Re: Next Draft of Proposed Charter

["Housley, Russ" <rhousley@rsasecurity.com>]

Bodo:

This is a point to be raised in the security considerations section of the 
document.  It is quite reasonable to document both methods of using RSA, 
then warn people that a different key pair should be used with each one.

Russ

At 01:03 AM 5/25/2002 +0200, Bodo Moeller wrote:

>Housley, Russ <rhousley@rsasecurity.com>:
>
> >>> Here is the next draft of the proposed working group charter.  The
> >>> biggest change from the previous posting is that both OAEP and KEM 
> become
> >>> standards track documents.
>
> >> Are the differences between the attacks and mitigations presented by OAEP
> >> and KEM really worth the high liklihood of lack of interoperability?
>
> > RSA using PKCS#1_v1.5, OAEP, and KEM all employ the same certificate, so
> > this choice does not require any adjustments in the PKI.
>
>This makes it is pretty pointless to use "provably secure"
>cryptography, though -- all security guarantees that OAEP, say, may
>promise are voided if you use the same key for decrypting messages
>using some other style of RSA.



Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4SCv0I21658 for ietf-smime-bks; Tue, 28 May 2002 05:57:00 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g4SCuwJ21650 for <ietf-smime@imc.org>; Tue, 28 May 2002 05:56:58 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 28 May 2002 12:55:04 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id IAA11712; Tue, 28 May 2002 08:56:58 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g4SCt5x06155; Tue, 28 May 2002 08:55:05 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <K2ZLH1N2>; Tue, 28 May 2002 08:56:57 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.15]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K2ZLH1NC; Tue, 28 May 2002 08:56:53 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: moeller@cdc.informatik.tu-darmstadt.de, bmoeller@hrzpub.tu-darmstadt.de
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020528083225.021591e8@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 28 May 2002 08:34:04 -0400
Subject: Re: Next Draft of Proposed Charter
In-Reply-To: <m17BO5T-000QdtC@epsilon>
References: <5.1.0.14.2.20020513094556.02d57830@exna07.securitydynamics.com> <p0511171bb901e26f1a10@[165.227.249.18]> <5.1.0.14.2.20020513094556.02d57830@exna07.securitydynamics.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Bodo:

This is a point to be raised in the security considerations section of the 
document.  It is quite reasonable to document both methods of using RSA, 
then warn people that a different key pair should be used with each one.

Russ

At 01:03 AM 5/25/2002 +0200, Bodo Moeller wrote:

>Housley, Russ <rhousley@rsasecurity.com>:
>
> >>> Here is the next draft of the proposed working group charter.  The
> >>> biggest change from the previous posting is that both OAEP and KEM 
> become
> >>> standards track documents.
>
> >> Are the differences between the attacks and mitigations presented by OAEP
> >> and KEM really worth the high liklihood of lack of interoperability?
>
> > RSA using PKCS#1_v1.5, OAEP, and KEM all employ the same certificate, so
> > this choice does not require any adjustments in the PKI.
>
>This makes it is pretty pointless to use "provably secure"
>cryptography, though -- all security guarantees that OAEP, say, may
>promise are voided if you use the same key for decrypting messages
>using some other style of RSA.


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4ON4ue28681 for ietf-smime-bks; Fri, 24 May 2002 16:04:56 -0700 (PDT)
Received: from cdc-info.cdc.informatik.tu-darmstadt.de (cdc-info.cdc.informatik.tu-darmstadt.de [130.83.23.100]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4ON4tL28677 for <ietf-smime@imc.org>; Fri, 24 May 2002 16:04:55 -0700 (PDT)
Received: from localhost (cdc-info [130.83.23.100]) by cdc-info.cdc.informatik.tu-darmstadt.de (Postfix) with SMTP id 003C82CBC; Sat, 25 May 2002 01:04:56 +0200 (MET DST)
Received: id <m17BO5T-000QdtC@epsilon>; Sat, 25 May 2002 01:03:07 +0200 (CEST) 
Message-Id: <m17BO5T-000QdtC@epsilon>
Date: Sat, 25 May 2002 01:03:07 +0200 (CEST)
To: ietf-smime@imc.org
Reply-To: moeller@cdc.informatik.tu-darmstadt.de, bmoeller@hrzpub.tu-darmstadt.de
From: moeller@cdc.informatik.tu-darmstadt.de (Bodo Moeller)
Subject: Re: Next Draft of Proposed Charter
In-Reply-To: <5.1.0.14.2.20020513094556.02d57830@exna07.securitydynamics.com>
References: <p0511171bb901e26f1a10@[165.227.249.18]> <5.1.0.14.2.20020513094556.02d57830@exna07.securitydynamics.com>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Housley, Russ <rhousley@rsasecurity.com>:

>>> Here is the next draft of the proposed working group charter.  The 
>>> biggest change from the previous posting is that both OAEP and KEM become 
>>> standards track documents.

>> Are the differences between the attacks and mitigations presented by OAEP 
>> and KEM really worth the high liklihood of lack of interoperability?

> RSA using PKCS#1_v1.5, OAEP, and KEM all employ the same certificate, so 
> this choice does not require any adjustments in the PKI.

This makes it is pretty pointless to use "provably secure"
cryptography, though -- all security guarantees that OAEP, say, may
promise are voided if you use the same key for decrypting messages
using some other style of RSA.


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4OD9if10119 for ietf-smime-bks; Fri, 24 May 2002 06:09:44 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g4OD9gL10114 for <ietf-smime@imc.org>; Fri, 24 May 2002 06:09:42 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 24 May 2002 13:07:52 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id JAA18912; Fri, 24 May 2002 09:09:38 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g4OD7kq11383; Fri, 24 May 2002 09:07:46 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <K2ZLGLM8>; Fri, 24 May 2002 09:09:36 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.8]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K2ZLGLM5; Fri, 24 May 2002 09:09:31 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: "Bonatti, Chris" <BonattiC@ieca.com>
Cc: Blake Ramsdell <blake@brutesquadlabs.com>, ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020524090542.034681b8@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 24 May 2002 09:09:28 -0400
Subject: RE: Protecting fields via message/rfc822 and merging issues
In-Reply-To: <LOEILJNBHBPKGOPJCMADCEHKENAA.BonattiC@ieca.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Chris:

See my comment at the end.

> > > >   Obviously, my belief is that (d) is the only one
> > that works.  However,
> > >I'm not happy with how it works in the encrypted-only
> > case.  I'm also
> > >somewhat sensitive to "attribute bloat".  I therefore
> > earnestly hope
> > >somebody else sees something that I've missed.
> > >
> > >[bcr] I think that the biggest problem I'm having is
> > that we're trying to
> > >mix authenticated / unauthenticated / encrypted /
> > unencrypted headers
> > >together and try to do the right thing in an
> > automated fashion.  As much as
> > >as we might like to define this, I think the only
> > option might be to take
> > >the coward's way out and explain that the
> > presentation and merging of the
> > >headers are the problem of the client, and that it's
> > not possible to
> > >automatically mix them.  The realization that I'm
> > coming to is that there is
> > >no utility in merging the headers, and we shouldn't
> > even attempt it, and we
> > >should document that the client needs to potentially
> > make decisions about
> > >how much to trust the internal headers vs. the
> > external headers, and it is
> > >their responsibility to demonstrate the separation.
> > >
> > >[bcr] My thinking right now is along the lines of the
> > following, and I could
> > >very well be missing some important issues:
> > >
> > >1. Use message/rfc822 with a full set of headers for
> > the inner protected
> > >content.  This is backward compatible, and it's
> > entirely possible that
> > >existing clients might even process this correctly.
> > >
> > >2. Define placebo values for any outer message
> > required fields.
> > >
> > >3. Explain the client considerations for presentation.
> >
> > [RH] I would like to see a very simple approach.  The
> > sender MUST put the
> > same values in both the 822 header and the inner protected
> > header.  Whenever possible, the recipient SHOULD
> > display the values from
> > the inner protected header.  We need to explain the
> > cases where this will
> > be difficult and the ones from the outer unprotected
> > header need to be used.
> >
>[CDB] I think that some minor complexity is necessary if the solution is 
>to apply equally to SignedData and EnvelopedData (which I thought was the 
>one of the reasons for this approach).  Having the same values in the 
>outer and inner header precludes the latter.  Given that you are therefore 
>going to HAVE to merge inner and outer for some cases, I think that use of 
>"dummy" values on the outside makes sense if we're only going to have one 
>way of doing things.

[RH] You are correct.  We need to consider the ContentHints attribute 
defined in ESS too.  The original point of this attribute was to provide a 
plaintext subject line.  So, we need to provide guidance about the handling 
of the plaintext 822 subject line, the ciphertext 822 subject line, and the 
ContentHints attribute if all three are present.



Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4NN9FX17103 for ietf-smime-bks; Thu, 23 May 2002 16:09:15 -0700 (PDT)
Received: from gamma.isi.edu (gamma.isi.edu [128.9.144.145]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NN9DL17099 for <ietf-smime@imc.org>; Thu, 23 May 2002 16:09:13 -0700 (PDT)
Received: from ISI.EDU (jet.isi.edu [128.9.160.87]) by gamma.isi.edu (8.11.6/8.11.2) with ESMTP id g4NN9FE16370; Thu, 23 May 2002 16:09:15 -0700 (PDT)
Message-Id: <200205232309.g4NN9FE16370@gamma.isi.edu>
To: IETF-Announce: ;
Subject: RFC 3114 on Implementing Company Classification Policy
Cc: rfc-editor@rfc-editor.org, ietf-smime@imc.org
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary=NextPart
Date: Thu, 23 May 2002 16:09:15 -0700
From: RFC Editor <rfc-ed@ISI.EDU>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

--NextPart


A new Request for Comments is now available in online RFC libraries.


        RFC 3114

        Title:	    Implementing Company Classification Policy with
                    the S/MIME Security Label
        Author(s):  W. Nicolls
        Status:	    Informational
	Date:       May 2002
        Mailbox:    wnicolls@forsythesolutions.com
        Pages:      14
        Characters: 27764
        Updates/Obsoletes/SeeAlso:  None

        I-D Tag:    draft-ietf-smime-seclabel-03.txt

        URL:        ftp://ftp.rfc-editor.org/in-notes/rfc3114.txt


This document discusses how company security policy for data
classification can be mapped to the S/MIME security label.  Actual
policies from three companies provide worked examples.

This document is a product of the S/MIME Mail Security Working Group
of the IETF.

This memo provides information for the Internet community.  It does
not specify an Internet standard of any kind.  Distribution of this
memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@IETF.ORG.  Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body 
help: ways_to_get_rfcs.  For example:

        To: rfc-info@RFC-EDITOR.ORG
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.echo 
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG.  Please consult RFC 2223, Instructions to RFC
Authors, for further information.


Joyce K. Reynolds and Sandy Ginoza
USC/Information Sciences Institute

...

Below is the data which will enable a MIME compliant Mail Reader 
implementation to automatically retrieve the ASCII version
of the RFCs.

--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"

--OtherAccess
Content-Type:  Message/External-body;
        access-type="mail-server";
        server="RFC-INFO@RFC-EDITOR.ORG"

Content-Type: text/plain
Content-ID: <020523160703.RFC@RFC-EDITOR.ORG>

RETRIEVE: rfc
DOC-ID: rfc3114

--OtherAccess
Content-Type:   Message/External-body;
        name="rfc3114.txt";
        site="ftp.isi.edu";
        access-type="anon-ftp";
        directory="in-notes"

Content-Type: text/plain
Content-ID: <020523160703.RFC@RFC-EDITOR.ORG>

--OtherAccess--
--NextPart--


Received: by above.proper.com (8.11.6/8.11.3) id g4NMpiU16790 for ietf-smime-bks; Thu, 23 May 2002 15:51:44 -0700 (PDT)
Received: from Obsidian (pcp01965971pcs.nrockv01.md.comcast.net [68.48.109.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4NMphL16786 for <ietf-smime@imc.org>; Thu, 23 May 2002 15:51:43 -0700 (PDT)
Received: from [127.0.0.1] by Obsidian (ArGoSoft Mail Server, Version 1.61 (1.6.1.9)); Thu, 23 May 2002 18:51:44 -0400
From: "Bonatti, Chris" <BonattiC@ieca.com>
To: "Housley, Russ" <rhousley@rsasecurity.com>
Cc: "Blake Ramsdell" <blake@brutesquadlabs.com>, <ietf-smime@imc.org>
Subject: RE: Protecting fields via message/rfc822 and merging issues
Date: Thu, 23 May 2002 18:51:42 -0400
Message-ID: <LOEILJNBHBPKGOPJCMADCEHKENAA.BonattiC@ieca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g4NMphL16787
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Russ,

Some new comments embedded, preceded by [CDB].

Best regards,
Chris



> [RH] I think that message/rfc822 should be the 
> mandatory to implement 
> approach.  If we want to explore message/partial, it 
> should not be 
> mandatory to implement.

[CDB] I agree with this suggestion.


> > >   Obviously, my belief is that (d) is the only one 
> that works.  However,
> >I'm not happy with how it works in the encrypted-only 
> case.  I'm also
> >somewhat sensitive to "attribute bloat".  I therefore 
> earnestly hope
> >somebody else sees something that I've missed.
> >
> >[bcr] I think that the biggest problem I'm having is 
> that we're trying to
> >mix authenticated / unauthenticated / encrypted / 
> unencrypted headers
> >together and try to do the right thing in an 
> automated fashion.  As much as
> >as we might like to define this, I think the only 
> option might be to take
> >the coward's way out and explain that the 
> presentation and merging of the
> >headers are the problem of the client, and that it's 
> not possible to
> >automatically mix them.  The realization that I'm 
> coming to is that there is
> >no utility in merging the headers, and we shouldn't 
> even attempt it, and we
> >should document that the client needs to potentially 
> make decisions about
> >how much to trust the internal headers vs. the 
> external headers, and it is
> >their responsibility to demonstrate the separation.
> >
> >[bcr] My thinking right now is along the lines of the 
> following, and I could
> >very well be missing some important issues:
> >
> >1. Use message/rfc822 with a full set of headers for 
> the inner protected
> >content.  This is backward compatible, and it's 
> entirely possible that
> >existing clients might even process this correctly.
> >
> >2. Define placebo values for any outer message 
> required fields.
> >
> >3. Explain the client considerations for presentation.
> 
> [RH] I would like to see a very simple approach.  The 
> sender MUST put the 
> same values in both the 822 header and the inner protected 
> header.  Whenever possible, the recipient SHOULD 
> display the values from 
> the inner protected header.  We need to explain the 
> cases where this will 
> be difficult and the ones from the outer unprotected 
> header need to be used.
> 
[CDB] I think that some minor complexity is necessary if the solution is to apply equally to SignedData and EnvelopedData (which I thought was the one of the reasons for this approach).  Having the same values in the outer and inner header precludes the latter.  Given that you are therefore going to HAVE to merge inner and outer for some cases, I think that use of "dummy" values on the outside makes sense if we're only going to have one way of doing things.





Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4MCtQm06659 for ietf-smime-bks; Wed, 22 May 2002 05:55:26 -0700 (PDT)
Received: from ns0.eris.dera.gov.uk (qmailr@ns0.eris.dera.gov.uk [128.98.1.1]) by above.proper.com (8.11.6/8.11.3) with SMTP id g4MCtNL06648 for <ietf-smime@imc.org>; Wed, 22 May 2002 05:55:24 -0700 (PDT)
Received: (qmail 2118 invoked from network); 22 May 2002 13:56:50 -0000
Received: from mailhost.eris.dera.gov.uk (qmailr@128.98.2.2) by ens0.eris.dera.gov.uk with SMTP; 22 May 2002 13:56:50 -0000
Received: (qmail 28650 invoked by uid 2853); 22 May 2002 12:54:36 -0000
Received: from unknown (HELO WOTTAWAY) (128.98.10.192) by mailhost.eris.dera.gov.uk with SMTP; 22 May 2002 12:54:34 -0000
From: "William Ottaway" <w.ottaway@eris.QinetiQ.com>
To: <blake@brutesquadlabs.com>
Cc: <ietf-smime@imc.org>
Subject: Comments on RFC2633bis
Date: Wed, 22 May 2002 14:01:49 +0100
Message-ID: <NABBJNEAKNOGJBHIOCBHMEALEHAA.w.ottaway@eris.QinetiQ.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
X-Virus-Scanned: by internal AMaViS perl-11
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Hi Blake,

I have provided some comments on the X400wrap draft which relate to text
that is aligned with RFC 2633 and have therefore been asked to raise these
points with you.

1) Section 2.5, last paragraph. I understand where you are coming from but
the majority of S/MIME client users will not understand what the values in a
signed attribute mean, let alone which ones are listed in 2633, and probably
don't care. My general feeling is don't show the user this information. This
may have some impact legally (e.g. you can't sue me because I didn't know I
was signing/sending that). This is really a local issue. Perhaps rather than
stating this as a 'SHOULD' maybe a comment that it is advised
implementations support this feature, which can be turned on/off.

2) Section 3.3, 3.4.2 and 3.6. In the steps on constructing the different
types of message you don't mention applying a transfer encoding. This is
mentioned in the steps in section 3.4.3.2. I suggest that Step 3 in 3.3 and
3.4.2 and step 2 in 3.6 are changed to :-

"Transfer encoding is applied to the CMS object and it is inserted into an
application/pkcs7-mime MIME entity."



While I'm at it we had a discussion on the s/mime list back in Feb/Mar 2001
on another matter that raised its head whilst reviewing the X.400 drafts.
This was related to the 'certs only' message. This accumulated in me
suggesting the following text for section 3.6 (Thu, 1 Mar 2001
09:10:33 -0000).

"3.6 Creating a Certificate Management Message

The certificate management message or MIME entity is used to transport
certificates and/or CRLs, such as in response to a registration request.

   Step 1. The certificates and/or CRLs are made available to the CMS
generating
           process which creates a CMS object of type signedData. The
signedData
           encapContentInfo eContent field MUST be absent and signerInfos
field
           MUST be empty.

   Step 2. The CMS signedData object is enclosed in an
application/pkcs7-mime MIME entity

The smime-type parameter for a certificate management message is
"cert-management".
The file extension for this type of message is ".p7c"."

Of course step 2 would now be "Transfer encoding is applied to the CMS
object and it is inserted into an application/pkcs7-mime MIME entity."

Your reply (Thu, 1 Mar 2001 09:50:25 -0800) was "Sounds good -- we'll
rewrite it at some point."

Bill

____________________________________________________
 William Ottaway BSc Hons CEng MBCS,
 Woodward B009,
 QinetiQ                      Tel: +44 (0) 1684 894079
 Malvern Technology Centre,   Fax: +44 (0) 1684 896660
 St. Andrews Road,            email: w.ottaway@eris.QinetiQ.com
 Malvern,
 Worcs,
 WR14 3PS

 All opinions are my own.




Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4GG0CQ15031 for ietf-smime-bks; Thu, 16 May 2002 09:00:12 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g4GG09L15016 for <ietf-smime@imc.org>; Thu, 16 May 2002 09:00:09 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 16 May 2002 15:58:28 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id MAA08946; Thu, 16 May 2002 12:00:08 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g4GFwHr25408; Thu, 16 May 2002 11:58:18 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <K2ZLC6D3>; Thu, 16 May 2002 12:00:07 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.68]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K2ZLC6D1; Thu, 16 May 2002 11:59:57 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: "Bonatti, Chris" <BonattiC@ieca.com>, Blake Ramsdell <blake@brutesquadlabs.com>
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020516112231.02dceca8@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 16 May 2002 11:35:51 -0400
Subject: Re: Protecting fields via message/rfc822 and merging issues
In-Reply-To: <0c0901c1f011$8131cf40$0700a8c0@brutesquadlabs.com>
References: <LOEILJNBHBPKGOPJCMADMEKGEIAA.BonattiC@ieca.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Chris & Blake:

My comments below, prefixed by [RH]...

To jog your memory, Chris made the original posting.
Blake replied with his comments prefixed with [bcr].

> >   The first part of the solution seems like a done deal.  I would note
>that we should be able to omit the "orig-date" and "from" fields (required
>by RFC 2822) from the inner message if we use the message/partial type vs
>message/rfc822 in the protected MIME object.  However, I think it would be
>wise if we simply allowed either type in this case.  I think that support
>for message/rfc822 is widespread, perhaps almost universal.  However, the
>level of support for message/partial is unknown (to me anyway).  Also, use
>of message/partial in this way isn't *exactly* for the reasons that RFC2046
>describes its use.  Since Ned suggested it, I would guess he thinks it is,
>though.
>
>[bcr] One way to think about message/partial is that this header privacy
>issue represents a new S/MIME idiom, and thus you need to write a bunch of
>code anyway to handle it.  The argument against message/partial would be
>that applications are using a separate MIME library which would choke on
>message/partial if it didn't already support it, and older clients that are
>unaware of this use might fail completely to process the message.  I would
>be more in favor of exploring message/rfc822, since I'm fairly certain that
>most GUI implementations just pop up a new message window.  This has the
>added benefit of automatically providing compartementalization of the
>protected headers, since those will be attributes of the new window.

[RH] I think that message/rfc822 should be the mandatory to implement 
approach.  If we want to explore message/partial, it should not be 
mandatory to implement.

> >    b) Discarding the outer 822 message and looking only at the
> > inner fields works provided that the inner message is
> > complete.  However, it does not work if only a partial
> > list of fields is included in the inner message.  Also,
> > since we negate the usefulness of the outer message in
> > all cases, we strongly encourage that it be a blank
> > "dummy" message.  This would effectively require the
> > application to do security processing even to display
> > the originator, subject line, etc. -- fields normally
> > shown in a mailbox view.  Blake also correctly pointed
> > out that this would squash useful headers like "trace"
> > (i.e., Received:...) and things added by list exploders.
>
>[bcr] Right, and I think this also includes header security policies (not
>necessarily cryptography, but generic rewriting) applied by the organization
>such as rewritten address lines for host name hiding or adding disclosed
>recipients.  I think this is where we start running into a problem, and
>where we're in danger of failing.
>
> >   Of these, I think I favor (c).  However, regardless of which option we
>choose, we should say something about using dummy values of the "orig-date"
>and "from" fields in the event that the originator wants to protect the
>confidentiality of that information.  Since these elements are required in
>an 822 message, some dummy value MUST be provided in the outer message.  I
>don't think we need to necessarily specify what these values should be, but
>we should say something about the need for them.
>
>[bcr] I agree -- I think this is going to be part of any work that we
>pursue.
>
> >   Obviously, my belief is that (d) is the only one that works.  However,
>I'm not happy with how it works in the encrypted-only case.  I'm also
>somewhat sensitive to "attribute bloat".  I therefore earnestly hope
>somebody else sees something that I've missed.
>
>[bcr] I think that the biggest problem I'm having is that we're trying to
>mix authenticated / unauthenticated / encrypted / unencrypted headers
>together and try to do the right thing in an automated fashion.  As much as
>as we might like to define this, I think the only option might be to take
>the coward's way out and explain that the presentation and merging of the
>headers are the problem of the client, and that it's not possible to
>automatically mix them.  The realization that I'm coming to is that there is
>no utility in merging the headers, and we shouldn't even attempt it, and we
>should document that the client needs to potentially make decisions about
>how much to trust the internal headers vs. the external headers, and it is
>their responsibility to demonstrate the separation.
>
>[bcr] My thinking right now is along the lines of the following, and I could
>very well be missing some important issues:
>
>1. Use message/rfc822 with a full set of headers for the inner protected
>content.  This is backward compatible, and it's entirely possible that
>existing clients might even process this correctly.
>
>2. Define placebo values for any outer message required fields.
>
>3. Explain the client considerations for presentation.

