13 December 2000 S/MIME WG Minutes
"Pawling, John" <John.Pawling@GetronicsGov.com> Thu, 28 December 2000 17:50 UTC
Received: from ns.secondary.com (ns.secondary.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA17734 for <smime-archive@odin.ietf.org>; Thu, 28 Dec 2000 12:50:05 -0500 (EST)
Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id HAA11318 for ietf-smime-bks; Thu, 28 Dec 2000 07:40:38 -0800 (PST)
Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA11308 for <ietf-smime@imc.org>; Thu, 28 Dec 2000 07:40:36 -0800 (PST)
Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id <Z2A4PZ00>; Thu, 28 Dec 2000 10:45:43 -0500
Message-ID: <4B0D36365AD3D2118FF40060972A16C0019B1AEA@wfhqex01.wangfed.com>
From: "Pawling, John" <John.Pawling@GetronicsGov.com>
To: "SMIME WG (E-mail)" <ietf-smime@imc.org>
Subject: 13 December 2000 S/MIME WG Minutes
Date: Thu, 28 Dec 2000 10:44:04 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
This message includes the minutes of the IETF S/MIME Working Group (WG) meeting held on 13 December 2000 in San Diego, California. Briefing slides will be available from <ftp://ftp.ietf.org/ietf/smime/>. These minutes include comments from the briefing presenters. Reported by John Pawling. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Introductions - Russ Housley Russ reviewed the agenda as follows. Nobody commented on the agenda. Introductions Russ Housley Working Group Status Russ Housley Interoperability Matrix Jim Schaad CMS and ESS Examples Paul Hoffman Security Policies and Labels Weston Nicolls Symmetric Key Distribution Sean Turner Domain Security (DOMSEC) Bill Ottaway X.400 and CMS Chris Bonatti Reuse of Content Encryption Keys Steve Farrell Advanced Encryption Standard Jim Schaad RSA-OAEP and RSA-PSS John Linn RSA as a MUST implement Blake Ramsdell E-Signature Formats using CMS John Ross E-Signature Formats using XML Denis Pinkas S/MIME Freeware Library John Pawling Wrap up Russ Housley +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ S/MIME Working Group Status - Russ Housley Russ outlined the strategy for advancing the following RFCs from Internet Proposed Standards to Internet Draft Standards: RFC 2630 Cryptographic Message Syntax (CMS), R. Housley, June 1999 RFC 2631 Diffie-Hellman Key Agreement Method, E. Rescorla, June 1999 RFC 2632 S/MIME Version 3 Certificate Handling, B. Ramsdell, June 1999 RFC 2633 S/MIME Version 3 Message Specification, B. Ramsdell, June 1999 RFC 2634 Enhanced Security Services for S/MIME, P. Hoffman, June 1999 RFC 2785 Methods for Avoiding the "Small-Subgroup" Attacks on the Diffie-Hellman Key Agreement Method for S/MIME, R. Zuccherato, March 2000. [Informational] RFC 2876 Use of the KEA and SKIPJACK Algorithms in CMS, J. Pawling, July 2000. [Informational] RFC 2984 Use of the CAST-128 Encryption Algorithm in CMS, C. Adams, October 2000 The aforementioned documents must meet the following requirements to advance to Draft Standards: 1) Meet requirements documented in RFC 2026 2) Stable, mature, and useful specification 3) At least two independent and interoperable implementations from different code bases 4) Draft Standards cannot reference Proposed Standard RFCs or Experimental RFCs, so the aforementioned RFCs are blocked until the PKIX Certificate and CRL Profile "Son-of-RFC 2459" Internet-Draft (I-D) (draft-ietf-pkix-new-part1-03.txt) progresses to Draft Standard. Russ stated that Jim Schaad has developed an interoperability matrix for RFCs 2630 through 2634. The interoperability matrix is posted at <http://www.imc.org/ietf-smime/interop-matrix.html>. The matrix indicates which features have and have not been successfully tested. So far, Jim Schaad and Getronics Government Solutions have provided input to the interoperability matrix. Jim has provided input regarding the capabilities of the Microsoft S/MIME v3 implementation. Getronics has provided input regarding the capabilities of the S/MIME Freeware Library (SFL) including interoperability testing conducted with Microsoft. Russ noted that Paul Hoffman (IMC) has offered to coordinate interoperability testing and to enhance the "Examples of S/MIME Messages" I-D. He asked that other organizations that have developed S/MIME v3 capabilities should please participate. Russ said he would submit that proposal to the S/MIME WG mail list. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Interoperability Matrix - Jim Schaad Jim discussed the interoperability matrix for RFCs 2630 through 2634. He has documented the successful completion of two-way interoperability testing for the following number of clauses in each RFC. He has not completely updated the results based on all interop testing performed: RFC Clauses Tested ========================= 2630 49 of 96 2631 0 of 13 2632 16 of 21 2633 17 of 61 2634 27 of 81 More details regarding RFC 2630 testing: Signed Data - 24 of 25 Enveloped Data - 11 of 25 Digested Data - 0 of 4 Encrypted Data - 0 of 4 Authenticated Data - 0 of 16 Other MUST Implement Requirements - 15 of 25 TOTAL - 49 of 96 More details regarding RFC 2634 testing: Triple Wrap - 3 of 5 Signed Receipts - 19 of 41 Security Labels - 5 of 11 Equivalent Labels - 0 of 12 Mail List - 0 of 12 TOTAL - 27 of 81 Jim asked for others to submit input to him at jimsch@exmsft.com. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Examples of S/MIME Messages - Paul Hoffman Paul stated that he had distributed a new release of the "Examples of S/MIME Messages" I-D <draft-ietf-smime-examples-05.txt>, November 2000, that includes additional sample data generated by Getronics using the SFL. He stated that the document needs further input and testing. He noted that Jim Schaad is testing all of the samples included in the document. John Pawling recommended that a triple- wrapped sample message should be added to the document. Jim has already generated several triple-wrapped messages and will provide them to Paul for inclusion in the document. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Mapping Company Classification Policy to the S/MIME Security Label - Weston Nicolls Weston stated that he had distributed a new release of the "Implementing Company Classification Policy with the S/MIME Security Label" I-D, <draft-ietf-smime-seclabel-02.txt>, October 2000. He noted that his goal is for the document to become an Informational RFC. It provides examples of how the RFC 2634 ESSSecurityLabel feature can be used to support an organization's security policy. The document includes classification policies and example security labels for the Amoco, Caterpillar and Whirlpool corporations. It includes an example security category syntax and samples. It also includes Clearance attribute examples that include a subject's authorizations. Russ Housley proposed that Last Call for this document should be completed by January 2001. Nobody objected. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Symmetric Key Distribution - Sean Turner Sean stated that he had distributed a new release of the S/MIME Symmetric Key Distribution I-D, <draft-ietf-smime-symkeydist-02.txt>, October 2000. Sean noted that Jim Schaad provided significant comments to the symkeydist-01 I-D that Sean incorporated into the symkeydist-02 I-D. Sean stated that two messages were added: GLProvideCert and GLUpdateCert. The GLDistributionMethod message was removed. The GLInfo, GLOwner, and GLMember syntaxes were modified to include "address" information. There were many changes made to more closely align with RFC 2797 Certificate Management Messages over CMS. He added text to explain how many and when rekey messages are distributed. The rekey defaults were fixed. Sean stated that he still needed to add a conformance clause and an Abstract Syntax Notation One (ASN.1) module. He also needs to verify correctness of RFC 2797 error behavior. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DOMSEC Draft Discussion - Bill Ottaway Bill presented a briefing regarding the "Domain Security Services Using S/MIME" I-D <draft-ietf-smime-domsec-07.txt>, November 2000. He made several minor changes as a result of e-mail exchanges with Jim Schaad on the S/MIME WG mail list. He added a section regarding Mail List Agents (MLA) that addresses the situation in which an MLA will remove the 'domain signature' when the signature encapsulates a mlExpansionHistory attribute and/or a envelopedData type. He briefed the solution to this problem which is documented in domsec-07 in Section 5, "Applying a Domain Signature when Mail List Agents are present". He stated that the he believes that the outstanding issues have been resolved and that the DOMSEC I-D should be submitted for last call. Russ Housley proposed that the DOMSEC document is ready for S/MIME WG Last Call. The intent is for this document to be published as an Experimental RFC. Russ proposed that the S/MIME WG Last Call should close on 10 January 2001. Nobody objected. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ X.400 and CMS - Chris Bonatti Chris presented a briefing regarding the "Transporting S/MIME Objects in X.400" I-D, <draft-ietf-smime-x400transport-01.txt> and "Securing X.400 Content with S/MIME" I-D, <draft-ietf-smime-x400wrap-01.txt> both distributed in November 2000. The x400wrap I-D specifies how to protect X.400 content with CMS objects. It is roughly analogous to RFC 2633 and refers to RFC 2633 when applicable. It minimizes the use of MIME encodings to reduce overhead. He briefed the proposed wrapping strategy. He discussed the object identifiers used, MIME heading parameters and detached signature form. He has already incorporated comments submitted by Bill Ottaway and Graeme Lunt. Chris noted that products generally do not support encapsulating content types other than data (such as signed-data or enveloped-data). Jim Schaad challenged that statement and noted that the Microsoft, SFL and Peter Gutmann's cryptlib S/MIME v3 implementations do support encapsulating content types other than data. The x400transport I-D specifies how to package CMS objects for transport by X.400 Message Transfer Agents (MTA). It discusses the scenario in which the CMS encapsulated content is an RFC 822 MIME message. It states that the outer MIME wrapper is not generally necessary in X.400. It also states that circumstances may exist when the outer MIME wrapper is desirable such as when a gateway into an SMTP transport is part of the architecture. Chris discussed the object identifiers used, packaging the CMS object in the X.400 content and that messages that only contain certificates are not supported. He has incorporated comments submitted by Bill Ottaway. Blake Ramsdell asked about support for messages that only contain certificates. Chris responded that messages that only contain certificates are supported, but they can't be identified as such in the wrapper. Chris recommended that these I-Ds be placed on the standards track and asked for feedback from the WG. Russ Housley and Jeff Schiller agreed with Chris' recommendation. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Reuse of Content Encryption Keys - Steve Farrell Steve presented a briefing regarding the "Reuse of CMS Content Encryption Keys" I-D, <draft-ietf-smime-rcek-00.txt>, September 2000. The rcek I-D specifies how to set up a shared secret key using asymmetric crypto (using EnvelopedData object) and then to re-use the content encryption key (CEK) to derive the Key Encryption Key (KEK) of the next message. It defines attributes for inclusion in EnvelopedData objects that indicates that the CEK is to be re-used and the maximum number of times that it can be re-used. Steve noted that the I-D specifies a key derivation scheme for the re-use of CEKs when the KEK and CEK algorithms must be different. The I-D defines a new attribute for this case. It also documents a new key derivation function with the property that it only requires the use of the CEK encryption algorithm. The function is documented in the rcek I-D, "Using different CEK and KEK algorithms" section. Blake Ramsdell recommended that Steve examine the Public Key Cryptography Standard (PKCS) #5 v2 key derivation function as an alternative to defining a new function. Steve stated that the outstanding issues are how much to specify failure cases and the proposed key derivation scheme. He would like to do one more version and then submit it to WG last call. He recommended that this I-D be placed on the standards track. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Advanced Encryption Standard (AES) in CMS - Jim Schaad Jim presented a briefing regarding the "Use of the Advanced Encryption Algorithm in CMS" I-D, <draft-ietf-smime-aes-alg-00.txt>, November 2000. The aes-alg I-D specifies how to incorporate AES into CMS as an additional algorithm for symmetric encryption. Jim briefed that the proposed AES parameters are as follows: Block Size - Fixed at 16 bytes Key Size - 128, 192 or 256 bits Proposed MUSTs 128 and 256 bits Jim noted that the aes-alg I-D does not include an AES key wrap algorithm. He proposes to include 256-bit key wrap algorithm as the only MUST-implement requirement. Paul Hoffman asked if Jim knew the difference in performance between using 256-bit versus 128-bit keys. Jim responded that the 256-bit key wrap takes a longer amount of time, but he didn't know the exact difference. Regarding key management, the I-D specifies that compliant implementations MUST support key transport using the PKCS #1 v2.0 Optimal Asymmetric Encryption Padding (RSA with OAEP) technique. It also specifies that compliant implementations MAY support key agreement using Ephemeral-Static (E-S) Diffie-Hellman (D-H) with modifications. It also specifies that compliant implementations MAY support symmetric key-encryption key management. Paul Hoffman commented that he believes that if the S/MIME WG specifies the use of both 128- and 256-bit keys, then customers will always demand 256-bit keys to achieve maximum security. He is concerned that the use of 256-bit keys will be a significant performance hit. For example, he believes that using 256-bit keys will drastically impact the performance of secure mail lists. He asked if the WG should consider only specifying the use of 128-bit keys. Jim responded that the certificate processing required to obtain a recipient's valid public key far exceeds the performance difference between using 128- and 256-bit keys. An attendee pointed out that companies couldn't sell 128-bit implementations because they have already been advertising the use of larger key sizes with Triple-DES. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ RSA-OAEP and RSA-PSS - John Linn John presented a briefing regarding the potential use of RSA-based encryption and signature algorithms in conjunction with CMS and S/MIME. He stated that many S/MIME products currently use the PKCS #1 v1.5 (RFC 2313) RSA algorithm that defines encryption and signature algorithms using ad hoc padding. PKCS #1 v1.5 RSA is specified as an optional algorithm in RFC 2630 (CMS). John described the PKCS #1 v1.5 padding formats and usage (his briefing slides provide details). He then described the Bleichenbacher adaptive chosen cipher text attack on PKCS #1 v1.5 encryption padding. The attack requires information from hundreds of thousands of decryptions, indicating whether correct padding resulted. A successful attack yields the result of a specific decryption. It does not yield the originator's private RSA key. Countermeasures include protocol-level means to ensure that information on decryptions is not available to attackers (constraints on returned information; randomize key, continue upon detected pad error) and improved, plaintext-aware padding (OAEP) in the cryptographic layer. More details are available in RSA Laboratories Bulletin #7 in <http://www.rsalabs.com/bulletins>. PKCS #1 v2.0 (RFC 2437) defends against encryption padding attacks using OAEP in conjunction with the RSA algorithm. It can be used with CMS as described in the "Use of the RSAES-OAEP Key Transport Algorithm in CMS" I-D, <draft-ietf-smime-cms-rsaes-oaep-02.txt>. John stated that recent theoretical results on strengths and assumptions of OAEP proofs have been discussed in the cryptographic research community, and have reinforced the conclusion that the OAEP properties remain strong for use with RSA. He pointed out that OAEP offers attractive properties in a random oracle model. It is provably secure and provides a level of security that is directly related to the strength of the RSA function. He also highlighted the fact that OAEP is plaintext-aware. When OAEP is used, it is impossible to generate valid cipher text without knowing the plaintext; thereby, effectively guarding against chosen-cipher text attacks. He briefed the RSAES-OAEP steps (his briefing slides provide further details). PKCS #1 v2.1 (draft, September 1999; 2nd draft in preparation) defends against potential signature attacks using the Probabilistic Signature Scheme (PSS). John noted that like OAEP, PSS offers a provably secure design. He briefed the proposed PSS encoding operation (his briefing slides provides further details). John stated that he does not know of any patents regarding the use of OAEP technique as proposed for S/MIME. The PSS encoding method is patent pending by the University of California (UC). UC agreed to waive licensing on PSS for signatures with message recovery (PSS-R variant) if adopted in an IEEE standard. John briefed that OAEP is stable and is being included in the PKCS #1 v2.0, IEEE P1363 and ANSI X9.44 specifications. He stated that standardization of PSS is being pursued in several forums and will be included in the IEEE P1363a and PKCS #1 v2.1 specifications. He stated that there is intent in ANSI X9F1 to reopen X9.31 to incorporate PSS. There is a revision in progress to include PSS-R in ISO 9796-2. John proposed that for the short term the S/MIME v3 documents should specify PKCS #1 v1.5 as a "MUST implement" requirement and PKCS #1 v2.0 RSA with OAEP as a "SHOULD implement" requirement. He recommended that the WG should specify RSA with OAEP as a "MUST implement" requirement for interactive CMS-based applications. John proposed that PSS signatures should be adopted as a long term solution along with the AES algorithm and new hash functions. An attendee stated that multiple "MUST implement" requirements may be tough to support on constrained platforms such as smart cards or palm devices. Jim Schaad pointed out that the format of the RSA public key is identical for PKCS #1 v1.5 and PKCS #1 v2.0 RSA with OAEP. He asked how an application was supposed to determine, based solely on the recipient's certificate, which algorithm to use as the key transport algorithm when encrypting data. This would be a problem if both algorithms are "MUST implement" requirements. Jim asked if RSA has considered defining a new object identifier to identify public keys for subjects that use PKCS #1 v2.0 RSA. Russ Housley replied that RSA decided to use the same object identifier to support both algorithms. John Pawling pointed out that the SMIMECapabilities attribute could be used to identify an entity's preferred key management algorithm. Jim replied that many products are not capable of processing the SMIMECapabilities attribute. He also stated that an application may support multiple key management algorithms, so there is a question regarding which algorithms will be advertised in the SMIMECapabilities attribute. Russ Housley stated that applications should offer a menu that allows the user to select a combination of algorithms. He suggested that this topic should be discussed further on the S/MIME WG mail list. