REVERSE the AGING PROCESS 10-20 Years!
Younger@bdsm.at Fri, 01 December 2000 00:29 UTC
Received: from ns.secondary.com (ns.secondary.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA21789 for <smime-archive@odin.ietf.org>; Thu, 30 Nov 2000 19:29:28 -0500 (EST)
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id PAA24111 for ietf-smime-bks; Thu, 30 Nov 2000 15:43:05 -0800 (PST)
Received: from dns.wsbx.com ([202.99.11.67]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA24107 for <ietf-smime@imc.org>; Thu, 30 Nov 2000 15:43:04 -0800 (PST)
Date: Thu, 30 Nov 2000 15:43:04 -0800
From: Younger@bdsm.at
Message-Id: <200011302343.PAA24107@ns.secondary.com>
Received: from aks011 (1Cust54.tnt1.mia5.da.uu.net [63.30.194.54]) by dns.wsbx.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.1960.3) id X703J4LZ; Fri, 1 Dec 2000 07:47:20 +0800
To: Younger@bdsm.at
Subject: REVERSE the AGING PROCESS 10-20 Years!
MIME-Version: 1.0
Content-Type: text/plain; charset="unknown-8bit"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
HAVE YOU HEARD OF HUMAN GROWTH HORMONE (HGH)???
Released by your own pituitary gland, HGH starts
declining in your 20s, even more in your 30s and 40s,
eventually resulting in the shrinkage of major
organs-plus all other symptoms related to old age.
THIS CAN NOW BE REVERSED!!! IN THOUSANDS OF CLINICAL
STUDIES, HGH HAS BEEN SHOWN TO ACCOMPLISH THE FOLLOWING:
* Reduce Body Fat Without Dieting
Build Lean Muscle WITHOUT EXERCISE!
* Enhance Sexual Performance
* Remove Wrinkles and Cellulite
* Lower Blood Pressure and improve Cholesterol Profile
* Improve Sleep, Vision and Memory
* Restore Hair Color and Growth
* Strengthen the Immune System
* Increase Energy and Cardiac Output
* Turn back your body's Biological Time Clock 10-20
years in 6 months of usage !!!
You don't have to spend thousands of dollars on shots.
You don't have to spend the $139.00 per bottle that
HGH is selling for at some Clinics in the
United States.
For the next 30 Days, you can obtain a complete
one-month supply of our HGH releaser for our special
"New Customers" price of just $69.95 plus $6.00
shipping and handling. To ensure a constant supply and
to SAVE EVEN MORE, you can order with confidence
3 bottles of HGH and GET 1 FREE - that's just $209.85 for
4 bottles, plus $6.00 shipping and handling.
You SAVE $69.95! ORDER TODAY!
Payment Methods
You may FAX or Postal Mail Checks, MasterCard, Visa,
& American Express payments. Money Orders
are accepted only by Postal Mail.
Step 1: Place a check by your desired quanity.
______ 1 Bottle of HGH $69.95
______ 2 Bottles of HGH $131.90 ($65.95 a bottle)
______ 4 Bottles of HGH (Buy 3 get 1 FREE. SAVE $69.95) $209.85
Please add $6 shipping and handling for any size order.
[ Total cost including shipping & handling,
1 bottle=$75.95, 2 bottles=$137.90, 4 bottles=$215.85 ]
International shipping, please add $35 for any size order
[ Total cost including shipping & handling,
1 bottle=$104.95, 2 bottles=$166.90, 4 bottles=$244.85 ]
Foreign checks are not accepted. Credit cards & international
money orders only.
Step 2: Place a check by your desired payment method
and complete fields if necessary.
_____Check or CHECK-BY-FAX [details below]
_____Money Order
_____American Express
Account Number__________________ Exp____/____
_____Visa
Account Number__________________ Exp____/____
_____MasterCard
Account Number__________________ Exp____/____
Please make your check or money order payable to
"Lion Sciences National".
Step 3: Please complete and print the following fields clearly.
Name ___________________________________________________
Address _________________________________________________
City ____________________________________________________
State ___________________________________________________
Zip _____________________________________________________
E-mail __________________________________________________
Signature _________________________________________________
[ required for check and credit card orders]
Toll Free FAX Order Line: 1-800-940-6590
If faxing in your order, please state whether you require
a fax, email, or no confirmation at all.
Allow up to one day for confirmation, if requested.
FAX orders are processed immediately.
Or, print & mail to:
Lion Sciences National
273 S. State Rd. 7 #193
Margate, FL 33068-5727
______________________________________________________
*CHECK BY FAX ORDERS: Complete the check as normal. Tape
the check in the area below. Below the check, clearly write
the check number, all numbers at the bottom of the check,
& your name. Tape the check below and fax the check to the
toll free FAX number above. Void the check. Our merchant
will electronically debit your account for the amount of
the check; your reference number for this transaction will
be your check number. Nothing could be safer & easier !
TAPE CHECK BELOW
_____________________________________________________________
This is a one time mailing: Removal is automatic and no further
contact is necessary. Please Note: HGH is not intended to
diagnose, treat, cure or prevent any disease. The FDA has not
evaluated these statements.
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id PAA24111 for ietf-smime-bks; Thu, 30 Nov 2000 15:43:05 -0800 (PST)
Received: from dns.wsbx.com ([202.99.11.67]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA24107 for <ietf-smime@imc.org>; Thu, 30 Nov 2000 15:43:04 -0800 (PST)
Date: Thu, 30 Nov 2000 15:43:04 -0800 (PST)
From: Younger@bdsm.at
Message-Id: <200011302343.PAA24107@ns.secondary.com>
Received: from aks011 (1Cust54.tnt1.mia5.da.uu.net [63.30.194.54]) by dns.wsbx.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.1960.3) id X703J4LZ; Fri, 1 Dec 2000 07:47:20 +0800
To: Younger@bdsm.at
Subject: REVERSE the AGING PROCESS 10-20 Years!
MIME-Version: 1.0
Content-Type: text/plain; charset=unknown-8bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
HAVE YOU HEARD OF HUMAN GROWTH HORMONE (HGH)???
Released by your own pituitary gland, HGH starts
declining in your 20s, even more in your 30s and 40s,
eventually resulting in the shrinkage of major
organs-plus all other symptoms related to old age.
THIS CAN NOW BE REVERSED!!! IN THOUSANDS OF CLINICAL
STUDIES, HGH HAS BEEN SHOWN TO ACCOMPLISH THE FOLLOWING:
* Reduce Body Fat Without Dieting
Build Lean Muscle WITHOUT EXERCISE!
* Enhance Sexual Performance
* Remove Wrinkles and Cellulite
* Lower Blood Pressure and improve Cholesterol Profile
* Improve Sleep, Vision and Memory
* Restore Hair Color and Growth
* Strengthen the Immune System
* Increase Energy and Cardiac Output
* Turn back your body's Biological Time Clock 10-20
years in 6 months of usage !!!
You don't have to spend thousands of dollars on shots.
You don't have to spend the $139.00 per bottle that
HGH is selling for at some Clinics in the
United States.
For the next 30 Days, you can obtain a complete
one-month supply of our HGH releaser for our special
"New Customers" price of just $69.95 plus $6.00
shipping and handling. To ensure a constant supply and
to SAVE EVEN MORE, you can order with confidence
3 bottles of HGH and GET 1 FREE - that's just $209.85 for
4 bottles, plus $6.00 shipping and handling.
You SAVE $69.95! ORDER TODAY!
Payment Methods
You may FAX or Postal Mail Checks, MasterCard, Visa,
& American Express payments. Money Orders
are accepted only by Postal Mail.
Step 1: Place a check by your desired quanity.
______ 1 Bottle of HGH $69.95
______ 2 Bottles of HGH $131.90 ($65.95 a bottle)
______ 4 Bottles of HGH (Buy 3 get 1 FREE. SAVE $69.95) $209.85
Please add $6 shipping and handling for any size order.
[ Total cost including shipping & handling,
1 bottle=$75.95, 2 bottles=$137.90, 4 bottles=$215.85 ]
International shipping, please add $35 for any size order
[ Total cost including shipping & handling,
1 bottle=$104.95, 2 bottles=$166.90, 4 bottles=$244.85 ]
Foreign checks are not accepted. Credit cards & international
money orders only.
Step 2: Place a check by your desired payment method
and complete fields if necessary.
_____Check or CHECK-BY-FAX [details below]
_____Money Order
_____American Express
Account Number__________________ Exp____/____
_____Visa
Account Number__________________ Exp____/____
_____MasterCard
Account Number__________________ Exp____/____
Please make your check or money order payable to
"Lion Sciences National".
Step 3: Please complete and print the following fields clearly.
Name ___________________________________________________
Address _________________________________________________
City ____________________________________________________
State ___________________________________________________
Zip _____________________________________________________
E-mail __________________________________________________
Signature _________________________________________________
[ required for check and credit card orders]
Toll Free FAX Order Line: 1-800-940-6590
If faxing in your order, please state whether you require
a fax, email, or no confirmation at all.
Allow up to one day for confirmation, if requested.
FAX orders are processed immediately.
Or, print & mail to:
Lion Sciences National
273 S. State Rd. 7 #193
Margate, FL 33068-5727
______________________________________________________
*CHECK BY FAX ORDERS: Complete the check as normal. Tape
the check in the area below. Below the check, clearly write
the check number, all numbers at the bottom of the check,
& your name. Tape the check below and fax the check to the
toll free FAX number above. Void the check. Our merchant
will electronically debit your account for the amount of
the check; your reference number for this transaction will
be your check number. Nothing could be safer & easier !
TAPE CHECK BELOW
_____________________________________________________________
This is a one time mailing: Removal is automatic and no further
contact is necessary. Please Note: HGH is not intended to
diagnose, treat, cure or prevent any disease. The FDA has not
evaluated these statements.
Received: by ns.secondary.com (8.9.3/8.9.3) id HAA18919 for ietf-smime-bks; Thu, 30 Nov 2000 07:20:03 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA18912 for <ietf-smime@imc.org>; Thu, 30 Nov 2000 07:20:02 -0800 (PST)
Received: from ieca.com (mva-aa-044.capu.net [207.226.159.44]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id KAA20188; Thu, 30 Nov 2000 10:21:32 -0500
Message-ID: <3A26707C.CCEE0CA0@ieca.com>
Date: Thu, 30 Nov 2000 10:21:32 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Enzo Michelangeli <em@who.net>
CC: Bob Jueneman <bjueneman@novell.com>, ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
References: <sa252c66.075@prv-mail20.provo.novell.com> <008701c05a85$245f00d0$6000a8c0@em>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Enzo Michelangeli wrote:
> Here is my modest proposal for SMIME v.3 sole MUST requirements:
>
> - Full interoperability with SMIME v.2, therefore #include-ing all the MUST
> of RFC2311;
> - Minimum key length raised to 1024-bit for PK and 112-bit for symmetric
> algorithms;
> - At least one other key exchange algorithm and one signature algorithm
> unrelated to the problem of modular factorization, to protect against
> possible unpleasant effects of progress in numbers theory. I'd say that DSA
> and DH are the best candidates, if we want to exorcise the IP curse that
> could strike ECC-based techniques;
> - 3DES-EDE and Rijndael added to RC2.
>
> Cheers --
>
> Enzo
Enzo,
This isn't actually too modest in my view. In terms of numbers of things
supported it's not too far from where we are now (just a few attributes). I
would support this with one addition. I think you *need* to support the
'SMIMECapabilities' on reception. This just seems like a necessity in any
environment that supports multiple algorithms. Otherwise, you have all you need
for basic interoperability.
Chris
Received: by ns.secondary.com (8.9.3/8.9.3) id HAA18892 for ietf-smime-bks; Thu, 30 Nov 2000 07:19:52 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA18885 for <ietf-smime@imc.org>; Thu, 30 Nov 2000 07:19:51 -0800 (PST)
Received: from ieca.com (mva-aa-044.capu.net [207.226.159.44]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id KAA20162; Thu, 30 Nov 2000 10:21:23 -0500
Message-ID: <3A267073.2B9437D9@ieca.com>
Date: Thu, 30 Nov 2000 10:21:23 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Dr S N Henson <drh@celocom.com>
CC: ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
References: <sa23de75.060@prv-mail20.provo.novell.com> <3A257C22.D2AB9DE5@ieca.com> <3A259CAA.79D5024E@celocom.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Dr S N Henson wrote:
> "Bonatti, Chris" wrote:
> >
> > Reading through this thread, I am astonished at a couple of apparent truisms that are emerging from the various earnest statements made. These are (employing a little editorial license):
> >
> > * The implementation cost of DSA/D-H/3DES was acceptable when RSA was patented, but now that some of us have actually built/tested this the cost has gone up into the "too high" range.
> >
>
> I'd say in the DH case (and to some extent DSA) there's the issue of how
> practical it is. The only DH certificates I've ever seen were in the
> S/MIME examples draft. I suspect there are problems with the parameters
> but despite repeated queries I never found anyone who could
> independently check them.
>
I agree about D-H certs. They are not deployed as far as I can see.
>
> If public CAs issuing DSA certificates are rare then I'd say CAs issuing
> DH certificates are virtually non existent. Does anyone know of a single
> example?
>
For "public CAs" I'd have to agree. I think the US government has issued *lots* of DSA certs, but they generally don't emit them because the interoperability picture is rather bleak. I don't
think secure mail gets used much outside of fairly closed environments for this very reason. It's exceedingly rare that I even see a signed message in this forum.
>
> Its all very nice adding support for DSA and DH but if users can't get
> any certificates from public CAs then their value is severely limited.
>
It's a bit of a chicken and egg problem, though.
Chris
>
> Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> Personal Email: shenson@drh-consultancy.demon.co.uk
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the OpenSSL project: http://www.openssl.org/
> Business Email: drh@celocom.com PGP key: via homepage.
Received: by ns.secondary.com (8.9.3/8.9.3) id HAA18835 for ietf-smime-bks; Thu, 30 Nov 2000 07:19:26 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA18829 for <ietf-smime@imc.org>; Thu, 30 Nov 2000 07:19:25 -0800 (PST)
Received: from ieca.com (mva-aa-044.capu.net [207.226.159.44]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id KAA20115; Thu, 30 Nov 2000 10:21:00 -0500
Message-ID: <3A26705C.EA9CD47A@ieca.com>
Date: Thu, 30 Nov 2000 10:21:00 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Rich Salz <rsalz@caveosystems.com>
CC: ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
References: <sa23de75.060@prv-mail20.provo.novell.com> <3A257C22.D2AB9DE5@ieca.com> <3A259A89.726BBA61@caveosystems.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Rich Salz wrote:
> To be algorithm independant, you make sure you always identify the algorithm,
> and don't mistakenly say "encrypted data" without specifying the mechanism.
> During development of the standards, a good way to do that is to make sure
> multiple mechanisms are specified. In this case, the theoretical (DSA) and the
> practical (RSA).
>
I had the sense that what Dave was alluding to was something more. It sounds like
an algorithm independent infrastructure, or maybe a multi-algorithm infrastructure
is a better way to say it. (Dave, I don't want to put words in your mouth, but it
seemed to me this is what your 11/28 message was saying.) This strikes me as a
good idea from a robustness point of view as has already been stated. It seems
like we're saying on the one hand that this is a good idea, yet on the other that
everybody building to a lowest common denominator is all we're willing to do.
That seems a little disconnected to me.
>
> Peter Gutman said it best a few weeks ago, shortly after RSA expired.
> Something along the lines of "we all pretended to do DSA, but in reality
> everyone did RSA." For political reasons, the IETF bent over backwards to
> avoid mandating patented technology.
>
I missed this statement the first time around, but I think it's probably
accurate. However, consider just what it says about IETF's overall impact on
industry. I think we take the whole MUST/SHOULD/MAY debate way too seriously.
Industry does what it wants.
>
> >Personally, I favor products that support LOTS of interoperability modes.
>
> That's nonsensical. Do you prefer BER over DER? :)
>
For some things, yes. It's better for one-pass processing for instance.
>
> The marketplace has decided and the common crypto mechanism is RSA, and
> practically nobody cares about DSA. Certainly, making DSA not MUST will not
> hurt the DSA-using community.
>
> It's not the IETF's job to raise the bar. It's the IETF's job to make sure we
> all speak the same language, and clearly that language is mod-exp.
> /r$
I agree on these points.
Cheers,
Chris B.
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id HAA18825 for ietf-smime-bks; Thu, 30 Nov 2000 07:19:25 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA18815 for <ietf-smime@imc.org>; Thu, 30 Nov 2000 07:19:22 -0800 (PST)
Received: from ieca.com (mva-aa-044.capu.net [207.226.159.44]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id KAA20102; Thu, 30 Nov 2000 10:20:56 -0500
Message-ID: <3A267053.C3273DB7@ieca.com>
Date: Thu, 30 Nov 2000 10:20:51 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Bob Jueneman <bjueneman@novell.com>
CC: ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
References: <sa252c66.075@prv-mail20.provo.novell.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Bob,
Did I mention that sticking my arm into hornets nests is one of my favorite hobbies. ;-) This nest look good and ripe...
Bob Jueneman wrote:
> Chris, I believe these points are important, and perhaps more important than the particular issues at hand. So please allow me to wax philosophical.
>
> As a consumer, all things being equal, I like products that support lots of interoperability modes too. Beer, champagne, hot dogs, filet mignon, ice cream, apple pie, floor wax and desert topping -- they're all great, at least if you can afford them.
>
> But as a vendor, I am increasingly concerned about the amount of feature creep that we are seeing every day in both the PKIX and SMIME groups, apparently almost unconstrained by business requirements. We need interoperability, and that should not mean lowest common denominator, but it also shouldn't mean being all things to all men.
>
I think that most of the "feature creep" to which you refer is in the realm of options. There is still a fairly small core of S/MIME features that are MUSTs, and nearly all of them have some core interoperability reason.
<snip>
>
> Now allow me to (gently, I hope) take issue with some of your other statements:
> >
> > * The implementation cost of DSA/D-H/3DES was acceptable when RSA was patented, but now that some of us have actually built/tested this the cost
> >has gone up into the "too high" range.
>
> I would disagree. The cost of the RSA license was minimal relative to other development costs, and the RSA algorithm was effectively all there was in terms of deployed PKI infrastructure. The fact that DSA and D-H were labeled MUST was chalked up to IETF politics, and completely ignored by the vendor community as not being worth the implementation cost in terms of revenue return. Granted, it didn't meet some of the expressed desires of the US Government, but the USG has always had a much bigger appetite than budget. (Remember Jovial? Ada? C2 by '92?) Money talks, and everything else walks. They imposed requirements, but those requirements didn't stick when it came to real procurements.
>
Okay, but you're arguing against something that I'm not saying. I'm not saying that anything should be MUST (in fact, I think the reverse should be the case).
I am also NOT saying that we should implement these algorithms because the government says so (like Ada, etc.). What I'm saying is that two years ago WE said is was good enough, cheap enough, etc. Now suddenly it isn't. What gives. I'm trying to point out some intellectual disingenuousness, not arguing for an end state.
> >
> > * Specifying a single MUST algorithm suite was sufficient to make S/MIME algorithm independent, but actually requiring two algorithms suites will cost too
> >much. If we've really achieved algorithm independence in the sense that Dave Kemp suggests, this should be a debate about a relatively small math module.
>
> No, again I disagree. The math module isn't the problem. As a BSAFE licensee, we already have all of the math modules we would need. The real issue is all of the multitudinous GUI screens that have to be developed to allow the user to choose this, that or the other algorithm within S/MIME, and then the same set of choices in any PKI products, and then testing all of these options in every conceivable combination, not just within a given product but in combination with all of the other leading e-mail packages, plus the various PKI services and toolkits as well. those costs dwarf the cost of the math module by a couple of orders of magnitude.
>
This seems a little overstated. As a developer, surely you have the latitude to design your GUIs the way you want. That doesn't stop you from supporting whatever algorithms you want, or auto-selecting based on the 'SMIMECapabilities'.
>
> > * We have an 'SMIMECapabilities' attribute for which support is MUST, but some implementations ignore it so we have to use the lowest common
> >denominator to force interoperability. What make anybody think a MUST on an algorithm choice would be taken any more seriously?
>
> Two issues. As I recall, the SMIMECapabilities is a MAY, not a MUST, although I'll stand corrected if I'm wrong. And as I say, and Peter Gutmann said more succinctly, MUST matters if and only if the vendor was inclined to implement that option anyway. It might be sufficient to push someone over the fence who was already 49% there, but not much more. Standards compliance doesn't pay the rent -- customers do.
>
The 'SMIMECapabilities' attribute is a MUST on reception, and a SHOULD on origination.
On your second point, you have zeroed in on the point of my third bullet admirably. If the MUST doesn't mean much, why are we debating it like it's a meaningful decision?
> >
> > I don't think I actually have an opinion on this issue myself. I'm of the mind set to mandate nothing and let Darwin decide. However, I find the seeming
> >illogic of these collective opinions very troubling. It leads me to think that we're not getting to the REAL reasoning behind this move.
> >
> > I think Blake was closest to this in stating that there has been no customer demand for DSA. Is this the REAL reason to dump DSA? Are customers
> >demanding RSA be used? Do customers express demand for any algorithms, or do they just want it to be "secure"? Are we just drifting to the path of least
> >resistance?
>
> Customers don't demand or specify algorithms. They just want it to be secure, and trust that the vendor will figure out what that means. What they do insist on, however, is that the product work well with the existing infrastructure in order to reduce their total overall cost of ownership. The more sophisticated customers realize that adding more and more features that they never use significantly increases that TCO, so overburdening a product with unnecessary features causes a significant backlash. Increased cost of development with decreased sales. What a concept!
>
However, by this logic nothing ever improves. I'm not knowledgable enough to say whether DSA/D-H is an *improvement* over RSA, or just another choice. Nevertheless, I think this evaluation should be a factor. Somebody else asked the question too. (?) Is DSA/D-H better? If not, then its okay to stick with what's out there. If is it, then we've got to decide if it's better enough to be worth upgrading the infrastructure. I have not even heard this point raised yet. Why not?
All the best,
Chris sends...
Received: by ns.secondary.com (8.9.3/8.9.3) id CAA27612 for ietf-smime-bks; Thu, 30 Nov 2000 02:56:09 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA27592 for <ietf-smime@imc.org>; Thu, 30 Nov 2000 02:56:06 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA28262; Thu, 30 Nov 2000 05:57:39 -0500 (EST)
Message-Id: <200011301057.FAA28262@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-esformats-02.txt
Date: Thu, 30 Nov 2000 05:57:38 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Electronic Signature Formats for long term electronic
signature
Author(s) : D. Pinkas, J. Ross, N. Pope
Filename : draft-ietf-smime-esformats-02.txt
Pages : 75
Date : 29-Nov-00
The informational RFC defines the format of an electronic signature
that can remain valid over long periods. This includes evidence as to
its validity even if the signer or verifying party later attempts to
deny (i.e. repudiates, see [ISONR]) the validity of the signature.
The format can be considered as an extension to RFC 2630 [CMS] and RFC
2634 [ESS], where, when appropriate additional signed and unsigned
attributes have been defined.
The contents of this Informational RFC is technically equivalent to
ETSI ES 201 733 V.1.1.3 Copyright (C). Individual copies of this
ETSI deliverable can be downloaded from http://www.etsi.org
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-esformats-02.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-esformats-02.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-esformats-02.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001129114644.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-esformats-02.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-esformats-02.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001129114644.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id UAA28359 for ietf-smime-bks; Wed, 29 Nov 2000 20:21:17 -0800 (PST)
Received: from china.asiainter.net (asiainter.net [202.84.207.2]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id UAA28354 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 20:21:15 -0800 (PST)
Received: (qmail 1233 invoked from network); 30 Nov 2000 04:22:44 -0000
Received: from unknown (HELO em) (203.161.252.186) by asiainter.net with SMTP; 30 Nov 2000 04:22:44 -0000
Message-ID: <008701c05a85$245f00d0$6000a8c0@em>
From: "Enzo Michelangeli" <em@who.net>
To: "Bob Jueneman" <bjueneman@novell.com>, "Bonatti, Chris" <BonattiC@ieca.com>, <ietf-smime@imc.org>
References: <sa252c66.075@prv-mail20.provo.novell.com>
Subject: Re: RSA vs. DSA MUST
Date: Thu, 30 Nov 2000 11:59:47 +0800
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
----- Original Message -----
From: "Bob Jueneman" <bjueneman@novell.com>
To: <BonattiC@ieca.com>; <ietf-smime@imc.org>
Sent: Thursday, November 30, 2000 7:18 AM
Subject: Re: RSA vs. DSA MUST
[...]
> As a result, Product Management is increasingly inclined to
> "Just Say NO" to these kinds of features, which ends up making
> IETF standards increasingly irrelevant and making interoperability
> that much harder, rather than easier.
I think that Product Management needs to understand that in the Internet age
interoperability is, for a vendor, matter of life and death; I think your
company grasps this point well, as it bit the bullet several years ago by
embracing TCP/IP.
> The real challenge in creating standards is therefore not to
> attempt to see how many you can create with all of their rococo
> variations, but rather how few you can get by with and still
> get the job done. To the extent that the IETF WGs become
> self-justifying, self-perpetuating, and eternal, the less useful
> they become, IMHO. We are becoming more and more like ISO every
> day, and maybe worse.
Gee Bob, you stole my line: I was planning to title one of my postings "The
X.400-ization of secure e-mail". Does everyboy remember X.400 (1984) and
X.400 (1988)? Both S/MIME and OpenPGP, at this moment, exist in two major
versions that do not necessarily interoperate with each other, and for the
same damn reason (old intellectual property issues on cryptographic
algorithms, now in large part disappeared).
> This is really a case of Little Red Riding Hood's porridge.
> We want it to be not too hot (needlessly feature rich), and
> not too cold (missing important capabilities or security,
> forcing everyone to devolve to the lowest common denominator),
> but rather just right. And that requires making intelligent CHOICES.
Here is my modest proposal for SMIME v.3 sole MUST requirements:
- Full interoperability with SMIME v.2, therefore #include-ing all the MUST
of RFC2311;
- Minimum key length raised to 1024-bit for PK and 112-bit for symmetric
algorithms;
- At least one other key exchange algorithm and one signature algorithm
unrelated to the problem of modular factorization, to protect against
possible unpleasant effects of progress in numbers theory. I'd say that DSA
and DH are the best candidates, if we want to exorcise the IP curse that
could strike ECC-based techniques;
- 3DES-EDE and Rijndael added to RC2.
Cheers --
Enzo
Received: by ns.secondary.com (8.9.3/8.9.3) id TAA24387 for ietf-smime-bks; Wed, 29 Nov 2000 19:00:04 -0800 (PST)
Received: from mailhost3.lanl.gov (mailhost3.lanl.gov [128.165.3.9]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id TAA24383 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 19:00:02 -0800 (PST)
Received: (from root@localhost) by mailhost3.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) id eAU2vRJ12068; Wed, 29 Nov 2000 19:57:27 -0700
Received: from mailproxy.lanl.gov ([128.165.254.25]) by mailhost3.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMVG419269; Wed, 29 Nov 2000 15:31:17 -0700
Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by mailproxy.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMVEf31198; Wed, 29 Nov 2000 15:31:14 -0700
Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id RAA06575 for ietf-123-outbound.07@ietf.org; Wed, 29 Nov 2000 17:15:01 -0500 (EST)
Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA01543 for <all-ietf@loki.ietf.org>; Wed, 29 Nov 2000 06:31:42 -0500 (EST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02101; Wed, 29 Nov 2000 06:31:41 -0500 (EST)
Message-Id: <200011291131.GAA02101@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-x400wrap-01.txt
Date: Wed, 29 Nov 2000 06:31:41 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Securing X.400 Content with S/MIME
Author(s) : P. Hoffman, C. Bonatti
Filename : draft-ietf-smime-x400wrap-01.txt
Pages :
Date : 28-Nov-00
This document describes a protocol for adding cryptographic signature
and encryption services to X.400 content.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-x400wrap-01.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-x400wrap-01.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-x400wrap-01.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001128134620.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-x400wrap-01.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-x400wrap-01.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001128134620.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id SAA24375 for ietf-smime-bks; Wed, 29 Nov 2000 18:59:37 -0800 (PST)
Received: from mailman.lanl.gov (mailman.lanl.gov [128.165.5.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA24370 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 18:59:35 -0800 (PST)
Received: (from root@localhost) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) id eAU2gAQ16496; Wed, 29 Nov 2000 19:42:10 -0700
Received: from mailproxy.lanl.gov ([128.165.254.25]) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMMZf26535; Wed, 29 Nov 2000 15:22:35 -0700
Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by mailproxy.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMMXf29458; Wed, 29 Nov 2000 15:22:33 -0700
Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id RAA06503 for ietf-123-outbound.07@ietf.org; Wed, 29 Nov 2000 17:05:01 -0500 (EST)
Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA01536 for <all-ietf@loki.ietf.org>; Wed, 29 Nov 2000 06:31:38 -0500 (EST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02047; Wed, 29 Nov 2000 06:31:37 -0500 (EST)
Message-Id: <200011291131.GAA02047@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-examples-05.txt
Date: Wed, 29 Nov 2000 06:31:36 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Examples of S/MIME Messages
Author(s) : P. Hoffman
Filename : draft-ietf-smime-examples-05.txt
Pages : 8
Date : 28-Nov-00
This document gives examples of message bodies formatted using S/MIME.
Specifically, it has examples of Cryptographic Message Syntax (CMS)
objects, S/MIME messages (including the MIME formatting), and Enhanced
Security Services for S/MIME (ESS). It includes examples of most or all
common CMS and ESS formats; in addition, it gives examples that show
common pitfalls in implementing CMS. The purpose of this document is to
help increase interoperability for S/MIME and other protocols that rely
on CMS.
This draft is being discussed on the 'ietf-smime' mailing list. To
join the list, send a message to <ietf-smime-request@imc.org> with the
single word 'subscribe' in the body of the message. Also, there is a
Web site for the mailing list at <http://www.imc.org/ietf-smime/>.
