RE: Post-last-call status of the S/MIME examples draft

"Jim Schaad" <jimsch@nwlink.com> Tue, 27 May 2003 03:20 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA12537 for <smime-archive@lists.ietf.org>; Mon, 26 May 2003 23:20:09 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h4R2pMAF096867 for <ietf-smime-bks@above.proper.com>; Mon, 26 May 2003 19:51:22 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h4R2pMHw096866 for ietf-smime-bks; Mon, 26 May 2003 19:51:22 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.174]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h4R2pFAF096853; Mon, 26 May 2003 19:51:20 -0700 (PDT) (envelope-from jimsch@nwlink.com)
Received: from ROMANS (ip237.c132.blk1.bel.nwlink.com [209.20.132.237]) by smtp4.pacifier.net (Postfix) with ESMTP id ECFEE6A7CA; Mon, 26 May 2003 19:30:52 -0700 (PDT)
Reply-To: jimsch@exmsft.com
From: Jim Schaad <jimsch@nwlink.com>
To: 'Paul Hoffman / IMC' <phoffman@imc.org>, ietf-smime-examples@imc.org, ietf-smime@imc.org
Subject: RE: Post-last-call status of the S/MIME examples draft
Date: Mon, 26 May 2003 19:51:16 -0700
Message-ID: <001601c323fa$d85cc360$1700a8c0@soaringhawk.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
In-Reply-To: <p05210613baf3cd7f0227@[67.31.4.113]>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

Some more input

5.9.eml
	Jim Schaad:  Fail
		signatureAlgorithm of dsa not dsaWithSha1

11.3.bin
	Jim Schaad:  Pass

I think I should be able to work through all of sections 6, 8 & 9 by the
end of this week.  I don't have anything external on my plate at the
moment.

