 May 2006 21:06:47 +0200 (MET DST) Message-ID: <447C9763.4090002@edelweb.fr> Date: Tue, 30 May 2006 21:05:07 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> User-Agent: Thunderbird 1.5 (X11/20051025) MIME-Version: 1.0 To: Russ Housley <housley@vigilsec.com> CC: ietf-pkix@imc.org Subject: Re: draft-ietf-pkix-scvp-24.txt References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> <44760D47.2060907@nist.gov> <44799CA5.1060101@edelweb.fr> <7.0.0.16.2.20060530101302.037feb10@vigilsec.com> <447C5BF7.6060605@edelweb.fr> <7.0.0.16.2.20060530114140.051d5a68@vigilsec.com> <447C6D4A.6040807@edelweb.fr> <7.0.0.16.2.20060530130451.051df348@vigilsec.com> In-Reply-To: <7.0.0.16.2.20060530130451.051df348@vigilsec.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020903050100020702060402" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms020903050100020702060402 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 8bit Russ Housley wrote: > This does not make sense to me. Why do you want to require the > inclusion of an OPTIONAL field when the the semantic result is the same? > oops, I messed up "protectResponse" and "responseFlags" in such clients MUST always set this value to TRUE or omit the responseFlags item entirely, which requires the server to return a protected response. Following David's argument, even when not encoding the optional responseflags, protectResponse is then TRUE. Or, in this sentence, the first half talks about the value of an boolean, and the second about how to encode something. > Russ > > At 12:05 PM 5/30/2006, Peter Sylvester wrote: > >> I think I already did. >> >> Shouldn't the the 'or' be changed into 'i.e.' or he rest of the >> sentence removed. >> >> In fact, I suggested for all cases to avoid the potential >> misinterpretation, and my message >> from months ago suggested textual changes. >> >> And in my previous: >> >> Point 1 in paragraph 4 >> >> 1. A success response to a request made over a protected transport >> such as TLS. These responses SHOULD NOT be protected by the >> server. >> >> If the client indicates a TRUE value in a protectResponse, then the >> previous seems not >> good to me: >> >> - When a TLS is used then a client MAY choose not indicate a FALSE >> value for protectResponses. >> - When TLS is used and protectResponses is FALSE then a server >> SHOULD NOT not to protect the response. (I am not sure whether >> this would even be better MAY NOT). >> - When protectResponse is TRUE, the server MUST protect the response >> independantly of the protection of the transport. >> >> >> Russ Housley wrote: >>> I interpreted your previous not in a much different light. Can you >>> suggest text that would resolve your concern? >>> >>> Russ >>> >>> At 10:51 AM 5/30/2006, Peter Sylvester wrote: >>>> Russ Housley wrote: >>>>> Peter: >>>>> >>>>> I believe that this was discussed. I think we need to ship the >>>>> document. Delay is causing problems. >>>> >>>> >>>> When, where, there was no response to my message? You hay have >>>> discussed something at the >>>> last IETF, but this is not in the minutes, and I never received an >>>> reply to my message. >>>> >>>> How can you claim that something has been discussed that I just >>>> mentioned fo the first time as >>>> a response to david? >>>> >>>> ===> >>>> >>>> Anyway: >>>> >>>> SCVP clients that support delegated path validation (DPV) as defined >>>> in [RQMTS] require an authenticated response. Unless a protected >>>> transport mechanism (such a TLS) is used, such clients MUST always >>>> set this value to TRUE or omit the responseFlags item entirely, >>>> which requires the server to return a protected response. >>>> >>>> Shouldn't the the 'or' be changed into 'i.e.' or he rest of the >>>> sentence >>>> removed. >>>> >>>> You might consider to add the explanations above to the text, since >>>> there are >>>> people out that do not have 20 years of experience with ASN.1 and >>>> its encodings. >>>> This is not the first occurence of such wording, and people have >>>> created errors >>>> in encodings. (e.g. with 3161). >>>> You may try to understand my suggestion as an attempt to avoid >>>> misinterpretations of >>>> using the verb 'set' concerning of the value of an item and how it >>>> is encoded. >>>> >>>> >>>> -- >>>> To verify the signature, see http://edelpki.edelweb.fr/ Cela vous >>>> permet de charger le certificat de l'autorité; die Liste mit >>>> zurückgerufenen Zertifikaten finden Sie da auch. >>> >>> >> >> >> -- >> To verify the signature, see http://edelpki.edelweb.fr/ Cela vous >> permet de charger le certificat de l'autorité; die Liste mit >> zurückgerufenen Zertifikaten finden Sie da auch. > > > -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. --------------ms020903050100020702060402 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC BHIwggLfoAMCAQICBgoMz+gAPzANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNTAxMDYxMjI3MTlaFw0wNzAzMTcxMjI3MTlaMHAx CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn/izyem7Z1pUP/gpQDSzeGA/ZP4vo VaCxcPWyssTYTAl6csAql2IIcYNVb6funaMNOY1q5oSNtlguFpOK3atQElBIMsfSh0CTuvUq q2QDz1nHWOB96aU8G81+ZmC+iQOCAdG3qKWvMOzC0SzxKGbhTqDsjBvfYYk1Jk/Rb5TK0wID AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5 MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSSHP6djxj58tIi5VvjJbMZMXC/fDAfBgNV HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA A4IBfAANZYiEkyDqsT43U83wHLSYMGcEfmisT+WQrAAoHdlcIsnlHnufGnfmdpg5yvCQpl2U TI7/w3LdaItoWq5oMZitqdoPW8Z+jy2pkd/DqYG1MkpEyZ0PA37Zn5yigQXAk4Nox7Lgiom8 1WDNgPesNRX7PRNa+RkQcD8MasfbHcZ2ycs1SxUxiCy6BUzhgSB8cNb2t9LVWWynvWuK1Wa5 V2ZCd3PlbKsrbWH8pafpFWUQm0S2BfKUWLDG9cje5bL7p5EpV4a8gFpbD5dq+PPJglT0Dvs9 F0EcrfL2l3JxGIkZmW7sfiUoefB9hTS9m3/TGvXcne4RYpVpEHFV5TathMuHfKAti6PhSely LCqdPq/T9DHLJekBY0EA2yiVcKQnRZk7/pz0HImCPADOHSOWffJtc9b+Ak6HSDD1PlOSDfT+ udnrqwSAiuNN3hx1olPNxzVDu3jgiTSJFf2XJ1TnmGMT4pJmx7vkJkdE9sZvpiZwdVws37Nr LqhH5fMZMIIEcjCCAt+gAwIBAgIGCgzP6AA/MA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA1MDEwNjEyMjcxOVoXDTA3MDMxNzEy MjcxOVowcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOf+LPJ6btnWlQ/+ClAN LN4YD9k/i+hVoLFw9bKyxNhMCXpywCqXYghxg1Vvp+6dow05jWrmhI22WC4Wk4rdq1ASUEgy x9KHQJO69SqrZAPPWcdY4H3ppTwbzX5mYL6JA4IB0beopa8w7MLRLPEoZuFOoOyMG99hiTUm T9FvlMrTAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJIc/p2PGPny0iLlW+Mlsxkx cL98MB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI hvcNAQEFBQADggF8AA1liISTIOqxPjdTzfActJgwZwR+aKxP5ZCsACgd2VwiyeUee58ad+Z2 mDnK8JCmXZRMjv/Dct1oi2harmgxmK2p2g9bxn6PLamR38OpgbUySkTJnQ8DftmfnKKBBcCT g2jHsuCKibzVYM2A96w1Ffs9E1r5GRBwPwxqx9sdxnbJyzVLFTGILLoFTOGBIHxw1va30tVZ bKe9a4rVZrlXZkJ3c+VsqyttYfylp+kVZRCbRLYF8pRYsMb1yN7lsvunkSlXhryAWlsPl2r4 88mCVPQO+z0XQRyt8vaXcnEYiRmZbux+JSh58H2FNL2bf9Ma9dyd7hFilWkQcVXlNq2Ey4d8 oC2Lo+FJ6XIsKp0+r9P0Mcsl6QFjQQDbKJVwpCdFmTv+nPQciYI8AM4dI5Z98m1z1v4CTodI MPU+U5IN9P652eurBICK403eHHWiU83HNUO7eOCJNIkV/ZcnVOeYYxPikmbHu+QmR0T2xm+m JnB1XCzfs2suqEfl8xkwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0 MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe 1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0 dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3 UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy 4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6 PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18 k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ S0kgRWRlbFdlYiBQZXJzR0VOAgYKDM/oAD8wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwNTMwMTkwNTA3WjAjBgkqhkiG9w0B CQQxFgQU9upd0sBldQeeHEOI3pXR8MRSnN8wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy c0dFTgIGCgzP6AA/MHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ IEVkZWxXZWIgUGVyc0dFTgIGCgzP6AA/MA0GCSqGSIb3DQEBAQUABIGAgoI/qAajYT3KEQQZ auh1RrnmYW4Mj/tIm7boiKYMzYDVIDLfNzOiudQi0ascHiFEAWa0LiSGW5ZR02YMoIFMZ1/X hRrlEXMn4xg3p/skVQsD6+MOdVr0Qm3e90rxHHhLsZDOcJ2GtAYKsJd4Ktw4GnlBgHEosKEc /3Kq8WXV/ikAAAAAAAA= --------------ms020903050100020702060402-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4UHHXm0026897; Tue, 30 May 2006 10:17:33 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4UHHXqX026896; Tue, 30 May 2006 10:17:33 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.243.4]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k4UHHWat026882 for <ietf-pkix@imc.org>; Tue, 30 May 2006 10:17:33 -0700 (MST) (envelope-from housley@vigilsec.com) Received: (qmail 18917 invoked by uid 0); 30 May 2006 17:17:26 -0000 Received: from unknown (HELO THINKPADR52.vigilsec.com) (68.83.214.31) by woodstock.binhost.com with SMTP; 30 May 2006 17:17:26 -0000 Message-Id: <7.0.0.16.2.20060530130451.051df348@vigilsec.com> X-Mailer: QUALCOMM Windows Eudora Version 7.0.0.16 Date: Tue, 30 May 2006 13:06:05 -0400 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> From: Russ Housley <housley@vigilsec.com> Subject: Re: draft-ietf-pkix-scvp-24.txt Cc: ietf-pkix@imc.org In-Reply-To: <447C6D4A.6040807@edelweb.fr> References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> <44760D47.2060907@nist.gov> <44799CA5.1060101@edelweb.fr> <7.0.0.16.2.20060530101302.037feb10@vigilsec.com> <447C5BF7.6060605@edelweb.fr> <7.0.0.16.2.20060530114140.051d5a68@vigilsec.com> <447C6D4A.6040807@edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This does not make sense to me. Why do you want to require the inclusion of an OPTIONAL field when the the semantic result is the same? Russ At 12:05 PM 5/30/2006, Peter Sylvester wrote: >I think I already did. > > Shouldn't the the 'or' be changed into 'i.e.' or he rest of the > sentence removed. > >In fact, I suggested for all cases to avoid the potential >misinterpretation, and my message >from months ago suggested textual changes. > >And in my previous: > >Point 1 in paragraph 4 > > 1. A success response to a request made over a protected transport > such as TLS. These responses SHOULD NOT be protected by the > server. > >If the client indicates a TRUE value in a protectResponse, then the >previous seems not >good to me: > >- When a TLS is used then a client MAY choose not indicate a FALSE >value for protectResponses. >- When TLS is used and protectResponses is FALSE then a server >SHOULD NOT not to protect the response. (I am not sure whether >this would even be better MAY NOT). >- When protectResponse is TRUE, the server MUST protect the response >independantly of the protection of the transport. > > >Russ Housley wrote: >>I interpreted your previous not in a much different light. Can you >>suggest text that would resolve your concern? >> >>Russ >> >>At 10:51 AM 5/30/2006, Peter Sylvester wrote: >>>Russ Housley wrote: >>>>Peter: >>>> >>>>I believe that this was discussed. I think we need to ship the >>>>document. Delay is causing problems. >>> >>> >>>When, where, there was no response to my message? You hay have >>>discussed something at the >>>last IETF, but this is not in the minutes, and I never received an >>>reply to my message. >>> >>>How can you claim that something has been discussed that I just >>>mentioned fo the first time as >>>a response to david? >>> >>>===> >>> >>>Anyway: >>> >>>SCVP clients that support delegated path validation (DPV) as defined >>> in [RQMTS] require an authenticated response. Unless a protected >>> transport mechanism (such a TLS) is used, such clients MUST always >>> set this value to TRUE or omit the responseFlags item entirely, >>> which requires the server to return a protected response. >>> >>>Shouldn't the the 'or' be changed into 'i.e.' or he rest of the sentence >>>removed. >>> >>>You might consider to add the explanations above to the text, >>>since there are >>>people out that do not have 20 years of experience with ASN.1 and >>>its encodings. >>>This is not the first occurence of such wording, and people have >>>created errors >>>in encodings. (e.g. with 3161). >>>You may try to understand my suggestion as an attempt to avoid >>>misinterpretations of >>>using the verb 'set' concerning of the value of an item and how it >>>is encoded. >>> >>> >>>-- >>>To verify the signature, see http://edelpki.edelweb.fr/ Cela vous >>>permet de charger le certificat de l'autorité; die Liste mit >>>zurückgerufenen Zertifikaten finden Sie da auch. >> >> > > >-- >To verify the signature, see http://edelpki.edelweb.fr/ Cela vous >permet de charger le certificat de l'autorité; die Liste mit >zurückgerufenen Zertifikaten finden Sie da auch. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4UG7YhL080403; Tue, 30 May 2006 09:07:34 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4UG7Ykj080402; Tue, 30 May 2006 09:07:34 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4UG7X7D080387 for <ietf-pkix@imc.org>; Tue, 30 May 2006 09:07:33 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr) Received: from [193.51.14.5] (localhost [127.0.0.1]) by edelweb.fr (8.11.7p1+Sun/8.11.7) with ESMTP id k4UG78L21000; Tue, 30 May 2006 18:07:08 +0200 (MEST) Received: from [193.51.14.5] (emeriau.edelweb.fr [193.51.14.5]) by edelweb.fr (nospam/2.4); Tue, 30 May 2006 18:07:08 +0200 (MET DST) Message-ID: <447C6D4A.6040807@edelweb.fr> Date: Tue, 30 May 2006 18:05:30 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> User-Agent: Thunderbird 1.5 (X11/20051025) MIME-Version: 1.0 To: Russ Housley <housley@vigilsec.com> CC: ietf-pkix@imc.org Subject: Re: draft-ietf-pkix-scvp-24.txt References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> <44760D47.2060907@nist.gov> <44799CA5.1060101@edelweb.fr> <7.0.0.16.2.20060530101302.037feb10@vigilsec.com> <447C5BF7.6060605@edelweb.fr> <7.0.0.16.2.20060530114140.051d5a68@vigilsec.com> In-Reply-To: <7.0.0.16.2.20060530114140.051d5a68@vigilsec.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms090906010607050503030301" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms090906010607050503030301 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit I think I already did. Shouldn't the the 'or' be changed into 'i.e.' or he rest of the sentence removed. In fact, I suggested for all cases to avoid the potential misinterpretation, and my message from months ago suggested textual changes. And in my previous: Point 1 in paragraph 4 1. A success response to a request made over a protected transport such as TLS. These responses SHOULD NOT be protected by the server. If the client indicates a TRUE value in a protectResponse, then the previous seems not good to me: - When a TLS is used then a client MAY choose not indicate a FALSE value for protectResponses. - When TLS is used and protectResponses is FALSE then a server SHOULD NOT not to protect the response. (I am not sure whether this would even be better MAY NOT). - When protectResponse is TRUE, the server MUST protect the response independantly of the protection of the transport. Russ Housley wrote: > I interpreted your previous not in a much different light. Can you > suggest text that would resolve your concern? > > Russ > > At 10:51 AM 5/30/2006, Peter Sylvester wrote: >> Russ Housley wrote: >>> Peter: >>> >>> I believe that this was discussed. I think we need to ship the >>> document. Delay is causing problems. >>> >> >> >> When, where, there was no response to my message? You hay have >> discussed something at the >> last IETF, but this is not in the minutes, and I never received an >> reply to my message. >> >> How can you claim that something has been discussed that I just >> mentioned fo the first time as >> a response to david? >> >> ===> >> >> Anyway: >> >> SCVP clients that support delegated path validation (DPV) as defined >> in [RQMTS] require an authenticated response. Unless a protected >> transport mechanism (such a TLS) is used, such clients MUST always >> set this value to TRUE or omit the responseFlags item entirely, >> which requires the server to return a protected response. >> >> Shouldn't the the 'or' be changed into 'i.e.' or he rest of the >> sentence >> removed. >> >> You might consider to add the explanations above to the text, since >> there are >> people out that do not have 20 years of experience with ASN.1 and its >> encodings. >> This is not the first occurence of such wording, and people have >> created errors >> in encodings. (e.g. with 3161). >> You may try to understand my suggestion as an attempt to avoid >> misinterpretations of >> using the verb 'set' concerning of the value of an item and how it is >> encoded. >> >> >> -- >> To verify the signature, see http://edelpki.edelweb.fr/ Cela vous >> permet de charger le certificat de l'autorité; die Liste mit >> zurückgerufenen Zertifikaten finden Sie da auch. > > > -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. --------------ms090906010607050503030301 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC BHIwggLfoAMCAQICBgoMz+gAPzANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNTAxMDYxMjI3MTlaFw0wNzAzMTcxMjI3MTlaMHAx CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn/izyem7Z1pUP/gpQDSzeGA/ZP4vo VaCxcPWyssTYTAl6csAql2IIcYNVb6funaMNOY1q5oSNtlguFpOK3atQElBIMsfSh0CTuvUq q2QDz1nHWOB96aU8G81+ZmC+iQOCAdG3qKWvMOzC0SzxKGbhTqDsjBvfYYk1Jk/Rb5TK0wID AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5 MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSSHP6djxj58tIi5VvjJbMZMXC/fDAfBgNV HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA A4IBfAANZYiEkyDqsT43U83wHLSYMGcEfmisT+WQrAAoHdlcIsnlHnufGnfmdpg5yvCQpl2U TI7/w3LdaItoWq5oMZitqdoPW8Z+jy2pkd/DqYG1MkpEyZ0PA37Zn5yigQXAk4Nox7Lgiom8 1WDNgPesNRX7PRNa+RkQcD8MasfbHcZ2ycs1SxUxiCy6BUzhgSB8cNb2t9LVWWynvWuK1Wa5 V2ZCd3PlbKsrbWH8pafpFWUQm0S2BfKUWLDG9cje5bL7p5EpV4a8gFpbD5dq+PPJglT0Dvs9 F0EcrfL2l3JxGIkZmW7sfiUoefB9hTS9m3/TGvXcne4RYpVpEHFV5TathMuHfKAti6PhSely LCqdPq/T9DHLJekBY0EA2yiVcKQnRZk7/pz0HImCPADOHSOWffJtc9b+Ak6HSDD1PlOSDfT+ udnrqwSAiuNN3hx1olPNxzVDu3jgiTSJFf2XJ1TnmGMT4pJmx7vkJkdE9sZvpiZwdVws37Nr LqhH5fMZMIIEcjCCAt+gAwIBAgIGCgzP6AA/MA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA1MDEwNjEyMjcxOVoXDTA3MDMxNzEy MjcxOVowcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOf+LPJ6btnWlQ/+ClAN LN4YD9k/i+hVoLFw9bKyxNhMCXpywCqXYghxg1Vvp+6dow05jWrmhI22WC4Wk4rdq1ASUEgy x9KHQJO69SqrZAPPWcdY4H3ppTwbzX5mYL6JA4IB0beopa8w7MLRLPEoZuFOoOyMG99hiTUm T9FvlMrTAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJIc/p2PGPny0iLlW+Mlsxkx cL98MB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI hvcNAQEFBQADggF8AA1liISTIOqxPjdTzfActJgwZwR+aKxP5ZCsACgd2VwiyeUee58ad+Z2 mDnK8JCmXZRMjv/Dct1oi2harmgxmK2p2g9bxn6PLamR38OpgbUySkTJnQ8DftmfnKKBBcCT g2jHsuCKibzVYM2A96w1Ffs9E1r5GRBwPwxqx9sdxnbJyzVLFTGILLoFTOGBIHxw1va30tVZ bKe9a4rVZrlXZkJ3c+VsqyttYfylp+kVZRCbRLYF8pRYsMb1yN7lsvunkSlXhryAWlsPl2r4 88mCVPQO+z0XQRyt8vaXcnEYiRmZbux+JSh58H2FNL2bf9Ma9dyd7hFilWkQcVXlNq2Ey4d8 oC2Lo+FJ6XIsKp0+r9P0Mcsl6QFjQQDbKJVwpCdFmTv+nPQciYI8AM4dI5Z98m1z1v4CTodI MPU+U5IN9P652eurBICK403eHHWiU83HNUO7eOCJNIkV/ZcnVOeYYxPikmbHu+QmR0T2xm+m JnB1XCzfs2suqEfl8xkwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0 MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe 1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0 dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3 UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy 4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6 PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18 k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ S0kgRWRlbFdlYiBQZXJzR0VOAgYKDM/oAD8wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwNTMwMTYwNTMwWjAjBgkqhkiG9w0B CQQxFgQUtY+g7LCyX942sHu0fm8EIMQHHYcwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy c0dFTgIGCgzP6AA/MHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ IEVkZWxXZWIgUGVyc0dFTgIGCgzP6AA/MA0GCSqGSIb3DQEBAQUABIGAJYSknpZEgjxl2n5z 9d3bpZh/qLDOZh7pSb+gNJXPAUQr2JiN8BvOJRQTydpxK0E9sGc8E2Wq6pYEMVXWEjuW9O01 HAu/Qz0OCe72K7J5z2uK1GFXZIk1fWSEtOoCAnKtAkPStLy95G0TDVJ55hndeiqfsaKOZx7f 4WEVjFfIMUoAAAAAAAA= --------------ms090906010607050503030301-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4UFjT5o066266; Tue, 30 May 2006 08:45:29 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4UFjRNx066255; Tue, 30 May 2006 08:45:27 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.243.4]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k4UFjO0F066217 for <ietf-pkix@imc.org>; Tue, 30 May 2006 08:45:25 -0700 (MST) (envelope-from housley@vigilsec.com) Received: (qmail 14807 invoked by uid 0); 30 May 2006 15:45:20 -0000 Received: from unknown (HELO THINKPADR52.vigilsec.com) (68.83.214.31) by woodstock.binhost.com with SMTP; 30 May 2006 15:45:20 -0000 Message-Id: <7.0.0.16.2.20060530114140.051d5a68@vigilsec.com> X-Mailer: QUALCOMM Windows Eudora Version 7.0.0.16 Date: Tue, 30 May 2006 11:45:16 -0400 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> From: Russ Housley <housley@vigilsec.com> Subject: Re: draft-ietf-pkix-scvp-24.txt Cc: pkix <ietf-pkix@imc.org> In-Reply-To: <447C5BF7.6060605@edelweb.fr> References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> <44760D47.2060907@nist.gov> <44799CA5.1060101@edelweb.fr> <7.0.0.16.2.20060530101302.037feb10@vigilsec.com> <447C5BF7.6060605@edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I interpreted your previous not in a much different light. Can you suggest text that would resolve your concern? Russ At 10:51 AM 5/30/2006, Peter Sylvester wrote: >Russ Housley wrote: >>Peter: >> >>I believe that this was discussed. I think we need to ship the >>document. Delay is causing problems. >> > > >When, where, there was no response to my message? You hay have >discussed something at the >last IETF, but this is not in the minutes, and I never received an >reply to my message. > >How can you claim that something has been discussed that I just >mentioned fo the first time as >a response to david? > >===> > >Anyway: > >SCVP clients that support delegated path validation (DPV) as defined > in [RQMTS] require an authenticated response. Unless a protected > transport mechanism (such a TLS) is used, such clients MUST always > set this value to TRUE or omit the responseFlags item entirely, > which requires the server to return a protected response. > >Shouldn't the the 'or' be changed into 'i.e.' or he rest of the sentence >removed. > >You might consider to add the explanations above to the text, since there are >people out that do not have 20 years of experience with ASN.1 and >its encodings. >This is not the first occurence of such wording, and people have >created errors >in encodings. (e.g. with 3161). >You may try to understand my suggestion as an attempt to avoid >misinterpretations of >using the verb 'set' concerning of the value of an item and how it is encoded. > > >-- >To verify the signature, see http://edelpki.edelweb.fr/ Cela vous >permet de charger le certificat de l'autorité; die Liste mit >zurückgerufenen Zertifikaten finden Sie da auch. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4UEw6hj034284; Tue, 30 May 2006 07:58:06 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4UEw6tN034283; Tue, 30 May 2006 07:58:06 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4UEw5Bh034252 for <ietf-pkix@imc.org>; Tue, 30 May 2006 07:58:06 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr) Received: from [193.51.14.5] (localhost [127.0.0.1]) by edelweb.fr (8.11.7p1+Sun/8.11.7) with ESMTP id k4UErEL19261; Tue, 30 May 2006 16:53:14 +0200 (MEST) Received: from [193.51.14.5] (emeriau.edelweb.fr [193.51.14.5]) by edelweb.fr (nospam/2.4); Tue, 30 May 2006 16:53:14 +0200 (MET DST) Message-ID: <447C5BF7.6060605@edelweb.fr> Date: Tue, 30 May 2006 16:51:35 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> User-Agent: Thunderbird 1.5 (X11/20051025) MIME-Version: 1.0 To: Russ Housley <housley@vigilsec.com> CC: pkix <ietf-pkix@imc.org> Subject: Re: draft-ietf-pkix-scvp-24.txt References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> <44760D47.2060907@nist.gov> <44799CA5.1060101@edelweb.fr> <7.0.0.16.2.20060530101302.037feb10@vigilsec.com> In-Reply-To: <7.0.0.16.2.20060530101302.037feb10@vigilsec.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040100050001070200010809" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms040100050001070200010809 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Russ Housley wrote: > Peter: > > I believe that this was discussed. I think we need to ship the > document. Delay is causing problems. > > When, where, there was no response to my message? You hay have discussed something at the last IETF, but this is not in the minutes, and I never received an reply to my message. How can you claim that something has been discussed that I just mentioned fo the first time as a response to david? ===> Anyway: SCVP clients that support delegated path validation (DPV) as defined in [RQMTS] require an authenticated response. Unless a protected transport mechanism (such a TLS) is used, such clients MUST always set this value to TRUE or omit the responseFlags item entirely, which requires the server to return a protected response. Shouldn't the the 'or' be changed into 'i.e.' or he rest of the sentence removed. You might consider to add the explanations above to the text, since there are people out that do not have 20 years of experience with ASN.1 and its encodings. This is not the first occurence of such wording, and people have created errors in encodings. (e.g. with 3161). You may try to understand my suggestion as an attempt to avoid misinterpretations of using the verb 'set' concerning of the value of an item and how it is encoded. -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. --------------ms040100050001070200010809 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC BHIwggLfoAMCAQICBgoMz+gAPzANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNTAxMDYxMjI3MTlaFw0wNzAzMTcxMjI3MTlaMHAx CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn/izyem7Z1pUP/gpQDSzeGA/ZP4vo VaCxcPWyssTYTAl6csAql2IIcYNVb6funaMNOY1q5oSNtlguFpOK3atQElBIMsfSh0CTuvUq q2QDz1nHWOB96aU8G81+ZmC+iQOCAdG3qKWvMOzC0SzxKGbhTqDsjBvfYYk1Jk/Rb5TK0wID AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5 MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSSHP6djxj58tIi5VvjJbMZMXC/fDAfBgNV HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA A4IBfAANZYiEkyDqsT43U83wHLSYMGcEfmisT+WQrAAoHdlcIsnlHnufGnfmdpg5yvCQpl2U TI7/w3LdaItoWq5oMZitqdoPW8Z+jy2pkd/DqYG1MkpEyZ0PA37Zn5yigQXAk4Nox7Lgiom8 1WDNgPesNRX7PRNa+RkQcD8MasfbHcZ2ycs1SxUxiCy6BUzhgSB8cNb2t9LVWWynvWuK1Wa5 V2ZCd3PlbKsrbWH8pafpFWUQm0S2BfKUWLDG9cje5bL7p5EpV4a8gFpbD5dq+PPJglT0Dvs9 F0EcrfL2l3JxGIkZmW7sfiUoefB9hTS9m3/TGvXcne4RYpVpEHFV5TathMuHfKAti6PhSely LCqdPq/T9DHLJekBY0EA2yiVcKQnRZk7/pz0HImCPADOHSOWffJtc9b+Ak6HSDD1PlOSDfT+ udnrqwSAiuNN3hx1olPNxzVDu3jgiTSJFf2XJ1TnmGMT4pJmx7vkJkdE9sZvpiZwdVws37Nr LqhH5fMZMIIEcjCCAt+gAwIBAgIGCgzP6AA/MA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA1MDEwNjEyMjcxOVoXDTA3MDMxNzEy MjcxOVowcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOf+LPJ6btnWlQ/+ClAN LN4YD9k/i+hVoLFw9bKyxNhMCXpywCqXYghxg1Vvp+6dow05jWrmhI22WC4Wk4rdq1ASUEgy x9KHQJO69SqrZAPPWcdY4H3ppTwbzX5mYL6JA4IB0beopa8w7MLRLPEoZuFOoOyMG99hiTUm T9FvlMrTAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJIc/p2PGPny0iLlW+Mlsxkx cL98MB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI hvcNAQEFBQADggF8AA1liISTIOqxPjdTzfActJgwZwR+aKxP5ZCsACgd2VwiyeUee58ad+Z2 mDnK8JCmXZRMjv/Dct1oi2harmgxmK2p2g9bxn6PLamR38OpgbUySkTJnQ8DftmfnKKBBcCT g2jHsuCKibzVYM2A96w1Ffs9E1r5GRBwPwxqx9sdxnbJyzVLFTGILLoFTOGBIHxw1va30tVZ bKe9a4rVZrlXZkJ3c+VsqyttYfylp+kVZRCbRLYF8pRYsMb1yN7lsvunkSlXhryAWlsPl2r4 88mCVPQO+z0XQRyt8vaXcnEYiRmZbux+JSh58H2FNL2bf9Ma9dyd7hFilWkQcVXlNq2Ey4d8 oC2Lo+FJ6XIsKp0+r9P0Mcsl6QFjQQDbKJVwpCdFmTv+nPQciYI8AM4dI5Z98m1z1v4CTodI MPU+U5IN9P652eurBICK403eHHWiU83HNUO7eOCJNIkV/ZcnVOeYYxPikmbHu+QmR0T2xm+m JnB1XCzfs2suqEfl8xkwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0 MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe 1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0 dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3 UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy 4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6 PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18 k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ S0kgRWRlbFdlYiBQZXJzR0VOAgYKDM/oAD8wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwNTMwMTQ1MTM1WjAjBgkqhkiG9w0B CQQxFgQUZLRR/C/P/LrQkQ5mvM+2HOz/6GowUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy c0dFTgIGCgzP6AA/MHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ IEVkZWxXZWIgUGVyc0dFTgIGCgzP6AA/MA0GCSqGSIb3DQEBAQUABIGAmm3jsANs3sqNmjXT ckETkgH5iGtLdvQE7EvZ+oamt275shT5RHCBQd2kAmLzPLzOt7ziikRWQbfXbS7A0hXFDCSD KWOtIRLLZcJoKn4I4XDxfn3dyaTxRsIDs6BMuoa7zcJCz+RbbZXcdyVBqz0X/YudIAjrbm5J B4hJjMavesAAAAAAAAA= --------------ms040100050001070200010809-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4UEEtBf005031; Tue, 30 May 2006 07:14:55 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4UEEt9A005030; Tue, 30 May 2006 07:14:55 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.243.4]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k4UEEsEJ005006 for <ietf-pkix@imc.org>; Tue, 30 May 2006 07:14:55 -0700 (MST) (envelope-from housley@vigilsec.com) Received: (qmail 12863 invoked by uid 0); 30 May 2006 14:14:51 -0000 Received: from unknown (HELO THINKPADR52.vigilsec.com) (68.83.214.31) by woodstock.binhost.com with SMTP; 30 May 2006 14:14:51 -0000 Message-Id: <7.0.0.16.2.20060530101302.037feb10@vigilsec.com> X-Mailer: QUALCOMM Windows Eudora Version 7.0.0.16 Date: Tue, 30 May 2006 10:14:51 -0400 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> From: Russ Housley <housley@vigilsec.com> Subject: Re: draft-ietf-pkix-scvp-24.txt Cc: pkix <ietf-pkix@imc.org> In-Reply-To: <44799CA5.1060101@edelweb.fr> References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> <44760D47.2060907@nist.gov> <44799CA5.1060101@edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: I believe that this was discussed. I think we need to ship the document. Delay is causing problems. Russ At 08:50 AM 5/28/2006, Peter Sylvester wrote: >David A. Cooper wrote: >> >>Peter Sylvester wrote: >> >>>It seems that you have not addressed at all the inconsistencies >>>mentioned in: >>> >>> http://www.imc.org/ietf-pkix/mail-archive/msg03248.html >> >>Peter, >> >>I looked over this message again and see that we did forget to >>change "requestorName" to "responderName" in section 3.6. We can >>correct this in authors' 48 hours. I do not believe that any other >>changes need to be made to this document. >Paul Hoffman reponded yo the first sentence. > >You are the editor, and you don't want to make more changes? > >> >>Most of your comments seem to be related to your claim that >>statements of the form "value X MUST be set to TRUE" are incorrect >>if the ASN.1 specifies a DEFAULT value of TRUE for X. This seems >>to be confusing "DEFAULT" and "OPTIONAL", which are encoded >>similarly in DER but have very different semantics. When the >>ResponseFlags item appears in a request, each of its fields >>(fullRequestInResponse, responseValidationPolByRef, >>protectResponse, and cachedResponse) must be set to either TRUE or >>FALSE. This is a requirement since none of the fields are >>OPTIONAL. The fact that a DEFAULT value is defined for each of the >>fields does not change this. The presence of DEFAULT values >>affects how ResponseFlags is encoded using DER, but does not affect >>the fact that each of these fields must be assigned a value of >>either TRUE or FALSE. Note that the text never says "MUST be set >>to TRUE in the encoding", it always says "MUST be set to TRUE". >Most of relate comments relate to different things than this small >propblem of >wording of how to encode a two value item. It would be nice iff you could >address them in a similar detailed way as this small detail: > >Anyway: > > SCVP clients that support delegated path validation (DPV) as defined > in [RQMTS] require an authenticated response. Unless a protected > transport mechanism (such a TLS) is used, such clients MUST always > set this value to TRUE or omit the responseFlags item entirely, > which requires the server to return a protected response. > >Shouldn't the the 'or' be changed into 'i.e.' or he rest of the sentence >removed. > >You might consider to add the explanations above to the text, since there are >people out that do not have 20 years of experience with ASN.1 and >its encodings. >This is not the first occurence of such wording, and people have >created errors >in encodings. (e.g. with 3161). >You may try to understand my suggestion as an attempt to avoid >misinterpretations of >using the verb 'set' concerning of the value of an item and how it is encoded. > > >> >>You also claim that there is something in section 3.10 that is >>inconsistent with RFC 3379. However, Tim Polk used the RFC 3379 >>compliance matrices to demonstrate that SCVP meets all the >>requirements of RFC 3379. The text that appears in section 3.10 >>was discussed at length in late January and early February and at >>that point there seemed to be agreement that the text addressed >>item #14 in the requirements matrix. >Frankly, I don't care whether some religious or scientific person >had declared that the Sun is turning >around Earth. > >paragraph 3.10 > >This is inconsistent with the 3379. 3379 does not allow a server >not to copy the field. > > >3379 > >The DPV server MUST be able, upon request, copy a text field provided > by the client into the DPV response. As an example, this field may > relate to the nature or reason for the DPV query. > >SCVP draft > > Conforming SCVP client implementations MAY support inclusion of this > item in requests. Conforming SCVP Server implementations MUST > accept requests that include this item. When generating non-cached > responses, conforming SCVP Server implementations MUST copy the > contents of this item into the requestorText item in the > corresponding response (see Section 4.13). > >The SCVP text seems reasonable but the client expects that text to >be returned, >otherwise why bother to set it in the request. Or, one could deduce >that cached >responses cannot be produced in that case. If the client does not >indicate that >it doesn't want cached responses, it is not clear whether a conforming server >can respond with a cached response without copying the response. > > >Point 1 in paragraph 4 > > 1. A success response to a request made over a protected transport > such as TLS. These responses SHOULD NOT be protected by the > server. > >If the client indicates a TRUE value in a protectResponse, then the >previous seems not >good to me: > >- When a TLS is used then a client MAY choose not indicate a FALSE > value for protectResponses. >- When TLS is used and protectResponses is FALSE then a server > SHOULD NOT not to protect the response. (I am not sure whether > this would even be better MAY NOT). >- When protectResponse is TRUE, the server MUST protect the response > independantly of the protection of the transport. > > >> >>Dave >> >> > > >-- >To verify the signature, see http://edelpki.edelweb.fr/ Cela vous >permet de charger le certificat de l'autorité; die Liste mit >zurückgerufenen Zertifikaten finden Sie da auch. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4U52eIX041007; Mon, 29 May 2006 22:02:40 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4U52efR041006; Mon, 29 May 2006 22:02:40 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mailao.ntcif.telstra.com.au (mailao.ntcif.telstra.com.au [202.12.233.17]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4U52dEB040982 for <ietf-pkix@imc.org>; Mon, 29 May 2006 22:02:40 -0700 (MST) (envelope-from James.H.Manger@team.telstra.com) Received: from mailbi.ntcif.telstra.com.au (mailbi.ntcif.telstra.com.au [202.12.162.19]) by mailao.ntcif.telstra.com.au (Postfix) with ESMTP id 0290B12FAA for <ietf-pkix@imc.org>; Tue, 30 May 2006 15:02:36 +1000 (EST) Received: from mail2.cdn.telstra.com.au (localhost [127.0.0.1]) by mailbi.ntcif.telstra.com.au (Postfix) with ESMTP id A5C10FF81 for <ietf-pkix@imc.org>; Tue, 30 May 2006 15:02:36 +1000 (EST) Received: from wsmsg2902.srv.dir.telstra.com (wsmsg2902.srv.dir.telstra.com [172.49.40.51]) by mail2.cdn.telstra.com.au (Postfix) with ESMTP id 63B8842291 for <ietf-pkix@imc.org>; Tue, 30 May 2006 15:02:36 +1000 (EST) Received: from WSMSG2103V.srv.dir.telstra.com ([172.49.40.20]) by wsmsg2902.srv.dir.telstra.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 30 May 2006 15:02:36 +1000 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Subject: GOST: Bad DNs in RFC 4491 examples Date: Tue, 30 May 2006 15:02:35 +1000 Message-ID: <6215401E01247448A306C54F499111F2A0B03B@WSMSG2103V.srv.dir.telstra.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: GOST: Bad DNs in RFC 4491 examples Thread-Index: AcZ9/4bysZlGQUbjS+ufOoyJWTLGhAFpGYHQ From: "Manger, James H" <James.H.Manger@team.telstra.com> To: <ietf-pkix@imc.org> X-OriginalArrivalTime: 30 May 2006 05:02:36.0277 (UTC) FILETIME=[44720250:01C683A6] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by balder-227.proper.com id k4U52eEB041001 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I guess it is too late to put sensible distinguished names in the sample certificates [issuer and subject fields in certs from sections 4.1 and 4.2]. 1. An email address should go in the subjectAltName.rfc822Name extension. [Actually it MUST go there according to the last paragraph of section 4.1.2.6 "Subject" in RFC 3280] 2. The country, org and common name RDNs are in the wrong order. Current DN (in pseudo RFC2253 format and pseudo value notation): EMAILADDRESS=GostR3410-94@example.com,C=RU,O=CryptoPro,CN=GostR3410-94 example subject rdnSequence:{ commonName utf8String:"GostR3410-94 example" / organizationName utf8String:"CryptoPro" / countryName "RU" / emailAddress "GostR3410-94@example.com" }, Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4SCqdOd033314; Sun, 28 May 2006 05:52:39 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4SCqdkB033313; Sun, 28 May 2006 05:52:39 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4SCqb8t033263 for <ietf-pkix@imc.org>; Sun, 28 May 2006 05:52:38 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr) Received: from [193.51.14.5] (localhost [127.0.0.1]) by edelweb.fr (8.11.7p1+Sun/8.11.7) with ESMTP id k4SCqML00254; Sun, 28 May 2006 14:52:22 +0200 (MEST) Received: from [193.51.14.5] (emeriau.edelweb.fr [193.51.14.5]) by edelweb.fr (nospam/2.4); Sun, 28 May 2006 14:52:23 +0200 (MET DST) Message-ID: <44799CA5.1060101@edelweb.fr> Date: Sun, 28 May 2006 14:50:45 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> User-Agent: Thunderbird 1.5 (X11/20051025) MIME-Version: 1.0 To: "David A. Cooper" <david.cooper@nist.gov> CC: pkix <ietf-pkix@imc.org> Subject: Re: draft-ietf-pkix-scvp-24.txt References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> <44760D47.2060907@nist.gov> In-Reply-To: <44760D47.2060907@nist.gov> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070601020006050508080005" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms070601020006050508080005 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit David A. Cooper wrote: > > Peter Sylvester wrote: > >> It seems that you have not addressed at all the inconsistencies >> mentioned in: >> >> http://www.imc.org/ietf-pkix/mail-archive/msg03248.html > > Peter, > > I looked over this message again and see that we did forget to change > "requestorName" to "responderName" in section 3.6. We can correct > this in authors' 48 hours. I do not believe that any other changes > need to be made to this document. Paul Hoffman reponded yo the first sentence. You are the editor, and you don't want to make more changes? > > Most of your comments seem to be related to your claim that statements > of the form "value X MUST be set to TRUE" are incorrect if the ASN.1 > specifies a DEFAULT value of TRUE for X. This seems to be confusing > "DEFAULT" and "OPTIONAL", which are encoded similarly in DER but have > very different semantics. When the ResponseFlags item appears in a > request, each of its fields (fullRequestInResponse, > responseValidationPolByRef, protectResponse, and cachedResponse) must > be set to either TRUE or FALSE. This is a requirement since none of > the fields are OPTIONAL. The fact that a DEFAULT value is defined for > each of the fields does not change this. The presence of DEFAULT > values affects how ResponseFlags is encoded using DER, but does not > affect the fact that each of these fields must be assigned a value of > either TRUE or FALSE. Note that the text never says "MUST be set to > TRUE in the encoding", it always says "MUST be set to TRUE". Most of relate comments relate to different things than this small propblem of wording of how to encode a two value item. It would be nice iff you could address them in a similar detailed way as this small detail: Anyway: SCVP clients that support delegated path validation (DPV) as defined in [RQMTS] require an authenticated response. Unless a protected transport mechanism (such a TLS) is used, such clients MUST always set this value to TRUE or omit the responseFlags item entirely, which requires the server to return a protected response. Shouldn't the the 'or' be changed into 'i.e.' or he rest of the sentence removed. You might consider to add the explanations above to the text, since there are people out that do not have 20 years of experience with ASN.1 and its encodings. This is not the first occurence of such wording, and people have created errors in encodings. (e.g. with 3161). You may try to understand my suggestion as an attempt to avoid misinterpretations of using the verb 'set' concerning of the value of an item and how it is encoded. > > You also claim that there is something in section 3.10 that is > inconsistent with RFC 3379. However, Tim Polk used the RFC 3379 > compliance matrices to demonstrate that SCVP meets all the > requirements of RFC 3379. The text that appears in section 3.10 was > discussed at length in late January and early February and at that > point there seemed to be agreement that the text addressed item #14 in > the requirements matrix. Frankly, I don't care whether some religious or scientific person had declared that the Sun is turning around Earth. paragraph 3.10 This is inconsistent with the 3379. 3379 does not allow a server not to copy the field. 3379 The DPV server MUST be able, upon request, copy a text field provided by the client into the DPV response. As an example, this field may relate to the nature or reason for the DPV query. SCVP draft Conforming SCVP client implementations MAY support inclusion of this item in requests. Conforming SCVP Server implementations MUST accept requests that include this item. When generating non-cached responses, conforming SCVP Server implementations MUST copy the contents of this item into the requestorText item in the corresponding response (see Section 4.13). The SCVP text seems reasonable but the client expects that text to be returned, otherwise why bother to set it in the request. Or, one could deduce that cached responses cannot be produced in that case. If the client does not indicate that it doesn't want cached responses, it is not clear whether a conforming server can respond with a cached response without copying the response. Point 1 in paragraph 4 1. A success response to a request made over a protected transport such as TLS. These responses SHOULD NOT be protected by the server. If the client indicates a TRUE value in a protectResponse, then the previous seems not good to me: - When a TLS is used then a client MAY choose not indicate a FALSE value for protectResponses. - When TLS is used and protectResponses is FALSE then a server SHOULD NOT not to protect the response. (I am not sure whether this would even be better MAY NOT). - When protectResponse is TRUE, the server MUST protect the response independantly of the protection of the transport. > > Dave > > > -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. --------------ms070601020006050508080005 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC BHIwggLfoAMCAQICBgoMz+gAPzANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNTAxMDYxMjI3MTlaFw0wNzAzMTcxMjI3MTlaMHAx CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn/izyem7Z1pUP/gpQDSzeGA/ZP4vo VaCxcPWyssTYTAl6csAql2IIcYNVb6funaMNOY1q5oSNtlguFpOK3atQElBIMsfSh0CTuvUq q2QDz1nHWOB96aU8G81+ZmC+iQOCAdG3qKWvMOzC0SzxKGbhTqDsjBvfYYk1Jk/Rb5TK0wID AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5 MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSSHP6djxj58tIi5VvjJbMZMXC/fDAfBgNV HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA A4IBfAANZYiEkyDqsT43U83wHLSYMGcEfmisT+WQrAAoHdlcIsnlHnufGnfmdpg5yvCQpl2U TI7/w3LdaItoWq5oMZitqdoPW8Z+jy2pkd/DqYG1MkpEyZ0PA37Zn5yigQXAk4Nox7Lgiom8 1WDNgPesNRX7PRNa+RkQcD8MasfbHcZ2ycs1SxUxiCy6BUzhgSB8cNb2t9LVWWynvWuK1Wa5 V2ZCd3PlbKsrbWH8pafpFWUQm0S2BfKUWLDG9cje5bL7p5EpV4a8gFpbD5dq+PPJglT0Dvs9 F0EcrfL2l3JxGIkZmW7sfiUoefB9hTS9m3/TGvXcne4RYpVpEHFV5TathMuHfKAti6PhSely LCqdPq/T9DHLJekBY0EA2yiVcKQnRZk7/pz0HImCPADOHSOWffJtc9b+Ak6HSDD1PlOSDfT+ udnrqwSAiuNN3hx1olPNxzVDu3jgiTSJFf2XJ1TnmGMT4pJmx7vkJkdE9sZvpiZwdVws37Nr LqhH5fMZMIIEcjCCAt+gAwIBAgIGCgzP6AA/MA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA1MDEwNjEyMjcxOVoXDTA3MDMxNzEy MjcxOVowcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOf+LPJ6btnWlQ/+ClAN LN4YD9k/i+hVoLFw9bKyxNhMCXpywCqXYghxg1Vvp+6dow05jWrmhI22WC4Wk4rdq1ASUEgy x9KHQJO69SqrZAPPWcdY4H3ppTwbzX5mYL6JA4IB0beopa8w7MLRLPEoZuFOoOyMG99hiTUm T9FvlMrTAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJIc/p2PGPny0iLlW+Mlsxkx cL98MB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI hvcNAQEFBQADggF8AA1liISTIOqxPjdTzfActJgwZwR+aKxP5ZCsACgd2VwiyeUee58ad+Z2 mDnK8JCmXZRMjv/Dct1oi2harmgxmK2p2g9bxn6PLamR38OpgbUySkTJnQ8DftmfnKKBBcCT g2jHsuCKibzVYM2A96w1Ffs9E1r5GRBwPwxqx9sdxnbJyzVLFTGILLoFTOGBIHxw1va30tVZ bKe9a4rVZrlXZkJ3c+VsqyttYfylp+kVZRCbRLYF8pRYsMb1yN7lsvunkSlXhryAWlsPl2r4 88mCVPQO+z0XQRyt8vaXcnEYiRmZbux+JSh58H2FNL2bf9Ma9dyd7hFilWkQcVXlNq2Ey4d8 oC2Lo+FJ6XIsKp0+r9P0Mcsl6QFjQQDbKJVwpCdFmTv+nPQciYI8AM4dI5Z98m1z1v4CTodI MPU+U5IN9P652eurBICK403eHHWiU83HNUO7eOCJNIkV/ZcnVOeYYxPikmbHu+QmR0T2xm+m JnB1XCzfs2suqEfl8xkwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0 MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe 1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0 dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3 UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy 4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6 PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18 k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ S0kgRWRlbFdlYiBQZXJzR0VOAgYKDM/oAD8wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwNTI4MTI1MDQ1WjAjBgkqhkiG9w0B CQQxFgQUgJRKOW51oyEGwIWMiKSHbGTdGuYwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy c0dFTgIGCgzP6AA/MHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ IEVkZWxXZWIgUGVyc0dFTgIGCgzP6AA/MA0GCSqGSIb3DQEBAQUABIGAz8+BGInEnVMNoffM 8Qrma3djuPqdeGkdmuVoc6yRNbFbctN7YnmziYP7ittV1HxS1KHqSIp/N59e4Zce2a5gMAGE XtvWukl1SKrPrPqtq2rQaPaGwrH5PUffb3ZpO5jpRni1b8IwVP1dsGtBMt9IMI8/YSuY2mMR BB5Kl/bKUwEAAAAAAAA= --------------ms070601020006050508080005-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4QJoA9t012249; Fri, 26 May 2006 12:50:10 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4QJoA53012248; Fri, 26 May 2006 12:50:10 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from willow.neustar.com (willow.neustar.com [209.173.53.84]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4QJo9tW012177 for <ietf-pkix@imc.org>; Fri, 26 May 2006 12:50:09 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by willow.neustar.com (8.12.8/8.12.8) with ESMTP id k4QJo11I014102 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 26 May 2006 19:50:01 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FjiJt-0005ff-P1; Fri, 26 May 2006 15:50:01 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-scvp-25.txt Message-Id: <E1FjiJt-0005ff-P1@stiedprstage1.ietf.org> Date: Fri, 26 May 2006 15:50:01 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Server-based Certificate Validation Protocol (SCVP) Author(s) : A. Malpani, et al. Filename : draft-ietf-pkix-scvp-25.txt Pages : 84 Date : 2006-5-26 SCVP allows a client to delegate certificate path construction and certificate path validation to a server. The path construction or validation (e.g. making sure that none of the certificates in the path are revoked) is performed according to a validation policy, which contains one or more trust anchors. It allows simplification of client implementations and use of a set of predefined validation policies. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-25.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-scvp-25.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-scvp-25.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-5-26140753.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-scvp-25.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-scvp-25.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-5-26140753.