This draft is being discussed on the 'ietf-smime' mailing list. To
join the list, send a message to <ietf-smime-request@imc.org> with the
single word 'subscribe' in the body of the message. Also, there is a
Web site for the mailing list at <http://www.imc.org/ietf-smime/>.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-examples-05.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-examples-05.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-examples-05.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001128134610.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-examples-05.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-examples-05.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001128134610.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id SAA24368 for ietf-smime-bks; Wed, 29 Nov 2000 18:59:29 -0800 (PST)
Received: from mailman.lanl.gov (mailman.lanl.gov [128.165.5.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA24364 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 18:59:28 -0800 (PST)
Received: (from root@localhost) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) id eAU2dG814653; Wed, 29 Nov 2000 19:39:16 -0700
Received: from mailproxy.lanl.gov ([128.165.254.25]) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMEgf24308; Wed, 29 Nov 2000 15:14:42 -0700
Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by mailproxy.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMEff28052; Wed, 29 Nov 2000 15:14:41 -0700
Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id QAA06414 for ietf-123-outbound.07@ietf.org; Wed, 29 Nov 2000 16:55:01 -0500 (EST)
Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA01529 for <all-ietf@loki.ietf.org>; Wed, 29 Nov 2000 06:31:32 -0500 (EST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02003; Wed, 29 Nov 2000 06:31:31 -0500 (EST)
Message-Id: <200011291131.GAA02003@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-compression-03.txt
Date: Wed, 29 Nov 2000 06:31:31 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Compressed Data Content Type for S/MIME
Author(s) : P. Gutmann
Filename : draft-ietf-smime-compression-03.txt
Pages :
Date : 28-Nov-00
The Cryptographic Message Syntax data format doesn't currently contain
any provisions for compressing data before processing it. Compressing
data before transmission provides a number of advantages including the
elimination of data redundancy which could help an attacker, speeding
up processing by reducing the amount of data to be processed by later
steps such as signing or encryption, and reducing overall message
size. Although there have been proposals for adding compression at
other levels (for example at the MIME or SSL level) these don't
address the problem of compression of CMS content unless the
compression is supplied by an external means (for example by
intermixing MIME and CMS). This document defines a format for using
compressed data as a CMS content type.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-compression-03.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-compression-03.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-compression-03.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001128134600.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-compression-03.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-compression-03.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001128134600.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id SAA23994 for ietf-smime-bks; Wed, 29 Nov 2000 18:37:01 -0800 (PST)
Received: from mailman.lanl.gov (mailman.lanl.gov [128.165.5.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA23990 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 18:36:59 -0800 (PST)
Received: (from root@localhost) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) id eAU2cXb13973; Wed, 29 Nov 2000 19:38:33 -0700
Received: from mailproxy.lanl.gov ([128.165.254.25]) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMDVf23697 for <ronw@lanl.gov>; Wed, 29 Nov 2000 15:13:31 -0700
Received: from ns.secondary.com (ns.secondary.com [208.184.76.39]) by mailproxy.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMDUf27814 for <ronw@lanl.gov>; Wed, 29 Nov 2000 15:13:30 -0700
Received: by ns.secondary.com (8.9.3/8.9.3) id NAA14577 for ietf-smime-bks; Wed, 29 Nov 2000 13:57:34 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA14573 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 13:57:32 -0800 (PST)
Received: from ieca.com (mva-aa-086.capu.net [207.226.159.86]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id QAA24513 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 16:59:04 -0500
Message-ID: <3A257C22.D2AB9DE5@ieca.com>
Date: Wed, 29 Nov 2000 16:58:58 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
References: <sa23de75.060@prv-mail20.provo.novell.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id SAA22983 for ietf-smime-bks; Wed, 29 Nov 2000 18:06:18 -0800 (PST)
Received: from mailman.lanl.gov (mailman.lanl.gov [128.165.5.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA22964 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 18:06:11 -0800 (PST)
Received: (from root@localhost) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) id eAU20xk30850; Wed, 29 Nov 2000 19:00:59 -0700
Received: from mailproxy.lanl.gov ([128.165.254.25]) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMMZf26535; Wed, 29 Nov 2000 15:22:35 -0700
Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by mailproxy.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMMXf29458; Wed, 29 Nov 2000 15:22:33 -0700
Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id RAA06503 for ietf-123-outbound.07@ietf.org; Wed, 29 Nov 2000 17:05:01 -0500 (EST)
Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA01536 for <all-ietf@loki.ietf.org>; Wed, 29 Nov 2000 06:31:38 -0500 (EST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02047; Wed, 29 Nov 2000 06:31:37 -0500 (EST)
Message-Id: <200011291131.GAA02047@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-examples-05.txt
Date: Wed, 29 Nov 2000 06:31:36 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Examples of S/MIME Messages
Author(s) : P. Hoffman
Filename : draft-ietf-smime-examples-05.txt
Pages : 8
Date : 28-Nov-00
This document gives examples of message bodies formatted using S/MIME.
Specifically, it has examples of Cryptographic Message Syntax (CMS)
objects, S/MIME messages (including the MIME formatting), and Enhanced
Security Services for S/MIME (ESS). It includes examples of most or all
common CMS and ESS formats; in addition, it gives examples that show
common pitfalls in implementing CMS. The purpose of this document is to
help increase interoperability for S/MIME and other protocols that rely
on CMS.
This draft is being discussed on the 'ietf-smime' mailing list. To
join the list, send a message to <ietf-smime-request@imc.org> with the
single word 'subscribe' in the body of the message. Also, there is a
Web site for the mailing list at <http://www.imc.org/ietf-smime/>.
This draft is being discussed on the 'ietf-smime' mailing list. To
join the list, send a message to <ietf-smime-request@imc.org> with the
single word 'subscribe' in the body of the message. Also, there is a
Web site for the mailing list at <http://www.imc.org/ietf-smime/>.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-examples-05.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-examples-05.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-examples-05.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001128134610.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-examples-05.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-examples-05.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001128134610.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id SAA22972 for ietf-smime-bks; Wed, 29 Nov 2000 18:06:13 -0800 (PST)
Received: from mailman.lanl.gov (mailman.lanl.gov [128.165.5.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA22961 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 18:06:11 -0800 (PST)
Received: (from root@localhost) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) id eAU20XQ29644; Wed, 29 Nov 2000 19:00:33 -0700
Received: from mailproxy.lanl.gov ([128.165.254.25]) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMEgf24308; Wed, 29 Nov 2000 15:14:42 -0700
Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by mailproxy.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMEff28052; Wed, 29 Nov 2000 15:14:41 -0700
Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id QAA06414 for ietf-123-outbound.07@ietf.org; Wed, 29 Nov 2000 16:55:01 -0500 (EST)
Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA01529 for <all-ietf@loki.ietf.org>; Wed, 29 Nov 2000 06:31:32 -0500 (EST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02003; Wed, 29 Nov 2000 06:31:31 -0500 (EST)
Message-Id: <200011291131.GAA02003@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-compression-03.txt
Date: Wed, 29 Nov 2000 06:31:31 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Compressed Data Content Type for S/MIME
Author(s) : P. Gutmann
Filename : draft-ietf-smime-compression-03.txt
Pages :
Date : 28-Nov-00
The Cryptographic Message Syntax data format doesn't currently contain
any provisions for compressing data before processing it. Compressing
data before transmission provides a number of advantages including the
elimination of data redundancy which could help an attacker, speeding
up processing by reducing the amount of data to be processed by later
steps such as signing or encryption, and reducing overall message
size. Although there have been proposals for adding compression at
other levels (for example at the MIME or SSL level) these don't
address the problem of compression of CMS content unless the
compression is supplied by an external means (for example by
intermixing MIME and CMS). This document defines a format for using
compressed data as a CMS content type.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-compression-03.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-compression-03.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-compression-03.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001128134600.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-compression-03.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-compression-03.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001128134600.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id RAA22779 for ietf-smime-bks; Wed, 29 Nov 2000 17:58:55 -0800 (PST)
Received: from mailman.lanl.gov (mailman.lanl.gov [128.165.5.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA22775 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 17:58:54 -0800 (PST)
Received: (from root@localhost) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) id eAU20R429348; Wed, 29 Nov 2000 19:00:27 -0700
Received: from mailproxy.lanl.gov ([128.165.254.25]) by mailman.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMDVf23697 for <ronw@lanl.gov>; Wed, 29 Nov 2000 15:13:31 -0700
Received: from ns.secondary.com (ns.secondary.com [208.184.76.39]) by mailproxy.lanl.gov (8.10.1/8.10.1/(cic-5, 6/12/00)) with ESMTP id eATMDUf27814 for <ronw@lanl.gov>; Wed, 29 Nov 2000 15:13:30 -0700
Received: by ns.secondary.com (8.9.3/8.9.3) id NAA14577 for ietf-smime-bks; Wed, 29 Nov 2000 13:57:34 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA14573 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 13:57:32 -0800 (PST)
Received: from ieca.com (mva-aa-086.capu.net [207.226.159.86]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id QAA24513 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 16:59:04 -0500
Message-ID: <3A257C22.D2AB9DE5@ieca.com>
Date: Wed, 29 Nov 2000 16:58:58 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
References: <sa23de75.060@prv-mail20.provo.novell.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id RAA21745 for ietf-smime-bks; Wed, 29 Nov 2000 17:19:36 -0800 (PST)
Received: from bbs.ht.net.cn ([202.103.160.51]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA21740 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 17:19:34 -0800 (PST)
From: V@tzw.de
Received: from h809 (1Cust82.tnt1.mia5.da.uu.net [63.30.194.82]) by bbs.ht.net.cn (8.8.7/8.7.3) with SMTP id JAA15367; Thu, 30 Nov 2000 09:38:25 +0800
Date: Thu, 30 Nov 2000 09:38:25 +0800
Message-Id: <200011300138.JAA15367@bbs.ht.net.cn>
To: V@tzw.de
Subject: Lady V: The Pleasure Pill for Women!
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
LADY V: The Pleasure Pill for Women!
Men Have Their Viagra®! Finally, A Pill for Women!
It's Here! The Revolutionary Woman's Sexual Sensation is Now
Available.
Researchers are calling Lady V the greatest breakthrough
for women since the Birth Control Pill. And you don't even need
a prescription to get it!
Welcome to the New Sexual Revolution!
It's no secret that men have been having the time of their
lives since the wonder pill Viagra® was made available. But,
women were left out in the cold with no pill... nothing!
Well now thanks to an all-star team of medical researchers
who have been working around the clock, those days are finally
over. The perfect female "pleasure pill" has been created and
you don't even need a prescription. You can now get it from
Lion Sciences!
Lady V is the world's first pleasure pill scientifically
designed for women. Lady V is an all-natural proprietary
herbal blend of prosexual nutrients from around the world
synergistically blended to naturally stimulate neurotransmitter
endorphin signals. This magical combination increases targeted
blood flow, unleashes natural stimulator for maximum stimulation,
triggering pleasure responses quickly. Lady V is safe, natural
and doctor-recommended.
Since its introduction Lady V has been taking the world by storm!
>From Malibu to Miami women are enjoying the most intense pleasure
of their lives!
100% Natural
Safe
The Highest Quality Pharmaceutical Pure Nutraceuticals
Guaranteed Potency
Certified Purity
Lady V is Sweeping the Nation!
Women are going crazy over Lady V. Suddenly couples are falling
in love all over again. The passion and pleasure that women are
reporting is off the charts! Lady V has an incredible 88% success
rate. Best of all, while Viagra costs $10 a pill, Lady V costs
less than $1 a pill! It's not just a man's world anymore!
Just look at what a few women have to say:
"I thought my love life was good before, but now it is out of
this world! Lady V is remarkable." Mary J., Interior Designer
"I haven't smiled like this in a long time. My husband and I
feel like a couple of 19 year olds again!" Debra T, Assistant Buyer
"Imagine what it would feel like to have incredible passion
and pleasure anytime you want." Jennifer C., Film Editor
"Suddenly my husband and I are spending more time in the bedroom
instead of the TV room." Angie R., Realtor
Ingredients: Vitamin D, Niacin, Vitamin B6, Folic Acid,
Vitamin B12, Avena Sativa, Kava Kava, Guarana, White Willow Extract,
Mura Puama, St. John's Wort, Siberian Ginseng, Cordyceps, Damiana,
and L-Taurine.
Each bottle of Lady V contains 30 tablets.
Take three capsules one hour before romantic activity
as a dietary supplement.
Risk Free: Double Your Money Back Guarantee
If Lady V does not give the desired results as stated
above, simply return the unused portion for a
double-your money back refund. No questions asked!
Order Now: Safe, Fast, Secure, Private
Lady V with its DOUBLE YOUR MONEY BACK GUARANTEE is
available only through this special promotional offer.
Herbal V arrives in plain packaging for your privacy.
Any and all information is kept strictly confidential.
Payment Methods
You may FAX or Postal Mail Checks, MasterCard, Visa,
& American Express.payments. Money Orders
are accepted only by Postal Mail.
Each bottle of Lady V contains 30 tablets.
Step 1: Place a check by your desired quanity.
______ 1 Bottle of Lady V $24
______ 2 Bottles of Lady V $44
______ 3 Bottles of Lady V $59
Please add $6 shipping and handling for any size order.
[ Total cost including shipping & handling,
1 bottle=$30, 2 bottles=$50, 3 bottles=$65 ]
International Orders
Please add $18 shipping and handling for any size order.
[ Total cost including shipping & handling,
1 bottle=$42, 2 bottles=$62, 3 bottles=$77 ]
We cannot accept foreign checks.
International money orders or credit cards only.
Step 2: Place a check by your desired payment method
and complete fields if necessary.
_____Check or CHECK-BY-FAX [details below]
_____Money Order
_____American Express
Account Number__________________ Exp____/____
_____Visa
Account Number__________________ Exp____/____
_____MasterCard
Account Number__________________ Exp____/____
Please make your check or money order payable to
"Lion Sciences National".
Step 3: Please complete and print the following fields clearly.
Name ___________________________________________________
Address _________________________________________________
City ____________________________________________________
State ___________________________________________________
Zip _____________________________________________________
E-mail __________________________________________________
Signature _________________________________________________
[ required for check and credit card orders]
Toll Free FAX Order Line: 1-800-940-6590
If faxing in your order, please state whether you require
a fax, email, or no confirmation at all.
Allow up to one day for confirmation, if requested.
FAX orders are processed immediately.
Or, print & mail to: LSN
273 S. State Rd. 7, #193
Margate, FL 33068-5727
______________________________________________________
*CHECK BY FAX ORDERS: Complete the check as normal. Tape
the check in the area below. Below the check, clearly write
the check number, all numbers at the bottom of the check,
& your name. Tape the check below and fax the check to the
toll free FAX number above. Void the check. Our merchant
will electronically debit your account for the amount of
the check; your reference number for this transaction will
be your check number. Nothing could be safer & easier !
TAPE CHECK BELOW
_____________________________________________________________
This is a one time mailing: Removal is automatic and no further
contact is necessary. Please Note: Lady V is not intended to
diagnose, treat, cure or prevent any disease. As individuals differ,
so will results. Lady V helps provide herbal and nutritional support
for female sexual performance. The FDA has not evaluated these
statements. For details about our double your money back guarantee,
please write to the above address, attention consumer affairs
department; enclose a self addressed stamped envelope for this and any
requested contact information.
Thank You.
Received: by ns.secondary.com (8.9.3/8.9.3) id QAA20241 for ietf-smime-bks; Wed, 29 Nov 2000 16:16:36 -0800 (PST)
Received: from finch-post-10.mail.demon.net (finch-post-10.mail.demon.net [194.217.242.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id QAA20237 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 16:16:35 -0800 (PST)
Received: from drh-consultancy.demon.co.uk ([193.237.150.98] helo=celocom.com) by finch-post-10.mail.demon.net with esmtp (Exim 2.12 #1) id 141HQM-0000ko-0A for ietf-smime@imc.org; Thu, 30 Nov 2000 00:18:07 +0000
Message-ID: <3A259CAA.79D5024E@celocom.com>
Date: Thu, 30 Nov 2000 00:17:46 +0000
From: Dr S N Henson <drh@celocom.com>
Organization: S N Henson
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
References: <sa23de75.060@prv-mail20.provo.novell.com> <3A257C22.D2AB9DE5@ieca.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
"Bonatti, Chris" wrote:
>
> Reading through this thread, I am astonished at a couple of apparent truisms that are emerging from the various earnest statements made. These are (employing a little editorial license):
>
> * The implementation cost of DSA/D-H/3DES was acceptable when RSA was patented, but now that some of us have actually built/tested this the cost has gone up into the "too high" range.
>
I'd say in the DH case (and to some extent DSA) there's the issue of how
practical it is. The only DH certificates I've ever seen were in the
S/MIME examples draft. I suspect there are problems with the parameters
but despite repeated queries I never found anyone who could
independently check them.
If public CAs issuing DSA certificates are rare then I'd say CAs issuing
DH certificates are virtually non existent. Does anyone know of a single
example?
Its all very nice adding support for DSA and DH but if users can't get
any certificates from public CAs then their value is severely limited.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@drh-consultancy.demon.co.uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: drh@celocom.com PGP key: via homepage.
Received: by ns.secondary.com (8.9.3/8.9.3) id QAA19961 for ietf-smime-bks; Wed, 29 Nov 2000 16:03:59 -0800 (PST)
Received: from mail-fwd.verio-web.com (mail11a.verio-web.com [161.58.16.57]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id QAA19956 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 16:03:58 -0800 (PST)
Received: from 161.58.117.181 (161.58.117.181) by mail11a.verio-web.com (RS ver 1.0.57s) with SMTP id 011686078; Wed, 29 Nov 2000 19:05:31 -0500 (EST)
Received: from caveosystems.com (adsl-141-154-13-230.bellatlantic.net [141.154.13.230]) by os390.caveosystems.com (8.9.3/8.9.3) with ESMTP id TAA15777; Wed, 29 Nov 2000 19:06:06 -0500
Message-ID: <3A259A89.726BBA61@caveosystems.com>
Date: Wed, 29 Nov 2000 19:08:41 -0500
From: Rich Salz <rsalz@caveosystems.com>
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Bonatti, Chris" <BonattiC@ieca.com>
CC: ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
References: <sa23de75.060@prv-mail20.provo.novell.com> <3A257C22.D2AB9DE5@ieca.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Loop-Detect: 1
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
I think your perception is slightly (but significantly) off.
Some folks implemented DSA-family, but most folks paid money and licensed RSA
and did that. Apparently some of those DSA implementors would rather not bear
the continued cost of maintaining a code branch that has seen no customer
demand. That's a high cost just to be able to claim IETF SMIME compliance.
To be algorithm independant, you make sure you always identify the algorithm,
and don't mistakenly say "encrypted data" without specifying the mechanism.
During development of the standards, a good way to do that is to make sure
multiple mechanisms are specified. In this case, the theoretical (DSA) and the
practical (RSA).
Peter Gutman said it best a few weeks ago, shortly after RSA expired.
Something along the lines of "we all pretended to do DSA, but in reality
everyone did RSA." For political reasons, the IETF bent over backwards to
avoid mandating patented technology.
>Personally, I favor products that support LOTS of interoperability modes.
That's nonsensical. Do you prefer BER over DER? :)
The marketplace has decided and the common crypto mechanism is RSA, and
practically nobody cares about DSA. Certainly, making DSA not MUST will not
hurt the DSA-using community.
It's not the IETF's job to raise the bar. It's the IETF's job to make sure we
all speak the same language, and clearly that language is mod-exp.
/r$
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id PAA17335 for ietf-smime-bks; Wed, 29 Nov 2000 15:18:15 -0800 (PST)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id PAA17331 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 15:18:14 -0800 (PST)
Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 29 Nov 2000 16:18:46 -0700
Message-Id: <sa252c66.075@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 5.5.5.1
Date: Wed, 29 Nov 2000 16:18:47 -0700
From: "Bob Jueneman" <bjueneman@novell.com>
To: <BonattiC@ieca.com>, <ietf-smime@imc.org>
Subject: Re: RSA vs. DSA MUST
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id PAA17332
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Chris, I believe these points are important, and perhaps more important than the particular issues at hand. So please allow me to wax philosophical.
As a consumer, all things being equal, I like products that support lots of interoperability modes too. Beer, champagne, hot dogs, filet mignon, ice cream, apple pie, floor wax and desert topping -- they're all great, at least if you can afford them.
But as a vendor, I am increasingly concerned about the amount of feature creep that we are seeing every day in both the PKIX and SMIME groups, apparently almost unconstrained by business requirements. We need interoperability, and that should not mean lowest common denominator, but it also shouldn't mean being all things to all men.
Although the development cost of adding a particular feature tends to go up linearly, the testing and interoperability costs tend to go up with the SQUARE of the features, all of which generally have to be tested in all possible combinations. That is both expensive and time consuming, and leads to products that are either buggy or late, or typically both. And that clearly doesn't benefit the consumer at all.
As a result, Product Management is increasingly inclined to "Just Say NO" to these kinds of features, which ends up making IETF standards increasingly irrelevant and making interoperability that much harder, rather than easier.
The real challenge in creating standards is therefore not to attempt to see how many you can create with all of their rococo variations, but rather how few you can get by with and still get the job done. To the extent that the IETF WGs become self-justifying, self-perpetuating, and eternal, the less useful they become, IMHO. We are becoming more and more like ISO every day, and maybe worse.
Now allow me to (gently, I hope) take issue with some of your other statements:
>
>>>> "Bonatti, Chris" <BonattiC@ieca.com> 11/29/00 02:58PM >>>
> Reading through this thread, I am astonished at a couple of apparent truisms that are emerging from the various earnest statements made. These are
>(employing a little editorial license):
>
> * The implementation cost of DSA/D-H/3DES was acceptable when RSA was patented, but now that some of us have actually built/tested this the cost
>has gone up into the "too high" range.
I would disagree. The cost of the RSA license was minimal relative to other development costs, and the RSA algorithm was effectively all there was in terms of deployed PKI infrastructure. The fact that DSA and D-H were labeled MUST was chalked up to IETF politics, and completely ignored by the vendor community as not being worth the implementation cost in terms of revenue return. Granted, it didn't meet some of the expressed desires of the US Government, but the USG has always had a much bigger appetite than budget. (Remember Jovial? Ada? C2 by '92?) Money talks, and everything else walks. They imposed requirements, but those requirements didn't stick when it came to real procurements.
>
> * Specifying a single MUST algorithm suite was sufficient to make S/MIME algorithm independent, but actually requiring two algorithms suites will cost too
>much. If we've really achieved algorithm independence in the sense that Dave Kemp suggests, this should be a debate about a relatively small math module.
No, again I disagree. The math module isn't the problem. As a BSAFE licensee, we already have all of the math modules we would need. The real issue is all of the multitudinous GUI screens that have to be developed to allow the user to choose this, that or the other algorithm within S/MIME, and then the same set of choices in any PKI products, and then testing all of these options in every conceivable combination, not just within a given product but in combination with all of the other leading e-mail packages, plus the various PKI services and toolkits as well. those costs dwarf the cost of the math module by a couple of orders of magnitude.
> * We have an 'SMIMECapabilities' attribute for which support is MUST, but some implementations ignore it so we have to use the lowest common
>denominator to force interoperability. What make anybody think a MUST on an algorithm choice would be taken any more seriously?
Two issues. As I recall, the SMIMECapabilities is a MAY, not a MUST, although I'll stand corrected if I'm wrong. And as I say, and Peter Gutmann said more succinctly, MUST matters if and only if the vendor was inclined to implement that option anyway. It might be sufficient to push someone over the fence who was already 49% there, but not much more. Standards compliance doesn't pay the rent -- customers do.
>
> I don't think I actually have an opinion on this issue myself. I'm of the mind set to mandate nothing and let Darwin decide. However, I find the seeming
>illogic of these collective opinions very troubling. It leads me to think that we're not getting to the REAL reasoning behind this move.
>
> I think Blake was closest to this in stating that there has been no customer demand for DSA. Is this the REAL reason to dump DSA? Are customers
>demanding RSA be used? Do customers express demand for any algorithms, or do they just want it to be "secure"? Are we just drifting to the path of least
>resistance?
Customers don't demand or specify algorithms. They just want it to be secure, and trust that the vendor will figure out what that means. What they do insist on, however, is that the product work well with the existing infrastructure in order to reduce their total overall cost of ownership. The more sophisticated customers realize that adding more and more features that they never use significantly increases that TCO, so overburdening a product with unnecessary features causes a significant backlash. Increased cost of development with decreased sales. What a concept!
>
> Personally, I favor products that support LOTS of interoperability modes... not just lowest common denominators. Call me crazy, but...
>
>Chris B.
This is really a case of Little Red Riding Hood's porridge. We want it to be not too hot (needlessly feature rich), and not too cold (missing important capabilities or security, forcing everyone to devolve to the lowest common denominator), but rather just right. And that requires making intelligent CHOICES.
I like mustard, and I like chocolate. But that doesn't mean that I want chocolate on my hot dog, nor mustard on my ice cream, just because I have them both in my refrigerator. :-)
Regards,
Bob
Received: by ns.secondary.com (8.9.3/8.9.3) id PAA16860 for ietf-smime-bks; Wed, 29 Nov 2000 15:13:32 -0800 (PST)
Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA16856 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 15:13:32 -0800 (PST)
Received: from RHOUSLEY-PC.spyrus.com (dial04.spyrus.com [207.212.34.124]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id PAA01758; Wed, 29 Nov 2000 15:13:26 -0800 (PST)
Message-Id: <5.0.1.4.2.20001129175648.0289b0c0@mail.spyrus.com>
X-Sender: rhousley@mail.spyrus.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.1
Date: Wed, 29 Nov 2000 18:00:44 -0500
To: jis@mit.edu, MLeech@nortel.ca
From: Russ Housley <housley@spyrus.com>
Subject: IESG ACTION NEEDED: draft-ietf-smime-compression-03.txt
Cc: ietf-smime@imc.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Jeff & Marcus:
The S/MIME WG has finished work on the CMS compressed data type. This
Interned-Draft is ready for IETF Last Call and approval by the IESG as a
standards-track RFC.
Title : Compressed Data Content Type for S/MIME
Author(s) : P. Gutmann
Filename : draft-ietf-smime-compression-03.txt
Date : 28-Nov-00
RFC 2630 (CMS) doesn't currently contain any provisions for compressing
data before processing it. Compressing data before transmission provides a
number of advantages including the elimination of data redundancy which
could help an attacker, speeding
up processing by reducing the amount of data to be processed by later steps
such as signing or encryption, and reducing overall message size. Although
there have been proposals for adding compression at other levels (for
example at the MIME or SSL level) these don't address the problem of
compression of CMS content unless the
compression is supplied by an external means (for example by intermixing
MIME and CMS). This document defines a format for using compressed data as
a CMS content type.
Russ
Received: by ns.secondary.com (8.9.3/8.9.3) id NAA14577 for ietf-smime-bks; Wed, 29 Nov 2000 13:57:34 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA14573 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 13:57:32 -0800 (PST)
Received: from ieca.com (mva-aa-086.capu.net [207.226.159.86]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id QAA24513 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 16:59:04 -0500
Message-ID: <3A257C22.D2AB9DE5@ieca.com>
Date: Wed, 29 Nov 2000 16:58:58 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
References: <sa23de75.060@prv-mail20.provo.novell.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Reading through this thread, I am astonished at a couple of apparent truisms that are emerging from the various earnest statements made. These are (employing a little editorial license):
* The implementation cost of DSA/D-H/3DES was acceptable when RSA was patented, but now that some of us have actually built/tested this the cost has gone up into the "too high" range.
* Specifying a single MUST algorithm suite was sufficient to make S/MIME algorithm independent, but actually requiring two algorithms suites will cost too much. If we've really achieved algorithm independence in the sense that Dave Kemp suggests, this should be a debate about a relatively small math module.
* We have an 'SMIMECapabilities' attribute for which support is MUST, but some implementations ignore it so we have to use the lowest common denominator to force interoperability. What make anybody think a MUST on an algorithm choice would be taken any more seriously?
I don't think I actually have an opinion on this issue myself. I'm of the mindset to mandate nothing and let Darwin decide. However, I find the seeming illogic of these collective opinions very troubling. It leads me to think that we're not getting to the REAL reasoning behind this move.
I think Blake was closest to this in stating that there has been no customer demand for DSA. Is this the REAL reason to dump DSA? Are customers demanding RSA be used? Do customers express demand for any algorithms, or do they just want it to be "secure"? Are we just drifting to the path of least resistance?
Personally, I favor products that support LOTS of interoperability modes... not just lowest common denominators. Call me crazy, but...
Chris B.
Received: by ns.secondary.com (8.9.3/8.9.3) id MAA08769 for ietf-smime-bks; Wed, 29 Nov 2000 12:20:48 -0800 (PST)
Received: from smtp01.infoave.net (smtp01.infoave.net [165.166.0.26]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA08756 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 12:20:46 -0800 (PST)
Received: from linus.corecom.com ([64.53.5.179]) by SMTP00.InfoAve.Net (PMDF V5.2-33 #45321) with ESMTP id <01JX485HPKEG9AO0JU@SMTP00.InfoAve.Net> for ietf-smime@imc.org; Wed, 29 Nov 2000 15:22:16 EDT
Date: Wed, 29 Nov 2000 15:23:27 -0500
From: Dave Piscitello <dave@corecom.com>
Subject: TISC 2001 Call for Papers, Session Abstracts
X-Sender: dave@corecom.com@mail2.netreach.net
To: ietf-smime@imc.org
Message-id: <4.3.2.7.2.20001129152226.00bd0af0@mail2.netreach.net>
MIME-version: 1.0
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Content-type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Folks,
The Fifth Internet Security Conference will be held June 4-8,
2001 at the Century Plaza Hotel and Tower, 2025 Avenue of the
Stars, Century City Los Angeles, CA 90067-4696. TISC is an
educational forum for security professionals and practitioners.
The TISC Security Symposium is an opportunity for individuals
to share their expertise and practical experience with others
involved in the design, implementation and deployment of
networked security systems.
We cordially invite you to submit an abstract for an original
paper. Accepted papers will be presented at the conference.
We also invite you to submit a session abstract for
consideration, or if you prefer, to present a topic as a
panel member. We encourage you to submit abstracts and topics
by December 8. Further information can be found at
http://tisc.corecom.com. Or send your proposal to me
at mailto:dave@corecom.com.
We look forward to your participation. Thank you.
Warm Regards,
Dave Piscitello
On behalf of the TISC Advisory Board
David M. Piscitello
Core Competence, Inc. (http://www.corecom.com) and
The Internet Security Conference (http://tisc.corecom.com)
~~ The Internet has security problems. We have answers. ~~
3 Myrtle Bank Lane dave@corecom.com
Hilton Head, SC 29926 1.843.683-9988
PGP Fingerprint: 070A 9F01 C35C 4D41 A460 EF2C 2992 2F12 11D2 02DC
Received: by ns.secondary.com (8.9.3/8.9.3) id KAA00138 for ietf-smime-bks; Wed, 29 Nov 2000 10:09:35 -0800 (PST)
Received: from cane.deming.com (mail.deming.com [208.236.41.137]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id KAA00132 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 10:09:34 -0800 (PST)
Received: from 208.236.41.137 by cane.deming.com with ESMTP (Tumbleweed MMS SMTP Relay (MMS v4.6)); Wed, 29 Nov 2000 10:10:34 -0800
X-Server-Uuid: 1a012586-24e9-11d1-adae-00a024bc53c5
Received: by mail.deming.com with Internet Mail Service (5.5.2650.21) id <XJ563ZCK>; Wed, 29 Nov 2000 10:10:34 -0800
Message-ID: <01FF24001403D011AD7B00A024BC53C5A775B8@mail.deming.com>
From: "Blake Ramsdell" <blake.ramsdell@tumbleweed.com>
To: "'pgut001@cs.aucKland.ac.nz'" <pgut001@cs.aucKland.ac.nz>, bjueneman@novell.com, dpkemp@missi.ncsc.mil, ietf-smime@imc.org
Subject: RE: RSA vs. DSA MUST
Date: Wed, 29 Nov 2000 10:10:34 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
X-WSS-ID: 163B991038585-01-01
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
An inimitable Gutmannism.
This could also be summarized as Paul did it when we first started this
discussion back in July:
> Blake Ramsdell has turned in two drafts that are worthy of
> consideration in this group. It's my opinion that they represent the
> reality of the marketplace, and that it would be good to have our
> RFCs reflect that if possible.
