Re: I-D ACTION:draft-ietf-smime-examples-02.txt
Paul Hoffman / IMC <phoffman@imc.org> Thu, 30 September 1999 16:59 UTC
Received: from mail.imc.org (ns.secondary.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA13889 for <smime-archive@odin.ietf.org>; Thu, 30 Sep 1999 12:59:30 -0400 (EDT)
Received: by mail.imc.org (8.9.3/8.9.3) id JAA18563 for ietf-smime-bks; Thu, 30 Sep 1999 09:23:07 -0700 (PDT)
Received: from Default (ip12.proper.com [165.227.249.12]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id JAA18559 for <ietf-smime@imc.org>; Thu, 30 Sep 1999 09:23:06 -0700 (PDT)
Message-Id: <4.2.0.58.19990930092300.00c12340@mail.imc.org>
X-Sender: phoffman@mail.imc.org
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Thu, 30 Sep 1999 09:23:58 -0700
To: ietf-smime@imc.org
From: Paul Hoffman / IMC <phoffman@imc.org>
Subject: Re: I-D ACTION:draft-ietf-smime-examples-02.txt
In-Reply-To: <199909301100.HAA04495@ietf.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Just a reminder that this draft is mostly being discussed on the ietf-smime-examples@imc.org mailing list. If you are an S/MIME developer, you should certainly be on that list as well as this one, and you should certainly start testing the examples in this draft. --Paul Hoffman, Director --Internet Mail Consortium Received: by mail.imc.org (8.9.3/8.9.3) id JAA18563 for ietf-smime-bks; Thu, 30 Sep 1999 09:23:07 -0700 (PDT) Received: from Default (ip12.proper.com [165.227.249.12]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id JAA18559 for <ietf-smime@imc.org>; Thu, 30 Sep 1999 09:23:06 -0700 (PDT) Message-Id: <4.2.0.58.19990930092300.00c12340@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Thu, 30 Sep 1999 09:23:58 -0700 To: ietf-smime@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: I-D ACTION:draft-ietf-smime-examples-02.txt In-Reply-To: <199909301100.HAA04495@ietf.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Just a reminder that this draft is mostly being discussed on the ietf-smime-examples@imc.org mailing list. If you are an S/MIME developer, you should certainly be on that list as well as this one, and you should certainly start testing the examples in this draft. --Paul Hoffman, Director --Internet Mail Consortium Received: by mail.imc.org (8.9.3/8.9.3) id EAA11196 for ietf-smime-bks; Thu, 30 Sep 1999 04:00:00 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id DAA11189 for <ietf-smime@imc.org>; Thu, 30 Sep 1999 03:59:58 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA04495; Thu, 30 Sep 1999 07:00:20 -0400 (EDT) Message-Id: <199909301100.HAA04495@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-smime@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-smime-examples-02.txt Date: Thu, 30 Sep 1999 07:00:20 -0400 Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the S/MIME Mail Security Working Group of the IETF. Title : Examples of S/MIME Messages Author(s) : P. Hoffman Filename : draft-ietf-smime-examples-02.txt Pages : 8 Date : 29-Sep-99 This document gives examples of message bodies formatted using S/MIME. Specifically, it has examples of Cryptographic Message Syntax (CMS) objects, S/MIME messages (including the MIME formatting), and Enhanced Security Services for S/MIME (ESS). It includes examples of most or all common CMS and ESS formats; in addition, it gives examples that show common pitfalls in implementing CMS. The purpose of this document is to help increase interoperability for S/MIME and other protocols that rely on CMS. This draft is being discussed on the 'ietf-smime' mailing list. To join the list, send a message to <ietf-smime-request@imc.org> with the single word 'subscribe' in the body of the message. Also, there is a Web site for the mailing list at <http://www.imc.org/ietf-smime/>. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-examples-02.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-smime-examples-02.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-smime-examples-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19990929141854.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-smime-examples-02.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-smime-examples-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19990929141854.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.imc.org (8.9.3/8.9.3) id CAA21635 for ietf-smime-bks; Wed, 29 Sep 1999 02:43:40 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.8.31]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id CAA21366; Wed, 29 Sep 1999 02:41:09 -0700 (PDT) Received: from bull.net (frcls6118.frcl.bull.fr [129.182.109.213]) by clbull.frcl.bull.fr (8.9.2/8.9.1) with ESMTP id JAA16424; Mon, 27 Sep 1999 09:56:34 +0200 Message-ID: <37EF3130.27972F5E@bull.net> Date: Mon, 27 Sep 1999 09:56:16 +0100 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.06 [fr] (Win95; I) MIME-Version: 1.0 To: S-MIME / IETF <ietf-smime@imc.org>, IETF-PXIX <ietf-pkix@imc.org>, w3c-ietf-xmldsig@w3.org Subject: Call for Comments on draft ETSI Electronic Signature Standard Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Call for Comments on draft ETSI Electronic Signature Standard Note: This message is posted to the following IETF mailing lists: PKIX: ietf-pkix@imc.org S-MIME: ietf-smime@imc.org XML DIG-SIG: w3c-ietf-xmldsig@w3.org If you subscribed to these mailing lists, you will receive the message for each of them. Sorry for the inconvenience. ETSI has issued the draft "Electronic signature standardisation for business transactions", ETSI ES 201 733 for a last round of comments, before asking its members to vote on the document. The draft standard (108 pages - 428 ko) is available from: http://docbox.etsi.org/tech-org/security/open/el-sign/Draft_ES_201733_v-1-1-3.pdf The document has been developed by the ETSI SEC working group on Electronic Signature and Infrastructures, as part of the European Electronic Signature Standardisation Initiative (EESSI). It is issued as a draft ETSI standard for a last round of comments. Scope and contents of the draft The aim of the document is to provide specifications so as to allow for full compatibility of secure business transactions with regard to electronic signatures. It covers all types of business transactions, between an individual and a company, between two companies, between an individual and a governmental body, etc... Being independent of any platform, it can be applied to any environment, such as smart cards, GSM SIM cards, etc. Business actors, using different products, will be able to complete secure transactions by relying on the standard in order to create, read, interpret and validate electronic signatures. The standard offers simple and more advanced forms of signatures according to the signature policy, the latter in order to meet requirements of long-term validity. The document defines: · Formats for various forms of Electronic Signatures, · An experimental format for Signature Policies. The format of Electronic Signatures uses the existing Cryptographic Message Syntax (CMS), as defined in RFC 2630, and Enhanced