[RH] I would like to see a very simple approach.  The sender MUST put the 
same values in both the 822 header and the inner protected 
header.  Whenever possible, the recipient SHOULD display the values from 
the inner protected header.  We need to explain the cases where this will 
be difficult and the ones from the outer unprotected header need to be used.

Russ




Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4FEPrP25217 for ietf-smime-bks; Wed, 15 May 2002 07:25:53 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g4FEPpL25206 for <ietf-smime@imc.org>; Wed, 15 May 2002 07:25:51 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 15 May 2002 14:24:11 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA23956; Wed, 15 May 2002 10:25:52 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g4FEO0f13700; Wed, 15 May 2002 10:24:00 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <K2ZLCJJ5>; Wed, 15 May 2002 10:25:50 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.50]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K2ZLCJJ4; Wed, 15 May 2002 10:25:45 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Ben Littauer <littauer@blkk.com>, Craig McGregor <Craig.McGregor@treasury.govt.nz>
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020515101148.037b9bd8@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 15 May 2002 10:18:30 -0400
Subject: RE: Are certificates _required_ by the sender?
In-Reply-To: <14270A31340CCF46A050FEC25B8F50A0228559@juliet.hamlet.treas ury.govt.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Ben & Craig:

This is appropriate behavior.  RFC 2633, in section 3.3, says:

    ...  In addition to encrypting a copy of
    the content-encryption key for each recipient, a copy of the content
    encryption key SHOULD be encrypted for the originator and included in
    the envelopedData (see CMS Section 6).

Russ


At 09:41 AM 5/9/2002 +1200, Craig McGregor wrote:

>Hi Ben,
>
>Although I have not tested this theory, I suspect it is so that it can
>encrypt the message both for the recipient and sender. Otherwise the
>sender could not read their message from their sent items folder without
>access to the recipients private key - which of course is a no-no!
>
>Nothing in the S/MIME RFC's says you _have_ to have one. You should be
>able to happily encrypt but not sign e-mail without one. Practicalities
>mean for certain functionality in clients it may be necessary to have
>your own certificate.
>
>--
>Craig McGregor
>Security Specialist
>IT Systems                      http://e.govt.nz/see/mail
>The Treasury            http://www.treasury.govt.nz
>
>
>
>
>-----Original Message-----
>From: Ben Littauer [mailto:littauer@blkk.com]
>Sent: Thursday, 9 May 2002 4:08 a.m.
>To: ietf-smime@imc.org
>Subject: RE: Are certificates _required_ by the sender?
>
>
>
>Interesting you should ask this right now.  I don't believe that there
>is
>any S/MIME requirement that says that the sender needs a cert.  That
>said,
>however, MS Outlook DOES require that you have a cert before it will let
>you
>encrypt a message on someone else's cert that you've received.  Does
>anyone
>know why this is?
>
>-ben-
>
>-----Original Message-----
>From: owner-ietf-smime@mail.imc.org
>[mailto:owner-ietf-smime@mail.imc.org]On Behalf Of Terje Tollisen
>Sent: Wednesday, May 08, 2002 5:26
>To: ietf-smime@imc.org
>Subject: Are certificates _required_ by the sender?
>
>
>
>Is the sender of an email required to have a certificate, or is it
>sufficient for the sender to have a copy of the certificate of the
>recipient? I am thinking of an automated system, where one party will
>always
>be the sender, and never receive emails. In addition, no signatures are
>required. Thus nobody will ever actually need the public key for the
>automated system. However, I'm uncertain if the sender can send S/MIME
>messages without having a certificate of it's own.
>
>Thanks for your time
>-Terry Tollisen
>
>--
>_______________________________________________
>Sign-up for your own FREE Personalized E-mail at Mail.com
>http://www.mail.com/?sr=signup


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4FE76S23811 for ietf-smime-bks; Wed, 15 May 2002 07:07:06 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g4FE74L23802 for <ietf-smime@imc.org>; Wed, 15 May 2002 07:07:04 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 15 May 2002 14:05:24 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA21830 for <ietf-smime@imc.org>; Wed, 15 May 2002 10:07:05 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g4FE5DJ11112 for <ietf-smime@imc.org>; Wed, 15 May 2002 10:05:13 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <K2ZLC29H>; Wed, 15 May 2002 10:07:03 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.50]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K2ZLC29F; Wed, 15 May 2002 10:07:01 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Terje Tollisen <tt@post.com>
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020515100504.037a4d68@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 15 May 2002 10:06:58 -0400
Subject: Re: Are certificates _required_ by the sender?
In-Reply-To: <20020508092613.47880.qmail@mail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Terry:

To sign a message, the originator needs to have a certificate that contains 
the public key that will be used by the recipient to validate the signature.

To encrypt a message, the originator need not have a certificate; however, 
the recipient will generally not be able to authenticate the source of the 
message unless it is signed.

Russ

At 04:26 AM 5/8/2002 -0500, Terje Tollisen wrote:

>Is the sender of an email required to have a certificate, or is it 
>sufficient for the sender to have a copy of the certificate of the 
>recipient? I am thinking of an automated system, where one party will 
>always be the sender, and never receive emails. In addition, no signatures 
>are required. Thus nobody will ever actually need the public key for the 
>automated system. However, I'm uncertain if the sender can send S/MIME 
>messages without having a certificate of it's own.
>
>Thanks for your time
>-Terry Tollisen
>
>--
>_______________________________________________
>Sign-up for your own FREE Personalized E-mail at Mail.com
>http://www.mail.com/?sr=signup


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4FCJwC18823 for ietf-smime-bks; Wed, 15 May 2002 05:19:58 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g4FCJuL18819 for <ietf-smime@imc.org>; Wed, 15 May 2002 05:19:56 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 15 May 2002 12:18:16 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id IAA11118; Wed, 15 May 2002 08:19:56 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g4FCI3e27972; Wed, 15 May 2002 08:18:03 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <K2ZLCHFC>; Wed, 15 May 2002 08:19:52 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.64]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K2ZLCH19; Wed, 15 May 2002 08:19:47 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: smb@research.att.com, jis@mit.edu
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020514180155.0325fd18@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 14 May 2002 18:04:54 -0400
Subject: Proposed Charter Update for S/MIME
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=====================_1791115==_"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

--=====================_1791115==_
Content-Type: text/plain; charset="us-ascii"; format=flowed

Jeff & Steve:

As you probably know, the S/MIME WG charter is out of date.  After much 
discussion on the WG mail list, no one seems to object to this proposed 
update.  Please let us know if it is acceptable to you.

Russ






--=====================_1791115==_
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: attachment; filename="Charter4.txt"


S/MIME Mail Security (smime)

Chair:
     Russ Housley <rhousley@rsasecurity.com>

Security Area Director:
     Jeffrey Schiller <jis@mit.edu>
     Steve Belovin <smb@research.att.com>

Mailing Lists:
     General Discussion: ietf-smime@imc.org
     To Subscribe:       ietf-smime-request@imc.org
     Archive:            http://www.imc.org/ietf-smime/

Description of Working Group:

The S/MIME Working Group has completed a series of Proposed  
Standards that comprise the S/MIME version 3 specification.   
Current efforts update and build upon these base specifications.

The Cryptographic Message Syntax (CMS) is cryptographic algorithm 
independent, yet there is always more than one way to use any 
algorithm.  To ensure interoperability, each algorithm should have
a specification that describes its use with CMS.  Specifications 
for the use of additional cryptographic algorithms will be 
developed.

As part of the specification update, a new suite of "mandatory 
to implement" algorithms will be selected.  These algorithms will
be reflected in updates to RFC 2632 and RFC 2633.

To aid implementers, documents containing example output for CMS
will be collected and published.  Some of the examples will include
structures and signed attributes defined in the Enhanced Security
Services (ESS) document.

In some situations it would be advantageous for the CMS RecipientInfo 
structure to support additional key management techniques, including 
cryptographic keys derived from passwords.  Also, a mechanism to 
facilitate the definition of additional key management techniques
will be defined.

Compressing data prior to encryption or signature has a number of 
advantages.  Compression improves security by removing known data 
patterns, improves throughput by reducing the amount of data which
needs to be encrypted or hashed, and reduces the overall message 
size.  Enabling S/MIME version 3 to use compression will provide 
all of these advantages.

S/MIME version 3 permits the use of previously distributed 
symmetric key-encryption keys.  Specifications for the distribution
of symmetric key-encryption keys to multiple message recipients 
will be developed.  Mail List Agents (MLAs) are one user of 
symmetric key-encryption keys.  The specification will be algorithm 
independent.

S/MIME version 3 supports security labels.  Specifications that show 
how this feature can be used to implement an organizational security 
policy will be developed.  Security policies from large organizations 
will be used as examples.

As part of S/MIME version 3, CMS is used to provide security 
to the message content.  CMS can also be employed in an X.400
electronic messaging envionments.  Specifications will be 
developed allowing this to be done in an interoperable manner.

Perform necessary interoperability testing to progress the S/MIME
version 3 specifications to Draft Standard.  Due to the dependency
of the CMS specification on the PKIX certificate and CRL profile,
the timeline for the actual progression is impossible to estimate.


Goals and Milestones:

History:
     Submit CMS compressed data content type a Proposed Standard.
     Submit security label usage specification as Informational RFC.
     Submit elliptic curve algorithm specification as Informational RFC.
     Submit mail list key distribution as a Proposed Standard.
     Submit update to RFC 2630 as a Proposed Standard.
     Submit AES key wrap algorithm description as Informational RFC.
     Last call on X.400 CMS wrapper specification.
     Last call on X.400 transport specification.
     Last call on HMAC key wrap description specification.
     First draft of CMS and ESS examples document.
     First draft of RSA OAEP algorithm specification.
     First draft of AES algorithm specification.
     First draft of update to RFC 2632.
     Frist draft of update to RFC 2633.

May 2002:
     Submit X.400 CMS wrapper specification as a Proposed Standard.
     Submit X.400 transport as a Proposed Standard.
     Submit HMAC key wrap description as an Informational RFC.

June 2002:
     Last call on CMS and ESS examples document.

July 2002:
     First draft of RSA PSS algorithm specification.
     Last call on update to RFC 2632.
     Last call on update to RFC 2633.
     Last call on AES algorithm specification.
     Last call on RSA OAEP algorithm specification.

August 2002:
     First draft of RSA KEM algorithm specification.
     Submit CMS and ESS examples document as Informational RFC.

October 2002:
     Last call on RSA PSS algorithm specification.
     Sumbit update to RFC 2632 as Proposed Standard.
     Sumbit update to RFC 2633 as Proposed Standard.

November 2002:
     Last call on RSA KEM algorithm specification.

December 2002:
     Sumbit AES algorithm specification as Proposed Standard.
     Submit RSA OAEP algorithm specification as Proposed Standard.

January 2003:
     Submit RSA PSS algorithm specification as Proposed Standard.

February 2003:
     Submit RSA KEM algorithm specification as Proposed Standard.

--=====================_1791115==_--


Received: by above.proper.com (8.11.6/8.11.3) id g4DIrdx22392 for ietf-smime-bks; Mon, 13 May 2002 11:53:39 -0700 (PDT)
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4DIrcL22388 for <ietf-smime@imc.org>; Mon, 13 May 2002 11:53:38 -0700 (PDT)
Received: from DEXTER ([192.168.0.7]) by brutesquadlabs.com with SMTP ; Mon, 13 May 2002 11:53:37 -0700
Message-ID: <035601c1faae$edd61b90$0700a8c0@brutesquadlabs.com>
From: "Blake Ramsdell" <blake@brutesquadlabs.com>
To: "Housley, Russ" <rhousley@rsasecurity.com>
Cc: <ietf-smime@imc.org>
References: <5.1.0.14.2.20020513101158.02d57eb0@exna07.securitydynamics.com>
Subject: Re: AES and OAEP tying
Date: Mon, 13 May 2002 11:49:36 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

----- Original Message -----
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: "Blake Ramsdell" <blake@brutesquadlabs.com>
Cc: <ietf-smime@imc.org>
Sent: Monday, May 13, 2002 7:13 AM
Subject: Re: AES and OAEP tying


> Jim Schaad and I have already started the process to separate AES and
> OAEP.  Actually, they started out in two separate drafts, and were later
> combined.  We are going back to the original approach.

Thanks for the information.

I still would like to see that the explicit ban on PKCS #1 v1.5 with AES be
removed also.

Blake



Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4DETE113813 for ietf-smime-bks; Mon, 13 May 2002 07:29:14 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g4DETCL13808 for <ietf-smime@imc.org>; Mon, 13 May 2002 07:29:12 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 13 May 2002 14:27:34 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA28082 for <ietf-smime@imc.org>; Mon, 13 May 2002 10:29:13 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g4DERNv29476 for <ietf-smime@imc.org>; Mon, 13 May 2002 10:27:23 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <K2ZLBH9S>; Mon, 13 May 2002 10:29:11 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.58]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K2ZLBH92; Mon, 13 May 2002 10:29:03 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Blake Ramsdell <blake@brutesquadlabs.com>
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020513101158.02d57eb0@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 13 May 2002 10:13:27 -0400
Subject: Re: AES and OAEP tying
In-Reply-To: <031a01c1fa60$6fd810c0$0700a8c0@brutesquadlabs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Blake:

Jim Schaad and I have already started the process to separate AES and 
OAEP.  Actually, they started out in two separate drafts, and were later 
combined.  We are going back to the original approach.

Russ

At 02:27 AM 5/13/2002 -0700, Blake Ramsdell wrote:

> From what I can tell, the AES symmetric algorithm and the OAEP key wrapping
>mechanism are being discussed in the same draft.  This is unprecedented as
>far as I can tell -- traditionally we have specified each algorithm in its
>own draft, and it does not seem useful to combine these two algorithms for
>technical reasons.  From what I can tell, this happened between -01
>(3/26/01) and -02 (7/19/01) of draft-ietf-smime-aes-alg.  I have reviewed
>the minutes from the relevant WG minutes, and did not see any significant
>discussion about this pairing -- it just happened at one point.
>
>I guess this is a rhetorical way of saying "It seems that the intent is to
>drag OAEP into the mainstream, and by precluding the use of RSA-PKCS with
>AES, we effectively block the future use of RSA-PKCS if anyone chooses to
>use AES".  Am I missing something?  I know that it's disclaimed in the
>overview that these are separate concepts, but I'm not sure of any editorial
>or technical value of their combination in a single draft.
>
>I personally recommend that OAEP be (re-) separated completely from the AES
>draft.  This seems to make things clearer in the event that an even newer,
>shinier and better symmetric key wrapping mechanism should come along.
>Well, speak of the devil...  ;)  But seriously -- I can't see any good
>editorial or technical reason to tie these mechanisms together.
>
>Also, I recommend that the prohibition of RSA-PKCS be removed for AES.  That
>also does not seem to follow the spirit of algorithm profiles for CMS.  We
>have already covered the concerns of RSA-PKCS extensively.
>
>I may have missed an earlier discussion of this very issue, but I can't find
>it in the archives.  Clarifications welcome, but I don't think this is the
>right way to proceed with these two separate mechanisms, and the current
>document is confusing to me.  Sorry I didn't bring this up earlier, but I
>seem to be paying a little bit of attention now.
>
>(closes bunker door, hiding inside)
>
>Blake
>--
>Blake Ramsdell
>Brute Squad Labs http://www.brutesquadlabs.com


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4DDqqK13186 for ietf-smime-bks; Mon, 13 May 2002 06:52:52 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g4DDqoL13182 for <ietf-smime@imc.org>; Mon, 13 May 2002 06:52:50 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 13 May 2002 13:51:12 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id JAA23528 for <ietf-smime@imc.org>; Mon, 13 May 2002 09:52:27 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g4DDobO24105 for <ietf-smime@imc.org>; Mon, 13 May 2002 09:50:37 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <K2ZLBHGG>; Mon, 13 May 2002 09:52:26 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.71]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K2ZLBHGC; Mon, 13 May 2002 09:52:22 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Paul Hoffman / IMC <phoffman@imc.org>
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020513094556.02d57830@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 13 May 2002 09:49:27 -0400
Subject: Re: Next Draft of Proposed Charter
In-Reply-To: <p0511171bb901e26f1a10@[165.227.249.18]>
References: < <5.1.0.14.2.20020510133730.02cfa208@exna07.securitydynamics.com> <5.1.0.14.2.20020510133730.02cfa208@exna07.securitydynamics.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Paul:

As I see it, we will document the way that these algorithms are 
used.  Then, if at some point in the future, the working group wants to 
change the mandatory to implement key management algorithm, the algorithm 
specification will be done, and there may even be widely deployed.

RSA using PKCS#1_v1.5, OAEP, and KEM all employ the same certificate, so 
this choice does not require any adjustments in the PKI.

Russ

At 01:49 PM 5/10/2002 -0700, Paul Hoffman / IMC wrote:

>At 1:49 PM -0400 5/10/02, Housley, Russ wrote:
>>Here is the next draft of the proposed working group charter.  The 
>>biggest change from the previous posting is that both OAEP and KEM become 
>>standards track documents.
>
>And in what way would that help us get interoperable implementations of 
>S/MIME?
>
>Are the differences between the attacks and mitigations presented by OAEP 
>and KEM really worth the high liklihood of lack of interoperability?
>
>--Paul Hoffman, Director
>--Internet Mail Consortium


Received: by above.proper.com (8.11.6/8.11.3) id g4D9VGJ24382 for ietf-smime-bks; Mon, 13 May 2002 02:31:16 -0700 (PDT)
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4D9VGL24378 for <ietf-smime@imc.org>; Mon, 13 May 2002 02:31:16 -0700 (PDT)
Received: from DEXTER ([192.168.0.7]) by brutesquadlabs.com with SMTP ; Mon, 13 May 2002 02:31:15 -0700
Message-ID: <031a01c1fa60$6fd810c0$0700a8c0@brutesquadlabs.com>
From: "Blake Ramsdell" <blake@brutesquadlabs.com>
To: <ietf-smime@imc.org>
Subject: AES and OAEP tying
Date: Mon, 13 May 2002 02:27:44 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

>From what I can tell, the AES symmetric algorithm and the OAEP key wrapping
mechanism are being discussed in the same draft.  This is unprecedented as
far as I can tell -- traditionally we have specified each algorithm in its
own draft, and it does not seem useful to combine these two algorithms for
technical reasons.  From what I can tell, this happened between -01
(3/26/01) and -02 (7/19/01) of draft-ietf-smime-aes-alg.  I have reviewed
the minutes from the relevant WG minutes, and did not see any significant
discussion about this pairing -- it just happened at one point.

I guess this is a rhetorical way of saying "It seems that the intent is to
drag OAEP into the mainstream, and by precluding the use of RSA-PKCS with
AES, we effectively block the future use of RSA-PKCS if anyone chooses to
use AES".  Am I missing something?  I know that it's disclaimed in the
overview that these are separate concepts, but I'm not sure of any editorial
or technical value of their combination in a single draft.

I personally recommend that OAEP be (re-) separated completely from the AES
draft.  This seems to make things clearer in the event that an even newer,
shinier and better symmetric key wrapping mechanism should come along.
Well, speak of the devil...  ;)  But seriously -- I can't see any good
editorial or technical reason to tie these mechanisms together.

Also, I recommend that the prohibition of RSA-PKCS be removed for AES.  That
also does not seem to follow the spirit of algorithm profiles for CMS.  We
have already covered the concerns of RSA-PKCS extensively.

I may have missed an earlier discussion of this very issue, but I can't find
it in the archives.  Clarifications welcome, but I don't think this is the
right way to proceed with these two separate mechanisms, and the current
document is confusing to me.  Sorry I didn't bring this up earlier, but I
seem to be paying a little bit of attention now.

(closes bunker door, hiding inside)

Blake
--
Blake Ramsdell
Brute Squad Labs http://www.brutesquadlabs.com



Received: by above.proper.com (8.11.6/8.11.3) id g4D8QsK19990 for ietf-smime-bks; Mon, 13 May 2002 01:26:54 -0700 (PDT)
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4D8QsL19984 for <ietf-smime@imc.org>; Mon, 13 May 2002 01:26:54 -0700 (PDT)
Received: from DEXTER ([192.168.0.7]) by brutesquadlabs.com with SMTP ; Mon, 13 May 2002 01:26:52 -0700
Message-ID: <031201c1fa56$aca524c0$0700a8c0@brutesquadlabs.com>
From: "Blake Ramsdell" <blake@brutesquadlabs.com>
To: <ietf-smime@imc.org>
Subject: KEM, OAEP, CMS and S/MIME
Date: Mon, 13 May 2002 01:17:51 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

In light of these recent discussions about KEM vs. OAEP, I want to make sure
we're all on the same page.  ECC, KEM, OAEP, AES, IDEA, CAST-128, ECC,
SHA-256/384/512, etc. etc. are all soon-to-be drafts, drafts and RFCs that
explain how you might use these algorithms and techniques with CMS.

I think there have been two primary questions raised -- "OAEP is sufficient,
why do I need KEM", and "I'm concerned about what this means for the S/MIME
profile of CMS".

As far as the first one goes, there seem to be lots of "redundant" methods
specified for CMS (ECC, Diffie-Hellman, RSA-PKCS for key wrapping, IDEA and
CAST-128 for symmetric algorithms).  Each one has some set of
differentiators that make it more appropriate to use one algorithm over
another in a particular scenario.  OAEP and KEM are in that category also.
The way I see it, we can specify lots and lots of ways to do things with
CMS, and it doesn't really matter one way or another -- this process
embodies those methods in a specification so that you implement your version
the same way as everyone else, and everything's fine.

Is the concern that faced with all of these options, which one should I
pick?  If that's the case, then we're already in that situation with
symmetric algorithms.  Profile writers had better know what they're doing
when the make a profile of CMS that uses one or the other.

Is the concern that OAEP is going to be stillborn and KEM is going to
immediately replace it?  That seems pretty likely, based on the interest and
discussion about KEM.  Write both drafts, make them RFCs and see which one
wins in the new profiles that emerge.

As far as the bearing that all of this has on S/MIME, I think that the
concern is longer term.  Because of the relatively wide adoption of the
current flavors of S/MIME, I think we continue to be cautious about
modifying the profile significantly.  I'm not sure that any of these recent
discussions impact this, but I thought I'd reiterate it.  I share Paul's
concerns that significant changes to deployed profiles would be painful, and
I hope we continue to be conservative in that regard.