Which was exactly my intent. There seems to be some disconnect between the
current discussion and the strawpoll consensus at the last IETF, which needs
to be resolved, however.
I would certainly welcome how I should interpret "BWAHAHAHAHAHA" in the
context of MUST and SHOULD, however.
Blake
-----Original Message-----
From: pgut001@cs.aucKland.ac.nz [mailto:pgut001@cs.aucKland.ac.nz]
Sent: Wednesday, November 29, 2000 6:44 AM
To: bjueneman@novell.com; dpkemp@missi.ncsc.mil; ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
"Bob Jueneman" <bjueneman@novell.com> writes:
>I'm not necessarily advocating this position -- I might like to think about
it
>some more myself -- but just for the sake of argument and to take the
pulse,
>what would people think of making ANSI X9.31 RSA a MUST, X9.31 EC-DSA a
>SHOULD, and DSA and PKCS-1 RSA a MAY?
How about trying to make the spec at least vaguely approximate reality in
the
choice of algorithms? It doesn't really matter if you include requirements
like "MUST DSA OR WE WILL KILL YOU[0], SHOULD NOT RSA", in practice the
world
will interpret it as "MUST RSA, MAY DSA, SHOULD NOT X9.42 DH, BWAHAHAHAHAHA
X9.31 RSA" no matter what it says in the RFC (I think IBM does X9.31 in CCA
but
does anything else in existence implement this?).
I've been sitting here watching this debate go on and on, but since no
matter
what you put in the RFC the market will interpret it as MUST RSA and various
levels of deprecation for anything else maybe we could get Markov Chaney to
continue the debate for a while just for forms sake and then after enough
messages have been exchanged to satisfy everyone either put text in the RFC
which accepts what everyone's going to do anyway or which specifies all
sorts
of options and alternatives secure in the knowledge that implementors will
ignore it and do what the market wants/expects, which ain't DSA or X9.31
RSA.
Peter.
[0] RFC 2026bis, "When MUST just isn't enough".
Received: by ns.secondary.com (8.9.3/8.9.3) id IAA25376 for ietf-smime-bks; Wed, 29 Nov 2000 08:57:25 -0800 (PST)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id IAA25371 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 08:57:24 -0800 (PST)
Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 29 Nov 2000 09:58:16 -0700
Message-Id: <sa24d338.029@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 5.5.5.1
Date: Wed, 29 Nov 2000 09:58:15 -0700
From: "Bob Jueneman" <bjueneman@novell.com>
To: <pgut001@cs.aucKland.ac.nz>, <ietf-smime@imc.org>, <em@who.net>
Subject: SMIMECapabilites for AES, etc.
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id IAA25372
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
>> Although it isn't strictly interactive in the sense that SSL is,
>> the SMIMECapabilities attribute allows the originator of a message
>> to indicate his preference as to encryption algorithms, including
>> 40-bit RC4 vs. 56-bit DES > vs. 128-bit whatever vs. 196-bit
>> triple-DES (and soon, presumably, 256-bit AES).
>
>Yes, but on the open Internet most certificates are sent as part of the
>message (presently in PKCS#7 format), not retrieved from global directories
>as the X.500 folks initially hoped. In that context, the recipient would
>have to send an initial signed message to the sender to indicate the user
>agent's capabilities: and in most cases (like one I mentioned of the mailing
>list) that's just not viable.
>
>Enzo
>
>
You are correct, of course. I was thinking about the encryption case, primarily, where it is much more likely that the recipients would have exchanged at least a signed message, precisely in order to exchange certificates.
That does bring up a good point regarding AES, however. In the past, it was usually possible to make a good guess as to whether to use a 40-bit key (RC2 or RC4) or a full strength key (DES, triple-DES, or perhaps 128-bit RC2 or RC4) based on what you knew about the recipient, in particular whether he or she was in the US or Canada, or somewhere else that was more likely to be subject to export controls. And nearly all of the e-mail packages implemented RC2 and RC4, and the "domestic-strength" packages implemented both DES and triple-DES. So the SMIMECapabilities attribute wasn't really all that necessary.
As we begin the transition to AES, however, that won't be the case. There will be a substantial number of packages that support triple-DES but haven't been upgraded to AES, and I would expect that situation to last for a couple of years or more. So anyone who simply fires off a message encrypted in AES without checking first is taking the risk that his message can't be read.
In order to facilitate an orderly transition, I would suggest that we specify a date certain, after which the default algorithm would be 256-bit AES, rather than triple-DES. That certainly wouldn't be difficult to implement. Assuming that AES is formally endorsed some time in the next couple of months (I don't know the exact time line they are on), what would people think about April 1, 2004? That would provide a generous 18 months for a vendor to release their next version, and another 18+ months for users to adopt it. Since most e-mail packages are based on underlying crypto packages that can be downloaded via the web, I think that would be more than enough time.
Of course if someone chooses to do so, they can explicitly request (or force) the use of AES prior to that date, but at least the default would be taken care of nicely.
Bob
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id FAA09785 for ietf-smime-bks; Wed, 29 Nov 2000 05:26:30 -0800 (PST)
Received: from tholian.securitydynamics.com (tholian.securid.com [204.167.112.129]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id FAA09776 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 05:26:27 -0800 (PST)
Received: from sdtihq24.securitydynamics.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 29 Nov 2000 13:27:48 UT
Received: from exna00.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id IAA13987; Wed, 29 Nov 2000 08:27:56 -0500 (EST)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2650.21) id <VL6G53QS>; Wed, 29 Nov 2000 08:27:55 -0500
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A93E339@exna07.securitydynamics.com>
From: "Linn, John" <jlinn@rsasecurity.com>
To: "'Bob Jueneman'" <bjueneman@novell.com>
Cc: ietf-smime@imc.org
Subject: RE: RSA vs. DSA MUST
Date: Wed, 29 Nov 2000 08:27:33 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Bob, all:
NIST's announcement of FIPS 186-2
(http://csrc.nist.gov/csrc/fedstandards.html) explicitly recognizes PKCS #1
for a transitional period through mid-2001. The topic of X9.31 vs. PKCS #1
was discussed at the June meeting of the U.S. Federal PKI Technical Working
Group, leading to a recommendation which was to be communicated (see also
minutes at http://csrc.nist.gov/pki/twg/y2000/twg00_6.htm) that FIPS 186-2
should be changed or interpreted to allow Federal use of PKCS #1 v. 1.5 for
a significant additional period, perhaps 5 years or more, anticipating a
migration after PSS signature definitions are suitably mature and stable. I
don't know how this recommendation will act to impact the future of the FIPS
186 specification, but believe that it indicates an influential position
from a significant U.S. Government user community.
X9.31 doesn't appear to have been widely adopted, and I'm not aware that its
padding structure offers security properties sufficiently different relative
to PKCS #1 v. 1.5 to motivate a mandated switch to X9.31 (with associated
installed base impact) at this point. A later migration to PSS, which
affords qualitatively different provable security properties than either
PKCS #1 v. 1.5 or X9.31 is, I believe, a more compelling case.
--jl
> -----Original Message-----
> From: Bob Jueneman [mailto:bjueneman@novell.com]
> Sent: Tuesday, November 28, 2000 6:34 PM
> To: ietf-smime@imc.org; dpkemp@missi.ncsc.mil
> Subject: Re: RSA vs. DSA MUST
>
>
> Chicken and egg is exactly the situation we find ourselves
> in. Implementors certainly want to support their customers,
> but don't want to be "required" by standards to implement
> algorithms that no one uses or are willing to pay for.
>
> Ozan Gonenc also makes a good point in suggesting that
> perhaps the MUST algorithms be limited to FIPS approved
> algorithms. I'm a slightly concerned that this may be too
> US-centric a view, but on the other hand I haven't heard of
> any other governments or customers requiring or promoting any
> other algorithms, except for
> unpublished/proprietary/classified algorithms used in certain
> restricted sectors. (An exception might be GOST, but so far
> we can't even get the Russians to agree to pay anything for
> the capability., much less anyone else) So maybe limiting the
> MUST algorithms to a subset of the FIPS-approved list is
> acceptable. At least the FIPS listing implies a rather
> serious degree of vetting as to the security of the
> algorithms, which is something I don't think the IETF is
> institutionally capable of, not withstanding the
> cryptographic expertise of some of the members.
>
> The point about having at least one algorithm in the suite
> that could be used if RSA were suddenly shown to be seriously
> flawed is also valid, so long as we don't get carried away
> with the list!
>
> FIPS 186-2 includes DSA, ANSI X9.31 RSA, and X9.31 Elliptic
> Curve DSA; but not PKCS-1 RSA, the one interoperable
> algorithm that everyone is using presently!
>
> Hmm.
>
> I'm not necessarily advocating this position -- I might like
> to think about it some more myself -- but just for the sake
> of argument and to take the pulse, what would people think of
> making ANSI X9.31 RSA a MUST, X9.31 EC-DSA a SHOULD, and DSA
> and PKCS-1 RSA a MAY?
>
> It is my understanding that X9.31 RSA is considered to be
> superior to PKCS-1 RSA in terms of resistance to certain
> forms of attack, and should not be that great a stretch for
> existing RSA implementations, and hence the MUST. We wouldn't
> deprecate PKCS-1 RSA (at least not yet), since it must
> continue to be supported for backwards compatibility.
>
> This wouldn't deprecate DSA either, but it wouldn't be
> required for people outside of the (quite limited) community
> of interest presently using it.
>
> EC-DSA certainly beats regular DSA in terms of speed and size
> and deserves to be included in its own right, but I'm not
> entirely clear as to the patent situation, hence the SHOULD
> and not a MUST.
>
> In the area of symmetric algorithms, as soon as Rijndael is
> officially certified as the AES algorithm I believe we should
> promote AES to MUST, along with triple-DES and single DES for
> backwards compatibility. ( haven't heard of anyone clamoring
> for SKIPJACK, so I think it can safely be ignored in favor of
> triple-DES and/or AES.)
>
> Likewise, I think we will have to add SHA-386 and SHA-512 as
> MUST algorithms, along with SHA-1, and probably deprecate MD2 and MD5.
>
> What think ye?
>
> Bob
>
>
> >Enzo has captured the chicken-and-egg essence of my concern.
> The U.S.
> >Government has a requirement to purchase products which support FIPS
> >186-2 algorithms (this includes DSA and ANSI X9.31 RSA, but
> not PKCS-1
> >RSA). And, at least in the DoD, we have requirements coming from our
> >customers to be algorithm independent:
> >
> > "PKI must support a variety of public key cryptographic algorithms
> > both in the public/private key pairs created and certified by PKI,
> > and in the algorithms used to apply digital signatures to
> certificates
> > and other PKI products. PKI must support the concurrent
> use of several
> > digital signature algorithms for issuing certificates and
> must be able
> > to migrate over time to using new signature algorithms."
> >
> > -- DoD PKI Operational Requirements Document, 22
> October 2000
> >
> >
> >There is also the fact that DSA signatures are significantly smaller
> >than RSA signatures, especially as we move to public keys
> above 1024 bits
> >and the signature could be bigger than the entire
> to-be-signed certificate.
> >This doesn't matter in many environments, but it does in some.
> >
> >If vendors look at what certificates have already been
> issued to decide
> >what certificates to support in products under development,
> we will never
> >evolve. I favor keeping DSA (in addition to RSA) as a MUST
> for S/MIME
> >clients because algorithm independence is valuable in and of itself.
> >
> >Dave
> >
> >
> >
> >> From: "Enzo Michelangeli" <em@who.net>
> >>
> >> Well, there is one problem, and it's due to the
> store-and-forwad nature of
> >> e-mail which prevents negotiation, making it impossible to
> know whether a
> >> given algorithm is supported by a new recipient (think,
> e.g., of signed
> >> messages sent to mailing list). The result is that
> everybody ends up using
> >> ONLY the common denominator, i.e. the "MUST" algorithms.
> Incidentally, this
> >> was precisely the root of the trouble with 40-bit security
> in the bad old
> >> days: a sort of Grisham's Law for algorithms...
> >> In my opinion, "MAY" algorithms are pretty useless in
> non-interactive
> >> contexts, and if DSA is not kept as a "MUST" (my preferred
> choice), it might
> >> as well be dropped altogether.
> >>
> >> Enzo
> >
>
Received: by ns.secondary.com (8.9.3/8.9.3) id DAA01561 for ietf-smime-bks; Wed, 29 Nov 2000 03:30:18 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA01557 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 03:30:16 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02154; Wed, 29 Nov 2000 06:31:45 -0500 (EST)
Message-Id: <200011291131.GAA02154@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-x400transport-01.txt
Date: Wed, 29 Nov 2000 06:31:45 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Transporting S/MIME Objects in X.400
Author(s) : P. Hoffman, C. Bonatti
Filename : draft-ietf-smime-x400transport-01.txt
Pages :
Date : 28-Nov-00
This document describes protocol options for conveying CMS-protected
objects associated with S/MIME version 3 over an X.400 message transfer
system.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-x400transport-01.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-x400transport-01.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-x400transport-01.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001128134631.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-x400transport-01.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-x400transport-01.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001128134631.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id DAA01548 for ietf-smime-bks; Wed, 29 Nov 2000 03:30:13 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA01540 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 03:30:12 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02101; Wed, 29 Nov 2000 06:31:41 -0500 (EST)
Message-Id: <200011291131.GAA02101@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-x400wrap-01.txt
Date: Wed, 29 Nov 2000 06:31:41 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Securing X.400 Content with S/MIME
Author(s) : P. Hoffman, C. Bonatti
Filename : draft-ietf-smime-x400wrap-01.txt
Pages :
Date : 28-Nov-00
This document describes a protocol for adding cryptographic signature
and encryption services to X.400 content.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-x400wrap-01.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-x400wrap-01.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-x400wrap-01.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001128134620.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-x400wrap-01.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-x400wrap-01.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001128134620.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id DAA01523 for ietf-smime-bks; Wed, 29 Nov 2000 03:30:10 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA01503 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 03:30:07 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02047; Wed, 29 Nov 2000 06:31:37 -0500 (EST)
Message-Id: <200011291131.GAA02047@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-examples-05.txt
Date: Wed, 29 Nov 2000 06:31:36 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Examples of S/MIME Messages
Author(s) : P. Hoffman
Filename : draft-ietf-smime-examples-05.txt
Pages : 8
Date : 28-Nov-00
This document gives examples of message bodies formatted using S/MIME.
Specifically, it has examples of Cryptographic Message Syntax (CMS)
objects, S/MIME messages (including the MIME formatting), and Enhanced
Security Services for S/MIME (ESS). It includes examples of most or all
common CMS and ESS formats; in addition, it gives examples that show
common pitfalls in implementing CMS. The purpose of this document is to
help increase interoperability for S/MIME and other protocols that rely
on CMS.
This draft is being discussed on the 'ietf-smime' mailing list. To
join the list, send a message to <ietf-smime-request@imc.org> with the
single word 'subscribe' in the body of the message. Also, there is a
Web site for the mailing list at <http://www.imc.org/ietf-smime/>.
This draft is being discussed on the 'ietf-smime' mailing list. To
join the list, send a message to <ietf-smime-request@imc.org> with the
single word 'subscribe' in the body of the message. Also, there is a
Web site for the mailing list at <http://www.imc.org/ietf-smime/>.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-examples-05.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-examples-05.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-examples-05.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001128134610.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-examples-05.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-examples-05.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001128134610.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id DAA01485 for ietf-smime-bks; Wed, 29 Nov 2000 03:30:03 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA01481 for <ietf-smime@imc.org>; Wed, 29 Nov 2000 03:30:02 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02003; Wed, 29 Nov 2000 06:31:31 -0500 (EST)
Message-Id: <200011291131.GAA02003@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-compression-03.txt
Date: Wed, 29 Nov 2000 06:31:31 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Compressed Data Content Type for S/MIME
Author(s) : P. Gutmann
Filename : draft-ietf-smime-compression-03.txt
Pages :
Date : 28-Nov-00
The Cryptographic Message Syntax data format doesn't currently contain
any provisions for compressing data before processing it. Compressing
data before transmission provides a number of advantages including the
elimination of data redundancy which could help an attacker, speeding
up processing by reducing the amount of data to be processed by later
steps such as signing or encryption, and reducing overall message
size. Although there have been proposals for adding compression at
other levels (for example at the MIME or SSL level) these don't
address the problem of compression of CMS content unless the
compression is supplied by an external means (for example by
intermixing MIME and CMS). This document defines a format for using
compressed data as a CMS content type.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-compression-03.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-compression-03.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-compression-03.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001128134600.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-compression-03.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-compression-03.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001128134600.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id RAA20720 for ietf-smime-bks; Tue, 28 Nov 2000 17:43:08 -0800 (PST)
Received: from mail.ec.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.201]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA20714 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 17:43:03 -0800 (PST)
Received: from kahu.cs.auckland.ac.nz (pgut001@kahu.cs.auckland.ac.nz [130.216.36.13]) by mail.ec.auckland.ac.nz (8.9.3/8.8.6/cs-master) with SMTP id OAA06946; Wed, 29 Nov 2000 14:43:45 +1300 (NZDT) (sender pgut001@cs.auckland.ac.nz)
Received: by kahu.cs.auckland.ac.nz (relaymail v0.9) id <97546223703233>; Wed, 29 Nov 2000 14:43:57 (NZDT)
From: pgut001@cs.aucKland.ac.nz (Peter Gutmann)
To: bjueneman@novell.com, dpkemp@missi.ncsc.mil, ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
Reply-To: pgut001@cs.aucKland.ac.nz
X-Charge-To: pgut001
X-Authenticated: relaymail v0.9 on kahu.cs.auckland.ac.nz
Date: Wed, 29 Nov 2000 14:43:57 (NZDT)
Message-ID: <97546223703233@kahu.cs.auckland.ac.nz>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
"Bob Jueneman" <bjueneman@novell.com> writes:
>I'm not necessarily advocating this position -- I might like to think about it
>some more myself -- but just for the sake of argument and to take the pulse,
>what would people think of making ANSI X9.31 RSA a MUST, X9.31 EC-DSA a
>SHOULD, and DSA and PKCS-1 RSA a MAY?
How about trying to make the spec at least vaguely approximate reality in the
choice of algorithms? It doesn't really matter if you include requirements
like "MUST DSA OR WE WILL KILL YOU[0], SHOULD NOT RSA", in practice the world
will interpret it as "MUST RSA, MAY DSA, SHOULD NOT X9.42 DH, BWAHAHAHAHAHA
X9.31 RSA" no matter what it says in the RFC (I think IBM does X9.31 in CCA but
does anything else in existence implement this?).
I've been sitting here watching this debate go on and on, but since no matter
what you put in the RFC the market will interpret it as MUST RSA and various
levels of deprecation for anything else maybe we could get Markov Chaney to
continue the debate for a while just for forms sake and then after enough
messages have been exchanged to satisfy everyone either put text in the RFC
which accepts what everyone's going to do anyway or which specifies all sorts
of options and alternatives secure in the knowledge that implementors will
ignore it and do what the market wants/expects, which ain't DSA or X9.31 RSA.
Peter.
[0] RFC 2026bis, "When MUST just isn't enough".
Received: by ns.secondary.com (8.9.3/8.9.3) id RAA20649 for ietf-smime-bks; Tue, 28 Nov 2000 17:39:27 -0800 (PST)
Received: from china.asiainter.net (asiainter.net [202.84.207.2]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id RAA20645 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 17:39:25 -0800 (PST)
Received: (qmail 18123 invoked from network); 29 Nov 2000 01:40:50 -0000
Received: from unknown (HELO em) (203.161.252.186) by asiainter.net with SMTP; 29 Nov 2000 01:40:50 -0000
Message-ID: <009101c059a5$5ba32bb0$6000a8c0@em>
From: "Enzo Michelangeli" <em@who.net>
To: "Bob Jueneman" <bjueneman@novell.com>, <pgut001@cs.aucKland.ac.nz>, <ietf-smime@imc.org>
References: <sa238770.053@prv-mail20.provo.novell.com>
Subject: Re: RSA vs. DSA MUST
Date: Wed, 29 Nov 2000 09:39:31 +0800
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
----- Original Message -----
From: "Bob Jueneman" <bjueneman@novell.com>
To: <pgut001@cs.aucKland.ac.nz>; <ietf-smime@imc.org>; <em@who.net>
Sent: Wednesday, November 29, 2000 1:22 AM
Subject: Re: RSA vs. DSA MUST
> Although it isn't strictly interactive in the sense that SSL is,
> the SMIMECapabilities attribute allows the originator of a message
> to indicate his preference as to encryption algorithms, including
> 40-bit RC4 vs. 56-bit DES > vs. 128-bit whatever vs. 196-bit
> triple-DES (and soon, presumably, 256-bit AES).
Yes, but on the open Internet most certificates are sent as part of the
message (presently in PKCS#7 format), not retrieved from global directories
as the X.500 folks initially hoped. In that context, the recipient would
have to send an initial signed message to the sender to indicate the user
agent's capabilities: and in most cases (like one I mentioned of the mailing
list) that's just not viable.
Enzo
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id RAA20065 for ietf-smime-bks; Tue, 28 Nov 2000 17:10:55 -0800 (PST)
Received: from china.asiainter.net (asiainter.net [202.84.207.2]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id RAA20061 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 17:10:52 -0800 (PST)
Received: (qmail 8735 invoked from network); 29 Nov 2000 01:12:16 -0000
Received: from unknown (HELO em) (203.161.252.186) by asiainter.net with SMTP; 29 Nov 2000 01:12:16 -0000
Message-ID: <004d01c059a1$5e0904f0$6000a8c0@em>
From: "Enzo Michelangeli" <em@who.net>
To: "Bob Jueneman" <bjueneman@novell.com>, <ietf-smime@imc.org>, <dpkemp@missi.ncsc.mil>
References: <sa23de75.060@prv-mail20.provo.novell.com>
Subject: Re: RSA vs. DSA MUST
Date: Wed, 29 Nov 2000 09:11:16 +0800
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Considering that the patents issues with RSA have gone away, and that RSA
Security in the past has been willing to grant royalty-free RC2 licenses for
S/MIME products, is there any remaining reason for not requiring complete
S/MIME v.2 backward compatibility as a MUST? If there aren't, I would add to
the MUST list at least D-H, DSA and 3DES, just to prevent a global shutdown
of secure e-mail if tomorrow someone finds flaws in one of the v.2
algorithms.
I don't think that implementing some additional well understood and
royalty-free algorithm would represent such a large cost to the industry,
especially considering the wide availability of OpenSource libraries,
licensed under BSD license or even more liberal terms, that can be used as a
building block.
Enzo
----- Original Message -----
From: "Bob Jueneman" <bjueneman@novell.com>
To: <ietf-smime@imc.org>; <dpkemp@missi.ncsc.mil>
Sent: Wednesday, November 29, 2000 7:33 AM
Subject: Re: RSA vs. DSA MUST
> Chicken and egg is exactly the situation we find ourselves in.
Implementors certainly want to support their customers, but don't want to be
"required" by standards to implement algorithms that no one uses or are
willing to pay for.
>
> Ozan Gonenc also makes a good point in suggesting that perhaps the MUST
algorithms be limited to FIPS approved algorithms. I'm a slightly concerned
that this may be too US-centric a view, but on the other hand I haven't
heard of any other governments or customers requiring or promoting any other
algorithms, except for unpublished/proprietary/classified algorithms used in
certain restricted sectors. (An exception might be GOST, but so far we
can't even get the Russians to agree to pay anything for the capability.,
much less anyone else) So maybe limiting the MUST algorithms to a subset of
the FIPS-approved list is acceptable. At least the FIPS listing implies a
rather serious degree of vetting as to the security of the algorithms, which
is something I don't think the IETF is institutionally capable of, not
withstanding the cryptographic expertise of some of the members.
>
> The point about having at least one algorithm in the suite that could be
used if RSA were suddenly shown to be seriously flawed is also valid, so
long as we don't get carried away with the list!
>
> FIPS 186-2 includes DSA, ANSI X9.31 RSA, and X9.31 Elliptic Curve DSA; but
not PKCS-1 RSA, the one interoperable algorithm that everyone is using
presently!
>
> Hmm.
>
> I'm not necessarily advocating this position -- I might like to think
about it some more myself -- but just for the sake of argument and to take
the pulse, what would people think of making ANSI X9.31 RSA a MUST, X9.31
EC-DSA a SHOULD, and DSA and PKCS-1 RSA a MAY?
>
> It is my understanding that X9.31 RSA is considered to be superior to
PKCS-1 RSA in terms of resistance to certain forms of attack, and should not
be that great a stretch for existing RSA implementations, and hence the
MUST. We wouldn't deprecate PKCS-1 RSA (at least not yet), since it must
continue to be supported for backwards compatibility.
>
> This wouldn't deprecate DSA either, but it wouldn't be required for
people outside of the (quite limited) community of interest presently using
it.
>
> EC-DSA certainly beats regular DSA in terms of speed and size and deserves
to be included in its own right, but I'm not entirely clear as to the patent
situation, hence the SHOULD and not a MUST.
>
> In the area of symmetric algorithms, as soon as Rijndael is officially
certified as the AES algorithm I believe we should promote AES to MUST,
along with triple-DES and single DES for backwards compatibility. ( haven't
heard of anyone clamoring for SKIPJACK, so I think it can safely be ignored
in favor of triple-DES and/or AES.)
>
> Likewise, I think we will have to add SHA-386 and SHA-512 as MUST
algorithms, along with SHA-1, and probably deprecate MD2 and MD5.
>
> What think ye?
>
> Bob
>
>
> >Enzo has captured the chicken-and-egg essence of my concern. The U.S.
> >Government has a requirement to purchase products which support FIPS
> >186-2 algorithms (this includes DSA and ANSI X9.31 RSA, but not PKCS-1
> >RSA). And, at least in the DoD, we have requirements coming from our
> >customers to be algorithm independent:
> >
> > "PKI must support a variety of public key cryptographic algorithms
> > both in the public/private key pairs created and certified by PKI,
> > and in the algorithms used to apply digital signatures to certificates
> > and other PKI products. PKI must support the concurrent use of
several
> > digital signature algorithms for issuing certificates and must be able
> > to migrate over time to using new signature algorithms."
> >
> > -- DoD PKI Operational Requirements Document, 22 October 2000
> >
> >
> >There is also the fact that DSA signatures are significantly smaller
> >than RSA signatures, especially as we move to public keys above 1024 bits
> >and the signature could be bigger than the entire to-be-signed
certificate.
> >This doesn't matter in many environments, but it does in some.
> >
> >If vendors look at what certificates have already been issued to decide
> >what certificates to support in products under development, we will never
> >evolve. I favor keeping DSA (in addition to RSA) as a MUST for S/MIME
> >clients because algorithm independence is valuable in and of itself.
> >
> >Dave
> >
> >
> >
> >> From: "Enzo Michelangeli" <em@who.net>
> >>
> >> Well, there is one problem, and it's due to the store-and-forwad nature
of
> >> e-mail which prevents negotiation, making it impossible to know whether
a
> >> given algorithm is supported by a new recipient (think, e.g., of signed
> >> messages sent to mailing list). The result is that everybody ends up
using
> >> ONLY the common denominator, i.e. the "MUST" algorithms. Incidentally,
this
> >> was precisely the root of the trouble with 40-bit security in the bad
old
> >> days: a sort of Grisham's Law for algorithms...
> >> In my opinion, "MAY" algorithms are pretty useless in non-interactive
> >> contexts, and if DSA is not kept as a "MUST" (my preferred choice), it
might
> >> as well be dropped altogether.
> >>
> >> Enzo
> >
>
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id PAA17027 for ietf-smime-bks; Tue, 28 Nov 2000 15:33:10 -0800 (PST)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id PAA17020 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 15:33:08 -0800 (PST)
Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Tue, 28 Nov 2000 16:33:57 -0700
Message-Id: <sa23de75.060@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 5.5.5.1
Date: Tue, 28 Nov 2000 16:33:50 -0700
From: "Bob Jueneman" <bjueneman@novell.com>
To: <ietf-smime@imc.org>, <dpkemp@missi.ncsc.mil>
Subject: Re: RSA vs. DSA MUST
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id PAA17021
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Chicken and egg is exactly the situation we find ourselves in. Implementors certainly want to support their customers, but don't want to be "required" by standards to implement algorithms that no one uses or are willing to pay for.
Ozan Gonenc also makes a good point in suggesting that perhaps the MUST algorithms be limited to FIPS approved algorithms. I'm a slightly concerned that this may be too US-centric a view, but on the other hand I haven't heard of any other governments or customers requiring or promoting any other algorithms, except for unpublished/proprietary/classified algorithms used in certain restricted sectors. (An exception might be GOST, but so far we can't even get the Russians to agree to pay anything for the capability., much less anyone else) So maybe limiting the MUST algorithms to a subset of the FIPS-approved list is acceptable. At least the FIPS listing implies a rather serious degree of vetting as to the security of the algorithms, which is something I don't think the IETF is institutionally capable of, not withstanding the cryptographic expertise of some of the members.
The point about having at least one algorithm in the suite that could be used if RSA were suddenly shown to be seriously flawed is also valid, so long as we don't get carried away with the list!
FIPS 186-2 includes DSA, ANSI X9.31 RSA, and X9.31 Elliptic Curve DSA; but not PKCS-1 RSA, the one interoperable algorithm that everyone is using presently!
Hmm.
I'm not necessarily advocating this position -- I might like to think about it some more myself -- but just for the sake of argument and to take the pulse, what would people think of making ANSI X9.31 RSA a MUST, X9.31 EC-DSA a SHOULD, and DSA and PKCS-1 RSA a MAY?
It is my understanding that X9.31 RSA is considered to be superior to PKCS-1 RSA in terms of resistance to certain forms of attack, and should not be that great a stretch for existing RSA implementations, and hence the MUST. We wouldn't deprecate PKCS-1 RSA (at least not yet), since it must continue to be supported for backwards compatibility.
This wouldn't deprecate DSA either, but it wouldn't be required for people outside of the (quite limited) community of interest presently using it.
EC-DSA certainly beats regular DSA in terms of speed and size and deserves to be included in its own right, but I'm not entirely clear as to the patent situation, hence the SHOULD and not a MUST.
In the area of symmetric algorithms, as soon as Rijndael is officially certified as the AES algorithm I believe we should promote AES to MUST, along with triple-DES and single DES for backwards compatibility. ( haven't heard of anyone clamoring for SKIPJACK, so I think it can safely be ignored in favor of triple-DES and/or AES.)
Likewise, I think we will have to add SHA-386 and SHA-512 as MUST algorithms, along with SHA-1, and probably deprecate MD2 and MD5.
What think ye?
Bob
>Enzo has captured the chicken-and-egg essence of my concern. The U.S.
>Government has a requirement to purchase products which support FIPS
>186-2 algorithms (this includes DSA and ANSI X9.31 RSA, but not PKCS-1
>RSA). And, at least in the DoD, we have requirements coming from our
>customers to be algorithm independent:
>
> "PKI must support a variety of public key cryptographic algorithms
> both in the public/private key pairs created and certified by PKI,
> and in the algorithms used to apply digital signatures to certificates
> and other PKI products. PKI must support the concurrent use of several
> digital signature algorithms for issuing certificates and must be able
> to migrate over time to using new signature algorithms."