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ RSA As a Must Implement - Blake Ramsdell Blake proposed that RFC 2630 be changed to specify the PKCS #1 v1.5 RSA public key algorithm as the "MUST implement" key management and signature algorithm since the RSA patent has expired. Blake stated that the majority of the July 2000 S/MIME WG meeting attendees stated their preference that both the PKCS #1 v1.5 RSA and DSA algorithms be the "MUST implement" signature algorithms. He stated that messages sent to the S/MIME WG mail list questioned if vendors would actually implement both algorithms if both were specified as "MUST implement". Others asked if there was a valid set of requirements justifying that both algorithms be specified as "MUST implement". Blake stated that PKCS #1 v1.5 RSA algorithm should be the "MUST implement" signature algorithm and that DSA should be the "MAY implement" signature algorithm. Blake said that PKCS #1 v2.0 RSA with OAEP should be discussed. Paul Hoffman raised the issue of the definition of "MUST implement" requirements. He described three definitions that various folks support: 1) describe current usage; 2) force a specific future solution; and 3) provide optimal security solution. He recommended that those that are interested in this issue should conduct a sidebar meeting to write a position paper that would then be sent to the S/MIME WG mail list. Russ Housley stated that the three definitions described by Paul point to different algorithm sets. He stated that he would talk to the security area director about this issue. He was surprised by the characterization of the arguments. Russ stated that if PKCS #1 v1.5 RSA is approved as the "MUST implement" requirement, then the S/MIME WG must document the safeguards that should be taken. Russ conducted a straw poll of the meeting attendees to obtain their opinion regarding the following options for the "MUST implement" signature algorithm: 1) PKCS#1 v1.5 RSA 2) DSA 3) Both The meeting attendees were evenly divided between options 1 and 3. Only one attendee voted for the "DSA" option. Russ conducted a straw poll of the meeting attendees to obtain their opinion regarding the following options for the "MUST implement" key management algorithm: 1) PKCS#1 v1.5 RSA 2) PKCS#1 v2.0 RSA with OAEP 3) E-S D-H The meeting attendees were evenly divided between options 1 and 2. Only one attendee voted for the "E-S D-H" option. Russ conducted a straw poll of the meeting attendees to obtain their opinion regarding the definition of the "MUST implement" requirement: 1) force a specific future solution 2) describe current usage 3) provide optimal security solution. Not many attendees voted in this straw poll. Two attendees voted for option 1, four voted for option 2 and one voted for option 3. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Electronic Signature Formats - John Ross John briefed regarding the "Electronic Signature Formats for long term electronic signatures" I-D. The esformats I-D is based on the European Telecommunications Standardization Institute (ETSI) Electronic Signature Infrastructure Standardization and defines a process to provide proof of the validity of a signature to be used if repudiation is attempted. The esformats-02.txt was based on ETSI ES 201 733. The new version, esformats-03.txt, is based on ETSI TS 101 733. All of the versions are based on RFC 2630. John stated that the changes in the esformats-03 I-D include extensions to the previous version including: verifier conformance options (Timestamping, Secure records); Signature policy options (Explicit by object identifier, Implied by signed content/ signature environment); and Content encoding indication (Content hints). John proposed that esformats-03 I-D is ready to become an Informational RFC. The planned work is: ETSI Implementation Trials; XML signature formats; and more work on signature policies. John then briefed regarding the "Electronic Signature Policies" I-D, <draft-ietf-smime-espolicies-00.txt> that defines signature policies for electronic signatures. He proposed that the espolicies-00 I-D is ready to become an Experimental RFC. Russ Housley proposed that the Electronic Signature Formats document is ready for S/MIME WG Last Call. The intent is for this document to be published as an Informational RFC. Russ proposed that the S/MIME WG Last Call should close on 10 January 2001. Nobody objected. Russ Housley proposed that the Signature Policies document is ready for S/MIME WG Last Call. The intent is for this document to be published as an Experimental RFC. Russ proposed that the S/MIME WG Last Call will close on 10 January 2001. Nobody objected. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ E-Signature Formats using XML - Denis Pinkas Denis briefed that ETSI is defining new XML types to contain equivalent electronic signatures information to those ASN.1 types defined in the esformats I-D. These new XML types would include additions to the Signature XML element as defined by the W3C/IETF. He pointed out that there is not a one-to-one mapping from ASN.1 to XML because some of the ASN.1 structures (such as the MessageDigest signed attribute) have been incorporated into the XML digital signature core syntax. Denis listed the new XML types defined (his briefing slides provide further details). He stated that new encapsulating XML type(s) need to contain ASN.1-encoded data generated by PKI agents such as time stamp agents that implement ASN.1 protocols. He discussed several proposals for accomplishing this goal. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ S/MIME Freeware Library (SFL) - John Pawling John briefed regarding the SFL which is a freeware implementation of RFCs 2630 and 2634 developed by Getronics Government Solutions. The SFL can be used with the Crypto++ freeware library to implement RFC 2631. The SFL provides functions to support use of RFCs 2632 and 2633. It has been tested on the RedHat Linux, Windows NT/98/00 and Solaris 2.7 operating systems. The SFL maximizes crypto algorithm independence. It has been used with the RSA BSAFE v4.2, Crypto++ v3.2, Fortezza CI and SPYRUS SPEX/ libraries. Getronics has developed the capability for the SFL to use any security library that provides a PKCS #11 interface. Getronics has used the SFL to perform a significant amount of S/MIME v3 interop testing. Getronics tested the majority of features in RFCs 2630, 2631 and 2634 as well as some of the features in RFCs 2632 and 2633. Getronics used the SFL to successfully process and produce the majority of features documented in "Examples of S/MIME Messages". SFL-generated data was included in the Examples-05 I-D such as: signed receipts, countersignatures, security labels, equivalent security labels, mail list information and signing certificate attributes. S/MIME v3 interoperability testing between the SFL and Microsoft successfully tested almost all CMS/ESS features using mandatory, RSA and Fortezza algorithm suites. For example, successful signed receipt interoperability testing was performed between the SFL and Microsoft. Getronics verified that the SFL can produce and process the majority of features documented in Jim Schaad's S/MIME v3 interoperability matrix. Complete test drivers and test data are available with the SFL. Getronics is planning to deliver a new release of the SFL in January 2001 that will include improved PKCS #11 capabilities (tested with GemPlus, DataKey and Litronic PKCS #11 libraries). It will also include AES content encryption (as per aes-alg-00) and key wrap (128, 192, 256 bit keys; based on CMS Triple-DES key wrap algorithm). It will also include an Enhanced SNACC library that increases performance and decreases memory usage. John also provided information regarding the Certificate Management Library (CML) that is a freeware implementation of X.509 version 3 certification path verification as specified in the 1997 X.509 Recommendation (except Delta CRLs are not implemented). The CML: validates X.509 certification paths and CRLs; provides local certificate/CRL storage functions; and provides remote directory retrieval via LDAP. The CML complies with the majority of the RFC 2459 requirements. Getronics is enhancing the CML to support the 2000 X.509 certificate policy processing requirements. John also provided information regarding the Getronics-developed Access Control Library that provides Rule Based Access Control using security labels and authorizations conveyed in either X.509 Attribute or public key certificates. He also discussed the Getronics Enhanced SNACC ASN.1 library that implements the Distinguished Encoding Rules (DER). For all of the Getronics freeware libraries, unencumbered source code is freely available to all from <http://www.GetronicsGov.com/>. Getronics freeware can be used as part of applications without paying any royalties or licensing fees. There is a public license associated with each Getronics freeware library. The Internet Mail Consortium (IMC) has established SFL, CML and Enhanced SNACC mail lists. John pointed out that SFL/CML/Enhanced SNACC messages should be sent to the IMC lists and should not be sent to the IETF mail lists. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wrap Up - Russ Housley Russ asked if there were any other issues to discuss. The meeting attendees were silent. Meeting adjourned. Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id HAA11318 for ietf-smime-bks; Thu, 28 Dec 2000 07:40:38 -0800 (PST) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA11308 for <ietf-smime@imc.org>; Thu, 28 Dec 2000 07:40:36 -0800 (PST) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id <Z2A4PZ00>; Thu, 28 Dec 2000 10:45:43 -0500 Message-ID: <4B0D36365AD3D2118FF40060972A16C0019B1AEA@wfhqex01.wangfed.com> From: "Pawling, John" <John.Pawling@GetronicsGov.com> To: "SMIME WG (E-mail)" <ietf-smime@imc.org> Subject: 13 December 2000 S/MIME WG Minutes Date: Thu, 28 Dec 2000 10:44:04 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This message includes the minutes of the IETF S/MIME Working Group (WG) meeting held on 13 December 2000 in San Diego, California. Briefing slides will be available from <ftp://ftp.ietf.org/ietf/smime/>. These minutes include comments from the briefing presenters. Reported by John Pawling. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Introductions - Russ Housley Russ reviewed the agenda as follows. Nobody commented on the agenda. Introductions Russ Housley Working Group Status Russ Housley Interoperability Matrix Jim Schaad CMS and ESS Examples Paul Hoffman Security Policies and Labels Weston Nicolls Symmetric Key Distribution Sean Turner Domain Security (DOMSEC) Bill Ottaway X.400 and CMS Chris Bonatti Reuse of Content Encryption Keys Steve Farrell Advanced Encryption Standard Jim Schaad RSA-OAEP and RSA-PSS John Linn RSA as a MUST implement Blake Ramsdell E-Signature Formats using CMS John Ross E-Signature Formats using XML Denis Pinkas S/MIME Freeware Library John Pawling Wrap up Russ Housley +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ S/MIME Working Group Status - Russ Housley Russ outlined the strategy for advancing the following RFCs from Internet Proposed Standards to Internet Draft Standards: RFC 2630 Cryptographic Message Syntax (CMS), R. Housley, June 1999 RFC 2631 Diffie-Hellman Key Agreement Method, E. Rescorla, June 1999 RFC 2632 S/MIME Version 3 Certificate Handling, B. Ramsdell, June 1999 RFC 2633 S/MIME Version 3 Message Specification, B. Ramsdell, June 1999 RFC 2634 Enhanced Security Services for S/MIME, P. Hoffman, June 1999 RFC 2785 Methods for Avoiding the "Small-Subgroup" Attacks on the Diffie-Hellman Key Agreement Method for S/MIME, R. Zuccherato, March 2000. [Informational] RFC 2876 Use of the KEA and SKIPJACK Algorithms in CMS, J. Pawling, July 2000. [Informational] RFC 2984 Use of the CAST-128 Encryption Algorithm in CMS, C. Adams, October 2000 The aforementioned documents must meet the following requirements to advance to Draft Standards: 1) Meet requirements documented in RFC 2026 2) Stable, mature, and useful specification 3) At least two independent and interoperable implementations from different code bases 4) Draft Standards cannot reference Proposed Standard RFCs or Experimental RFCs, so the aforementioned RFCs are blocked until the PKIX Certificate and CRL Profile "Son-of-RFC 2459" Internet-Draft (I-D) (draft-ietf-pkix-new-part1-03.txt) progresses to Draft Standard. Russ stated that Jim Schaad has developed an interoperability matrix for RFCs 2630 through 2634. The interoperability matrix is posted at <http://www.imc.org/ietf-smime/interop-matrix.html>. The matrix indicates which features have and have not been successfully tested. So far, Jim Schaad and Getronics Government Solutions have provided input to the interoperability matrix. Jim has provided input regarding the capabilities of the Microsoft S/MIME v3 implementation. Getronics has provided input regarding the capabilities of the S/MIME Freeware Library (SFL) including interoperability testing conducted with Microsoft. Russ noted that Paul Hoffman (IMC) has offered to coordinate interoperability testing and to enhance the "Examples of S/MIME Messages" I-D. He asked that other organizations that have developed S/MIME v3 capabilities should please participate. Russ said he would submit that proposal to the S/MIME WG mail list. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Interoperability Matrix - Jim Schaad Jim discussed the interoperability matrix for RFCs 2630 through 2634. He has documented the successful completion of two-way interoperability testing for the following number of clauses in each RFC. He has not completely updated the results based on all interop testing performed: RFC Clauses Tested ========================= 2630 49 of 96 2631 0 of 13 2632 16 of 21 2633 17 of 61 2634 27 of 81 More details regarding RFC 2630 testing: Signed Data - 24 of 25 Enveloped Data - 11 of 25 Digested Data - 0 of 4 Encrypted Data - 0 of 4 Authenticated Data - 0 of 16 Other MUST Implement Requirements - 15 of 25 TOTAL - 49 of 96 More details regarding RFC 2634 testing: Triple Wrap - 3 of 5 Signed Receipts - 19 of 41 Security Labels - 5 of 11 Equivalent Labels - 0 of 12 Mail List - 0 of 12 TOTAL - 27 of 81 Jim asked for others to submit input to him at jimsch@exmsft.com. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Examples of S/MIME Messages - Paul Hoffman Paul stated that he had distributed a new release of the "Examples of S/MIME Messages" I-D <draft-ietf-smime-examples-05.txt>, November 2000, that includes additional sample data generated by Getronics using the SFL. He stated that the document needs further input and testing. He noted that Jim Schaad is testing all of the samples included in the document. John Pawling recommended that a triple- wrapped sample message should be added to the document. Jim has already generated several triple-wrapped messages and will provide them to Paul for inclusion in the document. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Mapping Company Classification Policy to the S/MIME Security Label - Weston Nicolls Weston stated that he had distributed a new release of the "Implementing Company Classification Policy with the S/MIME Security Label" I-D, <draft-ietf-smime-seclabel-02.txt>, October 2000. He noted that his goal is for the document to become an Informational RFC. It provides examples of how the RFC 2634 ESSSecurityLabel feature can be used to support an organization's security policy. The document includes classification policies and example security labels for the Amoco, Caterpillar and Whirlpool corporations. It includes an example security category syntax and samples. It also includes Clearance attribute examples that include a subject's authorizations. Russ Housley proposed that Last Call for this document should be completed by January 2001. Nobody objected. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Symmetric Key Distribution - Sean Turner Sean stated that he had distributed a new release of the S/MIME Symmetric Key Distribution I-D, <draft-ietf-smime-symkeydist-02.txt>, October 2000. Sean noted that Jim Schaad provided significant comments to the symkeydist-01 I-D that Sean incorporated into the symkeydist-02 I-D. Sean stated that two messages were added: GLProvideCert and GLUpdateCert. The GLDistributionMethod message was removed. The GLInfo, GLOwner, and GLMember syntaxes were modified to include "address" information. There were many changes made to more closely align with RFC 2797 Certificate Management Messages over CMS. He added text to explain how many and when rekey messages are distributed. The rekey defaults were fixed. Sean stated that he still needed to add a conformance clause and an Abstract Syntax Notation One (ASN.1) module. He also needs to verify correctness of RFC 2797 error behavior. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DOMSEC Draft Discussion - Bill Ottaway Bill presented a briefing regarding the "Domain Security Services Using S/MIME" I-D <draft-ietf-smime-domsec-07.txt>, November 2000. He made several minor changes as a result of e-mail exchanges with Jim Schaad on the S/MIME WG mail list. He added a section regarding Mail List Agents (MLA) that addresses the situation in which an MLA will remove the 'domain signature' when the signature encapsulates a mlExpansionHistory attribute and/or a envelopedData type. He briefed the solution to this problem which is documented in domsec-07 in Section 5, "Applying a Domain Signature when Mail List Agents are present". He stated that the he believes that the outstanding issues have been resolved and that the DOMSEC I-D should be submitted for last call. Russ Housley proposed that the DOMSEC document is ready for S/MIME WG Last Call. The intent is for this document to be published as an Experimental RFC. Russ proposed that the S/MIME WG Last Call should close on 10 January 2001. Nobody objected. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ X.400 and CMS - Chris Bonatti Chris presented a briefing regarding the "Transporting S/MIME Objects in X.400" I-D, <draft-ietf-smime-x400transport-01.txt> and "Securing X.400 Content with S/MIME" I-D, <draft-ietf-smime-x400wrap-01.txt> both distributed in November 2000. The x400wrap I-D specifies how to protect X.400 content with CMS objects. It is roughly analogous to RFC 2633 and refers to RFC 2633 when applicable. It minimizes the use of MIME encodings to reduce overhead. He briefed the proposed wrapping strategy. He discussed the object identifiers used, MIME heading parameters and detached signature form. He has already incorporated comments submitted by Bill Ottaway and Graeme Lunt. Chris noted that products generally do not support encapsulating content types other than data (such as signed-data or enveloped-data). Jim Schaad challenged that statement and noted that the Microsoft, SFL and Peter Gutmann's cryptlib S/MIME v3 implementations do support encapsulating content types other than data. The x400transport I-D specifies how to package CMS objects for transport by X.400 Message Transfer Agents (MTA). It discusses the scenario in which the CMS encapsulated content is an RFC 822 MIME message. It states that the outer MIME wrapper is not generally necessary in X.400. It also states that circumstances may exist when the outer MIME wrapper is desirable such as when a gateway into an SMTP transport is part of the architecture. Chris discussed the object identifiers used, packaging the CMS object in the X.400 content and that messages that only contain certificates are not supported. He has incorporated comments submitted by Bill Ottaway. Blake Ramsdell asked about support for messages that only contain certificates. Chris responded that messages that only contain certificates are supported, but they can't be identified as such in the wrapper. Chris recommended that these I-Ds be placed on the standards track and asked for feedback from the WG. Russ Housley and Jeff Schiller agreed with Chris' recommendation. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Reuse of Content Encryption Keys - Steve Farrell Steve presented a briefing regarding the "Reuse of CMS Content Encryption Keys" I-D, <draft-ietf-smime-rcek-00.txt>, September 2000. The rcek I-D specifies how to set up a shared secret key using asymmetric crypto (using EnvelopedData object) and then to re-use the content encryption key (CEK) to derive the Key Encryption Key (KEK) of the next message. It defines attributes for inclusion in EnvelopedData objects that indicates that the CEK is to be re-used and the maximum number of times that it can be re-used. Steve noted that the I-D specifies a key derivation scheme for the re-use of CEKs when the KEK and CEK algorithms must be different. The I-D defines a new attribute for this case. It also documents a new key derivation function with the property that it only requires the use of the CEK encryption algorithm. The function is documented in the rcek I-D, "Using different CEK and KEK algorithms" section. Blake Ramsdell recommended that Steve examine the Public Key Cryptography Standard (PKCS) #5 v2 key derivation function as an alternative to defining a new function. Steve stated that the outstanding issues are how much to specify failure cases and the proposed key derivation scheme. He would like to do one more version and then submit it to WG last call. He recommended that this I-D be placed on the standards track. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Advanced Encryption Standard (AES) in CMS - Jim Schaad Jim presented a briefing regarding the "Use of the Advanced Encryption Algorithm in CMS" I-D, <draft-ietf-smime-aes-alg-00.txt>, November 2000. The aes-alg I-D specifies how to incorporate AES into CMS as an additional algorithm for symmetric encryption. Jim briefed that the proposed AES parameters are as follows: Block Size - Fixed at 16 bytes Key Size - 128, 192 or 256 bits Proposed MUSTs 128 and 256 bits Jim noted that the aes-alg I-D does not include an AES key wrap algorithm. He proposes to include 256-bit key wrap algorithm as the only MUST-implement requirement. Paul Hoffman asked if Jim knew the difference in performance between using 256-bit versus 128-bit keys. Jim responded that the 256-bit key wrap takes a longer amount of time, but he didn't know the exact difference. Regarding key management, the I-D specifies that compliant implementations MUST support key transport using the PKCS #1 v2.0 Optimal Asymmetric Encryption Padding (RSA with OAEP) technique. It also specifies that compliant implementations MAY support key agreement using Ephemeral-Static (E-S) Diffie-Hellman (D-H) with modifications. It also specifies that compliant implementations MAY support symmetric key-encryption key management. Paul Hoffman commented that he believes that if the S/MIME WG specifies the use of both 128- and 256-bit keys, then customers will always demand 256-bit keys to achieve maximum security. He is concerned that the use of 256-bit keys will be a significant performance hit. For example, he believes that using 256-bit keys will drastically impact the performance of secure mail lists. He asked if the WG should consider only specifying the use of 128-bit keys. Jim responded that the certificate processing required to obtain a recipient's valid public key far exceeds the performance difference between using 128- and 256-bit keys. An attendee pointed out that companies couldn't sell 128-bit implementations because they have already been advertising the use of larger key sizes with Triple-DES. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ RSA-OAEP and RSA-PSS - John Linn John presented a briefing regarding the potential use of RSA-based encryption and signature algorithms in conjunction with CMS and S/MIME. He stated that many S/MIME products currently use the PKCS #1 v1.5 (RFC 2313) RSA algorithm that defines encryption and signature algorithms using ad hoc padding. PKCS #1 v1.5 RSA is specified as an optional algorithm in RFC 2630 (CMS). John described the PKCS #1 v1.5 padding formats and usage (his briefing slides provide details). He then described the Bleichenbacher adaptive chosen cipher text attack on PKCS #1 v1.5 encryption padding. The attack requires information from hundreds of thousands of decryptions, indicating whether correct padding resulted. A successful attack yields the result of a specific decryption. It does not yield the originator's private RSA key. Countermeasures include protocol-level means to ensure that information on decryptions is not available to attackers (constraints on returned information; randomize key, continue upon detected pad error) and improved, plaintext-aware padding (OAEP) in the cryptographic layer. More details are available in RSA Laboratories Bulletin #7 in <http://www.rsalabs.com/bulletins>. PKCS #1 v2.0 (RFC 2437) defends against encryption padding attacks using OAEP in conjunction with the RSA algorithm. It can be used with CMS as described in the "Use of the RSAES-OAEP Key Transport Algorithm in CMS" I-D, <draft-ietf-smime-cms-rsaes-oaep-02.txt>. John stated that recent theoretical results on strengths and assumptions of OAEP proofs have been discussed in the cryptographic research community, and have reinforced the conclusion that the OAEP properties remain strong for use with RSA. He pointed out that OAEP offers attractive properties in a random oracle model. It is provably secure and provides a level of security that is directly related to the strength of the RSA function. He also highlighted the fact that OAEP is plaintext-aware. When OAEP is used, it is impossible to generate valid cipher text without knowing the plaintext; thereby, effectively guarding against chosen-cipher text attacks. He briefed the RSAES-OAEP steps (his briefing slides provide further details). PKCS #1 v2.1 (draft, September 1999; 2nd draft in preparation) defends against potential signature attacks using the Probabilistic Signature Scheme (PSS). John noted that like OAEP, PSS offers a provably secure design. He briefed the proposed PSS encoding operation (his briefing slides provides further details). John stated that he does not know of any patents regarding the use of OAEP technique as proposed for S/MIME. The PSS encoding method is patent pending by the University of California (UC). UC agreed to waive licensing on PSS for signatures with message recovery (PSS-R variant) if adopted in an IEEE standard. John briefed that OAEP is stable and is being included in the PKCS #1 v2.0, IEEE P1363 and ANSI X9.44 specifications. He stated that standardization of PSS is being pursued in several forums and will be included in the IEEE P1363a and PKCS #1 v2.1 specifications. He stated that there is intent in ANSI X9F1 to reopen X9.31 to incorporate PSS. There is a revision in progress to include PSS-R in ISO 9796-2. John proposed that for the short term the S/MIME v3 documents should specify PKCS #1 v1.5 as a "MUST implement" requirement and PKCS #1 v2.0 RSA with OAEP as a "SHOULD implement" requirement. He recommended that the WG should specify RSA with OAEP as a "MUST implement" requirement for interactive CMS-based applications. John proposed that PSS signatures should be adopted as a long term solution along with the AES algorithm and new hash functions. An attendee stated that multiple "MUST implement" requirements may be tough to support on constrained platforms such as smart cards or palm devices. Jim Schaad pointed out that the format of the RSA public key is identical for PKCS #1 v1.5 and PKCS #1 v2.0 RSA with OAEP. He asked how an application was supposed to determine, based solely on the recipient's certificate, which algorithm to use as the key transport algorithm when encrypting data. This would be a problem if both algorithms are "MUST implement" requirements. Jim asked if RSA has considered defining a new object identifier to identify public keys for subjects that use PKCS #1 v2.0 RSA. Russ Housley replied that RSA decided to use the same object identifier to support both algorithms. John Pawling pointed out that the SMIMECapabilities attribute could be used to identify an entity's preferred key management algorithm. Jim replied that many products are not capable of processing the SMIMECapabilities attribute. He also stated that an application may support multiple key management algorithms, so there is a question regarding which algorithms will be advertised in the SMIMECapabilities attribute. Russ Housley stated that applications should offer a menu that allows the user to select a combination of algorithms. He suggested that this topic should be discussed further on the S/MIME WG mail list. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ RSA As a Must Implement - Blake Ramsdell Blake proposed that RFC 2630 be changed to specify the PKCS #1 v1.5 RSA public key algorithm as the "MUST implement" key management and signature algorithm since the RSA patent has expired. Blake stated that the majority of the July 2000 S/MIME WG meeting attendees stated their preference that both the PKCS #1 v1.5 RSA and DSA algorithms be the "MUST implement" signature algorithms. He stated that messages sent to the S/MIME WG mail list questioned if vendors would actually implement both algorithms if both were specified as "MUST implement". Others asked if there was a valid set of requirements justifying that both algorithms be specified as "MUST implement". Blake stated that PKCS #1 v1.5 RSA algorithm should be the "MUST implement" signature algorithm and that DSA should be the "MAY implement" signature algorithm. Blake said that PKCS #1 v2.0 RSA with OAEP should be discussed. Paul Hoffman raised the issue of the definition of "MUST implement" requirements. He described three definitions that various folks support: 1) describe current usage; 2) force a specific future solution; and 3) provide optimal security solution. He recommended that those that are interested in this issue should conduct a sidebar meeting to write a position paper that would then be sent to the S/MIME WG mail list. Russ Housley stated that the three definitions described by Paul point to different algorithm sets. He stated that he would talk to the security area director about this issue. He was surprised by the characterization of the arguments. Russ stated that if PKCS #1 v1.5 RSA is approved as the "MUST implement" requirement, then the S/MIME WG must document the safeguards that should be taken. Russ conducted a straw poll of the meeting attendees to obtain their opinion regarding the following options for the "MUST implement" signature algorithm: 1) PKCS#1 v1.5 RSA 2) DSA 3) Both The meeting attendees were evenly divided between options 1 and 3. Only one attendee voted for the "DSA" option. Russ conducted a straw poll of the meeting attendees to obtain their opinion regarding the following options for the "MUST implement" key management algorithm: 1) PKCS#1 v1.5 RSA 2) PKCS#1 v2.0 RSA with OAEP 3) E-S D-H The meeting attendees were evenly divided between options 1 and 2. Only one attendee voted for the "E-S D-H" option. Russ conducted a straw poll of the meeting attendees to obtain their opinion regarding the definition of the "MUST implement" requirement: 1) force a specific future solution 2) describe current usage 3) provide optimal security solution. Not many attendees voted in this straw poll. Two attendees voted for option 1, four voted for option 2 and one voted for option 3. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Electronic Signature Formats - John Ross John briefed regarding the "Electronic Signature Formats for long term electronic signatures" I-D. The esformats I-D is based on the European Telecommunications Standardization Institute (ETSI) Electronic Signature Infrastructure Standardization and defines a process to provide proof of the validity of a signature to be used if repudiation is attempted. The esformats-02.txt was based on ETSI ES 201 733. The new version, esformats-03.txt, is based on ETSI TS 101 733. All of the versions are based on RFC 2630. John stated that the changes in the esformats-03 I-D include extensions to the previous version including: verifier conformance options (Timestamping, Secure records); Signature policy options (Explicit by object identifier, Implied by signed content/ signature environment); and Content encoding indication (Content hints). John proposed that esformats-03 I-D is ready to become an Informational RFC. The planned work is: ETSI Implementation Trials; XML signature formats; and more work on signature policies. John then briefed regarding the "Electronic Signature Policies" I-D, <draft-ietf-smime-espolicies-00.txt> that defines signature policies for electronic signatures. He proposed that the espolicies-00 I-D is ready to become an Experimental RFC. Russ Housley proposed that the Electronic Signature Formats document is ready for S/MIME WG Last Call. The intent is for this document to be published as an Informational RFC. Russ proposed that the S/MIME WG Last Call should close on 10 January 2001. Nobody objected. Russ Housley proposed that the Signature Policies document is ready for S/MIME WG Last Call. The intent is for this document to be published as an Experimental RFC. Russ proposed that the S/MIME WG Last Call will close on 10 January 2001. Nobody objected. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ E-Signature Formats using XML - Denis Pinkas Denis briefed that ETSI is defining new XML types to contain equivalent electronic signatures information to those ASN.1 types defined in the esformats I-D. These new XML types would include additions to the Signature XML element as defined by the W3C/IETF. He pointed out that there is not a one-to-one mapping from ASN.1 to XML because some of the ASN.1 structures (such as the MessageDigest signed attribute) have been incorporated into the XML digital signature core syntax. Denis listed the new XML types defined (his briefing slides provide further details). He stated that new encapsulating XML type(s) need to contain ASN.1-encoded data generated by PKI agents such as time stamp agents that implement ASN.1 protocols. He discussed several proposals for accomplishing this goal. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ S/MIME Freeware Library (SFL) - John Pawling John briefed regarding the SFL which is a freeware implementation of RFCs 2630 and 2634 developed by Getronics Government Solutions. The SFL can be used with the Crypto++ freeware library to implement RFC 2631. The SFL provides functions to support use of RFCs 2632 and 2633. It has been tested on the RedHat Linux, Windows NT/98/00 and Solaris 2.7 operating systems. The SFL maximizes crypto algorithm independence. It has been used with the RSA BSAFE v4.2, Crypto++ v3.2, Fortezza CI and SPYRUS SPEX/ libraries. Getronics has developed the capability for the SFL to use any security library that provides a PKCS #11 interface. Getronics has used the SFL to perform a significant amount of S/MIME v3 interop testing. Getronics tested the majority of features in RFCs 2630, 2631 and 2634 as well as some of the features in RFCs 2632 and 2633. Getronics used the SFL to successfully process and produce the majority of features documented in "Examples of S/MIME Messages". SFL-generated data was included in the Examples-05 I-D such as: signed receipts, countersignatures, security labels, equivalent security labels, mail list information and signing certificate attributes. S/MIME v3 interoperability testing between the SFL and Microsoft successfully tested almost all CMS/ESS features using mandatory, RSA and Fortezza algorithm suites. For example, successful signed receipt interoperability testing was performed between the SFL and Microsoft. Getronics verified that the SFL can produce and process the majority of features documented in Jim Schaad's S/MIME v3 interoperability matrix. Complete test drivers and test data are available with the SFL. Getronics is planning to deliver a new release of the SFL in January 2001 that will include improved PKCS #11 capabilities (tested with GemPlus, DataKey and Litronic PKCS #11 libraries). It will also include AES content encryption (as per aes-alg-00) and key wrap (128, 192, 256 bit keys; based on CMS Triple-DES key wrap algorithm). It will also include an Enhanced SNACC library that increases performance and decreases memory usage. John also provided information regarding the Certificate Management Library (CML) that is a freeware implementation of X.509 version 3 certification path verification as specified in the 1997 X.509 Recommendation (except Delta CRLs are not implemented). The CML: validates X.509 certification paths and CRLs; provides local certificate/CRL storage functions; and provides remote directory retrieval via LDAP. The CML complies with the majority of the RFC 2459 requirements. Getronics is enhancing the CML to support the 2000 X.509 certificate policy processing requirements. John also provided information regarding the Getronics-developed Access Control Library that provides Rule Based Access Control using security labels and authorizations conveyed in either X.509 Attribute or public key certificates. He also discussed the Getronics Enhanced SNACC ASN.1 library that implements the Distinguished Encoding Rules (DER). For all of the Getronics freeware libraries, unencumbered source code is freely available to all from <http://www.GetronicsGov.com/>. Getronics freeware can be used as part of applications without paying any royalties or licensing fees. There is a public license associated with each Getronics freeware library. The Internet Mail Consortium (IMC) has established SFL, CML and Enhanced SNACC mail lists. John pointed out that SFL/CML/Enhanced SNACC messages should be sent to the IMC lists and should not be sent to the IETF mail lists. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wrap Up - Russ Housley Russ asked if there were any other issues to discuss. The meeting attendees were silent. Meeting adjourned. Received: by ns.secondary.com (8.9.3/8.9.3) id IAA03320 for ietf-smime-bks; Fri, 22 Dec 2000 08:30:42 -0800 (PST) Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA03313 for <ietf-smime@imc.org>; Fri, 22 Dec 2000 08:30:40 -0800 (PST) Received: from RHOUSLEY-PC.spyrus.com ([209.172.119.210]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id IAA25594 for <ietf-smime@imc.org>; Fri, 22 Dec 2000 08:33:34 -0800 (PST) Message-Id: <5.0.1.4.2.20001222110956.02c97be8@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Fri, 22 Dec 2000 11:34:43 -0500 To: ietf-smime@imc.org From: Russ Housley <housley@spyrus.com> Subject: Interoperability Testing Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Dear Implementors: Jim Schaad has developed an interoperability matrix for RFCs 2630 through 2634. The interoperability matrix is posted at http://www.imc.org/ietf-smime/interop-matrix.html. The matrix presently includes features which have been successfully tested. So far, Jim Schaad (using the Microsoft implementation) and Getronics Government Solutions (using the S/MIME Freeware Library) have provided input to the interoperability matrix. I solicit input from other implementors. Please provide the information to Jim (jimsch@nwlink.com) Paul Hoffman has offered to coordinate interoperability testing. Paul hopes that such testing will yield additional messages to be included in the "Examples of S/MIME Messages" I-D. Please contact Paul (phoffman@imc.org) if you are an implementor and you are interested in participating in interoperability testing or you are interested in providing messages for the I-D. Russ Received: by ns.secondary.com (8.9.3/8.9.3) id HAA00659 for ietf-smime-bks; Fri, 22 Dec 2000 07:59:51 -0800 (PST) Received: from pigeon.verisign.com (pigeon.verisign.com [208.206.241.106]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA00655 for <ietf-smime@imc.org>; Fri, 22 Dec 2000 07:59:50 -0800 (PST) Received: from postal-gw1.verisign.com (verisign.com [63.104.27.101]) by pigeon.verisign.com (8.9.3/BCH1.7.1) with ESMTP id HAA02015; Fri, 22 Dec 2000 07:58:42 -0800 (PST) Received: by postal-gw.verisign.com with Internet Mail Service (5.5.2650.21) id <ZG65C048>; Fri, 22 Dec 2000 08:03:01 -0800 Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40154C755@vhqpostal.verisign.com> From: Philip Hallam-Baker <pbaker@verisign.com> To: "'Ozan Gonenc'" <ogonenc@adga.ca>, Hung.Hin.Lik@linux.org.hk, sywai@mimos.my Cc: ietf-smime@imc.org Subject: RE: Does Hotmail support S/MIME? Date: Fri, 22 Dec 2000 08:02:52 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> > I believe this is a valid question for this mailing group. > It would be nice > to know where web mail fits into the S/MIME picture (if not, will it > ever?...) and if there will be any future use of encryption > services for > this type of internet messaging. At least I myself am interested. S/MIME is not incompatible with Web mail. It is purely an implementation issue for the Web mail providers. It is not a topic for this group unless Web mail providers discover some specific feature that is essential or highly desirable for Web mail support and want to raise it. Phill Received: by ns.secondary.com (8.9.3/8.9.3) id GAA22270 for ietf-smime-bks; Fri, 22 Dec 2000 06:13:55 -0800 (PST) Received: from luc.ab.org (mail.ab.org [209.112.11.37]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA22266 for <ietf-smime@imc.org>; Fri, 22 Dec 2000 06:13:53 -0800 (PST) Received: from D00425 ([206.222.76.33]) by luc.ab.org (Netscape Messaging Server 3.6) with SMTP id AAAFA105; Fri, 22 Dec 2000 09:23:38 -0500 From: "Ozan Gonenc" <ogonenc@adga.ca> To: <Hung.Hin.Lik@linux.org.hk>, <sywai@mimos.my> Cc: <ietf-smime@imc.org> Subject: RE: Does Hotmail support S/MIME? Date: Fri, 22 Dec 2000 09:15:13 -0500 Message-ID: <NEBBIPKCMLPPHFIFODPBCECDDHAA.ogonenc@adga.ca> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <200012220434.MAA19358@linux.org.hk> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> I believe this is a valid question for this mailing group. It would be nice to know where web mail fits into the S/MIME picture (if not, will it ever?...) and if there will be any future use of encryption services for this type of internet messaging. At least I myself am interested. ______________________________ Ozan Gonenc IT Security Consultant AEPOS Technologies Corporation Tel: (613) 237-3022 Fax: (613) 237- 3024 www.aepos.com > -----Original Message----- > From: owner-ietf-smime@mail.imc.org > [mailto:owner-ietf-smime@mail.imc.org]On Behalf Of > Hung.Hin.Lik@linux.org.hk > Sent: December 21, 2000 23:35 > To: sywai@mimos.my > Cc: ietf-smime@imc.org > Subject: Re: Does Hotmail support S/MIME? > > > Hi, > > I think you should post this email to Hotmail support, > this mailing list are use for discuss technical questions about > S/MIME... :-) > > > > > From: "Wai Shang Ye" <sywai@mimos.my> > > Date: Fri, 22 Dec 2000 10:50:00 +0800 > > Content-Type: text/plain; > > charset="iso-8859-1" > > X-Priority: 3 > > X-MSMail-Priority: Normal > > X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 > > Sender: owner-ietf-smime@mail.imc.org > > Precedence: bulk > > List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> > > List-ID: <ietf-smime.imc.org> > > List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> > > X-Status: > > X-Keywords: > > X-UID: 4 > > > > Newbie here. Does Hotmail support S/MIME? Thx in advance. > > > > -- > Best Regards, > Shell Hung > > emacs is the best ! > Received: by ns.secondary.com (8.9.3/8.9.3) id UAA05057 for ietf-smime-bks; Thu, 21 Dec 2000 20:26:41 -0800 (PST) Received: from linux.org.hk ([202.181.234.40]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id UAA05052 for <ietf-smime@imc.org>; Thu, 21 Dec 2000 20:26:29 -0800 (PST) Received: (from shellhung@localhost) by linux.org.hk (8.9.3/8.9.3) id MAA19358; Fri, 22 Dec 2000 12:34:37 +0800 Date: Fri, 22 Dec 2000 12:34:37 +0800 Message-Id: <200012220434.MAA19358@linux.org.hk> X-Authentication-Warning: www.linux.org.hk: shellhung set sender to shellhung@www.linux.org.hk using -f From: Hung.Hin.Lik@linux.org.hk, Shell <shellhung@linux.org.hk> To: sywai@mimos.my CC: ietf-smime@imc.org In-reply-to: <039701c06bc1$e0e50720$2285e4c0@mimos.my> (sywai@mimos.my) Subject: Re: Does Hotmail support S/MIME? References: <039701c06bc1$e0e50720$2285e4c0@mimos.my> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Hi, I think you should post this email to Hotmail support, this mailing list are use for discuss technical questions about S/MIME... :-) > From: "Wai Shang Ye" <sywai@mimos.my> > Date: Fri, 22 Dec 2000 10:50:00 +0800 > Content-Type: text/plain; > charset="iso-8859-1" > X-Priority: 3 > X-MSMail-Priority: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 > Sender: owner-ietf-smime@mail.imc.org > Precedence: bulk > List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> > List-ID: <ietf-smime.imc.org> > List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> > X-Status: > X-Keywords: > X-UID: 4 > > Newbie here. Does Hotmail support S/MIME? Thx in advance. > -- Best Regards, Shell Hung emacs is the best ! Received: by ns.secondary.com (8.9.3/8.9.3) id SAA03646 for ietf-smime-bks; Thu, 21 Dec 2000 18:58:08 -0800 (PST) Received: from ew.mimos.my (ew.mimos.my [192.228.129.34]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA03641 for <ietf-smime@imc.org>; Thu, 21 Dec 2000 18:58:06 -0800 (PST) From: szwai@pd.jaring.my Received: from SYWAI (ivylps.mimos.my [192.228.133.34]) by ew.mimos.my (8.9.3/8.9.3) with SMTP id LAA00221 for <ietf-smime@imc.org>; Fri, 22 Dec 2000 11:00:59 +0800 (MYT) Message-ID: <03bb01c06bc4$48b72ca0$2285e4c0@mimos.my> To: "SMIME - IETF" <ietf-smime@imc.org> Subject: Can't read mail Date: Fri, 22 Dec 2000 11:07:14 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> I forwarded the mail inside my Hotmail inbox to my another office account. I got this msg: This is a multipart MIME msg ..... I got to read nothing. Actually what does it mean? What should I do to read that mail? Something to do with S/MIIME? Kindly help, thx Received: by ns.secondary.com (8.9.3/8.9.3) id SAA03371 for ietf-smime-bks; Thu, 21 Dec 2000 18:40:53 -0800 (PST) Received: from ew.mimos.my (ew.mimos.my [192.228.129.34]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA03367 for <ietf-smime@imc.org>; Thu, 21 Dec 2000 18:40:51 -0800 (PST) Received: from SYWAI (ivylps.mimos.my [192.228.133.34]) by ew.mimos.my (8.9.3/8.9.3) with SMTP id KAA21848 for <ietf-smime@imc.org>; Fri, 22 Dec 2000 10:43:43 +0800 (MYT) Message-ID: <039701c06bc1$e0e50720$2285e4c0@mimos.my> From: "Wai Shang Ye" <sywai@mimos.my> To: <ietf-smime@imc.org> Subject: Does Hotmail support S/MIME? Date: Fri, 22 Dec 2000 10:50:00 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Newbie here. Does Hotmail support S/MIME? Thx in advance. Received: by ns.secondary.com (8.9.3/8.9.3) id NAA25016 for ietf-smime-bks; Thu, 21 Dec 2000 13:31:26 -0800 (PST) Received: from mp.a-phys.eng.osaka-cu.ac.jp ([160.193.160.180]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id NAA24986; Thu, 21 Dec 2000 13:31:11 -0800 (PST) From: hj4hj6@yahoo.com Received: by mp.a-phys.eng.osaka-cu.ac.jp id AA31402; Fri, 22 Dec 2000 06:24:25 +0900 Date: 21 Dec 00 1:39:28 PM Message-Id: <7T79fg019847isE1p0> Subject: Improve your stepfamily life Apparently-To: <ight@indiana.edu> Apparently-To: <iger@sunburn.liunet.edu> Apparently-To: <igaray@calstatela.edu> Apparently-To: <ifax-talk@ohnolab.org> Apparently-To: <ieure@debian.org> Apparently-To: <ietf-wnils@ucdavis.edu> Apparently-To: <ietf-smime@imc.org> Apparently-To: <ietf-pgp-mime@imc.org> Apparently-To: <ietf-ipsra@vpnc.org> Apparently-To: <ietf-fyiup@imc.org> Apparently-To: <ietf-cat-wg-request@lists.stanford.edu> Apparently-To: <iesn@iupui.edu> Apparently-To: <ies@muskrats.provisow.org> Apparently-To: <iert@geneseo.edu> Apparently-To: <ier@ksu.edu> Apparently-To: <iep.paris@attac.org> Apparently-To: <iem@scout-po.biz.uiowa.edu> Apparently-To: <ield@vandyke.org> Apparently-To: <iel@nwu.edu> Apparently-To: <iegnw@mainex1.asu.edu> Apparently-To: <ieee-isto@ieee.org> Apparently-To: <ied@slonet.org> Apparently-To: <iec@energy.iastate.edu> Apparently-To: <ieac@gwu.edu> Apparently-To: <ie@wgbh.org> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Does your stepfamily life resemble a soap opera more than it does the Brady Bunch? The Stepfamily Association of America invites you to participate in THE NATIONAL CONFERENCE FOR STEPFAMILIES, Feb. 23-24, 2001, at the New Orleans Marriott Hotel. This is an opportunity, designed by knowledgeable professionals, in stepfamilies themselves, to help you: * Make your remarriage a success * Create bonds with your stepchildren * Help your children adjust emotionally * Manage money matters unique to your family * Get more help from legal, financial, psychological advisors * Overcome stepfather and stepmother stereotypes * Elicit cooperation from your children's schools * Bring more harmony into family life Complete conference details at http://www.edupr.com REGISTER ONLINE! Attend, and also enjoy Mardi Gras week in New Orleans! Special discounts for couples, students, groups. HOTEL IS BOOKING UP FAST. ACT NOW BEFORE ROOM BLOCK AND AIRLINE SEATS FILL Special rates for conference attendees. Visit http://www.edupr.com for discounts. Childcare available through a bonded local service. Up to 17 professional development credits available if you are an educator, clinician, financial planner, social worker. Questions? Email stepfamilyconf@mail.com If you would like to be removed, please email us back with the word "Remove" in the subject line. We apologize for any inconvenience. Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id LAA23457 for ietf-smime-bks; Wed, 20 Dec 2000 11:48:37 -0800 (PST) Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA23452 for <ietf-smime@imc.org>; Wed, 20 Dec 2000 11:48:36 -0800 (PST) Received: from ieca.com (mva-aa-112.capu.net [207.226.159.112]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id OAA17953; Wed, 20 Dec 2000 14:51:44 -0500 Message-ID: <3A410DCB.1F5BD44@ieca.com> Date: Wed, 20 Dec 2000 14:51:39 -0500 From: "Bonatti, Chris" <BonattiC@ieca.com> Organization: IECA, Inc. X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: pgut001@cs.aucKland.ac.nz CC: ietf-smime@imc.org Subject: Re: Proposed amendment to the Compressed data Content type for S/MIME References: <97718173809795@kahu.cs.auckland.ac.nz> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Peter Gutmann wrote: > A number of users of my code are doing streaming S/MIME (email gateways and the > like) where they really have no idea how large a message is, and where they > can't afford to buffer more than a few hundred kB (I'm not trying to say here > that everyone should do X just because I see a need for it, just pointing out > that there is real use of streaming going on out there, in fact I've made > several changes to my code in the last year or so specifically to handle one- > pass streaming operations). Perhaps the dominant scenario for end-user-based > S/MIME is all-at-once send/receive, but for things like S/MIME gateways I'd say > there's a fair amount of streaming with one-pass processing constraints because > the average gateway can't handle the 1000 20MB Powerpoint files the salesdroids > just sent out in main memory. > Peter, I take all this at face value. I like the term "salesdroids". > > Having said that I don't want to discount the option, but it'd need some > thought as to how you're going to manage interoperability - the receiver would > need to publish some sort of S/MIME capability info to say "I need to be sent > uncompressed size info". > The way I imagined this, it would not necessarily be an "I need", but an "I can use". The receiving agent can always reconstruct this information. It just takes time. Bertrand, Can you elaborate the scenario for how this would be used? Is this something that your receiving agent would NEED, or just an advisory field? Have you done any implementation or testing with this field? > > >The real problem with this is the timing. I thought this completed WG Last > >Call back in November. Can we still influence this? > > Not at the current state AFAIK and it doesn't seem like a terribly critical > change, however it shouldn't be too hard to do a short RFC which defines an > additional OID for foo-with-size-info if there's a real demand for it and if > the potential interop issues can be resolved (note that the current draft is > just a framework for doing compression with one standardised algorithm defined > to provide interoperability, there's nothing to stop anyone else from defining > their own algorithms and dropping those in alongside the existing one just like > you can do for the other content types). > This seems like an awful lot of bother for a piece of advisory information to me. However, this is an interesting thought. If I understand you correctly, this means packing the uncompressed size value into the 'eContent' field after the compression. It strikes me that you could also pack such data into the algorithm ID parameters. Either way, I think these complicate interoperability. Instead of an option field that can be easily ignored by receiving implementations that don't choose to support it, identifying these mechanisms through the algorithm OID creates a separate algorithm space that has to be supported to achieve the same level of interoperability even if the parameter is ignored. Chris Received: by ns.secondary.com (8.9.3/8.9.3) id PAA02519 for ietf-smime-bks; Mon, 18 Dec 2000 15:19:22 -0800 (PST) Received: from mail.ec.