Security Services (ESS), as defined in RFC 2634. It uses signed and unsigned attributes defined in CMS, ESS and the present document. The signature policy is a set of rules for the creation and validation of an electronic signature, under which the signature can be determined to be valid. It may be defined in free text or using formal syntax and semantic. In the first case the validation of an Electronic Signature may be done using a specific validation box that must conform to the description of the signature policy while in the second case the validation may be done using a generic validation box able to process any signature policy. Informative annexes describe: · an example structured content, · the relationship between the present document and the European draft directive on electronic signature and associated standardisation initiatives, · APIs to support the generation and the verification of electronic signatures, · Cryptographic algorithms that may be used, · Guidance on naming. In order to get a broader feedback from the technical and business communities ETSI has chosen to place the document in the public domain for comments rather than to limit it to its membership. Comments are welcome until October 31, 1999. After processing the comments the document will be placed on vote to become an ETSI standard, with the future option to seek acceptance by other standard bodies. Comments may be sent to the EL-SIGN mailing list. Before sending a message to the list, you need to subcribe to that mailing list: copy and paste the following command in the body of a message: SUBSCRIBE EL-SIGN (First and Last name) replace "first and last name" with your name and send it to: LISTSERV@LIST.ETSI.FR Then you may send a message to the list at : EL-SIGN@LIST.ETSI.FR Mail archive are available at: http://list.etsi.fr/el-sign.html The web page from ETSI on Electronic Signature (ES) Standardisation is: http://www.etsi.org/sec/el-sign.htm About ETSI SEC ETSI SEC is the technical body within ETSI carrying the main responsibility for security infrastructures and services in the telecom environment. As such, ETSI SEC devotes special interest to interoperability issues at the communication and transaction levels as well as to relevant aspects of trust relationships. One of the ETSI SEC working groups, the Electronic Signature and Infrastructures (ESI) WG is in charge of present and future ETSI activities related to the EESSI work program. Received: (from majordomo@localhost) by mail.imc.org (8.9.3/8.9.3) id CAA21341 for ietf-smime-bks; Wed, 29 Sep 1999 02:37:27 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.8.31]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id CAA21337 for <ietf-smime@imc.org>; Wed, 29 Sep 1999 02:37:21 -0700 (PDT) Received: from bull.net (frcls6118.frcl.bull.fr [129.182.109.213]) by clbull.frcl.bull.fr (8.9.2/8.9.1) with ESMTP id JAA24702; Mon, 27 Sep 1999 09:48:37 +0200 Message-ID: <37EF2F53.6C9D34F8@bull.net> Date: Mon, 27 Sep 1999 09:48:19 +0100 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.06 [fr] (Win95; I) MIME-Version: 1.0 To: S-MIME / IETF <ietf-smime@imc.org>, Denis Pinkas <Denis.Pinkas@bull.net> Subject: Call for Comments on draft ETSI Electronic Signature Standard Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Call for Comments on draft ETSI Electronic Signature Standard Note: This message is posted to the following IETF mailing lists: PKIX: ietf-pkix@imc.org S-MIME: ietf-smime@imc.org XML DIG-SIG: w3c-ietf-xmldsig@w3.org If you subscribed to these