>
> -- DoD PKI Operational Requirements Document, 22 October 2000
>
>
>There is also the fact that DSA signatures are significantly smaller
>than RSA signatures, especially as we move to public keys above 1024 bits
>and the signature could be bigger than the entire to-be-signed certificate.
>This doesn't matter in many environments, but it does in some.
>
>If vendors look at what certificates have already been issued to decide
>what certificates to support in products under development, we will never
>evolve. I favor keeping DSA (in addition to RSA) as a MUST for S/MIME
>clients because algorithm independence is valuable in and of itself.
>
>Dave
>
>
>
>> From: "Enzo Michelangeli" <em@who.net>
>>
>> Well, there is one problem, and it's due to the store-and-forwad nature of
>> e-mail which prevents negotiation, making it impossible to know whether a
>> given algorithm is supported by a new recipient (think, e.g., of signed
>> messages sent to mailing list). The result is that everybody ends up using
>> ONLY the common denominator, i.e. the "MUST" algorithms. Incidentally, this
>> was precisely the root of the trouble with 40-bit security in the bad old
>> days: a sort of Grisham's Law for algorithms...
>> In my opinion, "MAY" algorithms are pretty useless in non-interactive
>> contexts, and if DSA is not kept as a "MUST" (my preferred choice), it might
>> as well be dropped altogether.
>>
>> Enzo
>
Received: by ns.secondary.com (8.9.3/8.9.3) id LAA05633 for ietf-smime-bks; Tue, 28 Nov 2000 11:47:08 -0800 (PST)
Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA05628 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 11:47:06 -0800 (PST)
Received: from [192.168.1.35] ([208.233.228.110]) by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G4R00CLN22DRZ@mta5.snfc21.pbi.net> for ietf-smime@imc.org; Tue, 28 Nov 2000 11:27:50 -0800 (PST)
Date: Tue, 28 Nov 2000 11:29:23 -0800
From: Aram Perez <aram@pacbell.net>
Subject: Re: RSA vs. DSA MUST
In-reply-to: <200011281706.MAA01780@roadblock.missi.ncsc.mil>
To: ietf-smime@imc.org
Message-id: <B6494792.2935%aram@pacbell.net>
MIME-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
David Kemp wrote:
[snip]
> If vendors look at what certificates have already been issued to decide
> what certificates to support in products under development, we will never
> evolve. I favor keeping DSA (in addition to RSA) as a MUST for S/MIME
> clients because algorithm independence is valuable in and of itself.
Was S/MIME not algorithm independent when DSA was a MUST? How would
substituting DSA with RSA change the independence? DOD could mandate S/MIME
with DSA even if S/MIME requires RSA. Someone could write a S/MIME with DSA
document similar to the ones with IDEA, CAST, etc.
Regards,
Aram Perez
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id LAA02921 for ietf-smime-bks; Tue, 28 Nov 2000 11:17:49 -0800 (PST)
Received: from luc.ab.org (mail.ab.org [209.112.11.37]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA02916 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 11:17:48 -0800 (PST)
Received: from D00425 ([206.222.76.33]) by luc.ab.org (Netscape Messaging Server 3.6) with SMTP id AAA95CD1 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 14:25:03 -0500
From: "Ozan Gonenc" <ogonenc@adga.ca>
To: <ietf-smime@imc.org>
Subject: RE: RSA vs. DSA MUST
Date: Tue, 28 Nov 2000 14:17:24 -0500
Message-ID: <NEBBIPKCMLPPHFIFODPBOEJEDGAA.ogonenc@adga.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
In-Reply-To: <sa236ae1.091@prv-mail20.provo.novell.com>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Is there a study readily available comparing all these FIPS-140 approved
algorithms in question? I'm sure each one of them have there unique
advantages and disadvantages (i.e. processing speeds, cryptanalysis).
Limiting ourselves to only one algorithm to lessen coding efforts and
simplifying interoperability may be detrimental as new attack methods evolve
day-to-day. Yes customer-demands is what drives vendor development but what
do you think the customer will demand if a serious RSA vulnerability is
identified when new cryptanalysis technologies become available? Even as a
rumor or a hoax (i.e. unproven/unofficial RSA crack), customers' demand will
be mail packages with multi-algorithm capability. A mail agent's capability
to use a variety of algorithms is a major selling point.
I know this may be a little far-fetched but we should keep standards as
accomodating as possible for any future possiblities. Maybe the limiting
factor should be FIPS approved algorithms...
Regards,
Ozan
______________________________
Ozan Gonenc
IT Security Consultant
AEPOS Technologies Corporation
-----Original Message-----
From: owner-ietf-smime@mail.imc.org
[mailto:owner-ietf-smime@mail.imc.org]On Behalf Of Bob Jueneman
Sent: November 28, 2000 10:21
To: pgut001@cs.aucKland.ac.nz; ietf-smime@imc.org;
dpkemp@missi.ncsc.mil; blake.ramsdell@tumbleweed.com
Subject: RE: RSA vs. DSA MUST
>"Blake Ramsdell" <blake.ramsdell@tumbleweed.com> writes:
>
>>I do not care strongly, but the strawpoll at the last IETF indicated a
>>preference for "both", and that was the path we were headed down, and that
>>Russ summarized. Personally, I don't implement it, and I haven't had any
>>customer complaints telling me I should, and the backwards compatibility
>>issues are almost the same as for Diffie-Hellman certs (that is, I have
not
>>seen anyone using them, so chucking them wouldn't break an installed base
of
>>significant size, if at all).
>
>In case this is useful as a data point, in my general wandering around
looking
>for certs on the net the only publicly available DSA certs I've ever found
were
>some old Thawte ones, presumably created just to show'em (all the standard
>Thawte certs are RSA, I don't think I've ever seen the DSA certs actually
used
>to certify anything). I've also very occasionally come across them being
used
>in closed environments (ie ones where interoperability with the masses
isn't
>really an issue). I suspect the motivation for a lot of these is that
there's
>a requirement to use a FIPS algorithm and DSA is the only choice. I can't
see
>a MUST RSA, MAY DSA as being any real problem, it's just recognising what
has
>been reality for the last few years.
>
>Peter.
>
That would certainly be my preference, unless some hitherto-unknown set of
customers waving gobs of money come running out of the woods.
Even MAY language is somewhat troubling -- I continue to believe that the
SMIME group has gotten seriously off track by introducing orphan algorithms
such as CAST, IDEA, symmetric key, password-encryption, etc., etc., that if
implemented would add only incrementally to the coding effort, but would
complicate interoperability testing exponentially. I wouldn't object to MAY
for DSA, but I would strongly prefer that it not be a MUST.
If DSA is a MUST, then I strongly suspect that we and probably many other
vendors will simply be noncompliant, and that doesn't help anyone,
especially with respect to interoperability. And isn't that what standards
are all about?
Regards,
Bob
Robert R. Jueneman
Security Architect
Novell, Inc. -- the leading provider of Net services software
Received: by ns.secondary.com (8.9.3/8.9.3) id JAA24139 for ietf-smime-bks; Tue, 28 Nov 2000 09:30:02 -0800 (PST)
Received: from roadblock.missi.ncsc.mil (roadblock.missi.ncsc.mil [144.51.50.70]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA24127 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 09:30:00 -0800 (PST)
Received: from roadblock.missi.ncsc.mil (root@localhost) by roadblock.missi.ncsc.mil with ESMTP id MAA01789 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 12:06:49 -0500 (EST)
Message-Id: <200011281706.MAA01780@roadblock.missi.ncsc.mil>
Date: Tue, 28 Nov 2000 12:23:21 -0500 (EST)
From: "David P. Kemp" <dpkemp@missi.ncsc.mil>
Reply-To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
Subject: Re: RSA vs. DSA MUST
To: ietf-smime@imc.org
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: s/58JT4eiiBmy3uAQ4fStA==
X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4u sparc
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Enzo has captured the chicken-and-egg essence of my concern. The U.S.
Government has a requirement to purchase products which support FIPS
186-2 algorithms (this includes DSA and ANSI X9.31 RSA, but not PKCS-1
RSA). And, at least in the DoD, we have requirements coming from our
customers to be algorithm independent:
"PKI must support a variety of public key cryptographic algorithms
both in the public/private key pairs created and certified by PKI,
and in the algorithms used to apply digital signatures to certificates
and other PKI products. PKI must support the concurrent use of several
digital signature algorithms for issuing certificates and must be able
to migrate over time to using new signature algorithms."
-- DoD PKI Operational Requirements Document, 22 October 2000
There is also the fact that DSA signatures are significantly smaller
than RSA signatures, especially as we move to public keys above 1024 bits
and the signature could be bigger than the entire to-be-signed certificate.
This doesn't matter in many environments, but it does in some.
If vendors look at what certificates have already been issued to decide
what certificates to support in products under development, we will never
evolve. I favor keeping DSA (in addition to RSA) as a MUST for S/MIME
clients because algorithm independence is valuable in and of itself.
Dave
> From: "Enzo Michelangeli" <em@who.net>
>
> Well, there is one problem, and it's due to the store-and-forwad nature of
> e-mail which prevents negotiation, making it impossible to know whether a
> given algorithm is supported by a new recipient (think, e.g., of signed
> messages sent to mailing list). The result is that everybody ends up using
> ONLY the common denominator, i.e. the "MUST" algorithms. Incidentally, this
> was precisely the root of the trouble with 40-bit security in the bad old
> days: a sort of Grisham's Law for algorithms...
> In my opinion, "MAY" algorithms are pretty useless in non-interactive
> contexts, and if DSA is not kept as a "MUST" (my preferred choice), it might
> as well be dropped altogether.
>
> Enzo
Received: by ns.secondary.com (8.9.3/8.9.3) id JAA23487 for ietf-smime-bks; Tue, 28 Nov 2000 09:21:48 -0800 (PST)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id JAA23482 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 09:21:47 -0800 (PST)
Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Tue, 28 Nov 2000 10:22:40 -0700
Message-Id: <sa238770.052@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 5.5.5.1
Date: Tue, 28 Nov 2000 10:22:36 -0700
From: "Bob Jueneman" <bjueneman@novell.com>
To: <pgut001@cs.aucKland.ac.nz>, <ietf-smime@imc.org>, <em@who.net>
Subject: Re: RSA vs. DSA MUST
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id JAA23484
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
>Well, there is one problem, and it's due to the store-and-forward nature of
>e-mail which prevents negotiation, making it impossible to know whether a
>given algorithm is supported by a new recipient (think, e.g., of signed
>messages sent to mailing list). The result is that everybody ends up using
>ONLY the common denominator, i.e. the "MUST" algorithms. Incidentally, this
>was precisely the root of the trouble with 40-bit security in the bad old
>days: a sort of Gresham's Law for algorithms...
>In my opinion, "MAY" algorithms are pretty useless in non-interactive
>contexts, and if DSA is not kept as a "MUST" (my preferred choice), it might
>as well be dropped altogether.
>
>Enzo
>
Although it isn't strictly interactive in the sense that SSL is, the SMIMECapabilities attribute allows the originator of a message to indicate his preference as to encryption algorithms, including 40-bit RC4 vs. 56-bit DES vs. 128-bit whatever vs. 196-bit triple-DES (and soon, presumably, 256-bit AES). (Granted, some implementations ignore the attribute and default to the lowest common denominator (boo, hiss), and others use whatever algorithm and key size the originator selects, regardless of what the recipient specified.)
I don't have the text in front of me, but isn't it possible to indicate the preferred key exchange and signature algorithms (and hashing algorithms, in order to handle SHA-384 and SHA-512) in the same manner?
If not, it probably ought to be amended.
Bob
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id JAA21662 for ietf-smime-bks; Tue, 28 Nov 2000 09:06:38 -0800 (PST)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id JAA21653 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 09:06:35 -0800 (PST)
Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Tue, 28 Nov 2000 10:07:17 -0700
Message-Id: <sa2383d5.011@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 5.5.5.1
Date: Tue, 28 Nov 2000 10:07:17 -0700
From: "Tolga Acar" <TACAR@novell.com>
To: <ietf-smime@imc.org>
Subject: Re: RSA vs. DSA MUST
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=_C299D655.CBAAC9F1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--=_C299D655.CBAAC9F1
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
> In case this is useful as a data point, in my general wandering around =
looking
> for certs on the net the only publicly available DSA certs I've ever =
found were
> some old Thawte ones, presumably created just to show'em (all the =
standard
> Thawte certs are RSA, I don't think I've ever seen the DSA certs =
actually used
> to certify anything). I've also very occasionally come across them =
being used
> in closed environments (ie ones where interoperability with the masses =
isn't
> really an issue). I suspect the motivation for a lot of these is that =
there's
> a requirement to use a FIPS algorithm and DSA is the only choice. I =
can't see
> a MUST RSA, MAY DSA as being any real problem, it's just recognising =
what has
> been reality for the last few years.
DSA is not the ONLY asymmetric algorithm certifiable in FIPS 140-1/2, as =
it references any algorithm published/referenced in a FIPS; X9.31 and =
X9.62 are also specified in FIPS 186-2.
Remember that DSS it not DSA.
Looking forward (that's what this is about, isn't it?), there are three =
asymmetric algorithms in FIPS 68-2: DSA, X9.31 RSA, and X9.62 ECDSA.
So, the motivation for a lot of those certificates based on FIPS 186-1 and =
FIPS 140-1, is not there anymore.
It is enough to support one of them for FIPS purposes, then the most =
common one, RSA, should do fine. NIST certainly does not mandate all of =
them (FIPS 186-2, page 3, line 3).
Effective as of July 27, 2000, and with the prescribed transition period =
of FIPS 186-2 from July 27 2000 to July 27 2001, that should give enough =
time to make changes in a product line.
- Tolga
--=_C299D655.CBAAC9F1
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1"=
>
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR></HEAD>
<BODY style=3D"MARGIN-TOP: 2px; FONT: 10pt Arial; MARGIN-LEFT: 2px">
<DIV><BR>> In case this is useful as a data point, in my general =
wandering=20
around looking<BR>> for certs on the net the only publicly available =
DSA=20
certs I've ever found were<BR>> some old Thawte ones, presumably =
created just=20
to show'em (all the standard<BR>> Thawte certs are RSA, I don't think =
I've=20
ever seen the DSA certs actually used<BR>> to certify anything). =
I've=20
also very occasionally come across them being used<BR>> in closed=20
environments (ie ones where interoperability with the masses isn't<BR>>=
=20
really an issue). I suspect the motivation for a lot of these is =
that=20
there's<BR>> a requirement to use a FIPS algorithm and DSA is the =
only=20
choice. I can't see<BR>> a MUST RSA, MAY DSA as being any real =
problem,=20
it's just recognising what has<BR>> been reality for the last few=20
years.<BR><BR>DSA is not the ONLY asymmetric algorithm certifiable in =
FIPS=20
140-1/2, as it references any algorithm published/referenced in a =
FIPS; =20
X9.31 and X9.62 are also specified in FIPS 186-2.</DIV>
<DIV>Remember that DSS it not DSA.</DIV>
<DIV>Looking forward (that's what this is about, isn't it?), there are =
three=20
asymmetric algorithms in FIPS 68-2: DSA, X9.31 RSA, and X9.62 ECDSA.</DIV>
<DIV>So, the motivation for a lot of those certificates based on FIPS =
186-1 and=20
FIPS 140-1, is not there anymore.</DIV>
<DIV>It is enough to support one of them for FIPS purposes, then the most =
common=20
one, RSA, should do fine. NIST certainly does not mandate all of them =
(FIPS=20
186-2, page 3, line 3).</DIV>
<DIV>Effective as of July 27, 2000, and with the prescribed transition =
period of=20
FIPS 186-2 from July 27 2000 to July 27 2001, that should give enough time =
to=20
make changes in a product line.</DIV>
<DIV> </DIV>
<DIV>- Tolga</DIV></BODY></HTML>
--=_C299D655.CBAAC9F1--
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id IAA11760 for ietf-smime-bks; Tue, 28 Nov 2000 08:07:52 -0800 (PST)
Received: from netscape.com (h-205-217-237-47.netscape.com [205.217.237.47]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA11756 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 08:07:51 -0800 (PST)
Received: from dredd.mcom.com (dredd.mcom.com [205.217.237.54]) by netscape.com (8.10.0/8.10.0) with ESMTP id eASG0lD04598 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 08:00:52 -0800 (PST)
Received: from netscape.com ([192.18.120.135]) by dredd.mcom.com (Netscape Messaging Server 4.15 dredd Jun 22 2000 16:29:39) with ESMTP id G4QSUH00.DFT; Tue, 28 Nov 2000 08:08:41 -0800
Message-ID: <3A23D889.1000501@netscape.com>
Date: Tue, 28 Nov 2000 08:08:41 -0800
From: relyea@netscape.com (Bob Relyea)
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; m18) Gecko/20001108 Netscape6/6.0
X-Accept-Language: en
MIME-Version: 1.0
To: Enzo Michelangeli <em@who.net>
CC: pgut001@cs.aucKland.ac.nz, ietf-smime@imc.org
Subject: Re: RSA vs. DSA MUST
References: <97537385624891@kahu.cs.auckland.ac.nz> <007a01c058e6$a5ccf910$6000a8c0@em>
Content-Type: multipart/alternative; boundary="------------040104030509030409020307"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--------------040104030509030409020307
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Enzo Michelangeli wrote:
> really an issue). I suspect the motivation for a lot of these is that
>
> there's
>
>> a requirement to use a FIPS algorithm and DSA is the only choice. I can't
>
> see
>
>> a MUST RSA, MAY DSA as being any real problem, it's just recognising what
>
> has
>
>> been reality for the last few years.
>
We have seen a lot of DSA certificates generated by the U.S. Government.
What we haven't seen is a lot of DH certificates (The government uses
KEA, which is a form of DH that uses two DH keys and then skipjack to do
some key mixing).
> Well, there is one problem, and it's due to the store-and-forwad nature of
> e-mail which prevents negotiation, making it impossible to know whether a
> given algorithm is supported by a new recipient (think, e.g., of signed
> messages sent to mailing list).
It's even worse for asymetric algorithms. Even if you had information to
allow a negotiated symetric cipher, you are stuck with the asymetric
cipher based on the user's certificate.
If we were talking DH, I'd say there isn't much point, but I've seen a
lot of DSA stuff running around, and suspect, because of FIPs, to see
more of it. I'd vote to make it MUST.
bob
>
--------------040104030509030409020307
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 7bit
<html><head></head><body>Enzo Michelangeli wrote:<br>
<blockquote type="cite" cite="mid:007a01c058e6$a5ccf910$6000a8c0@em"><pre wrap="">really an issue). I suspect the motivation for a lot of these is that<br></pre>
<pre wrap=""><!---->there's<br></pre>
<blockquote type="cite"><pre wrap="">a requirement to use a FIPS algorithm and DSA is the only choice. I can't<br></pre></blockquote>
<pre wrap=""><!---->see<br></pre>
<blockquote type="cite"><pre wrap="">a MUST RSA, MAY DSA as being any real problem, it's just recognising what<br></pre></blockquote>
<pre wrap=""><!---->has<br></pre>
<blockquote type="cite"><pre wrap="">been reality for the last few years.</pre></blockquote>
</blockquote>
<br>
We have seen a lot of DSA certificates generated by the U.S. Government.
What we haven't seen is a lot of DH certificates (The government uses KEA,
which is a form of DH that uses two DH keys and then skipjack to do some
key mixing).<br>
<br>
<blockquote type="cite" cite="mid:007a01c058e6$a5ccf910$6000a8c0@em"><pre wrap="">Well, there is one problem, and it's due to the store-and-forwad nature of<br>e-mail which prevents negotiation, making it impossible to know whether a<br>given algorithm is supported by a new recipient (think, e.g., of signed<br>messages sent to mailing list). </pre>
</blockquote>
It's even worse for asymetric algorithms. Even if you had information to
allow a negotiated symetric cipher, you are stuck with the asymetric cipher
based on the user's certificate.<br>
<br>
If we were talking DH, I'd say there isn't much point, but I've seen a lot
of DSA stuff running around, and suspect, because of FIPs, to see more of
it. I'd vote to make it MUST.<br>
<br>
<br>
bob
<blockquote type="cite" cite="mid:007a01c058e6$a5ccf910$6000a8c0@em"><pre wrap=""><br></pre>
</blockquote>
<br>
<br>
</body></html>
--------------040104030509030409020307--
Received: by ns.secondary.com (8.9.3/8.9.3) id HAA04685 for ietf-smime-bks; Tue, 28 Nov 2000 07:20:15 -0800 (PST)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id HAA04681 for <ietf-smime@imc.org>; Tue, 28 Nov 2000 07:20:13 -0800 (PST)
Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Tue, 28 Nov 2000 08:20:49 -0700
Message-Id: <sa236ae1.091@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 5.5.5.1
Date: Tue, 28 Nov 2000 08:20:42 -0700
From: "Bob Jueneman" <bjueneman@novell.com>
To: <pgut001@cs.aucKland.ac.nz>, <ietf-smime@imc.org>, <dpkemp@missi.ncsc.mil>, <blake.ramsdell@tumbleweed.com>
Subject: RE: RSA vs. DSA MUST
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id HAA04682
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
>"Blake Ramsdell" <blake.ramsdell@tumbleweed.com> writes:
>
>>I do not care strongly, but the strawpoll at the last IETF indicated a
>>preference for "both", and that was the path we were headed down, and that
>>Russ summarized. Personally, I don't implement it, and I haven't had any
>>customer complaints telling me I should, and the backwards compatibility
>>issues are almost the same as for Diffie-Hellman certs (that is, I have not
>>seen anyone using them, so chucking them wouldn't break an installed base of
>>significant size, if at all).
>
>In case this is useful as a data point, in my general wandering around looking
>for certs on the net the only publicly available DSA certs I've ever found were
>some old Thawte ones, presumably created just to show'em (all the standard
>Thawte certs are RSA, I don't think I've ever seen the DSA certs actually used
>to certify anything). I've also very occasionally come across them being used
>in closed environments (ie ones where interoperability with the masses isn't
>really an issue). I suspect the motivation for a lot of these is that there's
>a requirement to use a FIPS algorithm and DSA is the only choice. I can't see
>a MUST RSA, MAY DSA as being any real problem, it's just recognising what has
>been reality for the last few years.
>
>Peter.
>
That would certainly be my preference, unless some hitherto-unknown set of customers waving gobs of money come running out of the woods.
Even MAY language is somewhat troubling -- I continue to believe that the SMIME group has gotten seriously off track by introducing orphan algorithms such as CAST, IDEA, symmetric key, password-encryption, etc., etc., that if implemented would add only incrementally to the coding effort, but would complicate interoperability testing exponentially. I wouldn't object to MAY for DSA, but I would strongly prefer that it not be a MUST.
If DSA is a MUST, then I strongly suspect that we and probably many other vendors will simply be noncompliant, and that doesn't help anyone, especially with respect to interoperability. And isn't that what standards are all about?
Regards,
Bob
Robert R. Jueneman
Security Architect
Novell, Inc. -- the leading provider of Net services software
Received: by ns.secondary.com (8.9.3/8.9.3) id SAA10224 for ietf-smime-bks; Mon, 27 Nov 2000 18:54:59 -0800 (PST)
Received: from china.asiainter.net (asiainter.net [202.84.207.2]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id SAA10220 for <ietf-smime@imc.org>; Mon, 27 Nov 2000 18:54:56 -0800 (PST)
Received: (qmail 10681 invoked from network); 28 Nov 2000 02:55:42 -0000
Received: from unknown (HELO em) (203.161.252.186) by asiainter.net with SMTP; 28 Nov 2000 02:55:42 -0000
Message-ID: <007a01c058e6$a5ccf910$6000a8c0@em>
From: "Enzo Michelangeli" <em@who.net>
To: <pgut001@cs.aucKland.ac.nz>, <ietf-smime@imc.org>
References: <97537385624891@kahu.cs.auckland.ac.nz>
Subject: Re: RSA vs. DSA MUST
Date: Tue, 28 Nov 2000 10:54:43 +0800
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
----- Original Message -----
From: "Peter Gutmann" <pgut001@cs.aucKland.ac.nz>
To: <bjueneman@novell.com>; <blake.ramsdell@tumbleweed.com>;
<dpkemp@missi.ncsc.mil>; <ietf-smime@imc.org>
Sent: Tuesday, November 28, 2000 2:10 PM
Subject: RE: RSA vs. DSA MUST
> In case this is useful as a data point, in my general wandering around
looking
> for certs on the net the only publicly available DSA certs I've ever found
were
> some old Thawte ones, presumably created just to show'em (all the standard
> Thawte certs are RSA, I don't think I've ever seen the DSA certs actually
used
> to certify anything). I've also very occasionally come across them being
used
> in closed environments (ie ones where interoperability with the masses
isn't
> really an issue). I suspect the motivation for a lot of these is that
there's
> a requirement to use a FIPS algorithm and DSA is the only choice. I can't
see
> a MUST RSA, MAY DSA as being any real problem, it's just recognising what
has
> been reality for the last few years.
Well, there is one problem, and it's due to the store-and-forwad nature of
e-mail which prevents negotiation, making it impossible to know whether a
given algorithm is supported by a new recipient (think, e.g., of signed
messages sent to mailing list). The result is that everybody ends up using
ONLY the common denominator, i.e. the "MUST" algorithms. Incidentally, this
was precisely the root of the trouble with 40-bit security in the bad old
days: a sort of Grisham's Law for algorithms...
In my opinion, "MAY" algorithms are pretty useless in non-interactive
contexts, and if DSA is not kept as a "MUST" (my preferred choice), it might
as well be dropped altogether.
Enzo
Received: by ns.secondary.com (8.9.3/8.9.3) id RAA08629 for ietf-smime-bks; Mon, 27 Nov 2000 17:21:41 -0800 (PST)
Received: from mail.ec.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.201]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA08621 for <ietf-smime@imc.org>; Mon, 27 Nov 2000 17:21:30 -0800 (PST)
Received: from kahu.cs.auckland.ac.nz (pgut001@kahu.cs.auckland.ac.nz [130.216.36.13]) by mail.ec.auckland.ac.nz (8.9.3/8.8.6/cs-master) with SMTP id OAA10456; Tue, 28 Nov 2000 14:10:44 +1300 (NZDT) (sender pgut001@cs.auckland.ac.nz)
Received: by kahu.cs.auckland.ac.nz (relaymail v0.9) id <97537385624891>; Tue, 28 Nov 2000 14:10:56 (NZDT)
From: pgut001@cs.aucKland.ac.nz (Peter Gutmann)
To: bjueneman@novell.com, blake.ramsdell@tumbleweed.com, dpkemp@missi.ncsc.mil, ietf-smime@imc.org
Subject: RE: RSA vs. DSA MUST
Reply-To: pgut001@cs.aucKland.ac.nz
X-Charge-To: pgut001
X-Authenticated: relaymail v0.9 on kahu.cs.auckland.ac.nz
Date: Tue, 28 Nov 2000 14:10:56 (NZDT)
Message-ID: <97537385624891@kahu.cs.auckland.ac.nz>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
"Blake Ramsdell" <blake.ramsdell@tumbleweed.com> writes:
>I do not care strongly, but the strawpoll at the last IETF indicated a
>preference for "both", and that was the path we were headed down, and that
>Russ summarized. Personally, I don't implement it, and I haven't had any
>customer complaints telling me I should, and the backwards compatibility
>issues are almost the same as for Diffie-Hellman certs (that is, I have not
>seen anyone using them, so chucking them wouldn't break an installed base of
>significant size, if at all).
In case this is useful as a data point, in my general wandering around looking
for certs on the net the only publicly available DSA certs I've ever found were
some old Thawte ones, presumably created just to show'em (all the standard
Thawte certs are RSA, I don't think I've ever seen the DSA certs actually used
to certify anything). I've also very occasionally come across them being used
in closed environments (ie ones where interoperability with the masses isn't
really an issue). I suspect the motivation for a lot of these is that there's
a requirement to use a FIPS algorithm and DSA is the only choice. I can't see
a MUST RSA, MAY DSA as being any real problem, it's just recognising what has
been reality for the last few years.
Peter.
Received: by ns.secondary.com (8.9.3/8.9.3) id QAA08126 for ietf-smime-bks; Mon, 27 Nov 2000 16:50:46 -0800 (PST)
Received: from cane.deming.com (mail.deming.com [208.236.41.137]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id QAA08122 for <ietf-smime@imc.org>; Mon, 27 Nov 2000 16:50:45 -0800 (PST)
Received: from 208.236.41.137 by cane.deming.com with ESMTP (Tumbleweed MMS SMTP Relay (MMS v4.6)); Mon, 27 Nov 2000 16:51:38 -0800
X-Server-Uuid: 1a012586-24e9-11d1-adae-00a024bc53c5
Received: by mail.deming.com with Internet Mail Service (5.5.2650.21) id <XJ563YFM>; Mon, 27 Nov 2000 16:51:37 -0800
Message-ID: <01FF24001403D011AD7B00A024BC53C5A77587@mail.deming.com>
From: "Blake Ramsdell" <blake.ramsdell@tumbleweed.com>
To: "'Bob Jueneman'" <bjueneman@novell.com>, ietf-smime@imc.org, dpkemp@missi.ncsc.mil
Subject: RE: RSA vs. DSA MUST
Date: Mon, 27 Nov 2000 16:51:28 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
X-WSS-ID: 163DDE1028396-01-01
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
I do not care strongly, but the strawpoll at the last IETF indicated a
preference for "both", and that was the path we were headed down, and that
Russ summarized. Personally, I don't implement it, and I haven't had any
customer complaints telling me I should, and the backwards compatibility
issues are almost the same as for Diffie-Hellman certs (that is, I have not
seen anyone using them, so chucking them wouldn't break an installed base of
significant size, if at all).
Blake
-----Original Message-----
From: Bob Jueneman [mailto:bjueneman@novell.com]
Sent: Monday, November 27, 2000 3:04 PM
To: ietf-smime@imc.org; dpkemp@missi.ncsc.mil
Subject: RSA vs. DSA MUST
David, is the issue whether RSA should REPLACE DSA as a MUST, as opposed to
merely adding an additional MUST for RSA for signatures?
I doubt that there would be any strong disagreement about adding RSA as a
MUST, since it has been a commercial requirement and de facto standard all
along, regardless of IETF politics.
But other than the patent issues, is there still a strong technical,
marketing or other consensus in favor of continuing DSA as a MUST?
To date, we haven't implemented DSA in GroupWise, nor in the Novell Cert.
Server, due to the complete absence of customer demand. In fact, when we
looked around, we couldn't find any certificates that used DSA (granted, we
probably didn't look very hard.)
Do any of the US DoD PKI or e-mail initiatives have any serious plans to
MANDATE the exclusive use of DSA?
Does anyone else care strongly?
Regards,
Bob
Robert R. Jueneman
Security Architect
Novell, Inc -- the leading provider of Net services software
>>> "David P. Kemp" <dpkemp@missi.ncsc.mil> 11/27/00 01:49PM >>>
> Title : S/MIME Version 3.1 Certificate Profile Addendum
> Author(s) : B. Ramsdell
> Filename : draft-ietf-smime-v31cert-00.txt
> Pages :
> Date : 22-Nov-00
>
> In light of the expiration of the primary RSA patent, it is proposed
> that the RSA algorithm replace the DSS and Diffie-Hellman as the MUST
> implement algorithms in the S/MIME profile. This draft will describe
> only the proposed changes to the S/MIME Version 3 Certificate Handling
> RFC [SMIMEV3CERT], and the rest of that RFC will remain identical.