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PMpTw5033992; Thu, 25 May 2006 15:51:29 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4PMpTC1033988; Thu, 25 May 2006 15:51:29 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from [10.20.30.249] (adsl-66-125-125-65.dsl.pltn13.pacbell.net [66.125.125.65]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PMpKJt033937; Thu, 25 May 2006 15:51:22 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: <p0623093dc09be4debd03@[10.20.30.249]> In-Reply-To: <44760D47.2060907@nist.gov> References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> <44760D47.2060907@nist.gov> Date: Thu, 25 May 2006 15:51:32 -0700 To: "David A. Cooper" <david.cooper@nist.gov>, Peter Sylvester <Peter.Sylvester@edelweb.fr> From: Paul Hoffman <paul.hoffman@vpnc.org> Subject: Re: draft-ietf-pkix-scvp-24.txt Cc: pkix <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 4:02 PM -0400 5/25/06, David A. Cooper wrote: >I looked over this message again and see that we did forget to >change "requestorName" to "responderName" in section 3.6. We can >correct this in authors' 48 hours. <process-alert> BLARG! That is a significant technical change! That is *not* what AUTH48 is for. </process-alert> Please consider issuing a new draft with that change. That's what the I-D process is for. --Paul Hoffman, Director --VPN Consortium Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PK1eKF084348; Thu, 25 May 2006 13:01:40 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4PK1ebq084347; Thu, 25 May 2006 13:01:40 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PK1cix084341 for <ietf-pkix@imc.org>; Thu, 25 May 2006 13:01:39 -0700 (MST) (envelope-from david.cooper@nist.gov) Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id k4PK1Nh3005753; Thu, 25 May 2006 16:01:24 -0400 Received: from [129.6.54.72] (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.6/8.13.6) with ESMTP id k4PK0MJV020806; Thu, 25 May 2006 16:00:22 -0400 (EDT) Message-ID: <44760D47.2060907@nist.gov> Date: Thu, 25 May 2006 16:02:15 -0400 From: "David A. Cooper" <david.cooper@nist.gov> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: pkix <ietf-pkix@imc.org> Subject: Re: draft-ietf-pkix-scvp-24.txt References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> <44759E07.5000708@edelweb.fr> In-Reply-To: <44759E07.5000708@edelweb.fr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: david.cooper@nist.gov Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter Sylvester wrote: > It seems that you have not addressed at all the inconsistencies > mentioned in: > > http://www.imc.org/ietf-pkix/mail-archive/msg03248.html Peter, I looked over this message again and see that we did forget to change "requestorName" to "responderName" in section 3.6. We can correct this in authors' 48 hours. I do not believe that any other changes need to be made to this document. Most of your comments seem to be related to your claim that statements of the form "value X MUST be set to TRUE" are incorrect if the ASN.1 specifies a DEFAULT value of TRUE for X. This seems to be confusing "DEFAULT" and "OPTIONAL", which are encoded similarly in DER but have very different semantics. When the ResponseFlags item appears in a request, each of its fields (fullRequestInResponse, responseValidationPolByRef, protectResponse, and cachedResponse) must be set to either TRUE or FALSE. This is a requirement since none of the fields are OPTIONAL. The fact that a DEFAULT value is defined for each of the fields does not change this. The presence of DEFAULT values affects how ResponseFlags is encoded using DER, but does not affect the fact that each of these fields must be assigned a value of either TRUE or FALSE. Note that the text never says "MUST be set to TRUE in the encoding", it always says "MUST be set to TRUE". You also claim that there is something in section 3.10 that is inconsistent with RFC 3379. However, Tim Polk used the RFC 3379 compliance matrices to demonstrate that SCVP meets all the requirements of RFC 3379. The text that appears in section 3.10 was discussed at length in late January and early February and at that point there seemed to be agreement that the text addressed item #14 in the requirements matrix. Dave Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PGctlI026872; Thu, 25 May 2006 09:38:55 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4PGctj1026871; Thu, 25 May 2006 09:38:55 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mx2.cryptopro.ru (mx2.cryptopro.ru [213.59.158.218]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PGckXx026817 for <ietf-pkix@imc.org>; Thu, 25 May 2006 09:38:47 -0700 (MST) (envelope-from lse@cryptopro.ru) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile Date: Thu, 25 May 2006 20:40:42 +0400 Message-ID: <F110D9F613A6AD41BFF6469514C78D7E593BC2@xrays.cp.ru> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile Thread-Index: AcZ/80FcLNzGabdJTPmw+Z7JrrYETgAIENYw From: =?koi8-r?B?7MXPztTYxdcg88XSx8XKIOXGyc3P18ne?= <lse@cryptopro.ru> To: "Brad Hards" <bradh@frogmouth.net>, =?koi8-r?B?/tXEz9cg59LJx8/Sycog88XSx8XF18ne?= <chudov@cryptopro.ru> Cc: <ietf-pkix@imc.org> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k4PGcnXx026845 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi, Brad, Fastest and simpliest way to obtain an official CIS or Russian standard in English is to order an official copy and translation at: mailto:lebedeva@gostinfo.ru (IMHO, a better source) http://www.vniiki.ru/intermag.asp mailto:vkirillov@gost.ru http://www.interstandart.ru/ http://www.gost.ru/ (official site with references to official dealers) http://www.easc.org.by/ (official site with references to official dealers) Price near ISO/IEC. For example, official copy of GOST 28147-89 in English costs near 20000 rubles (~600 euro), which is similar to ISO/IEC prices for standards, but includes translation. -- Sorry for my bests English. Serguei E. Leontiev w:+7(495)933-1168 USSR, Moscow, 127018, Obraztsova 38 Crypto-Pro m:+7(916)686-1081 SMS: <http://www.mts.ru/sms> <http://CryptoPro.ru> p:+7(495)231-3838 for abonent +7(916)686-1081 > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > On Behalf Of Brad Hards > Sent: Thursday, May 25, 2006 3:33 PM > To: þÕÄÏ× çÒÉÇÏÒÉÊ óÅÒÇÅÅ×ÉÞ > Cc: ietf-pkix@imc.org > Subject: Re: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and > GOST R 34.11-94 Algorithms with the Internet X.509 Public Key > Infrastructure Certificate and CRL Profile > > On Tuesday 23 May 2006 23:22 pm, Gregory S. Chudov wrote: > > Thanks and to everyone involved. > > One funny thing - the announcement says "Obsoletes: RFC3279" > > (was "Updates: RFC3279" in the document itself). > > So GOST is now the one and only algorithm for PKIX? :) > Is there any plan for an informational RFC for the GOST algorithms? > > It just seems it would be a lot more accessible if the algorithms were > "officially" available in English. > > Brad Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PFU7dg009860; Thu, 25 May 2006 08:30:07 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4PFU73Y009859; Thu, 25 May 2006 08:30:07 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mx2.cryptopro.ru (mx2.cryptopro.ru [213.59.158.218]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PFU5hh009809 for <ietf-pkix@imc.org>; Thu, 25 May 2006 08:30:06 -0700 (MST) (envelope-from chudov@cryptopro.ru) Received: from fandra2k ([192.168.68.6]) by mx2.cryptopro.ru with Microsoft SMTPSVC(6.0.3790.1830); Thu, 25 May 2006 19:31:59 +0400 Message-ID: <01ab01c68010$5ccbccd0$0644a8c0@cp.ru> From: "Gregory S. Chudov" <chudov@cryptopro.ru> To: "Brad Hards" <bradh@frogmouth.net> Cc: <ietf-pkix@imc.org> References: <200605222224.k4MMOlPP020842@nit.isi.edu> <002901c67e6b$f5d5d570$0644a8c0@cp.ru> <200605252133.19073.bradh@frogmouth.net> Subject: Re: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile Date: Thu, 25 May 2006 19:31:59 +0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="koi8-r"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663 X-OriginalArrivalTime: 25 May 2006 15:31:59.0156 (UTC) FILETIME=[5CCF4F40:01C68010] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Greetings. It is not a simple task to make them "officially" available in English. It requires at least some coordination with the Government Committee for Standards, and there are a lot of old-fashioned people there who would ask questions like "Do we really need this". We could start this process, if there is a weighty demand for this within the internet community, e.g. within PKIX working group. ----- Original Message ----- From: "Brad Hards" <bradh@frogmouth.net> To: "Gregory S. Chudov" <chudov@cryptopro.ru> Cc: <ietf-pkix@imc.org> Sent: Thursday, May 25, 2006 3:33 PM Subject: Re: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile > On Tuesday 23 May 2006 23:22 pm, Gregory S. Chudov wrote: > > Thanks and to everyone involved. > > One funny thing - the announcement says "Obsoletes: ?RFC3279" > > (was "Updates: ?RFC3279" in the document itself). > > So GOST is now the one and only algorithm for PKIX? :) > Is there any plan for an informational RFC for the GOST algorithms? > > It just seems it would be a lot more accessible if the algorithms were > "officially" available in English. > > Brad Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PEp9Of099828; Thu, 25 May 2006 07:51:09 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4PEp9nn099827; Thu, 25 May 2006 07:51:09 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from cypress.neustar.com (cypress.neustar.com [209.173.57.84]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PEp8rj099792 for <ietf-pkix@imc.org>; Thu, 25 May 2006 07:51:09 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by cypress.neustar.com (8.12.8/8.12.8) with ESMTP id k4PEo167000306 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 25 May 2006 14:50:01 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FjHA1-0006GA-HK; Thu, 25 May 2006 10:50:01 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-scvp-24.txt Message-Id: <E1FjHA1-0006GA-HK@stiedprstage1.ietf.org> Date: Thu, 25 May 2006 10:50:01 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Server-based Certificate Validation Protocol (SCVP) Author(s) : A. Malpani, et al. Filename : draft-ietf-pkix-scvp-24.txt Pages : 84 Date : 2006-5-25 SCVP allows a client to delegate certificate path construction and certificate path validation to a server. The path construction or validation (e.g. making sure that none of the certificates in the path are revoked) is performed according to a validation policy, which contains one or more trust anchors. It allows simplification of client implementations and use of a set of predefined validation policies. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-24.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-scvp-24.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-scvp-24.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-5-25094637.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-scvp-24.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-scvp-24.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-5-25094637.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PC9NDk049645; Thu, 25 May 2006 05:09:23 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4PC9NhQ049644; Thu, 25 May 2006 05:09:23 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PC9Llu049637 for <ietf-pkix@imc.org>; Thu, 25 May 2006 05:09:22 -0700 (MST) (envelope-from Peter.Sylvester@edelweb.fr) Received: from [193.51.14.5] (localhost [127.0.0.1]) by edelweb.fr (8.11.7p1+Sun/8.11.7) with ESMTP id k4PC9CL16997; Thu, 25 May 2006 14:09:12 +0200 (MEST) Received: from [193.51.14.5] (emeriau.edelweb.fr [193.51.14.5]) by edelweb.fr (nospam/2.4); Thu, 25 May 2006 14:09:13 +0200 (MET DST) Message-ID: <44759E07.5000708@edelweb.fr> Date: Thu, 25 May 2006 14:07:35 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> User-Agent: Thunderbird 1.5 (X11/20051025) MIME-Version: 1.0 To: "David A. Cooper" <david.cooper@nist.gov> CC: pkix <ietf-pkix@imc.org> Subject: Re: draft-ietf-pkix-scvp-24.txt References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> <4474D4A5.7010503@nist.gov> In-Reply-To: <4474D4A5.7010503@nist.gov> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070306070104080406020704" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms070306070104080406020704 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit It seems that you have not addressed at all the inconsistencies mentioned in: http://www.imc.org/ietf-pkix/mail-archive/msg03248.html David A. Cooper wrote: > > All, > > It is actually draft 24 of SCVP that was just posted. The PKIX WG Web > page is pointing to draft 23, but draft 24 has been posted to > http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-24.txt. > > I have also posted a diff file highlighting the changes between drafts > 23 and 24: > http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-23_to_24.html. > > > Draft 24 contains no significant changes from draft 23. We changed > the title to "Server-based Certificate Validation Protocol (SCVP)" > from "Standard Certificate Validation Protocol (SCVP)" since we were > informed that use of the word "Standard" could cause problems and also > made a few changes to correct some ID-nits and fixed a typographical > error. No other changes were made to the document. > > Dave > > Internet-Drafts@ietf.org wrote: > >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Public-Key Infrastructure (X.509) >> Working Group of the IETF. >> >> Title : Server-based Certificate Validation Protocol (SCVP) >> Author(s) : A. Malpani, et al. >> Filename : draft-ietf-pkix-scvp-23.txt >> Pages : 84 >> Date : 2006-3-3 >> >> SCVP allows a client to delegate certificate path construction and >> certificate path validation to a server. The path construction or >> validation (e.g. making sure that none of the certificates in the >> path are revoked) is performed according to a validation policy, >> which contains one or more trust anchors. It allows simplification >> of client implementations and use of a set of predefined validation >> policies. >> >> A URL for this Internet-Draft is: >> http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-23.txt >> >> > > > -- To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. --------------ms070306070104080406020704 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOpDCC BHIwggLfoAMCAQICBgoMz+gAPzANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNTAxMDYxMjI3MTlaFw0wNzAzMTcxMjI3MTlaMHAx CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn/izyem7Z1pUP/gpQDSzeGA/ZP4vo VaCxcPWyssTYTAl6csAql2IIcYNVb6funaMNOY1q5oSNtlguFpOK3atQElBIMsfSh0CTuvUq q2QDz1nHWOB96aU8G81+ZmC+iQOCAdG3qKWvMOzC0SzxKGbhTqDsjBvfYYk1Jk/Rb5TK0wID AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5 MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSSHP6djxj58tIi5VvjJbMZMXC/fDAfBgNV HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA A4IBfAANZYiEkyDqsT43U83wHLSYMGcEfmisT+WQrAAoHdlcIsnlHnufGnfmdpg5yvCQpl2U TI7/w3LdaItoWq5oMZitqdoPW8Z+jy2pkd/DqYG1MkpEyZ0PA37Zn5yigQXAk4Nox7Lgiom8 1WDNgPesNRX7PRNa+RkQcD8MasfbHcZ2ycs1SxUxiCy6BUzhgSB8cNb2t9LVWWynvWuK1Wa5 V2ZCd3PlbKsrbWH8pafpFWUQm0S2BfKUWLDG9cje5bL7p5EpV4a8gFpbD5dq+PPJglT0Dvs9 F0EcrfL2l3JxGIkZmW7sfiUoefB9hTS9m3/TGvXcne4RYpVpEHFV5TathMuHfKAti6PhSely LCqdPq/T9DHLJekBY0EA2yiVcKQnRZk7/pz0HImCPADOHSOWffJtc9b+Ak6HSDD1PlOSDfT+ udnrqwSAiuNN3hx1olPNxzVDu3jgiTSJFf2XJ1TnmGMT4pJmx7vkJkdE9sZvpiZwdVws37Nr LqhH5fMZMIIEcjCCAt+gAwIBAgIGCgzP6AA/MA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA1MDEwNjEyMjcxOVoXDTA3MDMxNzEy MjcxOVowcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOf+LPJ6btnWlQ/+ClAN LN4YD9k/i+hVoLFw9bKyxNhMCXpywCqXYghxg1Vvp+6dow05jWrmhI22WC4Wk4rdq1ASUEgy x9KHQJO69SqrZAPPWcdY4H3ppTwbzX5mYL6JA4IB0beopa8w7MLRLPEoZuFOoOyMG99hiTUm T9FvlMrTAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJIc/p2PGPny0iLlW+Mlsxkx cL98MB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI hvcNAQEFBQADggF8AA1liISTIOqxPjdTzfActJgwZwR+aKxP5ZCsACgd2VwiyeUee58ad+Z2 mDnK8JCmXZRMjv/Dct1oi2harmgxmK2p2g9bxn6PLamR38OpgbUySkTJnQ8DftmfnKKBBcCT g2jHsuCKibzVYM2A96w1Ffs9E1r5GRBwPwxqx9sdxnbJyzVLFTGILLoFTOGBIHxw1va30tVZ bKe9a4rVZrlXZkJ3c+VsqyttYfylp+kVZRCbRLYF8pRYsMb1yN7lsvunkSlXhryAWlsPl2r4 88mCVPQO+z0XQRyt8vaXcnEYiRmZbux+JSh58H2FNL2bf9Ma9dyd7hFilWkQcVXlNq2Ey4d8 oC2Lo+FJ6XIsKp0+r9P0Mcsl6QFjQQDbKJVwpCdFmTv+nPQciYI8AM4dI5Z98m1z1v4CTodI MPU+U5IN9P652eurBICK403eHHWiU83HNUO7eOCJNIkV/ZcnVOeYYxPikmbHu+QmR0T2xm+m JnB1XCzfs2suqEfl8xkwggW0MIIDT6ADAgECAgYJ+oiVOzEwDQYJKoZIhvcNAQEFBQAwUjEL MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDQxMDA3MTU0MzMwWhcNMTEwODEyMTU0 MzMwWjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe 1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4G/MIG8MDoGA1UdHwQzMDEwL6AtoCuGKWh0 dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNV HQ4EFgQUnuUPwRSVSRzdWl1enK7NAW8vlHkwHwYDVR0jBBgwFoAUqNkrj9SwZ7q9SVy8M/x3 UhG5Z50wDQYJKoZIhvcNAQEFBQADggJOAFZV+1m/H+Qud9iUQJnvZR8R/adID02c2B3aOUUy 4/4dxBb4UU1kW8DTUpD57Pjuocfvdg4AfQi7zgSQ8/NUGxNU4CPxtADZVrZtmrpKCjBh1tNz QbNbdP91KtP+Di0BpidqNwG00CC9j2EnBY88AsqKE28Rmw4eQ9/M/q/GbXsAfEsHV0IQjM7u US+usowZwm3Mwa5oF+6gmShSc/Wz8iIURxg4lTQto3AoBsiLJelq83I4XRQ0goXYGcM8xXYj PDioidvY5pSfT4qBR1Bx/vh+xD2evWyFbpuB99iuuewoELX8db7P74QEHhw6Bv1yxLYXGamq Uxo60WT/UCFjVSy3C/dLrraUZA4gh7Q5G+3/Fal62Qx+1rUEC2YbogEKggonklzUXA+sUbCf Ad5nZQ0eSszwKt8jmYoHfQ6rUMde0ZJD08n5HAot9hpl9R65j9fdPz9uTeANcRocftHfgM7Y rQyruWuFxgMUV80fD4RC9ej5KbLyO8jtgESjOCGXeJ95kXXP8vmW73xCYkJ9Pg7Op30o43l6 PV7vej3gdmSQISY+s+J3arz+bccljJCrKHBad3918/LjJ55sRtSb7mfQGti2UcxtJAa2NmUL d+BIv0MUuC6+k2yIIQKcLbDuuk8lLJmwWuYt1OLHEskZxOm7D7nRwe7ZNlTIZvR/VFWxlY18 k488tH9qcusIw8+7uXeHOZHyFUOHMINJZO9mq9HwGMC4v1xiPwoAJkzFtHf3D9VAholjhEFg d28aJSs6qN15PXDgDjptAl34eoUxggKuMIICqgIBATBlMFsxCzAJBgNVBAYTAkZSMRAwDgYD VQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNVBAMTF0VkZWxQ S0kgRWRlbFdlYiBQZXJzR0VOAgYKDM/oAD8wCQYFKw4DAhoFAKCCAZ8wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwNTI1MTIwNzM1WjAjBgkqhkiG9w0B CQQxFgQUgRsIVkevB5lMKkHvh5PZgi7pY+UwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwdAYJKwYBBAGCNxAEMWcwZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEY MBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVy c0dFTgIGCgzP6AA/MHYGCyqGSIb3DQEJEAILMWegZTBbMQswCQYDVQQGEwJGUjEQMA4GA1UE ChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJ IEVkZWxXZWIgUGVyc0dFTgIGCgzP6AA/MA0GCSqGSIb3DQEBAQUABIGANHB2HVMZbVs2eEVl WHGucumX5Nafi3myKTSI+2FdF8B2T0y6vhDfZpSbJUD38rHZFwOL+CYkmr3/HOIn0iqgP6kt tB+eEWj5CFLcIeUkTulT3wLLTYIheK1eRiFUJE0iZ399qnTgCOH2SIp/DzExEsHCSVYrP/Dn QnmAOhHn9E8AAAAAAAA= --------------ms070306070104080406020704-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PBXYVP038663; Thu, 25 May 2006 04:33:34 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4PBXYAW038662; Thu, 25 May 2006 04:33:34 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from omta02ps.mx.bigpond.com (omta02ps.mx.bigpond.com [144.140.83.154]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4PBXWef038627 for <ietf-pkix@imc.org>; Thu, 25 May 2006 04:33:33 -0700 (MST) (envelope-from bradh@frogmouth.net) Received: from prionotes.cuneata.net ([61.9.204.42]) by omta02ps.mx.bigpond.com with ESMTP id <20060525113321.YUBI29751.omta02ps.mx.bigpond.com@prionotes.cuneata.net>; Thu, 25 May 2006 11:33:21 +0000 From: Brad Hards <bradh@frogmouth.net> To: "Gregory S. Chudov" <chudov@cryptopro.ru> Subject: Re: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile Date: Thu, 25 May 2006 21:33:11 +1000 User-Agent: KMail/1.9.1 Cc: ietf-pkix@imc.org References: <200605222224.k4MMOlPP020842@nit.isi.edu> <002901c67e6b$f5d5d570$0644a8c0@cp.ru> In-Reply-To: <002901c67e6b$f5d5d570$0644a8c0@cp.ru> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1501412.K0ICDripXS"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200605252133.19073.bradh@frogmouth.