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.201]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA02515 for <ietf-smime@imc.org>; Mon, 18 Dec 2000 15:19:19 -0800 (PST) Received: from kahu.cs.auckland.ac.nz (pgut001@kahu.cs.auckland.ac.nz [130.216.36.13]) by mail.ec.auckland.ac.nz (8.9.3/8.8.6/cs-master) with SMTP id MAA10000; Tue, 19 Dec 2000 12:22:18 +1300 (NZDT) (sender pgut001@cs.auckland.ac.nz) Received: by kahu.cs.auckland.ac.nz (relaymail v0.9) id <97718173809795>; Tue, 19 Dec 2000 12:22:18 (NZDT) From: pgut001@cs.aucKland.ac.nz (Peter Gutmann) To: BonattiC@ieca.com Subject: Re: Proposed amendment to the Compressed data Content type for S/MIME Cc: ietf-smime@imc.org Reply-To: pgut001@cs.aucKland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on kahu.cs.auckland.ac.nz Date: Tue, 19 Dec 2000 12:22:18 (NZDT) Message-ID: <97718173809795@kahu.cs.auckland.ac.nz> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> "Bonatti, Chris" <BonattiC@ieca.com> writes: >I have a bit of a soft spot for "useful options". If they aren't implemented, >they'll die on their own. We never innovate if we don't strive, and all that. >A lot of proprietary compression structures DO store this value, so it seems >like there is some weight on the side of it being practical. I don't think >there are actually that many streaming scenarios in S/MIME. The dominant >scenario is still that of e-mail. A number of users of my code are doing streaming S/MIME (email gateways and the like) where they really have no idea how large a message is, and where they can't afford to buffer more than a few hundred kB (I'm not trying to say here that everyone should do X just because I see a need for it, just pointing out that there is real use of streaming going on out there, in fact I've made several changes to my code in the last year or so specifically to handle one- pass streaming operations). Perhaps the dominant scenario for end-user-based S/MIME is all-at-once send/receive, but for things like S/MIME gateways I'd say there's a fair amount of streaming with one-pass processing constraints because the average gateway can't handle the 1000 20MB Powerpoint files the salesdroids just sent out in main memory. Having said that I don't want to discount the option, but it'd need some thought as to how you're going to manage interoperability - the receiver would need to publish some sort of S/MIME capability info to say "I need to be sent uncompressed size info". >The real problem with this is the timing. I thought this completed WG Last >Call back in November. Can we still influence this? Not at the current state AFAIK and it doesn't seem like a terribly critical change, however it shouldn't be too hard to do a short RFC which defines an additional OID for foo-with-size-info if there's a real demand for it and if the potential interop issues can be resolved (note that the current draft is just a framework for doing compression with one standardised algorithm defined to provide interoperability, there's nothing to stop anyone else from defining their own algorithms and dropping those in alongside the existing one just like you can do for the other content types). Peter. Received: by ns.secondary.com (8.9.3/8.9.3) id MAA25577 for ietf-smime-bks; Mon, 18 Dec 2000 12:21:02 -0800 (PST) Received: from smtp-a.capu.net (IDENT:0@smtp-a.capu.net [205.177.76.122]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA25573 for <ietf-smime@imc.org>; Mon, 18 Dec 2000 12:21:00 -0800 (PST) Received: from ieca.com (mva-aa-108.capu.net [207.226.159.108]) by smtp-a.capu.net (8.9.3/8.9.3) with ESMTP id PAA04559; Mon, 18 Dec 2000 15:23:55 -0500 Message-ID: <3A3E7257.FB4F3F7D@ieca.com> Date: Mon, 18 Dec 2000 15:23:51 -0500 From: "Bonatti, Chris" <BonattiC@ieca.com> Organization: IECA, Inc. X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: pgut001@cs.aucKland.ac.nz CC: bboutelo@capgemini.fr, ietf-smime@imc.org Subject: Re: Proposed amendment to the Compressed data Content type for S/MIME References: <97715614105328@kahu.cs.auckland.ac.nz> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Peter Gutmann wrote: > The problem which arises in conjunction with that is that if you can't > guarantee there'll be an uncompressed size indicator present, you can't build > an application which requires it because it's then guaranteed to break if it > isn't there. A corollary to that is that your application must be able to > function without the uncompressed-size-indicator, in which case its presence > becomes unnecessary. > Peter, Of course, since the 'CompressedData' wrapper itself is an option I guess we needn't bother with the whole draft. ;-) Sorry, I couldn't resist. I have a bit of a soft spot for "useful options". If they aren't implemented, they'll die on their own. We never innovate if we don't strive, and all that. A lot of proprietary compression structures DO store this value, so it seems like there is some weight on the side of it being practical. I don't think there are actually that many streaming scenarios in S/MIME. The dominant scenario is still that of e-mail. The real problem with this is the timing. I thought this completed WG Last Call back in November. Can we still influence this? Chris B. Received: by ns.secondary.com (8.9.3/8.9.3) id IAA10530 for ietf-smime-bks; Mon, 18 Dec 2000 08:13:08 -0800 (PST) Received: from mail.ec.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.201]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA10524 for <ietf-smime@imc.org>; Mon, 18 Dec 2000 08:13:06 -0800 (PST) Received: from kahu.cs.auckland.ac.nz (pgut001@kahu.cs.auckland.ac.nz [130.216.36.13]) by mail.ec.auckland.ac.nz (8.9.3/8.8.6/cs-master) with SMTP id FAA32612; Tue, 19 Dec 2000 05:15:41 +1300 (NZDT) (sender pgut001@cs.auckland.ac.nz) Received: by kahu.cs.auckland.ac.nz (relaymail v0.9) id <97715614105328>; Tue, 19 Dec 2000 05:15:41 (NZDT) From: pgut001@cs.aucKland.ac.nz (Peter Gutmann) To: bboutelo@capgemini.fr Subject: Re: Proposed amendment to the Compressed data Content type for S/MIME Cc: ietf-smime@imc.org Reply-To: pgut001@cs.aucKland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on kahu.cs.auckland.ac.nz Date: Tue, 19 Dec 2000 05:15:41 (NZDT) Message-ID: <97715614105328@kahu.cs.auckland.ac.nz> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> "Bertrand BOUTELOUP" <bboutelo@capgemini.fr> writes: >Can we add as an optional field the "SizeUncomp" field in the The compressed- >data type. SizeUncomp will be the size of non compressed data. I can see some problems with this, it assumes you know in advance how long the data stream will be which isn't always the case. Adding an INTEGER OPTIONAL somewhere is feasible, but you can't mandate its use because it'll cause problems for any streaming implementations (for example one of the uses I mentioned ages ago was for securing EDI messages which can be ~100MB long, there's no way to tell in advance just how long they'll be because the systems processing the data can't afford to spool 100MB of data to disk while they wait for the end to appear). The problem which arises in conjunction with that is that if you can't guarantee there'll be an uncompressed size indicator present, you can't build an application which requires it because it's then guaranteed to break if it isn't there. A corollary to that is that your application must be able to function without the uncompressed-size-indicator, in which case its presence becomes unnecessary. Peter. Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id WAA28303 for ietf-smime-bks; Thu, 14 Dec 2000 22:08:24 -0800 (PST) Received: from dns.miharujoho.co.jp ([210.163.92.146]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id WAA28296 for <ietf-smime@mail.proper.com>; Thu, 14 Dec 2000 22:08:12 -0800 (PST) Received: from host (unverified [216.214.173.192]) by dns.miharujoho.co.jp (EMWAC SMTPRS 0.83) with SMTP id <B0000105446@dns.miharujoho.co.jp>; Fri, 15 Dec 2000 15:01:43 +0900 Message-ID: <B0000105446@dns.miharujoho.co.jp> From: "Darren Hill" <gmmq@charmedmail.com> Subject: Your Listing #3FB9 To: open39d X-Mailer: Microsoft Outlook Express 4.72.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE VÐßD.1712.3 Mime-Version: 1.0 Date: Thu, 14 Dec 2000 23:38:42 -0500 Content-Type: multipart/mixed; boundary="----=_NextPart_000_007F_01BDF6C7.FABAC1B0" Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This is a MIME Message ------=_NextPart_000_007F_01BDF6C7.FABAC1B0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0080_01BDF6C7.FABAC1B0" ------=_NextPart_001_0080_01BDF6C7.FABAC1B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ***** This is an HTML Message ! ***** ------=_NextPart_001_0080_01BDF6C7.FABAC1B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!doctype html public "-//w3c//dtd html 4=2E0 transitional//en"> <html> <head> <title>Executive Guild Membership ApplicationResponse-O-Matic Form</title> </head> <body text=3D"#808080" bgcolor=3D"#F6F6CC" link=3D"#800040" vlink=3D"#FF0000" alink=3D"#8080C0"> <p><font color=3D"#000000">Dear Professional,<br> <br> You have been selected as a potential candidate for biographical<br> inclusion in the 2000 - 2001 Edition of the International Executive<br> Guild Registry=2E<br> <br> Please accept our congratulations for this coveted honor=2E<br> <br> As this edition is so important in view of the new millennium, the<br> International Executive Guild Registry will be published in two<br> different formats; the searchable CD-ROM and the Online Registry=2E<br> <br> Since inclusion can be considered recognition of your career position<br>= and professionalism, each candidate is evaluated in keeping with high<br>= standards of individual achievement=2E In light of this, the Internationa= l<br> Executive Guild thinks that you may make an interesting biographical<br> subject=2E<br> <br> We look forward to your inclusion and appearance in the International<br>= Executive Guild's Registry=2E Best wishes for your continued success=2E<b= r> <br> International Executive Guild<br> Listing Dept=2E<br> <br> P=2ES=2E There is no cost or obligation to be included in the Internation= al<br> Executive Guild Registry=2E For accuracy and publication purposes, we ask= <br> you to fill in the brief bit of information in the registration form<br> below=2E</font></p> <p> <hr WIDTH=3D"100%"> <p align=3D"center"><b><i><font color=3D"#000000">If you wish to be removed from our list, please submit your request</font></i></b> <br><b><i><font face=3D"Times New Roman,Times"><font color=3D"#000000">at the bottom of this email=2E</font></font></i></b> </p> <hr WIDTH=3D"100%"> <table WIDTH=3D"695" > <caption><script language=3D"JavaScript"> <!-- function validate_form() { validity =3D true; // assume valid if (!check_empty(document=2Eform=2Ebusphone=2Evalue)) { validity =3D false; alert('Day Time Phone field is empty!'); } if (validity) alert ("Thank you for your registration! " + "Your form is now being passed to your browser's " + "Mail Delivery Sub-System for NORMAL" + " NON-ENCRYPTED email delivery=2E" + " All email addresses are removed from our system" + " upon registration=2E Please click OK to proceed"); return validity; } function check_empty(text) { return (text=2Elength > 0); // returns false if empty } // --> </script> <!-- CHANGE EMAIL ADDRESS IN ACTION OF FORM --> <form name=3D"form" method=3D"post" action=3D"mailto:rkt52@verizonmail=2Ecom?SUBJECT=3DInternet Lead" enctype=3D"text/plain" <tr> <td></td> </tr> <tr> <td VALIGN=3DTOP COLSPAN=3D"2"> <center><b><i><font color=3D"#000000"><font size=3D+3>International Executive Guild</font></font></i></b> <br><b><font color=3D"#000000"><font size=3D+2>Registration Form</font></font></b> <br><b><font color=3D"#000000">(US and Canada Only)</font></b> <br> <hr WIDTH=3D"100%"></center> </td> </tr> <tr> <td VALIGN=3DTOP COLSPAN=3D"2"><i><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D+0>Please fill out this form if you would like to be included on The International Executive Guild, For accuracy and publication purposes, please complete and send this form at the earliest opportunity=2E There is </font>no charge or obligation<font size=3D+0> to be listed on The International Executive Guild=2E</font></font></font></i> <br> <hr WIDTH=3D"100%"></td> </tr> <tr> <td VALIGN=3DTOP></td> </tr> <tr> <td ALIGN=3DRIGHT WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>Your Name</font></font></font></b></td> <td ALIGN=3DLEFT WIDTH=3D"300"><input type=3D"text" value size=3D"50" maxlength=3D"250" name=3D"Name"></td> </tr> <tr> <td ALIGN=3DRIGHT WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>Your Company</font></font></font></b></td> <td ALIGN=3DLEFT WIDTH=3D"300"><input type=3D"text" value size=3D"50" maxlength=3D"250" name=3D"Company"></td> </tr> <tr> <td ALIGN=3DRIGHT WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D- 1>Title</font></font></font></b></td> <td ALIGN=3DLEFT WIDTH=3D"300"><input type=3D"text" value size=3D"50" maxlength=3D"250" name=3D"Title"></td> </tr> <tr> <td ALIGN=3DRIGHT WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D- 1>Address</font></font></font></b></td> <td ALIGN=3DLEFT WIDTH=3D"300"><input type=3D"text" value size=3D"50" maxlength=3D"250" name=3D"Address"></td> </tr> <tr> <td ALIGN=3DRIGHT WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D- 1>City</font></font></font></b></td> <td ALIGN=3DLEFT WIDTH=3D"300"><input type=3D"text" value size=3D"50" maxlength=3D"250" name=3D"City"></td> </tr> <tr> <td ALIGN=3DRIGHT WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>State or Province</font></font></font></b></td> <td ALIGN=3DLEFT WIDTH=3D"300"><input type=3D"text" value size=3D"12" maxlength=3D"50" name=3D"State"></td> </tr> <tr> <td ALIGN=3DRIGHT WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D- 1>Country</font></font></font></b></td> <td ALIGN=3DLEFT WIDTH=3D"300"><select NAME=3D"Country" Size=3D"1"><option SELECTED><font color=3D"#000000">USA<option SELECTED>Canada</font></select></td> </tr> <tr> <td ALIGN=3DRIGHT WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>ZIP/Postal Code</font></font></font></b></td> <td ALIGN=3DLEFT VALIGN=3DCENTER WIDTH=3D"300"><input type=3D"text" value size=3D"12" maxlength=3D"50" name=3D"Zip"></td> </tr> <tr> <td ALIGN=3DRIGHT WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>Day Time Telephone</font></font></font></b></td> <td ALIGN=3DLEFT WIDTH=3D"300"><input type=3D"text" value size=3D"22" maxlength=3D"50" name=3D"busphone"></td> </tr> <tr> <td> <div align=3Dright><b><font face=3D"Arial,Helvetica"><font color=3D"#000000"><font size=3D-1>Home Phone</font></font></font></b></div> </td> <td><input type=3D"text" value size=3D"22" maxlength=3D"50" name=3D"homephone"><b><font color=3D"#000000"><font size=3D-2>(Not To Be Published)</font></font></b></td> </tr> <tr> <td> <div align=3Dright><b><font face=3D"Arial,Helvetica"><font color=3D"#000000"><font size=3D- 1>Email</font></font></font></b></div> </td> <td><input type=3D"text" value size=3D"50" maxlength=3D"100" name=3D"Email"></td> </tr> <tr> <td></td> <td></td> </tr> </table> <center> <p> <hr WIDTH=3D"100%"><b><font face=3D"ARIAL,HELVETICA"><font color=3D"#000000"><font size=3D-1>TO HELP US IN CONSIDERING YOUR APPLICATION, PLEASE TELL US A LITTLE ABOUT YOURSELF=2E=2E=2E</font></font></font></b> <br> <hr WIDTH=3D"100%"></center> <center><table WIDTH=3D"81%" > <tr> <td ALIGN=3DRIGHT VALIGN=3DTOP WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>Your Business</font></font></font></b></td> <td> <div align=3Dright><input type=3D"text" value size=3D"50" maxlength=3D"200" name=3D"business"></div> <font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>(Financial Svcs, Banking, Computer Hardware, Software, Professional Svcs, Chemicals, Apparel, Aerospace, Food, Government, Utility, etc=2E)</font></font></font></td> </tr> <tr> <td ALIGN=3DRIGHT VALIGN=3DTOP WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>Type of Organization</font></font></font></b></td> <td> <div align=3Dright><input type=3D"text" value size=3D"50" maxlength=3D"25= 0" name=3D"Orgtype"></div> <font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>(M= fg, Dist/Wholesaler, Retailer, Law Firm,</font></font></font> <br><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>Investment Bank, Commercial Bank, University,</font></font></font> <br><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>Financial Consultants, Ad Agency, Contractor, Broker, etc=2E)</font></font></font></td> </tr> <tr> <td VALIGN=3DTOP WIDTH=3D"300"> <div align=3Dright><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>Your Business Expertise</font></font></font></b></div> </td> <td> <div align=3Dright><input type=3D"text" value size=3D"50" maxlength=3D"25= 0" name=3D"expertise"></div> <font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>(Corp=2EMgmt, Marketing, Civil Engineering,</font></font></font> <br><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-= 1>Tax Law, Nuclear Physics, Database Development, Operations, Pathologist, Mortgage Banking, etc=2E)</font></font></font></td> </tr> <tr> <td ALIGN=3DRIGHT VALIGN=3DTOP WIDTH=3D"300"><b><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>Major Product Line</font></font></font></b></td> <td> <div align=3Dright><input type=3D"text" value size=3D"50" maxlength=3D"25= 0" name=3D"product"></div> <font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>(Integrated Circuits, Commercial Aircraft, Adhesives, Cosmetics, Plastic Components, Snack Foods, etc=2E)</font></font></font></td> </tr> </table></center> <center> <p><input NAME=3D"submit" TYPE=3D"submit" VALUE=3D" Submit By E-Mail "><i= nput NAME=3D"reset" TYPE=3D"reset" VALUE=3D" Clear Form "></form> <br><b><font color=3D"#000000"><font size=3D-1>Note: Submitting this form= will be made by email, not by use of www=2E Confirmation of its de= livery is made by browsing your outgoing mail=2E</font></font></b> <br> <hr WIDTH=3D"100%"><b><i><font face=3D"arial,helvetica"><font color=3D"#000000"><font size=3D-1>Thank you for filling in this form, we will contact you with more information=2E</font></font></font></i></b> <br> <hr WIDTH=3D"100%"> <br><b><font size=3D+1>List Removal</font></b> <br><b><font color=3D"#000000"><font size=3D-1><a href=3D"mailto:gmmq@charmedmail=2Ecom?subject=3Dremove">Click Here</a></font></font></b></center> </body> </html> ------=_NextPart_001_0080_01BDF6C7.FABAC1B0-- ------=_NextPart_000_007F_01BDF6C7.FABAC1B0-- Received: by ns.secondary.com (8.9.3/8.9.3) id VAA27120 for ietf-smime-bks; Thu, 14 Dec 2000 21:13:16 -0800 (PST) Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id VAA27107 for <ietf-smime@imc.org>; Thu, 14 Dec 2000 21:13:13 -0800 (PST) Received: from RHOUSLEY-PC.spyrus.com (ietf.207.137.71.200.tx.verio.net [207.137.71.200]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id VAA00650; Thu, 14 Dec 2000 21:15:30 -0800 (PST) Message-Id: <5.0.1.4.2.20001214190938.00a8fca0@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Thu, 14 Dec 2000 19:14:18 -0500 To: ietf-smime@imc.org From: Russ Housley <housley@spyrus.com> Subject: WG Last Call: draft-ietf-smime-espolicies-00.txt Cc: jis@mit.edu, MLeech@nortel.ca Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> S/MIME WG Members: The Signature Policies document is ready for S/MIME WG Last Call. The intent is for this document to be published as an Experimental RFC. S/MIME WG Last Call will close on 10 January 2001. Russ Received: by ns.secondary.com (8.9.3/8.9.3) id VAA27122 for ietf-smime-bks; Thu, 14 Dec 2000 21:13:16 -0800 (PST) Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id VAA27115 for <ietf-smime@imc.org>; Thu, 14 Dec 2000 21:13:15 -0800 (PST) Received: from RHOUSLEY-PC.spyrus.com (ietf.207.137.71.200.tx.verio.net [207.137.71.200]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id VAA00656; Thu, 14 Dec 2000 21:15:31 -0800 (PST) Message-Id: <5.0.1.4.2.20001214191453.0291f030@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Thu, 14 Dec 2000 19:14:59 -0500 To: ietf-smime@imc.org From: Russ Housley <housley@spyrus.com> Subject: WG Last Call: draft-ietf-smime-domsec-07.txt Cc: jis@mit.edu, MLeech@nortel.ca Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> S/MIME WG Members: The DOMSEC document is ready for S/MIME WG Last Call. The intent is for this document to be published as an Experimental RFC. S/MIME WG Last Call will close on 10 January 2001. Russ Received: by ns.secondary.com (8.9.3/8.9.3) id VAA27121 for ietf-smime-bks; Thu, 14 Dec 2000 21:13:16 -0800 (PST) Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id VAA27111 for <ietf-smime@imc.org>; Thu, 14 Dec 2000 21:13:14 -0800 (PST) Received: from RHOUSLEY-PC.spyrus.com (ietf.207.137.71.200.tx.verio.net [207.137.71.200]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id VAA00653; Thu, 14 Dec 2000 21:15:31 -0800 (PST) Message-Id: <5.0.1.4.2.20001214191434.028ccae0@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Thu, 14 Dec 2000 19:17:52 -0500 To: ietf-smime@imc.org From: Russ Housley <housley@spyrus.com> Subject: WG Last Call: draft-ietf-smime-esformats-03.txt Cc: jis@mit.edu, MLeech@nortel.ca Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> S/MIME WG Members: The Electronic Signature Formats document is ready for S/MIME WG Last Call. The intent is for this document to be published as an Informational RFC. S/MIME WG Last Call will close on 10 January 2001. Russ Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id KAA04518 for ietf-smime-bks; Thu, 14 Dec 2000 10:01:19 -0800 (PST) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id JAA02888; Thu, 14 Dec 2000 09:52:24 -0800 (PST) Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Thu, 14 Dec 2000 10:54:38 -0700 Message-Id: <sa38a6ee.052@prv-mail20.provo.novell.com> X-Mailer: Novell GroupWise Internet Agent 5.5.5.1 Date: Thu, 14 Dec 2000 10:54:34 -0700 From: "Bob Jueneman" <bjueneman@novell.com> To: <FRousseau@chrysalis-its.com>, <ietf-smime@imc.org>, <ietf-tls@lists.certicom.com>, <ipsec@lists.tislabs.com> Cc: <ietf-pkix@imc.org> Subject: Re: New Time and Space Based Key Size Equivalents for RSA and Diffie-Hellman Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=_2C77224E.31502339" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=_2C77224E.31502339 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Francois, I haven't followed the latest thinking on breaking algorithms such as RSA, = so I'll take your word for the fact that the Number Field Sieve is = currently the most efficient algorithm. But isn't it at least possible = that there might be other methods that although less efficient than the = NFS on a single machine, might be more well-suited to a distributed = attack? Likewise, would other algorithms be less constrained by a 64-bit = addressing limitation? Interesting point, though, in any case. Regards, Bob Robert R. Jueneman Security Architect Novell, Inc. >>> <FRousseau@chrysalis-its.com> 12/13/00 10:36PM >>> I am sorry for the multiple postings, but I thought this particular = subject, although probably quite controversial, might be of interest to = the many peoples following these mailing lists, especially because of the = upcoming adoption of the AES algorithm by many IETF protocols. As symmetric keys grow, they can be attacked by more processors without a = change in processor technology since the memory requirements for breaking = symmetric keys remain trivial. However, for the Number Field Sieve (NFS) = algorithm, which is currently the most efficient method to break RSA keys, = this is not true. Based on this premise, the "time and space" based RSA = key size equivalents previously published in the RSA Labs Bulletin #13 of = April 2000 by Robert Silverman (http://www.rsalabs.com/bulletins/) have = recently been extended to cover all the AES symmetric key sizes in the = latest draft of ANSI X9.44, which will eventually become the ANSI standard = for RSA key transport: Time and Space=20 Symmetric Equivalent=20 Key Size RSA Key Size=20 (in bits) (in bits)=20 64 450=20 128 1620=20 192 2500=20 256 4200=20 These "time and space" based key sizes equivalents assume that both time = and memory are binding constraints in order to break RSA keys. This same = draft also indicates that beyond RSA key sizes of 768 bits one can no = longer effectively utilize 32-bit processors with the NFS algorithm = because the required memory exceeds what can be addressed in 32 bits; one = is forced to use 64-bit machines. Beyond RSA key sizes of about 2500 = bits, the memory requirements for the NFS algorithm exceed what can be = addressed even on 64 bit machines. For your information, here are also the estimated "time" only based RSA = key size equivalents for solving the NFS problem from the same ANSI draft: Time Only=20 Symmetric Equivalent=20 Key Size RSA Key Size=20 (in bits) (in bits)=20 64 512=20 128 2550=20 192 6700=20 256 13500=20 Note that either of these sets of RSA key size equivalents could be used = with Diffie-Hellman for solving the value of "p" since the NFS algorithm = is also the most efficient method to break Diffie-Hellman algorithm today. = Note also that these time only equivalents numbers are slightly smaller = than those from ANSI X9.42 for Diffie-Hellman (i.e. 2550 vs 3072 for 128 = bits, 6700 vs 7680 for 192 bits and 13500 vs 15360 for 256 bits) and the = numbers in Hilarie Orman's Internet Draft (i.e. draft-orman-public-key-leng= ths-01.txt). Shouldn't IETF standards mention these new "time and space" based key size = equivalents in addition to existing "time" only based key size equivalents,= and possibly even suggest that "time and space" based key size equivalents= be used for RSA and Diffie-Hellman? Why mandate larger equivalent key = sizes when smaller equivalent key sizes can probably suffice? Food for thought!=20 Cheers,=20 Francois=20 ___________________________________=20 Francois Rousseau=20 Director of Standards and Conformance=20 Chrysalis-ITS=20 1688 Woodward Drive=20 Ottawa, Ontario, CANADA, K2C 3R7=20 frousseau@chrysalis-its.com Tel. (613) 723-5076 ext. 419=20 http://www.chrysalis-its.com Fax. (613) 723-5078=20 --=_2C77224E.31502339 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1"= > <META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR></HEAD> <BODY style=3D"MARGIN-TOP: 2px; FONT: 8pt MS Sans Serif; MARGIN-LEFT: = 2px"> <DIV><FONT size=3D2>Francois,</FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2>I haven't followed the latest thinking on breaking = algorithms=20 such as RSA, so I'll take your word for the fact that the Number Field = Sieve is=20 currently the most efficient algorithm. But isn't it at least = possible=20 that there might be other methods that although less efficient than = the=20 NFS on a single machine, might be more well-suited to a distributed=20 attack? Likewise, would other algorithms be less constrained by a = 64-bit=20 addressing limitation?</FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2>Interesting point, though, in any case.</FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2>Regards,</FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2>Bob</FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2>Robert R. Jueneman</FONT></DIV> <DIV><FONT size=3D2>Security Architect</FONT></DIV> <DIV><FONT size=3D2>Novell, Inc.</FONT></DIV> <DIV><BR><BR>>>> <FRousseau@chrysalis-its.com> 12/13/00 = 10:36PM=20 >>><BR></DIV> <P><FONT size=3D2>I am sorry for the multiple postings, but I thought = this=20 particular subject, although probably quite controversial, might be of = interest=20 to the many peoples following these mailing lists, especially because of = the=20 upcoming adoption of the AES algorithm by many IETF protocols.</FONT></P> <P><FONT size=3D2>As symmetric keys grow, they can be attacked by more = processors=20 without a change in processor technology since the memory requirements = for=20 breaking symmetric keys remain trivial. However, for the Number = Field=20 Sieve (NFS) algorithm, which is currently the most efficient method to = break RSA=20 keys, this is not true. Based on this premise, the "time and space" = based=20 RSA key size equivalents previously published in the RSA Labs Bulletin #13 = of=20 April 2000 by Robert Silverman (<A target=3D_blank=20 href=3D"http://www.rsalabs.com/bulletins/">http://www.rsalabs.com/bulletins= /</A>)=20 have recently been extended to cover all the AES symmetric key sizes in = the=20 latest draft of ANSI X9.44, which will eventually become the ANSI standard = for=20 RSA key transport:</FONT></P> <P> =20 =20 <FONT size=3D2>Time and = Space</FONT>=20 <BR><FONT size=3D2>Symmetric =20 Equivalent</FONT> <BR><FONT=20 size=3D2>Key Size =20 RSA Key Size</FONT> <BR><FONT=20= size=3D2>(in bits) =20 (in bits)</FONT> </P> <P><FONT size=3D2>64 =20 =20 450</FONT> <BR><FONT=20 size=3D2>128 &n= bsp;=20 1620</FONT> <BR><FONT=20 size=3D2>192 &n= bsp;=20 2500</FONT> <BR><FONT=20 size=3D2>256 &n= bsp;=20 4200</FONT> </P> <P><FONT size=3D2>These "time and space" based key sizes equivalents = assume that=20 both time and memory are binding constraints in order to break RSA = keys. =20 This same draft also indicates that beyond RSA key sizes of 768 bits one = can no=20 longer effectively utilize 32-bit processors with the NFS algorithm = because the=20 required memory exceeds what can be addressed in 32 bits; one is forced to = use=20 64-bit machines. Beyond RSA key sizes of about 2500 bits, the = memory=20 requirements for the NFS algorithm exceed what can be addressed even on 64 = bit=20 machines.</FONT></P> <P><FONT size=3D2>For your information, here are also the estimated "time" = only=20 based RSA key size equivalents for solving the NFS problem from the same = ANSI=20 draft:</FONT></P> <P> =20 =20 <FONT size=3D2>Time Only</FONT>= =20 <BR><FONT size=3D2>Symmetric =20 Equivalent</FONT> <BR><FONT=20 size=3D2>Key Size =20 RSA Key Size</FONT> <BR><FONT=20= size=3D2>(in bits) =20 (in bits)</FONT> </P> <P><FONT size=3D2>64 =20 =20 512</FONT> <BR><FONT=20 size=3D2>128 &n= bsp;=20 2550</FONT> <BR><FONT=20 size=3D2>192 &n= bsp;=20 6700</FONT> <BR><FONT=20 size=3D2>256 &n= bsp;=20 13500</FONT> </P> <P><FONT size=3D2>Note that either of these sets of RSA key size equivalent= s could=20 be used with Diffie-Hellman for solving the value of "p" since the NFS = algorithm=20 is also the most efficient method to break Diffie-Hellman algorithm = today. =20 Note also that these time only equivalents numbers are slightly smaller = than=20 those from ANSI X9.42 for Diffie-Hellman (i.e. 2550 vs 3072 for 128 bits, = 6700=20 vs 7680 for 192 bits and 13500 vs 15360 for 256 bits) and the numbers in = Hilarie=20 Orman's Internet Draft (i.e. draft-orman-public-key-lengths-01.txt).</FONT>= </P> <P><FONT size=3D2>Shouldn't IETF standards mention these new "time and = space"=20 based key size equivalents in addition to existing "time" only based key = size=20 equivalents, and possibly even suggest that "time and space" based key = size=20 equivalents be used for RSA and Diffie-Hellman? Why mandate = larger=20 equivalent key sizes when smaller equivalent key sizes can probably=20 suffice?</FONT></P> <P><FONT size=3D2>Food for thought!</FONT> </P> <P><FONT size=3D2>Cheers,</FONT> </P> <P><FONT size=3D2>Francois</FONT> <BR><FONT=20 size=3D2>___________________________________</FONT> <BR><FONT size=3D2>Fran= cois=20 Rousseau</FONT> <BR><FONT size=3D2>Director of Standards and Conformance</F= ONT>=20 <BR><FONT size=3D2>Chrysalis-ITS</FONT> <BR><FONT size=3D2>1688 Woodward=20= Drive</FONT> <BR><FONT size=3D2>Ottawa, Ontario, CANADA, K2C 3R7</FONT> = <BR><FONT=20 size=3D2>frousseau@chrysalis-its.com Tel. = (613)=20 723-5076 ext. 419</FONT> <BR><FONT size=3D2><A target=3D_blank=20 href=3D"http://www.chrysalis-its.com">http://www.chrysalis-its.com</A> = ; =20 Fax. (613) 723-5078</FONT> </P></BODY></HTML> --=_2C77224E.31502339-- Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id VAA08335 for ietf-smime-bks; Wed, 13 Dec 2000 21:34:03 -0800 (PST) Received: from ntserver2.chrysalis-its.com ([209.47.245.163]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id VAA08330; Wed, 13 Dec 2000 21:34:01 -0800 (PST) From: FRousseau@chrysalis-its.com Received: by NTSERVER2 with Internet Mail Service (5.5.2650.21) id <XXCGYLMZ>; Thu, 14 Dec 2000 00:36:44 -0500 Message-ID: <918C70B01822D411A87400B0D0204DFFAD7CE6@panda.chrysalis-its.com> To: ietf-smime@imc.org, ipsec@lists.tislabs.com, ietf-tls@lists.certicom.com Cc: ietf-pkix@imc.org Subject: New Time and Space Based Key Size Equivalents for RSA and Diffie- Hellman Date: Thu, 14 Dec 2000 00:36:41 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0658F.D7D4218A" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0658F.D7D4218A Content-Type: text/plain; charset="iso-8859-1" I am sorry for the multiple postings, but I thought this particular subject, although probably quite controversial, might be of interest to the many peoples following these mailing lists, especially because of the upcoming adoption of the AES algorithm by many IETF protocols. As symmetric keys grow, they can be attacked by more processors without a change in processor technology since the memory requirements for breaking symmetric keys remain trivial. However, for the Number Field Sieve (NFS) algorithm, which is currently the most efficient method to break RSA keys, this is not true. Based on this premise, the "time and space" based RSA key size equivalents previously published in the RSA Labs Bulletin #13 of April 2000 by Robert Silverman (http://www.rsalabs.com/bulletins/) have recently been extended to cover all the AES symmetric key sizes in the latest draft of ANSI X9.44, which will eventually become the ANSI standard for RSA key transport: Time and Space Symmetric Equivalent Key Size RSA Key Size (in bits) (in bits) 64 450 128 1620 192 2500 256 4200 These "time and space" based key sizes equivalents assume that both time and memory are binding constraints in order to break RSA keys. This same draft also indicates that beyond RSA key sizes of 768 bits one can no longer effectively utilize 32-bit processors with the NFS algorithm because the required memory exceeds what can be addressed in 32 bits; one is forced to use 64-bit machines. Beyond RSA key sizes of about 2500 bits, the memory requirements for the NFS algorithm exceed what can be addressed even on 64 bit machines. For your information, here are also the estimated "time" only based RSA key size equivalents for solving the NFS problem from the same ANSI draft: Time Only Symmetric Equivalent Key Size RSA Key Size (in bits) (in bits) 64 512 128 2550 192 6700 256 13500 Note that either of these sets of RSA key size equivalents could be used with Diffie-Hellman for solving the value of "p" since the NFS algorithm is also the most efficient method to break Diffie-Hellman algorithm today. Note also that these time only equivalents numbers are slightly smaller than those from ANSI X9.42 for Diffie-Hellman (i.e. 2550 vs 3072 for 128 bits, 6700 vs 7680 for 192 bits and 13500 vs 15360 for 256 bits) and the numbers in Hilarie Orman's Internet Draft (i.e. draft-orman-public-key-lengths-01.txt). Shouldn't IETF standards mention these new "time and space" based key size equivalents in addition to existing "time" only based key size equivalents, and possibly even suggest that "time and space" based key size equivalents be used for RSA and Diffie-Hellman? Why mandate larger equivalent key sizes when smaller equivalent key sizes can probably suffice? Food for thought! Cheers, Francois ___________________________________ Francois Rousseau Director of Standards and Conformance Chrysalis-ITS 1688 Woodward Drive Ottawa, Ontario, CANADA, K2C 3R7 frousseau@chrysalis-its.com Tel. (613) 723-5076 ext. 419 http://www.chrysalis-its.com Fax. (613) 723-5078 ------_=_NextPart_001_01C0658F.D7D4218A Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2650.12"> <TITLE>New Time and Space Based Key Size Equivalents for RSA and = Diffie-Hellman</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>I am sorry for the multiple postings, but I thought = this particular subject, although probably quite controversial, might = be of interest to the many peoples following these mailing lists, = especially because of the upcoming adoption of the AES algorithm by = many IETF protocols.</FONT></P> <P><FONT SIZE=3D2>As symmetric keys grow, they can be attacked by more = processors without a change in processor technology since the memory = requirements for breaking symmetric keys remain trivial. However, = for the Number Field Sieve (NFS) algorithm, which is currently the most = efficient method to break RSA keys, this is not true. Based on = this premise, the "time and space" based RSA key size = equivalents previously published in the RSA Labs Bulletin #13 of April = 2000 by Robert Silverman (<A HREF=3D"http://www.rsalabs.com/bulletins/" = TARGET=3D"_blank">http://www.rsalabs.com/bulletins/</A>) have recently = been extended to cover all the AES symmetric key sizes in the latest = draft of ANSI X9.44, which will eventually become the ANSI standard for = RSA key transport:</FONT></P> <P> = = <FONT SIZE=3D2>Time and = Space</FONT> <BR><FONT SIZE=3D2>Symmetric = Equivalent</FONT> <BR><FONT SIZE=3D2>Key Size = RSA Key Size</FONT> <BR><FONT SIZE=3D2>(in bits) = (in bits)</FONT> </P> <P><FONT SIZE=3D2>64 = = 450</FONT> <BR><FONT SIZE=3D2>128 = = 1620</FONT> <BR><FONT SIZE=3D2>192 = = 2500</FONT> <BR><FONT SIZE=3D2>256 = = 4200</FONT> </P> <P><FONT SIZE=3D2>These "time and space" based key sizes = equivalents assume that both time and memory are binding constraints in = order to break RSA keys. This same draft also indicates that = beyond RSA key sizes of 768 bits one can no longer effectively utilize = 32-bit processors with the NFS algorithm because the required memory = exceeds what can be addressed in 32 bits; one is forced to use 64-bit = machines. Beyond RSA key sizes of about 2500 bits, the memory = requirements for the NFS algorithm exceed what can be addressed even on = 64 bit machines.</FONT></P> <P><FONT SIZE=3D2>For your information, here are also the estimated = "time" only based RSA key size equivalents for solving the = NFS problem from the same ANSI draft:</FONT></P> <P> = = <FONT SIZE=3D2>Time = Only</FONT> <BR><FONT SIZE=3D2>Symmetric = Equivalent</FONT> <BR><FONT SIZE=3D2>Key Size = RSA Key Size</FONT> <BR><FONT SIZE=3D2>(in bits) = (in bits)</FONT> </P> <P><FONT SIZE=3D2>64 = = 512</FONT> <BR><FONT SIZE=3D2>128 = = 2550</FONT> <BR><FONT SIZE=3D2>192 = = 6700</FONT> <BR><FONT SIZE=3D2>256 = = 13500</FONT> </P> <P><FONT SIZE=3D2>Note that either of these sets of RSA key size = equivalents could be used with Diffie-Hellman for solving the value of = "p" since the NFS algorithm is also the most efficient method = to break Diffie-Hellman algorithm today. Note also that these = time only equivalents numbers are slightly smaller than those from ANSI = X9.42 for Diffie-Hellman (i.e. 2550 vs 3072 for 128 bits, 6700 vs 7680 = for 192 bits and 13500 vs 15360 for 256 bits) and the numbers in = Hilarie Orman's Internet Draft (i.e. = draft-orman-public-key-lengths-01.txt).