Did I miss the discussion and consensus on this?
I was under the impression that RSA does not replace DSA as a
MUST-implement, rather RSA becomes an additional MUST for signatures:
> Russ Housley <housley@spyrus.com> on 07/31/2000 05:04:52 PM
>
> Proposed way forward: Change the mandatory to implement algorithm set to:
> One-way Hash: SHA-1 (no change)
> Signature: Both DSA and RSA (PKCS#1 v1.5)
> Key Mgmt: RSA (OAEP)
> Eencryption: Triple-DES in CBC mode
The Certificate Profile should reflect the results of the last meeting
and subsequent mail list discussion.
Received: by ns.secondary.com (8.9.3/8.9.3) id PAA06564 for ietf-smime-bks; Mon, 27 Nov 2000 15:03:33 -0800 (PST)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id PAA06556 for <ietf-smime@imc.org>; Mon, 27 Nov 2000 15:03:31 -0800 (PST)
Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Mon, 27 Nov 2000 16:04:20 -0700
Message-Id: <sa228604.082@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 5.5.5.1
Date: Mon, 27 Nov 2000 16:04:16 -0700
From: "Bob Jueneman" <bjueneman@novell.com>
To: <ietf-smime@imc.org>, <dpkemp@missi.ncsc.mil>
Subject: RSA vs. DSA MUST
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id PAA06557
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
David, is the issue whether RSA should REPLACE DSA as a MUST, as opposed to merely adding an additional MUST for RSA for signatures?
I doubt that there would be any strong disagreement about adding RSA as a MUST, since it has been a commercial requirement and de facto standard all along, regardless of IETF politics.
But other than the patent issues, is there still a strong technical, marketing or other consensus in favor of continuing DSA as a MUST?
To date, we haven't implemented DSA in GroupWise, nor in the Novell Cert. Server, due to the complete absence of customer demand. In fact, when we looked around, we couldn't find any certificates that used DSA (granted, we probably didn't look very hard.)
Do any of the US DoD PKI or e-mail initiatives have any serious plans to MANDATE the exclusive use of DSA?
Does anyone else care strongly?
Regards,
Bob
Robert R. Jueneman
Security Architect
Novell, Inc -- the leading provider of Net services software
>>> "David P. Kemp" <dpkemp@missi.ncsc.mil> 11/27/00 01:49PM >>>
> Title : S/MIME Version 3.1 Certificate Profile Addendum
> Author(s) : B. Ramsdell
> Filename : draft-ietf-smime-v31cert-00.txt
> Pages :
> Date : 22-Nov-00
>
> In light of the expiration of the primary RSA patent, it is proposed
> that the RSA algorithm replace the DSS and Diffie-Hellman as the MUST
> implement algorithms in the S/MIME profile. This draft will describe
> only the proposed changes to the S/MIME Version 3 Certificate Handling
> RFC [SMIMEV3CERT], and the rest of that RFC will remain identical.
Did I miss the discussion and consensus on this?
I was under the impression that RSA does not replace DSA as a
MUST-implement, rather RSA becomes an additional MUST for signatures:
> Russ Housley <housley@spyrus.com> on 07/31/2000 05:04:52 PM
>
> Proposed way forward: Change the mandatory to implement algorithm set to:
> One-way Hash: SHA-1 (no change)
> Signature: Both DSA and RSA (PKCS#1 v1.5)
> Key Mgmt: RSA (OAEP)
> Eencryption: Triple-DES in CBC mode
The Certificate Profile should reflect the results of the last meeting
and subsequent mail list discussion.
Received: by ns.secondary.com (8.9.3/8.9.3) id OAA04119 for ietf-smime-bks; Mon, 27 Nov 2000 14:02:26 -0800 (PST)
Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA04115 for <ietf-smime@imc.org>; Mon, 27 Nov 2000 14:02:25 -0800 (PST)
Received: from RHOUSLEY-PC.spyrus.com ([209.172.119.210]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id OAA23359; Mon, 27 Nov 2000 14:03:13 -0800 (PST)
Message-Id: <5.0.1.4.2.20001127164203.027c0e70@mail.spyrus.com>
X-Sender: rhousley@mail.spyrus.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.1
Date: Mon, 27 Nov 2000 16:46:08 -0500
To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
From: Russ Housley <housley@spyrus.com>
Subject: Re: I-D ACTION:draft-ietf-smime-v31cert-00.txt
Cc: ietf-smime@imc.org
In-Reply-To: <200011272032.PAA20762@roadblock.missi.ncsc.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Dave:
You did not miss anything. This is a proposed change. The Working Group
has not agreed or rejected the proposal.
Russ
At 03:49 PM 11/27/2000 -0500, David P. Kemp wrote:
> > Title : S/MIME Version 3.1 Certificate Profile Addendum
> > Author(s) : B. Ramsdell
> > Filename : draft-ietf-smime-v31cert-00.txt
> > Pages :
> > Date : 22-Nov-00
> >
> > In light of the expiration of the primary RSA patent, it is proposed
> > that the RSA algorithm replace the DSS and Diffie-Hellman as the MUST
> > implement algorithms in the S/MIME profile. This draft will describe
> > only the proposed changes to the S/MIME Version 3 Certificate Handling
> > RFC [SMIMEV3CERT], and the rest of that RFC will remain identical.
>
>
>Did I miss the discussion and consensus on this?
>
>I was under the impression that RSA does not replace DSA as a
>MUST-implement, rather RSA becomes an additional MUST for signatures:
>
>
> > Russ Housley <housley@spyrus.com> on 07/31/2000 05:04:52 PM
> >
> > Proposed way forward: Change the mandatory to implement algorithm set to:
> > One-way Hash: SHA-1 (no change)
> > Signature: Both DSA and RSA (PKCS#1 v1.5)
> > Key Mgmt: RSA (OAEP)
> > Eencryption: Triple-DES in CBC mode
>
>
>The Certificate Profile should reflect the results of the last meeting
>and subsequent mail list discussion.
Received: by ns.secondary.com (8.9.3/8.9.3) id OAA04067 for ietf-smime-bks; Mon, 27 Nov 2000 14:01:23 -0800 (PST)
Received: from cane.deming.com (mail.deming.com [208.236.41.137]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id OAA04063 for <ietf-smime@imc.org>; Mon, 27 Nov 2000 14:01:21 -0800 (PST)
Received: from 208.236.41.137 by cane.deming.com with ESMTP (Tumbleweed MMS SMTP Relay (MMS v4.6)); Mon, 27 Nov 2000 14:02:13 -0800
X-Server-Uuid: 1a012586-24e9-11d1-adae-00a024bc53c5
Received: by mail.deming.com with Internet Mail Service (5.5.2650.21) id <XJ563YCT>; Mon, 27 Nov 2000 14:02:13 -0800
Message-ID: <01FF24001403D011AD7B00A024BC53C5A77582@mail.deming.com>
From: "Blake Ramsdell" <blake.ramsdell@tumbleweed.com>
To: "'David P. Kemp'" <dpkemp@missi.ncsc.mil>, ietf-smime@imc.org
Subject: RE: I-D ACTION:draft-ietf-smime-v31cert-00.txt
Date: Mon, 27 Nov 2000 14:02:06 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
X-WSS-ID: 163C066F27524-01-01
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
I agree, and I screwed up. Basically I just took the -ramsdell draft and
made it -smime, and I forgot to change the language.
The msg draft didn't get submitted, as I submitted the -ramsdell version
instead of the -smime version. I think the wording is fixed in there, and
you can certainly point out anything that I missed. I will send it to the
list soon.
Blake
-----Original Message-----
From: David P. Kemp [mailto:dpkemp@missi.ncsc.mil]
Sent: Monday, November 27, 2000 12:49 PM
To: ietf-smime@imc.org
Subject: Re: I-D ACTION:draft-ietf-smime-v31cert-00.txt
> Title : S/MIME Version 3.1 Certificate Profile Addendum
> Author(s) : B. Ramsdell
> Filename : draft-ietf-smime-v31cert-00.txt
> Pages :
> Date : 22-Nov-00
>
> In light of the expiration of the primary RSA patent, it is proposed
> that the RSA algorithm replace the DSS and Diffie-Hellman as the MUST
> implement algorithms in the S/MIME profile. This draft will describe
> only the proposed changes to the S/MIME Version 3 Certificate Handling
> RFC [SMIMEV3CERT], and the rest of that RFC will remain identical.
Did I miss the discussion and consensus on this?
I was under the impression that RSA does not replace DSA as a
MUST-implement, rather RSA becomes an additional MUST for signatures:
> Russ Housley <housley@spyrus.com> on 07/31/2000 05:04:52 PM
>
> Proposed way forward: Change the mandatory to implement algorithm set to:
> One-way Hash: SHA-1 (no change)
> Signature: Both DSA and RSA (PKCS#1 v1.5)
> Key Mgmt: RSA (OAEP)
> Eencryption: Triple-DES in CBC mode
The Certificate Profile should reflect the results of the last meeting
and subsequent mail list discussion.
Received: by ns.secondary.com (8.9.3/8.9.3) id MAA01479 for ietf-smime-bks; Mon, 27 Nov 2000 12:56:07 -0800 (PST)
Received: from roadblock.missi.ncsc.mil (roadblock.missi.ncsc.mil [144.51.50.70]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA01473 for <ietf-smime@imc.org>; Mon, 27 Nov 2000 12:56:05 -0800 (PST)
Received: from roadblock.missi.ncsc.mil (root@localhost) by roadblock.missi.ncsc.mil with ESMTP id PAA20766 for <ietf-smime@imc.org>; Mon, 27 Nov 2000 15:32:56 -0500 (EST)
Message-Id: <200011272032.PAA20762@roadblock.missi.ncsc.mil>
Date: Mon, 27 Nov 2000 15:49:24 -0500 (EST)
From: "David P. Kemp" <dpkemp@missi.ncsc.mil>
Reply-To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
Subject: Re: I-D ACTION:draft-ietf-smime-v31cert-00.txt
To: ietf-smime@imc.org
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: SqyP0BetNrZE6qqnZjCF7A==
X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4u sparc
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
> Title : S/MIME Version 3.1 Certificate Profile Addendum
> Author(s) : B. Ramsdell
> Filename : draft-ietf-smime-v31cert-00.txt
> Pages :
> Date : 22-Nov-00
>
> In light of the expiration of the primary RSA patent, it is proposed
> that the RSA algorithm replace the DSS and Diffie-Hellman as the MUST
> implement algorithms in the S/MIME profile. This draft will describe
> only the proposed changes to the S/MIME Version 3 Certificate Handling
> RFC [SMIMEV3CERT], and the rest of that RFC will remain identical.
Did I miss the discussion and consensus on this?
I was under the impression that RSA does not replace DSA as a
MUST-implement, rather RSA becomes an additional MUST for signatures:
> Russ Housley <housley@spyrus.com> on 07/31/2000 05:04:52 PM
>
> Proposed way forward: Change the mandatory to implement algorithm set to:
> One-way Hash: SHA-1 (no change)
> Signature: Both DSA and RSA (PKCS#1 v1.5)
> Key Mgmt: RSA (OAEP)
> Eencryption: Triple-DES in CBC mode
The Certificate Profile should reflect the results of the last meeting
and subsequent mail list discussion.
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id LAA24096 for ietf-smime-bks; Mon, 27 Nov 2000 11:10:15 -0800 (PST)
Received: from public.szptt.net.cn (mail1-smtp.szptt.net.cn [202.96.136.221]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id LAA24090 for <ietf-smime@imc.org>; Mon, 27 Nov 2000 11:10:12 -0800 (PST)
From: Internet-Drafts@ietf.org
Received: from public.szptt.net.cn([202.96.136.221]) by public.szptt.net.cn(JetMail 2.5.3.0) with SMTP id jm43a22e449; Mon, 27 Nov 2000 19:09:31 -0000
Received: from loki.ietf.org([132.151.1.177]) by public.szptt.net.cn(JetMail 2.5.3.0) with SMTP id jm113a1f8958; Sat, 25 Nov 2000 05:07:48 -0000
Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id XAA14999 for ietf-123-outbound.01@ietf.org; Fri, 24 Nov 2000 23:45:00 -0500 (EST)
Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id SAA12465 for <all-ietf@loki.ietf.org>; Fri, 24 Nov 2000 18:28:19 -0500 (EST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26413; Fri, 24 Nov 2000 18:28:15 -0500 (EST)
Message-Id: <200011242328.SAA26413@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-v31cert-00.txt
Date: Fri, 24 Nov 2000 18:28:15 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : S/MIME Version 3.1 Certificate Profile Addendum
Author(s) : B. Ramsdell
Filename : draft-ietf-smime-v31cert-00.txt
Pages :
Date : 22-Nov-00
In light of the expiration of the primary RSA patent, it is proposed
that the RSA algorithm replace the DSS and Diffie-Hellman as the MUST
implement algorithms in the S/MIME profile. This draft will describe
only the proposed changes to the S/MIME Version 3 Certificate Handling
RFC [SMIMEV3CERT], and the rest of that RFC will remain identical.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-v31cert-00.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-v31cert-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-v31cert-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001122150214.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-v31cert-00.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-v31cert-00.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001122150214.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id PAA20132 for ietf-smime-bks; Fri, 24 Nov 2000 15:27:15 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA20128 for <ietf-smime@imc.org>; Fri, 24 Nov 2000 15:27:13 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26425; Fri, 24 Nov 2000 18:28:18 -0500 (EST)
Message-Id: <200011242328.SAA26425@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-aes-alg-00.txt
Date: Fri, 24 Nov 2000 18:28:18 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Use of the Advanced Encryption Algorithm in CMS
Author(s) : J. Schaad
Filename : draft-ietf-smime-aes-alg-00.txt
Pages : 6
Date : 22-Nov-00
This document specifies how to incorporate the Advanced Encryption
Standard (AES) candidate algorithm [AES] into the S/MIME
Cryptographic Message Syntax (CMS) as an additional algorithm for
symmetric encryption. The relevant OIDs and processing steps are
provided so that the AES algorithms may be included in the CMS
specification [CMS] for symmetric content and key encryption.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-aes-alg-00.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-aes-alg-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-aes-alg-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001122150223.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-aes-alg-00.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-aes-alg-00.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001122150223.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id PAA20126 for ietf-smime-bks; Fri, 24 Nov 2000 15:27:12 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA20121 for <ietf-smime@imc.org>; Fri, 24 Nov 2000 15:27:11 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26413; Fri, 24 Nov 2000 18:28:15 -0500 (EST)
Message-Id: <200011242328.SAA26413@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-v31cert-00.txt
Date: Fri, 24 Nov 2000 18:28:15 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : S/MIME Version 3.1 Certificate Profile Addendum
Author(s) : B. Ramsdell
Filename : draft-ietf-smime-v31cert-00.txt
Pages :
Date : 22-Nov-00
In light of the expiration of the primary RSA patent, it is proposed
that the RSA algorithm replace the DSS and Diffie-Hellman as the MUST
implement algorithms in the S/MIME profile. This draft will describe
only the proposed changes to the S/MIME Version 3 Certificate Handling
RFC [SMIMEV3CERT], and the rest of that RFC will remain identical.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-v31cert-00.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-v31cert-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-v31cert-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001122150214.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-v31cert-00.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-v31cert-00.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001122150214.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id PAA20117 for ietf-smime-bks; Fri, 24 Nov 2000 15:27:09 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA20113 for <ietf-smime@imc.org>; Fri, 24 Nov 2000 15:27:08 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26403; Fri, 24 Nov 2000 18:28:12 -0500 (EST)
Message-Id: <200011242328.SAA26403@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-domsec-07.txt
Date: Fri, 24 Nov 2000 18:28:12 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Domain Security Services using S/MIME
Author(s) : T. Dean, W. Ottaway
Filename : draft-ietf-smime-domsec-07.txt
Pages : 8
Date : 22-Nov-00
This document describes how the S/MIME protocol can be processed and
generated by a number of components of a communication system, such as
message transfer agents, guards and gateways to deliver security
services. These services are collectively referred to as 'Domain
Security Services'. The mechanisms described in this document are
designed to solve a number of interoperability problems and technical
limitations that arise when different security domains wish to
communicate securely, for example when two domains use incompatible
messaging technologies such as X.400 series and SMTP/MIME, or when a
single domain wishes to communicate securely with one of its members
residing on an untrusted domain. The scenarios covered by this document
are domain to domain, individual to domain and domain to individual
communications. This document is also applicable to organisations and
enterprises that have internal PKIs which are not accessible by the
outside world, but wish to interoperate securely using the S/MIME
protocol.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-domsec-07.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-domsec-07.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-domsec-07.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001122150205.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-domsec-07.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-domsec-07.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001122150205.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id QAA07941 for ietf-smime-bks; Wed, 22 Nov 2000 16:23:11 -0800 (PST)
Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id QAA07930 for <ietf-smime@imc.org>; Wed, 22 Nov 2000 16:23:10 -0800 (PST)
Received: from RHOUSLEY-PC.spyrus.com (208-58-192-39.s39.tnt9.lnhva.md.dialup.rcn.com [208.58.192.39]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id QAA09287 for <ietf-smime@imc.org>; Wed, 22 Nov 2000 16:23:33 -0800 (PST)
Message-Id: <5.0.1.4.2.20001122190005.02742a70@mail.spyrus.com>
X-Sender: rhousley@mail.spyrus.com (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.0.1
Date: Wed, 22 Nov 2000 19:03:54 -0500
To: ietf-smime@imc.org
From: Russ Housley <housley@spyrus.com>
Subject: Draft S/MIME WG Agenda for San Diego
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Please contact me immediately if you would like a time slot and you are not
on the attached draft agenda.
Russ
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
S/MIME Mail Security WG Agenda
San Diego, California
December 2000
Introductions Russ Housley
Working Group Status Russ Housley
Interoperability Matrix Jim Schaad
Security Policies and Labels (Weston Nicolls)
Symmetric Key Distribution Sean Turner
Domain Security (DOMSEC) Bill Ottaway
Reuse of Content Encryption Keys Steve Farrell
Advanced Encryption Standard (AES) Jim Schaad
RSA as a MUST implement Blake Ramsdell
S/MIME Freeware Library [*] John Pawling
Wrap up Russ Housley
( ) Author cannot attend; proxy will lead discussion
[*] If time permits
Received: by ns.secondary.com (8.9.3/8.9.3) id IAA17017 for ietf-smime-bks; Wed, 22 Nov 2000 08:38:30 -0800 (PST)
Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA17013 for <ietf-smime@imc.org>; Wed, 22 Nov 2000 08:38:28 -0800 (PST)
Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id <WY8BZWRM>; Wed, 22 Nov 2000 11:38:55 -0500
Message-ID: <4B0D36365AD3D2118FF40060972A16C0019B18ED@wfhqex01.wangfed.com>
From: "Pawling, John" <John.Pawling@GetronicsGov.com>
To: "'Ahmed Bhamjee'" <ahmed.bhamjee@sse.ie>, ietf-smime@imc.org
Subject: RE: S/MIME v3 implementations
Date: Wed, 22 Nov 2000 11:38:56 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Ahmed,
The S/MIME Freeware Library (SFL) uses the freeware Crypto++ library to
implement RFC 2631. We have performed successful RFC 2631 interoperability
testing between the SFL and the Microsoft Outlook 2000 S/MIME v3
implementation. Also, the SFL has been used to perform RFC 2631
interoperability testing with Baltimore Technologies S/MIME v3
implementation.
When using E-S D-H, the originator uses the recipient's D-H public key
parameters to generate the originator's ephemeral D-H private/public key
pair. If you are sending the same message to multiple recipients who have
different D-H key sizes, then the originator can generate a unique ephemeral
D-H private/public key pair for each different recipient key size. In this
case, the originator would include a separate RecipientInfo in the
EnvelopedData for each different recipient key size.
Please let me know if you require further information regarding the SFL or
the interoperability testing that we have conducted.
===========================================
John Pawling, John.Pawling@GetronicsGov.com
Getronics Government Solutions, LLC
===========================================
-----Original Message-----
From: Ahmed Bhamjee [mailto:ahmed.bhamjee@sse.ie]
Sent: Wednesday, November 22, 2000 5:36 AM
To: ietf-smime@imc.org
Subject: S/MIME v3 implementations
Could someone please provide me (or point me to a location where I can find)
a list of products which implement Diffie-Hellman as per RFC 2631.
Also, when using Diffie-Hellman Ephemeral-Static mode, what key size do you
use to generate a new key pair. You could use the key size of the recipient,
but what if you are sending the same message to multiple recipients who may
have different DH key sizes. Another option is to use the size of your own
static DH key pair.
I would appreciate any advice or help with this.
Thanks in advance
Ahmed
Received: by ns.secondary.com (8.9.3/8.9.3) id IAA15393 for ietf-smime-bks; Wed, 22 Nov 2000 08:11:44 -0800 (PST)
Received: from thehub.knight-hub.com (thehub.knight-hub.com [205.177.16.3]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA15388 for <ietf-smime@imc.org>; Wed, 22 Nov 2000 08:11:42 -0800 (PST)
Received: from RHOUSLEY-PC.spyrus.com (va.spyrus.com [205.177.169.194]) by thehub.knight-hub.com (8.9.3/8.9.3) with ESMTP id LAA18074; Wed, 22 Nov 2000 11:07:01 -0500
Posted-Date: Wed, 22 Nov 2000 11:07:01 -0500
Message-Id: <5.0.1.4.2.20001122110012.00a78200@mail.spyrus.com>
X-Sender: rhousley@mail.spyrus.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.1
Date: Wed, 22 Nov 2000 11:02:36 -0500
To: "Ahmed Bhamjee" <ahmed.bhamjee@sse.ie>
From: Russ Housley <housley@spyrus.com>
Subject: Re: S/MIME v3 implementations
Cc: <ietf-smime@imc.org>
In-Reply-To: <000001c0546f$f170f9f0$c42078c1@sse.ie>
References: <5.0.1.4.2.20001121100815.027ad180@mail.spyrus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
You need to take a closer look at RFC 2630 and RFC 2631. You might need to
generate a different ephemeral key for each recipient. You can use the
same one for multiple recipients if and only if they have the same p, q,
and g domain parameter values. The originator must use the recipient
domain parameters when generating the ephemeral key pair.
Russ
At 10:35 AM 11/22/2000 +0000, Ahmed Bhamjee wrote:
>Could someone please provide me (or point me to a location where I can find)
>a list of products which implement Diffie-Hellman as per RFC 2631.
>
>Also, when using Diffie-Hellman Ephemeral-Static mode, what key size do you
>use to generate a new key pair. You could use the key size of the recipient,
>but what if you are sending the same message to multiple recipients who may
>have different DH key sizes. Another option is to use the size of your own
>static DH key pair.
>
>I would appreciate any advice or help with this.
>
>Thanks in advance
>Ahmed
Received: by ns.secondary.com (8.9.3/8.9.3) id CAA17558 for ietf-smime-bks; Wed, 22 Nov 2000 02:36:07 -0800 (PST)
Received: from mail0.sse.ie (mail0.sse.ie [193.120.32.47]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id CAA17539 for <ietf-smime@imc.org>; Wed, 22 Nov 2000 02:36:03 -0800 (PST)
Received: from mail0.sse.ie (actually localhost) by mail0.sse.ie; Wed, 22 Nov 2000 10:38:38 +0000
Received: from ahmed (ahmed.sse.ie [193.120.32.196]) by mail0.sse.ie (8.9.1a/8.9.1) with SMTP id KAA22948 for <ietf-smime@imc.org>; Wed, 22 Nov 2000 10:38:36 GMT
From: "Ahmed Bhamjee" <ahmed.bhamjee@sse.ie>
To: <ietf-smime@imc.org>
Subject: S/MIME v3 implementations
Date: Wed, 22 Nov 2000 10:35:32 -0000
Message-ID: <000001c0546f$f170f9f0$c42078c1@sse.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <5.0.1.4.2.20001121100815.027ad180@mail.spyrus.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Disposition-Notification-To: "Ahmed Bhamjee" <ahmed.bhamjee@sse.ie>
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Could someone please provide me (or point me to a location where I can find)
a list of products which implement Diffie-Hellman as per RFC 2631.
Also, when using Diffie-Hellman Ephemeral-Static mode, what key size do you
use to generate a new key pair. You could use the key size of the recipient,
but what if you are sending the same message to multiple recipients who may
have different DH key sizes. Another option is to use the size of your own
static DH key pair.
I would appreciate any advice or help with this.
Thanks in advance
Ahmed
Received: by ns.secondary.com (8.9.3/8.9.3) id HAA14950 for ietf-smime-bks; Tue, 21 Nov 2000 07:09:48 -0800 (PST)
Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA14946 for <ietf-smime@imc.org>; Tue, 21 Nov 2000 07:09:46 -0800 (PST)
Received: from RHOUSLEY-PC.spyrus.com ([209.172.119.210]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id HAA15177 for <ietf-smime@imc.org>; Tue, 21 Nov 2000 07:10:05 -0800 (PST)
Message-Id: <5.0.1.4.2.20001121100815.027ad180@mail.spyrus.com>
X-Sender: rhousley@mail.spyrus.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.1
Date: Tue, 21 Nov 2000 10:10:05 -0500
To: ietf-smime@imc.org
From: Russ Housley <housley@spyrus.com>
Subject: S/MIME WG Agenda
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Our tentative meeting slot for the upcoming meeting in San Diego was just
announced.
WEDNESDAY, 13 December 2000 from 1530 to 1730
SEC smime S/MIME Mail Security WG
APP webdav WWW Distributed Authoring and Versioning WG
INT frnetmib Frame Relay Service MIB WG
OPS sls Service Level Specification and Usage BOF
OPS sming Next Generation Structure of Man agement Information BOF
RTG idr Internet-Domain Routing WG
TSV avt Audio/Video Transport WG
TSV seamoby SeaMoby BOF
I will be posting a proposed agenda for the two hours soon.
Russ
Received: by ns.secondary.com (8.9.3/8.9.3) id PAA00577 for ietf-smime-bks; Sun, 19 Nov 2000 15:05:16 -0800 (PST)
Received: from unknown ([198.211.237.137]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id PAA00573; Sun, 19 Nov 2000 15:05:13 -0800 (PST)
From: redial@wongfaye.com
Subject: toner cartridges
Date: Wed, 19 Nov 1997 14:28:02
Message-Id: <400.389117.88183@>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Toner Supplies at discount prices
Laser Printer Toner Cartridges
Fax and Copier Cartridges
Order by phone:1-888-288-9043
Order by fax: 1-888-977-1577
*** E-mail removal line: 1-888-248-4930 ***
*** If you would like to mail your order please call
1-888-248-2015 ***
Pay by check, credit card or Purchase Order.
If your order is by check please leave your check number (Mail
check when you recieve merchandise)
If your order is by credit card please leave your card number +
expiration date
If your order is by P.O. please leave your shipping/billing
addresses
Current Prices are as follows:
Cartridges for Hewlett Packard printers:
4L,4p,1100 and series 2 cartridges are now $49
2p cartridges are $54
3si cartridges are $75
4000 and 2100 cartridges are $79
5000 and 8100 cartridges are $135
5p, 6p, 5mp and 6mp cartridges are $59
Cartridges for Apple printers
Pro 600 or 16-600 cartridges are now $69
Laser writer select 300,320 and 360 cartridges are $69
Laser writer 300 and 320 cartridges are $54
Laser writer NT, 2nt, 2f, 2g and LS cartridges are $54
Laser writer personal 12-640 cartridges are $79
Cartridges for Hewlett Packard laser fax printers:
Laser fax 500,700,5000,7000,fx1 and fx2 cartridges are now $59
Laser fax fx3 cartridges are $69
Our laser fax fx4 cartridges are $79
Cartridges for Lexmark and IBM printers
Optra 4019 and 4029 are now $125
optra r,r+ and optra s cartridges are $135
optra e cartridges are $59
Our cartridges for canon copiers
PC 3, 6re, 7 and 11 (A30) are now $69
PC 300,320,700,720 and 760 (E-40) are $89
90 day extended warranty included on all products.
Received: by ns.secondary.com (8.9.3/8.9.3) id CAA17511 for ietf-smime-bks; Sat, 18 Nov 2000 02:14:37 -0800 (PST)
Received: from starlink.co.kr ([203.242.202.130]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id CAA17493 for <ietf-smime@mail.proper.com>; Sat, 18 Nov 2000 02:14:34 -0800 (PST)
Message-Id: <200011181014.CAA17493@ns.secondary.com>
Received: from [38.26.242.229] by starlink.co.kr (SMTPD32-3.04) id A8086740220; Sat, 18 Nov 2000 19:20:56 +0900
From: "Edward Kopen" <kr21g@ragingbull.com>
Subject: Get rid of your "LOVE HANDLES' in 24 hours... # 1A0
To: nop20xc
X-Mailer: Microsoft Outlook Express 4.72.1712.3
X-MimeOLE: Produced By Microsoft MimeOLE V(null).1712.3
Mime-Version: 1.0
Date: Fri, 17 Nov 2000 21:58:36 -0500
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id CAA17499
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
JUST IN TIME FOR THE HOLIDAYS!!!!!!
It only takes an hour of your time
to gently rub in our miracle gel and
.. LOSE 4-6 INCHES OF STUBBORN FAT OVERNIGHT!
****FLATTEN your stomach.
****RE-SHAPE your butt.
****TRIM your thighs.
****REDUCE cellulite everywhere!
^^^WITHOUT strict diets
^^^WITHOUT strenuous exercise
^^^WITHOUT harmful metabolism boosters
^^^WITHOUT expensive surgery
Do you want to...
[ ] GET SLIM for the Holidays & STAY SLIM?
[ ] EAT WHAT YOU WANT at Holiday feasts and
festivities but GET RID OF those extra inches FAST?
[ ] BEGIN THE NEW YEAR without having to
go on ANOTHER DIET?
YOU CAN DO IT ALL!!!!!
with the safe and reliable overnight results of
our MIRACLE GEL.
It's safe to use as often as once a week
to help you lose more and more inches
OR...
to lose the added inches
of too much Holiday celebrating!
GUARANTEED RESULTS!
"My wife was scheduled for $6,000 liposuction surgery.
We saw your ad and decided your product was worth
trying first. Words can't express our delight! My wife
lost four inches in her midriff and three inches in her waist,
much more than the 'average results' in your ad. Needless
to say, we cancelled the surgery."
Eric Larsen, Lacrosse, WI
"I'm a professional singer, and I'm on the road a lot. I lost
almost two inches in my waistline in the first 24 hours.
I am very proud of the fact that I have lost this waistline
and obliques fat."
David Hutchins, Hickory,
NC
"I lost one inch in my waist, one inch in my hips, and two inches
in my thighs. The overnight results with your product are
really great! Thank you!"
Susan Meir, New York, NY
FOR MORE FREE INFORMATION, lots of testimonials, and
a step-by-step description of how this product safely creates
such amazing overnight results
Reply To:
mailto:sabt@usa.com?subject=more_info
CALL US: 520-203-4572 (9am-6pm, MST Mon-Sun)
You'll talk to people who have used our miracle gels.