Blake
--
Blake Ramsdell
Brute Squad Labs http://www.brutesquadlabs.com



Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4B9JON08993 for ietf-smime-bks; Sat, 11 May 2002 02:19:24 -0700 (PDT)
Received: from zcamail04.zca.compaq.com (zcamail04.zca.compaq.com [161.114.32.104]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4B9JNL08985 for <ietf-smime@imc.org>; Sat, 11 May 2002 02:19:23 -0700 (PDT)
Received: from taynzmail03.nz-tay.cpqcorp.net (taynzmail03.nz-tay.cpqcorp.net [16.47.4.103]) by zcamail04.zca.compaq.com (Postfix) with ESMTP id E443A1444 for <ietf-smime@imc.org>; Sat, 11 May 2002 02:23:38 -0700 (PDT)
Received: from diexch01.xko.dec.com (diexch01.xko.dec.com [16.138.244.57]) by taynzmail03.nz-tay.cpqcorp.net (Postfix) with ESMTP id E6DAC15EA for <ietf-smime@imc.org>; Sat, 11 May 2002 05:19:12 -0400 (EDT)
Received: by diexch01.xko.dec.com with Internet Mail Service (5.5.2650.21) id <JZMWRCDY>; Sat, 11 May 2002 14:42:14 +0530
Message-ID: <7A98AEDB54C13647BBCB33E3FFEF49422C3047@DPEXCH01.digitalindiasw.net>
From: "Pradeep, PK" <pk.pradeep@digital.com>
To: ietf-smime@imc.org
Subject: a query on example of PKCS#7 object
Date: Sat, 11 May 2002 14:55:58 +0530
Importance: high
X-Priority: 1
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
content-class: urn:content-classes:message
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C1F8CB.F0B86370"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01C1F8CB.F0B86370
Content-Type: text/plain;
	charset="iso-8859-1"

hi, 

I was going through the following example of Signed data with attributes. 

can someone tell me what the numbers and colon (:) in left side denotes... 

as per pkcs#7 document following is the defination of signed data. From this
definition it is not clear what the bumbers and colon(:) on left side
denote.

Will highly appreciate for your time to reply this query. 


thank you, 

pradeep 

9.1 SignedData type 


The signed-data content type shall have ASN.1 type SignedData:

SignedData ::= SEQUENCE {
  version Version,
  digestAlgorithms DigestAlgorithmIdentifiers,
  contentInfo ContentInfo,
  certificates
        [0] IMPLICIT ExtendedCertificatesAndCertificates
       OPTIONAL,
  crls
    [1] IMPLICIT CertificateRevocationLists OPTIONAL,
  signerInfos SignerInfos } 
DigestAlgorithmIdentifiers ::=
  SET OF DigestAlgorithmIdentifier 
SignerInfos ::= SET OF SignerInfo 

----------------------------------------------------------------------------
---------------- 

  

..... 
.......... 


------_=_NextPart_000_01C1F8CB.F0B86370
Content-Type: image/bmp;
	name="ole0.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="ole0.bmp"
Content-Location: No%20AttachName