mailing lists, you will receive the message for each of them. Sorry for the inconvenience. ETSI has issued the draft "Electronic signature standardisation for business transactions", ETSI ES 201 733 for a last round of comments, before asking its members to vote on the document. The draft standard (108 pages - 428 ko) is available from: http://docbox.etsi.org/tech-org/security/open/el-sign/Draft_ES_201733_v-1-1-3.pdf The document has been developed by the ETSI SEC working group on Electronic Signature and Infrastructures, as part of the European Electronic Signature Standardisation Initiative (EESSI). It is issued as a draft ETSI standard for a last round of comments. Scope and contents of the draft The aim of the document is to provide specifications so as to allow for full compatibility of secure business transactions with regard to electronic signatures. It covers all types of business transactions, between an individual and a company, between two companies, between an individual and a governmental body, etc... Being independent of any platform, it can be applied to any environment, such as smart cards, GSM SIM cards, etc. Business actors, using different products, will be able to complete secure transactions by relying on the standard in order to create, read, interpret and validate electronic signatures. The standard offers simple and more advanced forms of signatures according to the signature policy, the latter in order to meet requirements of long-term validity. The document defines: · Formats for various forms of Electronic Signatures, · An experimental format for Signature Policies. The format of Electronic Signatures uses the existing Cryptographic Message Syntax (CMS), as defined in RFC 2630, and Enhanced Security Services (ESS), as defined in RFC 2634. It uses signed and unsigned attributes defined in CMS, ESS and the present document. The signature policy is a set of rules for the creation and validation of an electronic signature, under which the signature can be determined to be valid. It may be defined in free text or using formal syntax and semantic. In the first case the validation of an Electronic Signature may be done using a specific validation box that must conform to the description of the signature policy while in the second case the validation may be done using a generic validation box able to process any signature policy. Informative annexes describe: · an example structured content, · the relationship between the present document and the European draft directive on electronic signature and associated standardisation initiatives, · APIs to support the generation and the verification of electronic signatures, · Cryptographic algorithms that may be used, · Guidance on naming. In order to get a broader feedback from the technical and business communities ETSI has chosen to place the document in the public domain for comments rather than to limit it to its membership. Comments are welcome until October 31, 1999. After processing the comments the document will be placed on vote to become an ETSI standard, with the future option to seek acceptance by other standard bodies. Comments may be sent to the EL-SIGN mailing list. Before sending a message to the list, you need to subcribe to that mailing list: copy and paste the following command in the body of a message: SUBSCRIBE EL-SIGN (First and Last name) replace "first and last name" with your name and send it to: LISTSERV@LIST.ETSI.FR Then you may send a message to the list at : EL-SIGN@LIST.ETSI.FR Mail archive