</FONT></P> <P><FONT SIZE=3D2>Shouldn't IETF standards mention these new "time = and space" based key size equivalents in addition to existing = "time" only based key size equivalents, and possibly even = suggest that "time and space" based key size equivalents be = used for RSA and Diffie-Hellman? Why mandate larger equivalent = key sizes when smaller equivalent key sizes can probably = suffice?</FONT></P> <P><FONT SIZE=3D2>Food for thought!</FONT> </P> <P><FONT SIZE=3D2>Cheers,</FONT> </P> <P><FONT SIZE=3D2>Francois</FONT> <BR><FONT SIZE=3D2>___________________________________</FONT> <BR><FONT SIZE=3D2>Francois Rousseau</FONT> <BR><FONT SIZE=3D2>Director of Standards and Conformance</FONT> <BR><FONT SIZE=3D2>Chrysalis-ITS</FONT> <BR><FONT SIZE=3D2>1688 Woodward Drive</FONT> <BR><FONT SIZE=3D2>Ottawa, Ontario, CANADA, K2C 3R7</FONT> <BR><FONT = SIZE=3D2>frousseau@chrysalis-its.com Tel. = (613) 723-5076 ext. 419</FONT> <BR><FONT SIZE=3D2><A HREF=3D"http://www.chrysalis-its.com" = TARGET=3D"_blank">http://www.chrysalis-its.com</A> &nbs= p; Fax. (613) 723-5078</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C0658F.D7D4218A-- Received: by ns.secondary.com (8.9.3/8.9.3) id JAA05656 for ietf-smime-bks; Wed, 13 Dec 2000 09:16:35 -0800 (PST) Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA05650 for <ietf-smime@imc.org>; Wed, 13 Dec 2000 09:16:34 -0800 (PST) Received: from RHOUSLEY-PC.spyrus.com (ietf.207.137.71.200.tx.verio.net [207.137.71.200]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id JAA00313; Wed, 13 Dec 2000 09:18:36 -0800 (PST) Message-Id: <5.0.1.4.2.20001212123236.028d96a0@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Tue, 12 Dec 2000 12:36:27 -0500 To: "Ahmed Bhamjee" <ahmed.bhamjee@sse.ie> From: Russ Housley <housley@spyrus.com> Subject: Re: UKM size in the SMIME Freeware Library v1.8 Cc: <ietf-smime@imc.org> In-Reply-To: <000101c0642d$3a55a090$df2078c1@sse.ie> References: <000001c05b95$02aef8d0$df2078c1@sse.ie> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> RFC 2631 says: partyAInfo is a random string provided by the sender. In CMS, it is provided as a parameter in the UserKeyingMaterial field (encoded as an OCTET STRING). If provided, partyAInfo MUST contain 512 bits. I do not see any ambiguity here... Russ At 11:18 AM 12/12/2000 +0000, Ahmed Bhamjee wrote: >I have been testing our product with the latest SFL version. More >specifically, I have performed tests using the Diffie-Hellman key agreement >method. From the RFC (2631), the size of partyAInfo contained in the >OtherInfo sequence must be 512 bits in size. However, the SFL produces >keying material with partyAInfo set to 128 bytes. Should this not be 64 >bytes? Perhaps I am missing something. > >Thanks >Ahmed Received: by ns.secondary.com (8.9.3/8.9.3) id DAA08598 for ietf-smime-bks; Wed, 13 Dec 2000 03:22:08 -0800 (PST) Received: from gw.capgemini.fr (gw.capgemini.fr [194.3.247.254]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA08591 for <ietf-smime@imc.org>; Wed, 13 Dec 2000 03:22:06 -0800 (PST) Received: from prenoms.capgemini.fr (capmail.capgemini.fr [194.2.91.200]) by gw.capgemini.fr (8.9.3/8.9.1) with ESMTP id MAA24051; Wed, 13 Dec 2000 12:24:13 +0100 (MET) Received: from prenoms.capgemini.fr (localhost [127.0.0.1]) by prenoms.capgemini.fr (8.9.3/8.9.3) with ESMTP id MAA21639; Wed, 13 Dec 2000 12:24:15 +0100 (MET) Received: from bboutelo ([195.124.153.97]) by prenoms.capgemini.fr (8.9.3/8.9.3) with SMTP id MAA21537; Wed, 13 Dec 2000 12:24:13 +0100 (MET) Message-ID: <00d501c064f7$38e1dd80$02000000@bboutelo> From: "Bertrand BOUTELOUP" <bboutelo@capgemini.fr> To: <ietf-smime@imc.org> Subject: Proposed amendment to the Compressed data Content type for S/MIME Date: Wed, 13 Dec 2000 12:24:09 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00CE_01C064FF.97B2F620" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_00CE_01C064FF.97B2F620 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, Here are some amendments on the following draft: > Title : Compressed Data Content Type for S/MIME=20 Can we add as an optional field the "SizeUncomp" field in the The = compressed-data type. SizeUncomp will be the size of non compressed = data. Best regards. Bertrand BOUTELOUP ------=_NextPart_000_00CE_01C064FF.97B2F620 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV>Hi,<BR><BR>Here are some amendments on the following = draft:<BR>>=20 Title : <A=20 href=3D"http://www.ietf.org/internet-drafts/draft-ietf-smime-compression-= 03.txt">Compressed=20 Data Content Type for S/MIME</A> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Can we add as an optional field the = "Size<FONT=20 face=3D"Courier New">Uncomp" field in the </FONT><FONT size=3D2><FONT=20 face=3D"Courier New">The compressed-data type. = </FONT></FONT></FONT><FONT=20 face=3D"Courier New" size=3D2><FONT face=3D"Courier New" = size=3D2>SizeUncomp will=20 be the size of non compressed data.</FONT></FONT></DIV> <DIV><FONT face=3D"Courier New" size=3D2><FONT face=3D"Courier New" = size=3D2>Best=20 regards.</FONT></FONT></DIV> <DIV><FONT face=3D"Courier New" size=3D2><FONT face=3D"Courier New"=20 size=3D2></FONT></FONT> </DIV> <DIV><FONT face=3D"Courier New" size=3D2><FONT face=3D"Courier New" = size=3D2><FONT=20 face=3DArial>Bertrand BOUTELOUP</FONT></DIV></FONT></FONT></BODY></HTML> ------=_NextPart_000_00CE_01C064FF.97B2F620-- Received: by ns.secondary.com (8.9.3/8.9.3) id DAA01128 for ietf-smime-bks; Tue, 12 Dec 2000 03:16:50 -0800 (PST) Received: from mail1.sse.ie (s193-120-32-20.sse.ie [193.120.32.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA01123 for <ietf-smime@imc.org>; Tue, 12 Dec 2000 03:16:48 -0800 (PST) Received: from ahmed (AHMED.sse.ie [193.120.32.223]) by mail1.sse.ie (8.11.1/8.11.1) with SMTP id eBCBIpr23866 for <ietf-smime@imc.org>; Tue, 12 Dec 2000 11:18:52 GMT From: "Ahmed Bhamjee" <ahmed.bhamjee@sse.ie> To: <ietf-smime@imc.org> Subject: UKM size in the SMIME Freeware Library v1.8 Date: Tue, 12 Dec 2000 11:18:16 -0000 Message-ID: <000101c0642d$3a55a090$df2078c1@sse.ie> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: <000001c05b95$02aef8d0$df2078c1@sse.ie> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> I have been testing our product with the latest SFL version. More specifically, I have performed tests using the Diffie-Hellman key agreement method. From the RFC (2631), the size of partyAInfo contained in the OtherInfo sequence must be 512 bits in size. However, the SFL produces keying material with partyAInfo set to 128 bytes. Should this not be 64 bytes? Perhaps I am missing something. Thanks Ahmed Received: by ns.secondary.com (8.9.3/8.9.3) id GAA24978 for ietf-smime-bks; Mon, 11 Dec 2000 06:11:29 -0800 (PST) Received: from sentry.gw.tislabs.com (firewall-user@sentry.gw.tislabs.com [192.94.214.100]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA24969 for <ietf-smime@imc.org>; Mon, 11 Dec 2000 06:11:25 -0800 (PST) Received: by sentry.gw.tislabs.com; id JAA29805; Mon, 11 Dec 2000 09:16:32 -0500 (EST) Received: from clipper.gw.tislabs.com(10.33.1.2) by sentry.gw.tislabs.com via smap (V5.5) id xma029741; Mon, 11 Dec 00 09:15:53 -0500 Received: (from balenson@localhost) by clipper.gw.tislabs.com (8.9.3/8.9.1) id JAA12317 for ietf-smime@imc.org; Mon, 11 Dec 2000 09:12:11 -0500 (EST) Date: Mon, 11 Dec 2000 09:12:11 -0500 (EST) From: "David M. Balenson" <balenson@tislabs.com> Message-Id: <200012111412.JAA12317@clipper.gw.tislabs.com> To: ietf-smime@imc.org Subject: ANNOUNCE: ISOC Netw. & Distr. Sys. Security Symp. (NDSS'01) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> R E G I S T E R N O W ! ! THE INTERNET SOCIETY'S 2001 NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS'01) February 8-9, 2001 Catamaran Resort Hotel, San Diego, California General Chair: Steve Welke, Trusted Computer Solutions Program Chairs: Avi Rubin, AT&T Labs - Research Paul Van Oorschot, Entrust Technologies ONLINE INFORMATION AND REGISTRATION: http://www.isoc.org/ndss01 EARLY REGISTRATION DISCOUNT DEADLINE: January 11, 2001 The 8th annual NDSS Symposium brings together researchers, implementers, and users of network and distributed system security technologies to discuss today's important security issues and challenges. The Symposium provides a mix of technical papers and panel presentations that describe promising new approaches to security problems that are practical and, to the extent possible, have been implemented. NDSS fosters the exchange of technical information and encourages the Internet community to deploy available security technologies and develop new solutions to unsolved problems. THIS YEAR'S TOPICS INCLUDE: * IP Traceback * Authenticating Streamed Data * ATM Encryption * Source Authentication for Multicast * Distributed Certified E-Mail * Wireless Security * Multi-Security Domain Networks * Authentication And Key Agreement * Access Control Language for Security Policies * Limiting the Disclosure of Access Control Policies * Principles of Policy in Secure Groups * Trust Management for IPsec * Building Certification Paths * Decentralized Jini Security * Termination in Language-based Systems * Cryptography as a Network Service * Implementation of Kerberos Crossrealm Referral Handling * Security Risks of Peer-to-Peer Networking PRE-CONFERENCE TECHNICAL TUTORIALS: * Network Security Protocol Standards, Stephen Kent * Deployed & Emerging Security Systems for the Internet, Radia Perlman & Charlie Kaufman * Building Secure Software, Gary McGraw * Intrusion Detection, Dan Nadir * Biometrics, Jim Wayman * Group Security, Thomas Hardjono & Hugh Harney SPONSORSHIP OPPORTUNITIES AVAILABLE! Take advantage of this high visibility event. Contact Torryn Brazell at the Internet Society at +1-703-326-9880 or send e-mail to brazell@isoc.org. THE INTERNET SOCIETY is a non-governmental organization for global cooperation and coordination for the Internet and its internetworking technologies and applications. Received: by ns.secondary.com (8.9.3/8.9.3) id MAA21201 for ietf-smime-bks; Sat, 9 Dec 2000 12:00:41 -0800 (PST) Received: from mail.ec.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.201]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA21197 for <ietf-smime@imc.org>; Sat, 9 Dec 2000 12:00:39 -0800 (PST) Received: from kahu.cs.auckland.ac.nz (pgut001@kahu.cs.auckland.ac.nz [130.216.36.13]) by mail.ec.auckland.ac.nz (8.9.3/8.8.6/cs-master) with SMTP id JAA23076; Sun, 10 Dec 2000 09:02:46 +1300 (NZDT) (sender pgut001@cs.auckland.ac.nz) Received: by kahu.cs.auckland.ac.nz (relaymail v0.9) id <97639216626966>; Sun, 10 Dec 2000 09:02:46 (NZDT) From: pgut001@cs.aucKland.ac.nz (Peter Gutmann) To: eyildiz@tsk.mil.tr, ietf-smime@imc.org Subject: Re: looking for introductory s/mime docs? Reply-To: pgut001@cs.aucKland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on kahu.cs.auckland.ac.nz Date: Sun, 10 Dec 2000 09:02:46 (NZDT) Message-ID: <97639216626966@kahu.cs.auckland.ac.nz> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> "Erdal YILDIZ" <eyildiz@tsk.mil.tr> >I am looking for some high level documants about s/mime. I am very new in taht >area and the docs I look for must be in the beginners level. What is s/mime? >The initiatives for it? Historical story of it? Etc. You could look at part 3 of my crypto tutorial, http://www.cs.auckland.ac.nz/~pgut001/tutorial/, which covers among other things "email security mechanisms, PEM, the PEM CA model, PGP, PGP keys and the PGP trust model, MOSS, PGP/MIME, S/MIME and CMS, MSP" at a reasonably easy level. The historical background and other information is in there as well. Peter. Received: by ns.secondary.com (8.9.3/8.9.3) id JAA17773 for ietf-smime-bks; Sat, 9 Dec 2000 09:13:27 -0800 (PST) Received: from nt1.rocori.k12.mn.us (nt1.rocori.k12.mn.us [207.229.251.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA17735; Sat, 9 Dec 2000 09:12:42 -0800 (PST) Message-Id: <200012091712.JAA17735@ns.secondary.com> From: Mail Sender<postmaster@rusgoods.ru> To: ietf-rip-request@baynetworks.com CC: ietf-run@mailbag.cps.intel.com, ietf-sacred@imc.org, ietf-sacred-request@imc.org, ietf-secretariat@ietf.org, ietf-smime@imc.org Subject: Russian Goods and Service from Moscow Reply-To: mailsender@mailsender.ru Date: 09.12.2000 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> www.rusgoods.com www.rusgoods.ru ================================================================ We present you the production of the 1-st Moscow Watch Factory "Poljot" (Flying). From the simple mechanical watch of the series 2609 till unique, composite and precise mechanical o'clock - Marine timer . It is unique factory in Russia, which makes mechanical hours with the Swiss quality. Factory, which makes watches for the Russian Air Forces , Russian Naval Forces. All mechanical watch which we offer to you, will be delivered to you directly from the factory. If it isn't in the warehouse of the factory, we will place your order directly at the 1-st Moscow Watch Factory without any middlemans. The submarine "Kursk" had on board mechanical marine hronometr 6MX. =============================================================== The "table" of orders. Here you can to order, to find, to know almost everything, than the Russia is rich, everything that does not contradict Russian Federation laws. Here you can receive or order: The information about any enterprise, firm, organization, or person in Russia The production or any goods of Russian manufactories, and other things if it is possible. =============================================================== www.rusgoods.com www.rusgoods.ru Received: by ns.secondary.com (8.9.3/8.9.3) id EAA07180 for ietf-smime-bks; Sat, 9 Dec 2000 04:49:07 -0800 (PST) Received: from yengec (kasirga.tsk.mil.tr [212.50.36.8] (may be forged)) by ns.secondary.com (8.9.3/8.9.3) with SMTP id EAA07173 for <ietf-smime@imc.org>; Sat, 9 Dec 2000 04:49:03 -0800 (PST) Received: from yengec (192.168.1.1 [192.168.1.1]) by tufan.tsk.mil.tr with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id XAQ70VRT; Sat, 9 Dec 2000 14:49:59 +0200 Message-ID: <007801c061e0$a7aee740$4c2b1d3e@erdal> From: "Erdal YILDIZ" <eyildiz@tsk.mil.tr> To: <ietf-smime@imc.org> Subject: looking for introductory s/mime docs? Date: Sat, 9 Dec 2000 15:04:59 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0073_01C061F1.664E6440" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_0073_01C061F1.664E6440 Content-Type: text/plain; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable Hi All; I am looking for some high level documants about s/mime. I am very new = in taht area and the docs I look for must be in the beginners level. = What is s/mime? The initiatives for it? Historical story of it? Etc. If someone help me I would be really very appreciated. Thanks in advance Erdal ------=_NextPart_000_0073_01C061F1.664E6440 Content-Type: text/html; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-9 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT color=3D#000000 face=3DArial size=3D2>Hi All;</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I am looking for some high level = documants about=20 s/mime. I am very new in taht area and the docs I look for must be = in the=20 beginners level. What is s/mime? The initiatives for it? Historical = story of it?=20 Etc.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>If someone help me I would be really = very=20 appreciated.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Thanks in advance</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Erdal</FONT></DIV></BODY></HTML> ------=_NextPart_000_0073_01C061F1.664E6440-- Received: by ns.secondary.com (8.9.3/8.9.3) id PAA03763 for ietf-smime-bks; Thu, 7 Dec 2000 15:05:39 -0800 (PST) Received: from mail.ec.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.201]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA03758; Thu, 7 Dec 2000 15:05:36 -0800 (PST) Received: from kahu.cs.auckland.ac.nz (pgut001@kahu.cs.auckland.ac.nz [130.216.36.13]) by mail.ec.auckland.ac.nz (8.9.3/8.8.6/cs-master) with SMTP id MAA15272; Fri, 8 Dec 2000 12:07:41 +1300 (NZDT) (sender pgut001@cs.auckland.ac.nz) Received: by kahu.cs.auckland.ac.nz (relaymail v0.9) id <97623046120024>; Fri, 8 Dec 2000 12:07:41 (NZDT) From: pgut001@cs.aucKland.ac.nz (Peter Gutmann) To: ietf-pkix@imc.org, ietf-smime@imc.org Subject: Semi-annual reminder: dumpasn1 utility available Reply-To: pgut001@cs.aucKland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on kahu.cs.auckland.ac.nz Date: Fri, 8 Dec 2000 12:07:41 (NZDT) Message-ID: <97623046120024@kahu.cs.auckland.ac.nz> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This is a semi-annual reminder to people about dumpasn1, which picks apart ASN.1 data and displays it in human-readable form. I do actually update this every now and then, so it's worth checking every few months for new copies. Recent (within the last 6-12 months) features include automatic detection of stuff encapsulated inside bit/octet strings (no more -o or -b options), detection of encapsulated text strings disguised as something else, the ability to display text alongside a hex dump of data, an attempt at displaying BMPStrings under Windows (which for console apps doesn't actually work anything like what the docs would have you believe, if anyone can get it to display non 8859-1 characters let me know), and an indication of which bit is set if you've got a large string of zero bits with a single 1 bit at the start (this was motivated by the need to pick apart CMP error codes). Available as usual from http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.{c|.cfg} for the source code and config file. Peter. Received: by ns.secondary.com (8.9.3/8.9.3) id CAA09005 for ietf-smime-bks; Thu, 7 Dec 2000 02:43:57 -0800 (PST) Received: from rom.antech.de (dns.antech.de [194.45.12.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA08998 for <ietf-smime@imc.org>; Thu, 7 Dec 2000 02:43:56 -0800 (PST) Received: from scherbius.secorvo.de (kasiski.secorvo.de [194.45.12.203]) by rom.antech.de (8.9.3/8.9.3) with ESMTP id LAA13614 for <ietf-smime@imc.org>; Thu, 7 Dec 2000 11:34:33 +0100 Message-Id: <200012071034.LAA13614@rom.antech.de> From: "Stefan Kelm" <kelm@secorvo.de> Organization: Secorvo Security Consulting GmbH To: ietf-smime@imc.org Date: Thu, 7 Dec 2000 11:45:56 +0100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: v2/v3 comparison document? Reply-to: kelm@secorvo.de In-reply-to: <5.0.1.4.2.20001205144808.0299f428@mail.spyrus.com> References: <3130909C0878D4118010006008517A7C02112C@swordfish.nexor.co. uk> X-mailer: Pegasus Mail for Win32 (v3.12b) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> All, I'm looking for some kind of roadmap of high-level document that compares S/MIME v2 against v3. Is such a text available anywhere? Any input is highly appreciated. Cheers, Stefan. ------------------------------------------------------- Dipl.