Qk0+rwAAAAAAAD4AAAAoAAAAagIAADACAAABAAEAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAA
AP///wD/////////////////////////////////////////////////////////////////////
/////////////////////////////////8AAAP//////////////////////////////////////
////////////////////////////////////////////////////////////////wAAA////////
///////////////////////////////B////////7///////////////////////////////////
///////////////////AAAD//////w+P/4+H////B+PP//////////////9HA8fHAjPHA//f////
/////////////////////////////////////////////////8AAAP//////93f/d3v///9398//
/////////////zu7u7u7c7u7/9//////////////////////////////////////////////////
////wAAA///////79//3e////7/3////////////////+799u79rf7//3///////////////////
///////////////////////////////////AAAD//////4P3//d7////3wP////////////////7
r327r2t/r/+//////////////////////////////////////////////////////8AAAP//////
e8//z3v////vt8///////////////4ePfbuPW3+P/9//////////////////////////////////
////////////////////wAAA//////979//3e/////e3z///////////////f699u69bf6//3///
///////////////////////////////////////////////////AAAD//////3t3/3d7////d9f/
//////////////9zu7u7uzu7u//f////////////////////////////////////////////////
/////8AAAP//////h4//j4f///+P5////////////////4sDxxECMcMD/+//////////////////
////////////////////////////////////wAAA////////////////////////////////////
///////////////////////////////////////////////////////////////////AAAD/////
////////////////////////////////////////////////////////////////////////////
/////////////////////8AAAP//////////////////////////////////////////////////
////////////////////////////////////////////////////wAAA////////////////////
////////////////////////////////////////////////////////////////////////////
///////AAAD/////////////////////////////////////////////////////////////////
/////////////////////////////////////8AAAP//////////////////////////////////
////////////////////////////////////////////////////////////////////wAAA////
////////////////////////////////////////////////////////////////////////////
///////////////////////AAAD/////////////////////////////////////////////////
/////////////////////////////////////////////////////8AAAP//////D4f/hwf/////
g8///////////////4IzxwPHAx3/g///////////////////////////////////////////////
////////wAAA///////3e/97d//////vz///////////////73Pvu7u7u//v////////////////
///////////////////////////////////////AAAD///////t7/3u//////+//////////////
///va++/e7+3/+///////////////////////////////////////////////////////8AAAP//
////g3v/e9//////7////////////////+9r769xr4f/7///////////////////////////////
////////////////////////wAAA//////97e/977//////vz///////////////71vvj3+Pu//v
///////////////////////////////////////////////////////AAAD//////3t7/3v3////
/+/P///////////////vW++vf6+7/+//////////////////////////////////////////////
/////////8AAAP//////e3v/e3f/////j////////////////+87bbu7u7v/j///////////////
////////////////////////////////////////wAAA//////+Hh/+Hj//////v////////////
////gjEBA8MDB//v///////////////////////////////////////////////////////AAAD/
////////////////////////////////////////////////////////////////////////////
/////////////////////////8AAAP//////////////////////////////////////////////
////////////////////////////////////////////////////////wAAA////////////////
////////////////////////////////////////////////////////////////////////////
///////////AAAD/////////////////////////////////////////////////////////////
/////////////////////////////////////////8AAAP//////////////////////////////
////////////////////////////////////////////////////////////////////////wAAA
////////////////////////////////////////////////////////////////////////////
///////////////////////////AAAD/////////////////////////////////////////////
/////////////////////////////////////////////////////////8AAAP//////////////
/////////////////////8H////////v////////////////////////////////////////////
////////////wAAA//////+Hx/+Ph/+DB4Pvz////////////0cDx8cCM8cD/9//////////////
///////////////////////////////////////////AAAD//////3u7/3d7/+937+/P////////
////O7u7u7tzu7v/3////////////////////////////////////////////////////////8AA
AP//////e7v/93v/77/v7//////////////7v327v2t/v//f////////////////////////////
////////////////////////////wAAA//////97u//3e//v3+/3//////////////uvfbuva3+v
/7/////////////////////////////////////////////////////////AAAD//////4eH/897
/+/v7/fP////////////h499u49bf4//3///////////////////////////////////////////
/////////////8AAAP//////e7//93v/7/fv+8////////////9/r327r1t/r//f////////////
////////////////////////////////////////////wAAA//////973/93e/+Pd497////////
/////3O7u7u7O7u7/9/////////////////////////////////////////////////////////A
AAD//////4fj/4+H/++P7wP/////////////iwPHEQIxwwP/7///////////////////////////
/////////////////////////////8AAAP//////////////////////////////////////////
////////////////////////////////////////////////////////////wAAA////////////
////////////////////////////////////////////////////////////////////////////
///////////////AAAD/////////////////////////////////////////////////////////
/////////////////////////////////////////////8AAAP//////////////////////////
////////////////////////////////////////////////////////////////////////////
wAAA////////////////////////////////////////////////////////////////////////
///////////////////////////////AAAD/////////////////////////////////////////
/////////////////////////////////////////////////////////////8AAAP//////////
////////////////////////////////////////////////////////////////////////////
////////////////wAAA////////////////////////////////////7///////////////////
///////////////////////////////////////////////AAAD//////4cH/4+D/4MHB4PP////
/////0cDx//f////////////////////////////////////////////////////////////////
/8AAAP//////e3f/d+//73d378//////////O7vv/9//////////////////////////////////
////////////////////////////////wAAA//////97v//37//vv7/v///////////7v+//3///
///////////////////////////////////////////////////////////////AAAD//////3vf
//fv/+/f3+////////////uv7/+/////////////////////////////////////////////////
/////////////////8AAAP//////h+//z+//7+/v78//////////h4/v/9//////////////////
////////////////////////////////////////////////wAAA//////979//37//v9/fvz///
//////9/r+//3///////////////////////////////////////////////////////////////
///AAAD//////3t3/3eP/493d4///////////3O7bf/f////////////////////////////////
/////////////////////////////////8AAAP//////h4//j+//74+P7///////////iwMB/+//
////////////////////////////////////////////////////////////////wAAA////////
////////////////////////////////////////////////////////////////////////////
///////////////////AAAD/////////////////////////////////////////////////////
/////////////////////////////////////////////////8AAAP//////////////////////
////////////////////////////////////////////////////////////////////////////
////wAAA////////////////////////////////////////////////////////////////////
///////////////////////////////////AAAD/////////////////////////////////////
/////////////////////////////////////////////////////////////////8AAAP//////
////////////////////////////////////////////////////////////////////////////
////////////////////wAAA////////////////////////////////////////////////////
///////////////////////////////////////////////////AAAD/////////////////////
////////////v///////////////////////////////////////////////////////////////
/////8AAAP///////////////////8/////////////f////////////////////////////////
////////////////////////////////////wAAA////////////////////z////////////9//
///////////////////////////////////////////////////////////////////AAAD/////
////////////////////////////3///////////////////////////////////////////////
/////////////////////8AAAP/////////////////////////////////v////////////////
////////////////////////////////////////////////////wAAA////////////////////
z////////////9//////////////////////////////////////////////////////////////
///////AAAD////////////////////P////////////3///////////////////////////////
/////////////////////////////////////8AAAP/////////////////////////////////f
////////////////////////////////////////////////////////////////////wAAA////
/////////////////////////////7//////////////////////////////////////////////
///////////////////////AAAD/////////////////////////////////////////////////
/////////////////////////////////////////////////////8AAAP//////////////////
////////////////////////////////////////////////////////////////////////////
////////wAAA////////////////////////////////////////////////////////////////
///////////////////////////////////////AAAD/////////////////////////////////
/////////////////////////////////////////////////////////////////////8AAAP//
////////////////////////////////////////////////////////////////////////////
////////////////////////wAAA////////////////////////////////////////////////
///////////////////////////////////////////////////////AAAD/////////////////
////////////////////////////////////////////////////////////////////////////
/////////8AAAP///////////////////////////////////7//////////////////////////
////////////////////////////////////////wAAA////////////////////z///////////
////3//////////////////////////////////////////////////////////////////AAAD/
///////////////////P///////////////f////////////////////////////////////////
/////////////////////////8AAAP///////////////////////////////////9//////////
////////////////////////////////////////////////////////wAAA////////////////
////////////////////7///////////////////////////////////////////////////////
///////////AAAD////////////////////P///////////////f////////////////////////
/////////////////////////////////////////8AAAP///////////////////8//////////
/////9//////////////////////////////////////////////////////////////////wAAA
////////////////////////////////////3///////////////////////////////////////
///////////////////////////AAAD///////////////////////////////////+/////////
/////////////////////////////////////////////////////////8AAAP//////////////
////////////////////////////////////////////////////////////////////////////
////////////wAAA////////////////////////////////////////////////////////////
///////////////////////////////////////////AAAD/////////////////////////////
/////////////////////////////////////////////////////////////////////////8AA
AP//////////////////////////////////////////////////////////////////////////
////////////////////////////wAAA////////////////////////////////////////////
///////////////////////////////////////////////////////////AAAD/////////////
////////////////////////////////////////////////////////////////////////////
/////////////8AAAP//////////////////////////////////////////////////////////
////////////////////////////////////////////wAAA////////////////////////////
///////////////////////////////////////////////////////////////////////////A
AAD////////////////////P/////////////////++H/8fH/8eH/weH/8eP/8cf/8cD/+/j/8eH
/8cD/+/j/wcD/////////////////8AAAP///////////////////8//////////////////73v/
u7v/u3v/d3v/u3f/u7//u7v/7/f/u3v/u7v/7/f/d7v/////////////////wAAA////////////
///////////////////////////ve/+7f/+7+/+/e/+79/+7v/+7v//v9/+7+/+7v//v9/+/v///
///////////////AAAD///////////////////////////////////////d7/7t//7v7/997/7v3
/7uv/7uv//cD/7v7/7uv//cD/9+v/////////////////8AAAP///////////////////8//////
////////////93v/h3//h4f/73v/h8//h4//h4//97f/h4f/h4//97f/74//////////////////
wAAA////////////////////z//////////////////7e/+/f/+/v//3e/+/9/+/r/+/r//7t/+/
v/+/r//7t//3r//////////////////AAAD//////////////////////////////////////3t7
/9+7/9+//3d7/993/9+7/9+7/3vX/9+//9+7/3vX/3e7/////////////////8AAAP//////////
////////////////////////////A4f/48P/44P/j4f/44//4wP/4wP/A+f/44P/4wP/A+f/jwP/
////////////////wAAA////////////////////////////////////////////////////////
///////////////////////////////////////////////AAAD/////////////////////////
////////////////////////////////////////////////////////////////////////////
/8AAAP//////////////////////////////////////////////////////////////////////
////////////////////////////////wAAA////////////////////////////////////////
///////////////////////////////////////////////////////////////AAAD/////////
////////////////////////////////////////////////////////////////////////////
/////////////////8AAAP//////////////////////////////////////////////////////
////////////////////////////////////////////////wAAA////////////////////////
////////////////////////////////////////////////////////////////////////////
///AAAD/////////////////////////////////////////////////////////////////////
/////////////////////////////////8AAAP///////////////////8//////////////////
h+P/x4f/xw//74//B4f/xw//74//B4f/74//xx//xw//x4f/B4f/74//x4P/xw//wAAA////////
////////////z/////////////////979/+7e/+79//vd/93e/+79//vd/93e//vd/+7v/+7t/+7
e/93e//vd/+77/+7t//AAAD///////////////////////////////////////v3/7t7/7v7/+/3
/797/7v7/+/3/797/+/3/7u//7u7/7v7/797/+/3/7vv/7u7/8AAAP//////////////////////
////////////////+wP/u3v/u4P/9/f/33v/u4P/9/f/33v/9/f/u6//u7v/u/v/33v/9/f/u+//
u7v/wAAA////////////////////z/////////////////+Ht/+Hh/+He//3z//ve/+He//3z//v
e//3z/+Hj/+Hu/+Hh//ve//3z/+H7/+Hu//AAAD////////////////////P////////////////
/7+3/797/797//v3//d7/797//v3//d7//v3/7+v/7+7/7+///d7//v3/7/v/7+7/8AAAP//////
////////////////////////////////v9f/33v/33v/e3f/d3v/33v/e3f/d3v/e3f/37v/37f/
37//d3v/e3f/34//37f/wAAA//////////////////////////////////////+D5//jh//jh/8D
j/+Ph//jh/8Dj/+Ph/8Dj//jA//jD//jg/+Ph/8Dj//j7//jD//AAAD/////////////////////
////////////////////////////////////////////////////////////////////////////
/////8AAAP//////////////////////////////////////////////////////////////////
////////////////////////////////////wAAA////////////////////////////////////
///////////////////////////////////////////////////////////////////AAAD/////
////////////////////////////////////////////////////////////////////////////
/////////////////////8AAAP//////////////////////////////////////////////////
////////////////////////////////////////////////////wAAA////////////////////
////////////////////////////////////////////////////////////////////////////
///////AAAD/////////////////////////////////////////////////////////////////
/////////////////////////////////////8AAAP//////////////////////////////////
////////////////////////////////////////////////////////////////////wAAA////
//+HB/+H4////weHz///////////////x8fHA8f/R8cdgjPH////////////////////////////
///////////////////////AAAD//////3t3/3v3////d3vP//////////////+7u++77/8777vv
c7v//////////////////////////////////////////////////8AAAP//////+7//e/f///+/
e////////////////31/77/v//vvt+9re///////////////////////////////////////////
////////wAAA///////73/97A////997////////////////fX/vr+//+++H72tx////////////
///////////////////////////////////////AAAD//////4fv/3u3////74fP////////////
//99f++P7/+H77vvW3///////////////////////////////////////////////////8AAAP//
////v/f/e7f////3e8///////////////31/76/v/3/vu+9bf///////////////////////////
////////////////////////wAAA//////+/d/971////3d7////////////////u7ttu23/c227
7zu7///////////////////////////////////////////////////AAAD//////4OP/4fn////
j4f////////////////HwwEDAf+LAQeCMcP/////////////////////////////////////////
/////////8AAAP//////////////////////////////////////////////////////////////
////////////////////////////////////////wAAA////////////////////////////////
///////////////////////////////////////////////////////////////////////AAAD/
////////////////////////////////////////////////////////////////////////////
/////////////////////////8AAAP//////////////////////////////////////////////
////////////////////////////////////////////////////////wAAA////////////////
////////////////////////////////////////////////////////////////////////////
///////////AAAD/////////////////////////////////////////////////////////////
/////////////////////////////////////////8AAAP//////////////////////////////
///H/x//////////////////////////////////////////////////////////////////wAAA
/////////////////////////////////9//3//v////////////////////////////////////
///////////////////////////AAAD//////4eH/xGH////j4fP////////////34ff/9//////
/////////////////////////////////////////////////////////8AAAP//////e3v/u3v/
//93e8/////////////fe9//3///////////////////////////////////////////////////
////////////wAAA///////7e//He/////d7/////////////9973//f////////////////////
///////////////////////////////////////////AAAD///////t7/9d7////93v/////////
////33vf/7///////////////////////////////////////////////////////////////8AA
AP//////h3v/13v////Pe8/////////////fe9//3///////////////////////////////////
////////////////////////////wAAA//////+/e//Xe/////d7z////////////9973//f////
///////////////////////////////////////////////////////////AAAD//////797/+97
////d3v/////////////33vf/9//////////////////////////////////////////////////
/////////////8AAAP//////g4f/z4f///+Ph//////////////Hhx//7///////////////////
////////////////////////////////////////////wAAA////////////////////////////
///////////////////////////////////////////////////////////////////////////A
AAD/////////////////////////////////////////////////////////////////////////
/////////////////////////////8AAAP//////////////////////////////////////////
////////////////////////////////////////////////////////////wAAA////////////
////////////////////////////////////////////////////////////////////////////
///////////////AAAD/////////////////////////////////////////////////////////
/////////////////////////////////////////////8AAAP//////////////////////////
////////////////////////////////////////////////////////////////////////////
wAAA////////////////////////////////////9/////////+/////////////////////////
///////////////////////////////AAAD////////////////////////////////////3////
//9v/7///////////////////////////////////////////////////////8AAAP//////////
/////////8///////////////+8fGcdH/2/v3///////////////////////////////////////
////////////////wAAA////////////////////z///////////////77+7uzv/t+/f////////
///////////////////////////////////////////////AAAD/////////////////////////
///////////vv7d/+/8D79//////////////////////////////////////////////////////
/8AAAP///////////////////////////////////++Hj3/7/7f33///////////////////////
////////////////////////////////wAAA////////////////////z///////////////77uv
f4f/t/ff///////////////////////////////////////////////////////AAAD/////////
///////////P///////////////vu7d/f/8D+9//////////////////////////////////////
/////////////////8AAAP////////////////////////////////////e7u7tz/7d7v///////
////////////////////////////////////////////////wAAA////////////////////////
////////////9wcRw4v/2wO/////////////////////////////////////////////////////
///AAAD////////////////////////////////////////////b////////////////////////
/////////////////////////////////8AAAP//////////////////////////////////////
////////////////////////////////////////////////////////////////wAAA////////
////////////////////////////////////////////////////////////////////////////
///////////////////AAAD/////////////////////////////////////////////////////
/////////////////////////////////////////////////8AAAP//////////////////////
////////////////////////////////////////////////////////////////////////////
////wAAA////////////////////////////////////////////////////////////////////
///////////////////////////////////AAAD/////////////////////////////////////
///////////////////////////3//////////////////////////+//////////8AAAP//////
//////////////////////////////////////////////////////////f/////////////////
/////////7//////////wAAA//////+PD/+Hx/////8Pz////////////8cHjwPHx/+DDwIzx4Mf
gwMd/4mJx4n/74P/B/+H44f/g4OPh+MP/4P/7/+D3//////////AAAD//////3f3/3u7//////fP
////////////u7t3u7vv/++3u3Pv77/vu7v/c3O7c//v7/93/3v3e//v73d79/f/7//v/+/f////
/////8AAAP//////9/v/e7v/////+/////////////99u3e/f+//77u/a+/vv++/t/97e797/+/v
/7//e/d7/+/v9/v3+//v/+//79//////////wAAA///////3g/97u/////+D/////////////327
d69/7//vu69r7++v76+H/3uDv4P/7+//3/97A3v/7+/3+wOD/+//9//v3//////////AAAD/////
/897/3uH/////3vP////////////fYf3j3/v/++7j1vv74/vj7v/c3u/e//v7//v/4e3e//v78+H
t3v/7//3/+/f/////////8AAAP//////93v/e7//////e8////////////99u/evf+//77uvW+/v
r++vu/+LhweH/+/v//f/e7d7/+/v97+3e//v//v/79//////////wAAA//////93e/973/////97
/////////////7u797u7bf/vt7s7be+777u7//v/v///94//d/9713v/j493v9d7/4//e/+Pv///
///////AAAD//////4+H/4fj/////4f/////////////xwfDA8MB/4MPAjEBgwODAwf/8//////3
7/+P/4fnh//v74+D54f/7/8D/++//////////8AAAP//////////////////////////////////
////////////////////////////////////////////////////////////////////wAAA////
////////////////////////////////////////////////////////////////////////////
///////////////////////AAAD/////////////////////////////////////////////////
/////////////////////////////////////////////////////8AAAP//////////////////
////////////////////////////////////////////////////////////////////////////
////////wAAA////////////////////////////////////////////////////////////////
///////////////////////////////////////AAAD/////////////////////////////////
/////////////////////////////////////////////////////////////////////8AAAP//
////////////////////////////////////////////////////////////////////////////
////////////////////////wAAA/////////////////////////////////8H////////v////
///////////////////////////////////////////////////////AAAD//////4/v/4+H////
44/P/////////0cDx8cCM8cD/9//////////////////////////////////////////////////
/////////8AAAP//////d+//d3v////3d8//////////O7u7u7tzu7v/3///////////////////
////////////////////////////////////////wAAA///////37//3e/////f3///////////7
v327v2t/v//f///////////////////////////////////////////////////////////AAAD/
//////f3//d7////A/f///////////uvfbuva3+v/7//////////////////////////////////
/////////////////////////8AAAP//////z/f/z3v///+3z8//////////h499u49bf4//3///
////////////////////////////////////////////////////////wAAA///////3+//3e///
/7f3z/////////9/r327r1t/r//f////////////////////////////////////////////////
///////////AAAD//////3d7/3d7////13f//////////3O7u7u7O7u7/9//////////////////
/////////////////////////////////////////8AAAP//////jwP/j4f////nj///////////
iwPHEQIxwwP/7///////////////////////////////////////////////////////////wAAA
////////////////////////////////////////////////////////////////////////////
///////////////////////////AAAD/////////////////////////////////////////////
/////////////////////////////////////////////////////////8AAAP//////////////
////////////////////////////////////////////////////////////////////////////
////////////wAAA////////////////////////////////////////////////////////////
///////////////////////////////////////////AAAD/////////////////////////////
/////////////////////////////////////////////////////////////////////////8AA
AP//////////////////////////////////////////////////////////////////////////
////////////////////////////wAAA////////////////////////////////////////////
///////////////////////////////////////////////////////////AAAD/////////////
////////////////////v///////////////////////////////////////////////////////
/////////////8AAAP///////////////////8/////////////f////////////////////////
////////////////////////////////////////////wAAA////////////////////z///////
/////9/////////////////////////////////////////////////////////////////////A
AAD/////////////////////////////////3///////////////////////////////////////
/////////////////////////////8AAAP/////////////////////////////////v////////
////////////////////////////////////////////////////////////wAAA////////////
////////z////////////9//////////////////////////////////////////////////////
///////////////AAAD////////////////////P////////////3///////////////////////
/////////////////////////////////////////////8AAAP//////////////////////////
///////f////////////////////////////////////////////////////////////////////
wAAA/////////////////////////////////7//////////////////////////////////////
///////////////////////////////AAAD/////////////////////////////////////////
/////////////////////////////////////////////////////////////8AAAP//////////
////////////////////////////////////////////////////////////////////////////
////////////////wAAA////////////////////////////////////////////////////////
///////////////////////////////////////////////AAAD/////////////////////////
////////////////////////////////////////////////////////////////////////////
/8AAAP//////////////////////////////////////////////////////////////////////
////////////////////////////////wAAA////////////////////////////////////////
///////////////////////////////////////////////////////////////AAAD/////////
////////////////////////////////////////////////////////////////////////////
/////////////////8AAAP///////////////////////////////////7//////////////////
////////////////////////////////////////////////wAAA////////////////////z///
////////////3///////////////////////////////////////////////////////////////
///AAAD////////////////////P///////////////f////////////////////////////////
/////////////////////////////////8AAAP///////////////////////////////////9//
////////////////////////////////////////////////////////////////wAAA////////
////////////////////////////7///////////////////////////////////////////////
///////////////////AAAD////////////////////P///////////////f////////////////
/////////////////////////////////////////////////8AAAP///////////////////8//
/////////////9//////////////////////////////////////////////////////////////
////wAAA////////////////////////////////////3///////////////////////////////
///////////////////////////////////AAAD///////////////////////////////////+/
/////////////////////////////////////////////////////////////////8AAAP//////
////////////////////////////////////////////////////////////////////////////
////////////////////wAAA////////////////////////////////////////////////////
///////////////////////////////////////////////////AAAD/////////////////////
////////////////////////////////////////////////////////////////////////////
/////8AAAP//////////////////////////////////////////////////////////////////
////////////////////////////////////wAAA////////////////////////////////////
///////////////////////////////////////////////////////////////////AAAD/////
////////////////////////////////////////////////////////////////////////////
/////////////////////8AAAP//////////////////////////////////////9////7//////
////////////////////////////////////////////////////wAAA////////////////////
///////////////////3////v///////////////////////////////////////////////////
///////AAAD////////////////////P/////////////////+/Hg9ff////////////////////
/////////////////////////////////////8AAAP///////////////////8//////////////
////77vvq9//////////////////////////////////////////////////////////wAAA////
///////////////////////////////////vfe+r3///////////////////////////////////
///////////////////////AAAD//////////////////////////////////////+9976vf////
/////////////////////////////////////////////////////8AAAP//////////////////
/8//////////////////733vq9//////////////////////////////////////////////////
////////wAAA////////////////////z//////////////////vfe+73///////////////////
///////////////////////////////////////AAAD/////////////////////////////////
//////e777u//////////////////////////////////////////////////////////8AAAP//
////////////////////////////////////98eDEb//////////////////////////////////
////////////////////////wAAA////////////////////////////////////////////////
///////////////////////////////////////////////////////AAAD/////////////////
////////////////////////////////////////////////////////////////////////////
/////////8AAAP//////////////////////////////////////////////////////////////
////////////////////////////////////////wAAA////////////////////////////////
///////////////////////////////////////////////////////////////////////AAAD/
////////////////////////////////////////////////////////////////////////////
/////////////////////////8AAAP//////////////////////////////////////////////
////////////////////////////////////////////////////////wAAA////////////////
///////////////////////////////////////////////////3/////////////////7//////
///////////AAAD/////////////////////////////////////////////////////////////
//////f/////////////////v////////////////8AAAP//////j4f/h8f/////h8//////////
/////8cHjwPHx/+DDwIzx4MfgwMd/wcRiYP/74P/j/+D4/+P/wf/B8ff////////////////wAAA
//////93e/97u/////97z///////////////u7t3u7vv/++3u3Pv77/vu7v/e7tz7//v7/93/+/3
/3f/d/93u9/////////////////AAAD///////d7/3u7//////v///////////////99u3e/f+//
77u/a+/vv++/t//7u3vv/+/v//f/7/f/9/+//7+73////////////////8AAAP//////93v/e7v/
////+////////////////327d69/7//vu69r7++v76+H/4e7g+//7+//9//vA//3/9//37vf////
////////////wAAA///////Pe/97h/////+Hz///////////////fYf3j3/v/++7j1vv74/vj7v/
e5t77//v7//P/++3/8//7//vh9/////////////////AAAD///////d7/3u//////7/P////////
//////99u/evf+//77uvW+/vr++vu/+Dp4fv/+/v//f/77f/9//3//e/3////////////////8AA
AP//////d3v/e9//////v////////////////7u797u7bf/vt7s7be+777u7//+//4//94//d/+P
1/93/3f/d9+/////////////////wAAA//////+Ph/+H4/////+D////////////////xwfDA8MB
/4MPAjEBgwODAwf//z//7//37/+P/+/n/4//j/+P47/////////////////AAAD/////////////
////////////////////////////////////////////////////////////////////////////
/////////////8AAAP//////////////////////////////////////////////////////////
////////////////////////////////////////////wAAA////////////////////////////
///////////////////////////////////////////////////////////////////////////A
AAD/////////////////////////////////////////////////////////////////////////
/////////////////////////////8AAAP//////////////////////////////////////////
////////////////////////////////////////////////////////////wAAA////////////
////////////////////////////////////////////////////////////////////////////
///////////////AAAD/////////////////////////////////////////////////////////
/////////////////////////////////////////////8AAAP//////////////////////////
/////////8H////////v////////////////////////////////////////////////////////
wAAA//////8Hh/+Ph//////vz////////////0cDx8cCM8cD/9//////////////////////////
///////////////////////////////AAAD//////3d7/3d7/////+/P////////////O7u7u7tz
u7v/3////////////////////////////////////////////////////////8AAAP//////v3v/
93v/////7//////////////7v327v2t/v//f////////////////////////////////////////
////////////////wAAA///////fe//3e//////3//////////////uvfbuva3+v/7//////////
///////////////////////////////////////////////AAAD//////++H/897//////fP////
////////h499u49bf4//3///////////////////////////////////////////////////////
/8AAAP//////93v/93v/////+8////////////9/r327r1t/r//f////////////////////////
////////////////////////////////wAAA//////93e/93e/////97/////////////3O7u7u7
O7u7/9/////////////////////////////////////////////////////////AAAD//////4+H
/4+H/////wP/////////////iwPHEQIxwwP/7///////////////////////////////////////
/////////////////8AAAP//////////////////////////////////////////////////////
////////////////////////////////////////////////wAAA////////////////////////
////////////////////////////////////////////////////////////////////////////
///AAAD/////////////////////////////////////////////////////////////////////
/////////////////////////////////8AAAP//////////////////////////////////////
////////////////////////////////////////////////////////////////wAAA////////
////////////////////////////////////////////////////////////////////////////
///////////////////AAAD/////////////////////////////////////////////////////
/////////////////////////////////////////////////8AAAP//////////////////////
////////////////////////////////////////////////////////////////////////////
////wAAA////////////////////////////////////7///////////////////////////////
///////////////////////////////////AAAD//////wfH/4+D/////w/P/////////0cDx//f
/////////////////////////////////////////////////////////////////8AAAP//////
d7v/d+//////98//////////O7vv/9//////////////////////////////////////////////
////////////////////wAAA//////+/u//37//////7///////////7v+//3///////////////
///////////////////////////////////////////////////AAAD//////9+7//fv/////4P/
//////////uv7/+/////////////////////////////////////////////////////////////
/////8AAAP//////74f/z+//////e8//////////h4/v/9//////////////////////////////
////////////////////////////////////wAAA///////3v//37/////97z/////////9/r+//
3//////////////////////////////////////////////////////////////////AAAD/////
/3ff/3eP/////3v//////////3O7bf/f////////////////////////////////////////////
/////////////////////8AAAP//////j+P/j+//////h///////////iwMB/+//////////////
////////////////////////////////////////////////////wAAA////////////////////
////////////////////////////////////////////////////////////////////////////
///////AAAD/////////////////////////////////////////////////////////////////
/////////////////////////////////////8AAAP//////////////////////////////////
////////////////////////////////////////////////////////////////////wAAA////
////////////////////////////////////////////////////////////////////////////
///////////////////////AAAD/////////////////////////////////////////////////
/////////////////////////////////////////////////////8AAAP//////////////////
////////////////////////////////////////////////////////////////////////////
////////wAAA////////////////////////////////////////////////////////////////
///////////////////////////////////////AAAD/////////////////////////////////
/////////////////////////////////////////////////////////////////////8AAAP//
////B4//hwf/////g8//////////gjPHA8cDHf+D////////////////////////////////////
////////////////////////wAAA//////93d/97d//////vz//////////vc++7u7u7/+//////
///////////////////////////////////////////////////////AAAD//////7/3/3u/////
/+///////////+9r7797v7f/7///////////////////////////////////////////////////
/////////8AAAP//////3/f/e9//////7///////////72vvr3Gvh//v////////////////////
////////////////////////////////////////wAAA///////vz/977//////vz//////////v
W++Pf4+7/+/////////////////////////////////////////////////////////////AAAD/
//////f3/3v3/////+/P/////////+9b769/r7v/7///////////////////////////////////
/////////////////////////8AAAP//////d3f/e3f/////j///////////7zttu7u7u/+P////
////////////////////////////////////////////////////////wAAA//////+Pj/+Hj///
///v//////////+CMQEDwwMH/+//////////////////////////////////////////////////
///////////AAAD/////////////////////////////////////////////////////////////
/////////////////////////////////////////8AAAP//////////////////////////////
////////////////////////////////////////////////////////////////////////wAAA
////////////////////////////////////////////////////////////////////////////
///////////////////////////AAAD/////////////////////////////////////////////
/////////////////////////////////////////////////////////8AAAP//////////////
////////////////////////////////////////////////////////////////////////////
////////////wAAA////////////////////////////////////////////////////////////
///////////////////////////////////////////AAAD/////////////////////////////
/////////////////////////////////////////////////////////////////////////8AA
AP//////////////////////////////wf///////+//////////////////////////////////
////////////////////////////wAAA//////+DD/+Ph/+DB4fjz///////RwPHxwIzxwP/3///
///////////////////////////////////////////////////////////AAAD//////+/3/3d7
/+93e/fP//////87u7u7u3O7u//f////////////////////////////////////////////////
/////////////8AAAP//////7/v/93v/77979/////////u/fbu/a3+//9//////////////////
////////////////////////////////////////////wAAA///////vg//3e//v33sD////////
+699u69rf6//v//////////////////////////////////////////////////////////////A
AAD//////+97/897/+/vh7fP//////+Hj327j1t/j//f////////////////////////////////
/////////////////////////////8AAAP//////73v/93v/7/d7t8///////3+vfbuvW3+v/9//
////////////////////////////////////////////////////////////wAAA//////+Pe/93
e/+Pd3vX////////c7u7u7s7u7v/3///////////////////////////////////////////////
///////////////AAAD//////++H/4+H/++Ph+f///////+LA8cRAjHDA//v////////////////
/////////////////////////////////////////////8AAAP//////////////////////////
////////////////////////////////////////////////////////////////////////////
wAAA////////////////////////////////////////////////////////////////////////
///////////////////////////////AAAD/////////////////////////////////////////
/////////////////////////////////////////////////////////////8AAAP//////////
////////////////////////////////////////////////////////////////////////////
////////////////wAAA////////////////////////////////////////////////////////
///////////////////////////////////////////////AAAD/////////////////////////
////////////////////////////////////////////////////////////////////////////
/8AAAP/////////////////////////H/x//////////////////////////////////////////
////////////////////////////////wAAA/////////////////////////9//3//v////////
///////////////////////////////////////////////////////////////AAAD//////4OH
/xGH/4MHh4fP////34ff/9//////////////////////////////////////////////////////
/////////////////8AAAP//////73v/u3v/73d7e8/////fe9//3///////////////////////
////////////////////////////////////////////////wAAA///////v+//He//vv3t7////
/9973//f////////////////////////////////////////////////////////////////////
///AAAD//////+/7/9d7/+/fe3v/////33vf/7//////////////////////////////////////
/////////////////////////////////8AAAP//////74f/13v/7++Hh8/////fe9//3///////
////////////////////////////////////////////////////////////////wAAA///////v
v//Xe//v93t7z////9973//f////////////////////////////////////////////////////
///////////////////AAAD//////4+//+97/493e3v/////33vf/9//////////////////////
/////////////////////////////////////////////////8AAAP//////74P/z4f/74+Hh///
///Hhx//7///////////////////////////////////////////////////////////////////
////wAAA////////////////////////////////////////////////////////////////////
///////////////////////////////////AAAD/////////////////////////////////////
/////////////////////////////////////////////////////////////////8AAAP//////
////////////////////////////////////////////////////////////////////////////
////////////////////wAAA////////////////////////////////////////////////////
///////////////////////////////////////////////////AAAD/////////////////////
////////////////////////////////////////////////////////////////////////////
/////8AAAP//////////////////////////////////////////////////////////////////
////////////////////////////////////wAAA////////////////////////////9///////
//+////////////////////////////////////////////////////////////////AAAD/////
///////////////////////3//////9v/7//////////////////////////////////////////
/////////////////////8AAAP///////////////////8///////+8fGcdH/2/v3///////////
////////////////////////////////////////////////////wAAA////////////////////
z///////77+7uzv/t+/f////////////////////////////////////////////////////////
///////AAAD////////////////////////////vv7d/+/8D79//////////////////////////
/////////////////////////////////////8AAAP///////////////////////////++Hj3/7
/7f33///////////////////////////////////////////////////////////////wAAA////
////////////////z///////77uvf4f/t/ff////////////////////////////////////////
///////////////////////AAAD////////////////////P///////vu7d/f/8D+9//////////
/////////////////////////////////////////////////////8AAAP//////////////////
//////////e7u7tz/7d7v///////////////////////////////////////////////////////
////////wAAA////////////////////////////9wcRw4v/2wO/////////////////////////
///////////////////////////////////////AAAD/////////////////////////////////
///b/////////////////////////////////////////////////////////////////8AAAP//
////////////////////////////////////////////////////////////////////////////
////////////////////////wAAA////////////////////////////////////////////////
///////////////////////////////////////////////////////AAAD/////////////////
////////////////////////////////////////////////////////////////////////////
/////////8AAAP//////////////////////////////////////////////////////////////
////////////////////////////////////////wAAA////////////////////////////////
///////////////////////////////////////////////////////////////////////AAAD/
//////////////////////////////////////////////////+H///////////3////////////
//////////////+//////////8AAAP//////////////////////////////////////////////
//////v///////////f//////////////////////////7//////////wAAA////////4/+Hx///
//8Pz////8cHjwPHx/+DDwIzx4MfgwMd/weDixGDiQ+Jx4n/74P/B/+H44f/g4OPh+MP/4P/7/8H
3//////////AAAD////////3/3u7//////fP////u7t3u7vv/++3u3Pv77/vu7v/e+9zu39zt3O7
c//v7/93/3v3e//v73d79/f/7//v/3ff/////////8AAAP////////f/e7v/////+/////99u3e/
f+//77u/a+/vv++/t//773u7f3u7e797/+/v/7//e/d7/+/v9/v3+//v/+//v9//////////wAAA
////////A/97u/////+D/////327d69/7//vu69r7++v76+H/4fve7sDe7uDv4P/7+//3/97A3v/
7+/3+wOD/+//9//f3//////////AAAD///////+3/3uH/////3vP////fYf3j3/v/++7j1vv74/v
j7v/e+9zm3tzu3u/e//v7//v/4e3e//v78+Ht3v/7//3/+/f/////////8AAAP///////7f/e7//
////e8////99u/evf+//77uvW+/vr++vu/+Dj4knh4u7hweH/+/v//f/e7d7/+/v97+3e//v//v/
99//////////wAAA////////1/973/////97/////7u797u7bf/vt7s7be+777u7////////+7f/
v///94//d/9713v/j493v9d7/4//e/93v//////////AAAD////////n/4fj/////4f/////xwfD
A8MB/4MPAjEBgwODAwf//+/////zD//////37/+P/4fnh//v74+D54f/7/8D/4+//////////8AA
AP//////////////////////////////////////////////////////////////////////////
////////////////////////////wAAA////////////////////////////////////////////
///////////////////////////////////////////////////////////AAAD/////////////
////////////////////////////////////////////////////////////////////////////
/////////////8AAAP//////////////////////////////////////////////////////////
////////////////////////////////////////////wAAA////////////////////////////
///////////////////////////////////////////////////////////////////////////A
AAD/////////////////////////////////////////////////////////////////////////
/////////////////////////////8AAAP//////////////////////////////////////////
////////////////////////////////////////////////////////////wAAA////////////
/////////////8H////////v////////////////////////////////////////////////////
///////////////AAAD///////+H/4+H/4OPh4/P/0cDx8cCM8cD/9//////////////////////
/////////////////////////////////////////////8AAAP///////3v/d3v/73d7d8//O7u7
u7tzu7v/3///////////////////////////////////////////////////////////////////
wAAA////////e//3e//v93v3///7v327v2t/v//f////////////////////////////////////
///////////////////////////////AAAD///////97//d7/+/3e/f///uvfbuva3+v/7//////
/////////////////////////////////////////////////////////////8AAAP///////3v/
z3v/7897z8//h499u49bf4//3///////////////////////////////////////////////////
////////////////wAAA////////e//3e//v93v3z/9/r327r1t/r//f////////////////////
///////////////////////////////////////////////AAAD///////97/3d7/493e3f//3O7
u7u7O7u7/9//////////////////////////////////////////////////////////////////
/8AAAP///////4f/j4f/74+Hj///iwPHEQIxwwP/7///////////////////////////////////
////////////////////////////////wAAA////////////////////////////////////////
///////////////////////////////////////////////////////////////AAAD/////////
////////////////////////////////////////////////////////////////////////////
/////////////////8AAAP//////////////////////////////////////////////////////
////////////////////////////////////////////////wAAA////////////////////////
////////////////////////////////////////////////////////////////////////////
///AAAD/////////////////////////////////////////////////////////////////////
/////////////////////////////////8AAAP//////////////////////////////////////
////////////////////////////////////////////////////////////////wAAA////////
////////////////////////////////////////////////////////////////////////////
///////////////////AAAD/////////////////////////////////////////////////////
/////////////////////////////////////////////////8AAAP//////////////////////
////////////////////////////////////////////////////////////////////////////
////wAAA////////////////////////////////////////////////////////////////////
///////////////////////////////////AAAD/////////////////////////////////////
/////////////////////////////////////////////////////////////////8AAAP//////
////////////////////////////////////////////////////////////////////////////
////////////////////wAAA////////////////////////////////////////////////////
///////////////////////////////////////////////////AAAD/////////////////////
////////////////////////////////////////////////////////////////////////////
/////8AAAP//////////////////////////////////////////////////////////////////
////////////////////////////////////wAAA////////////////////////////////////
///////////////////////////////////////////////////////////////////AAAD/////
////////////////////////////////////////////////////////////////////////////
/////////////////////8AAAP//////////////////////////////////////////////////
////////////////////////////////////////////////////wAAA////////////////////
////////////////////////////////////////////////////////////////////////////
///////AAAD/////////////////////////////////////////////////////////////////
/////////////////////////////////////8AAAP//////////////////////////////////
////////////////////////////////////////////////////////////////////wAAA////
////////////////////////////////////////////////////////////////////////////
///////////////////////AAAD/////////////////////////////////////////////////
/////////////////////////////////////////////////////8AAAP//////////////////
////////////////////////////////////////////////////////////////////////////
////////wAAA////yRExEYfXEf/Hgw/P////////////////////////////////////////////
///////////////////////////////////////AAAD///+zu7e7e6u7/7vvt8//////////////
/////////////////////////////////////////////////////////////////////8AAAP//
/7u7r7t7q7v/fe+7////////////////////////////////////////////////////////////
////////////////////////wAAA/wP/u7uPu3uru/9977v/////////////////////////////
///////////////////////////////////////////////////////AAAD///+7m7ebe7ub/33v
u///////////////////////////////////////////////////////////////////////////
/////////8AAAP///zMnoSeHESf/fe+7////////////////////////////////////////////
////////////////////////////////////////wAAA//////+///////+777f/////////////
///////////////////////////////////////////////////////////////////////AAAD/
/////z///////8eDD///////////////////////////////////////////////////////////
/////////////////////////8AAAP//////////////////////////////////////////////
////////////////////////////////////////////////////////wAAA////////////////
////////////////////////////////////////////////////////////////////////////
///////////AAAD/////////////////////////////////////////////////////////////
/////////////////////////////////////////8AAAP//////////////////////////////
////////////////////////////////////////////////////////////////////////wAAA
////////////////////////////////////////////////////////////////////////////
///////////////////////////AAAD/////////////////////////////////////////////
/////////////////////////////////////////////////////////8AAAP//////////////
/48f////////j///////////////////////////////////////////////////////////////
////////////wAAA////////////////77/////////v////////////////////////////////
///////////////////////////////////////////AAAD///8HEYMRAwMRhwfvh8eDhxEZg+8f
B4MDgweDEYeD/////////////////////////////////////////////////////////////8AA
AP///3u777u7u7t7v9e7u+97u7t/17+/f99/v3+7e3//////////////////////////////////
////////////////////////////wAAA////+7vvu7+/u3+/17u/73u7t3/Xv79/33+/f7t/f///
///////////////////////////////////////////////////////////AAAD/A/+Hq++rr6+7
f7+7u7/ve7uPA7uHvwPfA78Du38D////////////////////////////////////////////////
/////////////8AAAP///3ur76uPj5tzn7ubv+97m697u7ufe997n3ubc3v/////////////////
////////////////////////////////////////////wAAA////g5Pvk6+vJ4sjEScHj4cnt4cR
uyOHA4cjhyeLh//////////////////////////////////////////////////////////////A
AAD/////k++Tu7v//////7////+7//+7///f////////////////////////////////////////
/////////////////////////////8AAAP////8RgxEDA////////+///xH//wf//+P/////////
////////////////////////////////////////////////////////////wAAA////////////
////////////////////////////////////////////////////////////////////////////
///////////////AAAD/////////////////////////////////////////////////////////
/////////////////////////////////////////////8AAAP//////////////////////////
////////////////////////////////////////////////////////////////////////////
wAAA////////////////////////////////////////////////////////////////////////
///////////////////////////////AAAD/////////////////////////////////////////
/////////////////////////////////////////////////////////////8AAAP//////////
////////////////////////////////////////////////////////////////////////////
////////////////wAAA/////////////x//////////////////////////////////////////
///////////////////////////////////////////////AAAD/////////////v///////////
////////////////////////////////////////////////////////////////////////////
/8AAAP///wYlgiWDx4mHiEeDg4PHg4MH////////////////////////////////////////////
////////////////////////////////wAAA////e23vbX+7c7tzO+/v77vvf3v/////////////
///////////////////////////////////////////////////////////////AAAD////7be9t
f397u3t77+/vv+9/+///////////////////////////////////////////////////////////
/////////////////8AAAP8D/4dt720Df4O7g3vv7++/7wOH////////////////////////////
////////////////////////////////////////////////wAAA////eyXvJXt/e5t7O+/v77/v
e3v/////////////////////////////////////////////////////////////////////////
///AAAD///+CW45bh3+HJ4dHj++PB4+Hg///////////////////////////////////////////
/////////////////////////////////8AAAP//////////u////3//7/+/////////////////
////////////////////////////////////////////////////////////////wAAA///////v
///D///+f+/P7//v////////////////////////////////////////////////////////////
///////////////////AAAD/////////////////////////////////////////////////////
/////////////////////////////////////////////////8AAAP//////////////////////
////////////////////////////////////////////////////////////////////////////
////wAAA////////////////////////////////////////////////////////////////////
///////////////////////////////////AAAD/////////////////////////////////////
/////////////////////////////////////////////////////////////////8AAAP//////
////////////////////////////////////////////////////////////////////////////
////////////////////wAAA////////////////////////////////////////////////////
///////////////////////////////////////////////////AAAD/////////////////////
////////////////////////////////////////////////////////////////////////////
/////8AAAP//////////////////////////////////////////////////////////////////
////////////////////////////////////wAAA////h4cRx4MRxxGDEccH////////////////
///////////////////////////////////////////////////////////////////AAAD///97
e7u7f7u7u++7u3v/////////////////////////////////////////////////////////////
/////////////////////8AAAP///397u79/u7+777u/+///////////////////////////////
////////////////////////////////////////////////////wAAA/wP/f3u7vwO7v7vvu7+H
////////////////////////////////////////////////////////////////////////////
///////AAAD///9ze5u/e5u/g++bv3v/////////////////////////////////////////////
/////////////////////////////////////8AAAP///4uHJweHJwe7jycHg///////////////
////////////////////////////////////////////////////////////////////wAAA////
////v///v7v//7//////////////////////////////////////////////////////////////
///////////////////////AAAD/////////////Ee//////////////////////////////////
/////////////////////////////////////////////////////8AAAP//////////////////
////////////////////////////////////////////////////////////////////////////
////////wAAA////////////////////////////////////////////////////////////////
///////////////////////////////////////AAAD/////////////////////////////////
/////////////////////////////////////////////////////////////////////8AAAP//
////////////////////////////////////////////////////////////////////////////
////////////////////////wAAA////////////////////////////////////////////////
///////////////////////////////////////////////////////AAAD/////////////////
////////////////////////////////////////////////////////////////////////////
/////////8AAAP//////////////////////////////////////////////////////////////
////////////////////////////////////////wAAA////////////////////////////////
///////////////////////////////////////////////////////////////////////AAAD/
//+HhxHHgxHHHYMDgweDEYeD////////////////////////////////////////////////////
/////////////////////////8AAAP///3t7u7t/u7u7f99/v3+7e3//////////////////////
////////////////////////////////////////////////////////wAAA////f3u7v3+7v7d/
33+/f7t/f///////////////////////////////////////////////////////////////////
///////////AAAD/A/9/e7u/A7u/hwPfA78Du38D////////////////////////////////////
/////////////////////////////////////////8AAAP///3N7m797m7+7e997n3ubc3v/////
////////////////////////////////////////////////////////////////////////wAAA
////i4cnB4cnB7uHA4cjhyeLh///////////////////////////////////////////////////
///////////////////////////AAAD///////+///+/u//f////////////////////////////
/////////////////////////////////////////////////////////8AAAP////////////8H
/+P/////////////////////////////////////////////////////////////////////////
////////////wAAA////////////////////////////////////////////////////////////
///////////////////////////////////////////AAAD/////////////////////////////
/////////////////////////////////////////////////////////////////////////8AA
AP//////////////////////////////////////////////////////////////////////////
////////////////////////////wAAA////////////////////////////////////////////
///////////////////////////////////////////////////////////AAAD/////////////
////////////////////////////////////////////////////////////////////////////
/////////////8AAAP//////////////////////////////////////////////////////////
////////////////////////////////////////////wAAA////////////////////////////
///////////////////////////////////////////////////////////////////////////A
AAD/////////////////////////////////////////////////////////////////////////
/////////////////////////////8AAAP///4eHEceDEceDiYMRx4MDg4MH////////////////
////////////////////////////////////////////////////////////wAAA////e3u7u3+7
u+9zf7u779/vf7//////////////////////////////////////////////////////////////
///////////////AAAD///9/e7u/f7u/73t/u7/v3+9/v///////////////////////////////
/////////////////////////////////////////////8AAAP8D/397u78Du7/vewO7v+/f7wO/
////////////////////////////////////////////////////////////////////////////
wAAA////c3ubv3ubv+9ze5u/79/ve5//////////////////////////////////////////////
///////////////////////////////AAAD///+LhycHhycH74uHJwePA4+HI///////////////
/////////////////////////////////////////////////////////////8AAAP///////7//
/7/v+///v//f////////////////////////////////////////////////////////////////
////////////////wAAA/////////////4Pz////7+Pv////////////////////////////////
///////////////////////////////////////////////AAAD/////////////////////////
////////////////////////////////////////////////////////////////////////////
/8AAAP//////////////////////////////////////////////////////////////////////
////////////////////////////////wAAA////////////////////////////////////////
///////////////////////////////////////////////////////////////AAAD/////////
////////////////////////////////////////////////////////////////////////////
/////////////////8AAAP//////////////////////////////////////////////////////
////////////////////////////////////////////////wAAA////////////////////////
////////////////////////////////////////////////////////////////////////////
///AAAD//////4f/////////////////h/////////////////////////+H//////////////+H
/////////////////////////////////8AAAP//////+//////////////////7////////////
//////////////v///////////////v/////////////////////////////////wAAA/xH/R4OL
EYOJD4nHif4lgwcHiYuD/9eDxxH/xxGD/wOHg4OH14MRi/+DgwfH/4cD/weDixGDiRHHxweCR8nH
gwfP///////////////AAAD/u/8773O7f3O3c7tz/21/e3tzc3//q++7u/+7u3//33vv73ur77tz
/+/ve7v/e9//e+9zu39zu7u7v+87s7t/e8///////////////8AAAP/H//vve7t/e7t7v3v/bX/7
+3t7f/+r77+7/7+7f//fe+/ve6vvu3v/7+/7v/973//773u7f3vHv7+/73u7v3/7////////////
////wAAA/9f/++97uwN7u4O/g/9tA4eHg3sD/6vvv7v/v7sD/9977+97q++7e//v74e//3vf/4fv
e7sDe9e/v7/ve7u/A4f////////////////AAAD/1/+H73Obe3O7e797/yV7e3t7c3v/u++/m/+/
m3v/33vv73u775tz/+/ve7//e9//e+9zm3tz17+/n+87u797e8///////////////8AAAP/X/3+P
iSeHi7uHB4f+W4eDg4eJh/8Rjwen/wenh/8Dh+/vhxGPJ4n/74+DB/+HA/+Dj4knh4vXBwcjj0cz
B4eDz///////////////wAAA/+//c//////7t/+/////////////////v7//v7///9//7+//////
///v//+////f////////+++/v///f/+////////////////////AAAD/z/+L7/////MP////////
/////////+//P///P///4//Pz///7////8/v/////+P//+/////zz////+5/////////////////
/////8AAAP//////////////////////////////////////////////////////////////////
////////////////////////////////////wAAA////////////////////////////////////
///////////////////////////////////////////////////////////////////AAAD/////
////////////////////////////////////////////////////////////////////////////
/////////////////////8AAAP//////////////////////////////////////////////////
////////////////////////////////////////////////////wAAA////////////////////
////////////////////////////////////////////////////////////////////////////
///////AAAD/////////////////////////////////////////////////////////////////
/////////////////////////////////////8AAAP//////////////////////////////////
////////////////////////////////////////////////////////////////////wAAA////
////////////////////////////////////////////////////////////////////////////
///////////////////////AAAD/////////////////////////////////////////////////
/////////////////////////////////////////////////////8AAAP//////////////////
////////////////////////////////////////////////////////////////////////////
////////wAAA////////////////////////////////////////////////////////////////
///////////////////////////////////////AAAD/////////////////////////////////
/////////////////////////////////////////////////////////////////////8AAAP//
////////////////////////////////////////////////////////////////////////////
////////////////////////wAAA////////////////////////////////////////////////
///////////////////////////////////////////////////////AAAD/////////////////
////////////////////////////////////////////////////////////////////////////
/////////8AAAP//////////////////////////////////////////////////////////////
////////////////////////////////////////wAAA////////////////////////////////
///////////////////////////////////////////////////////////////////////AAAD/
////////////////////////////////////////////////////////////////////////////
/////////////////////////8AAAP//////////////////////////////////////////////
////////////////////////////////////////////////////////wAAA////////////////
////////////////////////////////////////////////////////////////////////////
///////////AAAD/////////////////////////////////////////////////////////////
/////////////////////////////////////////8AAAP//////////////////////////////
////////////////////////////////////////////////////////////////////////wAAA
//////////+H////////////////////////////////////////////////////////////////
///////////////////////////AAAD///////////v/////////////////////////////////
/////////////////////////////////////////////////////////8AAAP+Hz4OH/0eDixGD
iQ+Jx4n/14PHEf8Rx8cHgkfJx4MH////////////////////////////////////////////////
////////////wAAA/3vP73v/O+9zu39zt3O7c/+r77u7/7u7u7/vO7O7f3v/////////////////
///////////////////////////////////////////AAAD/+//ve//773u7f3u7e797/6vvv7v/
x7+/v+97u79/+////////////////////////////////////////////////////////////8AA
AP/7/+97//vve7sDe7uDv4P/q++/u//Xv7+/73u7vwOH////////////////////////////////
////////////////////////////wAAA/4f/73v/h+9zm3tzu3u/e/+r77+b/9e/v5/vO7u/e3v/
///////////////////////////////////////////////////////////AAAD/v//ve/9/j4kn
h4u7hweH/7uPB6f/1wcHI49HMweHg///////////////////////////////////////////////
/////////////8AAAP+//497/3P/////+7f/v///u/+/v//vv7///3//v///////////////////
////////////////////////////////////////////wAAA/4P/74f/i+/////zD/////8R7/8/
/8/////uf//////////////////////////////////////////////////////////////////A
AAD/////////////////////////////////////////////////////////////////////////
/////////////////////////////8AAAP//////////////////////////////////////////
////////////////////////////////////////////////////////////wAAA////////////
////////////////////////////////////////////////////////////////////////////
///////////////AAAD/////////////////////////////////////////////////////////
/////////////////////////////////////////////8AAAP//////////////////////////
////////////////////////////////////////////////////////////////////////////
wAAA