are available at: http://list.etsi.fr/el-sign.html The web page from ETSI on Electronic Signature (ES) Standardisation is: http://www.etsi.org/sec/el-sign.htm About ETSI SEC ETSI SEC is the technical body within ETSI carrying the main responsibility for security infrastructures and services in the telecom environment. As such, ETSI SEC devotes special interest to interoperability issues at the communication and transaction levels as well as to relevant aspects of trust relationships. One of the ETSI SEC working groups, the Electronic Signature and Infrastructures (ESI) WG is in charge of present and future ETSI activities related to the EESSI work program. Received: by mail.imc.org (8.9.3/8.9.3) id GAA27244 for ietf-smime-bks; Tue, 28 Sep 1999 06:41:26 -0700 (PDT) Received: from mail.bcbsfl.com ([157.174.220.105]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id GAA27240 for <ietf-smime@imc.org>; Tue, 28 Sep 1999 06:41:25 -0700 (PDT) Received: from 157.174.228.220 by mail.bcbsfl.com with ESMTP (Blue Cross Blue Shield of Florida SMTP Relay(WSS) v3.2 SR1); Tue, 28 Sep 99 09:41: 12 -0400 X-Server-Uuid: ce89229e-6f44-11d2-930e-00805f65671f Received: from 157.174.149.239 by wsse.bcbsfl.com with ESMTP (Blue Cross Blue Shield of Florida SMTP Relay(WSS) v3.2 SR1); Tue, 28 Sep 99 09:42: 45 -0400 X-Server-Uuid: 1f3d01f6-3236-11d2-8b2f-00c04f971bc8 X-Server-Uuid: 25439fb6-7579-11d1-978b-00a024cc3d5c Message-ID: <15AEF342B608D31182A70008C7CF7896C8A28B@cp502msg01.bcbsfl.com> From: "Ward, Jon" <Jon.Ward@bcbsfl.com> To: "'Gert Heidema'" <Gert.Heidema@softcon.nl>, "'Goddard, Daniel E (Dan), GOVMK '" <degoddard@att.com>, "'ietf-smime@imc.org '" <ietf-smime@imc.org> Subject: RE: S/MIME version 3 email software Date: Tue, 28 Sep 1999 09:41:34 -0400 MIME-Version: 1.0 X-WSS-ID: 1BEE1A05104714-01-02 X-WSS-ID: 1BEE1A5F78021-01-02 X-WSS-ID: 1BEE1AF27878-01-02 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> If I'm not mistaken, most of the commercially available clients support S/MIME 3. Microsoft Outlook 2000, 98, Outlook Express 4 and 5, Netscape Communicator, WorldTalk S/MIME Everywhere client should as well. I know for sure that they all support S/MIME, but I am not sure about the exact version number. They do support the Certificate Revocation List and Chain Trusts. Let me know if these are what you're looking for. Jon -----Original Message----- From: Gert Heidema [mailto:Gert.Heidema@softcon.nl] Sent: Tuesday, September 28, 1999 3:31 AM To: 'Goddard, Daniel E (Dan), GOVMK '; 'ietf-smime@imc.org ' Subject: RE: S/MIME version 3 email software I have not yet found S/MIME V3 software. Asking around, the suppliers asked me what features are most wanted. My answer would be CRL checking and chain trusts. What other features are you looking for? Best regards, Gert Heidema Manager Consultancy Services Software Connection BV The Netherlands -----Original Message----- From: Goddard, Daniel E (Dan), GOVMK To: ietf-smime@imc.org Sent: 24-9-99 18:38 Subject: S/MIME version 3 email software Does anyone know of any email software that is available that supports S/MIME version 3? I found that a similar question was posted on June 18th. Thanks in advance, Dan Goddard AT&T Information Security Center Received: by mail.imc.org (8.9.3/8.9.3) id FAA26696 for ietf-smime-bks; Tue, 28 Sep 1999 05:48:34 -0700 (PDT) Received: from mail.maxware.nl (mail.maxware.nl [195.193.216.130]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id FAA26692 for <ietf-smime@imc.org>; Tue, 28 Sep 1999 05:48:32 -0700 (PDT) X-Internal-ID: 