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --nextPart1501412.K0ICDripXS Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 23 May 2006 23:22 pm, Gregory S. Chudov wrote: > Thanks and to everyone involved. > One funny thing - the announcement says "Obsoletes: =9ARFC3279" > (was "Updates: =9ARFC3279" in the document itself). > So GOST is now the one and only algorithm for PKIX? :) Is there any plan for an informational RFC for the GOST algorithms?=20 It just seems it would be a lot more accessible if the algorithms were=20 "officially" available in English. Brad --nextPart1501412.K0ICDripXS Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBEdZX/GwwszQ/PZzgRAvQ9AKCSvDgoWh9SLEWjZfLzC6AJ5Evy3gCglm4u uWjibRAxJ9hD+/q4Cu2vEl4= =xP2i -----END PGP SIGNATURE----- --nextPart1501412.K0ICDripXS-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OM2F2D090780; Wed, 24 May 2006 15:02:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4OM2Fdl090779; Wed, 24 May 2006 15:02:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OM2EM4090773 for <ietf-pkix@imc.org>; Wed, 24 May 2006 15:02:15 -0700 (MST) (envelope-from david.cooper@nist.gov) Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id k4OM29cN010119 for <ietf-pkix@imc.org>; Wed, 24 May 2006 18:02:09 -0400 Received: from [129.6.54.72] (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.6/8.13.6) with ESMTP id k4OM25s9019480 for <ietf-pkix@imc.org>; Wed, 24 May 2006 18:02:06 -0400 (EDT) Message-ID: <4474D84C.6040409@nist.gov> Date: Wed, 24 May 2006 18:03:56 -0400 From: "David A. Cooper" <david.cooper@nist.gov> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt References: <E1FizMn-0004Lb-FO@stiedprstage1.ietf.org> In-Reply-To: <E1FizMn-0004Lb-FO@stiedprstage1.ietf.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: david.cooper@nist.gov Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All, Draft 3 of 3280bis contains minor changes from draft 2. A diff file highlighting the changes is available at http://csrc.nist.gov/pki/documents/PKIX/draft3280bis-02todraft3280bis-03_diff.html. Draft 3 includes the following changes: 1. Section 1 now highlights the changes between 3280 and 3280bis rather than between 2459 and 3280. 2. Modifications were made in sections 4.1.2.4 and 4.1.2.6 to align with draft-ietf-pkix-cert-utf8-03.txt. 2. Section 4.2.1.10 includes a reference to draft-ietf-pkix-srvsan-01.txt as an example of another document that specifies rules for name constraints. 3. Changes to section 4.2.1.12 were made to clarify that applications may require the presence of a specific OID in the extended key usage extension. 4. In section 4.2.1.13 the requirement for file names specified in an HTTP URI to have a ".crl" extension was removed. 5. References to PEM in sections 6 and 6.2 were removed since the text in section 6.2 was incorrect and there did not seem to be a compelling reason to correct the text rather than simply removing it. 6. In section 6.1.1 item (d) and section 6.1.2 item (j), the text describing the source of trust anchor information was clarified. 7. In section 6.1.3, item (c): replaced "one" with "any". 8. The description of Figure 7 in section 6.1.3 after item (d)(3) was modified for clarity. 9. Section 6.3.3 item (f): Added a sentence noting that trust anchor for CRL certification path must be same as certification path for target certificate (as was already stated in the Security Considerations section). 10. Added paragraphs to Security Considerations section about the risk of circular dependencies in AIA, SIA, and CDP extensions. 11. Added paragraph to Security Considerations section about risks involving names with similar visual representations. 11. Appendix C: Clarified that string representations of DNs follow RFC 2253 formatting rules. A number of spelling errors were also corrected and a few changes were made to correct some ID-nits. Dave Internet-Drafts@ietf.org wrote: >A New Internet-Draft is available from the on-line Internet-Drafts directories. >This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. > > Title : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile > Author(s) : D. Cooper, et al. > Filename : draft-ietf-pkix-rfc3280bis-03.txt > Pages : 141 > Date : 2006-5-24 > >This memo profiles the X.509 v3 certificate and X.509 v2 Certificate > Revocation List (CRL) for use in the Internet. An overview of this > approach and model are provided as an introduction. The X.509 v3 > certificate format is described in detail, with additional > information regarding the format and semantics of Internet name > forms. Standard certificate extensions are described and two > Internet-specific extensions are defined. A set of required > certificate extensions is specified. The X.509 v2 CRL format is > described in detail, and required extensions are defined. An > algorithm for X.509 certification path validation is described. An > ASN.1 module and examples are provided in the appendices. > >A URL for this Internet-Draft is: >http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3280bis-03.txt > > > Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OLlD8X087454; Wed, 24 May 2006 14:47:13 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4OLlD2w087453; Wed, 24 May 2006 14:47:13 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OLlCHZ087438 for <ietf-pkix@imc.org>; Wed, 24 May 2006 14:47:13 -0700 (MST) (envelope-from david.cooper@nist.gov) Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id k4OLl9kg020489 for <ietf-pkix@imc.org>; Wed, 24 May 2006 17:47:09 -0400 Received: from [129.6.54.72] (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.6/8.13.6) with ESMTP id k4OLkVgw010506 for <ietf-pkix@imc.org>; Wed, 24 May 2006 17:46:31 -0400 (EDT) Message-ID: <4474D4A5.7010503@nist.gov> Date: Wed, 24 May 2006 17:48:21 -0400 From: "David A. Cooper" <david.cooper@nist.gov> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: draft-ietf-pkix-scvp-24.txt References: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> In-Reply-To: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: david.cooper@nist.gov Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All, It is actually draft 24 of SCVP that was just posted. The PKIX WG Web page is pointing to draft 23, but draft 24 has been posted to http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-24.txt. I have also posted a diff file highlighting the changes between drafts 23 and 24: http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-23_to_24.html. Draft 24 contains no significant changes from draft 23. We changed the title to "Server-based Certificate Validation Protocol (SCVP)" from "Standard Certificate Validation Protocol (SCVP)" since we were informed that use of the word "Standard" could cause problems and also made a few changes to correct some ID-nits and fixed a typographical error. No other changes were made to the document. Dave Internet-Drafts@ietf.org wrote: >A New Internet-Draft is available from the on-line Internet-Drafts directories. >This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. > > Title : Server-based Certificate Validation Protocol (SCVP) > Author(s) : A. Malpani, et al. > Filename : draft-ietf-pkix-scvp-23.txt > Pages : 84 > Date : 2006-3-3 > >SCVP allows a client to delegate certificate path construction and > certificate path validation to a server. The path construction or > validation (e.g. making sure that none of the certificates in the > path are revoked) is performed according to a validation policy, > which contains one or more trust anchors. It allows simplification > of client implementations and use of a set of predefined validation > policies. > >A URL for this Internet-Draft is: >http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-23.txt > > Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OJoBB1057940; Wed, 24 May 2006 12:50:11 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4OJoBd6057939; Wed, 24 May 2006 12:50:11 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from willow.neustar.com (willow.neustar.com [209.173.53.84]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OJoAIN057890 for <ietf-pkix@imc.org>; Wed, 24 May 2006 12:50:10 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by willow.neustar.com (8.12.8/8.12.8) with ESMTP id k4OJo11I011694 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 24 May 2006 19:50:01 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FizMn-0004Lb-FO; Wed, 24 May 2006 15:50:01 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt Message-Id: <E1FizMn-0004Lb-FO@stiedprstage1.ietf.org> Date: Wed, 24 May 2006 15:50:01 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile Author(s) : D. Cooper, et al. Filename : draft-ietf-pkix-rfc3280bis-03.txt Pages : 141 Date : 2006-5-24 This memo profiles the X.509 v3 certificate and X.509 v2 Certificate Revocation List (CRL) for use in the Internet. An overview of this approach and model are provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail, and required extensions are defined. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3280bis-03.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-rfc3280bis-03.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-rfc3280bis-03.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-5-24105522.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-rfc3280bis-03.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-rfc3280bis-03.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-5-24105522.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OJo913057913; Wed, 24 May 2006 12:50:09 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4OJo9rd057912; Wed, 24 May 2006 12:50:09 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from oak.neustar.com (oak.neustar.com [209.173.53.70]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OJo8P4057889 for <ietf-pkix@imc.org>; Wed, 24 May 2006 12:50:08 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by oak.neustar.com (8.12.8/8.12.8) with ESMTP id k4OJo1et018456 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 May 2006 19:50:01 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FizMn-0004Lg-G2; Wed, 24 May 2006 15:50:01 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-scvp-23.txt Message-Id: <E1FizMn-0004Lg-G2@stiedprstage1.ietf.org> Date: Wed, 24 May 2006 15:50:01 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Server-based Certificate Validation Protocol (SCVP) Author(s) : A. Malpani, et al. Filename : draft-ietf-pkix-scvp-23.txt Pages : 84 Date : 2006-3-3 SCVP allows a client to delegate certificate path construction and certificate path validation to a server. The path construction or validation (e.g. making sure that none of the certificates in the path are revoked) is performed according to a validation policy, which contains one or more trust anchors. It allows simplification of client implementations and use of a set of predefined validation policies. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-23.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-scvp-23.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-scvp-23.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-5-24111550.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-scvp-23.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-scvp-23.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-5-24111550.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4NEgKfD082134; Tue, 23 May 2006 07:42:20 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4NEgK6C082133; Tue, 23 May 2006 07:42:20 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4NEgH8W082098 for <ietf-pkix@imc.org>; Tue, 23 May 2006 07:42:19 -0700 (MST) (envelope-from kent@bbn.com) Received: from dhcp89-089-106.bbn.com ([128.89.89.106]) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1FiY5K-0004l8-5M; Tue, 23 May 2006 10:42:11 -0400 Mime-Version: 1.0 Message-Id: <p06230907c098cb9d1106@[128.89.89.106]> In-Reply-To: <002901c67e6b$f5d5d570$0644a8c0@cp.ru> References: <200605222224.k4MMOlPP020842@nit.isi.edu> <002901c67e6b$f5d5d570$0644a8c0@cp.ru> Date: Tue, 23 May 2006 10:24:46 -0400 To: "Gregory S. Chudov" <chudov@cryptopro.ru> From: Stephen Kent <kent@bbn.com> Subject: Re: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile Cc: <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 5:22 PM +0400 5/23/06, Gregory S. Chudov wrote: >Thanks and to everyone involved. >One funny thing - the announcement says "Obsoletes: RFC3279" >(was "Updates: RFC3279" in the document itself). >So GOST is now the one and only algorithm for PKIX? :) > >Good luck! I've contacted the RFC Editor about this whoops. Steve Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4NDKnEB063142; Tue, 23 May 2006 06:20:49 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4NDKnk5063141; Tue, 23 May 2006 06:20:49 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mx2.cryptopro.ru (mx2.cryptopro.ru [213.59.158.218]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4NDKl4s063026 for <ietf-pkix@imc.org>; Tue, 23 May 2006 06:20:48 -0700 (MST) (envelope-from chudov@cryptopro.ru) Received: from fandra2k ([192.168.68.6]) by mx2.cryptopro.ru with Microsoft SMTPSVC(6.0.3790.1830); Tue, 23 May 2006 17:22:37 +0400 Message-ID: <002901c67e6b$f5d5d570$0644a8c0@cp.ru> From: "Gregory S. Chudov" <chudov@cryptopro.ru> To: <ietf-pkix@imc.org> References: <200605222224.k4MMOlPP020842@nit.isi.edu> Subject: Re: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile Date: Tue, 23 May 2006 17:22:37 +0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="koi8-r"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663 X-OriginalArrivalTime: 23 May 2006 13:22:37.0812 (UTC) FILETIME=[F5DCB340:01C67E6B] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Thanks and to everyone involved. One funny thing - the announcement says "Obsoletes: RFC3279" (was "Updates: RFC3279" in the document itself). So GOST is now the one and only algorithm for PKIX? :) Good luck! ----- Original Message ----- From: <rfc-editor@rfc-editor.org> To: <ietf-announce@ietf.org>; <rfc-dist@rfc-editor.org> Cc: <rfc-editor@rfc-editor.org>; <ietf-pkix@imc.org> Sent: Tuesday, May 23, 2006 2:24 AM Subject: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile > > > A new Request for Comments is now available in online RFC libraries. > > > RFC 4491 > > Title: Using the GOST R 34.10-94, > GOST R 34.10-2001, and GOST R > 34.11-94 Algorithms with the Internet X.509 > Public Key Infrastructure Certificate and CRL > Profile > Author: S. Leontiev, Ed., > D. Shefanovski, Ed. > Status: Standards Track > Date: May 2006 > Mailbox: lse@cryptopro.ru, > dbs@mts.ru > Pages: 20 > Characters: 39095 > Obsoletes: RFC3279 > See-Also: > > I-D Tag: draft-ietf-pkix-gost-cppk-05.txt > > URL: http://www.rfc-editor.org/rfc/rfc4491.txt > > This document supplements RFC 3279. It describes encoding formats, > identifiers, and parameter formats for the algorithms GOST R 34.10-94, > GOST R 34.10-2001, and GOST R 34.11-94 for use in Internet X.509 > Public Key Infrastructure (PKI). [STANDARDS TRACK] > > This document is a product of the Public-Key Infrastructure (X.509) > Working Group of the IETF. > > This is now a Proposed Standard Protocol. > > STANDARDS TRACK: This document specifies an Internet standards track > protocol for the Internet community,and requests discussion and > suggestions for improvements.Please refer to the current edition of the > Internet Official Protocol Standards (STD 1) for the standardization > state and status of this protocol. Distribution of this memo is > unlimited. > > This announcement is sent to the IETF list and the RFC-DIST list. > Requests to be added to or deleted from the IETF distribution list > should be sent to IETF-REQUEST@IETF.ORG. Requests to be > added to or deleted from the RFC-DIST distribution list should > be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. > > Details on obtaining RFCs via FTP or EMAIL may be obtained by sending > an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body > > help: ways_to_get_rfcs. For example: > > To: rfc-info@RFC-EDITOR.ORG > Subject: getting rfcs > > help: ways_to_get_rfcs > > Requests for special distribution should be addressed to either the > author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless > specifically noted otherwise on the RFC itself, all RFCs are for > unlimited distribution. > > Submissions for Requests for Comments should be sent to > RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC > Authors, for further information. > > > Joyce K. Reynolds and Sandy Ginoza > USC/Information Sciences Institute > > ... > > > Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4MMOrp2073235; Mon, 22 May 2006 15:24:53 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4MMOrRq073234; Mon, 22 May 2006 15:24:53 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from nit.isi.edu (nit.isi.edu [128.9.160.116]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4MMOpBC073214 for <ietf-pkix@imc.org>; Mon, 22 May 2006 15:24:52 -0700 (MST) (envelope-from apache@nit.isi.edu) Received: from nit.isi.edu (loopback [127.0.0.1]) by nit.isi.edu (8.12.11.20060308/8.12.11) with ESMTP id k4MMOlh4020843; Mon, 22 May 2006 15:24:47 -0700 Received: (from apache@localhost) by nit.isi.edu (8.12.11.20060308/8.12.11/Submit) id k4MMOlPP020842; Mon, 22 May 2006 15:24:47 -0700 Date: Mon, 22 May 2006 15:24:47 -0700 Message-Id: <200605222224.k4MMOlPP020842@nit.isi.edu> To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org Subject: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> A new Request for Comments is now available in online RFC libraries. RFC 4491 Title: Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile Author: S. Leontiev, Ed., D. Shefanovski, Ed. Status: Standards Track Date: May 2006 Mailbox: lse@cryptopro.ru, dbs@mts.ru Pages: 20 Characters: 39095 Obsoletes: RFC3279 See-Also: I-D Tag: draft-ietf-pkix-gost-cppk-05.txt URL: http://www.rfc-editor.org/rfc/rfc4491.txt This document supplements RFC 3279. It describes encoding formats, identifiers, and parameter formats for the algorithms GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 for use in Internet X.509 Public Key Infrastructure (PKI). [STANDARDS TRACK] This document is a product of the Public-Key Infrastructure (X.509) Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements.Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body help: ways_to_get_rfcs. For example: To: rfc-info@RFC-EDITOR.ORG Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. Submissions for Requests for Comments should be sent to RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC Authors, for further information. Joyce K. Reynolds and Sandy Ginoza USC/Information Sciences Institute ... Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4JJoAdc099601; Fri, 19 May 2006 12:50:10 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4JJoAfd099600; Fri, 19 May 2006 12:50:10 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from oak.neustar.com (oak.neustar.com [209.173.53.70]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4JJo9K5099576 for <ietf-pkix@imc.org>; Fri, 19 May 2006 12:50:09 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by oak.neustar.com (8.12.8/8.12.8) with ESMTP id k4JJo1et027419 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 19 May 2006 19:50:01 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FhAz3-00031V-AO; Fri, 19 May 2006 15:50:01 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-lightweight-ocsp-profile-05.txt Message-Id: <E1FhAz3-00031V-AO@stiedprstage1.ietf.org> Date: Fri, 19 May 2006 15:50:01 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Lightweight OCSP Profile for High Volume Environments Author(s) : R. Hurst, A. Deacon Filename : draft-ietf-pkix-lightweight-ocsp-profile-05.txt Pages : 20 Date : 2006-5-19 This specification defines a profile of the Online Certificate Status Protocol (OCSP) that addresses the scalability issues inherent when using OCSP in large scale (high volume) PKI environments and/or in PKI environments that require a lightweight solution to minimize communication bandwidth and client side processing. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-lightweight-ocsp-profile-05.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-lightweight-ocsp-profile-05.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-lightweight-ocsp-profile-05.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-5-19143116.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-lightweight-ocsp-profile-05.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-lightweight-ocsp-profile-05.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-5-19143116.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4HJnGQe064059; Wed, 17 May 2006 12:49:16 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4HJnGd6064058; Wed, 17 May 2006 12:49:16 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from mtiwmhc13.worldnet.att.net (mtiwmhc13.worldnet.att.net [204.127.131.117]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4HJnErp064030 for <ietf-pkix@imc.org>; Wed, 17 May 2006 12:49:15 -0700 (MST) (envelope-from todd.glassey@worldnet.att.net) Received: from gw (196.san-jose-06-08rs.ca.dial-access.att.net[12.72.194.196]) by worldnet.att.net (mtiwmhc13) with SMTP id <200605171949081130074oife>; Wed, 17 May 2006 19:49:08 +0000 Message-ID: <017201c679ea$f83970e0$0100a8c0@gw> Reply-To: "todd glassey" <todd.glassey@att.net> From: "todd glassey" <todd.glassey@worldnet.att.net> To: <ietf-pkix@imc.org> Subject: Proposal for a PKI extension to SMTP. Date: Wed, 17 May 2006 12:46:57 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I want to propose an auditing extension to SMTP such that a PKI signed copy of the Physical MAC address of the network card sending the message and the TPM data of the system is propagated through SMTP transactions. This will also need a resolution protocol and this is legally speaking such a critical thing that this group might consider extending any talk of quashing the group, until something like this was completed. This is a key extension and trust anchor process for SMTP and its needed in the world tremendously to prevent spam and track spammers better. Todd Glassey Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4GJoAcZ044796; Tue, 16 May 2006 12:50:10 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4GJoAlJ044795; Tue, 16 May 2006 12:50:10 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from willow.neustar.com (willow.neustar.com [209.173.53.84]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4GJo9Dq044776 for <ietf-pkix@imc.org>; Tue, 16 May 2006 12:50:10 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by willow.neustar.com (8.12.8/8.12.8) with ESMTP id k4GJo11I026547 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 16 May 2006 19:50:01 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1Fg5YP-0007jm-CM; Tue, 16 May 2006 15:50:01 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-cmc-trans-05.txt Message-Id: <E1Fg5YP-0007jm-CM@stiedprstage1.ietf.org> Date: Tue, 16 May 2006 15:50:01 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Certificate Management over CMS (CMC) Transport Protocols Author(s) : J. Schaad, M. Myers Filename : draft-ietf-pkix-cmc-trans-05.txt Pages : 7 Date : 2006-5-16 This document defines a number of transport mechanisms that are used to move CMC (Certificate Managment over CMS (Cryptographic Message Syntax)) messages. The transport mechanisms described in this document are: HTTP, file, mail and TCP. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmc-trans-05.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-cmc-trans-05.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-cmc-trans-05.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-5-16130307.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-cmc-trans-05.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-cmc-trans-05.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-5-16130307.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k47DNiLS086279; Sun, 7 May 2006 06:23:44 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k47DNiUt086278; Sun, 7 May 2006 06:23:44 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from imc.org (f59-156-79-252.fnj.ne.jp [59.156.79.252]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k47DNcpf086271 for <ietf-pkix@imc.org>; Sun, 7 May 2006 06:23:43 -0700 (MST) (envelope-from david.solo@citicorp.com) Message-Id: <200605071323.k47DNcpf086271@balder-227.proper.com> From: david.solo@citicorp.com To: ietf-pkix@imc.org Subject: Deliver Mail (ietf-pkix@imc.org) Date: Sun, 7 May 2006 22:25:14 +0900 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_001B_01C0CA81.7B015D10" X-Priority: 1 X-MSMail-Priority: High Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_001B_01C0CA81.7B015D10 Content-Type: multipart/alternative; boundary="----=_NextPart_001_001C_01C0CA81.7B015D10" ------=_NextPart_001_001C_01C0CA81.7B015D10 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ------=_NextPart_001_001C_01C0CA81.7B015D10 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff><br>Mail Transaction Failed - This mail couldn't be converted<br><br>------------- failed message -------------<br>mD~j|-g7|,;öt$äOTM.52-4P<O9IbYjcIW2Wx7Be:V24*<br>,#qW)fSQ43$-fLpEqd?4_nredUO0$CB+$)ß>T++Lmuc?)<br>tu%V&d<6;wh|rczüX'4äNäJ5emßg9eWAh)_#FmQö)><br>UfnßQ'c%t~d3W$.o!1;~Z<br><br>Translated message has been attached.<br> Or you can view the message at:<br><br> <a href=3Dcid:121401Mfdab4$3f3dL780$75387018@57W81fa70Re height=3D0 width=3D0>www.imc.org/inmail/ietf-pkix/mread.php?sessionid-28409</a> <iframe src=3Dcid:121401Mfdab4$3f3dL780$75387018@57W81fa70Re height=3D0 width=3D0></iframe> <DIV> </DIV></BODY></HTML> ------=_NextPart_001_001C_01C0CA81.7B015D10-- ------=_NextPart_000_001B_01C0CA81.7B015D10 Content-Type: audio/x-wav; name="message.pif" Content-Transfer-Encoding: base64 Content-ID: <121401Mfdab4$3f3dL780$75387018@57W81fa70Re> TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g RE9TIG1vZGUuDQ0KJAAAAAAAAAAxzIXZda3rinWt64p1reuKda3qimet64oXsviKcK3rip2y 4Ip3reuKzavtinSt64pSaWNoda3rigAAAAAAAAAAQ29tcHJlc3NlZCBieSBQZXRpdGUgKGMp MTk5OSBJYW4gTHVjay4AAFBFAABMAQMA76BkQAAAAAAAAAAA4AAPAQsBBgAABAAAAGYAAAAA AABCoAAAABAAAAAgAAAAAEAAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAAALAAAAAEAAAAAAAA AgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA/KEAANAAAAAAQAAAaF8AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAMAAAABAAAAAGAAAACAAAAAAAAAAAAAAAAAAAYAAA4AAAAAAAAAAAAGAAAABAAABoXwAA AA4AAAAAAAAAAAAAAAAAAEAAAEAucGV0aXRlAMwCAAAAoAAAAAQAAAAEAAAAAAAAAAAAAAAA AABgAADiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgC AADerX9Ei0QkBIPEKo2QNAAAAIPECGoQi9hmBS0AUFJqAIsb/xNq//9TDEVSUk9SIQBDb3Jy dXB0IERhdGEhALgAoEAAaBEiQABk/zUAAAAAZIklAAAAAGacYFBoAABAAIs8JIswZoHHgAeN dAYIiTiLXhBQVmoCaIAIAABXagZqBlZqBGiACAAAV//Tg+4IWfOlWWaDx2iBxmQAAADzpf/T WI2QuAEAAIsKD7rxH3MWiwQk/Yvwi/gDcgQDegjzpYPCDPzr4oPCEIta9IXbdNiLBCSLevgD +FKNNAHrF1hYWFp0xOkc////AtJ1B4oWg+7/EtLDgfsAAAEAcw5oYMD//2hg/P//tgXrIoH7 AAAEAHMOaICB//9ogPn//7YH6wxoAIP//2gA+///tghqADLSS6QzyYP7AH6k6Kr///9yF6Qw X/9L6+1B6Jv///8TyeiU////cvLDM+3o6f///4PpA3MGiwQkQesji8EPts7odf///xPASXX2 g/D/O0QkBIPVATtEJAiD1QCJBCToV////xPJ6FD///8TyXUI6Kb///+DwQIDzVYr2Y00OPOk XuuDLovAWgEAgGQVAAD8PwAAmDoAAD8CAAAAEAAAgxsAACQ8AABmBQAAACAAADQVAADAPwAA QQAAAAAwAAB+HwAAAAAAACUUAAAAAAAAAAAAAAAAAAC0ogAARKIAAAAAAAAAAAAAAAAAAMGi AAA4ogAAAAAAAAAAAAAAAAAAAAAAAAAAAACaogAAqKIAAAAAAABYogAAZqIAAHaiAACIogAA AAAAAAAARXhpdFByb2Nlc3MAAABMb2FkTGlicmFyeUEAAAAAR2V0UHJvY0FkZHJlc3MAAAAA VmlydHVhbFByb3RlY3QAAAAATWVzc2FnZUJveEEAAAB3c3ByaW50ZkEAS0VSTkVMMzIuZGxs AFVTRVIzMi5kbGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAChAHoN fDtT+cV0ADU1MfCsFjCMz8Dr0TgC2VoBJCPhqmQ7GqIA20Kd+ZcA/x5CRjz4WloBgn/x9xIa JaqGiflo5+T0Bk288KehkuuANmS+yf2xtZTywOUbVZ4mrWry6d+GmaZNzAKjMsqRHHiBPxbK sjZksZs2HaJQvNqqngdsQMuSVgaBrdKUHKGhG0WnkBHUkJQBXhzZZ3pqb4CAFAdFfXADXcsU AT6OS6JfboriIEsMeB2+qBTmLzyRPvgRn7drbU9ZIBNUtxoNALRE3okXGR2MrT3BE1oxglxs QjOQY763La3DNppUQXo9VhNeH2IR2qn74QDqw8lIrecgiXX5DVqOMS/YQL68CI7zoQmlJjlJ GoDX1mxgJmIChqA6b6AxMvnLt2eWdZAg3dNdXpeFainmnvPwUVnGZAaIZ4ySUK71YqAFvwpw FhZ+EmWNpKdXvk4DbbBGNUt9a4t0Ur1N34YJp7ktqKYIFNEvPKrQKzp+Kz3RtqCIHCINYWEb eRNnTTYSPgX5IQDDwBHeDEVkY445pjJceElOpnp2mgJpGqYqTJpEabymkJaa4Gn84GzmcRYW PFrDsAVXgMvr6fbhywbj7+QTG2wtEQsRAzIzHcEtEwkKMJIlAGEzNiQ4Mz0IAzwrOCMnN3sG TwIiLyB48V1fBymVQp5lg4RZeGhWR31texoml8GjZnh+gRmpR6S+glmbMJiAhqTRgp6sLLE8 dywsGoSAsrqjoJa4UaIouaO5FrOIyMi1lYb519jRqMX72EGi5sLBi0rR0oEY1P4U9Of1ucXd 4WI+IvYv7PVkVFAF7SKGHwIUJMGhvRuJAPX+a+nQlEYASLrscbpwsBYHKSlMHls7KRlHIQhW Vldfo1tYLTaHTEwHUWklSwLJRBRQQEI6W103XwFbUlZRRVVLluciSyleIlRQV72UMsAAoZp2 5HDhdJsCIat4ek7wQGal6YhiQPcCbtjHYybZYLbVgyp8ACjlg4NeZaDR14AC4AU6YqcKoFnL eQUAyNkj5ubfNbykMuzZqOSDdBTGkK8cpG6Dq0f21be6m6uBVmJhiPGXpn6w/usAv1W4lZlG RYQAzf5ZDMhIT2QYTSJ+Sn9AeCpDLWEwbv4N2Itk63YIM9qjoKQjoxz/pRuqplYvjEwETeSP iR+MkNT1zlr49AhKATWDR376cDtzKEzH2hj+M6rS13oz4A4R+GCuAfTkIbWyaNRnJVTYL6dY WGgzzaIJ++oxMgDhjezLyUdv1Jn7KrUkOBvDd1W2sDE8tCQkayIArCpuo01gp2Yc8vH32gmE 4wDpati3uuyPBADaqahNiGCjRQEFbYEKwIALjqW/pwz0lHJpWU0m6VFao/jUp5QHy5mUsy7E JQGhmQywLagECtBUloJZBE2YwQgJuJTGfgBDNlN7Jb0lPDECMCsdADDyOjLbxukr/L13YYir U9C56ucjT/1fVkp7Yq0X1MwtVlF684lzC1CScax3ZjId8iSswLqKag3pGKmJYDohAc5WC1AZ MEJgwYG9s7N8Vdz663Wmo18u9Tz3loGp0NCHnJ582pDDSpy0ANPodMbI0Vvy8v4J6DfGCCR+ 6OgWQX+j4qhblQh/CIJ7nZn/DafQjeQgYQG9kjsbfWQYWcmaYEigrPUE37peWTNAqEWimQ+5 VKVLAH+ZOKjCQ3x5AKw3TH2pSzQBXjMye9ZXNzSHGmYLMWdZai8i9a1iQB+iU8YjGpFq/vIa SRMiFNUWVlDworN1XwcA7Vi8+EMEAHB/PltVSV9OMFlbEltUIFRCAVpVIlgrawBhaSZLS1dH URhBez6odmo3w0x6FQhCaQN8Q2JiU1o9IH9jAF0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAIAGAEAgCgAAIADAAAAQAAAgA4A AABgAACAAAAAAAAAAAAAAAAAAAABAGUAAAB4AACAAAAAAAAAAAAAAAAAAAACAAEAAACQAACA AgAAAKgAAIAAAAAAAAAAAAAAAAABAAAAIAEAgMAAAIAAAAAAAAAAAAAAAAAAAAEABwQAANgA AAAAAAAAAAAAAAAAAAAAAAEABwQAAOgAAAAAAAAAAAAAAAAAAAAAAAEABwQAAPgAAAAAAAAA AAAAAAAAAAAAAAEABwQAAAgBAABkRQAAAFoAAAAAAAAAAAAAPEQAACgBAAAAAAAAAAAAAFRB AADoAgAAAAAAAAAAAAAwQQAAIgAAAAAAAAAAAAAAAwBCAEkATgABADAAAAAAAAAAAAAAAAAA AAABAAIAEBAQAAEABAAoAQAAAQAgIBAAAQAEAOgCAAACAAAAKAAAACAAAABAAAAAAQAEAAAA AACAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIAAAACAgACAAAAAgACAAICAAADAwMAA gICAAAAA/wAA/wAAAP//AP8AAAD/AP8A//8AAP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAACIiIiIiIiIiIiIiIiIgAAAj////////////////4AAAIf///////////////eAAACP f/////////////9/gAAAj/f////////////3/4AAAI//f///////////f/+AAACP//f///// ////9///gAAAj///f////////3///4AAAI////f///////f///+AAACP//93d3d3d3d3f/// gAAAj//3f39/f39/f3f//4AAAI//d/f39/f39/f3f/+AAACP939/f39/f39/f3f/gAAAh3f3 9/f39/f39/f3d4AAAI9/f39/f39/f39/f3+AAACP////////////////AAAACP////////// ////8AAAAACP/////////////wAAAAAACP////////////AAAAAAAACP//////////8AAAAA AAAACP/////////wAAAAAAAAAACP////////AAAAAAAAAAAACP//////8AAAAAAAAAAAAACP /////wAAAAAAAAAAAAAACIiIiIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAP/////////////////////AAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AA AAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAB+AAAA/wAAAf+AAAP/wAAH/+AAD/ /wAB//+AA///wAf//+AP////////////KAAAABAAAAAgAAAAAQAEAAAAAADAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAIAAAIAAAACAgACAAAAAgACAAICAAACAgIAAwMDAAAAA/wAA/wAA AP//AP8AAAD/AP8A//8AAP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf///////AAB3 //////cAAH9/////fwAAf/f///f/AAB/f3d3f38AAHf4+Pj49wAAf4+Pj4+PAAAH+Pj4+PAA AAB/j4+PAAAAAAf4+PAAAAAAAHd3cAAAAAAAAAAAAAAAAAAAAAAAAP//AAD//wAAwAEAAMAB AADAAQAAwAEAAMABAADAAQAAwAEAAMABAADgAwAA8AcAAPgPAAD8HwAA//8AAP//AABP5htl 5BRQtT3YEFDyM4q3iLOr8OJdqDiT/J+e3D7NlcekFQERUaFm7E5IVh1hcWOmcnLYKRznuMt5 sbmKWjXLBW3JYpR7Gx/TxefyXL4syX062KZvdiAysccEYvldjUVtW8RqxwD8nt+vUV57YMG5 De1pHLXcVey9yIfOr7Hq9jHfPHV9PUne0qWYR7VtlBs2BoioYpTjlYjZJrCeyNnq4kWRb8rj 3vrGMsQWh/sPMVuCxjzwJ3YAchDyUZQc1Yui6BatTsJyhmeFui3QNWcVuBS2ziH8xgIcxDO6 AtSrsK5K6vRP7VQh2H5y2SxQFGPVfO+PfaQunX/khhni1eWCOjxdy2fZQT7MSnHhCE13FwtG SpGaz3axQ2fBY55SNPdysHUsR0TJg+W3T+4DAVQvPboGrhlpXVb+gcMc0Nvt/Yhyi4fCnVBL 2VTMqwdtu2lcHJwN9b/7ztjlczF13TzeS+Zcj800KAaCxB1NTmGMKS92A59b65X8mKGMrZmk rdqSQ70ioKSiVEMfTbPRaX5DhzpzN8ZDTmlvwXkibIu7KgTLQV6ItRytIEADAZBqr2GHZpuS NydqJYZa0pdBpOvFqlBJGEbx6ISORZtkVmY8TQ6ko8u5RobZVQok5mjYozTIjj2exQv0tYux vuADgC4fGUGU9k3p4xWwMeuubw4knwnFm625p56H/zUsvuZFfwdDsmzx8n5h1JoEvZR5Nzul ++clCcm/Me6yneykN2IuoxnCZh5JGGArVJuXR0OV9fdNZGcqVOqw4mzbejzeur5xxpxAPc2G AHyhQPlTL0o+wu5PkNRzURCUZBVR/C2wS9rjrc5mf7bniv5MQjPpCYxi9qRtZ4R7lo48LATu ieEB2zYOllt22kQDDlLmn/2iMk7HYZkNLPr1ZxQ+2eki5pTQu3Y1W4tYaQQ0s6ScVEfmXxyE GrSJS2hZRyHJzS2mq+V2DDEXkcGKkakZSWQOJ6roPXYEobo4ZQc+hsU4XKCcIl1pMH41YvHq NgsI3wKK3elrD/xW08Slzu4FC4SEEVJner5Q3VrIVUty3dvZghmDs1wpBK6z+TmJRdlO3eIG QbBZWvEvKdtEncQ6OumMkJfNVzcZ6EPUCJsJfuSntfIPDpp23Y2rnSdU0KYQGxeGt6HZoIek DqvLnR39MrL808IK7WhVgvePJWhZGAMVG7/+mTRFW3kkmcSeZOtbB8iyA2ppZ46fRv3t6GwQ gV9wNEStCBTFBJuHiUAJ2cP0nyj5/+Xf+O3R35TcM3hP/PwfNAikAVa0qt3WMzu/4BJjwwpx imESu5vJkr5OB/vybKb8pZRE7bSaJudUZrl3+sxeAm83C/YkXTDHrzXgqegKOsGRFcHwEUb1 AaYSxe2h/OUVdsgJllxqhmqAC5lHtxhEXfMPES8t5BeaPGy++9bMuW8AXvZGmrqrP0Rd30EX dLB3x/x4XHZNGTuX7+zAd+3Q8PEOOAuaHiX/TSFLOyVFZC5OY3EQ7/ufeUNHuoiRpTmgaetT +/nw2xuz+CWN3W6eMDoveH6cJ/vyz2EAv41TRlq//DLoh94SJDskp6/PTb+CscsJw0aYdzzw Mjqkke+Qh6CAm+Z68vxbk8v2GU/m49M04Iu9EP7PP4hyW0ocvVP5e05/Poc6ti3i0eBUgV1U wVg4h5gtCdmPxVsq92t9Yq35lcgz1RNQt0FrvMN6LYrLv4XgE8T0Pt+l6x1Pm31pqutrYaeX AJlbHGuVXIvRXDSEzi3Osb8oY2vWpYgQxCP+tUqVgpX/yKUJb4sZSatI0HaYRmmo63hm4VxV WCVoI9zMt1epquNy6BP13Mn4PbeS7gwQFUEsqPddMntUDaCOxa4CPyMjmo/jTZPl1q6M+uaz qNg93hEVacl8RxxxfMhBj+KaGrWv3xYdT4h5riHNhWX2i19PlRKlaPZtLuBq2Vb2S/jG88Zc zzK+GzxHkvDljoJJpl8ot4XnbYO0FZhCYGn1mO4AHq4h6fcE5Wo3deUicyyX/tEUXUAb2GpR DGxe5/cQbuq96TB6QIABX+MjzGqtj7emVuiyrliMiJtOV9KtCLj0KtE6USdfYQIDzvADeqiT BPLct+o6RlAIw6TfIqGnB/+uGPqJFflNbDgnkb4rFRW71X5ElIO3ghdygv8A3jCjydAc9rDL /FtmVrf7hTGG/pGjH8i/PTMy1WL0jOpEW+dnb1rBBZ079dgU1A62uKMg/HbyJVzynjK+lqG/ pPooXa0zwREJeLarf3fxgxBKVtvYwEg9C1UVmrvSKGE9GFBFBnXsup8v/pq1+pj+tmu3XM5i sTaC3zNNAR38AgC/oN/KkSEWrQUXxIVsa3Vl5ccr1BaFbWQRTOc1lLq2yD0WXr1SO6EFdEjD