------_=_NextPart_000_01C1F8CB.F0B86370--


Received: by above.proper.com (8.11.6/8.11.3) id g4ANw6Z01009 for ietf-smime-bks; Fri, 10 May 2002 16:58:06 -0700 (PDT)
Received: from gamma.isi.edu (gamma.isi.edu [128.9.144.145]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4ANw4L01005 for <ietf-smime@imc.org>; Fri, 10 May 2002 16:58:04 -0700 (PDT)
Received: from ISI.EDU (jet.isi.edu [128.9.160.87]) by gamma.isi.edu (8.11.6/8.11.2) with ESMTP id g4ANw6m08402; Fri, 10 May 2002 16:58:06 -0700 (PDT)
Message-Id: <200205102358.g4ANw6m08402@gamma.isi.edu>
To: IETF-Announce: ;
Subject: RFC 3278 on Use of ECC Algorithms in CMS
Cc: rfc-editor@rfc-editor.org, ietf-smime@imc.org
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary=NextPart
Date: Fri, 10 May 2002 16:58:06 -0700
From: RFC Editor <rfc-ed@ISI.EDU>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

--NextPart


A new Request for Comments is now available in online RFC libraries.


        RFC 3278

        Title:	    Use of Elliptic Curve Cryptography (ECC)
                    Algorithms in Cryptographic Message Syntax (CMS)
        Author(s):  S. Blake-Wilson, D. Brown, P. Lambert
        Status:	    Informational
	Date:       April 2002
        Mailbox:    sblakewi@certicom.com, dbrown@certicom.com,
                    plambert@sprintmail.com 
        Pages:      16
        Characters: 33779
        Updates/Obsoletes/SeeAlso:    None

        I-D Tag:    draft-ietf-smime-ecc-06.txt

        URL:        ftp://ftp.rfc-editor.org/in-notes/rfc3278.txt


This document describes how to use Elliptic Curve Cryptography
(ECC) public-key algorithms in the Cryptographic Message Syntax
(CMS).  The ECC algorithms support the creation of digital
signatures and the exchange of keys to encrypt or authenticate
content.  The definition of the algorithm processing is based on
the ANSI X9.62 standard, developed by the ANSI X9F1 working group,
the IEEE 1363 standard, and the SEC 1 standard.

The readers attention is called to the Intellectual Property Rights
section at the end of this document.

This document is a product of the S/MIME Mail Security Working Group
of the IETF.

This memo provides information for the Internet community.  It does
not specify an Internet standard of any kind.  Distribution of this
memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@IETF.ORG.  Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body 
help: ways_to_get_rfcs.  For example:

        To: rfc-info@RFC-EDITOR.ORG
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.echo 
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG.  Please consult RFC 2223, Instructions to RFC
Authors, for further information.


Joyce K. Reynolds and Sandy Ginoza
USC/Information Sciences Institute

...

Below is the data which will enable a MIME compliant Mail Reader 
implementation to automatically retrieve the ASCII version
of the RFCs.

--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"

--OtherAccess
Content-Type:  Message/External-body;
        access-type="mail-server";
        server="RFC-INFO@RFC-EDITOR.ORG"

Content-Type: text/plain
Content-ID: <020510164433.RFC@RFC-EDITOR.ORG>

RETRIEVE: rfc
DOC-ID: rfc3278

--OtherAccess
Content-Type:   Message/External-body;
        name="rfc3278.txt";
        site="ftp.isi.edu";
        access-type="anon-ftp";
        directory="in-notes"

Content-Type: text/plain
Content-ID: <020510164433.RFC@RFC-EDITOR.ORG>

--OtherAccess--
--NextPart--


Received: by above.proper.com (8.11.6/8.11.3) id g4AKnfK26137 for ietf-smime-bks; Fri, 10 May 2002 13:49:41 -0700 (PDT)
Received: from [165.227.249.18] (165-227-249-18.client.dsl.net [165.227.249.18]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4AKneL26133 for <ietf-smime@imc.org>; Fri, 10 May 2002 13:49:40 -0700 (PDT)
Mime-Version: 1.0
X-Sender: phoffman@mail.imc.org
Message-Id: <p0511171bb901e26f1a10@[165.227.249.18]>
In-Reply-To:  <5.1.0.14.2.20020510133730.02cfa208@exna07.securitydynamics.com>
References:  <5.1.0.14.2.20020510133730.02cfa208@exna07.securitydynamics.com>
Date: Fri, 10 May 2002 13:49:35 -0700
To: ietf-smime@imc.org
From: Paul Hoffman / IMC <phoffman@imc.org>
Subject: Re: Next Draft of Proposed Charter
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

At 1:49 PM -0400 5/10/02, Housley, Russ wrote:
>Here is the next draft of the proposed working group charter.  The 
>biggest change from the previous posting is that both OAEP and KEM 
>become standards track documents.

And in what way would that help us get interoperable implementations of S/MIME?

Are the differences between the attacks and mitigations presented by 
OAEP and KEM really worth the high liklihood of lack of 
interoperability?

--Paul Hoffman, Director
--Internet Mail Consortium


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4AIsDh11970 for ietf-smime-bks; Fri, 10 May 2002 11:54:13 -0700 (PDT)
Received: from gonzo.aus.rsa.com (mail.rsasecurity.com.au [203.46.112.10]) by above.proper.com (8.11.6/8.11.3) with SMTP id g4AIsAL11951 for <ietf-smime@imc.org>; Fri, 10 May 2002 11:54:10 -0700 (PDT)
Received: from grover by gonzo.aus.rsa.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 10 May 2002 18:54:35 UT
Received: from exaus01.local.aus.rsa.com (exaus01.local.aus.rsa.com [10.177.1.15]) by grover.local.aus.rsa.com (8.10.2/8.10.2) with ESMTP id g4AIx4q08085 for <ietf-smime@imc.org>; Sat, 11 May 2002 04:59:04 +1000 (EST)
Received: by exaus01.local.aus.rsa.com with Internet Mail Service (5.5.2653.19) id <K11DWRQ6>; Sat, 11 May 2002 04:54:15 +1000
Received: from HOUSLEY-LAP.rsasecurity.com (housley-lap.securitydynamics.com [10.100.79.199]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K2ZLAWVC; Fri, 10 May 2002 14:53:02 -0400
Message-Id: <5.1.0.14.2.20020510133730.02cfa208@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 10 May 2002 13:49:29 -0400
To: ietf-smime@imc.org
From: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: Next Draft of Proposed Charter
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=====================_6592799==_"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

--=====================_6592799==_
Content-Type: text/plain; charset="us-ascii"; format=flowed

S/MIME WG:

Here is the next draft of the proposed working group charter.  The biggest 
change from the previous posting is that both OAEP and KEM become standards 
track documents.

Russ


--=====================_6592799==_
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: attachment; filename="Charter4.txt"


S/MIME Mail Security (smime)

Chair:
     Russ Housley <rhousley@rsasecurity.com>

Security Area Director:
     Jeffrey Schiller <jis@mit.edu>
     Steve Belovin <smb@research.att.com>

Mailing Lists:
     General Discussion: ietf-smime@imc.org
     To Subscribe:       ietf-smime-request@imc.org
     Archive:            http://www.imc.org/ietf-smime/

Description of Working Group:

The S/MIME Working Group has completed a series of Proposed  
Standards that comprise the S/MIME version 3 specification.   
Current efforts update and build upon these base specifications.

The Cryptographic Message Syntax (CMS) is cryptographic algorithm 
independent, yet there is always more than one way to use any 
algorithm.  To ensure interoperability, each algorithm should have
a specification that describes its use with CMS.  Specifications 
for the use of additional cryptographic algorithms will be 
developed.

As part of the specification update, a new suite of "mandatory 
to implement" algorithms will be selected.  These algorithms will
be reflected in updates to RFC 2632 and RFC 2633.

To aid implementers, documents containing example output for CMS
will be collected and published.  Some of the examples will include
structures and signed attributes defined in the Enhanced Security
Services (ESS) document.

In some situations it would be advantageous for the CMS RecipientInfo 
structure to support additional key management techniques, including 
cryptographic keys derived from passwords.  Also, a mechanism to 
facilitate the definition of additional key management techniques
will be defined.

Compressing data prior to encryption or signature has a number of 
advantages.  Compression improves security by removing known data 
patterns, improves throughput by reducing the amount of data which
needs to be encrypted or hashed, and reduces the overall message 
size.  Enabling S/MIME version 3 to use compression will provide 
all of these advantages.

S/MIME version 3 permits the use of previously distributed 
symmetric key-encryption keys.  Specifications for the distribution
of symmetric key-encryption keys to multiple message recipients 
will be developed.  Mail List Agents (MLAs) are one user of 
symmetric key-encryption keys.  The specification will be algorithm 
independent.

S/MIME version 3 supports security labels.  Specifications that show 
how this feature can be used to implement an organizational security 
policy will be developed.  Security policies from large organizations 
will be used as examples.

As part of S/MIME version 3, CMS is used to provide security 
to the message content.  CMS can also be employed in an X.400
electronic messaging envionments.  Specifications will be 
developed allowing this to be done in an interoperable manner.

Perform necessary interoperability testing to progress the S/MIME
version 3 specifications to Draft Standard.  Due to the dependency
of the CMS specification on the PKIX certificate and CRL profile,
the timeline for the actual progression is impossible to estimate.


Goals and Milestones:

History:
     Submit CMS compressed data content type a Proposed Standard.
     Submit security label usage specification as Informational RFC.
     Submit elliptic curve algorithm specification as Informational RFC.
     Submit mail list key distribution as a Proposed Standard.
     Submit update to RFC 2630 as a Proposed Standard.
     Submit AES key wrap algorithm description as Informational RFC.
     Last call on X.400 CMS wrapper specification.
     Last call on X.400 transport specification.
     Last call on HMAC key wrap description specification.
     First draft of CMS and ESS examples document.
     First draft of RSA OAEP algorithm specification.
     First draft of AES algorithm specification.
     First draft of update to RFC 2632.
     Frist draft of update to RFC 2633.

May 2002:
     Submit X.400 CMS wrapper specification as a Proposed Standard.
     Submit X.400 transport as a Proposed Standard.
     Submit HMAC key wrap description as an Informational RFC.

June 2002:
     Last call on CMS and ESS examples document.

July 2002:
     First draft of RSA PSS algorithm specification.
     Last call on update to RFC 2632.
     Last call on update to RFC 2633.
     Last call on AES algorithm specification.
     Last call on RSA OAEP algorithm specification.

August 2002:
     First draft of RSA KEM algorithm specification.
     Submit CMS and ESS examples document as Informational RFC.

October 2002:
     Last call on RSA PSS algorithm specification.
     Sumbit update to RFC 2632 as Proposed Standard.
     Sumbit update to RFC 2633 as Proposed Standard.

November 2002:
     Last call on RSA KEM algorithm specification.

December 2002:
     Sumbit AES algorithm specification as Proposed Standard.
     Submit RSA OAEP algorithm specification as Proposed Standard.

January 2003:
     Submit RSA PSS algorithm specification as Proposed Standard.

February 2003:
     Submit RSA KEM algorithm specification as Proposed Standard.

--=====================_6592799==_--


Received: by above.proper.com (8.11.6/8.11.3) id g48LdQF10116 for ietf-smime-bks; Wed, 8 May 2002 14:39:26 -0700 (PDT)
Received: from fledermaus.treasury.govt.nz ([202.36.173.38]) by above.proper.com (8.11.6/8.11.3) with SMTP id g48LdPL10109 for <ietf-smime@imc.org>; Wed, 8 May 2002 14:39:25 -0700 (PDT)
Received: from juliet.hamlet.treasury.govt.nz (not verified[172.20.2.43]) by fledermaus.treasury.govt.nz with MailMarshal (4,0,4,0)  id <B000036e51>; Thu, 09 May 2002 09:40:17 +1200
MIME-Version: 1.0
Subject: RE: Are certificates _required_ by the sender?
X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0
Date: Thu, 9 May 2002 09:41:14 +1200
Message-ID: <14270A31340CCF46A050FEC25B8F50A0228559@juliet.hamlet.treasury.govt.nz>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Are certificates _required_ by the sender?
Thread-Index: AcH2r1BvTtpboe0mTsS4jFC4AJcmdAAJwUEA
From: "Craig McGregor" <Craig.McGregor@treasury.govt.nz>
To: "Ben Littauer" <littauer@blkk.com>
Cc: <ietf-smime@imc.org>
content-class: urn:content-classes:message
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g48LdQL10111
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Hi Ben,

Although I have not tested this theory, I suspect it is so that it can
encrypt the message both for the recipient and sender. Otherwise the
sender could not read their message from their sent items folder without
access to the recipients private key - which of course is a no-no!

Nothing in the S/MIME RFC's says you _have_ to have one. You should be
able to happily encrypt but not sign e-mail without one. Practicalities
mean for certain functionality in clients it may be necessary to have
your own certificate.

--
Craig McGregor		
Security Specialist	
IT Systems 			http://e.govt.nz/see/mail
The Treasury		http://www.treasury.govt.nz
 



-----Original Message-----
From: Ben Littauer [mailto:littauer@blkk.com]
Sent: Thursday, 9 May 2002 4:08 a.m.
To: ietf-smime@imc.org
Subject: RE: Are certificates _required_ by the sender?



Interesting you should ask this right now.  I don't believe that there
is
any S/MIME requirement that says that the sender needs a cert.  That
said,
however, MS Outlook DOES require that you have a cert before it will let
you
encrypt a message on someone else's cert that you've received.  Does
anyone
know why this is?