37F0903700000031 Received: from taita.maxware.nl (195.193.216.133) by mail.maxware.nl (NPlex 2.0.098); 28 Sep 1999 14:53:29 +0200 Message-ID: <00cb01bf09af$e8e4d1a0$85d8c1c3@maxware.nl> From: "Frank W. Nolden" <frank.nolden@maxware.nl> To: "Gert Heidema" <Gert.Heidema@softcon.nl>, "'Goddard, Daniel E (Dan), GOVMK '" <degoddard@att.com>, <ietf-smime@imc.org> References: <E03D41486F80D111B73C00805FBC72370112C0@sc002.softcon.nl> Subject: Re: S/MIME version 3 email software Date: Tue, 28 Sep 1999 14:49:31 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> I have heared that Baltimore has their Mail Toolkit available for S/MIME version 3. Then sometime later (early next year) they will definitely have their MailSecure product ready for S/MIME version 3. At least that is what they told me :-) Regards, Frank W. Nolden MaXware Benelux B.V. Tel: +31 20 45 29 650 Fax: +31 20 45 29 161 Mobile: +31 65 12 22 530 Personal Fax: +31 20 88 22 425 GSM Mail: +31651222530@gin.nl ICQ: 48123368 Web: http://www.maxware.nl ----- Original Message ----- From: Gert Heidema <Gert.Heidema@softcon.nl> To: 'Goddard, Daniel E (Dan), GOVMK ' <degoddard@att.com>; <ietf-smime@imc.org> Sent: Tuesday, September 28, 1999 09:30 Subject: RE: S/MIME version 3 email software > I have not yet found S/MIME V3 software. Asking around, the suppliers asked > me what features are most wanted. > My answer would be CRL checking and chain trusts. > What other features are you looking for? > > Best regards, > > Gert Heidema > Manager Consultancy Services > Software Connection BV > The Netherlands > > > -----Original Message----- > From: Goddard, Daniel E (Dan), GOVMK > To: ietf-smime@imc.org > Sent: 24-9-99 18:38 > Subject: S/MIME version 3 email software > > Does anyone know of any email software that is available > that supports S/MIME version 3? > I found that a similar question was posted on June 18th. > > Thanks in advance, > > Dan Goddard > AT&T Information Security Center > > Received: by mail.imc.org (8.9.3/8.9.3) id AAA19165 for ietf-smime-bks; Tue, 28 Sep 1999 00:21:00 -0700 (PDT) Received: from alphatje.NL.net (alphatje.NL.net [193.79.237.10]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id AAA19161 for <ietf-smime@imc.org>; Tue, 28 Sep 1999 00:20:58 -0700 (PDT) Received: from mail.softcon.nl ([194.229.104.66]:8972 "HELO mail.softcon.nl" ident: "NO-IDENT-SERVICE[2]") by alphatje.NL.net with SMTP id <230482-25153>; Tue, 28 Sep 1999 09:21:35 +0200 X-Server-Uuid: 425c9306-bb4c-11d2-8e5f-00aa000a5cae Message-ID: <E03D41486F80D111B73C00805FBC72370112C0@sc002.softcon.nl> From: "Gert Heidema" <Gert.Heidema@softcon.nl> To: "'Goddard, Daniel E (Dan), GOVMK '" <degoddard@att.com>, "'ietf-smime@imc.org '" <ietf-smime@imc.org> Subject: RE: S/MIME version 3 email software Date: Tue, 28 Sep 1999 09:30:42 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> X-WSS-ID: 1BEEB2853175-01-02 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> I have not yet found S/MIME V3 software. Asking around, the suppliers asked me what features are most wanted. My answer would be CRL checking and chain trusts. What other features are you looking for? Best regards, Gert Heidema Manager Consultancy Services Software Connection BV The Netherlands -----Original Message----- From: Goddard, Daniel E (Dan), GOVMK To: ietf-smime@imc.org Sent: 24-9-99 18:38 Subject: S/MIME version 3 email software Does anyone know of any email software that is available that supports S/MIME version 3? I found that a similar question was posted on June 18th. Thanks in