-Inform. Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Albert-Nestler-Strasse 9, D-76131 Karlsruhe Tel. +49 721 6105-461, Fax +49 721 6105-455 E-Mail kelm@secorvo.de, http://www.secorvo.de ------------------------------------------------------- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Received: by ns.secondary.com (8.9.3/8.9.3) id UAA23708 for ietf-smime-bks; Wed, 6 Dec 2000 20:58:48 -0800 (PST) Received: from bsd.gymparnr.sk (bsd.gymparnr.sk [195.168.176.67]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id UAA23671 for <ietf-smime@imc.org>; Wed, 6 Dec 2000 20:58:44 -0800 (PST) From: hjghjgjh@yahoo.com Received: (qmail 16826 invoked from network); 6 Dec 2000 00:18:39 -0000 Received: from 1cust62.tnt1.los-angeles.ca.da.uu.net (HELO qYo7NPC3Z?) (63.57.183.62) by bsd.gymparnr.sk with SMTP; 6 Dec 2000 00:18:39 -0000 DATE: 05 Dec 00 4:38:15 PM Message-ID: <674UGKz14zV7En09R14> SUBJECT: 1+1=2 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> The Internet's Finest and Most Reliable Bulk Email Provider! Since 1996, Tech Data Technologies has provided bulk email service to thousands of well-satisfied customers. We offer the most competitive prices in the industry, made possible by our high percentage of repeat business. We have the most advanced, direct email technology, employed by only a knowledgeable few in the world. Our expert programmers have made it possible for us to penetrate any email blocking filter in use. We have over 120 million active email addresses, increasing our list at the rate of half a million to one million a month. We will put your product or service instantly and directly into the hands of millions of prospects! You will have instant, guaranteed results, something no other form of marketing can claim. Our turn around time is a remarkable 24 hours. Our email addresses are sorted by country, state and target. Your marketing campaign will speed with pinpoint accuracy to your desired audience! Your message can be presented in any language you wish, as plain text if you desire simplicity, or in html with color and graphics. Call us for a free consultation at (323)- 851- 8386 [U.S.A.]. We are open 24 hours a day, 7 days a week. No one understands the global market like we do. For a limited time, take advantage of our holiday special -- two million general U.S. emails for just $450 per million! We include, at no cost, a bullet proof email address for 30 days, a $400 value! BULK EMAIL PRICES 500,000........................$375 750,000........................$562 1,200,000........................$720 1,600,000.................. ...$960 3,000,000......................$1,500 3,000,000+ ...................PLEASE CALL FOR A QUOTE Resellers welcome. We accept Visa, MasterCard and check by FAX. DON'T WAIT! LET TECH DATA TECHNOLOGIES BE YOUR PARTNER!! Under Bill s.1618 TITLE III passed by the 105th U.S. Congress this letter is not considered "spam" as long as we include: 1) contact information and, 2) the way to be removed from future mailings (see below).To Remove Yourself From This List: reply to this email with the email address that you would like removed and the word REMOVE in the subject heading. Received: by ns.secondary.com (8.9.3/8.9.3) id NAA23836 for ietf-smime-bks; Tue, 5 Dec 2000 13:20:31 -0800 (PST) Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA23828 for <ietf-smime@imc.org>; Tue, 5 Dec 2000 13:20:30 -0800 (PST) Received: from RHOUSLEY-PC.spyrus.com (dial08.spyrus.com [207.212.34.128]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id NAA26322; Tue, 5 Dec 2000 13:21:53 -0800 (PST) Message-Id: <5.0.1.4.2.20001205144808.0299f428@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Tue, 05 Dec 2000 14:55:31 -0500 To: Graeme Lunt <g.lunt@nexor.co.uk> From: Russ Housley <housley@spyrus.com> Subject: RE: I-D ACTION:draft-ietf-smime-x400transport-00.txt Cc: ietf-smime@imc.org, "'j.onions@nexor.co.uk'" <j.onions@nexor.co.uk> In-Reply-To: <3130909C0878D4118010006008517A7C02112C@swordfish.nexor.co. uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Graeme: The id-data content type should NOT be used to identify a CMS content in an X.400 envelope. I assigned the id-ct-contentInfo OID for this purpose. I am trying to make id-data a useful identifier. If we use it for too many things, it will not help anyone determine how to process a content. Russ At 10:41 AM 11/16/2000 +0000, Graeme Lunt wrote: >Russ, > > > The CMS contentInfo uses id-data when the content is expected to be > > MIME. This choice is for historical reasons (S/MIME v2 did > > it that way). > > > > I think that the authors are trying to avoid a layer of MIME > > encapsulation. > >Yes - I can see that you would want to avoid this. > > > Did I miss something? > >My comment was a little different. > >What is being proposed is that the OID id-data must be used for the >X.400 content type when the CMS object is covered by an outer MIME >wrapper. > >However, a more generic option is to use an OID (say "id-mime") for >the X.400 content type that represents MIME. >Using this content type I could still carry my MIME wrapped CMS object, >but I could also carry other arbitray MIME objects. For example, I >could carry multipart/signed with this method. > >In fact, thinking about it a little more, does the draft as it stands >actually allow me to do this? If I use id-data as the content-type, >MUST the content be a MIME wrapped CMS object? Could it just be arbitrary >MIME? > >This would certainly be a useful feature. > >Graeme Received: by ns.secondary.com (8.9.3/8.9.3) id LAA13451 for ietf-smime-bks; Tue, 5 Dec 2000 11:19:07 -0800 (PST) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA13440; Tue, 5 Dec 2000 11:19:05 -0800 (PST) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id <WY8B6Q12>; Tue, 5 Dec 2000 14:20:35 -0500 Message-ID: <4B0D36365AD3D2118FF40060972A16C0019B19DA@wfhqex01.wangfed.com> From: "Pawling, John" <John.Pawling@GetronicsGov.com> To: "Pawling, John" <John.Pawling@GetronicsGov.com> Subject: SFL/CML/ACL/SNACC Freeware Available *NEW CML RELEASE* Date: Tue, 5 Dec 2000 14:20:30 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> All, The freeware Certificate Management Library (CML), S/MIME Freeware Library (SFL), Access Control Library (ACL), Enhanced SNACC ASN.1 freeware and Cryptographic Token Interface Libraries (CTIL) developed by Getronics Government Solutions are now available from the following web pages: SFL and CTILs: <http://www.getronicsgov.com/hot/sfl_home.htm> CML: <http://www.getronicsgov.com/hot/cml_home.htm> ACL: <http://www.getronicsgov.com/hot/acl_home.htm> Enhanced SNACC ASN.1 Freeware: <http://www.getronicsgov.com/hot/snacc_home.htm> **NEW CML RELEASE**: The CML files available from <http://www.getronicsgov.com/hot/cml_home.htm> are a new release. The v1.81 CML release fixes bugs in the v1.8 CML as documented in the v1.8 CML Problem Report file. With the exception of the CML files, there are no significant differences between the files available from the Getronics Government Solutions web pages and those that were formerly available from the Fortezza Developers Web Site <ww.armadillo.huntsville.al.us>. We welcome all feedback regarding these freeware security libraries. =========================================== John Pawling, John.Pawling@GetronicsGov.com Getronics Government Solutions, LLC =========================================== Received: by ns.secondary.com (8.9.3/8.9.3) id MAA20345 for ietf-smime-bks; Mon, 4 Dec 2000 12:05:03 -0800 (PST) Received: from wfhqex05.gfgsi.com (netva01.wangfed.com [206.137.100.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA20339 for <ietf-smime@imc.org>; Mon, 4 Dec 2000 12:05:02 -0800 (PST) Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id <WY8B6JN4>; Mon, 4 Dec 2000 15:06:29 -0500 Message-ID: <4B0D36365AD3D2118FF40060972A16C0019B19BD@wfhqex01.wangfed.com> From: "Pawling, John" <John.Pawling@GetronicsGov.com> To: "'williams@huntsville.sparta.com'" <williams@huntsville.sparta.com>, Ahmed Bhamjee <ahmed.bhamjee@sse.ie>, Ietf-Smime <ietf-smime@imc.org> Subject: RE: SMIME Freeware Library v1.8 Date: Mon, 4 Dec 2000 15:06:32 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> All, The freeware Certificate Management Library (CML), S/MIME Freeware Library (SFL), Access Control Library (ACL) and Enhanced SNACC ASN.1 freeware will be available on the Getronics Government Solutions web site <http://www.GetronicsGov.com/> on 6 December 2000. I will inform everyone as soon as they are available. =========================================== John Pawling, John.Pawling@GetronicsGov.com Getronics Government Solutions, LLC =========================================== Received: by ns.secondary.com (8.9.3/8.9.3) id KAA12570 for ietf-smime-bks; Mon, 4 Dec 2000 10:25:55 -0800 (PST) Received: from sparta.com (IDENT:root@M5.sparta.com [157.185.61.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA12565 for <ietf-smime@imc.org>; Mon, 4 Dec 2000 10:25:53 -0800 (PST) Received: from huntsville.sparta.com (huntsville.sparta.com [157.185.4.13]) by sparta.com (8.9.3/8.9.3) with ESMTP id MAA11421; Mon, 4 Dec 2000 12:27:48 -0600 Received: from williamspc4 (williamspc4 [157.185.4.50]) by huntsville.sparta.com (8.9.3+Sun/8.8.5) with SMTP id MAA17618; Mon, 4 Dec 2000 12:27:46 -0600 (CST) Reply-To: <williams@huntsville.sparta.com> From: "Eugene C. \(Gene\) Williams" <williams@huntsville.sparta.com> To: "Ahmed Bhamjee" <ahmed.bhamjee@sse.ie>, "Ietf-Smime" <ietf-smime@imc.org> Subject: RE: SMIME Freeware Library v1.8 Date: Mon, 4 Dec 2000 12:38:18 -0600 Message-ID: <NEBBJIGEGGPNBPHMBAHGKELJCIAA.williams@huntsville.sparta.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_001C_01C05DEF.147EE000" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <000001c05b95$02aef8d0$df2078c1@sse.ie> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_001C_01C05DEF.147EE000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Ahmed, See attached message from John Pawling...John has the service become available yet? v.r. Gene -----Original Message----- From: owner-ietf-smime@mail.imc.org [mailto:owner-ietf-smime@mail.imc.org]On Behalf Of Ahmed Bhamjee Sent: Friday, December 01, 2000 6:48 AM To: ietf-smime@imc.org Subject: SMIME Freeware Library v1.8 Could someone please point me to a url where I can find the SMIME Freeware Library v1.8. I have been trying the following url with no success: http://www.armadillo.huntsville.al.us/software/smime Thanks Ahmed ------=_NextPart_000_001C_01C05DEF.147EE000 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: attachment Reply-To: <John.Pawling@GetronicsGov.com> From: "Pawling, John" <John.Pawling@GetronicsGov.com> Sender: <pki-twg@nist.gov> To: "Multiple recipients of list" <pki-twg@nist.gov> Subject: SFL/CML/ACL/Enhanced SNACC Freeware Availability Date: Tue, 21 Nov 2000 10:16:42 -0600 Message-ID: <4B0D36365AD3D2118FF40060972A16C0019B18C7@wfhqex01.wangfed.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Internet Mail Service (5.5.2650.21) X-UIDL: 16927760697143d93e9a32f6c1124357 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal X-To: "Pawling, John" <John.Pawling@GetronicsGov.com> X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas All, The freeware Certificate Management Library (CML), S/MIME Freeware Library (SFL), Access Control Library (ACL) and Enhanced SNACC ASN.1 freeware are no longer available from the <http://www.armadillo.huntsville.al.us> web site. They will be available on the Getronics Government Solutions web site <http://www.GetronicsGov.com/> by 1 December 2000. I will inform everyone as soon as they are available. They will continue to be freely available to everyone. =========================================== John Pawling, John.Pawling@GetronicsGov.com Getronics Government Solutions, LLC =========================================== ------=_NextPart_000_001C_01C05DEF.147EE000-- Received: by ns.secondary.com (8.9.3/8.9.3) id PAA08588 for ietf-smime-bks; Sun, 3 Dec 2000 15:35:16 -0800 (PST) Received: from nt40srv.sudsistemi.it ([138.66.150.18]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id PAA08545 for <ietf-smime@imc.org>; Sun, 3 Dec 2000 15:33:46 -0800 (PST) From: bn1bn2@yahoo.com Received: from wk3F17b6r (unverified [63.28.123.13]) by nt40srv.sudsistemi.it (EMWAC SMTPRS 0.83) with SMTP id <B0000162514@nt40srv.sudsistemi.it>; Mon, 04 Dec 2000 00:31:14 +0100 DATE: 03 Dec 00 3:38:51 PM Message-ID: <XipCiXYnU440dz069> SUBJECT: Holiday Special: Don't miss the savings! Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Hurry!!! Time is running out. Thinking of getting a laptop computer for the holidays, or any occasions... Brand new name brand notebooks at up to 35% savings, compare around than call us 1-800-644-9584. We have thousands Notebook PC, PDAs, Digital Cameras, Parts and Accessories in stock for the holiday, anything you need, we can get you the lower prices. C o m p a q ================================================== Compaq Armada M700 $2199 Intel PIII 650 MHz, 128MB, 12.0GB, 14.1in TFT, 24X CD-ROM, 56 Kbps, 10/100 Ethernet Card, Windows NT 4.0 Compaq Presario 1200-XL125 $1379 AMD K6-2 533 MHz, 64MB , 6.0GB, 13.3in TFT, 8X DVD-ROM, 56Kbps , WIN98se Compaq Presario 1200-XL300 $1095 Intel Celeron 600 MHz, 64MB, 6.0GB, 13in HPA, 24X CD-ROM, 56K , Windows ME Compaq Presario 1200-XL325 $1499 Intel PIII 650 MHz, 64MB, 6.0GB, 13.3in TFT, 8X DVD-ROM, 56K , Windows ME Compaq Presario 1700-XL360 $1799 Intel PIII 600 MHz, 64MB, 10.0GB, 14.1in TFT, 8X DVD-ROM, 56K , Windows ME H P ==================================================== HP Omni Book 6000 $3499 Intel PIII 850MHz , 128 MB , 20GB, 15.1in TFT, 8X DVD-ROM, 56Kbps, Windows 2000 HP Pavilion N5150 $1499 Intel PIII 600 MHz, 64MB, 10.0GB , 13.3in TFT, 8X DVD-ROM, 56Kbps, Windows Millennium Edition HP Pavilion N5170 $1599 Intel PIII 600 MHz , 64MB, 7.0GB , 14.1in TFT, 8X DVD-ROM, 56Kbps, 10/100 Ethernet, Windows Millennium Edition HP Pavilion N5195 $2199 Intel PIII 700 MHz , 128MB , 20.0GB , 15.1in TFT, 8X DVD-ROM, 56Kbps, 10/100 Ethernet, Windows Millennium Edition S O N Y ==================================================== Sony VAIO PCG-F580 Notebook $2099 Intel PIII 650 MHz, 64MB, 12.0GB, 15.0in TFT, 8X DVD-ROM, 56K, Windows 98se Sony VAIO PCG-F650 Notebook $1889 Intel PIII 600 MHz, 64MB, 12.0GB, 14.1in TFT, 8X DVD-ROM, 56Kbps, Windows ME For more info or to place an order call: 1-800-644-9584 To Visit Our Site http://www.laptopland.com to find out more detail This message is being sent to you in compliance with the proposed Federal legislation for commercial e-mail (S.1618 - SECTION 301)."Pursuant to Section 301, Paragraph (a)(2)(C) of S. 1618, further transmissions to you by the sender of this e-mail may be stopped at no cost to you by submitting a request to be removed. INSTRUCTIONS- click here mailto:member9288@computerassociation.com?subject=removelist134 to be removed. Received: by ns.secondary.com (8.9.3/8.9.3) id FAA24681 for ietf-smime-bks; Fri, 1 Dec 2000 05:57:29 -0800 (PST) Received: from po2.bbn.com (PO2.BBN.COM [192.1.50.36]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA24676 for <ietf-smime@imc.org>; Fri, 1 Dec 2000 05:57:27 -0800 (PST) Received: from wwilliams2 (dhcp058-134.genuity.com [171.78.58.134]) by po2.bbn.com (8.9.1/8.9.1) with SMTP id JAA20456; Fri, 1 Dec 2000 09:00:44 -0500 (EST) From: "Walter Williams" <walter.williams@genuity.com> To: "Ahmed Bhamjee" <ahmed.bhamjee@sse.ie>, <ietf-smime@imc.org> Subject: RE: SMIME Freeware Library v1.8 Date: Fri, 1 Dec 2000 08:54:51 -0500 Message-ID: <JJEAICLDDDJICLKBAAPDKEAJCAAA.walter.williams@genuity.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <000001c05b95$02aef8d0$df2078c1@sse.ie> X-Mimeole: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> While that server appears to be down, you might want to look at http://www.mozilla.org/projects/security/pki/nss/smime/ as an alternative. This is a S/MIME toolkit developed by what used to be Netscape. Walt Williams Genuity > -----Original Message----- > From: owner-ietf-smime@mail.imc.org > [mailto:owner-ietf-smime@mail.imc.org]On Behalf Of Ahmed Bhamjee > Sent: Friday, December 01, 2000 7:48 AM > To: ietf-smime@imc.org > Subject: SMIME Freeware Library v1.8 > > > Could someone please point me to a url where I can find the SMIME Freeware > Library v1.8. I have been trying the following url with no success: > > http://www.armadillo.huntsville.al.us/software/smime > > Thanks > Ahmed > Received: by ns.secondary.com (8.9.3/8.9.3) id EAA21182 for ietf-smime-bks; Fri, 1 Dec 2000 04:48:10 -0800 (PST) Received: from mail0.sse.ie (mail0.sse.ie [193.120.32.47]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id EAA21175 for <ietf-smime@imc.org>; Fri, 1 Dec 2000 04:48:08 -0800 (PST) Received: from mail0.sse.ie (actually localhost) by mail0.sse.ie; Fri, 1 Dec 2000 12:49:17 +0000 Received: from ahmed (AHMED.sse.ie [193.120.32.223]) by mail0.sse.ie (8.9.1a/8.9.1) with SMTP id MAA01984 for <ietf-smime@imc.org>; Fri, 1 Dec 2000 12:49:16 GMT From: "Ahmed Bhamjee" <ahmed.bhamjee@sse.ie> To: <ietf-smime@imc.org> Subject: SMIME Freeware Library v1.8 Date: Fri, 1 Dec 2000 12:48:21 -0000 Message-ID: <000001c05b95$02aef8d0$df2078c1@sse.ie> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0001_01C05B95.02AEF8D0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <200011301057.FAA28262@ietf.org> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-ID: <ietf-smime.imc.org> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C05B95.02AEF8D0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Could someone please point me to a url where I can find the SMIME Freeware Library v1.8. I have been trying the following url with no success: http://www.armadillo.huntsville.al.us/software/smime Thanks Ahmed ------=_NextPart_000_0001_01C05B95.02AEF8D0 Content-Type: application/octet-stream; name="http---www.armadillo.huntsville.al.us-software-smime.url" Content-Disposition: attachment; filename="http---www.armadillo.huntsville.al.us-software-smime.url" Content-Transfer-Encoding: 7bit [InternetShortcut] URL=http://www.armadillo.huntsville.al.us/software/smime Modified=2038EDA8945BC0019D ------=_NextPart_000_0001_01C05B95.02AEF8D0--
- 13 December 2000 S/MIME WG Minutes Pawling, John