-ben-

-----Original Message-----
From: owner-ietf-smime@mail.imc.org
[mailto:owner-ietf-smime@mail.imc.org]On Behalf Of Terje Tollisen
Sent: Wednesday, May 08, 2002 5:26
To: ietf-smime@imc.org
Subject: Are certificates _required_ by the sender?



Is the sender of an email required to have a certificate, or is it
sufficient for the sender to have a copy of the certificate of the
recipient? I am thinking of an automated system, where one party will
always
be the sender, and never receive emails. In addition, no signatures are
required. Thus nobody will ever actually need the public key for the
automated system. However, I'm uncertain if the sender can send S/MIME
messages without having a certificate of it's own.

Thanks for your time
-Terry Tollisen

--
_______________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup




Received: by above.proper.com (8.11.6/8.11.3) id g48GAvX27875 for ietf-smime-bks; Wed, 8 May 2002 09:10:57 -0700 (PDT)
Received: from mail01d.rapidsite.net (mail01d.rapidsite.net [207.158.192.52]) by above.proper.com (8.11.6/8.11.3) with SMTP id g48GAuL27870 for <ietf-smime@imc.org>; Wed, 8 May 2002 09:10:56 -0700 (PDT)
Received: from www.blkk.com (209.130.71.190) by mail01d.rapidsite.net (RS ver 1.0.63s) with SMTP id 090740 for <ietf-smime@imc.org>; Wed,  8 May 2002 12:10:50 -0400 (EDT)
From: "Ben Littauer" <littauer@blkk.com>
To: <ietf-smime@imc.org>
Subject: RE: Are certificates _required_ by the sender?
Date: Wed, 8 May 2002 12:08:13 -0400
Message-ID: <NBBBKMBODGFFKOCLJPFCOELPDOAA.littauer@blkk.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <20020508092613.47880.qmail@mail.com>
X-Loop-Detect: 1
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Interesting you should ask this right now.  I don't believe that there is
any S/MIME requirement that says that the sender needs a cert.  That said,
however, MS Outlook DOES require that you have a cert before it will let you
encrypt a message on someone else's cert that you've received.  Does anyone
know why this is?

-ben-

-----Original Message-----
From: owner-ietf-smime@mail.imc.org
[mailto:owner-ietf-smime@mail.imc.org]On Behalf Of Terje Tollisen
Sent: Wednesday, May 08, 2002 5:26
To: ietf-smime@imc.org
Subject: Are certificates _required_ by the sender?



Is the sender of an email required to have a certificate, or is it
sufficient for the sender to have a copy of the certificate of the
recipient? I am thinking of an automated system, where one party will always
be the sender, and never receive emails. In addition, no signatures are
required. Thus nobody will ever actually need the public key for the
automated system. However, I’m uncertain if the sender can send S/MIME
messages without having a certificate of it's own.

Thanks for your time
-Terry Tollisen

--
_______________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup




Received: by above.proper.com (8.11.6/8.11.3) id g48FVXR26518 for ietf-smime-bks; Wed, 8 May 2002 08:31:33 -0700 (PDT)
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g48FVSL26510 for <ietf-smime@imc.org>; Wed, 8 May 2002 08:31:28 -0700 (PDT)
Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 8 May 2002 15:29:56 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA24388; Wed, 8 May 2002 11:29:37 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g48FTeK22526; Wed, 8 May 2002 11:29:40 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <K2ZK04AZ>; Wed, 8 May 2002 11:31:28 -0400
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A03B7C2EE@exna07.securitydynamics.com>
From: "Kaliski, Burt" <BKaliski@rsasecurity.com>
To: "'Robert Zuccherato'" <robert.zuccherato@entrust.com>, "'ietf-smime@imc.org'" <ietf-smime@imc.org>
Cc: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: RE: Why KEM?, RE: Charter Update
Date: Wed, 8 May 2002 11:30:59 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Rob,
 
I agree that RSA-OAEP is adequate, and I realize it's hard to argue for
something "better" when what's there is good enough already.
 
In several standards efforts I'm involved in (NESSIE, ISO 18033, ANSI X9F1),
and in the research community, a preference is emerging for RSA-KEM over
RSA-OAEP. Over time, formal standards bodies may therefore give preference
to RSA-KEM (while still acknowledging RSA-OAEP and perhaps even PKCS #1 v1.5
encryption for compatibility). Eventually, this will lead to a stronger
motivation to add RSA-KEM to S/MIME and other protocols. The issue here is
whether to do so sooner rather than later.
 
By the way, RSA has no proprietary interest in RSA-KEM, nor am I aware of
any patents claimed by others at this point.
 
-- Burt

-----Original Message-----
From: Robert Zuccherato [mailto:robert.zuccherato@entrust.com]
Sent: Tuesday, May 07, 2002 4:18 PM
To: Kaliski, Burt; 'ietf-smime@imc.org'
Cc: Housley, Russ
Subject: RE: Why KEM?, RE: Charter Update



Burt; 

I agree that those are definitely advantages of KEM over OAEP.  However, a
number of standards (1363, PKCS#1, etc.) have already specified OAEP and
some people have already implemented it.  S/MIME is currently on the -04
version of a draft that mandates OAEP with AES. Thus, without a demonstrated
weakness with OAEP I still don't see a reason to change.  I don't see the
tighter bounds for KEM and the better architectural fit as being worth the
trouble of starting to specify a new encryption padding method.  Doing so
will necessarily cause additional interoperability and implementation
issues.  We already have an adequate replacement for PKCS #1 v1.5, why do we
need another one?

        Robert. 

 



Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g489QJl01011 for ietf-smime-bks; Wed, 8 May 2002 02:26:19 -0700 (PDT)
Received: from ws1-1.us4.outblaze.com (205-158-62-49.outblaze.com [205.158.62.49]) by above.proper.com (8.11.6/8.11.3) with SMTP id g489QHL01007 for <ietf-smime@imc.org>; Wed, 8 May 2002 02:26:17 -0700 (PDT)
Received: (qmail 47881 invoked by uid 1001); 8 May 2002 09:26:13 -0000
Message-ID: <20020508092613.47880.qmail@mail.com>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [10.136.230.92] by ws1-1.us4.outblaze.com with http for tt@post.com; Wed, 08 May 2002 04:26:12 -0500
From: "Terje Tollisen" <tt@post.com>
To: ietf-smime@imc.org
Date: Wed, 08 May 2002 04:26:12 -0500
Subject: Are certificates _required_ by the sender?
X-Originating-Ip: 10.136.230.92
X-Originating-Server: ws1-1.us4.outblaze.com
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Is the sender of an email required to have a certificate, or is it sufficient for the sender to have a copy of the certificate of the recipient? I am thinking of an automated system, where one party will always be the sender, and never receive emails. In addition, no signatures are required. Thus nobody will ever actually need the public key for the automated system. However, I’m uncertain if the sender can send S/MIME messages without having a certificate of it's own.

Thanks for your time
-Terry Tollisen

-- 
_______________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup



Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g47KIJe10866 for ietf-smime-bks; Tue, 7 May 2002 13:18:19 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g47KI7L10850 for <ietf-smime@imc.org>; Tue, 7 May 2002 13:18:07 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <K3ZDVHY8>; Tue, 7 May 2002 16:17:54 -0400
Message-ID: <BFB44293CE13C9419B7AFE7CBC35B939DCB1A4@sottmxs08.entrust.com>
From: Robert Zuccherato <robert.zuccherato@entrust.com>
To: "'Kaliski, Burt'" <BKaliski@rsasecurity.com>, "'ietf-smime@imc.org'" <ietf-smime@imc.org>
Cc: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: RE: Why KEM?, RE: Charter Update
Date: Tue, 7 May 2002 16:17:53 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1F604.4465D130"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C1F604.4465D130
Content-Type: text/plain;
	charset="iso-8859-1"

Burt;

I agree that those are definitely advantages of KEM over OAEP.  However, a
number of standards (1363, PKCS#1, etc.) have already specified OAEP and
some people have already implemented it.  S/MIME is currently on the -04
version of a draft that mandates OAEP with AES. Thus, without a demonstrated
weakness with OAEP I still don't see a reason to change.  I don't see the
tighter bounds for KEM and the better architectural fit as being worth the
trouble of starting to specify a new encryption padding method.  Doing so
will necessarily cause additional interoperability and implementation
issues.  We already have an adequate replacement for PKCS #1 v1.5, why do we
need another one?

	Robert.

> -----Original Message-----
> From: Kaliski, Burt [mailto:BKaliski@rsasecurity.com]
> Sent: Monday, May 06, 2002 2:20 PM
> To: 'ietf-smime@imc.org'
> Cc: Housley, Russ; Kaliski, Burt
> Subject: RE: Why KEM?, RE: Charter Update
> 
> 
> 
> Russ asked me to join this discussion to explain the 
> motivation for KEM.
> (Please cc: me on further messages on this thread as I'm not 
> a subscriber to
> the ietf-smime list.) 
> RSA-KEM's primary advantages over RSA-OAEP are: 
> 1. RSA-KEM's security bounds are tighter. RSA-KEM has been 
> proved (in the
> random oracle model) to be very close in security to the RSA problem.
> RSA-OAEP has been proved (in the same model) to offer 
> security that grows in
> proportion to the security of the RSA problem, but for 
> typical RSA key sizes
> the provable level of security is not very high. While no 
> attacks faster
> than solving the RSA problem are known against RSA-OAEP if it 
> is properly
> implemented, it would be better if faster attacks could be ruled out
> explicitly. 
> 2. RSA-KEM fits better architecturally. RSA-KEM follows the 
> model described
> by Victor Shoup, which combines a public-key "encapsulation" 
> operation with
> a symmetric key operation, such as the AES KeyWrap. The same 
> symmetric key
> operation can be combined with different public-key methods (RSA,
> Diffie-Hellman, elliptic curve). It can also be used for wrapping a
> symmetric key with another symmetric key. Thus, in future versions of
> S/MIME, AES content-encryption keys can all be wrapped with 
> AES KeyWrap. The
> only difference among the public key methods would be how the 
> wrapping key
> is derived. RSA-OAEP, in contrast, uses a different technique 
> than other
> public-key methods (OAEP formatting) for processing the 
> symmetric keys. 
> RSA-OAEP is still fine to use, but RSA-KEM is better. As part 
> of continually
> improving the infrastructure, I believe it is worthwhile to introduce
> support for RSA-KEM as standards are updated. Since S/MIME 
> implementations
> are being upgraded to support AES, this is a convenient time 
> to introduce a
> more robust public-key method as well. 
> -- Burt Kaliski
> RSA Laboratories 
> 

------_=_NextPart_001_01C1F604.4465D130
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: Why KEM?, RE: Charter Update</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>Burt;</FONT>
</P>

<P><FONT SIZE=3D2>I agree that those are definitely advantages of KEM =
over OAEP.&nbsp; However, a number of standards (1363, PKCS#1, etc.) =
have already specified OAEP and some people have already implemented =
it.&nbsp; S/MIME is currently on the -04 version of a draft that =
mandates OAEP with AES. Thus, without a demonstrated weakness with OAEP =
I still don't see a reason to change.&nbsp; I don't see the tighter =
bounds for KEM and the better architectural fit as being worth the =
trouble of starting to specify a new encryption padding method.&nbsp; =
Doing so will necessarily cause additional interoperability and =
implementation issues.&nbsp; We already have an adequate replacement =
for PKCS #1 v1.5, why do we need another one?</FONT></P>

<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <FONT =
SIZE=3D2>Robert.</FONT>
</P>

<P><FONT SIZE=3D2>&gt; -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>&gt; From: Kaliski, Burt [<A =
HREF=3D"mailto:BKaliski@rsasecurity.com">mailto:BKaliski@rsasecurity.com=
</A>]</FONT>
<BR><FONT SIZE=3D2>&gt; Sent: Monday, May 06, 2002 2:20 PM</FONT>
<BR><FONT SIZE=3D2>&gt; To: 'ietf-smime@imc.org'</FONT>
<BR><FONT SIZE=3D2>&gt; Cc: Housley, Russ; Kaliski, Burt</FONT>
<BR><FONT SIZE=3D2>&gt; Subject: RE: Why KEM?, RE: Charter =
Update</FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
<BR><FONT SIZE=3D2>&gt; Russ asked me to join this discussion to =
explain the </FONT>
<BR><FONT SIZE=3D2>&gt; motivation for KEM.</FONT>
<BR><FONT SIZE=3D2>&gt; (Please cc: me on further messages on this =
thread as I'm not </FONT>
<BR><FONT SIZE=3D2>&gt; a subscriber to</FONT>
<BR><FONT SIZE=3D2>&gt; the ietf-smime list.) </FONT>
<BR><FONT SIZE=3D2>&gt; RSA-KEM's primary advantages over RSA-OAEP are: =
</FONT>
<BR><FONT SIZE=3D2>&gt; 1. RSA-KEM's security bounds are tighter. =
RSA-KEM has been </FONT>
<BR><FONT SIZE=3D2>&gt; proved (in the</FONT>
<BR><FONT SIZE=3D2>&gt; random oracle model) to be very close in =
security to the RSA problem.</FONT>
<BR><FONT SIZE=3D2>&gt; RSA-OAEP has been proved (in the same model) to =
offer </FONT>
<BR><FONT SIZE=3D2>&gt; security that grows in</FONT>
<BR><FONT SIZE=3D2>&gt; proportion to the security of the RSA problem, =
but for </FONT>
<BR><FONT SIZE=3D2>&gt; typical RSA key sizes</FONT>
<BR><FONT SIZE=3D2>&gt; the provable level of security is not very =
high. While no </FONT>
<BR><FONT SIZE=3D2>&gt; attacks faster</FONT>
<BR><FONT SIZE=3D2>&gt; than solving the RSA problem are known against =
RSA-OAEP if it </FONT>
<BR><FONT SIZE=3D2>&gt; is properly</FONT>
<BR><FONT SIZE=3D2>&gt; implemented, it would be better if faster =
attacks could be ruled out</FONT>
<BR><FONT SIZE=3D2>&gt; explicitly. </FONT>
<BR><FONT SIZE=3D2>&gt; 2. RSA-KEM fits better architecturally. RSA-KEM =
follows the </FONT>
<BR><FONT SIZE=3D2>&gt; model described</FONT>
<BR><FONT SIZE=3D2>&gt; by Victor Shoup, which combines a public-key =
&quot;encapsulation&quot; </FONT>
<BR><FONT SIZE=3D2>&gt; operation with</FONT>
<BR><FONT SIZE=3D2>&gt; a symmetric key operation, such as the AES =
KeyWrap. The same </FONT>
<BR><FONT SIZE=3D2>&gt; symmetric key</FONT>
<BR><FONT SIZE=3D2>&gt; operation can be combined with different =
public-key methods (RSA,</FONT>
<BR><FONT SIZE=3D2>&gt; Diffie-Hellman, elliptic curve). It can also be =
used for wrapping a</FONT>
<BR><FONT SIZE=3D2>&gt; symmetric key with another symmetric key. Thus, =
in future versions of</FONT>
<BR><FONT SIZE=3D2>&gt; S/MIME, AES content-encryption keys can all be =
wrapped with </FONT>
<BR><FONT SIZE=3D2>&gt; AES KeyWrap. The</FONT>
<BR><FONT SIZE=3D2>&gt; only difference among the public key methods =
would be how the </FONT>
<BR><FONT SIZE=3D2>&gt; wrapping key</FONT>
<BR><FONT SIZE=3D2>&gt; is derived. RSA-OAEP, in contrast, uses a =
different technique </FONT>
<BR><FONT SIZE=3D2>&gt; than other</FONT>
<BR><FONT SIZE=3D2>&gt; public-key methods (OAEP formatting) for =
processing the </FONT>
<BR><FONT SIZE=3D2>&gt; symmetric keys. </FONT>
<BR><FONT SIZE=3D2>&gt; RSA-OAEP is still fine to use, but RSA-KEM is =
better. As part </FONT>
<BR><FONT SIZE=3D2>&gt; of continually</FONT>
<BR><FONT SIZE=3D2>&gt; improving the infrastructure, I believe it is =
worthwhile to introduce</FONT>
<BR><FONT SIZE=3D2>&gt; support for RSA-KEM as standards are updated. =
Since S/MIME </FONT>
<BR><FONT SIZE=3D2>&gt; implementations</FONT>
<BR><FONT SIZE=3D2>&gt; are being upgraded to support AES, this is a =
convenient time </FONT>
<BR><FONT SIZE=3D2>&gt; to introduce a</FONT>
<BR><FONT SIZE=3D2>&gt; more robust public-key method as well. </FONT>
<BR><FONT SIZE=3D2>&gt; -- Burt Kaliski</FONT>
<BR><FONT SIZE=3D2>&gt; RSA Laboratories </FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C1F604.4465D130--


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g46IKoQ24281 for ietf-smime-bks; Mon, 6 May 2002 11:20:50 -0700 (PDT)
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g46IKnL24276 for <ietf-smime@imc.org>; Mon, 6 May 2002 11:20:49 -0700 (PDT)
Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 6 May 2002 18:19:20 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id OAA01638 for <ietf-smime@imc.org>; Mon, 6 May 2002 14:18:59 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g46IIxr18650 for <ietf-smime@imc.org>; Mon, 6 May 2002 14:18:59 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <K2ZK9XXW>; Mon, 6 May 2002 14:20:46 -0400
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A03B7C27C@exna07.securitydynamics.com>
From: "Kaliski, Burt" <BKaliski@rsasecurity.com>
To: "'ietf-smime@imc.org'" <ietf-smime@imc.org>
Cc: "Housley, Russ" <rhousley@rsasecurity.com>, "Kaliski, Burt" <BKaliski@rsasecurity.com>
Subject: RE: Why KEM?, RE: Charter Update
Date: Mon, 6 May 2002 14:20:22 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Russ asked me to join this discussion to explain the motivation for KEM.
(Please cc: me on further messages on this thread as I'm not a subscriber to
the ietf-smime list.) 
RSA-KEM's primary advantages over RSA-OAEP are: 
1. RSA-KEM's security bounds are tighter. RSA-KEM has been proved (in the
random oracle model) to be very close in security to the RSA problem.
RSA-OAEP has been proved (in the same model) to offer security that grows in
proportion to the security of the RSA problem, but for typical RSA key sizes
the provable level of security is not very high. While no attacks faster
than solving the RSA problem are known against RSA-OAEP if it is properly
implemented, it would be better if faster attacks could be ruled out
explicitly. 
2. RSA-KEM fits better architecturally. RSA-KEM follows the model described
by Victor Shoup, which combines a public-key "encapsulation" operation with
a symmetric key operation, such as the AES KeyWrap. The same symmetric key
operation can be combined with different public-key methods (RSA,
Diffie-Hellman, elliptic curve). It can also be used for wrapping a
symmetric key with another symmetric key. Thus, in future versions of
S/MIME, AES content-encryption keys can all be wrapped with AES KeyWrap. The
only difference among the public key methods would be how the wrapping key
is derived. RSA-OAEP, in contrast, uses a different technique than other
public-key methods (OAEP formatting) for processing the symmetric keys. 
RSA-OAEP is still fine to use, but RSA-KEM is better. As part of continually
improving the infrastructure, I believe it is worthwhile to introduce
support for RSA-KEM as standards are updated. Since S/MIME implementations
are being upgraded to support AES, this is a convenient time to introduce a
more robust public-key method as well. 
-- Burt Kaliski
RSA Laboratories 
		From: Mike Just <Mike.Just@entrust.com>
		To: "'Housley, Russ'" <rhousley@rsasecurity.com>
		Cc: ietf-smime@imc.org
		Subject: RE: Why KEM?, RE: Charter Update
		Date: Wed, 1 May 2002 13:33:09 -0400 
		X-Mailer: Internet Mail Service (5.5.2653.19)
		
		Thanks Russ. I did manage to look at your slides when you
first posted them to the list on April 17th. I found them very helpful.
However, I think Robert has raised some good points (based on the issues
claimed in your slides) that question the motivation for even considering a
move to KEM. I've attached his email below for your convenience. I think we
have chosen a very good direction already with OAEP and am not convinced
that we need to change this. 
		
		Mike
		
		
		
		---- Robert's email of 04/19/2002 --- 
			-----Original Message----- 
			From: Robert Zuccherato
[<mailto:robert.zuccherato@entrust.com>] 
			Sent: Friday, April 19, 2002 10:46 AM 
			To: 'Housley, Russ'; ietf-smime@imc.org 
			Subject: RE: Charter Update
			
			Russ; 
			
			Having not attended the Minneapolis meeting I must
say that I was very surprised by your recommendation to drop OAEP as the
MUST implement key transport mechanism with AES in favour of KEM. It wasn't
all that long ago that you were attempting to get everyone (S/MIME, TLS,
X9.44) to agree on requiring OAEP with AES as a method of transitioning to
OAEP from PKCS#1 v1.5. Partly as a result of that effort, implementations of
OAEP have started to appear (e.g. OpenSSL) and transitions to OAEP can
actually now start to occur. If we are going to introduce a new MUST
algorithm, and thus additional uncertainty about what to use and how to
transition, we really should have a good reason.
			
			In your presentation you say that KEM has better
security proofs. That may be, however, OAEP is still secure. No actual
weaknesses in it have been found. On RSA's website there is a description of
recent results on OAEP that says "... it makes little sense replacing OAEP
with a "more secure" encoding method, because if a CCA2 adversary is able to
break RSAEP-OAEP, then she will be able to break RSAEP equipped with any
encoding method (if maybe slightly less efficiently)."
(<http://www.rsasecurity.com/rsalabs/rsa_algorithm/oaep_security.html>)
Thus, there is no need to introduce KEM for security reasons.
			
			Your presentation also lists some standards that
already include KEM. However, all of the ones that are listed except TLS
also specify OAEP (ANSI X9.44, IEEE P1363, ISO/IEC 18033-2, PKCS#1, S/MIME).
TLS, while it specifies a variant of KEM, doesn't actually use anything that
is compatible with the KEM that S/MIME (and the other groups listed) would
be using. I would also like to point out that XML Encryption has OAEP as a
required key transport method. At this point it does seem like OAEP is
starting to get adopted by other groups and thus introducing KEM now seems
to be counterproductive.
			
			It is true that with OAEP the message length is
bounded. However, for our requirements here, is that really an issue? 
			
			For these reasons I think we should reconsider your
proposal to use RSA-KEM instead of RSA-OAEP in draft-ietf-smime-aes-alg.
			
			Robert Zuccherato 
			Entrust, Inc. 
		--------------------------------------------
		
			-----Original Message----- 
			From: Housley, Russ
[<mailto:rhousley@rsasecurity.com>] 
			Sent: Wednesday, May 01, 2002 1:22 PM 
			To: Mike Just 
			Cc: ietf-smime@imc.org 
			Subject: Re: Why KEM?, RE: Charter Update
			
			Mike:
			
			I think that I did respond to Robert's question. At
IETF 53, I gave a presentation on this subject. You can see the slides at
<http://www.ietf.org/proceedings/02mar/slides/smime-1/index.html>.
			