jim

> -----Original Message-----
> From: owner-ietf-smime@mail.imc.org 
> [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Paul Hoffman / IMC
> Sent: Friday, May 23, 2003 6:11 AM
> To: ietf-smime-examples@imc.org; ietf-smime@imc.org
> Subject: Post-last-call status of the S/MIME examples draft
> 
> 
> 
> Greetings again. Here's my collected notes from the WG mailing list, 
> the smime-examples mailing list, and off-list mail. I summarize at 
> the end.
> 
> ====================
> 
> 4. Trivial Examples
> 
> 4.1 ContentInfo with Data type, BER
>    John Pawling: tested OK.
>    Jim Schaad: tested OK.
> 
> 4.2 ContentInfo with Data type, DER
>    John Pawling: tested OK.
>    Jim Schaad: tested OK.
> 
> 5.  Signed-data
>    Jim Schaad pointed out that many examples had the
>      signatureAlgorithm of 1.2.840.10040.4.1 (dsa) but it 
> should instead
>      be 1.2.840.10040.4.3 (dsaWithSha1).
>    The general decision was that the examples should have dsaWithSha1.
>    John Pawling and Sue Beauchamp at DigitalNet agreed to re-generate
>      the examples.
> 
> 5.1 Basic signed content, DSS
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
>    Jim Schaad: failed.
>      signatureAlgorithm is dsa but should be dsaWithSha1
>    Sue Beauchamp sent new example file.
> 
> 5.2 Basic signed content, RSA
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
>    Jim Schaad: tested OK.
> 
> 5.3 Basic signed content, detached content
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
>    Jim Schaad: failed.
> 	Contains Alice's RSA certificate
> 	No content hint unsigned attribute
>      signatureAlgorithm is dsa but should be dsaWithSha1
>    Sue Beauchamp sent new example file.
> 
> 5.4 Fancier signed content
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
>    Sue Beauchamp sent new example file.
> 
> 5.5 All RSA signed message
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
>    Jim Schaad: tested OK.
> 
> 5.6 Multiple signers
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
>    Jim Schaad: failed.
>      signatureAlgorithm is dsa but should be dsaWithSha1
>    Sue Beauchamp sent new example file.
> 
> 5.7 Signing using SKI
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
>    Jim Schaad: failed.
>      signatureAlgorithm is dsa but should be dsaWithSha1
>    Sue Beauchamp sent new example file.
> 
> 5.8 S/MIME multipart/signed message
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
> 
> 5.9 S/MIME application/pkcs7-mime signed message
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
> 
> 5.10 SignedData With Attributes
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
>    Jim Schaad: failed.
> 	Change "unknown OID" to "unknown OID (1.2.5555)"
> 	Content Hint should have an OID of 1.2.840.113549.1.7.1
> 	Content Identifier attribute absent
> 	Contains Security Label attribute
> 	Contains encrypt key preference attribute
> 	Contains ML Expansion History attribute
> 	Contains Equivalent Label attribute
> 
> 5.11 SignedData with Certificates Only
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
> 
> 6.  Enveloped-data
> 
> 6.1 Basic encrypted content, TripleDES and DH
>    John Pawling: tested OK.
> 
> 6.2 Basic encrypted content, TripleDES and RSA
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
> 
> 6.3 Basic encrypted content, RC2/40 and RSA
>    Blake Ramsdell: this is actually a 128-bit key.
>    Jeff Jacoby: confirmed Blake's assertion.
>    Paul Hoffman: thinks we could just change the title of the example.
>    John Pawling: tested OK.
>    Blake Ramsdell: tested OK.
> 
> 6.4 Encrypted content, two recipients, no shared keying material
>    John Pawling: tested OK but noted unsuccessful Invalid tag for
>      privateKeyInfo for second login.
> 
> 6.5 Encrypted content, two recipients, shared keying material
>    John Pawling: could not test due to bug in his code.
> 
> 6.6 Encrypted content, TripleDES and DH, previously-distributed keys
>    John Pawling: tested OK.
> 
> 6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys
>    John Pawling: tested OK.
> 
> 6.8 S/MIME application/pkcs7-mime encrypted message
>    John Pawling: tested OK.
> 
> 6.9 EnvelopedData with All Recipient Types
>    John Pawling: tested OK.
> 
> 6.10 EnvelopedData with KARI RC2 Encryption
>    John Pawling: tested OK.
> 
> 6.11 EnvelopedData with KEK 3DES Encryption
>    John Pawling: tested OK.
> 
> 7. Digested-data
>    Blake Ramsdell: tested OK.
> 
> 8. Encrypted-data
> 
> 8.1 Simple EncryptedData
>    Blake Ramsdell: tested OK.
> 
> 8.2 EncryptedData with unprotected attributes
> 
> 9. Authenticated-data
>    There are still no examples in this section.
> 
> 10. Key Wrapping
>    John Pawling: tested OK.
> 
> 10.1 Wrapping RC2
>    John Pawling: tested OK.
> 
> 10.2 Wrapping TripleDES
>    John Pawling: tested OK.
> 
> 11. ESS Examples
> 
> 11.1 ReceiptRequest
>    John Pawling: test failed, has sent new example file.
> 
> 11.2 Receipt
>    John Pawling: test failed, has sent new example file.
> 
> 11.3 eSSSecurityLabel
>    John Pawling: tested OK.
> 
> 11.4 EquivalentLabels
>    John Pawling: tested OK.
> 
> 11.5 mlExpansionHistory
>    John Pawling: tested OK.
> 
> 11.6 SigningCertificate
>    John Pawling: tested OK.
> 
> ====================
> 
> Everything has been tested by at least one person *except* "8.2 
> EncryptedData with unprotected attributes". If no ones tests this, we 
> will probably get rid of it. Can anyone whose software handles 
> EncryptedData please test example 8.2 and let me and/or the list know 
> the results?
> 
> All examples that had test failures have been re-submitted to my by 
> the DigitalNet folks *except* 5.10, which Jim Schaad had a lot of 
> problems with. Could someone generate a new example of 5.10? It would 
> be valuable to have it in the document.
> 
> --Paul Hoffman, Director
> --Internet Mail Consortium
>