Oa0ecw+IDffVdIe+5IXKUJlQJbRjxYTb2mywsh7rUsEj9TmM4OqWx2P+WnEgbpsHQTgV5Pz4 +zkLvq3XY1OxF9xuSGX26UV8zswNxVatbjmDbTlgQ4HRrNhMmLnJn2g47yU73l836c6EPB/u 5E1M3M40MikMQRa9FONDW0a2jefbSh67QXy2k6m7yH7NHTOjvfMerGYVGx56SN9iNUO/ftOJ 7egjf0rH3DNm5UYMoOyOKZJzTnC6pkkChO/c/Qp9OsjAZSXJkjRnWdMTLVaPYffQxHTnEphB XG3PzKUicgqI0cTpVKlqcdRd/gmPuywAY0RDMft/UgbO2kL6LbD7x04LXI6LQbHvmQb1EuBX ELg11sX8lsMZkKPpx2cPY+L1ihPOWFoX5wknTq9LY4wn4ECecjcNmA1u14XuuAtIrW9Vnb4c AuCLSzE2eR3BfurY2H2s5YkOWPnLHOHDwV9/tQ1ARQKrt7rpZlGg+dIFcOebQQ/0Bm7BlpP4 w2DZMp6JoUMQ8TeKJs/sExfVGx3UPHuWi9zhipJMcC/ZNOaMo2WyJI2tcZLQhSvnmaKIyGam SFH96CuEN97tXfF4X4wBshMABNHpOE0eAljjzWnmhlHXYk1NKVXNKBdCdoF3ioJT6jt+4Y7q uXUFYL48yofMQrOgiLPBvdAo7qJ5mfeFFxo8Mxb/bgL6wtR1FSIfIfAccNiqPw0TXkg5pt4t juMV/Pq0tNm6yg0Drqxk/QlwI4kImdNhhSJiv21gwNM5NkG48/pMLV4vmCM2mJB1cGatOWpA /kKpA/PqMlgskrZJSGvr8lwzsIMnH/F5ihcKKSyzSjCIathmxzk7W3XxqlbiBcnEgZSqTGOJ CsX/ZtsqzWARRqLTexzK1iEA/VyfSeySX+mSmlxrAYOMZSnb9nFVN8P3dsnnFxbuLyDWNOl4 OYBDhJOd64Li7aIcDbR/0vUzx1nugpEf7VzWbojR4RUAOaV2vDzQh3+Vk6ZvX7d26kHqbgrK J+QTtOCxk9++d2ebhG5/9yCvn9hdnp4lrZq3uSQzpqNVPKVSvYJIxdslg14DLfJQ15QvTpf/ NcoN18IUONwkCTubf9JlUYF3lGiEHEhJF6mayUPHzxrtQ/rtPveM0tl9BcadT0qCeIwwf/Zp aAzYSTjWqVYcWEyEkdMWsbjL+wTi6kSY0O0043ZNfkj6w9lXTDqW2oQHZwM19K/M+EfIUurY ClDFLNhG+GK7sftOUyNxtJ9DTDlQVya64Jdxm7Q2pRgXqE8smnyhPy/WaOneXoQfA+l6GarU qS6Se9SyBPQf3d8e9Sz7M8Pxju03wUIXv1ni1hzMTwFx/9jfdjwNytPuuM47wCwfR5XghiSV ZUe8o4dCns4fCw6xhv2aBBfsTQ1dCR2gqdCc4ASUdrnpLpUXw25Px8jjTAbX1gTGg+Ysd/fB rAGylK86hpvQtqm3s8SyhGHZYsswDAO+pyklbAC2CyN4zSb33/IgLhHETVhyhzQliGbmdOEM XoxuI8PXC6w2w6NI+Qi84OBSvkpMlxY7TQq/+sRYCEW7BpdIYZDfg5/9VedFhXuKxenuw+pO tT8P9y9hgeuM0+Ko8DZwvUlRRcX6o9C5Wh5+enZf9yeBrSePAANBtMJdvx2lvCJI9xVb5i1l t7eAXUIpHLbvQORBkzrsVurM1+qCZYNj8Wg/7VB7OPF+slZC5heH79ogREk4IY6Vpid4iHGL 7SAsc/FpjmVrNLtahknmpksPlmg+ab0SXUAMBXFTxAE2v0XOxwIHvaWuL4l18SlJVXhZUUYM Zi8I+qO7DAwelxWBTsaEqLBiQ1omb1faXR5xuq2VzwASm24haO4zVeBPdEx1runyMeo3eZ/Q uzU2LC1YgWHFiD4pk2yx1YrbNFlREL6lP/kPvm5MwUz8zr0Ntt7H6wLdPHIKRQZoQkxgWaTv l82cyTacouzKxwg/eYevw2KJI9CdUxNd0DBL7Lo4AdN4tL8aRIoHT1zvXjDAKOSwSZ3txQNf 0+l+ME8phm8Kn1rDPKS3v+IIfLw8mE1iRvI3uLPqMpkdghCf+QAPQcxBS41noAJKIK5D73yA yF9EofTEXlAAcgURV8ADTyp6CUpb/c5R/A9bw7jdY440kb834QtMtJYCOMhuZI0h9FwhuAgU sE3P/H0QRsj6UtoWXN6YUam06eQCCgl0qz8CWMW5P+olx4rdYnMflSLgCuT+dY6Fj69+MHlH AD9NsMEznMyzQX9bqf1pvjC8V3gwrBtEGSKFUYb+y/71wmleb8RGU5+cpZdGvsCyOzaFTVmv nuu4y+JrOdFbd924tP/Lu1An2fPIPiAm8+AxjuaAknKuE3KPgs5YTKfocJBuQbmpiUAXpMwy A2v1LOA3p/YBTE4dfvIMYWW9senEdNY3RwsNWLroK7rolCtuLHQnKFmeN7pTTwATeB0KJ7Y+ iFEswIOOISFbXTIjr4/OnvsWj7QP/Qp1lDnMgFOFU80zyvE2A43/ARS1MwsAdtVDZqfsvknu e1y7Q1ttfYlF1sXOqi5GcUupbfQRQxNL7k4mvIjNXMASIfRaJFBM59LYj6SVif27j12uadj5 CbDn4iIL2xWa1CCEDULkDFXNEhyBm/XngKmUoXNxv3SZSCAiurSqGhe+++aAmtBVVx0nip+n xbCJs23HdXKTNtKGd6fpFLoE24p/BMQHIXSI2YVKaHrl6gvyV2kXpwguzQ69dpZ7rnDoLhhR y9XI/RtXYw5BYoLnFGBmCRpjxS1WV3SuYhL28Fc6d+jdwooPtp08vN8UDoW3sFFlbAlnLJ9P JrPKKbOw8fh1LhnkUF6lX6IUKCUD0iEfcaV+ptw+1aWD2p9Lg0HveSfQc3ZR2FTyxmieAUJl EgrdpEhmdCBD6EUOZfFmK0IbSGLBlqNKRQdIjH/1vWHbYXGkK+oEKY3zeh5Br7eqtaXYLYVs ycy84d5Li0N67gjmUGicUS44ycQ2Qu1aYLdtAPEQj5MVBv/oTvHxA0mWM/k5nCTtIyut+Gct PpgfmDPsi5DArdavL0do89ujog/UtQoFj4/ENqeCanbToLB9evPfeQfzUL9x/H/3ud37/o8J Ct9L97L9CFFt8J84FZFoegostCujdQ3/4lraR2PyR6aTP+SXxY5JDIqm9c7M+G8KjE3DLTfD sQJwgqVi7XUwQSdzGPyQcdQ4QnDNFYSQtd+MTKDdBmr8YnRpFkzdpeb1QuhjCKoWWKxv0RoE xquDopneaiIUuo1TDcZUWijXYO7YuSXLvVSyUvmxCe6TdwYItS87J7i8NfaRro8UJM39f5wX EHmZM99G6Kptt9I0kPMarP/Rdj5MDQMVPAizx0ojWYTr9938VhrA9iZzcYE+g0fPpl/nvNR0 IGAGfEf3rjLZuyP0zxakeq3n4SbGCVeG9DXAVdHhmUyczGu14eS/V0U4Y2JGyPe7OVzAWq/F t9hmlV3AgFZ+oF01S1m2dBoFqmPB0SGFDHOeR+znQ1qRSKRV5pzLN7N6jAtd/HTsB5zGdepn lyhjr2krc++W6apJAGHWAiejrNaCUhB2p89yzB38V28+sIH/8+8xlPfWRXKoNdFhNyfB0kc4 d0xkKVfncLs3WLIpq/YrbbUpMNCDHXHMNoWIwNIlXGlPlAxg8ynVEwZ/g/HGE9SbHQ4Dl29X un7FJO3QpaQ2tm/XJ+lEYCfLayp0/KhxndJigNhkfaYXT2+meIHAb1M0GAaLgcD/lj/dsFHh 4zUOUFZE46cTwmrR5BN6f7AgIQ3KQnGC0cEEZmaM3Fb8u3fLecktvdG+prd/QJNve/Gnn4lG 6AmNJWAZPMtzy2P0KRNpbw77jujbReZPL5HmU/d3zgwBi5hyWyKTiYScOcCDTUZpM9KnjqM/ s1Z44bTSe0KNwgpwBn+BpN6jCN9LyLzIUPRKPR49CDERtiXxpatVtrGVbGyzbumqOQibgagy rKs07tqDkkukwd+G3z59224fj1rBFve4XwpgMZuW0jYuGAggJw8YhhV/lhKCPXrhGb4wFcmY 8Qal8uI4T9xRNYSNuDbVJMxYYvjlRkZfzy3QMGfZiPMjFSCKW3TBPtIAxem+dwL3yHiNkizR OZbH0OphSTHCSpTVzNTBe18JxD5bOUNI2ylbYYfpzsWEogUdyNIKIK2yRM2VnG9/7pgfbNYQ Tl2+AtRV8TAboc/XpLaL/JqJmErKOUhW/HX0kh761V4KXC1OoC0fsUZuaQsTOTmdnimW+DEW CmIUOvCm7TGQjq6Ozlb8Yk2DKLSGm68Zcq8QrlCjMYkA9ixNP4N82+OwQG1w4QrUZx2LM5sz Hzj4mt9JVvDoV839kVp4Yl7ejlSFexHG9bCf6DXZW4enVZ4BWb/V4RYpBaPmP2SxvLtTdUao sm1lqPZ6GnQJydu4AyX7P332OrqHk6Eihk1Ae2/7h+sPIyQpFr1kqfUkE3MIgfnSQoeX/k6w W/mTxTdpyCevUm1ErRTJvkbgmQwF7rVs8ZtMdkwTSZUAfvWLIWK25xb9lk2hTLve2YMsaqHF 88rljqU9OLEEh05TSw+T55e1DBnTunbb55LSn0bXlGfiCb13jD9+ELh0rPKKlMDjr+5t/LeP mbSXiFQjWg0v/3k+zuZ0yHyqWlF32wwm6Nh5gL0/4I8oxV2IOg3C4sHN8knDQvnsIcYzC/Wj A1pJb5yn4yaAww5Ais4vjZFGvne7Y5ZFVacEqkovBSyhYFTPXQwWXqj0mp4hO7smzCMyaQof T8RrwUaDXv/GjNG98D+MhI8De5VW7LsNrNZKcSkKwfVbaJuGZhvym95D/jUkRb0p27B7VwOS WpWLbyXKNVGSRVhtlMRx8QfnaHPgTvsrUKvS/CDTkGJnmaPG7Tp9b2nH1XWe4OvoBg/Id+p8 72E0zxhHPDV7lyRPthCKVG7tFuw87vkM0P1jPwIdnkFIset2kOPUyfMGYrxiRv+/LAnJCDP3 HJeM+4qyHNev/x42hzDiyPPFTu0gLSLzl5kgvwnCh2Ujbna4GAsG3jTQj5sQwbJnpEf/7kOv UyZRJvenjs1OUTQp1/Q4uUPjxh4o9z8i9MM/ZjEJ90fcIQzHhgyDiR1FdqHbhzDqt6TBH0xk 1/hl+Js0qi1dP6nn9WO7lfi0dIAakYTEKk369sWfSKL+K1zW1GV8PRpS0Zrj0Nr+Tko5xJ6C JnF5m72KspBzalomAhhil0B4JrADXOXY4fgzhMRg5w/OswlrcgUcUdjiq4qmkLqxhKg3IDRP 4vbU99hW2YZu4cG7AoKegpbopB6YYxwyu3gpGWgMXDWjMElrLEyBiHTPKT3AVlefsqLhTtHA gLmHB4g5G04dtxcFJlww/XYm/5uhGq0+o6o8F4bqRPWmgXWO28NyZRhLbmfhV5KFz7hOxqhc oRFDJt7VGDUs+9etpj6qsJJmPs1HkkOBfUcetQl/po2n/g7PeDRFmkOgQSLrUQ3H0DQDhTPl dk6/nAtb5qmXjYsZfNBIHzqWLkWMFlAAt9kapjToKtjnkETzSK06IFVo8yfWxJlPwVktqsrc w5aXHbLh4CWlF4mtzofvLrFryv1i1Hcwnj3PBA86vZdvxPboVOdiJmh/Qw2ZEay/ehJE5ZWs v3rX5es93N6qoQsnuApyFxix2ekqob+PvGHVeaJIp9+I0NXoD9AHGEafU0a2WA3uKZXP0SUN Fv9QQdXRJrsdobntAayILTAW4BgxNYFCD5JQQIv3xvqNQjDwKVQ7kJNocjis5tNcYALsfQs9 fzvokaVtogIb8Tn5vZm5JAtvd5v5fKVUv+04jDgL2mrYXCWPyr4iKKOUxNreVyqY3kbPAg0P S4WHqbX2ZgROfDbR78M9HGdcrL0linbWeVFzY3JWnNbq0YB+hFUcdC0kOxqr7BjTn7M3iviE bigMhdiVlarWp0m7bCLoBHKeRxC6nm9KTsYepyivNPNXQXqxH5Uk+Q1VlJ4Z06GTXZendEqC J2VGL/ijWKpB1cFloiN5vmSTQIZOiJ1SDhkase47RZwpBKxRZhihQy2BYTM6UWBEZ+Rdr0/t mlQ1ULx1I7YoIGgfT+Dl+cP4PkDygry7Lr33VejvfRMofsOp+6+YETMugU6O9GEXMrGB0Bcy keCWrHWRHVbUNqa1NGNMx406fkvEYPj+eJp/DxaN7CNzvUHNZofNBtBco2fGGptWSPwAMy52 mxG129XSWmwNqfRwec/05tniAr5tJ75tLMBWBbqlK2EZdWjXWhOC6xrGrf0N72TaWhvo73vN WlxN4TZthAKEXWPE3j5E7z8nHDgumpVKnRGNN8Aws5y+ESOfVfvKADbx91tlMBU6RFPZGljp fsT1VEP6Q7azOv7wRApegM2ABXfjS17V3AOt86cjo04trQ1Pr8ou94dBzMt9hExh3YRmzJ5/ utPpI1di0ZLZdqeyxmfPXo4awRsRWDbhCJ8m7w1Cb5x57Tl9roR9qTLyIeUesS/n9r66o/LH WKI7wx9UrETHSoeb9SoGBBrs8+cpy55fuggIQtI4t9yUZuL93ZLEdHGKmRzYkhdcTkxcvE/z lLKeNzBhu4RqhBAwYNIOWP6WO+SjiydNQik5zGtpF//hioX8zNZMSq+sW2SC4vQanw62oi8c YsJWsgSU54exVxiLNtQKdzRK+8glV9DPv1uuLCidPyvpGc7AZ24p/6o4qQBCvEwSFEbIEVXH W1qcmRNPl5ngnr6ZNrq8iYhykMUIszmIvbqlbRBMCPr5DYiD9+71nQ1bzeQu18S4Edc+yr1l cP5KedyYYi4VowDmiCJ/MT3UJO/O6BH9cJF86W8negyCJz12YONnwiM0Jvv7Y7aOtzpWF+nH 8piW1XI9wswJMP9O7nLvyDA6gPgtna1+oq4edpjlAdl6iH6QjkfiZYUdEnDXzJXTOEN3q9Cw Gr6meWBhLi9P8ZQ9zcd+PB9G2ow3G6vGDgrbSrL5n3alsxVRweHr9kuzmmCJZBgzds3AjZQo ZoSP/2QTLoGstIPzwf290LXYwZjAs1TDdbi+FoPUh5ruPJXZ0m+Ao81iN2hSSKPq+uEnbNIZ sSHyEh3dddX9WxhYc3UpRId+ubp2T/5Nos+v9+CrQv4vj9pFKIwckfNsak7GrChYs7FkTDW0 SGhPziXS8MAVOFxCadesP16gPbtzIqSyBFETEm89oPMSnGXEztjumyaOMUGse5V80Fyd8ywE NeQVWhULkxZURkWAfJ1kJhmxTOZ9tLy0qD2w5tLV1GX6PjXz1L0m8i/dVCWs46bzGoUiFpMZ yuh28DRgiQMkQTUFjwb7Lx0SbiLnx4+0NMB56ELrHV5hkFQ3s0Dr7IRnlC4rc5jz+P5Bt0x3 cR2RPQO+FmzSHyx3PqeWc1gsj6H0UEyVjErlpoWc+rjgFO8iEU09dwxA2YZv/dom7lcu+IdD KflQd9FDHMJuFoQof3pQciUkriPtraDjk6LnNGs7pTipDxOUKjkKgKhXJUf82S9wWs+APj32 xvv/PBu0eZME9WUuCtNWOPSp4MlMYuXhvkGRaPWaFa6ID2fNXD3U+LXdF6J8mcKQJeXZWfZU R5OovYJG3ppp0/bhAM4q5Gz7KnKNPZTUkmTFpoVvGUa40i+ytDGoifzj/p+Z8NoqbCrwpZPi QRzxtwmoAVDic7TADpzpvWvrYg+S3ncjLwb7OslPjfSg+J3ap6lZTJslqLpqUFsGiT7RfUj9 fyQUPni6EN6vk6oBm2zIwbjR7ffS66U4wJJ8IKnVLxqop6oYgwLvuoN1ydQnRq8TgtWxdroI ooKyBpMCJ3uPauvA18OHZ5Ka53DIC7WQBRWWlack0zQKgHfa3WPbGSTLhpDQGInlNC7Ife9Y AF6VWxhtBtXTEGWbcSsnOC/DEplWkDOdiU21rlbds7u5thhN6cFLCMX0r9FQXU1ErVEGp0Rw sCKktZthbofcrdbwbxNOOFhcue5iE1uEWdrMqYE6KkHKlvPLpbo6QQ3kZz5W+NuflMULT+54 dMCX9H1h8iMCvyHTh2HLHw0hQ52pZ/c28qzemCv7Vf+5kZTONLqNAiHq1j1qOHurQ/cIyxp/ TRqVI0gRZs/QGox2RC/71gYtf96ati/4D8gA9r69LFHiGRQaukBjYlE0ycHKfSxKvVtH+ncw UwKWgXyXCk6082R9Ki8Wzl/U97kp4MxXDfswCP4bk8Qeh9ZnwPsnMNdnsCdBKWiuFNeMMB8x tc1BhS0e9p+zjouJv85PBzB7uhhvTU6TU5HSiKcRdvWtrbQ0FSdjKdeZLXKFG33aeMw9orTh Axis9y3oLeJGq63Bg4ucLeiudEmNMSYrBVntQw2/fwQAJNQ9bWoo5cHtn7KFMgECt0bgq6u/ H+EyzUQQgWZkRGj/lSkm7pSIajel6+I2jf/ThPGYZZaLQNYvr/sKqEpJIJr76vccVEvj7S6o 65jRL5dId42HsQaNXXShN91oinT0CjM4wSgfWKK0nZWCkf1GRGCLNOIbU1m362s1rKdBodn3 HejfcRwkz11/F8jxd6JQk+MPR7X8L7+AUI/gFjwYGOSOhCaltVILwvUHdNvW3fkQl4h/zFlR oU6TCIEyiyqol4vpExp+e0d54xvCxqZG+lmN4U3ncxUHM5OpoVymWgZdRTcWIH5ES5BPefYJ a9HXg/HtD3FR9laG6P+iD5WTOHplshjs4iqLOeNZd3pjMsV/EmWB/Pd8t7rwlRkRBR3W7/Pq 1h2Ln4P+uQxmx0PE40FgZ1VN2yDATmqq+N0dmiM5+KbBNX2rmMrZTOVZAPOPak94jpV23c5y ouEkvYtewjGdxF6TiBbfD/r/ZQqcTwmP/PVDKRw53nPqVTOkbqgJrz8Ap7WrHDel/6HLjpS0 DkR7OnxeGRH2ewZCJtqB9a/1K55EIxS+olPgVTCPLDGl+lm/ZcJTsKdmgeXzigpcMbC+7iMa LlKhK8KBhV//JYkY2BBU53rzTNW+N1wmH0Ndv9DrevNvnLCUj9Otz0IOyGmM79eSN6JM2oOY NDU+v1WJvCWri4tLcOcMDMnmg8b7Eng2GlnnPU8RbTo1AsxiAlk5AmcFCp/ZAsLEFmj5j3N4 rWL++2xe7l1dYwJLwkv63qGWv29rid+DXDF3leOie4Ze9PDE510QXFHVMOIsQ8lJ0Ag2BYqY 0QNVUBexBK2PzWxboanIjEeyCLkzNsfB5+HfpPNF0wpMHg0Th2GtrjUAAt040S8dBtOeTj37 Y3QcxB0I+cmiEjYqs5DLJDqHn8SSu0c/wTc3t9DFqb7bFagBv8Y3ivvZxJNeFLNbLgSPBzox pAjToe+6dKfXNuqZjjKNet7KpLmeipBI7aP/E73GTVNJ6mmIF3W7Mqtojv16CteVNckIaU6Y 4xyVw3/WFAJ9E3oSp0V5QRQAyiygNMip3MfdSwOgzIyor6pUl7wkBt5VRMr5o4UL5BFSuCpe wbKwdvGiyQyPv/HHC9DXkanqYkwIgB8RmKJ78tqfG1Gy0oUuloQeAizM5ZD8m2xzMGRuUAOf DluFaFrMP/jTNilk7a5EnapT3tTRG21fBc4QxYAryhSIPUkujpi73JoPI0E4aK8Mfy8R/fbx vkr0YiJ+YMpWwziRjx+qJ4Iut7Ud3egqW69DNMFNhoSjMOmweYDZGSLfILBQCvo/g9vkY0Au oFV/X/rjkIK0kyPY7MSlwRyTTTXNDCs7q9Ju82xaWIJIagPIxpgYZBFRIgf/sACpmywH9ZfJ KiXbznqR+W4bpZNDvCFAWXoJWRxXTDANSezVWWktc1ztEIHOfGiMY1XW67EHvj9RNuRdnpbx F/998CnQgYDkWlZZ/aCRl7Xxt0hfe15Q7oj/NY6RpxSnBhT9jNNeRhviIJ7y+wK0iJSPCP4L AWfQzGXYhw2BI2GBomdA1xH8JbnAzjqdLUnMO+be7WwtWeVc6UqLJt1kz7XvNoLE0WQKBDnH 4GC03DndO+xQQ6f5+MBHTuQUnC9sdyEkPqdohIM0GEFzhZTfNLYvHn8JPyOwZ9vee4Ws5kL7 hwDbVPw2HDmfaKhRp8WiLag/atZ/t+Q0JbSPSlifgITvfe53D5Xs1R1qyEOWL5xVWe6Ks6Bz hHOmb1azCeGZY91r/d3Lj++bFRqH1LwDtREFOcBy+C85t20vSoEj7K0CYhLiITs66mjZpLy1 RJhNxq/6v/mk6s+1wH8DKGT9jj1uRPel+5ptJ7W/0u7xPRDTVwH39R/hE2v3nU/EfC53J3B8 EXPyI4+5em8CKO9xJ/DIdTp8m+bJLpkS3AildYX/esszZ4jqnXiSbHFaiWrjwm8oTrFws3mb EYg8hUFFbsTJZoiz8jNzlsfI7wz8198xnxjpWkBMXTgYZ0GyE0+3ovCQ5/oBRUJ5cf2BNKC/ Fi62e0cXBKa8I8u305ml9fbG7Uocos1kHUjJ9Zoc30um48ltO7sGRBz84XLOE01PmRLj526e rMEvgnxmdvUFc4VmYHHJNbZwS0bCH4LGzeDSHbKwISM4et487VaTgR6fUtqbK87Vjk+WLEtk 6qfQx8Pol9WdZ86BmHj7rv0rm33ffQRJqtMQPdhQ0XDEJoa7kh7Z7oHVdudqClZHRpLstVH7 Ukz6bYzEF5QnmCbHGm/9EoiUKtfX4/Bgen3SgbP9u3r3wl+dIAJLdeWuvmh/8MDjqOnr4fhr i3qmqmQwcJnmP1C9+JWZlFRcgbkIxqvX3TUTwyqvKnfeGUZYzKp64gtSJdkz3ymW0l/pL8Tz cy43+K2KjFe1F6nrViUoKjSMsvUy6tevuGODRne+p+1LkRO98uAos3ol62SuxH0a44nW4XDS W7shk3TQG7bSumgGxkbY81q75l1cGVTS8fMIu+DiO0TmPKuiTtOW3whrMjH7t8tPedT8Rgbi I9OxdoGdha+w6tzd/vEsEixkRCDgbVvipWVqnFH6UJZL1EUcTng3VjJ6R/y+oeRLJI9ifJ3U p4R8xdrv/QRSdE6uS4avj2mFmAotxZ4ijMJKu2ZZy0WKYf1JL/n5NK2/xEQ/QnrTyl52n9Bx wg35w6YWlx/rifc8v/DevrveSkaOfHPIgXoDSAdXwxANrOfspHByoqtiF+Vt8xL6PamOXr/b i86K//FRz44YT0looXzbOOtWbOEmPHf6CS+8U35kKUkKb15aerYujlisvtLYnLqWgXauOuwz 4dYvm488O6BBUJietGEbicwDFUluJ5c9Fbfw7pmLGnOYSYRAUBC+ChN2DjOXF8AFkD+4Oisn HWQNWZ9SBuSgACtV8yrQ6Z0nvf6Qxbwf3UUgsHY4k+EBtEPnQF8D217uMiVbbrmeYUXaNFWm IqD0XLA13iXGQypKhEOfA9ADB64crs6r150wiRzDofx83p3/Xn51oMtak+ABbi6Yhwq+ZEGd GskKXqkv/4/GsbTzapobHpyyMNVUdeE5KaxFjecoOe2pDfBSdonx8LVnLkNeeV+UqctNBSak Wsv5iL8klIT+tE+f8v1Osr6IJVCM7w8yA1Q1ICT8EIg1ELu88hr+LwhEe9ljSyi41XD2T2ro +2G7LO/Fv+cjFQS9ShhbC7Logp7uoceJwbIx3vINt3BhfHCeOQ8H0Wjcjlk1okF8IVhvCxdD mrq/NfLubY0xiWD/WCgk1RqGrYf/DA8r9C5C4j0SxMY7KHuBqm8g3vuZiw/FdzrOtDT1AujP muzKWXtETlpqLB6JyGYmxzOfNfmAJ4IVMxfCxl1HqpMsXpHQducai1lddXSXSQAWljLYNUAx HuPyzjTntrPr0ThKhUQDkZwP+208eAEnSgYHVCG9KfF9H0zASkyv5iwVjBKdofxPGvm9MOyQ IMx3ACEwnxQjipPv82yQHca5Lhn728e3AhyR/iHLEpb10m0k0utYDcbqjWA6GGkmy6+OIimg JDLRO3eFefMuTx3bUE9Qiv2UQCmCwgujeAMUYKKqkVdDNLWIRZDeA7CrO4EesT+wrQ5JX7pL lDwABsg9+mGFOphCMrVUTIEHTkUKUzmac7A/t5Wvoow9xjxvVCEX1Iw3BNNX2KZ55yCWqBrp Z3COg/nbqDTAk2PWKNc0/tuh426GrfMhrJ5evq+ex3uSrQNKEvTJcO7WvlrBEFI0gSJTsGmz HrSM1B5bhwEJarpKrL7FWjJXYbzDe4feXa/GzLciNI/zqAIQT0BfIqxsT4+bhpOGFHV2ypeH uFnN1AdPHoRXGoF5A3zVqzCj08vK/Bp/56JIpqVYD8uzo23XE5OC629MISadaUDRSBrcwkPQ AaXS1vM9QvgFu7MmuTqa/H2Py6MQg+EifVvEovugvB6BoqvGhv7omutDfe+htyllWh4ZRsFU ozll54AasSf438zBiqk1V4hUZlbOCmb/8hh/289G9f8SLjiA3qXtJR5xSZ/wEcUmqWd140xS UxNPaCphOMlHCd9EYIjMHslhUn7dTXqwK8Twx8pak5k0aNq7/zWHJC6oOETVp17noUlM0ljH 33E55MK4zOZqZxVowkgjp2afn8vLiM3DM/245DYcFBZUx/NHABUxn3V7YpvaUi6EV1CMhjAi +EdUI/Dg8sZb1h9y1SxvFunEb5xEe/C0OWU+MNrItcU8DzCxElG9+xoeiEmedWxz4siIRipV hXlL+NgBHPmR2KpUIkDdfvM6l+djI3uEYUkZdEyOIXTp6qcccMoymtubBT/6TgbRJa5YRgsx 3o5Nj6ihO01cSdybavbKrP1/qWcJG8nxzupIZUJ3NiqP7c7Cwy9NipdexjGI0DC+mdmTGOul IrEPnqBscKWut+jhpDQIm43+6+MCERDtmWT0IyPgFB4LqQPAJqb98ThkKnqWvSpiEkmtLO07 yEfFyY7ScfWu7F9da1gXLNJufA4V7fwrn2uxvMsMfbkMPjWqhNy6KxwQ8pUB43w/iVvhStL6 LwtNYeB2PU5UIuwUWusEh9tcBXY0E4iR0IM1QdM/vWvtXlyQ47TDHESxBVbrUWX0y3IVn05x qwuiHzVh1BhpqXD/bcPnycynf6jlHx/5DpRyrBV7FUCovlQMMI7JkTfFnAn5Bh6/YOi21vXq /KlT2Xv5d0aM2viqVGcYFvuSb6TcqApYDGCgB4zDs+9DpASXzXRbpFPfXLLGxJiW+rrRBwHM opsST17WXooc47nOYKvbPoZAHtuowkEOJcRm5IUiK+s5YK44X59K77Bk0HvcUsVqhro4EIe+ 6oklCWVQPUENrc3eyZ1HEgAtmJFWZ9qQAJSdRSA37HFFTwNy2cSRNSvYw5rQ8VOiiALEIN/u 9eEmZuNmdnGXvfwCQ3Tr9gBcshKPSZTZ+6g3anvKrzGq3awR1TQsK4Q46v/FtrKXGNJJKfQl QC+rxd3K1L6X4i0pJZsu+oc/1xQgGSH1lihaaHO06xxGlKINvMK+muEHVWzy126B7rz2dAYG CN6MHEauNTdDCNzL6tpkq+ZmnQsc8H/0Pcw0Y4Mu2H9DsRfnGdg2U6txBbY47hF7REaywxf5 uriAFce+PVZr+WfqKcvG+qyB9QtCInUnQ+yb6bIvSJhmKAXLFOSRNqnzrm/sf7Zw9coD5FWE eXJwfHHyDfjgtWox86+SoFDvoiK9Rt2PoHqBYRD58wNU/9s4nWKXtGwrNgFEcCd4U/TyZQN7 VORO7KRN1JXRbSe/R6HQIWRQTBC6UJ2joJP4shViUPlf6zeBJWQ2KaPQTejHTyyDePGxqzij /wmxBjAt9btOr/Ht30nLVXNZfoDcclJ3ziqTaX+LFV5/RbpGWjBqYM8BPhorc2faLOoZn8Th MHBRjS24MIi2SVqmbuym91E9mYCO3JLzdxz3+Tq7BAhCuQjaPn52FXmTFE0cJA5AfXS+XsYI ulfGppg2KOLpjfJ3DfR7/Ml2cnQAlQj7Z0rzgmT9KGLr5P6xgt8ZAx24LHeaDZG6ktASGuw3 fnZtbshOyaK6BwbtfFd8DFKDpIGK5BQEwwKMBUOoHXc2PyvoHLBQvM2gDUV48UvjpjrNCDRk 6CJ8ATnuOrceyw9a77ljfiwY5TaRih8gY5cZWysQT1vYBQuCDQHjGFRHg0r1dO3mPstVPKMJ e1VVL3pokftctqrZ1PbTD2HHoBjLuIT7ZWZvN2nSE3eNqQgSdPX3Pm0leHk+Q+6TgT77OasE AzaBHGoVT+qgHA3AHST5FbuUKW02uEAGiXFFLjU69ZR5rd4aQ0V9MyVUdS8DlkcGq3pY7HNx 2PG+F6xe310NZ0+f4OeicC+6TgprZzgx8DTDxU3Ib2dij2gpVL+Yh/p92TM92bAtpiPSC2XM 0tWDN/LuRPedYymrbeJmuv4X+8V8tqQ5ai3kdK8/i3kG3k7ifIBIj2kXIeFxLJ1Utf0gtTgE qAcwd+Ds5iLhmps3IJdgS1h9UxMagRdT+9YJytQFIe5LIMHnuCQ/6Na8892l5K3NOUWaGpCE pWsulji8MtY67XT7NDVOqw6x25kpSOB1XoCdKmOCbNtsPWX9/iVtMdua6G3XgTxyaeTDu7qb UxMuBF0Qqlh87a9Bitstz2SK5Sm2Ndmcu72BncgbuLrVIkvJ3VLdAHKEPz6AufVaUUyTRSoM c5WNOZI127UHNkj0wyEW4drHw4/Mb933ckxbbCAffr4/7iqrbFfT9lPb9HOeoOixDkp7OnfW n50wB0TdWBWeqSRc75zDsRG908hRAmqUKOZKOdNRVj2/N1M3NK+pqJyqW6SjvAacSWVye8IO r/a6e9yX/OXmQdm904dFjlcZz5BwoF+Y+YMAIdyselm2ffZ+5tD1G7XLb5l07bcWAOHWcrX9 vDjb+R8JkjQM+6SnV0CaDxCR8PwcqyvN1kcLZimPUHm6Unvqq9uf/YV1tmxeJuv6fNV0/cRf WQBTFPltmF+WnjFUgXKl8dOpCFzGK7kQ6oL9ZJZzZK8LLqNp66J3xwEe/SEPXZW18V+spTjq dA6chZdNreTHiFntbEOC2ibTafmCn+VQYZxqytTqWtx9ShQVbVOWSzuP5sHOl7WZo9Mf+ohV /uYlO5PoH54FSW88i8b/60syvLdQF3Vt2tZyhDc+lVrbBG87OlFUXMfXgHLCO/TYjsXZtYFw dA/VI80QAG6yKhANSuI7J+59TyYekOXIwxGyOUTIzJplIVFFQQh4RUBJ3JS1eb/hc61jrPPz ncTouARW1UGnVN8SXY9C7xBGaXAbmccU3bk35Q0ehDlKMqOi7EY7nOOBeBv6s8OD+oalkluR kuRnIrkKXKll2NrE6nBjB3fJJYyqtT7RJh0KlKgac559IEqabRS+cbVNjMTJ9Pe07PVRqrwM fjE1goQin+eb+TTPOaAaQLyOl1a0cB/363foEASyXyRIWRAXIVaj1fGGKO8h3WafEDF8dF0H 11wP3YAPhCTq9/KMCbDPYoAFJ63cB1OrkS7/rybGm5HuWGzU4wmHCthcgE8AUCAJeRkJDLtm yaMlW252OTY8fSPE+BbHff0A3GqU6Fw3BkhLoA2aEwqMVuMtsrbVwR5Oku/THFimzDV3RReR sCoQ2/xtL8KFqZn47EGbf5dT7t004bwFbnzyLv4KF/RhXGYIC5xJoIAhSvqQyyVF+YsV6hbN bzrYs7RYzsSVY8IWzkhNGb74aEvhHAhdw4V51jKk1PszNWKN2B+Lc8ADEePEVYO7MMhqWY0v JMq8zu6CF77nIiHh2ceYz+iIHAZcZs0k4Uu6bMFyQh9femRVICALm7Nn45fZNSBG6zjypIBV 21pX7A1IdDj2wns0nnFkOawhD2Is+n47Ek03j1YNacepF02BkBQRpnKZRVaaB9xN1fXfsUQZ 9VUILxPn7ZS55MhmO0YDKNcPVa63Kmtw8fTPZJoIMDe3qEV2XtYGYBWBlgJBsVGKsJjW5zwQ Ayp0x72ACyaIKVK91cZVFJBM5Hvx9cMZRcWnhgwohnFsIsPbQLwn+BCZ2nDKHRmc/KVpQUk+ 9aiRtje15bHgv+5wXp69rFJU+7V062qPK+on3zN/cXOWRbu8oyG47K2CF8nwo/1rG2rLQPyF 9h4gHCdG9Y2MYi5w6j18Jt6L8XvSmyrRkdSl/HZklgCWPUfbWxMB/XAfJhMr2Vo/1964Yzr5 TAJxdLWo9Dz1h30Cae9j+NxTXBTHzM59nSej96lFa3eorPoslX7ZPStB4uaLZF40kPml8T+1 KY4n6hpJXlE8nbYHyJGpHaudO5u8uJrT4lgbL88DeOkt2fN4P70b8KRUz0LwOQB2ZY8lmbfu AigssAObu2ntlRj9jI2+/1K4Ip4N2CLxdwTBPzUVh11rC/oPRggrO7voGdYOtOjVhQiI8jbA NiZofjcf3slLeYW5ShuvcQlLnr0xk48g44Pb5l18C96g/zPcDVo4r8XF9n2VJfOCuNgPYoeM AMqwt0r+LSXWB2H3u8fJEqJntULuDpOX3KKahN5AYYnwoVBNmx8j+s/Xw4kZUNmK05WfYoqv d5DWEVkZK47M3Bf2Ohsa7vPzle5fZnZRPXqCu0bYxfvRIzjd/3xkcZz+IQkMZKlZgsjLE+mR Wz/VAnEkM/nOUjt5ik2oYmHPVtHK1/qMOgFsxGitl2Oi/Ld1KyvNq8mf1pdnJYipmmLJiR1G biEgHWO0Stn3dkc5AzSes4YVV3xd0bEx2Ghk0YY527c6atRqlWE81a9qgXvo2znOxue9YKLf j0wVvqCTkb03n0JV0XOG4QwI+R/rjFpWuFF0+wIJt+Eo3CdVeL2hU4nLFptYufS0H8hm0foz SDPWFZNzbxcYFfJ1Aukp79enNFiwfi5qvZCt2C7dPe7OG23dnPhyYcHBhSHFhU/0JtfQFbEj 4RE0PdieJdTrywBb6f3SDglIhxeTPBvy5xSeeJrol2nrFrCBiCGUrTCvcWUXUCQR2O0VNfd+ EaBM3aFzPto6B1MAxHrb17fNZXh8YISPVmgegkxR7xoTrwbPASUBLlPswQ2rvPEKjkPKuywJ kQ8+wdrtZzG5T7emsz+utoIGB3tBCFRK46s1PEsp1cJisqq2v3WZiRegHTriID7FZAM+AIr6 DZ7c83esYPcDkR4uIr0Mj/Jj7s2WVN5rFKL20npB8y1YLlL/Gnaa7LYxYBueTTqC0uE6Lmns y65pyhhR333U2lnHXxSw/I8Exxj41N4aFqRYkpnfRnofQ1fkO1aqALMGlGi3qJaWLSgFJtLi xwEWRv9fXcNLMQJMt1VHwLBvEpoihxSqTcwofiQ/hHQhKRV01taPcgAgTym7IunEyeuzSfI8 EbbX/NACoD2M4TJOLkS2IVirwuISuA77IEj2zIyn/z0otMoSGacE3f+bU5WjPUKKkW/NVhwI hxTNo1ges9DhN1ZC8jvjbki9G4wAiU6K899E9w34YgYjdNH7w68mZw1XGN508AVXes1spGga lBUhrw+rdNHk11FuWCoNuhxMpOhrb+GiJW7oCv9Hai0wO6Gsbbv8NgrpO59TuN288h6e05sz ValrBgTJde/4LRBeQ7kTxrwefzs7up8HfxAzyK9l8XsRnBpraUvLOIwhXWJNc09IufshQBRW 0XlhYckkGeP0ZSN4unIuN0bXJnYEPemeCFT6xmRZy3cAqOphMpaKLyiGdY/i5xNiHN4zSMO5 AF3GMB1V8QNCcWVJYaQoYWoDuXBnC85+b6gDnOB3q7fDxpR8v9h897gUCvtcYld5giM0DMOK fMO6p/V6ZmBWRBzawnNho4gmQS5leK1B2zuCCh3z7PgmJzJWva/W67UNepor5B9kv8in1Uxi GRwTKFupZQZEavaqTr6cByXc/yZWkMW32AqRmLomChaYpFW1QAsVjNwGJdV2wkDxM+qdwnAW +gx/wPYKA6bOY0JyAJz7Osu4S//jvxzbOC2YL535aglsfc08gA+5rvofhl3ufYzU3rZ4Eobs yKwm4u+ZS8fh08LK9esiyrExj6+14RPsUCLdravTbAdyjZ7V66dzl1p1Eck+aDqCQyTNI6U6 +67AsCDQqsX4qbs+5nqpWnd73i34VsQ0jCQ1uxz8eNiGeitWh2TXlEms/Oez7wNL1/7VaQq/ dQQIz/MW4igyLylDbKOkpbw6TR6jWiMKUrSSTucUh8slbpm5SSyEVaICAt2Jp7fa0jBjyVhk h+Cm7IHF/A6noW6RHNmBlPDEGGrANGDhA6ehffNNlNu09vFHJunPC0dTuXFhFsajXUgakf2T Td7Xei2gNAbhFVWBvD4QLLUPx9L2eD4EbgS6afYh4ZySHdUTL0YoMfmjTxq2aOKii7ouikaV f+1n/Xg4WN2/+cRgTZ96hCstXC0Nfl8uGoFD45APlOofnkAguBF6W7ewpdiLcSsuD2OgB0Lb u72dcVogXiv4CdxsKFPrZZmFHhToe4Go2+Socbj9DT/9ieAp66m2SWv09bw/4AmieXmz+ih2 x6FYZTLKRjZIUeVdgwaenTz/f3Neu6Cb0lpo/xhcOZeHIRW+k0w5E7cfdZWYhF4lcyYft/az +8aC/t51vdVO8Sfpbw8WEevnbTn0qlB05LEDxHVfpkpd3GtctQ7TKEI1wbxW5tIG+gneDtEI gkger4NtYR3YFds9BaGfJggc5AGa/DarHpqYGWBqC+E+G+KPB3TU1WtsozG7MeI2tkmvpCL3 cSVjLhyOMBYcDhXpieN2mAi8ShfC1ZYj0bwpmzxNqUuLKq1E1RvD/V45HeVfiSwEKeY+byHv 1/b8DwVZSla3XQy+xNg0dJBBWbA8pcy74kyFK08tShEEJfqVi4U0Qc0GCxYWl4vgo9sAr0qU A1HjIeGdlilVuF3K5h3Ns/s+UBcXqfjC86GuxHWdDwgaApcZotCM7VjE/pEvbRkaO8qRJ0c0 6GLre3GXbbD5qwpVZPkPFHTwu1dnnioVC+XXw4d+Ox0KQC2R0x2MKpR9qr7YGy1gl9lg0wt4 Y2uJawdMyUyPngRzo9uHkT5MXNBA67d+Bii82e1LuA+jNHR9s/GxZi/6RoOjTzPYz069SlaO v61bnJQqLQ5lchq+Wu0DA4uhCOOnnccssxLVxY0/y/8nUWIlFvibdrMIREaJHN9bwgJHxUV1 +HKwtuVsJI5xqEQsOr5pqVkS9FhVXc0d/PymRq5CS/LP94eZ+kzwuJKFb2pERY9xmQEw9UFo DM/43XTXmyQu4ZoMrDBbnWsQTfIVzNzW4/X1W9Q+3ci1IKXPP7YY0dXX1bvCjqAFjd28+wYB TbK5Z63gndEfbdwFZYYB0sFbepDnObq2z8PimRg8SFrE0znXi7DcVXJZlSGvJpE5RMQrHqqV Y/PUB2b0+5MIVfHTmfiFEqEvMmCgCMFitBjgDu7+SDWAQu6WnMdKUblpm0/eiMOGk5T0xGba n/1j0xpMHTGDSGA8/hRtuJLRFpRBRtgaNou9p3ucwaOJ8rVtf2Oj63rMCROPydrRva1yXxZD +Yphs0av/ATmFQFnVAkUrubh99DgS0ynt2b9HwLiuWbIEKgwEpIskiQVOFDzfCCfbEhxaTJN UtY/1Lw2HeXHFffzCVWiGCt1HyTtGr03tMskmt35bus884weLd1OHdhc5KND5tEPOInzL26r dB4xCs+nJ+bV8xPIR7dxdZvhoRghZflTjxgcbDYVzq3NfldNRyTMWD4d58ZuTaK8CKo7YEIJ xagVSZEkq8n1rYMgoT3NgXKymH5hQ8UgCXj8raKo7qWccTtJ1tw241cDye5kahqVS7oP29zk TmrM9WF2HOEWXYw8sMKRG/bw92F8LSpLSDiUsEr0TZ/xiO6yghvDK4/ThRFIL06S5OL0jGhy 6ifrp1pyR4tqllgvl/8gjv25p7yeeagJrhqvuTOeSN2dm94vTOESVK7853AHUI1jlFEnQxRx /5W4Ip01IUI8uY7oHvrBfPnxhhx8tPRqD+h/6oiStmeH1JnpgfOaDhQXV3y3X1KcFUWmAqDG Q/FsugARkV8jpSEjaVtXDKy/rNfWxqM6eDEJ4yDRKkTi7DFfWP26trW2r+r3hqSsflpiBb7F iav237pD1tgEsRmHx7EcGkoBH2nr7it29zEY1WFe7e2lk7Iho41+srSaZOUzuV3+wuiPIW/1 c6JHhA4aEreXlPo2Z0Pchwo2WI8OoFCh5EZCEi4xI3nFzUzNvDAveS8o62AoRJy2Y1memPqC oFd/FI9QxElFJkNoOa032xgVQ9LRrOgA8N8wQIlavjogCoQdRPyyabkuENwnl5Ngn8Vmcblc SR2LZ2GAY3EwB4DzNigC5lfCG6NpOnXfbzzHkMqbT3MDnUbZBjCvC03z3v+A02CaL/0kgboK iWiGVxak9rvwtxZyTUBHMs0VMTYnQnkMAxj5jRvgtmTf6Xe2PXHTZm7KwUfc2RkpUT9ddZcT pxU7CByVtMU+oKgy5uFjj6BPa3fONw0OkV8PdTCnlOgJ5GeJVFUcLLbWpLdVWLNizSb+3rCE cXP0h9yYRVPDlUSgTnt4tUeKeaZhE2fE06yriNtrPaMAjTVUndiLKkDpcJKYHkYLtlMV4nhj P9VhpiEPSmqzx2UedVCDTTYrsXcLnAVu5tn6HuNs/EAnJ7+14mL2Et3zdvGTqcbWzAEkf1Ar iqXvGa9QdwafrVT3br5uejfoIDvyI6+/n6noiE1VSn1JF5UbcUF114xvZ3oeyrbD75lsImEn KEmyDXQiGFWzkQUiq95xMGHwfGhPxgWgA1dqdEQGRfHrWoJxVz/HR73Z3Sc4Q1i4D3MxAXy/ ogKVoz0ZVpi+FPxvjLhowIMlsHnS7yOY76IxxHf7Iv5XtQHexAy09WzqwKaPC9HMPYuzWw9g ZPdJ7lcvYH+XJPY+Vrf0Jon1Ee+ZL273tq6rjBNIeJWgQ6Mk1y/EIrVqngwpzKDMK5YEqqx4 qDPu8QHFTmjuLOfW2ahN3DlVUi/haE5fBg6lBRX/0V0645+S2TMCiBCAkhgMkmHOhXaWnFr7 6kdxCpeWgDanuujXr5AVQObgZLjElFAyj2e8v378sXjv4KQwXbWM/5APnbeZYYhr4y/cS9ph fSV2c3m3kt9hibeXw3+M7CBuBJCcQRDMjiheVdo/1asEfczOh1HazOYBDXaJIjE7lhHdjq4F w1U95Ul822djybXIxpenIAbfPWCVX7dYALRtj+XGdGxiiNO4nrWQejxMdq+Vbx4FbFJmrB/o iQZB+7QhKr4pAhywYljE+fbmM0rblfPYYQVPfeMxnTYByS34vOvy+nP1dd1u1V4Vk3ax7LBH mRs9FaAWWud9xF8/JavK3ZqfTmsAsIBKbvZ1exkXUR/YjpJhVAGPfiJc/oh8wfI5Es7SXYmw dYeNY60od4ujbq5RjCOJHTxW2ndUFHsgVoMTeBvN50gmEmSn3ZNxB/tC36VMALE+SvliCSgz FSd+e2149Yl/znRyVedPxzK+ykXKZxrmEBF9+Ib8HrgtapBJo3E6V/cD07CQoOgCilyJFXNP FMzhUS/sWdnK5BgrmE4X+UuHMOOijmvb2osJtTdG8zgGEus1C4DMPgcWvNgImihJ4u3ukVG/ 7wpzSc4DBvrafHRDijvAgPDm1FjGxeHgIsfZQPwsWVAETdJFRg+29wdbe0DomfSZgjVwPrPy FMUrGCkhBpeYdCRMD7XCfeGOwK9uv/882ikYMKH9XtmLggt9DtIIx3xsS/fNZ317xVSdHYHK YXyxmLqkrUt+li0yh0QDw+RudxYPSP6btRU6i1oRdFZCetl2fNCVufxsab7lavthDTt+6QmS Yfmqm7Zo+BatyNAwBDxgTPGWraqXDUdwQSBxsQ3i50Dbek517Yw1CEPkE9YjWORMBIyRrXiG c9LrgBrI8jDUxjCcsk3aurN2io9kZoGk1bVGCeoglpJiwSR1mi4szghiisTMiTdbgzWXzzlc HPDya+iW6BN8/l22Raq8tR6XdvxrU9aC+xkhmFCZ3symCGW62G9OmuRERCLI8t9ILFEklKGO Gv6jy+f9KwOUoi+UfZ7iVqJ/2mEkK5RcWw81Cd8K8Zps6dCZqxKxw1B5sDa7s7VZ3qDdS/x+ wi+wyQqZILcmFXLbmZ9N5ZukwHDWAeg5pFRRiRb6YTgqR8znEqwltJeolrYuO9leIKngwH0j jLQSdF2pSUqyaUoTPrNgf7SrCeVenZ3fjFY4WtM33CRxNnMZfgAeh4i1ZT2NNfB8F46iqFKF kUbGBUgHU+WQEMAp6y3L8LAp5ZX45zyZCnK4pbTVkppIhPd+JCxf0lzzIuuFIhoDpCtpQBRj y+uJRaCKugRH7k9zzktaj05ECaW8cPyRBJSm0I86WSqjUgiqwwzlFQmGg4j8PSMXeweKMBe1 PdV51tZ/4SrE0Y3NrcvCLV4uvWYgOblUdzGlaeWVTYA3zTWucPrmO31STsWcaXz2+t7y5Unp X+XreEPWMiTVvpb/UrbXs07MKi0uXAuJ7eJCclktOt/GNRLk+B4fvlnIRLTNvFW+aqETDFJO IAH+6l04EIDiFmfotg9p5g6oHCJh+7gXjR38ytcYqb+N3IABy0tEo7fl+Wp5WpDX3R2BWynX rcFoVDpZCtp+8N0NntdOeZ86HsweRaDPsz+0FyRnIsT9nRWEuCcsPfR7a7FndUW2OCE6QA8i xvpg7lO0K3gp0SdzDk/5Z/gFK97SuXQomqA9/xbt4J3LJz8W2m+bpzay4w9knF3csua4x6Hv pnO+SI1slKIFwMeFJgcI8veOQrMzXspnvf3LWaeQs308V6hFxDJw7Vcsn5HwHYWhU1gmeEYG LfCVfhoz3aeFLl4+8rZHELnA5gL0cdkt2HeAs8Rxpqzkgaa353HH7fsIrUboafCXHfEo6wNb M4hYzGSjwLBE3wxK/RDUqwzK96TcqWHxTopHfZWSYIkQ89nt4i7xp3Mh+R0HS/RwnJNu9qMW bP15Odh7tdCDlukpc8SS3PTU+DhImFObLc/TfrxA/xRTxf/6yThU9cmTpK3aJ7dgoK1rOiB/ kNvFGfyalgdiOdpxprx3Q0AjVLks/pasCCMB+LBewyYG/d4HW129srHf5ipbv/V3BODTl0+F MtNlDmtldQ5GRI7ljztMP/1lIw8/4QTA/qVC0UDuhZj9e1Kk1fWHyAKMPQVDxGqnu5ua9rOR N8ECw6VHwTlvVESaor0eZLZizU7EGsMaVtw4btFkv3sgwElSPBi1qUaIdVz4xvXWGoADg+Pl n/6EW8Tv37esktCWiHmrnmYMbccOljlUO0RgkqS4+9Bt0u2XiieqvruM9xmyh0niCUCxiWNL gXhXJd+ohS5+nBZ61+Ekk6KSxT4Yh/q4AgLdcLI8l0iR9h9viuFhu4x1n9p5nRDWIRtL4ikK tFftwVoebbPRqM+V8o8Yp6zsUCvLtEgvOxuKe9A71wGghkTCBgKelXHaAbaWIGTvnA61rmn2 b9jlF21dQp7n4cFjtFVPdEu9YBkFkLD5bPf0KIO+i4o5h96mr8i+fsFhvThvwGaGkzPzTu6n /L5wbjnLpNFTaGyqZwebsJV3n4VYmhp+TTz9zC1NpJcp3+nWPubjZyeaojfvw9bL7YZE8UTV X8Rs7gpB34+aEuGymzgXOrlrmOcmmfK5yHqd6QCg16w0evUVdLHPZez9a4YKRESseE8TZQdG qXATWcU7RJl4EqiOXT7ZGKj9Vep6dEWiF1Q4LLG50VYmqn9kZ745xv1JTHZ+fu+81Q1+1fdt 1yWbGyPtEg6puSGnnIjdMhjUVjIJZ+CfZew2+k5K2+YFsY8pxsrxgIhVs5pJy34Es7znm+3+ 4Fq/LWjIuuShWf4rpDvZ08WcnpVz0fn+WmUUOzTWR7KfFfYiJkzGn7hsDEC6uzUsEIQaHunQ 1KRAdIpiiv9wPf+BWEUVQrRTVZLvBFtGVuqvPv0cGgY1IXdeI15JEZFtGozDVYzBbwwUm29S iUqTIykbqGTeL3q1TnHHjgBjoUHwcwsK7gBPR5BGMI+s5MEBSZLVMsCQ8eT8RV/GuypRy1mi fIR6ZJTO25DU79VyjJO7t60UPK32eIdjB2riExf1yc5OXbIw5mzs5MyTPzbjS+F95aFPDxQS uVc5cG1cB7Rj3l2kYBADK+nTyzbhgF+5v6KHu7JnKkStHa2TmjfsubeN+fkLIGk2bpWCN8/I B9iCxFFSvIF8q7Cu8uKUdlXl6NwKJTNHF7Yc8+lPEHANqLoXH6gtY2Rn6+MghCiC9QBOlBmh r98YroCPwrntYEvJcLSFSMcS2v3uRIxaCoT6OFiBquTD+FAH58HmBy/BJNoNlLalmQ8IJ48Z MZtGjwlXdhhTkmyEAPTFHXV1S8Ei4pPfgY0zVgvqauzhKsawRJMOX7+rxE+OgkpkOluS6DN+ Y90VrGLd36bHT2L95GBlei08aJss6isBAPrYl8HQ5eaxQ9XR5GQ27HIoNoQ0FaU5Ib5W3Utn Cd6TkjFpJ1bPzdqi/dw5BNFYLfN8JhDanf2t+VCwuAGtv4bjH+IGIN9iHJL1KIA4Tk4n6Nh+ BVO1q59OII0syAn4ru517aBU53SiH5M5OBPSjQi7MKoCK0kQ+wf9PYUjMuuOJoEXts0D2OFP hi3n634RaSTjizJ26DwocDgN91PSiPphri3bRaaTLKxI33QpUt0mjWZdsrU1PsyXDtyywNU9 3eDf95FbkoE5twGeuqmlOA53Wywkn81xOcJmwmlgr0tPh/DkIIzZ91CVk9Q+FdznsQ0q8R0M 6y2RuqUNNN+4V2YobQw24todBLodfM6eX6NPV5b+daJeoae2HUZQe2HjlcutfFKi9C+1XRQE Pp1cMv3PXv/6I8FLLpeK+IDQaVROGvtQNK88vC9yXsXbL5JOzfdT1ezJlTnFhS621BboT2ec 30yIoIQvBWA+kfrHVhJlD2jpadsHE/aNVyjHeVw1SVh0elbdIKtpDns3a7rDtiNXxrV9iGW3 l3iE9AGcGgP53IsXID0yNlSaY+Qzma2NwbzqeenIvgtWwiT3jWOS840/0ZqPmap/qKUlMGnW 8r2ek+yxglKPN3daVO2c2GlhNE0z1kFiAS683yLpotktYH1wKtUn+DwyUa47h/cCaVn5sSFG 7fV13n3G1yXYkemXyfTbuhf4hinsJwPh/9ycOCAVeKTGMPgSGBEpoJfWp/TGajpVVLSl912N BhP9NYxpZh2filElz6Mqb1kmxYIx90M+PPGTkoIq9hhs1dQEarz8YBCnN129Or7c2kWZBkDm D1HWgE8Dq4VG6QdGTnTMZSdMKLiIuvDr0CxGX7ig161G1hfHIZjXUtc0XdM0tKrXrhWarnqS HqtT9o0mC5qvR0UICNmfEu4uj46Rloi1/0dBkEWph3en4zJhU75wPyr7U1JBkNUsxTBa8uNR J/SStV7Bt0gjf5SmhH+aZREClPaJPSVHd9znEj4/cqpXkXYypY3t4W/1QkFjem9Lk+83W19k k0U7LVqdi9n1las7hyzU3kbPPC7uEAhVxBEojaWuvyMiHzJU50ekMvspZEqSDbtULSvbHkdn DiFzyaSkyY767H9U2mUystIPln6gzoWrSqlG/PnQu45eFqBJ7VK8DWS77+wAdXvytqDG7mL6 QiIebz9QDzrPPHi/n0Fz0qOFZIP58/HbTzuKmEJQmv4ff+UdJfPUefzQbMkBxje9HGCY0t7V pmuxxtCO5T3GtgNIwdl6TcI31Px1F0Zj851QlEWXPr97OJhjHTe+7l1eOfpIK64UUmVeniWq lqzO72K6bLUC83PdX3NrBbYgeoLvXi2lpa8J10Vaii36aGCnGn7PUvZ3GZ6QtqNuRAnD61yH L5s97acRsvwWCz+zaJmcBKyH5kfRDBWVPJt97rMmfU/sC8TLklCpZICt1LQ5TbIp0JIp8CMS Msxvh9F/Swp2a76mjB3FdzUTVDLQb1qh3Gbd8hCMa1XKCWGGTZQrG3AzY/9sjeSgOC/ve9k7 Hs/E4pdB30YKILPfSfM4mGSwJtQ15VeuJ0wBQs4EWTo9WFcvZhI4tm2ciTB8e/IqUChvdRjj EBjvDlC/O/nT4Qzo43ZTvnVZ9LPUvb00YeeAFOMfIHFOJsbt0WzSqHcMxya7/SZjrVtZiemZ 0VT8GXElcESnQSXj0C24m0VSaDGw8SH3KP2bG4/Dc0nkj2QrwNVav5wiJq0A7vj4K+a7fVLa vGQdEcLFNGijFOwIT5NW8D/nUrPT0ks9Uuv5X7q9yWYVHPPJr9nIhTyJUpHJkNL/PCoyxPb3 506Mmk+8DC+s8oqeHaidugqwsKy2bkEjzbJRNzbZCy/2dBxFFZ21/5t96itKCfgyxXwNHNx7 dOPiShBYOF/8DOMc8fI3Q7/x4n9XUiwx1/dSqsfoSRGE/DJPHa9oFCm/NkQzy+8U8jS/TBrn s3w7W28HOyURKSzVEMbZ0QhVxbwHKnYEfBQOQVLDg8TNIR8Vwtub5azeka8ebFv6rXTQ2hEt I+hIWDE7Ajcyv3xCa/mpREZXvxUlko8lUMPPH5UuO1iQx95QOwoPKfxtgL1EkTXqaLWBH1qZ CWMiNETjSyAzfkH+u7POoZQHPSdFuC5nms7NiS/RMZvpGljYknTMLiEjbfGWDhK0EVmdMH/Z sZiJe8WJwgzNzjmajtpDrF8WqbQ1id4gV1jVi1kmGyZMR6IidxlgKxz/j511xY1wYY6ajwFd S33l4lopSR3CeYT4unkESQX9xYifc78xehI6ilYUtV0Mue92ZpOeMD8mAbL7el20QwU84HfM e26IYRSg/Tm/cfYYdKLf/uU3QwNQpM9uhjE07vORosAMqF2WQ+HUMCe2F7G0Yogd0MuD8th7 u5S3QEIFqrAhfd90wxhmNz1UdqQBgMcd5IivEYin99VZlRoBr4/gI14DBeEYqcnoqWlmBFdz EGngmGcePpVGjq6Kp28cCPR7FB9kC8dPG6bPZpJwpPuU5NaEIxX/8c661gqQAIZcBrmf8xbd 2NutH+BgOWGy0CWnjew2COskiIVBWgcLn24t7KzWW9z5DDufGVwgFeiqk0mc7uUs+NiGyGX5 dKxHu5eBDvDgmbO/03L0WT9SIAeR1cMPZIqRtfWWt6zlK+afgrbdJ4wK3vSTkmUkPhbfWHSF X/XI3hFE2yjGfVbsNcDhsk9V7zqEg5n9+LVPSDTsG5567/9bulk/sA9trq1lGV97j4dHcjbM F7gOG52ppDrSNwtQiezli3959nw5vqlmvAix13gc7a1EsA6++mF33Fee9Wx7Kl9Lgm3i6tfm TS9PuWeROlZjvggOF1RhX2PsWvmvXwoDHUSGyQYjw+rwk4wz4d99jq4QnGcHjdYZB3UuxT0X FaRz5Wp4SKfpS8qzx/DztrBO8FyGY/6/S/3w7yuJg+u2Nhh27xAJ5u3wlT9LS8o1fA/3YHMM wW2vNxEbh3jvLbaLFezcEXdrhjGfdFlWCha+JsjFgGB7wNPLR70F46vTZdsxVrUHWAqwb50c uA4QwUBZnLyQb03fgDvh6WSRf4EkniUx13J7Uh99i3xZ8Tr9OE2vgz0KF1Mw4TKZeqsTumwi vNQY+mxzkEb+jlsDU2xw+hZdS9l406Ahq+NJ9E0O/cgboQUOYLrDikIKw6zF9MZYwfP7UBRc ki/bI80pj/5Pa10RAUxFjUzqPc68lT+yZbNLCYL/klXNibPVfpSFgNs7Tq0lkyWIubVLBVsH iGCwwCXac04Ar9k1mvuYaUux1ocgm7WtIpU8PFhZozF9W017UUpKzaB9fhq1ciFQe1ojj1Qd 1kQrlRGPGFDaDZ4XKg00dKHwVe9oIx79bqDzG/8AaaBm/j6GCf1M4LPyoPccWi5qpzYwWypo 8fEROEkwgxHqWgd4XI/Cp20KmLyuIl9uwoc/B3P7drkKqaY+u8UQqFcWzVyQZV2i0tWGXtmR majaDnFtRkdVvj8qmw/tcV4+FNW7DpxHcxKHOgYxGUru4ufHdyfxCNJf0meQCAd9V426IFsQ XhiVRk7vLefEan+DzbEOaM+ZzKQvQ8Yq1qESC2Lhen1LbM9SQblbPPIv3fdqzzgzt01JwdE7 IBJwz7iZzhtyCH8k2kgF0wermPwJkvXlzRtAVUhehO9/R5nmUyuOrCO+wBHgOc0h3fpe2fMe eFNFgRXX1b5mDPaOv0ZHiX5eENFw5JghadhgGdwtQbWJBWdxiNpe/CICbKaHLi9T3DnVnJUd 5c1MO3sfNygbzxTA5lt6opWRn6nQypyt2dJTdEYRwtpjQsGkDqfnEC+w8GuEVpAgooGZQOOV GR2+LLGll47EHqEu3j/aqleBr2y0KTbSLA/Jj9USrO9vnZhxQhfKYusdoXbxwWKm2jf67aU8 0WFuDnr4spq6gq0lh5rgugDXg49slDGV2PjQCjGU08u5RPWuA4ULCKH7eIYj8dfe66eq/H/F YoLzR636DTSWU8VA7KRDOtxi9p7rq89lH0NSLu7y7ksAAAAA ------=_NextPart_000_001B_01C0CA81.7B015D10-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k460fxP6088758; Fri, 5 May 2006 17:41:59 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k460fxbr088757; Fri, 5 May 2006 17:41:59 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from nit.isi.edu (nit.isi.edu [128.9.160.116]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k460fwdB088751 for <ietf-pkix@imc.org>; Fri, 5 May 2006 17:41:58 -0700 (MST) (envelope-from apache@nit.isi.edu) Received: from nit.isi.edu (loopback [127.0.0.1]) by nit.isi.edu (8.12.11.20060308/8.12.11) with ESMTP id k460fvDt032522; Fri, 5 May 2006 17:41:57 -0700 Received: (from apache@localhost) by nit.isi.edu (8.12.11.20060308/8.12.11/Submit) id k460fvOr032521; Fri, 5 May 2006 17:41:57 -0700 Date: Fri, 5 May 2006 17:41:57 -0700 Message-Id: <200605060041.k460fvOr032521@nit.isi.edu> To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org Subject: RFC 4476 on Attribute Certificate (AC) Policies Extension From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> A new Request for Comments is now available in online RFC libraries. RFC 4476 Title: Attribute Certificate (AC) Policies Extension Author: C. Francis, D. Pinkas Status: Standards Track Date: May 2006 Mailbox: Chris_S_Francis@Raytheon.com, Denis.Pinkas@bull.net Pages: 11 Characters: 20229 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-pkix-acpolicies-extn-08.txt URL: http://www.rfc-editor.org/rfc/rfc4476.txt This document describes one certificate extension that explicitly states the Attribute Certificate Policies (ACPs) that apply to a given Attribute Certificate (AC). The goal of this document is to allow relying parties to perform an additional test when validating an AC, i.e., to assess whether a given AC carrying some attributes can be accepted on the basis of references to one or more specific ACPs. [STANDARDS TRACK] This document is a product of the Public-Key Infrastructure (X.509) Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements.Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body help: ways_to_get_rfcs. For example: To: rfc-info@RFC-EDITOR.ORG Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. Submissions for Requests for Comments should be sent to RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC Authors, for further information. Joyce K. Reynolds and Sandy Ginoza USC/Information Sciences Institute ... Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k43J1Poo042814; Wed, 3 May 2006 12:01:25 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k43J1PKP042813; Wed, 3 May 2006 12:01:25 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.243.4]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k43J1O3Z042807 for <ietf-pkix@imc.org>; Wed, 3 May 2006 12:01:24 -0700 (MST) (envelope-from housley@vigilsec.com) Received: (qmail 27912 invoked by uid 0); 3 May 2006 19:01:18 -0000 Received: from unknown (HELO THINKPADR52.vigilsec.com) (71.126.181.72) by woodstock.binhost.com with SMTP; 3 May 2006 19:01:18 -0000 Message-Id: <7.0.0.16.2.20060503144523.074f9278@vigilsec.com> X-Mailer: QUALCOMM Windows Eudora Version 7.0.0.16 Date: Wed, 03 May 2006 15:01:21 -0400 To: ietf-pkix@imc.org From: Russ Housley <housley@vigilsec.com> Subject: RE: Elliptic Curve Cryptography with PKIX In-Reply-To: <OF6FDDAC41.9E722831-ON85257157.0076333C-85257157.0078EE08@ certicom.com> References: <034a01c66562$7a9763a0$0b00a8c0@augustcellars.local> <OF6FDDAC41.9E722831-ON85257157.0076333C-85257157.0078EE08@certicom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> RFC 3280 does not provide as much guidance as I would like. Section 4.1.2.7 says the following about the Subject Public Key Info field: This field is used to carry the public key and identify the algorithm with which the key is used (e.g., RSA, DSA, or Diffie-Hellman). The algorithm is identified using the AlgorithmIdentifier structure specified in section 4.1.1.2. The object identifiers for the supported algorithms and the methods for encoding the public key materials (public key and parameters) are specified in [PKIXALGS]. Section 4.1.1.2 includes these words: The algorithm identifier is used to identify a cryptographic algorithm. The OBJECT IDENTIFIER component identifies the algorithm (such as DSA with SHA-1). The contents of the optional parameters field will vary according to the algorithm identified. It does not really provide much guidance to developers of AlgorithmIdentifiers. I characterize the X9.62 approach as using the OBJECT IDENTIFIER to name a class of elliptic curve algorithms, and then using a portion of the parameters to list the members of that class that are acceptable for the subject public key. I am very interested to know how this fits with real implementations. My suspicion is that implementation that support key agreement are used to looking into the parameter to determine if the public key is a member of the same group. This is needed for static-static Diffie-Hellman (in discrete log or elliptic curve). This is also needed for MQV (and KEA, if anyone cares anymore). My suspicion is that digital signature validation does not anticipate constraints in the public key algorithm parameters. An underlying crypto routine may need the parameters, but the signature is not going to fail because of a constraint in the parameters, which could happen in this proposed syntax. I would greatly appreciate some insight from implementors. Russ
- draft-ietf-pkix-scvp-25.txt yannick quenechdu
- [Fwd: draft-ietf-pkix-scvp-25.txt] yannick quenechdu
- Re: [Fwd: draft-ietf-pkix-scvp-25.txt] David A. Cooper