			Russ
			
			
			
			At 01:14 PM 5/1/2002 -0400, Mike Just wrote:
			
				It's not clear to me that there is consensus
on this path (unfortunately, there seemed to be no reaction on either side
to this email) as reflected in the latest version of the Charter. 
				I'd like to re-iterate Robert's concerns
(from his e-mail of 04/19/2002) and ask the fundamental question: Why are we
even considering KEM when we already have a sufficient solution with OAEP? 
				Mike 
				-----Original Message----- 
				From: Housley, Russ
[<mailto:rhousley@rsasecurity.com>] 
				Sent: Wednesday, April 24, 2002 5:14 PM 
				To: ietf-smime@imc.org 
				Subject: RE: Charter Update 
				
				
				
				Is the WG consensus that RSA-OAEP, RSA-KEM,
and AES should be in separate, 
				independent documents. This would allow AES
to be used with any of the key 
				management techniques? 
				
				Russ 



Received: by above.proper.com (8.11.6/8.11.3) id g43KiG421987 for ietf-smime-bks; Fri, 3 May 2002 13:44:16 -0700 (PDT)
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.11.6/8.11.3) with ESMTP id g43KiFa21983 for <ietf-smime@imc.org>; Fri, 3 May 2002 13:44:15 -0700 (PDT)
Received: from DEXTER ([192.168.0.7]) by brutesquadlabs.com with SMTP ; Fri, 3 May 2002 13:44:05 -0700
Message-ID: <084401c1f2e2$16c2f250$0700a8c0@brutesquadlabs.com>
From: "Blake Ramsdell" <blake@brutesquadlabs.com>
To: "Peter Gutmann" <pgut001@cs.aucKland.ac.nz>, <ietf-smime@imc.org>, <mutz@kde.org>
References: <200205031415.CAA74677@ruru.cs.auckland.ac.nz>
Subject: Re: rfc2633bis and multipart/encrypted
Date: Fri, 3 May 2002 13:35:39 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

----- Original Message -----
From: "Peter Gutmann" <pgut001@cs.aucKland.ac.nz>
To: <ietf-smime@imc.org>; <mutz@kde.org>
Sent: Friday, May 03, 2002 7:15 AM
Subject: Re: rfc2633bis and multipart/encrypted


>
> Marc Mutz <mutz@kde.org> quotes:
>
> >While we are on the topic of MIME and encryption -- does anyone know
> >the history behind S/MIME not using multipart/encrypted of RFC 1847
> >for encrypted data?
>
> Politics AFAIK.  The encryption stuff in RFC 1847 was part of the MOSS
> worldview, and MOSS != S/MIME.  At the time, RSADSI and the RSA patent
were a
> bigger hammer, so S/MIME won.

This is mostly true.  Another part of this is that we ended up adopting
multipart/signed, and deliberately chose not to adopt multipart/encrypted
for some reason (which I think is what Russ pointed out as backward
compatibility).  I think the general argument was that it didn't add
anything to the protocol or the processing of the data, and the only thing
that it might add in our case is a potential clue to the processing agent
that "this thing is encrypted".  I thought there was a thread about this,
but I couldn't find it.

Blake



Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g43GvPY14893 for ietf-smime-bks; Fri, 3 May 2002 09:57:25 -0700 (PDT)
Received: from c000.snv.cp.net (h008.c000.snv.cp.net [209.228.32.72]) by above.proper.com (8.11.6/8.11.3) with SMTP id g43GvNa14889 for <ietf-smime@imc.org>; Fri, 3 May 2002 09:57:23 -0700 (PDT)
Received: (cpmta 4736 invoked from network); 3 May 2002 09:57:19 -0700
Received: from 217.82.82.229 (HELO dirichlet.mathematik.uni-bielefeld.de) by smtp.mutz.com (209.228.32.72) with SMTP; 3 May 2002 09:57:19 -0700
X-Sent: 3 May 2002 16:57:19 GMT
From: Marc Mutz <mutz@kde.org>
Organization: KDE
To: ietf-smime@imc.org
Subject: Re: rfc2633bis and multipart/encrypted
Date: Fri, 3 May 2002 18:56:41 +0200
User-Agent: KMail/1.4.5
References: <200205031415.CAA74677@ruru.cs.auckland.ac.nz>
In-Reply-To: <200205031415.CAA74677@ruru.cs.auckland.ac.nz>
X-PGP-Key: 0xBDBFE838
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Content-Description: clearsigned data
Content-Disposition: inline
Message-Id: <200205031856.42583@sendmail.mutz.com>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Maybe I should introduce myself first:
I'm a KMail (kmail.kde.org) developer and responsible for the next-generation 
message handling code that will creep into KMail over the next months.
As such, I'm partly remotely, partly directly involved in the Aegypten Project 
of the German government (www.gnupg.org/aegypten), which aims to bring S/MIME 
support to the well-known OpenPGP imlementation GnuPG, and incorporate 
support into OSS mail clients, chiefly KMail and mutt.

On Friday 03 May 2002 16:15, Peter Gutmann wrote:
> Marc Mutz <mutz@kde.org> quotes:
> >While we are on the topic of MIME and encryption -- does anyone know
> >the history behind S/MIME not using multipart/encrypted of RFC 1847
> >for encrypted data?
>
> Politics AFAIK.  The encryption stuff in RFC 1847 was part of the MOSS
> worldview, and MOSS != S/MIME.  At the time, RSADSI and the RSA patent were
> a bigger hammer, so S/MIME won.

The few arguments for using an application subtype for encrypted/signed data 
and CRLs are handwaving at best.
Now we implementors are stuck with a - let's say - suboptimal solution and the 
clean solution is disallowed by not even mentioning it in the RFC.

What are arguments against including
multipart/encrypted; protocol="application/pkcs7-encrypted"
with a "MAY create / SHOULD understand" in the successor of RFC 2633?

This would at least open the door for adoption in the future.
Then S/MIMEv2 -> S/MIMEv3 transition seems to have had some potentially much 
more grave disruptions than introducing mp/encrypted.

> (Having said that, multipart/encrypted is pretty clunky (signed data is a
>  different issue). 

- From an implementor's POV, multipart/encrypted is by no means "clunky". Yes, 
it adds an outer and an inner body part of hot air around the interesting 
stuff, but the headers of the "hot air" body parts are what counts. They 
contain the information used by the MUA to dispatch the content to the right 
backend crypto engine. What's more, it allows MUAs to guess (rightly so) that 
what comes back from the crypto engine is only another mime entity (something 
that needs further processing by the MUA itself), while that isn't at all 
clear when using application/pkcs7-mime. There, the MUA doesn't even know 
whether it's an CRL, a signed document, an encrypted document or simply 
CMS-wrapped data without cryptography. :-( (Without particular knowledge of 
S/MIME, that is.)

I understand that some (to me obscure) gatewaying and backwards compat issues, 
paired with politics, have prevented the inclusion of an elegant solution. 
app/pgp has been deprecated - and successfully so. Time to try the same with 
app/pkcs7-mime, I'd say.

> OTOH given the perpetual-motion-machine nature of
> debates over this in 1995-1996, it's arguable that any decision would have
> been regarded as bad by some subset of people).

Back at politics, then... :-(

Marc

- -- 
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE80sFJ3oWD+L2/6DgRAifHAKCiuoPG4tIoErrapAH26P5sRBRiIQCfUS3r
R++N3nYDzvGfdHUXlPD+l+A=
=ZZbO
-----END PGP SIGNATURE-----



Received: by above.proper.com (8.11.6/8.11.3) id g43EQAY10383 for ietf-smime-bks; Fri, 3 May 2002 07:26:10 -0700 (PDT)
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g43EQ9a10378 for <ietf-smime@imc.org>; Fri, 3 May 2002 07:26:09 -0700 (PDT)
Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 3 May 2002 14:24:41 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA03297 for <ietf-smime@imc.org>; Fri, 3 May 2002 10:24:21 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g43EQ8q10043 for <ietf-smime@imc.org>; Fri, 3 May 2002 10:26:08 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX155WC>; Fri, 3 May 2002 10:23:32 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.64]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX155WA; Fri, 3 May 2002 10:23:26 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Marc Mutz <mutz@kde.org>
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020503101741.020a3a50@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 03 May 2002 10:18:26 -0400
Subject: Re: rfc2633bis and multipart/encrypted
In-Reply-To: <200205031536.54926@sendmail.mutz.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Marc:

I recall a discussion about maintaining backward compatibility with S/MIME v2.

Russ


At 03:36 PM 5/3/2002 +0200, Marc Mutz wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi!
>
>I wonder why rfc2633(bis) doesn't mention (= doesn't allow) the rfc1847 
>way of
>_encrypting_ mime entities, but describes mp/signed as _preferred_.
>
>In message <ilu66752z6b.fsf@dhcp128.extundo.com>, Simon Josefsson wrote back
>in December:
> > While we are on the topic of MIME and encryption -- does anyone know
> > the history behind S/MIME not using multipart/encrypted of RFC 1847
> > for encrypted data?  This decision causes some pain when implementing
> > a client that supports both PGP and CMS; S/MIME encryption becomes a
> > special case.  Multipart/encrypted doesn't seem to have been discussed
> > here, judging by the mail archives at least.
>
>There was no reply.
>
>The only references I could find about mp/encrypted and rfc1847 were some
>comments about gateways breaking rfc1847, which is probably what the
>respective comments in the final rfc reflect.
>
>But given the rules for determining whether a given message is an S/MIME
>message, anything that could conceivably be done to a mp/encrypted at
>gateways would downgrade to the "filename extension" rule of S/MIME message
>detection.
>
>Thus, I don't see a reason to not use mp/encrypted - esp. as mp/signed is the
>preferred mode for signing.
>
>Can someone enlighten me?
>
>If there are no reasons against it, I'd propose to include it as the 
>preferred
>method of encrypting and define a new mimetype app/pkcs7-encrypted.
>
>It will degrade gracefully since old MUAs should treat unknown multipart
>subtypes as mp/mixed and by the file-extension rule, the app/octet-stream
>with filename *.p7m will be recognized as part of a S/MIME message.
>
>Marc
>
>- --
>Marc Mutz <mutz@kde.org>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.7 (GNU/Linux)
>
>iD8DBQE80pJ13oWD+L2/6DgRAqo+AKCEVWA8PCuwWhL9qqFHOWSGplgLVwCgxFDX
>MEmwcc1Np37bsO8hTutUTSY=
>=iZh1
>-----END PGP SIGNATURE-----


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g43EFn408900 for ietf-smime-bks; Fri, 3 May 2002 07:15:49 -0700 (PDT)
Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g43EFka08894 for <ietf-smime@imc.org>; Fri, 3 May 2002 07:15:47 -0700 (PDT)
Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.2/8.12.2) with ESMTP id g43EFfK4006111; Sat, 4 May 2002 02:15:41 +1200
Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id CAA74677; Sat, 4 May 2002 02:15:39 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Date: Sat, 4 May 2002 02:15:39 +1200 (NZST)
Message-ID: <200205031415.CAA74677@ruru.cs.auckland.ac.nz>
From: pgut001@cs.aucKland.ac.nz (Peter Gutmann)
To: ietf-smime@imc.org, mutz@kde.org
Subject: Re:  rfc2633bis and multipart/encrypted
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Marc Mutz <mutz@kde.org> quotes:

>While we are on the topic of MIME and encryption -- does anyone know
>the history behind S/MIME not using multipart/encrypted of RFC 1847
>for encrypted data?

Politics AFAIK.  The encryption stuff in RFC 1847 was part of the MOSS
worldview, and MOSS != S/MIME.  At the time, RSADSI and the RSA patent were a
bigger hammer, so S/MIME won.

(Having said that, multipart/encrypted is pretty clunky (signed data is a
 different issue).  OTOH given the perpetual-motion-machine nature of debates
 over this in 1995-1996, it's arguable that any decision would have been
 regarded as bad by some subset of people).

Peter.


Received: by above.proper.com (8.11.6/8.11.3) id g43DbSs06734 for ietf-smime-bks; Fri, 3 May 2002 06:37:28 -0700 (PDT)
Received: from c000.snv.cp.net (h020.c000.snv.cp.net [209.228.32.84]) by above.proper.com (8.11.6/8.11.3) with SMTP id g43DbRa06730 for <ietf-smime@imc.org>; Fri, 3 May 2002 06:37:27 -0700 (PDT)
Received: (cpmta 14588 invoked from network); 3 May 2002 06:37:22 -0700
Received: from 80.130.168.176 (HELO dirichlet.mathematik.uni-bielefeld.de) by smtp.mutz.com (209.228.32.84) with SMTP; 3 May 2002 06:37:22 -0700
X-Sent: 3 May 2002 13:37:22 GMT
From: Marc Mutz <mutz@kde.org>
Organization: KDE
To: ietf-smime@imc.org
Subject: rfc2633bis and multipart/encrypted
Date: Fri, 3 May 2002 15:36:53 +0200
User-Agent: KMail/1.4.5
X-PGP-Key: 0xBDBFE838
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Content-Description: clearsigned data
Content-Disposition: inline
Message-Id: <200205031536.54926@sendmail.mutz.com>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I wonder why rfc2633(bis) doesn't mention (= doesn't allow) the rfc1847 way of 
_encrypting_ mime entities, but describes mp/signed as _preferred_.

In message <ilu66752z6b.fsf@dhcp128.extundo.com>, Simon Josefsson wrote back 
in December:
> While we are on the topic of MIME and encryption -- does anyone know
> the history behind S/MIME not using multipart/encrypted of RFC 1847
> for encrypted data?  This decision causes some pain when implementing
> a client that supports both PGP and CMS; S/MIME encryption becomes a
> special case.  Multipart/encrypted doesn't seem to have been discussed
> here, judging by the mail archives at least.

There was no reply.

The only references I could find about mp/encrypted and rfc1847 were some 
comments about gateways breaking rfc1847, which is probably what the 
respective comments in the final rfc reflect.

But given the rules for determining whether a given message is an S/MIME 
message, anything that could conceivably be done to a mp/encrypted at 
gateways would downgrade to the "filename extension" rule of S/MIME message 
detection.

Thus, I don't see a reason to not use mp/encrypted - esp. as mp/signed is the 
preferred mode for signing.

Can someone enlighten me?

If there are no reasons against it, I'd propose to include it as the preferred 
method of encrypting and define a new mimetype app/pkcs7-encrypted.

It will degrade gracefully since old MUAs should treat unknown multipart 
subtypes as mp/mixed and by the file-extension rule, the app/octet-stream 
with filename *.p7m will be recognized as part of a S/MIME message.

Marc

- -- 
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE80pJ13oWD+L2/6DgRAqo+AKCEVWA8PCuwWhL9qqFHOWSGplgLVwCgxFDX
MEmwcc1Np37bsO8hTutUTSY=
=iZh1
-----END PGP SIGNATURE-----



Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4284Tb28966 for ietf-smime-bks; Thu, 2 May 2002 01:04:29 -0700 (PDT)
Received: from mailbu.belbone.be (mailbu.belbone.be [195.13.2.31]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4284Ra28956 for <ietf-smime@imc.org>; Thu, 2 May 2002 01:04:27 -0700 (PDT)
Received: from ETRUST001 (195.13.18.125) by mailbu.belbone.be; 2 May 2002 10:04:26 +0200
From: "Omer Hasret" <hasret@belbone.be>
To: "'Bonatti, Chris'" <BonattiC@ieca.com>
Cc: "'IETF SMIME WG'" <ietf-smime@imc.org>
Subject: RE: Protecting fields via message/rfc822 and merging issues
Date: Thu, 2 May 2002 10:04:23 +0200
Message-ID: <003301c1f1af$f94e8cd0$0900a8c0@ETRUST001>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
In-Reply-To: <LOEILJNBHBPKGOPJCMADCEAIEKAA.BonattiC@ieca.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Suggestion for "From:" field below,

-----Original Message-----
From: owner-ietf-smime@mail.imc.org
[mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Bonatti, Chris
Sent: mercredi 1 mai 2002 20:15
To: Blake Ramsdell
Cc: IETF SMIME WG
Subject: RE: Protecting fields via message/rfc822 and merging issues



Hi Blake,

  See embedded comments below.

> > b) Discarding the outer 822 message and looking only at the inner 
> > fields works provided that the inner message is complete.  However, 
> > it does not work if only a partial list of fields is included in the

> > inner message.  Also, since we negate the usefulness of the outer 
> > message in all cases, we strongly encourage that it be a blank
> > "dummy" message.  This would effectively require the
> > application to do security processing even to display
> > the originator, subject line, etc. -- fields normally
> > shown in a mailbox view.  Blake also correctly pointed
> > out that this would squash useful headers like "trace"
> > (i.e., Received:...) and things added by list exploders.
> 
> [bcr] Right, and I think this also includes header security
> policies (not necessarily cryptography, but generic 
> rewriting) applied by the organization such as rewritten 
> address lines for host name hiding or adding disclosed 
> recipients.  I think this is where we start running into a 
> problem, and where we're in danger of failing.

  I don't see this as so big a problem with (c).  All you need to do to
make sure that you don't override the outer fields is to ensure that
recipients aren't originating those fields in the inner wrapper.  I
could think of a number of ways to implement that.  In fact, it sounds
like an excellent market discriminator.  :-)


> > d) Include the signal in a CMS attribute - In a signed-only
> > or signed-and-encrypted message, the attribute should 
> > probably be in the inner signedAttrs.  For encrypted-only 
> > messages, it would have to go in the unprotectedAttrs, 
> > but this is not optimal since it shares the disadvantages 
> > of (a).  If this is the way forward, we have to have the 
> > subsequent discussion of whether to use an existing or 
> > new attribute.
> > 
> >   Obviously, my belief is that (d) is the only one that
> > works.  However, I'm not happy with how it works in the 
> > encrypted-only case.  I'm also somewhat sensitive to 
> > "attribute bloat".  I therefore earnestly hope somebody 
> > else sees something that I've missed.
> 
> [bcr] I think that the biggest problem I'm having is that
> we're trying to mix authenticated / unauthenticated / 
> encrypted / unencrypted headers together and try to do the 
> right thing in an automated fashion.  As much as as we might 
> like to define this, I think the only option might be to take 
> the coward's way out and explain that the presentation and 
> merging of the headers are the problem of the client, and 
> that it's not possible to automatically mix them.  The 
> realization that I'm coming to is that there is no utility in 
> merging the headers, and we shouldn't even attempt it, and we 
> should document that the client needs to potentially make 
> decisions about how much to trust the internal headers vs. 
> the external headers, and it is their responsibility to 
> demonstrate the separation.

  I take the point I think you're making that there might be numerous
GOOD ways of doing this depending on your assumptions, and that there
might therefore not be a BEST way.  If a product is capable of showing
you both and indicating what is authenticated or encrypted and what
isn't, that might be best.

> [bcr] My thinking right now is along the lines of the
> following, and I could very well be missing some important 
> issues:
> 
> 1. Use message/rfc822 with a full set of headers for the
> inner protected content.  This is backward compatible, and 
> it's entirely possible that existing clients might even 
> process this correctly.
> 
> 2. Define placebo values for any outer message required
> fields.

  I didn't figure we needed to do this, but it's more important in the
scenario you suggest.  For "Date:" I would suggest 1/1/1970 (zero in
UNIX, I think).  I guess I don't have a value to suggest for "From:".
The difficulty is that you need to have a minimally conformant address.
Anybody out there have a suggestion?


--------------------- From: John Doe?


> 3. Explain the client considerations for presentation.

  I still think that we can do better than saying nothing here.  Perhaps
we can describe a default rule similar to the option (c) I described,
hanging under a SHOULD.  That way, if there was a good reason to do
something different it's okay.

Best regards,
Chris





Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g41IEo022192 for ietf-smime-bks; Wed, 1 May 2002 11:14:50 -0700 (PDT)
Received: from Obsidian (pcp833816pcs.nrockv01.md.comcast.net [68.50.112.5]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g41IEna22188 for <ietf-smime@imc.org>; Wed, 1 May 2002 11:14:49 -0700 (PDT)
Received: from [127.0.0.1] by Obsidian (ArGoSoft Mail Server, Version 1.61 (1.6.1.9)); Wed, 1 May 2002 14:14:50 -0400
From: "Bonatti, Chris" <BonattiC@ieca.com>
To: "Blake Ramsdell" <blake@brutesquadlabs.com>
Cc: "IETF SMIME WG" <ietf-smime@imc.org>
Subject: RE: Protecting fields via message/rfc822 and merging issues
Date: Wed, 1 May 2002 14:14:49 -0400
Message-ID: <LOEILJNBHBPKGOPJCMADCEAIEKAA.BonattiC@ieca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: <0c0901c1f011$8131cf40$0700a8c0@brutesquadlabs.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g41IEoa22189
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Hi Blake,

  See embedded comments below.

> > b) Discarding the outer 822 message and looking only at the
> > inner fields works provided that the inner message is
> > complete.  However, it does not work if only a partial
> > list of fields is included in the inner message.  Also,
> > since we negate the usefulness of the outer message in
> > all cases, we strongly encourage that it be a blank
> > "dummy" message.  This would effectively require the
> > application to do security processing even to display
> > the originator, subject line, etc. -- fields normally
> > shown in a mailbox view.  Blake also correctly pointed
> > out that this would squash useful headers like "trace"
> > (i.e., Received:...) and things added by list exploders.
> 
> [bcr] Right, and I think this also includes header security 
> policies (not necessarily cryptography, but generic 
> rewriting) applied by the organization such as rewritten 
> address lines for host name hiding or adding disclosed 
> recipients.  I think this is where we start running into a 
> problem, and where we're in danger of failing.

  I don't see this as so big a problem with (c).  All you need to do to make sure that you don't override the outer fields is to ensure that recipients aren't originating those fields in the inner wrapper.  I could think of a number of ways to implement that.  In fact, it sounds like an excellent market discriminator.  :-)


> > d) Include the signal in a CMS attribute - In a signed-only 
> > or signed-and-encrypted message, the attribute should 
> > probably be in the inner signedAttrs.  For encrypted-only 
> > messages, it would have to go in the unprotectedAttrs, 
> > but this is not optimal since it shares the disadvantages 
> > of (a).  If this is the way forward, we have to have the 
> > subsequent discussion of whether to use an existing or 
> > new attribute.
> > 
> >   Obviously, my belief is that (d) is the only one that 
> > works.  However, I'm not happy with how it works in the 
> > encrypted-only case.  I'm also somewhat sensitive to 
> > "attribute bloat".  I therefore earnestly hope somebody 
> > else sees something that I've missed.
> 
> [bcr] I think that the biggest problem I'm having is that 
> we're trying to mix authenticated / unauthenticated / 
> encrypted / unencrypted headers together and try to do the 
> right thing in an automated fashion.  As much as as we might 
> like to define this, I think the only option might be to take 
> the coward's way out and explain that the presentation and 
> merging of the headers are the problem of the client, and 
> that it's not possible to automatically mix them.  The 
> realization that I'm coming to is that there is no utility in 
> merging the headers, and we shouldn't even attempt it, and we 
> should document that the client needs to potentially make 
> decisions about how much to trust the internal headers vs. 
> the external headers, and it is their responsibility to 
> demonstrate the separation.

  I take the point I think you're making that there might be numerous GOOD ways of doing this depending on your assumptions, and that there might therefore not be a BEST way.  If a product is capable of showing you both and indicating what is authenticated or encrypted and what isn't, that might be best.

> [bcr] My thinking right now is along the lines of the 
> following, and I could very well be missing some important 
> issues:
> 
> 1. Use message/rfc822 with a full set of headers for the 
> inner protected content.  This is backward compatible, and 
> it's entirely possible that existing clients might even 
> process this correctly.
> 
> 2. Define placebo values for any outer message required 
> fields.

  I didn't figure we needed to do this, but it's more important in the scenario you suggest.  For "Date:" I would suggest 1/1/1970 (zero in UNIX, I think).  I guess I don't have a value to suggest for "From:".  The difficulty is that you need to have a minimally conformant address.  Anybody out there have a suggestion?