///////////////////////////////////////////////////////
Please remove at:
mailto:kr21g@angelfire.com?subject=remove
///////////////////////////////////////////////////////
Received: by ns.secondary.com (8.9.3/8.9.3) id HAA25303 for ietf-smime-bks; Thu, 16 Nov 2000 07:56:38 -0800 (PST)
Received: from swordfish.nexor.co.uk (swordfish.nexor.co.uk [193.63.53.54]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA25276 for <ietf-smime@imc.org>; Thu, 16 Nov 2000 07:56:33 -0800 (PST)
Received: by swordfish.nexor.co.uk with Internet Mail Service (5.5.2650.14) id <WRY8AW78>; Thu, 16 Nov 2000 16:03:58 -0000
Message-ID: <3130909C0878D4118010006008517A7C021136@swordfish.nexor.co.uk>
From: Graeme Lunt <g.lunt@nexor.co.uk>
To: "'Bonatti, Chris'" <BonattiC@ieca.com>
Cc: ietf-smime@imc.org, "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk>
Subject: RE: I-D ACTION:draft-ietf-smime-x400transport-00.txt
Date: Thu, 16 Nov 2000 16:03:49 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.14)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
> Graeme,
>
> I think that 'id-data' covers any MIME object, not just
> CMS. Since it's defined in the S/MIME standards, the door
> is certainly open for somebody to question the scope of its
> use as a generally applicable identifier for all
> MIME. However, since (to my knowledge) nothing like this
> exists elsewhere, it's the best choice available.
OK - that's good - that's clarified it for me.
I'm not sure if this could be commented on in the draft, maybe
in the context of carrying multipart/signed?
If so, something like:
"If a multipart/signed message is to be transported in X.400, the
CMS-defined
value id-data SHOULD be used in the content-type field of the P1 envelope."
after the definition of id-data in section 2.2?
However, you may not want to do this if the draft is just looking
at transporting CMS objects, or do want start down the road of
addressing transporting generic MIME in this draft.
Graeme
Received: by ns.secondary.com (8.9.3/8.9.3) id GAA26998 for ietf-smime-bks; Thu, 16 Nov 2000 06:36:46 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA26989 for <ietf-smime@imc.org>; Thu, 16 Nov 2000 06:36:44 -0800 (PST)
Received: from ieca.com (mva-aa-005.capu.net [207.226.159.5]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id JAA19636; Thu, 16 Nov 2000 09:44:11 -0500
Message-ID: <3A13F2B6.C5C8E449@ieca.com>
Date: Thu, 16 Nov 2000 09:44:06 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Graeme Lunt <g.lunt@nexor.co.uk>
CC: "'Russ Housley'" <housley@spyrus.com>, ietf-smime@imc.org, "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk>
Subject: Re: I-D ACTION:draft-ietf-smime-x400transport-00.txt
References: <3130909C0878D4118010006008517A7C02112C@swordfish.nexor.co.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Graeme Lunt wrote:
> In fact, thinking about it a little more, does the draft as it stands
> actually allow me to do this? If I use id-data as the content-type,
> MUST the content be a MIME wrapped CMS object? Could it just be arbitrary
> MIME?
>
> This would certainly be a useful feature.
>
Graeme,
I think that 'id-data' covers any MIME object, not just CMS. Since it's
defined in the S/MIME standards, the door is certainly open for somebody to
question the scope of its use as a generally applicable identifier for all
MIME. However, since (to my knowledge) nothing like this exists elsewhere,
it's the best choice available.
Chris
Received: by ns.secondary.com (8.9.3/8.9.3) id GAA25989 for ietf-smime-bks; Thu, 16 Nov 2000 06:32:38 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA25980 for <ietf-smime@imc.org>; Thu, 16 Nov 2000 06:32:35 -0800 (PST)
Received: from ieca.com (mva-aa-124.capu.net [207.226.159.124]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id JAA19248; Thu, 16 Nov 2000 09:40:02 -0500
Message-ID: <3A13F1BD.57D18C41@ieca.com>
Date: Thu, 16 Nov 2000 09:39:57 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Graeme Lunt <g.lunt@nexor.co.uk>
CC: ietf-smime@imc.org, "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk>
Subject: Re: I-D ACTION:draft-ietf-smime-x400wrap-00.txt
References: <3130909C0878D4118010006008517A7C02112D@swordfish.nexor.co.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Graeme Lunt wrote:
> Maybe a better wording is to say that:
>
> "this X.400 content SHOULD maintain the encoding defined by the
> content type"
>
> rather than implying that an ASN.1 encoding should be used if
> possible?
>
Okay, that makes good sense.
Chris
Received: by ns.secondary.com (8.9.3/8.9.3) id DAA27317 for ietf-smime-bks; Thu, 16 Nov 2000 03:20:59 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA27296 for <ietf-smime@imc.org>; Thu, 16 Nov 2000 03:20:46 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA09214; Thu, 16 Nov 2000 06:28:19 -0500 (EST)
Message-Id: <200011161128.GAA09214@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-cms-rsaes-oaep-02.txt
Date: Thu, 16 Nov 2000 06:28:19 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Use of the RSAES-OAEP Transport Algorithm in CMS
Author(s) : R. Housley
Filename : draft-ietf-smime-cms-rsaes-oaep-02.txt
Pages : 8
Date : 15-Nov-00
This document describes the use of the RSAES-OAEP key transport
method of key management within the Cryptographic Message Syntax
[CMS].
This draft is being discussed on the 'ietf-smime' mailing list. To
join the list, send a message to <ietf-smime-request@imc.org> with
the single word 'subscribe' in the body of the message. Also, there
is a Web site for the mailing list at <http://www.imc.org/ietf-
smime/>.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-rsaes-oaep-02.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-cms-rsaes-oaep-02.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-cms-rsaes-oaep-02.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001115091809.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-cms-rsaes-oaep-02.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-cms-rsaes-oaep-02.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001115091809.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id CAA15263 for ietf-smime-bks; Thu, 16 Nov 2000 02:45:45 -0800 (PST)
Received: from swordfish.nexor.co.uk (swordfish.nexor.co.uk [193.63.53.54]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA15252 for <ietf-smime@imc.org>; Thu, 16 Nov 2000 02:45:43 -0800 (PST)
Received: by swordfish.nexor.co.uk with Internet Mail Service (5.5.2650.14) id <WRY8AWZV>; Thu, 16 Nov 2000 10:53:01 -0000
Message-ID: <3130909C0878D4118010006008517A7C02112D@swordfish.nexor.co.uk>
From: Graeme Lunt <g.lunt@nexor.co.uk>
To: "'Bonatti, Chris'" <BonattiC@ieca.com>
Cc: ietf-smime@imc.org, "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk>
Subject: RE: I-D ACTION:draft-ietf-smime-x400wrap-00.txt
Date: Thu, 16 Nov 2000 10:53:00 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.14)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Chris,
> I'm going to have to check up on your other comments, but
> this one has an immediate answer. The reason that the ASN.1
> encoding is a SHOULD and not a MUST is that X.400 allows
> non-ASN.1 content.
Fair point!
Maybe a better wording is to say that:
"this X.400 content SHOULD maintain the encoding defined by the
content type"
rather than implying that an ASN.1 encoding should be used if
possible?
Graeme
Received: by ns.secondary.com (8.9.3/8.9.3) id CAA11893 for ietf-smime-bks; Thu, 16 Nov 2000 02:34:38 -0800 (PST)
Received: from swordfish.nexor.co.uk (swordfish.nexor.co.uk [193.63.53.54]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA11869 for <ietf-smime@imc.org>; Thu, 16 Nov 2000 02:34:34 -0800 (PST)
Received: by swordfish.nexor.co.uk with Internet Mail Service (5.5.2650.14) id <WRY8AWZS>; Thu, 16 Nov 2000 10:41:51 -0000
Message-ID: <3130909C0878D4118010006008517A7C02112C@swordfish.nexor.co.uk>
From: Graeme Lunt <g.lunt@nexor.co.uk>
To: "'Russ Housley'" <housley@spyrus.com>
Cc: ietf-smime@imc.org, "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk>
Subject: RE: I-D ACTION:draft-ietf-smime-x400transport-00.txt
Date: Thu, 16 Nov 2000 10:41:46 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.14)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Russ,
> The CMS contentInfo uses id-data when the content is expected to be
> MIME. This choice is for historical reasons (S/MIME v2 did
> it that way).
>
> I think that the authors are trying to avoid a layer of MIME
> encapsulation.
Yes - I can see that you would want to avoid this.
> Did I miss something?
My comment was a little different.
What is being proposed is that the OID id-data must be used for the
X.400 content type when the CMS object is covered by an outer MIME
wrapper.
However, a more generic option is to use an OID (say "id-mime") for
the X.400 content type that represents MIME.
Using this content type I could still carry my MIME wrapped CMS object,
but I could also carry other arbitray MIME objects. For example, I
could carry multipart/signed with this method.
In fact, thinking about it a little more, does the draft as it stands
actually allow me to do this? If I use id-data as the content-type,
MUST the content be a MIME wrapped CMS object? Could it just be arbitrary
MIME?
This would certainly be a useful feature.
Graeme
Received: by ns.secondary.com (8.9.3/8.9.3) id DAA11474 for ietf-smime-bks; Tue, 14 Nov 2000 03:37:35 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA11470 for <ietf-smime@imc.org>; Tue, 14 Nov 2000 03:37:33 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA09951; Tue, 14 Nov 2000 06:44:58 -0500 (EST)
Message-Id: <200011141144.GAA09951@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-idea-08.txt
Date: Tue, 14 Nov 2000 06:44:58 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Use of the IDEA Encryption Algorithm in CMS
Author(s) : S. Teiwes, P. Hartmann, D. Kuenzi
Filename : draft-ietf-smime-idea-08.txt
Pages : 6
Date : 13-Nov-00
This memo specifies how to incorporate IDEA (International Data
Encryption Algorithm) [IDEA] into S/MIME [SMIME2, SMIME3] as
an additional strong algorithm for symmetric encryption. For
organizations who make use of IDEA for data security purposes
it is of high interest that IDEA is also available in S/MIME.
The intention of this memo is to provide the OIDs and algorithms
required that IDEA can be included in S/MIME for symmetric content
and key encryption.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-idea-08.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-idea-08.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-idea-08.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001113134829.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-idea-08.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-idea-08.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001113134829.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id DAA09641 for ietf-smime-bks; Tue, 14 Nov 2000 03:12:13 -0800 (PST)
Received: from post.ffi.no (post.ffi.no [193.156.99.133]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA09626; Tue, 14 Nov 2000 03:12:03 -0800 (PST)
Received: by post.ffi.no with Internet Mail Service (5.5.2650.21) id <40130J4A>; Tue, 14 Nov 2000 12:19:15 +0100
Message-ID: <4B11D7CAB78AD2119BC100A0C9EA88EC445764@post.ffi.no>
From: Anders Eggen <Anders.Eggen@ffi.no>
To: "'Graeme Lunt'" <g.lunt@nexor.co.uk>, ietf-smime@imc.org
Cc: "'BonattiC@ieca.com'" <BonattiC@ieca.com>, "'phoffman@imc.org'" <phoffman@imc.org>
Subject: SV: I-D ACTION:draft-ietf-smime-x400wrap-00.txt
Date: Tue, 14 Nov 2000 12:19:06 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C04E2C.B8FAF65A"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C04E2C.B8FAF65A
Content-Type: text/plain;
charset="iso-8859-1"
Graeme,
>Here are some comments on the following draft:
> Title : Securing X.400 Content with S/MIME
>They relate to section 3.2.
>
>The use of the terms "signedData Element", "signedData object" and
>"signedData structure" seems a little confusing. As I read it:
>
>"signedData element" is the encapContentInfo(EncapsulatedContentInfo)
>field within "SignedData"
>
>"signedData structure" is the complete SignedData SEQUENCE
>
>and
>
>"signedData object" is the the ContentInfo SEQUENCE, with a
>contentType of id-signedData, containing the SignedData SEQUENCE
>
>If this is indeed correct, then the last sentence of para 2. should
>be made the first sentence of para 1. This would more closely follow
>the line of processing, and indicate the use of only one optional
>MIME encoding, the transport.
>Which raises .............
A similar set of comments apply to section 3.3
Graeme
I understand that this may seem a little confusing. To make this clearer
throughout the chapter, I propose that we do the following (underlined)
changes:
* The first paragraph of section 3.2 should be:
"The SignedData format as described in the ......"
* The second paragraph of section 3.2 should be:
"The protected X.400 content MUST then be placed in the SignedData
encapContentInfo eContent field. Note that this X.400 content SHOULD be
ASN.1 encoded, but SHOULD NOT be MIME wrapped. The object identifier for the
content type of the protected X.400 content MUST be placed in the SignedData
encapContentInfo eContentType field. The resulting signedData object MAY
optionally be wrapped in a MIME encoding."
* The third paragraph of section 3.2 should be:
"The signedData object is encapsulated by a ........"
* The step 2 in section 3.2.1. shoul be:
"Step 2. The ASN.1 encoded X.400 content and other required data is
processed into a CMS object of type SignedData."
* The second paragraph of section 3.3 should be:
"The EnvelopedData format as described in the............."
* The third paragraph of section 3.3 should be:
"The protected X.400 content MUST be placed in the EnvelopedData
encryptedContentInfo encryptedContent field. Note that this X.400 content
should be ASN.1 encoded, but should not be MIME wrapped. The object
identifier for content type of the protected X.400 content MUST be placed in
the EnvelopedData encryptedContentInfo contentType field. The resulting
envelopedData object MAY optionally be wrapped in a MIME encoding.
* The fouth paragraph of section 3.3 should be:
"The envelopedData object is encapsulated by ......."
* The first sentence of step 2 in section 3.3.1 shoul be:
"The ASN.1 encoded X.400 content and other required data is
processed into a CMS object of type EnvelopedData.
* The steps of the tripple wrapping in section 3.4.1 should be written
as; step 1, step 2 ..., and not just marked with numbers.
* The first sentence of step 2 in section 3.4.1 shoul be:
"Step 2. Place the protected ASN.1 encoded X.400 content in the
SignedData encapContentInfo eContent field.
Anders Eggen
> -----Opprinnelig melding-----
> Fra: Graeme Lunt [SMTP:g.lunt@nexor.co.uk]
> Sendt: Friday, November 10, 2000 9:31 AM
> Til: ietf-smime@imc.org
> Kopi: 'j.onions@nexor.co.uk'
> Emne: RE: I-D ACTION:draft-ietf-smime-x400wrap-00.txt
>
> Hi,
>
> Here are some comments on the following draft:
> > Title : Securing X.400 Content with S/MIME
>
> They relate to section 3.2.
>
> The use of the terms "signedData Element", "signedData object" and
> "signedData structure" seems a little confusing. As I read it:
>
> "signedData element" is the encapContentInfo(EncapsulatedContentInfo)
> field within "SignedData"
>
> "signedData structure" is the complete SignedData SEQUENCE
>
> and
>
> "signedData object" is the the ContentInfo SEQUENCE, with a
> contentType of id-signedData, containing the SignedData SEQUENCE
>
> If this is indeed correct, then the last sentence of para 2. should
> be made the first sentence of para 1. This would more closely follow
> the line of processing, and indicate the use of only one optional
> MIME encoding, the transport.
>
> Which raises another other point. In para 2, it states that:
> "X.400 content SHOULD be ASN.1 encoded" (and consequently MUST NOT be
> MIME wrapped). Surely this should be "MUST be ASN.1 encoded",
> especially given that the "content type of the protected X.400 content
> MUST be placed in the eContentType field". (The use of "SHOULD" is
> also somewhat at variance with step 1 in 3.4.1 which mandates ASN.1
> encoding for triple-wrapped messages).
>
> For example, if I find an eContentType of "2.6.1.10.1" (P22), I would
> expect the content to be ASN.1 encoded.
> Is there a reason why you would want to allow a different encoding of
> the X.400 content prior to protection, or is this just a typo?
>
> (In para 2, 3rd sentence you should add a "the", so as to read:
> "The object identifier for the content type ...")
>
> A similar set of comments apply to section 3.3
>
> Graeme
------_=_NextPart_001_01C04E2C.B8FAF65A
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2650.12">
<TITLE>SV: I-D ACTION:draft-ietf-smime-x400wrap-00.txt</TITLE>
</HEAD>
<BODY>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">Graeme,</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">Here are some comments on the following draft:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> =
Title : Securing =
X.400 Content with S/MIME</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">They relate to section 3.2.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">The use of the terms "signedData Element", =
"signedData object" and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">"signedData structure" seems a little =
confusing. As I read it:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">"signedData element" is the =
encapContentInfo(EncapsulatedContentInfo) </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">field within "SignedData"</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">"signedData structure" is the complete =
SignedData SEQUENCE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">and</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">"signedData object" is the the ContentInfo =
SEQUENCE, with a</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">contentType of id-signedData, containing the SignedData =
SEQUENCE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">If this is indeed correct, then the last sentence of =
para 2. should </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">be made the first sentence of para 1. This would more =
closely follow</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">the line of processing, and indicate the use of only one =
optional </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">MIME encoding, the transport.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">></FONT><FONT SIZE=3D2 =
FACE=3D"Arial">Which raises</FONT> <FONT SIZE=3D2 =
FACE=3D"Arial">.............</FONT>
</P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">A similar set of comments apply to =
section 3.3</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Graeme</FONT>
</P>
<BR>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">I understand that =
this may seem a little confusing. To make this clearer throughout the =
chapter, I propose that we do the following (underlined) =
changes:</FONT></P>
<BR>
<UL><LI><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The first =
paragraph of section 3.2 should be:</FONT></LI>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">"The<U> =
S</U>ignedData format as described in the ......"</FONT>
</P>
<LI><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The second =
paragraph of section 3.2 should be:</FONT></LI>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">"The protected =
X.400 content MUST then be placed in the</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">SignedData e</FONT><FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">ncapContentInfo</FONT><FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> eContent =
field</FONT></U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">. Note =
that this X.400 content SHOULD be ASN.1 encoded, but SHOULD NOT be MIME =
wrapped. The object identifier for the content type of the protected =
X.400 content MUST be placed in the</FONT><U> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">SignedData e</FONT><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">ncapContentInfo</FONT><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial"> eContentType field</FONT></U><FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">. The resulting =
signedData</FONT><U> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">object</FONT></U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial"> MAY optionally be wrapped in a MIME =
encoding."</FONT></P>
<LI><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The third paragraph =
of section 3.2 should be:</FONT></LI>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">"The =
signedData</FONT><U> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">object</FONT></U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial"> is encapsulated by a ........"</FONT>
</P>
<LI><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The step 2 in =
section 3.2.1. shoul be:</FONT></LI>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">"Step 2. The =
ASN.1 encoded X.400 content and other required data is</FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">processed into a =
CMS object of type</FONT><U> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">S</FONT></U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">ignedData."</FONT>
</P>
<LI><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The second =
paragraph of section 3.3 should be:</FONT></LI>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">"The</FONT><U> =
<FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">E</FONT></U><FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">nvelopedData format as =
described in the............." </FONT>
</P>
<LI><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The third paragraph =
of section 3.3 should be:</FONT></LI>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">"The protected =
X.400 content MUST be placed in the</FONT><U> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">EnvelopedData encryptedContentInfo =
encryptedContent field</FONT></U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">. Note that this X.400 content should be ASN.1 encoded, =
but should not be MIME wrapped. The object identifier for content type =
of the protected X.400 content MUST be placed in the</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">EnvelopedData =
encryptedContentInfo contentType field</FONT></U><FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">. The resulting envelopedData =
object MAY optionally be wrapped in a MIME encoding.</FONT></P>
<LI><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The fouth paragraph =
of section 3.3 should be:</FONT></LI>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">"The =
envelopedData</FONT><U> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">object</FONT></U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial"> is encapsulated by ......."</FONT>
</P>
<LI><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The first sentence =
of step 2 in section 3.3.1 shoul be:</FONT></LI>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">"The ASN.1 =
encoded X.400 content and other required data is processed into a CMS =
object of type</FONT><U> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">E</FONT></U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">nvelopedData.</FONT>
</P>
<LI><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The steps of the =
tripple wrapping in section 3.4.1 should be written as; step 1, step 2 =
..., and not just marked with numbers.</FONT></LI>
<BR>
<LI><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The first sentence =
of step 2 in section 3.4.1 shoul be:</FONT></LI>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">"</FONT><U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">Step 2.</FONT></U> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">Place the protected ASN.1 encoded X.400 content in =
the</FONT><U> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">SignedData e</FONT><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">ncapContentInfo</FONT><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial"> eContent field</FONT></U><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">.</FONT>
</P>
<BR>
<BR>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">Anders Eggen</FONT>
</P>
<BR>
<BR>
<BR>
<BR>
<UL>
<P><FONT SIZE=3D1 FACE=3D"Arial">-----Opprinnelig melding-----</FONT>
<BR><B><FONT SIZE=3D1 FACE=3D"Arial">Fra: </FONT></B> =
<FONT SIZE=3D1 FACE=3D"Arial">Graeme Lunt =
[SMTP:g.lunt@nexor.co.uk]</FONT>
<BR><B><FONT SIZE=3D1 FACE=3D"Arial">Sendt: </FONT></B> <FONT =
SIZE=3D1 FACE=3D"Arial">Friday, November 10, 2000 9:31 AM</FONT>
<BR><B><FONT SIZE=3D1 FACE=3D"Arial">Til: </FONT></B> =
<FONT SIZE=3D1 FACE=3D"Arial">ietf-smime@imc.org</FONT>
<BR><B><FONT SIZE=3D1 FACE=3D"Arial">Kopi: </FONT></B> <FONT =
SIZE=3D1 FACE=3D"Arial">'j.onions@nexor.co.uk'</FONT>
<BR><B><FONT SIZE=3D1 FACE=3D"Arial">Emne: </FONT></B> <FONT =
SIZE=3D1 FACE=3D"Arial">RE: I-D =
ACTION:draft-ietf-smime-x400wrap-00.txt</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Hi,</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Here are some comments on the =
following draft:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> =
Title : Securing =
X.400 Content with S/MIME</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">They relate to section 3.2.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">The use of the terms "signedData =
Element", "signedData object" and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">"signedData structure" =
seems a little confusing. As I read it:</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">"signedData element" is the =
encapContentInfo(EncapsulatedContentInfo) </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">field within =
"SignedData"</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">"signedData structure" is =
the complete SignedData SEQUENCE</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">and</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">"signedData object" is the =
the ContentInfo SEQUENCE, with a</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">contentType of id-signedData, =
containing the SignedData SEQUENCE</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">If this is indeed correct, then the =
last sentence of para 2. should </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">be made the first sentence of para 1. =
This would more closely follow</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">the line of processing, and indicate =
the use of only one optional </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">MIME encoding, the transport.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Which raises another other point. In =
para 2, it states that:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">"X.400 content SHOULD be ASN.1 =
encoded" (and consequently MUST NOT be</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">MIME wrapped). Surely this should be =
"MUST be ASN.1 encoded", </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">especially given that the =
"content type of the protected X.400 content</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">MUST be placed in the eContentType =
field". (The use of "SHOULD" is </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">also somewhat at variance with step 1 =
in 3.4.1 which mandates ASN.1</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">encoding for triple-wrapped =
messages).</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">For example, if I find an eContentType =
of "2.6.1.10.1" (P22), I would</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">expect the content to be ASN.1 =
encoded.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Is there a reason why you would want =
to allow a different encoding of</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">the X.400 content prior to =
protection, or is this just a typo?</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">(In para 2, 3rd sentence you should =
add a "the", so as to read:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">"The object identifier for the =
content type ...")</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">A similar set of comments apply to =
section 3.3</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Graeme</FONT>
</P>
</UL>
</BODY>
</HTML>
------_=_NextPart_001_01C04E2C.B8FAF65A--
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id XAA10361 for ietf-smime-bks; Mon, 13 Nov 2000 23:23:28 -0800 (PST)
Received: from alpha.it-sec.com (alpha.it-sec.com [195.141.254.202] (may be forged)) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id XAA10341 for <ietf-smime@imc.org>; Mon, 13 Nov 2000 23:23:24 -0800 (PST)
Received: from svzh0004.itsec.ch (localhost [127.0.0.1]) by alpha.it-sec.com (8.9.3/8.9.3) with ESMTP id IAA14143; Tue, 14 Nov 2000 08:28:20 +0100 (MET)
Received: by SVZH0004 with Internet Mail Service (5.5.2448.0) id <WSGC4BX6>; Tue, 14 Nov 2000 08:29:20 +0100
Message-ID: <F5545CEFBE7CD31190C90004AC4C1B6438966D@SVZH0004>
From: "Teiwes, Stephan (iT_SEC)" <stephan.teiwes@it-sec.com>
To: "'Russ Housley'" <housley@spyrus.com>, ietf-smime@imc.org
Subject: RE: draft-ietf-smime-idea-08.txt
Date: Tue, 14 Nov 2000 08:29:18 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain; charset="windows-1252"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Hi
draft-ietf-smime-idea-08.txt has been modified considering the comments of
M. Masiutin, RIT Research Labs.
*Stephan Teiwes, iT_Security AG
-----Original Message-----
From: Russ Housley [mailto:housley@spyrus.com]
Sent: Montag, 13. November 2000 19:50
To: ietf-smime@imc.org
Subject: draft-ietf-smime-idea-08.txt
All:
I believe that this takes care of all of the issues raised during working
group Last Call. Did I miss anything?
Russ
>From: "Teiwes, Stephan (iT_SEC)" <stephan.teiwes@it-sec.com>
>To: "'Maxim Masiutin'" <max@ritlabs.com>,
> "Teiwes, Stephan (iT_SEC)"
> <stephan.teiwes@it-sec.com>,
> "Hartmann, Peter (iT_SEC)"
> <peter.hartmann@it-sec.com>,
> diego.kuenzi@it-sec.com, ietf-pkix@imc.org
>Subject: RE: Use of the IDEA Encryption Algorithm in CMS
>Date: Mon, 23 Oct 2000 16:52:21 +0200
>X-Mailer: Internet Mail Service (5.5.2448.0)
>List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
>List-ID: <ietf-pkix.imc.org>
>List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
>
>Dear Mr. Masuitin,
>
>thanks a lot. We'll consider your comments and try to improve the draft
>accordingly.
>
>*Stephan Teiwes
>iT_Security AG
>www.it-sec.com
>
>-----Original Message-----
>From: Maxim Masiutin [mailto:max@ritlabs.com]
>Sent: Montag, 23. Oktober 2000 16:41
>To: stephan.teiwes@it-sec.com; peter.hartmann@it-sec.com;
>diego.kuenzi@it-sec.com; ietf-pkix@imc.org
>Subject: Use of the IDEA Encryption Algorithm in CMS
>
>
>Dear authors of "Use of the IDEA Encryption Algorithm in CMS" draft!
>
>
>I have a question about following paragraph in
>draft-ietf-smime-idea-07.txt:
>
>-----------
>If IV is specified as above, it MUST be used as initial vector. In
>this case, the ciphertext MUST NOT include the initial vector. If
>IV is not specified, the first 64 bits of the ciphertext MUST be
>considered as the initial vector. However, this alternative of not
>including the IV SHOULD NOT be applied in CMS or S/MIME.
>-----------
>
> The last sentence:
>
>"this alternative of not including the IV [into "iv OCTET STRING" of
>IDEA-CBCPar|into the first 64 bits of the ciphertext] SHOULD NOT be
>applied in CMS or S/MIME.
>
>
>Could you please expand this sentence by adding one of the short
>explanations that I've proposed?
>
>I do also have a question about the following paragraph:
>
>------------
>The SMIMECapability SEQUENCE representing the IDEA symmetric
>encryption algorithm MUST include the IDEA-CBC OID in the capabilityID
>field and the parameters field MUST be absent. The SMIMECapability
>SEQUENCE for IDEA encryption SHOULD be included in the symmetric
>encryption algorithms portion of the SMIMECapabilities list. The
>SMIMECapability SEQUENCE representing IDEA MUST be DER-encoded as
>follows: 300D 060B 2B06 0104 0181 3C07 0101 02.
>------------
>
> Why don't you give ASN.1 notation of SMIMECapability SEQUENCE
> representing IDEA as well as DER-encoded value? Please add ASN.1
> notation to the draft. Also, please clarify the byte order.
>
> And a test sample of CMS-message with IDEA will help me a lot!
>
> Thank you in advance.
>
>
>
>--
>Maxim Masiutin,
>Software Engineer
>RIT Research Labs http://www.ritlabs.com/
Received: by ns.secondary.com (8.9.3/8.9.3) id WAA02367 for ietf-smime-bks; Mon, 13 Nov 2000 22:27:03 -0800 (PST)
Received: from mail.izigi.co.kr (IDENT:root@[211.112.1.166]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id WAA02357 for <ietf-smime@mail.proper.com>; Mon, 13 Nov 2000 22:26:55 -0800 (PST)
Received: from vhfgerw (01-021.044.popsite.net [64.24.244.21]) by mail.izigi.co.kr (8.9.3/8.9.3) with ESMTP id WAA06558; Mon, 13 Nov 2000 22:11:54 +0900
Message-Id: <200011131311.WAA06558@mail.izigi.co.kr>
From: "Sam Kinser" <tbar9@operamail.com>
Subject: Big Win #3AAF
To: net39s@mail.izigi.co.kr
X-Mailer: Microsoft Outlook Express 4..72.1712.3
X-MimeOLE: Produced By Microsoft MimeOLE V(null).1712.3
Mime-Version: 1.0
Date: Mon, 13 Nov 2000 05:29:55 -0500
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id WAA02362
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
*Earn $2000 - $5000 weekly-starting within 1-4 weeks
*78% Profit Paid Daily
*No Selling
*No Risk Guarantee
*Work from home, No overhead, or employees.
*High Tech Training & Support
*Not MLM, 100x more profitable
*Multibillion Dollar Travel Industry
The most incredible part of our business
is that ALL MY CLIENTS CALL ME!
DO YOU QUALIFY FOR OUR MENTOR PROGRAM?
ACCEPTING ONLY 12 NEW ASSOCIATES
This is not a hobby! Serious Inquires Only!!
Please reply with the following information
NAME:
EMAIL ADDRESS:
PHONE: (Required)
BEST TIME TO CALL:
TO:
mailto:gm99t@cmpmail.com?subject=more_info
////////////////////////////////////////////////////
Please remove at:
mailto:bak29@mail1st.com?subject=remove
////////////////////////////////////////////////////
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id MAA20650 for ietf-smime-bks; Mon, 13 Nov 2000 12:48:33 -0800 (PST)
Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA20646 for <ietf-smime@imc.org>; Mon, 13 Nov 2000 12:48:32 -0800 (PST)
Received: from RHOUSLEY-PC.spyrus.com ([209.172.119.210]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id MAA20693 for <ietf-smime@imc.org>; Mon, 13 Nov 2000 12:55:20 -0800 (PST)
Message-Id: <4.3.2.7.2.20001113134837.01a45838@mail.spyrus.com>
X-Sender: rhousley@mail.spyrus.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Mon, 13 Nov 2000 13:50:19 -0500
To: ietf-smime@imc.org
From: Russ Housley <housley@spyrus.com>
Subject: draft-ietf-smime-idea-08.txt
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
All:
I believe that this takes care of all of the issues raised during working
group Last Call. Did I miss anything?