> 3. Explain the client considerations for presentation.

  I still think that we can do better than saying nothing here.  Perhaps we can describe a default rule similar to the option (c) I described, hanging under a SHOULD.  That way, if there was a good reason to do something different it's okay.

Best regards,
Chris





Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g41HXEH21027 for ietf-smime-bks; Wed, 1 May 2002 10:33:14 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g41HXDa21023 for <ietf-smime@imc.org>; Wed, 1 May 2002 10:33:13 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <KCNTRCFZ>; Wed, 1 May 2002 13:33:10 -0400
Message-ID: <9A4F653B0A375841AC75A8D17712B9C90257AA2E@sottmxs04.entrust.com>
From: Mike Just <Mike.Just@entrust.com>
To: "'Housley, Russ'" <rhousley@rsasecurity.com>
Cc: ietf-smime@imc.org
Subject: RE: Why KEM?, RE: Charter Update
Date: Wed, 1 May 2002 13:33:09 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1F136.42A01540"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C1F136.42A01540
Content-Type: text/plain

Thanks Russ.  I did manage to look at your slides when you first posted them
to the list on April 17th.  I found them very helpful.   However, I think
Robert has raised some good points (based on the issues claimed in your
slides) that question the motivation for even considering a move to KEM.
I've attached his email below for your convenience.  I think we have chosen
a very good direction already with OAEP and am not convinced that we need to
change this.  
 
Mike
 
 
 
---- Robert's email of 04/19/2002 ---

-----Original Message-----
From: Robert Zuccherato [mailto:robert.zuccherato@entrust.com]
Sent: Friday, April 19, 2002 10:46 AM
To: 'Housley, Russ'; ietf-smime@imc.org
Subject: RE: Charter Update



Russ; 

Having not attended the Minneapolis meeting I must say that I was very
surprised by your recommendation to drop OAEP as the MUST implement key
transport mechanism with AES in favour of KEM.  It wasn't all that long ago
that you were attempting to get everyone (S/MIME, TLS, X9.44) to agree on
requiring OAEP with AES as a method of transitioning to OAEP from PKCS#1
v1.5.  Partly as a result of that effort, implementations of OAEP have
started to appear (e.g. OpenSSL) and transitions to OAEP can actually now
start to occur.  If we are going to introduce a new MUST algorithm, and thus
additional uncertainty about what to use and how to transition, we really
should have a good reason.

In your presentation you say that KEM has better security proofs.  That may
be, however, OAEP is still secure.  No actual weaknesses in it have been
found.  On RSA's website there is a description of recent results on OAEP
that says "... it makes little sense replacing OAEP with a "more secure"
encoding method, because if a CCA2 adversary is able to break RSAEP-OAEP,
then she will be able to break RSAEP equipped with any encoding method (if
maybe slightly less efficiently)."  (
http://www.rsasecurity.com/rsalabs/rsa_algorithm/oaep_security.html
<http://www.rsasecurity.com/rsalabs/rsa_algorithm/oaep_security.html> )
Thus, there is no need to introduce KEM for security reasons.

Your presentation also lists some standards that already include KEM.
However, all of the ones that are listed except TLS also specify OAEP (ANSI
X9.44, IEEE P1363, ISO/IEC 18033-2, PKCS#1, S/MIME).  TLS, while it
specifies a variant of KEM, doesn't actually use anything that is compatible
with the KEM that S/MIME (and the other groups listed) would be using.  I
would also like to point out that XML Encryption has OAEP as a required key
transport method.  At this point it does seem like OAEP is starting to get
adopted by other groups and thus introducing KEM now seems to be
counterproductive.

It is true that with OAEP the message length is bounded.  However, for our
requirements here, is that really an issue?  

For these reasons I think we should reconsider your proposal to use RSA-KEM
instead of RSA-OAEP in draft-ietf-smime-aes-alg.


Robert Zuccherato 
Entrust, Inc. 

--------------------------------------------
 
 

-----Original Message-----
From: Housley, Russ [mailto:rhousley@rsasecurity.com]
Sent: Wednesday, May 01, 2002 1:22 PM
To: Mike Just
Cc: ietf-smime@imc.org
Subject: Re: Why KEM?, RE: Charter Update


Mike:

I think that I did respond to Robert's question.  At IETF 53, I gave a
presentation on this subject.  You can see the slides at
http://www.ietf.org/proceedings/02mar/slides/smime-1/index.html
<http://www.ietf.org/proceedings/02mar/slides/smime-1/index.html> .

Russ


At 01:14 PM 5/1/2002 -0400, Mike Just wrote:



It's not clear to me that there is consensus on this path (unfortunately,
there seemed to be no reaction on either side to this email) as reflected in
the latest version of the Charter.

I'd like to re-iterate Robert's concerns (from his e-mail of 04/19/2002) and
ask the fundamental question: Why are we even considering KEM when we
already have a sufficient solution with OAEP?

Mike 

-----Original Message----- 
From: Housley, Russ [ mailto:rhousley@rsasecurity.com
<mailto:rhousley@rsasecurity.com> ] 
Sent: Wednesday, April 24, 2002 5:14 PM 
To: ietf-smime@imc.org 
Subject: RE: Charter Update 


Is the WG consensus that RSA-OAEP, RSA-KEM, and AES should be in separate, 
independent documents.  This would allow AES to be used with any of the key 
management techniques? 

Russ 


------_=_NextPart_001_01C1F136.42A01540
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">


<META content=3D"MSHTML 5.50.4913.1100" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff size=3D2>Thanks=20
Russ.&nbsp; I did manage to look at your slides when you first posted =
them to=20
the list on April 17th.&nbsp; I found them very helpful.&nbsp;&nbsp; =
However, I=20
think Robert has raised some good points (based on the issues claimed =
in your=20
slides) that question the motivation for even considering a move to =
KEM.&nbsp;=20
I've attached his email below for your convenience.&nbsp; I think we =
have chosen=20
a very good direction already with OAEP and am not convinced that we =
need to=20
change this.&nbsp; </FONT></SPAN></DIV>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>Mike</FONT></SPAN></DIV>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff size=3D2>----=20
Robert's email of 04/19/2002 ---</FONT></SPAN></DIV>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff size=3D2>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
  <DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
  size=3D2>-----Original Message-----<BR><B>From:</B> Robert Zuccherato =

  [mailto:robert.zuccherato@entrust.com]<BR><B>Sent:</B> Friday, April =
19, 2002=20
  10:46 AM<BR><B>To:</B> 'Housley, Russ'; =
ietf-smime@imc.org<BR><B>Subject:</B>=20
  RE: Charter Update<BR><BR></FONT></DIV>
  <P><FONT size=3D2>Russ;</FONT> </P>
  <P><FONT size=3D2>Having not attended the Minneapolis meeting I must =
say that I=20
  was very surprised by your recommendation to drop OAEP as the MUST =
implement=20
  key transport mechanism with AES in favour of KEM.&nbsp; It wasn't =
all that=20
  long ago that you were attempting to get everyone (S/MIME, TLS, =
X9.44) to=20
  agree on requiring OAEP with AES as a method of transitioning to OAEP =
from=20
  PKCS#1 v1.5.&nbsp; Partly as a result of that effort, implementations =
of OAEP=20
  have started to appear (e.g. OpenSSL) and transitions to OAEP can =
actually now=20
  start to occur.&nbsp; If we are going to introduce a new MUST =
algorithm, and=20
  thus additional uncertainty about what to use and how to transition, =
we really=20
  should have a good reason.</FONT></P>
  <P><FONT size=3D2>In your presentation you say that KEM has better =
security=20
  proofs.&nbsp; That may be, however, OAEP is still secure.&nbsp; No =
actual=20
  weaknesses in it have been found.&nbsp; On RSA's website there is a=20
  description of recent results on OAEP that says "... it makes little =
sense=20
  replacing OAEP with a "more secure" encoding method, because if a =
CCA2=20
  adversary is able to break RSAEP-OAEP, then she will be able to break =
RSAEP=20
  equipped with any encoding method (if maybe slightly less =
efficiently)."&nbsp;=20
  (<A target=3D_blank=20
  =
href=3D"http://www.rsasecurity.com/rsalabs/rsa_algorithm/oaep_security.h=
tml">http://www.rsasecurity.com/rsalabs/rsa_algorithm/oaep_security.html=
</A>)&nbsp;=20
  Thus, there is no need to introduce KEM for security =
reasons.</FONT></P>
  <P><FONT size=3D2>Your presentation also lists some standards that =
already=20
  include KEM.&nbsp; However, all of the ones that are listed except =
TLS also=20
  specify OAEP (ANSI X9.44, IEEE P1363, ISO/IEC 18033-2, PKCS#1, =
S/MIME).&nbsp;=20
  TLS, while it specifies a variant of KEM, doesn't actually use =
anything that=20
  is compatible with the KEM that S/MIME (and the other groups listed) =
would be=20
  using.&nbsp; I would also like to point out that XML Encryption has =
OAEP as a=20
  required key transport method.&nbsp; At this point it does seem like =
OAEP is=20
  starting to get adopted by other groups and thus introducing KEM now =
seems to=20
  be counterproductive.</FONT></P>
  <P><FONT size=3D2>It is true that with OAEP the message length is =
bounded.&nbsp;=20
  However, for our requirements here, is that really an issue?&nbsp; =
</FONT></P>
  <P><FONT size=3D2>For these reasons I think we should reconsider your =
proposal=20
  to use RSA-KEM instead of RSA-OAEP in =
draft-ietf-smime-aes-alg.</FONT></P><BR>
  <P><FONT size=3D2>Robert Zuccherato</FONT> <BR><FONT =
size=3D2>Entrust, Inc.</FONT>=20
  </P></BLOCKQUOTE></FONT></SPAN></DIV>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>--------------------------------------------</FONT></SPAN></DIV=
>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D364562717-01052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
  <DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
  size=3D2>-----Original Message-----<BR><B>From:</B> Housley, Russ=20
  [mailto:rhousley@rsasecurity.com]<BR><B>Sent:</B> Wednesday, May 01, =
2002 1:22=20
  PM<BR><B>To:</B> Mike Just<BR><B>Cc:</B> =
ietf-smime@imc.org<BR><B>Subject:</B>=20
  Re: Why KEM?, RE: Charter Update<BR><BR></FONT></DIV>Mike:<BR><BR>I =
think that=20
  I did respond to Robert's question.&nbsp; At IETF 53, I gave a =
presentation on=20
  this subject.&nbsp; You can see the slides at <A=20
  =
href=3D"http://www.ietf.org/proceedings/02mar/slides/smime-1/index.html"=
=20
  =
eudora=3D"autourl">http://www.ietf.org/proceedings/02mar/slides/smime-1/=
index.html</A>.<BR><BR>Russ<BR><BR><BR>At=20
  01:14 PM 5/1/2002 -0400, Mike Just wrote:<BR><BR>
  <BLOCKQUOTE class=3Dcite cite type=3D"cite"><FONT size=3D2>It's not =
clear to me=20
    that there is consensus on this path (unfortunately, there seemed =
to be no=20
    reaction on either side to this email) as reflected in the latest =
version of=20
    the Charter.<BR></FONT><BR><FONT size=3D2>I'd like to re-iterate =
Robert's=20
    concerns (from his e-mail of 04/19/2002) and ask the fundamental =
question:=20
    Why are we even considering KEM when we already have a sufficient =
solution=20
    with OAEP?<BR></FONT><BR><FONT size=3D2>Mike <BR></FONT><BR><FONT=20
    size=3D2>-----Original Message-----</FONT> <BR><FONT size=3D2>From: =
Housley,=20
    Russ [<A=20
    =
href=3D"mailto:rhousley@rsasecurity.com">mailto:rhousley@rsasecurity.com=
</A>]</FONT>=20
    <BR><FONT size=3D2>Sent: Wednesday, April 24, 2002 5:14 PM</FONT> =
<BR><FONT=20
    size=3D2>To: ietf-smime@imc.org</FONT> <BR><FONT size=3D2>Subject: =
RE: Charter=20
    Update</FONT> <BR><BR><BR><FONT size=3D2>Is the WG consensus that =
RSA-OAEP,=20
    RSA-KEM, and AES should be in separate, </FONT><BR><FONT =
size=3D2>independent=20
    documents.&nbsp; This would allow AES to be used with any of the =
key=20
    </FONT><BR><FONT size=3D2>management techniques?</FONT> =
<BR><BR><FONT=20
    size=3D2>Russ</FONT> </BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C1F136.42A01540--


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g41HNBJ20499 for ietf-smime-bks; Wed, 1 May 2002 10:23:11 -0700 (PDT)
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g41HN9a20493 for <ietf-smime@imc.org>; Wed, 1 May 2002 10:23:09 -0700 (PDT)
Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 1 May 2002 17:21:44 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id NAA06753 for <ietf-smime@imc.org>; Wed, 1 May 2002 13:21:25 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g41HNAT22866 for <ietf-smime@imc.org>; Wed, 1 May 2002 13:23:10 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1Z9TQ>; Wed, 1 May 2002 13:20:35 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.38]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1Z9TL; Wed, 1 May 2002 13:20:28 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Mike Just <Mike.Just@entrust.com>
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020501131918.02cd7b58@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 01 May 2002 13:21:30 -0400
Subject: Re: Why KEM?, RE: Charter Update
In-Reply-To: <9A4F653B0A375841AC75A8D17712B9C90257AA2D@sottmxs04.entrust .com>
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

<html>
Mike:<br><br>
I think that I did respond to Robert's question.&nbsp; At IETF 53, I gave
a presentation on this subject.&nbsp; You can see the slides at
<a href="http://www.ietf.org/proceedings/02mar/slides/smime-1/index.html" eudora="autourl">http://www.ietf.org/proceedings/02mar/slides/smime-1/index.html</a>.<br><br>
Russ<br><br>
<br>
At 01:14 PM 5/1/2002 -0400, Mike Just wrote:<br><br>
<blockquote type=cite class=cite cite><font size=2>It's not clear to me
that there is consensus on this path (unfortunately, there seemed to be
no reaction on either side to this email) as reflected in the latest
version of the Charter.<br>
</font><br>
<font size=2>I'd like to re-iterate Robert's concerns (from his e-mail of
04/19/2002) and ask the fundamental question: Why are we even considering
KEM when we already have a sufficient solution with OAEP?<br>
</font><br>
<font size=2>Mike <br>
</font><br>
<font size=2>-----Original Message-----</font> <br>
<font size=2>From: Housley, Russ
[<a href="mailto:rhousley@rsasecurity.com">mailto:rhousley@rsasecurity.com</a>]</font>
<br>
<font size=2>Sent: Wednesday, April 24, 2002 5:14 PM</font> <br>
<font size=2>To: ietf-smime@imc.org</font> <br>
<font size=2>Subject: RE: Charter Update</font> <br><br>
<br>
<font size=2>Is the WG consensus that RSA-OAEP, RSA-KEM, and AES should
be in separate, </font><br>
<font size=2>independent documents.&nbsp; This would allow AES to be used
with any of the key </font><br>
<font size=2>management techniques?</font> <br><br>
<font size=2>Russ</font> </blockquote></html>


Received: by above.proper.com (8.11.6/8.11.3) id g41HEAp20288 for ietf-smime-bks; Wed, 1 May 2002 10:14:10 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g41HE8a20284 for <ietf-smime@imc.org>; Wed, 1 May 2002 10:14:08 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <KCNTRB63>; Wed, 1 May 2002 13:14:05 -0400
Message-ID: <9A4F653B0A375841AC75A8D17712B9C90257AA2D@sottmxs04.entrust.com>
From: Mike Just <Mike.Just@entrust.com>
To: "'Housley, Russ'" <rhousley@rsasecurity.com>, ietf-smime@imc.org
Subject: Why KEM?, RE: Charter Update
Date: Wed, 1 May 2002 13:14:03 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1F133.97C1A140"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C1F133.97C1A140
Content-Type: text/plain

It's not clear to me that there is consensus on this path (unfortunately,
there seemed to be no reaction on either side to this email) as reflected in
the latest version of the Charter.

I'd like to re-iterate Robert's concerns (from his e-mail of 04/19/2002) and
ask the fundamental question: Why are we even considering KEM when we
already have a sufficient solution with OAEP?

Mike 

-----Original Message-----
From: Housley, Russ [mailto:rhousley@rsasecurity.com]
Sent: Wednesday, April 24, 2002 5:14 PM
To: ietf-smime@imc.org
Subject: RE: Charter Update



Is the WG consensus that RSA-OAEP, RSA-KEM, and AES should be in separate, 
independent documents.  This would allow AES to be used with any of the key 
management techniques?

Russ

------_=_NextPart_001_01C1F133.97C1A140
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>Why KEM?, RE: Charter Update</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>It's not clear to me that there is consensus on this =
path (unfortunately, there seemed to be no reaction on either side to =
this email) as reflected in the latest version of the =
Charter.</FONT></P>

<P><FONT SIZE=3D2>I'd like to re-iterate Robert's concerns (from his =
e-mail of 04/19/2002) and ask the fundamental question: Why are we even =
considering KEM when we already have a sufficient solution with =
OAEP?</FONT></P>

<P><FONT SIZE=3D2>Mike </FONT>
</P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Housley, Russ [<A =
HREF=3D"mailto:rhousley@rsasecurity.com">mailto:rhousley@rsasecurity.com=
</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Wednesday, April 24, 2002 5:14 PM</FONT>
<BR><FONT SIZE=3D2>To: ietf-smime@imc.org</FONT>
<BR><FONT SIZE=3D2>Subject: RE: Charter Update</FONT>
</P>
<BR>
<BR>

<P><FONT SIZE=3D2>Is the WG consensus that RSA-OAEP, RSA-KEM, and AES =
should be in separate, </FONT>
<BR><FONT SIZE=3D2>independent documents.&nbsp; This would allow AES to =
be used with any of the key </FONT>
<BR><FONT SIZE=3D2>management techniques?</FONT>
</P>

<P><FONT SIZE=3D2>Russ</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C1F133.97C1A140--


Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g41F14c16614 for ietf-smime-bks; Wed, 1 May 2002 08:01:04 -0700 (PDT)
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g41F12a16610 for <ietf-smime@imc.org>; Wed, 1 May 2002 08:01:02 -0700 (PDT)
Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 1 May 2002 14:59:37 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA22058 for <ietf-smime@imc.org>; Wed, 1 May 2002 10:59:21 -0400 (EDT)
Received: from exrsa01.rsa.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g41F17805114 for <ietf-smime@imc.org>; Wed, 1 May 2002 11:01:07 -0400 (EDT)
Received: by exrsa01.rsa.com with Internet Mail Service (5.5.2653.19) id <FVAZFXDR>; Wed, 1 May 2002 08:01:00 -0700
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.58]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1Z7AY; Wed, 1 May 2002 10:58:28 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020501105747.02cad2c0@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 01 May 2002 11:00:07 -0400
Subject: Re: Charter Update
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=====================_13120766==_"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

--=====================_13120766==_
Content-Type: text/plain; charset="us-ascii"; format=flowed

Here is an update to the document that I posted earlier.  I think that it 
addresses all of the comments.

Russ


--=====================_13120766==_
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: attachment; filename="Charter4.txt"


S/MIME Mail Security (smime)

Chair:
     Russ Housley <rhousley@rsasecurity.com>

Security Area Director:
     Jeffrey Schiller <jis@mit.edu>
     Marcus Leech <mleech@nortel.ca>

Mailing Lists:
     General Discussion: ietf-smime@imc.org
     To Subscribe:       ietf-smime-request@imc.org
     Archive:            http://www.imc.org/ietf-smime/

Description of Working Group:

The S/MIME Working Group has completed a series of Proposed  
Standards that comprise the S/MIME version 3 specification.   
Current efforts update and build upon these base specifications.

The Cryptographic Message Syntax (CMS) is cryptographic algorithm 
independent, yet there is always more than one way to use any 
algorithm.  To ensure interoperability, each algorithm should have
a specification that describes its use with CMS.  Specifications 
for the use of additional cryptographic algorithms will be 
developed.

As part of the specification update, a new suite of "mandatory 
to implement" algorithms will be selected.  These algorithms will
be reflected in updates to RFC 2632 and RFC 2633.

To aid implementers, documents containing example output for CMS
will be collected and published.  Some of the examples will include
structures and signed attributes defined in the Enhanced Security
Services (ESS) document.

In some situations it would be advantageous for the CMS RecipientInfo 
structure to support additional key management techniques, including 
cryptographic keys derived from passwords.  Also, a mechanism to 
facilitate the definition of additional key management techniques
will be defined.

Compressing data prior to encryption or signature has a number of 
advantages.  Compression improves security by removing known data 
patterns, improves throughput by reducing the amount of data which
needs to be encrypted or hashed, and reduces the overall message 
size.  Enabling S/MIME version 3 to use compression will provide 
all of these advantages.

S/MIME version 3 permits the use of previously distributed 
symmetric key-encryption keys.  Specifications for the distribution
of symmetric key-encryption keys to multiple message recipients 
will be developed.  Mail List Agents (MLAs) are one user of 
symmetric key-encryption keys.  The specification will be algorithm 
independent.

S/MIME version 3 supports security labels.  Specifications that show 
how this feature can be used to implement an organizational security 
policy will be developed.  Security policies from large organizations 
will be used as examples.

As part of S/MIME version 3, CMS is used to provide security 
to the message content.  CMS can also be employed in an X.400
electronic messaging envionments.  Specifications will be 
developed allowing this to be done in an interoperable manner.

Perform necessary interoperability testing to progress the S/MIME
version 3 specifications to Draft Standard.  Due to the dependency
of the CMS specification on the PKIX certificate and CRL profile,
the timeline for the actual progression is impossible to estimate.


Goals and Milestones:

History:
     Submit CMS compressed data content type a Proposed Standard.
     Submit security label usage specification as Informational RFC.
     Submit elliptic curve algorithm specification as Informational RFC.
     Submit mail list key distribution as a Proposed Standard.
     Submit update to RFC 2630 as a Proposed Standard.
     Submit AES key wrap algorithm description as Informational RFC.
     Last call on X.400 CMS wrapper specification.
     Last call on X.400 transport specification.
     Last call on HMAC key wrap description specification.
     First draft of CMS and ESS examples document.
     First draft of RSA OAEP algorithm specification.
     First draft of AES algorithm specification.
     First draft of update to RFC 2632.
     Frist draft of update to RFC 2633.

May 2002:
     First draft of RSA KEM algorithm specification.
     Submit X.400 CMS wrapper specification as a Proposed Standard.
     Submit X.400 transport as a Proposed Standard.
     Submit HMAC key wrap description as an Informational RFC.

June 2002:
     First draft of RSA PSS algorithm specification.
     Last call on CMS and ESS examples document.

July 2002:
     Last call on update to RFC 2632.
     Last call on update to RFC 2633.
     Last call on AES algorithm specification.
     Last call on RSA OAEP algorithm specification.

August 2002:
     Last call on RSA KEM algorithm specification.
     Submit CMS and ESS examples document as Informational RFC.

September 2002:
     Last call on RSA PSS algorithm specification.

October 2002:
     Sumbit update to RFC 2632 as Proposed Standard.
     Sumbit update to RFC 2633 as Proposed Standard.

December 2002:
     Sumbit AES algorithm specification as Proposed Standard.
     Submit RSA KEM algorithm specification as Proposed Standard.
     Submit RSA PSS algorithm specification as Proposed Standard.
     Submit RSA OAEP algorithm specification as Historical RFC.

--=====================_13120766==_--