Russ
Received: by ns.secondary.com (8.9.3/8.9.3) id IAA04682 for ietf-smime-bks; Mon, 13 Nov 2000 08:15:35 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA04678 for <ietf-smime@imc.org>; Mon, 13 Nov 2000 08:15:33 -0800 (PST)
Received: from ieca.com (mva-aa-050.capu.net [207.226.159.50]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id LAA18786; Mon, 13 Nov 2000 11:22:50 -0500
Message-ID: <3A101556.9295D1ED@ieca.com>
Date: Mon, 13 Nov 2000 11:22:46 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Graeme Lunt <g.lunt@nexor.co.uk>
CC: ietf-smime@imc.org, "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk>
Subject: Re: I-D ACTION:draft-ietf-smime-x400wrap-00.txt
References: <3130909C0878D4118010006008517A7C78E8@swordfish.nexor.co.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Graeme Lunt wrote:
> Which raises another other point. In para 2, it states that:
> "X.400 content SHOULD be ASN.1 encoded" (and consequently MUST NOT be
> MIME wrapped). Surely this should be "MUST be ASN.1 encoded",
> especially given that the "content type of the protected X.400 content
> MUST be placed in the eContentType field". (The use of "SHOULD" is
> also somewhat at variance with step 1 in 3.4.1 which mandates ASN.1
> encoding for triple-wrapped messages).
>
> For example, if I find an eContentType of "2.6.1.10.1" (P22), I would
> expect the content to be ASN.1 encoded.
> Is there a reason why you would want to allow a different encoding of
> the X.400 content prior to protection, or is this just a typo?
>
Graeme,
I'm going to have to check up on your other comments, but this one has
an immediate answer. The reason that the ASN.1 encoding is a SHOULD and
not a MUST is that X.400 allows non-ASN.1 content. Obviously P22 is not
in this category, but we did not want to unnecessarily exclude the
applicability of the specification. Neither the 'eContent' nor
'encryptedContent' fields in CMS should have any trouble with this. They
are both defined as OCTET STRING, and should be able to handle any data
regardless of encoding.
The chief reasons that we mandated an encoding here in RFC 2633 were
(a) backward compatibility, and (b) MIME processors rely on this wrapper
to tell it what the content is. Neither of these reasons seemed to apply
with X.400 content.
Chris
Received: by ns.secondary.com (8.9.3/8.9.3) id IAA04361 for ietf-smime-bks; Mon, 13 Nov 2000 08:05:50 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA04357 for <ietf-smime@imc.org>; Mon, 13 Nov 2000 08:05:48 -0800 (PST)
Received: from ieca.com (mva-aa-034.capu.net [207.226.159.34]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id LAA17894; Mon, 13 Nov 2000 11:12:55 -0500
Message-ID: <3A101303.9EEB20FD@ieca.com>
Date: Mon, 13 Nov 2000 11:12:51 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Russ Housley <housley@spyrus.com>
CC: Graeme Lunt <g.lunt@nexor.co.uk>, ietf-smime@imc.org, "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk>
Subject: Re: I-D ACTION:draft-ietf-smime-x400transport-00.txt
References: <4.3.2.7.2.20001110161730.01a45590@mail.spyrus.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Russ,
That was certainly my thinking as we assembled this. Plus, there is the
added issue that I don't think there is an OID defined for MIME in the
Internet mail standards (old or new). It seems that 'id-data' is all there
is.
Chris
____________________
Russ Housley wrote:
> Graeme:
>
> The CMS contentInfo uses id-data when the content is expected to be
> MIME. This choice is for historical reasons (S/MIME v2 did it that way).
>
> I think that the authors are trying to avoid a layer of MIME
> encapsulation. Did I miss something?
>
> Russ
>
> At 08:49 AM 11/10/2000 +0000, Graeme Lunt wrote:
> >Hi,
> >
> >Here are some comments on the following draft:
> > > Title : Transporting S/MIME Objects in X.400
> >
> >The comments relate to section 2.2, and in particular to the
> >OID for CMS objects than are MIME encoded.
> >
> >The proposal is to use a CMS-defined OID to indicate an
> >S/MIME content type. However, would it not be better to use
> >an OID that indicate MIME (rather than S/MIME)?
> >
> >The actual MIME type (and additional parameters) will be contained
> >within the MIME headers, so that it is not essential to carry the
> >actual type in the P1 envelope. There is very little an X.400 MTA
> >would be able to deduce from the P1 content type alone, without
> >examining the MIME headers.
> >
> >However, with the more generic approach I can carry arbitrary MIME
> >types, including multipart/signed. Obviously, a more generic approach
> >is not necessarily within the scope of the S/MIME group.
> >
> >Comments?
> >
> >Graeme
Received: by ns.secondary.com (8.9.3/8.9.3) id FAA21504 for ietf-smime-bks; Mon, 13 Nov 2000 05:54:36 -0800 (PST)
Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA21500 for <ietf-smime@imc.org>; Mon, 13 Nov 2000 05:54:35 -0800 (PST)
Received: from RHOUSLEY-PC.spyrus.com ([209.172.119.210]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id GAA13668; Mon, 13 Nov 2000 06:01:15 -0800 (PST)
Message-Id: <4.3.2.7.2.20001110161730.01a45590@mail.spyrus.com>
X-Sender: rhousley@mail.spyrus.com (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Fri, 10 Nov 2000 16:20:03 -0500
To: Graeme Lunt <g.lunt@nexor.co.uk>
From: Russ Housley <housley@spyrus.com>
Subject: RE: I-D ACTION:draft-ietf-smime-x400transport-00.txt
Cc: ietf-smime@imc.org, "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk>
In-Reply-To: <3130909C0878D4118010006008517A7C78E9@swordfish.nexor.co.uk >
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Graeme:
The CMS contentInfo uses id-data when the content is expected to be
MIME. This choice is for historical reasons (S/MIME v2 did it that way).
I think that the authors are trying to avoid a layer of MIME
encapsulation. Did I miss something?
Russ
At 08:49 AM 11/10/2000 +0000, Graeme Lunt wrote:
>Hi,
>
>Here are some comments on the following draft:
> > Title : Transporting S/MIME Objects in X.400
>
>The comments relate to section 2.2, and in particular to the
>OID for CMS objects than are MIME encoded.
>
>The proposal is to use a CMS-defined OID to indicate an
>S/MIME content type. However, would it not be better to use
>an OID that indicate MIME (rather than S/MIME)?
>
>The actual MIME type (and additional parameters) will be contained
>within the MIME headers, so that it is not essential to carry the
>actual type in the P1 envelope. There is very little an X.400 MTA
>would be able to deduce from the P1 content type alone, without
>examining the MIME headers.
>
>However, with the more generic approach I can carry arbitrary MIME
>types, including multipart/signed. Obviously, a more generic approach
>is not necessarily within the scope of the S/MIME group.
>
>Comments?
>
>Graeme
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id VAA14177 for ietf-smime-bks; Fri, 10 Nov 2000 21:51:24 -0800 (PST)
Received: from fw2-11.banamex.com.mx (firewall-user@na-40-173.na.avantel.net.mx [148.245.40.173] (may be forged)) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id VAA14173 for <ietf-smime@mail.proper.com>; Fri, 10 Nov 2000 21:51:17 -0800 (PST)
Received: by fw2-11.banamex.com.mx; id AAA03280; Sat, 11 Nov 2000 00:57:51 -0500 (EST)
Message-Id: <200011110557.AAA03280@fw2-11.banamex.com.mx>
Received: from nodnsquery(209.206.4.171) by fw2-11.banamex.com.mx via smap (V5.5) id xma003276; Fri, 10 Nov 00 23:57:32 -0600
From: "Barry Owen" <hytp@ragingbull.com>
Subject: You Can get Out #5874
To: debt84d@ragingbull.com
X-Mailer: Microsoft Outlook Express 4.72.1712.3
X-MimeOLE: Produced By Microsoft MimeOLE VÐßD.1712.3
Mime-Version: 1.0
Date: Fri, 10 Nov 2000 23:39:50 -0500
Content-Type: multipart/mixed; boundary="----=_NextPart_000_007F_01BDF6C7.FABAC1B0"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
This is a MIME Message
------=_NextPart_000_007F_01BDF6C7.FABAC1B0
Content-Type: multipart/alternative; boundary="----=_NextPart_001_0080_01BDF6C7.FABAC1B0"
------=_NextPart_001_0080_01BDF6C7.FABAC1B0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
***** This is an HTML Message ! *****
------=_NextPart_001_0080_01BDF6C7.FABAC1B0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<body background=3D"images/bkg2=2Ejpg" leftmargin=3D"95">
<div align=3D"center">
<center>
<table border=3D"0" width=3D"98%">
<tr>
<td width=3D"100%">
<p align=3D"center"></td>
</tr>
<tr>
<td width=3D"100%">
<div align=3D"center">
<table border=3D"0" width=3D"98%">
<tr>
<td width=3D"17%"></td>
<td width=3D"76%">
<p align=3D"center"><b><i><font color=3D"#FF0000" size=3D"=
5">"Reducing
America's Debt!"</font></i></b>
</p>
</td>
<td width=3D"18%"></td>
</tr>
</table>
</div>
<p align=3D"center">
</center>
<div align=3D"center">
<table border=3D"0" width=3D"100%">
<tr>
<td width=3D"100%" colspan=3D"4" bgcolor=3D"#FFFFE8">
<p align=3D"center"><b><font size=3D"4" color=3D"#000080">=
Ask Yourself
These 4 Questions=2E=2E=2E</font></b></td>
</tr>
<center>
<tr>
<td width=3D"5%"></td>
<td width=3D"45%" valign=3D"middle">Are monthly credit card =
payments eating you alive? </td>
<td width=3D"6%"></td>
<td width=3D"44%" valign=3D"top">Would you like to pay off y=
our credit card & other
unsecured debts in 12 -30 months?</td>
</tr>
<tr>
<td width=3D"100%" colspan=3D"4">
<hr width=3D"50%" noshade color=3D"#808080">
</td>
</tr>
<tr>
<td width=3D"5%"></td>
<td width=3D"45%" valign=3D"top">Would you prefer to pay onl=
y 2% of your unsecured debt per month?<br><i><font size=3D"1">(example: $10=
,000 debt
=3D $200 monthly payment)</font></i></td>
<td width=3D"6%"></td>
<td width=3D"44%" valign=3D"top">Would you like to save 40-5=
0% of your total debt
at the same time? </td>
</tr>
<tr>
<td width=3D"100%" colspan=3D"4" bgcolor=3D"#FFFFE8">
<p align=3D"center"><b><font color=3D"#000080" size=3D"4">=
If You Answered
</font><i><font size=3D"4" color=3D"#FF0000">YES</font></i=
><font color=3D"#000080" size=3D"4"> to any of these questions<br>Then This=
Program is for You=2E=2E=2E </font></b></td>
</tr>
</table>
</div>
</center><p align=3D"center">We can=2E=2E=2Ereduce your debt up to=
50%, cut your
monthly payments by as much as 50%, totally eliminate your debt wi=
thin
12 - 30 months, and direct you to a brighter more prosperous finan=
cial
future!<br><a href=3D"#form">For your free consultation click here=
!</a>
</p>
<p align=3D"left"><font face=3D"Arial, Helvetica, sans-serif" size=
=3D"2">Our
goal is to negotiate with your creditors for the purpose of settli=
ng the
entire account balance at an amount significantly less than what i=
s
owed=2E Settlements are paid with moneys accumulated in your FDIC
Insured Bank Account=2E You commit to a single monthly payment int=
o
the Program=2E As cash accumulates in the Your Account, settlement=
offers are submitted to Creditors=2E Settlement agreements are ach=
ieved as
Creditors respond with counter offers, and then finalized by Your
approval=2E<br>
<br>
Settlements are often made in "bulk" (using financial le=
verage
and using pooled funds) securing discounts well beyond the capabil=
ities
of individual Consumers and most law firms=2E <b>Preferred Financi=
al
Services</b> successfully negotiates with Creditors nationwide=2E<=
br>
<br>
You will receive monthly statements detailing your Account status =
and
negotiation activity pertaining to each debt=2E A truly unique asp=
ect of
our Program is that the You remain in control=2E You determine you=
r own Monthly Payment Commitment;
You determine the
approximate amount of time it will take to complete the Program; Y=
ou
control how much money is withdrawn from the Your Bank Account; an=
d You ultimately
determine whether or not to accept a settlement=2E Our Debt Negoti=
ation
Program was truly developed with You in mind=2E</font>
</p>
<p align=3D"left"><b><font face=3D"Arial, Helvetica, sans-serif" c=
olor=3D"#000080" size=3D"3">The
Debt Negotiation Concept: </font></b><font face=3D"Arial, Hel=
vetica, sans-serif" size=3D"2"><br>
<br>
The original concept of lowering or eliminating debt by negotiatio=
n has
been well established in the business to business arena for a numb=
er of
years prior to its adaptation to the general consumer market by a =
group
of Financial Planning Consultants=2E These consultants desired to =
provide
service for consumers unable to begin an investment plan due to hi=
gh
debt=2E Realizing consumers could be helped through debt mediation=
, these
Consultants began an investigation of consumer credit and debt
specialists to whom they could refer Clients=2E The investigation =
revealed
many "not for profit" Credit Counseling Agencies claimin=
g to
represent the consumer while in reality these agencies were set up=
to
provide greater benefit to creditors=2E As a result of the investi=
gation,
these consultants <b>(Preferred Financial Services)</b> launched o=
ne of the most
progressive programs of its kind=2E Until 1999, the program =
was
offered exclusively through professional Financial Planners and so=
ld
most often as part of an extensive financial planning package=2E O=
ur Debt
Negotiation Program is now offered directly to the general public,=
helping
countless individuals become debt free=2E</font></p>
<div align=3D"center">
<center>
<table border=3D"0" width=3D"95%">
<tr>
<td width=3D"100%" bgcolor=3D"#FFFFE8">
<p align=3D"center"><b><font size=3D"2" color=3D"#FF0000">=
<a name=3D"form">Please</a> take just 2 minutes to complete our free
information request form=2E<br></font></b><i><font size=3D=
"1">You must be 18 to qualify and you must
be a resident of the United States=2E<br>All information i=
s held strictly confidential and will not be
sold to any outside company=2E</font></i></p>
</td>
</tr>
</table>
</center>
</div>
<center>
</center>
<form name=3D"form"
method=3D"post"
action=3D"mailto:asxp@gtemail=2Enet?SUBJECT=3DDebt Lead"
enctype=3D"text/plain"
onSubmit=3D"return validate_form()"></caption>
<input name=3D"subject" type=3D"hidden" value=3D"_INSERT IDENTIFICATION_ ~=
debt reduction(PFS)">
<input type=3Dhidden name=3D"required" value=3D"Fullname,Address,City,Stat=
e,Zipcode,Day_Phone,Eve_Phone,BestTimetoCall,E-Mail">
<div align=3D"center">
<center>
<table border=3D"0" width=3D"98%">
<tr>
<td width=3D"102%"><b><font face=3D"Arial, Helvetica, sans-ser=
if" size=3D"2" color=3D"#000080">How
many times have you been more than
30 days late in paying your credit cards in
the past 12 months?</font></b></td>
<td width=3D"4%"><select size=3D"1" name=3D"dayslate_cc">
<option selected>1 to 3 times</option>
<option>4 to 6 times</option>
<option>6 + times</option>
<option>Never</option>
</select></td>
</tr>
<tr>
<td width=3D"102%"><b><font face=3D"Arial, Helvetica, sans-ser=
if" size=3D"2" color=3D"#000080">Have
you been late on your mortgage
payments in the last 12 months?</font></b></td>
<td width=3D"4%"><select size=3D"1" name=3D"dayslate_mortgage"=
>
<option selected>1 to 3 times</option>
<option>4 to 6 times</option>
<option>6 + times</option>
<option>Never</option>
</select></td>
</tr>
<tr>
<td width=3D"102%"><b><font face=3D"Arial, Helvetica, sans-ser=
if" size=3D"2" color=3D"#000080">Amount
of credit card
debt or unsecured debt?</font></b></td>
<td width=3D"4%"><select size=3D"1" name=3D"debt_amt">
<option selected>$10 to $20,000</option>
<option>$20 to $30,000</option>
<option>$30 to $50,000</option>
<option>$50,000 +</option>
</select></td>
</tr>
<tr>
<td width=3D"102%"><b><font face=3D"Arial, Helvetica, sans-ser=
if" size=3D"2" color=3D"#000080">Household
Income?</font></b></td>
<td width=3D"4%"><select size=3D"1" name=3D"income">
<option selected>Under $25,000</option>
<option>$25 to $50,000</option>
<option>$50 to $75,000</option>
<option>$75,000 +</option>
</select></td>
</tr>
<tr>
<td width=3D"102%" valign=3D"top"><b><font face=3D"Arial, Helv=
etica, sans-serif" size=3D"2" color=3D"#000080">I
would like help with the following types of unsecured de=
bt:</font><font color=3D"#0000cc" face=3D"Arial, Helvetica, sans-serif" siz=
e=3D"2">
</font></b><i><font face=3D"Arial, Helvetica, sans-serif" si=
ze=3D"1">
(Note: We don't handle secured debt such as mortgages, e=
quity
loans, student loans or auto loans unless repossessed)</=
font></i></td>
<td width=3D"52%" valign=3D"top">
<div align=3D"left">
<table border=3D"0" width=3D"98%">
<tr>
<td width=3D"8%" align=3D"center"><input name=3D"Help =
with the following types of debt" type=3D"checkbox" value=3D"Credit Cards">=
</td>
<td width=3D"92%">Credit Cards</td>
</tr>
<tr>
<td width=3D"8%" align=3D"center">
<input name=3D"Help with the following types of debt2" t=
ype=3D"checkbox" value=3D"Medical Bills"></td>
<td width=3D"92%">
Medical Bills</td>
</tr>
<tr>
<td width=3D"8%" align=3D"center"><input name=3D"Help =
with the following types of debt3" type=3D"checkbox" value=3D"Dept=2E Store=
Cards"></td>
<td width=3D"92%">
Dept=2E Store Cards</td>
</tr>
<tr>
<td width=3D"8%" align=3D"center"><input name=3D"Help =
with the following types of debt4" type=3D"checkbox" value=3D"Personal Line=
s of Credit"></td>
<td width=3D"92%">
Personal Lines of Credit</td>
</tr>
<tr>
<td width=3D"8%" align=3D"center"><input name=3D"Help =
with the following types of debt5" type=3D"checkbox" value=3D"Personal Loan=
s"></td>
<td width=3D"92%">
Personal Loans</td>
</tr>
<tr>
<td width=3D"8%" align=3D"center"><input name=3D"Help =
with the following types of debt6" type=3D"checkbox" value=3D"Collection Ac=
counts">
</td>
<td width=3D"92%">
Collection Accounts</td>
</tr>
</table>
</div>
</td>
</tr>
<tr>
<td width=3D"102%"> </td>
<td width=3D"4%"> </td>
</tr>
<tr>
<td width=3D"102%"><font color=3D"#000080">Full Name:</font></=
td>
<td width=3D"4%"><input maxLength=3D"255" name=3D"Fullname" on=
blur=3D"MM_validateForm('document=2Eforms[0]=2EFullname','document=2Eforms[=
0]=2EFullname','R');return document=2EMM_returnValue" size=3D"30"></td>
</tr>
<tr>
<td width=3D"102%"><font color=3D"#000080">Address:</font></td=
>
<td width=3D"4%"><input maxLength=3D"255" name=3D"Address" onb=
lur=3D"MM_validateForm('document=2Eforms[0]=2EAddress','document=2Eforms[0]=
=2EAddress','R');return document=2EMM_returnValue" size=3D"30"></td>
</tr>
<tr>
<td width=3D"102%"><font color=3D"#000080">City:</font></td>
<td width=3D"4%"><input maxLength=3D"255" name=3D"City" onblur=
=3D"MM_validateForm('document=2Eforms[0]=2ECity','document=2Eforms[0]=2ECit=
y','R');return document=2EMM_returnValue" size=3D"30"></td>
</tr>
<tr>
<td width=3D"102%"><font color=3D"#000080">State:</font></td>
<td width=3D"4%"><input maxLength=3D"255" name=3D"State" onblu=
r=3D"MM_validateForm('document=2Eforms[0]=2EState','document=2Eforms[0]=2ES=
tate','R');return document=2EMM_returnValue" size=3D"30"></td>
</tr>
<tr>
<td width=3D"102%"><font color=3D"#000080">Zip Code:</font></t=
d>
<td width=3D"4%"><input maxLength=3D"255" name=3D"Zipcode" onb=
lur=3D"MM_validateForm('document=2Eforms[0]=2EZipcode','document=2Eforms[0]=
=2EZipcode','RisNum');return document=2EMM_returnValue" size=3D"30"></td>
</tr>
<tr>
<td width=3D"102%"><font color=3D"#000080">Day Phone:</font></=
td>
<td width=3D"4%"><input maxLength=3D"255" name=3D"Day_Phone" o=
nblur=3D"MM_validateForm('document=2Eforms[0]=2EDay Time Phone','document=2E=
forms[0]=2EDay Time Phone','RisNum');return document=2EMM_returnValue" size=
=3D"30"></td>
</tr>
<tr>
<td width=3D"102%"><font color=3D"#000080">Evening Phone:</fon=
t></td>
<td width=3D"4%"><input maxLength=3D"255" name=3D"Eve_Phone" o=
nblur=3D"MM_validateForm('document=2Eforms[0]=2EEvening Phone','document=2E=
forms[0]=2EEvening Phone','RisNum');return document=2EMM_returnValue" size=3D=
"30"></td>
</tr>
<tr>
<td width=3D"102%"><font color=3D"#000080">Best Time To Call Y=
ou:</font></td>
<td width=3D"4%"><input maxLength=3D"255" name=3D"BestTimetoCa=
ll" onblur=3D"MM_validateForm('document=2Eforms[0]=2EBest Time to Contact Y=
ou','document=2Eforms[0]=2EBest Time to Contact You','R');return document=2E=
MM_returnValue" size=3D"30"></td>
</tr>
<tr>
<td width=3D"102%"><font color=3D"#000080">Email Address:</fon=
t></td>
<td width=3D"4%"><input maxLength=3D"255" name=3D"E-Mail" onbl=
ur=3D"MM_validateForm('document=2Eforms[0]=2EE-Mail','document=2Eforms[0]=2E=
E-Mail','RisEmail');return document=2EMM_returnValue" size=3D"30"></td>
</tr>
<tr>
<td width=3D"100%" colspan=3D"2" align=3D"center"><input name=3D=
"SUBMIT" type=3D"submit" value=3D"Submit Query"></form></td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</div>
<br><b><font color=3D"#66cc99"><font size=3D+1>List
Removal/OPT-OUT Option</font></font></b>
<br><b><font color=3D"#000000"><font size=3D-1><a
href=3D"mailto:hytp@doramail=2Ecom?subject=3Dremove">Click
Here</a></font></font></b></center>
</body>
</html>
------=_NextPart_001_0080_01BDF6C7.FABAC1B0--
------=_NextPart_000_007F_01BDF6C7.FABAC1B0--
Received: by ns.secondary.com (8.9.3/8.9.3) id LAA01363 for ietf-smime-bks; Fri, 10 Nov 2000 11:43:14 -0800 (PST)
Received: from [165.227.249.17] (ip17.proper.com [165.227.249.17]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA01345; Fri, 10 Nov 2000 11:43:07 -0800 (PST)
Mime-Version: 1.0
X-Sender: phoffman@mail.imc.org
Message-Id: <p05010458b63201970b4b@[165.227.249.17]>
In-Reply-To: <3A0C4D95.2C35F39C@ieca.com>
References: <NABBJNEAKNOGJBHIOCBHEEPCDJAA.w.ottaway@eris.dera.gov.uk> <3A0C4D95.2C35F39C@ieca.com>
Date: Fri, 10 Nov 2000 11:50:14 -0800
To: "Bonatti, Chris" <BonattiC@ieca.com>, William Ottaway <w.ottaway@eris.dera.gov.uk>
From: Paul Hoffman / IMC <phoffman@imc.org>
Subject: Re: I-D ACTION:draft-ietf-smime-x400wrap-00.txt
Cc: ietf-smime@imc.org, anders.eggen@ffi.no
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
At 2:33 PM -0500 11/10/00, Bonatti, Chris wrote:
>Comment 11 asks for more specific references in PKIX. I assumed that this
>referred to PKCS-10 and CRMF.
No, it refers to CMP and CMC. Aren't multiple protocols for doing the
same thing fun? :-)
> My feeling here is that we should be as
>non-specific as possible to avoid introducing any undesireably dependencies.
The wording does not include any dependencies at all. That was quite
purposeful in the S/MIME spec from which we copied this text.
--Paul Hoffman, Director
--Internet Mail Consortium
Received: by ns.secondary.com (8.9.3/8.9.3) id LAA00160 for ietf-smime-bks; Fri, 10 Nov 2000 11:26:44 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA00153; Fri, 10 Nov 2000 11:26:42 -0800 (PST)
Received: from ieca.com (mva-aa-077.capu.net [207.226.159.77]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id OAA19323; Fri, 10 Nov 2000 14:33:45 -0500
Message-ID: <3A0C4D95.2C35F39C@ieca.com>
Date: Fri, 10 Nov 2000 14:33:41 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: William Ottaway <w.ottaway@eris.dera.gov.uk>
CC: ietf-smime@imc.org, phoffman@imc.org, anders.eggen@ffi.no
Subject: Re: I-D ACTION:draft-ietf-smime-x400wrap-00.txt
References: <NABBJNEAKNOGJBHIOCBHEEPCDJAA.w.ottaway@eris.dera.gov.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
I concur on 1-8 and 10. Comment 9 seems gratuitous, but I don't object.
Comment 11 asks for more specific references in PKIX. I assumed that this
referred to PKCS-10 and CRMF. My feeling here is that we should be as
non-specific as possible to avoid introducing any undesireably dependencies. I
guess I'm not entirely comfortable with "at the time of this writing" either,
but I could live with it.
Chris B.
_____________________
William Ottaway wrote:
> Hi,
>
> Some observations :-
>
> 1) Replace "Expires in six months" with actual expiry date.
> 2) Section 1, first sentence: Insert "the" between "in" and "Cryptographic"
> 3) Section 1.1, para 2, second sentence. add "carrying X.400 content" before
> "," to read "In order to create S/MIME messages carrying X.400 content, an
> S/MIME ..."
> 4) Section 1.3, DER definition: replace "x" with "1" to read "8825-1"
> 5) Section 2.4, first sentence: Insert "the" between "of" and "ContentInfo".
> 6) Section 2.5, para 2, second sentence: replace "CMS/X400" with "CMS-X400"
> 7) Section 2.5, para 5: replace "CMS/X400" with "CMS-X400"
> 8) Section 3.1, para 3, first sentence: replace "which is" with "wants to
> be" to read "... User Agent wants to be delivered to one or more
> recipients."
> 9) Section 3.2, para 4, second sentence: Change to "If other 8-bit
> transports (e.g., X.400) are used then the optional MIME encoding SHOULD NOT
> be used."
> 10) Section 3.4 para 2, first sentence: Replace "is-data" with "id-data".
> 11) Section 3.6: Can you specify the standards within the PKIX WG that you
> are referring to?
>
> Bill.
Received: by ns.secondary.com (8.9.3/8.9.3) id AAA04679 for ietf-smime-bks; Fri, 10 Nov 2000 00:42:34 -0800 (PST)
Received: from swordfish.nexor.co.uk (swordfish.nexor.co.uk [193.63.53.54]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id AAA04672 for <ietf-smime@imc.org>; Fri, 10 Nov 2000 00:42:33 -0800 (PST)
Received: by swordfish.nexor.co.uk with Internet Mail Service (5.5.2650.14) id <WRY8AW1S>; Fri, 10 Nov 2000 08:49:40 -0000
Message-ID: <3130909C0878D4118010006008517A7C78E9@swordfish.nexor.co.uk>
From: Graeme Lunt <g.lunt@nexor.co.uk>
To: ietf-smime@imc.org
Cc: "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk>
Subject: RE: I-D ACTION:draft-ietf-smime-x400transport-00.txt
Date: Fri, 10 Nov 2000 08:49:39 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.14)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Hi,
Here are some comments on the following draft:
> Title : Transporting S/MIME Objects in X.400
The comments relate to section 2.2, and in particular to the
OID for CMS objects than are MIME encoded.
The proposal is to use a CMS-defined OID to indicate an
S/MIME content type. However, would it not be better to use
an OID that indicate MIME (rather than S/MIME)?
The actual MIME type (and additional parameters) will be contained
within the MIME headers, so that it is not essential to carry the
actual type in the P1 envelope. There is very little an X.400 MTA
would be able to deduce from the P1 content type alone, without
examining the MIME headers.
However, with the more generic approach I can carry arbitrary MIME
types, including multipart/signed. Obviously, a more generic approach
is not necessarily within the scope of the S/MIME group.
Comments?
Graeme
Received: by ns.secondary.com (8.9.3/8.9.3) id AAA02032 for ietf-smime-bks; Fri, 10 Nov 2000 00:24:09 -0800 (PST)
Received: from swordfish.nexor.co.uk (swordfish.nexor.co.uk [193.63.53.54]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id AAA02024 for <ietf-smime@imc.org>; Fri, 10 Nov 2000 00:24:06 -0800 (PST)
Received: by swordfish.nexor.co.uk with Internet Mail Service (5.5.2650.14) id <WRY8AW1R>; Fri, 10 Nov 2000 08:31:08 -0000
Message-ID: <3130909C0878D4118010006008517A7C78E8@swordfish.nexor.co.uk>
From: Graeme Lunt <g.lunt@nexor.co.uk>
To: ietf-smime@imc.org
Cc: "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk>
Subject: RE: I-D ACTION:draft-ietf-smime-x400wrap-00.txt
Date: Fri, 10 Nov 2000 08:31:03 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.14)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Hi,
Here are some comments on the following draft:
> Title : Securing X.400 Content with S/MIME
They relate to section 3.2.
The use of the terms "signedData Element", "signedData object" and
"signedData structure" seems a little confusing. As I read it:
"signedData element" is the encapContentInfo(EncapsulatedContentInfo)
field within "SignedData"
"signedData structure" is the complete SignedData SEQUENCE
and
"signedData object" is the the ContentInfo SEQUENCE, with a
contentType of id-signedData, containing the SignedData SEQUENCE
If this is indeed correct, then the last sentence of para 2. should
be made the first sentence of para 1. This would more closely follow
the line of processing, and indicate the use of only one optional
MIME encoding, the transport.
Which raises another other point. In para 2, it states that:
"X.400 content SHOULD be ASN.1 encoded" (and consequently MUST NOT be
MIME wrapped). Surely this should be "MUST be ASN.1 encoded",
especially given that the "content type of the protected X.400 content
MUST be placed in the eContentType field". (The use of "SHOULD" is
also somewhat at variance with step 1 in 3.4.1 which mandates ASN.1
encoding for triple-wrapped messages).
For example, if I find an eContentType of "2.6.1.10.1" (P22), I would
expect the content to be ASN.1 encoded.
Is there a reason why you would want to allow a different encoding of
the X.400 content prior to protection, or is this just a typo?
(In para 2, 3rd sentence you should add a "the", so as to read:
"The object identifier for the content type ...")
A similar set of comments apply to section 3.3
Graeme
Received: by ns.secondary.com (8.9.3/8.9.3) id FAA27200 for ietf-smime-bks; Tue, 7 Nov 2000 05:45:54 -0800 (PST)
Received: from mail.eris.dera.gov.uk (ns0.eris.dera.gov.uk [128.98.1.1]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id FAA27187 for <ietf-smime@IMC.ORG>; Tue, 7 Nov 2000 05:45:52 -0800 (PST)
Received: (qmail 1787 invoked from network); 7 Nov 2000 13:52:40 -0000
Received: from cray.eris.dera.gov.uk (HELO mailhost.eris.dera.gov.uk) (128.98.2.7) by ens0.eris.dera.gov.uk with SMTP; 7 Nov 2000 13:52:40 -0000
Received: (qmail 6602 invoked from network); 7 Nov 2000 13:52:39 -0000
Received: from wottaway.eris.dera.gov.uk (HELO wottaway) (128.98.10.192) by mailhost.eris.dera.gov.uk with SMTP; 7 Nov 2000 13:52:39 -0000
From: "William Ottaway" <w.ottaway@eris.dera.gov.uk>
To: <ietf-smime@imc.org>
Cc: <phoffman@imc.org>, <bonattic@ieca.com>, <anders.eggen@ffi.no>
Subject: RE: I-D ACTION:draft-ietf-smime-x400wrap-00.txt
Date: Tue, 7 Nov 2000 13:57:29 -0000
Message-ID: <NABBJNEAKNOGJBHIOCBHEEPCDJAA.w.ottaway@eris.dera.gov.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Importance: Normal
In-Reply-To: <200011061131.GAA12608@ietf.org>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Hi,
Some observations :-
1) Replace "Expires in six months" with actual expiry date.
2) Section 1, first sentence: Insert "the" between "in" and "Cryptographic"
3) Section 1.1, para 2, second sentence. add "carrying X.400 content" before
"," to read "In order to create S/MIME messages carrying X.400 content, an
S/MIME ..."
4) Section 1.3, DER definition: replace "x" with "1" to read "8825-1"
5) Section 2.4, first sentence: Insert "the" between "of" and "ContentInfo".
6) Section 2.5, para 2, second sentence: replace "CMS/X400" with "CMS-X400"
7) Section 2.5, para 5: replace "CMS/X400" with "CMS-X400"
8) Section 3.1, para 3, first sentence: replace "which is" with "wants to
be" to read "... User Agent wants to be delivered to one or more
recipients."
9) Section 3.2, para 4, second sentence: Change to "If other 8-bit
transports (e.g., X.400) are used then the optional MIME encoding SHOULD NOT
be used."
10) Section 3.4 para 2, first sentence: Replace "is-data" with "id-data".
11) Section 3.6: Can you specify the standards within the PKIX WG that you
are referring to?
Bill.
Received: by ns.secondary.com (8.9.3/8.9.3) id GAA02393 for ietf-smime-bks; Mon, 6 Nov 2000 06:09:22 -0800 (PST)
Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA02386; Mon, 6 Nov 2000 06:09:21 -0800 (PST)
Received: from ieca.com (mva-aa-064.capu.net [207.226.159.64]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id JAA15291; Mon, 6 Nov 2000 09:15:59 -0500
Message-ID: <3A06BD1B.BE71F997@ieca.com>
Date: Mon, 06 Nov 2000 09:15:55 -0500
From: "Bonatti, Chris" <BonattiC@ieca.com>
Organization: IECA, Inc.
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: William Ottaway <w.ottaway@eris.dera.gov.uk>
CC: phoffman@imc.org, ietf-smime@imc.org
Subject: Re: I-D ACTION:draft-ietf-smime-x400transport-00.txt
References: <NABBJNEAKNOGJBHIOCBHAEOHDJAA.w.ottaway@eris.dera.gov.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
I concur on these.
Chris B.
______________________
William Ottaway wrote:
> Hi,
>
> Just a few comments on your draft.
>
> 1) "Expires in six months" is no longer acceptable. You have to put the
> expiry date at the front and end of the draft, egg 2nd May 2001.
>
> 2) Section 1: Insert "the" between "in" and "Cryptographic".
>
> 3) Section 2.1, para 2: replace "which is" with "wants to be" to read "...
> User Agent wants to be delivered to one or more recipients".
>
> 4) Section 2.3, id-ep-content: append "(2)" after "joint-iso-itu-t"
>
> 5) Section 2.4, last sentence: change to "Heterogeneous mail systems or
> other factors MAY require the presence of this outer MIME wrapper".
>
> Bill.
Received: by ns.secondary.com (8.9.3/8.9.3) id FAA00351 for ietf-smime-bks; Mon, 6 Nov 2000 05:43:25 -0800 (PST)
Received: from mail.eris.dera.gov.uk (ns0.eris.dera.gov.uk [128.98.1.1]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id FAA00345 for <ietf-smime@imc.org>; Mon, 6 Nov 2000 05:43:22 -0800 (PST)
Received: (qmail 2218 invoked from network); 6 Nov 2000 13:50:01 -0000
Received: from cray.eris.dera.gov.uk (HELO mailhost.eris.dera.gov.uk) (128.98.2.7) by ens0.eris.dera.gov.uk with SMTP; 6 Nov 2000 13:50:01 -0000
Received: (qmail 11878 invoked from network); 6 Nov 2000 13:50:00 -0000
Received: from wottaway.eris.dera.gov.uk (HELO wottaway) (128.98.10.192) by mailhost.eris.dera.gov.uk with SMTP; 6 Nov 2000 13:50:00 -0000
From: "William Ottaway" <w.ottaway@eris.dera.gov.uk>
To: <phoffman@imc.org>, <bonattic@ieca.com>
Cc: <ietf-smime@imc.org>
Subject: RE: I-D ACTION:draft-ietf-smime-x400transport-00.txt
Date: Mon, 6 Nov 2000 13:54:46 -0000
Message-ID: <NABBJNEAKNOGJBHIOCBHAEOHDJAA.w.ottaway@eris.dera.gov.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
In-reply-to: <200011061131.GAA12648@ietf.org>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Hi,
Just a few comments on your draft.
1) "Expires in six months" is no longer acceptable. You have to put the
expiry date at the front and end of the draft, egg 2nd May 2001.
2) Section 1: Insert "the" between "in" and "Cryptographic".
3) Section 2.1, para 2: replace "which is" with "wants to be" to read "...
User Agent wants to be delivered to one or more recipients".
4) Section 2.3, id-ep-content: append "(2)" after "joint-iso-itu-t"
5) Section 2.4, last sentence: change to "Heterogeneous mail systems or
other factors MAY require the presence of this outer MIME wrapper".
Bill.
Received: by ns.secondary.com (8.9.3/8.9.3) id DAA22239 for ietf-smime-bks; Mon, 6 Nov 2000 03:25:07 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA22234 for <ietf-smime@imc.org>; Mon, 6 Nov 2000 03:25:06 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA12648; Mon, 6 Nov 2000 06:31:49 -0500 (EST)
Message-Id: <200011061131.GAA12648@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-x400transport-00.txt
Date: Mon, 06 Nov 2000 06:31:49 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Transporting S/MIME Objects in X.400
Author(s) : P. Hoffman, C. Bonatti
Filename : draft-ietf-smime-x400transport-00.txt
Pages : 4
Date : 03-Nov-00
This document describes protocol options for conveying CMS-protected
objects associated with S/MIME version 3 over an X.400 message transfer
system.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-x400transport-00.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-x400transport-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-x400transport-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001103114327.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-x400transport-00.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-x400transport-00.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001103114327.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id DAA22231 for ietf-smime-bks; Mon, 6 Nov 2000 03:25:03 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA22227 for <ietf-smime@imc.org>; Mon, 6 Nov 2000 03:25:02 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA12608; Mon, 6 Nov 2000 06:31:45 -0500 (EST)
Message-Id: <200011061131.GAA12608@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-x400wrap-00.txt
Date: Mon, 06 Nov 2000 06:31:45 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Securing X.400 Content with S/MIME
Author(s) : P. Hoffman, C. Bonatti
Filename : draft-ietf-smime-x400wrap-00.txt
Pages : 9
Date : 03-Nov-00
This document describes a protocol for adding cryptographic signature
and encryption services to X.400 content.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-x400wrap-00.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-x400wrap-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-x400wrap-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001103114317.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-x400wrap-00.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-x400wrap-00.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001103114317.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by ns.secondary.com (8.9.3/8.9.3) id KAA08378 for ietf-smime-bks; Sun, 5 Nov 2000 10:18:23 -0800 (PST)
Received: from ns.vivanet.co.kr (IDENT:root@ns.vivanet.co.kr [210.207.57.66]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA08373 for <ietf-smime@mail.proper.com>; Sun, 5 Nov 2000 10:18:22 -0800 (PST)
Received: from opdopd (01-024.044.popsite.net [64.24.244.24]) by ns.vivanet.co.kr (8.9.3/8.9.3) with ESMTP id DAA20081; Mon, 6 Nov 2000 03:47:00 +0900
Message-Id: <200011051847.DAA20081@ns.vivanet.co.kr>
From: "Darrel" <dfbn@123india.com>
Subject: FIRE your BOSS... #6F16
To: win291d@ns.vivanet.co.kr
X-Mailer: Microsoft Outlook Express 4.72.1712.3
X-MimeOLE: Produced By Microsoft MimeOLE V(null).1712.3
Mime-Version: 1.0
Date: Sun, 05 Nov 2000 11:59:49 -0500
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id KAA08375
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Are YOU...
Tired of working for someone else and getting paid what "they" feel
you're worth?
Looking for a legitimate home-based enterprise that can generate you
$2,000 & more weekly?
ARE YOU READY FOR A CHANGE, AND WANT TO
DEVELOP TRUE WEALTH IN YOUR LIFE?
Are you looking for RESULTS and not hype?
Here are the facts:
*80% profit on all sales that pay you from $1250 to $6250 per sale
*No personal selling or "convince me" tactics involved
*Easy to follow, step by step, information system in place does the
explaining for you
*Not MLM or franchise
*Full personal training and support
*Lead generation system that BRINGS qualified prospects TO YOU
*Multiple 6 figure income realistically attainable in 1st year
*PROVEN 3 years to retirement program... PERIOD!
If this sounds like what you are looking for then CALL NOW!!!
1-800-320-9895 ext 6172, 24 hr. recorded message system.
Leave your name, phone number, and email address- twice!!
After a brief 2 to 3 minute interview, I will get you all the
information you need to make your own relaxed and intelligent
decision about your future.
Serious inquiries only please
***********************************************************
Since you have received this message you have either responded
to one of our offers in the past or your address has been
registered with us. If you wish to be removed please reply to:
mailto:dfbn@keromail.com?subject=remove
************************************************************
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id GAA16834 for ietf-smime-bks; Sat, 4 Nov 2000 06:44:15 -0800 (PST)
Received: from mainserver.ps.gov.cn ([210.74.122.144]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA16827 for <ietf-smime@imc.org>; Sat, 4 Nov 2000 06:44:10 -0800 (PST)
Date: Sat, 4 Nov 2000 06:44:10 -0800 (PST)
From: hv@of-hachetal.de
Message-Id: <200011041444.GAA16827@ns.secondary.com>
Received: from 1Cust239.tnt2.mia5.da.uu.net by mainserver.ps.gov.cn with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1457.7) id SXP0MWCJ; Fri, 3 Nov 2000 22:28:18 +0800
To: hv@of-hachetal.de
Subject: At last, Herbal V, the all natural alternative to V----A!
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Herbal V: An Incredible All-Natural Healthy Alternative
Herbal V is the All Natural Approach to Male Virility,
Vitality and Pleasure.
Available N o w !
Welcome to the New Sexual Revolution.
It's the all natural male potency and pleasure pill that men
everywhere are buzzing about. Herbal V is safe, natural and
specifically formulated to help support male sexual function
and pleasure. You just take two easy-to-swallow tablets
one hour before sex. And there's more great news - you can
get Herbal V for less than $1 a pill.
Amazing word of mouth praise on Herbal V has been spreading
like wildfire-already over 1,500,000 men have chosen
Herbal V. Since it is 100% natural you will never have
to worry about safety. Try doctor-recommended Herbal V
today and have the greatest night of your life!
Herbal V... Bringing Back the Magic!
1,585,000 men can't be wrong. To date over 1 million men
have tried the super supplement Herbal V.
Here is why:
No Doctor Visit Required
Available Over the Counter
Not a Drug
100% Natural
Safe, No Worries
Highest Quality Pharmaceutical-Grade Pure Nutriceuticals
Guaranteed Potency & Purity
Be a Real Man Again!
Questions and Answers
What is Herbal V?
Herbal V is a proprietary blend that was specifically
developed as a safe alternative for men who prefer
an all-natural approach to address impotence and boost
sexual performance. This amazing formula first became
popular with Hollywood insiders and the wealthy elite.
They were maximizing their sex lives, long before it
was available to the general public.
How does Herbal V work?
Developed by a team whose goal was to create the perfect
all-natural aphrodisiac. Herbal V is the result of that
remarkable effort. The Herbal V formula contains a precise
blend of cutting edge pro-sexual nutrients from around
the world that provide nutritional support, making it
possible for a man to have a pleasurable sexual experience.
What can Herbal V do for me?
Herbal V helps support male sexual function and
pleasure in a safe and natural manner. Simply put,
it can make your sex life incredible.
Is Herbal V Safe?
One of the great things about Herbal V is that it is
not a drug. It is an incredible herbal dietary supplement
that provides nutritional support for male sexual function
and pleasure. One of the most comforting features of
Herbal V is that you never have to worry about safety.
Herbal V: Safe - Natural - Exciting
Many have speculated that because Herbal V is so
popular with men, it must contain prescription drugs
or chemical components. Herbal V does not contain any
elements or traces of any prescription drug. Herbal V
is made using the world's most technologically advanced
state-of-the-art cold processing equipment to ensure
maximum purity. Herbal V has been independently analyzed
by the nation's premier testing facility to ensure purity,
quality and to end the rumors that, because it is so
popular, it must somehow be chemical. It is not.
Herbal V is natural - just as it says on the label.
Herbal V is simply fantastic!
Herbal V: Ingredients
Yohimbe, saw palmetto, avena sativa, androstenedione,
guarana, taurine, siberian ginseng, tribulus terrestris.
Tribulus Terrestis is certified to enhanced testosterone
levels by increasing Luteinzing hormone (LH) levels.
Androstenedione which is a precursor to testosterone
unlocks bound testosterone and makes it biologically
active again quickly. This means a dramatic surge in
desire. Avena Sativa Stimulates the neurotransmitter
pleasure centers to maximum capacity. This greatly
intensifies pleasure.
Just listen to what Herbal V has done for the sex lives
of people like you!
On a scale of 1 to 10, it's a 15. Electrifying. It's like
a wonder pill!
Justin Q B., New Haven, Texas
I haven't had sexual relations in 11 years. Then with
Herbal V it was... wow! It works again!
Sid R., Lakeland, Florida
I had sex four times in one night. It made me feel
like a 19-year-old again.
Chip S, Beech Mountain, North Carolina
Herbal V has turned my husband into a Sexual Superman!
I like the fact that it's all natural and has no
side effects. It's bringing back the good old days.
Jennifer B, Beverly Hills, California
The above testimonials are from product literature,
and we have not independently verified them.
However, the following testimonial is from a "senior"
gentleman who has purchased his second bottle of
Herbal V. When we heard his words with our own ears,
we asked his permission to print them here.
Man! I'm wild as I can be! I feel like I'm 25 years old again!
I'm not believing this!
Mr. Murphy, age 64, Lampart, IL.
Risk Free: Double Your Money Back Guarantee
If Herbal V does not give the desired results as stated
above, simply return the unused portion for a
double-your money back refund. No questions asked !
Order Now: Safe, Fast, Secure, Private
Herbal V with its DOUBLE YOUR MONEY BACK GUARANTEE is
available only through this special promotional offer.
Herbal V arrives in plain packaging for your privacy.
Any and all information is kept strictly confidential.
Payment Methods
You may FAX or Postal Mail Checks, MasterCard, Visa,
& American Express.payments. Money Orders
are accepted only by Postal Mail.
Each bottle of Herbal V contains 30 tablets, approximately
a 1 month supply.
Step 1: Place a check by your desired quanity.
______ 1 Bottle of Herbal V $28
______ 2 Bottles of Herbal V $48
______ 3 Bottles of Herbal V $59
Please add $6 shipping and handling for any size order.
[ Total cost including shipping & handling,
1 bottle=$34, 2 bottles=$54, 3 bottles=$65 ]
International Orders
Please add $16 shipping and handling for any size order.
[ Total cost including shipping & handling,
1 bottle=$40, 2 bottles=$60, 3 bottles=$75 ]
We cannot accept foreign checks.
International money orders or credit cards only.
Step 2: Place a check by your desired payment method
and complete fields if necessary.
_____Check or CHECK-BY-FAX [details below]
_____Money Order
_____American Express
Account Number__________________ Exp____/____
_____Visa
Account Number__________________ Exp____/____
_____MasterCard
Account Number__________________ Exp____/____
Please make your check or money order payable to
"Lion Sciences National".
Step 3: Please complete and print the following fields clearly.
Name ___________________________________________________
Address _________________________________________________
City ____________________________________________________
State ___________________________________________________
Zip _____________________________________________________
E-mail __________________________________________________
Signature _________________________________________________
[ required for check and credit card orders]
Toll Free FAX Order Line: 1-800-940-6590
If faxing in your order, please state whether you require
a fax, email, or no confirmation at all.
Allow up to one day for confirmation, if requested.
FAX orders are processed immediately.
Or, print & mail to: LSN
3502 N. Powerline Rd. #525
Pompano Beach, FL 33069
______________________________________________________
*CHECK BY FAX ORDERS: Complete the check as normal. Tape
the check in the area below. Below the check, clearly write
the check number, all numbers at the bottom of the check,
& your name. Tape the check below and fax the check to the
toll free FAX number above. Void the check. Our merchant
will electronically debit your account for the amount of
the check; your reference number for this transaction will
be your check number. Nothing could be safer & easier !
TAPE CHECK BELOW
_____________________________________________________________
This is a one time mailing: Removal is automatic and no further
contact is necessary. Please Note: Herbal V is not intended to
diagnose, treat, cure or prevent any disease. As individuals differ,
so will results. Herbal V helps provide herbal and nutritional support
for male sexual performance. The FDA has not evaluated these
statements. For details about our double your money back guarantee,
please write to the above address, attention consumer affairs
department; enclose a self addressed stamped envelope for this and any
requested contact information.
Thank You.
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id HAA01334 for ietf-smime-bks; Fri, 3 Nov 2000 07:30:17 -0800 (PST)
Received: from mainserver.ps.gov.cn ([210.74.122.144]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA01329 for <ietf-smime@imc.org>; Fri, 3 Nov 2000 07:30:14 -0800 (PST)
Date: Fri, 3 Nov 2000 07:30:14 -0800 (PST)
From: hv@of-hachetal.de
Message-Id: <200011031530.HAA01329@ns.secondary.com>
Received: from 1Cust239.tnt2.mia5.da.uu.net by mainserver.ps.gov.cn with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1457.7) id SXP0MWCJ; Fri, 3 Nov 2000 22:28:18 +0800
To: hv@of-hachetal.de
Subject: At last, Herbal V, the all natural alternative to V----A!
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Herbal V: An Incredible All-Natural Healthy Alternative
Herbal V is the All Natural Approach to Male Virility,
Vitality and Pleasure.
Available N o w !
Welcome to the New Sexual Revolution.
It's the all natural male potency and pleasure pill that men
everywhere are buzzing about. Herbal V is safe, natural and
specifically formulated to help support male sexual function
and pleasure. You just take two easy-to-swallow tablets
one hour before sex. And there's more great news - you can
get Herbal V for less than $1 a pill.
Amazing word of mouth praise on Herbal V has been spreading
like wildfire-already over 1,500,000 men have chosen
Herbal V. Since it is 100% natural you will never have
to worry about safety. Try doctor-recommended Herbal V
today and have the greatest night of your life!
Herbal V... Bringing Back the Magic!
1,585,000 men can't be wrong. To date over 1 million men
have tried the super supplement Herbal V.
Here is why:
No Doctor Visit Required
Available Over the Counter
Not a Drug
100% Natural
Safe, No Worries
Highest Quality Pharmaceutical-Grade Pure Nutriceuticals
Guaranteed Potency & Purity
Be a Real Man Again!
Questions and Answers
What is Herbal V?
Herbal V is a proprietary blend that was specifically
developed as a safe alternative for men who prefer
an all-natural approach to address impotence and boost
sexual performance. This amazing formula first became
popular with Hollywood insiders and the wealthy elite.
They were maximizing their sex lives, long before it
was available to the general public.
How does Herbal V work?
Developed by a team whose goal was to create the perfect
all-natural aphrodisiac. Herbal V is the result of that
remarkable effort. The Herbal V formula contains a precise
blend of cutting edge pro-sexual nutrients from around
the world that provide nutritional support, making it
possible for a man to have a pleasurable sexual experience.
What can Herbal V do for me?
Herbal V helps support male sexual function and
pleasure in a safe and natural manner. Simply put,
it can make your sex life incredible.
Is Herbal V Safe?
One of the great things about Herbal V is that it is
not a drug. It is an incredible herbal dietary supplement
that provides nutritional support for male sexual function
and pleasure. One of the most comforting features of
Herbal V is that you never have to worry about safety.
Herbal V: Safe - Natural - Exciting
Many have speculated that because Herbal V is so
popular with men, it must contain prescription drugs
or chemical components. Herbal V does not contain any
elements or traces of any prescription drug. Herbal V
is made using the world's most technologically advanced
state-of-the-art cold processing equipment to ensure
maximum purity. Herbal V has been independently analyzed
by the nation's premier testing facility to ensure purity,
quality and to end the rumors that, because it is so
popular, it must somehow be chemical. It is not.
Herbal V is natural - just as it says on the label.
Herbal V is simply fantastic!
Herbal V: Ingredients
Yohimbe, saw palmetto, avena sativa, androstenedione,
guarana, taurine, siberian ginseng, tribulus terrestris.
Tribulus Terrestis is certified to enhanced testosterone
levels by increasing Luteinzing hormone (LH) levels.
Androstenedione which is a precursor to testosterone
unlocks bound testosterone and makes it biologically
active again quickly. This means a dramatic surge in
desire. Avena Sativa Stimulates the neurotransmitter
pleasure centers to maximum capacity. This greatly
intensifies pleasure.
Just listen to what Herbal V has done for the sex lives
of people like you!
On a scale of 1 to 10, it's a 15. Electrifying. It's like
a wonder pill!
Justin Q B., New Haven, Texas
I haven't had sexual relations in 11 years. Then with
Herbal V it was... wow! It works again!
Sid R., Lakeland, Florida
I had sex four times in one night. It made me feel
like a 19-year-old again.
Chip S, Beech Mountain, North Carolina
Herbal V has turned my husband into a Sexual Superman!
I like the fact that it's all natural and has no
side effects. It's bringing back the good old days.
Jennifer B, Beverly Hills, California
The above testimonials are from product literature,
and we have not independently verified them.
However, the following testimonial is from a "senior"
gentleman who has purchased his second bottle of
Herbal V. When we heard his words with our own ears,
we asked his permission to print them here.
Man! I'm wild as I can be! I feel like I'm 25 years old again!
I'm not believing this!
Mr. Murphy, age 64, Lampart, IL.
Risk Free: Double Your Money Back Guarantee
If Herbal V does not give the desired results as stated
above, simply return the unused portion for a
double-your money back refund. No questions asked !
Order Now: Safe, Fast, Secure, Private
Herbal V with its DOUBLE YOUR MONEY BACK GUARANTEE is
available only through this special promotional offer.
Herbal V arrives in plain packaging for your privacy.
Any and all information is kept strictly confidential.
Payment Methods
You may FAX or Postal Mail Checks, MasterCard, Visa,
& American Express.payments. Money Orders
are accepted only by Postal Mail.
Each bottle of Herbal V contains 30 tablets, approximately
a 1 month supply.
Step 1: Place a check by your desired quanity.
______ 1 Bottle of Herbal V $28
______ 2 Bottles of Herbal V $48
______ 3 Bottles of Herbal V $59
Please add $6 shipping and handling for any size order.
[ Total cost including shipping & handling,
1 bottle=$34, 2 bottles=$54, 3 bottles=$65 ]
International Orders
Please add $16 shipping and handling for any size order.
[ Total cost including shipping & handling,
1 bottle=$40, 2 bottles=$60, 3 bottles=$75 ]
We cannot accept foreign checks.
International money orders or credit cards only.
Step 2: Place a check by your desired payment method
and complete fields if necessary.
_____Check or CHECK-BY-FAX [details below]
_____Money Order
_____American Express
Account Number__________________ Exp____/____
_____Visa
Account Number__________________ Exp____/____
_____MasterCard
Account Number__________________ Exp____/____
Please make your check or money order payable to
"Lion Sciences National".
Step 3: Please complete and print the following fields clearly.
Name ___________________________________________________
Address _________________________________________________
City ____________________________________________________
State ___________________________________________________
Zip _____________________________________________________
E-mail __________________________________________________
Signature _________________________________________________
[ required for check and credit card orders]
Toll Free FAX Order Line: 1-800-940-6590
If faxing in your order, please state whether you require
a fax, email, or no confirmation at all.
Allow up to one day for confirmation, if requested.
FAX orders are processed immediately.
Or, print & mail to: LSN
3502 N. Powerline Rd. #525
Pompano Beach, FL 33069
______________________________________________________
*CHECK BY FAX ORDERS: Complete the check as normal. Tape
the check in the area below. Below the check, clearly write
the check number, all numbers at the bottom of the check,
& your name. Tape the check below and fax the check to the
toll free FAX number above. Void the check. Our merchant
will electronically debit your account for the amount of
the check; your reference number for this transaction will
be your check number. Nothing could be safer & easier !
TAPE CHECK BELOW
_____________________________________________________________
This is a one time mailing: Removal is automatic and no further
contact is necessary. Please Note: Herbal V is not intended to
diagnose, treat, cure or prevent any disease. As individuals differ,
so will results. Herbal V helps provide herbal and nutritional support
for male sexual performance. The FDA has not evaluated these
statements. For details about our double your money back guarantee,
please write to the above address, attention consumer affairs
department; enclose a self addressed stamped envelope for this and any
requested contact information.
Thank You.
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id LAA08077 for ietf-smime-bks; Thu, 2 Nov 2000 11:49:48 -0800 (PST)
Received: from nl-imail01.cmg.nl (nl-mail-dmz.cmg-gecis.nl [195.109.155.100]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id LAA08073 for <ietf-smime@imc.org>; Thu, 2 Nov 2000 11:49:46 -0800 (PST)
From: Internet-Drafts@ietf.org
Received: FROM nl-iscan.cmg.nl BY nl-imail01.cmg.nl ; Thu Nov 02 20:46:17 2000 +0100
Received: FROM nl-amv-route01.cmg.nl BY nl-iscan.cmg.nl ; Thu Nov 02 20:38:28 2000 +0100
Received: from nl-irelay.cmg.nl (NL-IRELAY [10.16.67.60]) by nl-amv-route01.cmg.nl with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2652.39) id WD5NS413; Thu, 2 Nov 2000 20:37:18 +0100
Received: from mail pickup service by nl-irelay.cmg.nl with Microsoft SMTPSVC; Thu, 2 Nov 2000 20:32:21 +0100
Received: from loki.ietf.org ([132.151.1.177]) by nl-irelay.cmg.nl with Microsoft SMTPSVC(5.0.2195.1600); Thu, 2 Nov 2000 16:02:18 +0100
Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id IAA26956 for ietf-123-outbound.09@ietf.org; Thu, 2 Nov 2000 08:45:01 -0500 (EST)
Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id GAA26115 for <all-ietf@loki.ietf.org>; Thu, 2 Nov 2000 06:36:09 -0500 (EST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA16351; Thu, 2 Nov 2000 06:36:08 -0500 (EST)
Message-Id: <200011021136.GAA16351@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-symkeydist-02.txt
Date: Thu, 02 Nov 2000 06:36:07 -0500
X-OriginalArrivalTime: 02 Nov 2000 15:02:19.0402 (UTC) FILETIME=[E56DE6A0:01C044DD]
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : S/MIME Symmetric Key Distribution
Author(s) : S. Turner
Filename : draft-ietf-smime-symkeydist-02.txt
Pages : 62
Date : 01-Nov-00
This document describes a mechanism to manage (i.e., setup,
distribute, and rekey) keys used with symmetric cryptographic
algorithms. Also defined herein is a mechanism to organize users
into groups to support distribution of encrypted content using
symmetric cryptographic algorithms. The mechanisms use the
Cryptographic Message Syntax (CMS) protocol [2] and Certificate
Management Message over CMS (CMC) protocol [3] to manage the
symmetric keys. Any member of the group can then later use this
distributed shared key to decrypt other CMS encrypted objects with
the symmetric key. This mechanism has been developed to support
S/MIME Mail List Agents (MLAs).
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-symkeydist-02.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-symkeydist-02.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-symkeydist-02.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001101143738.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-symkeydist-02.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-symkeydist-02.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001101143738.I-D@ietf.org>
--OtherAccess--
--NextPart--
--9B095B5ADSN=_01C044DC88685DA000000295nl?irelay.cmg.nl--
Received: by ns.secondary.com (8.9.3/8.9.3) id DAA03226 for ietf-smime-bks; Thu, 2 Nov 2000 03:29:46 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA03221 for <ietf-smime@imc.org>; Thu, 2 Nov 2000 03:29:45 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA16351; Thu, 2 Nov 2000 06:36:08 -0500 (EST)
Message-Id: <200011021136.GAA16351@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-symkeydist-02.txt
Date: Thu, 02 Nov 2000 06:36:07 -0500
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : S/MIME Symmetric Key Distribution
Author(s) : S. Turner
Filename : draft-ietf-smime-symkeydist-02.txt
Pages : 62
Date : 01-Nov-00
This document describes a mechanism to manage (i.e., setup,
distribute, and rekey) keys used with symmetric cryptographic
algorithms. Also defined herein is a mechanism to organize users
into groups to support distribution of encrypted content using
symmetric cryptographic algorithms. The mechanisms use the
Cryptographic Message Syntax (CMS) protocol [2] and Certificate
Management Message over CMS (CMC) protocol [3] to manage the
symmetric keys. Any member of the group can then later use this
distributed shared key to decrypt other CMS encrypted objects with
the symmetric key. This mechanism has been developed to support
S/MIME Mail List Agents (MLAs).
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-symkeydist-02.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-symkeydist-02.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-symkeydist-02.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20001101143738.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-symkeydist-02.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-symkeydist-02.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20001101143738.I-D@ietf.org>
--OtherAccess--
--NextPart--