advance, Dan Goddard AT&T Information Security Center Received: by mail.proper.com (8.9.3/8.9.3) id JAA19638 for ietf-smime-bks; Fri, 24 Sep 1999 09:34:47 -0700 (PDT) Received: from ckmso1.proxy.att.com (ckmso1.att.com [12.20.58.69]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id JAA19634 for <ietf-smime@imc.org>; Fri, 24 Sep 1999 09:34:45 -0700 (PDT) Received: from njb140r1.ems.att.com ([135.65.202.58]) by ckmso1.proxy.att.com (AT&T IPNS/MSO-2.2) with ESMTP id MAA15779 for <ietf-smime@imc.org>; Fri, 24 Sep 1999 12:38:23 -0400 (EDT) Received: from njb140bh1.ems.att.com by njb140r1.ems.att.com (8.8.8+Sun/ATTEMS-1.4.1 sol2) id MAA05756; Fri, 24 Sep 1999 12:38:03 -0400 (EDT) Received: by NJB140BH1 with Internet Mail Service (5.5.2448.0) id <TRPTTTR8>; Fri, 24 Sep 1999 12:38:23 -0400 Message-ID: <69DF65A5123DD211999E0000C0CC9CFA032C91B6@njb140po05.ems.att.com> From: "Goddard, Daniel E (Dan), GOVMK" <degoddard@att.com> To: ietf-smime@imc.org Subject: S/MIME version 3 email software Date: Fri, 24 Sep 1999 12:38:22 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Does anyone know of any email software that is available that supports S/MIME version 3? I found that a similar question was posted on June 18th. Thanks in advance, Dan Goddard AT&T Information Security Center Received: (from majordomo@localhost) by mail.proper.com (8.9.3/8.9.3) id IAA04078 for ietf-smime-bks; Tue, 21 Sep 1999 08:55:43 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.82.195]) by mail.proper.com (8.9.3/8.9.3) with SMTP id IAA04074 for <ietf-smime@imc.org>; Tue, 21 Sep 1999 08:55:42 -0700 (PDT) Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Tue, 21 Sep 1999 09:59:03 -0600 Message-Id: <s7e756e7.012@prv-mail20.provo.novell.com> X-Mailer: Novell GroupWise 5.5.2 Date: Tue, 21 Sep 1999 09:58:55 -0600 From: "Robert Jueneman" <BJUENEMAN@novell.com> To: <michael.hallgren@fisystem.fr>, <ietf-smime@imc.org> Subject: Re: Mail Services Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=_44129957.2746229D" Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=_44129957.2746229D Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline You might want to look at the results of the RSA S/MIME interoperability = tests, posted at http://www.rsasecurity.com/standards/smime/interop_center.html. I don't see them listed there. Bob >>> "Michael Hallgren" <michael.hallgren@fisystem.fr> 09/20/99 05:16AM >>> Hi, Could someone confirm that SoftArcs FirsClass clients are S/MIME compatible= ? Cheers mh > Hi Michael > > > I'm not completely sure what it really is you want to do, but I hope = I'm > > soon going to send automatically created (content and addresses from = DB, > > cert/keys from a .p12 file (according to PKCS 12)) S/MIME messages via = a > > normal SMTP server. > > I'm using a full strength Java Cryptography Extension reimplementation > > and an S/MIME package available from: > > > > http://jcewww.iaik.tu-graz.ac.at > > > > ' hope this is helpful :) > > > Sure is. I went to take a look. It seems to be exactly what I'm looking for > (up to possible licensing > issues). > > Thanks > > Cheers > > mh > > > > > > Michael > > > > > > Michael Hallgren wrote: > > > > > > Hi, > > > > > > Might be somewhat out of track, but I'd appreciate to get a lead for = a > > > decision ;) > > > > > > I'm reflecting on an SMTP service sending S/MIME encoded mail. The > public > > > cert's > > > should be retreived from a directory service and the mail generated = by > an > > > automat > > > (upon stimuli) rather than a desktop mail client (no manual interaction, > > > that is). > > > > > > Now, I was tempted to make use of the SFL libraries, and implementing= > the > > > service > > > over OSS. However, I'm living and working in France... ... > > > > > > So, I'm now reflecting on comercially offer's. What about the SIMS (Sun) > > > Entrust/PKI > > > couple. Has anyone sucessfully tried it out for some similar > implementation > > > ? Any > > > advice ? > > > > > > Cheers > > > > > > mh > > > -- > > > Michael Hallgren, http://m.hallgren.free.fr > > > > > > Always make mistakes. > > > > > > - E Dyson > > > > -- > > > > PIRONET INTRANET AG > > Michael Probst - SBU Services > > Im Mediapark 5 - 50670 Cologne - Germany > > Tel.: +49 (0)221 454 3771 - Fax: +49 (0)221 454 3710 > > mailto:mprobst@pironet.com - http://www.pironet.com > > > > --=_44129957.2746229D Content-Type: TEXT/HTML Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="TEXT.htm" PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWlz by04ODU5LTEiIGh0dHAtZXF1aXY9Q29udGVudC1UeXBlPg0KPE1FVEEgY29udGVudD0iTVNIVE1M IDUuMDAuMjYxNC4zNDAxIiBuYW1lPUdFTkVSQVRPUj48L0hFQUQ+DQo8Qk9EWSBiZ0NvbG9yPSNm ZmZmZmYgDQpzdHlsZT0iRk9OVDogMTBwdCBBcmlhbDsgTUFSR0lOLUxFRlQ6IDJweDsgTUFSR0lO LVRPUDogMnB4Ij4NCjxESVY+WW91IG1pZ2h0IHdhbnQgdG8gbG9vayBhdCB0aGUgcmVzdWx0cyBv ZiB0aGUgUlNBIFMvTUlNRSBpbnRlcm9wZXJhYmlsaXR5IA0KdGVzdHMsPC9ESVY+DQo8RElWPnBv c3RlZCBhdCA8QSANCmhyZWY9Imh0dHA6Ly93d3cucnNhc2VjdXJpdHkuY29tL3N0YW5kYXJkcy9z bWltZS9pbnRlcm9wX2NlbnRlci5odG1sIj5odHRwOi8vd3d3LnJzYXNlY3VyaXR5LmNvbS9zdGFu ZGFyZHMvc21pbWUvaW50ZXJvcF9jZW50ZXIuaHRtbDwvQT4uPC9ESVY+DQo8RElWPiZuYnNwOzwv RElWPg0KPERJVj5JIGRvbid0IHNlZSB0aGVtIGxpc3RlZCB0aGVyZS48L0RJVj4NCjxESVY+Jm5i c3A7PC9ESVY+DQo8RElWPkJvYjxCUj48QlI+Jmd0OyZndDsmZ3Q7ICJNaWNoYWVsIEhhbGxncmVu IiANCiZsdDttaWNoYWVsLmhhbGxncmVuQGZpc3lzdGVtLmZyJmd0OyAwOS8yMC85OSAwNToxNkFN IA0KJmd0OyZndDsmZ3Q7PEJSPjxCUj5IaSw8QlI+PEJSPkNvdWxkIHNvbWVvbmUgY29uZmlybSB0 aGF0IFNvZnRBcmNzIEZpcnNDbGFzcyANCmNsaWVudHMgYXJlIFMvTUlNRSBjb21wYXRpYmxlPEJS Pj88QlI+PEJSPkNoZWVyczxCUj48QlI+bWg8QlI+PEJSPjxCUj4mZ3Q7IEhpIA0KTWljaGFlbDxC Uj4mZ3Q7PEJSPiZndDsgJmd0OyBJJ20gbm90IGNvbXBsZXRlbHkgc3VyZSB3aGF0IGl0IHJlYWxs eSBpcyB5b3Ugd2FudCANCnRvIGRvLCBidXQgSSBob3BlIEknbTxCUj4mZ3Q7ICZndDsgc29vbiBn b2luZyB0byBzZW5kIGF1dG9tYXRpY2FsbHkgY3JlYXRlZCANCihjb250ZW50IGFuZCBhZGRyZXNz ZXMgZnJvbSBEQiw8QlI+Jmd0OyAmZ3Q7IGNlcnQva2V5cyBmcm9tIGEgLnAxMiBmaWxlIA0KKGFj Y29yZGluZyB0byBQS0NTIDEyKSkgUy9NSU1FIG1lc3NhZ2VzIHZpYSBhPEJSPiZndDsgJmd0OyBu b3JtYWwgU01UUCANCnNlcnZlci48QlI+Jmd0OyAmZ3Q7IEknbSB1c2luZyBhIGZ1bGwgc3RyZW5n dGggSmF2YSBDcnlwdG9ncmFwaHkgRXh0ZW5zaW9uIA0KcmVpbXBsZW1lbnRhdGlvbjxCUj4mZ3Q7 ICZndDsgYW5kIGFuIFMvTUlNRSBwYWNrYWdlIGF2YWlsYWJsZSBmcm9tOjxCUj4mZ3Q7IA0KJmd0 OzxCUj4mZ3Q7ICZndDsgPEEgDQpocmVmPSJodHRwOi8vamNld3d3LmlhaWsudHUtZ3Jhei5hYy5h dCI+aHR0cDovL2pjZXd3dy5pYWlrLnR1LWdyYXouYWMuYXQ8L0E+PEJSPiZndDsgDQomZ3Q7PEJS PiZndDsgJmd0OyAnIGhvcGUgdGhpcyBpcyBoZWxwZnVsIDopPEJSPiZndDs8QlI+Jmd0OzxCUj4m Z3Q7IFN1cmUgaXMuIEkgDQp3ZW50IHRvIHRha2UgYSBsb29rLiBJdCBzZWVtcyB0byBiZSBleGFj dGx5IHdoYXQgSSdtIGxvb2tpbmc8QlI+Zm9yPEJSPiZndDsgKHVwIA0KdG8gcG9zc2libGUgbGlj ZW5zaW5nPEJSPiZndDsgaXNzdWVzKS48QlI+Jmd0OzxCUj4mZ3Q7IFRoYW5rczxCUj4mZ3Q7PEJS PiZndDsgDQpDaGVlcnM8QlI+Jmd0OzxCUj4mZ3Q7IG1oPEJSPiZndDs8QlI+Jmd0OzxCUj4mZ3Q7 ICZndDs8QlI+Jmd0OyAmZ3Q7IA0KTWljaGFlbDxCUj4mZ3Q7ICZndDs8QlI+Jmd0OyAmZ3Q7PEJS PiZndDsgJmd0OyBNaWNoYWVsIEhhbGxncmVuIHdyb3RlOjxCUj4mZ3Q7IA0KJmd0OyAmZ3Q7PEJS PiZndDsgJmd0OyAmZ3Q7IEhpLDxCUj4mZ3Q7ICZndDsgJmd0OzxCUj4mZ3Q7ICZndDsgJmd0OyBN aWdodCBiZSANCnNvbWV3aGF0IG91dCBvZiB0cmFjaywgYnV0IEknZCBhcHByZWNpYXRlIHRvIGdl dCBhIGxlYWQgZm9yIGE8QlI+Jmd0OyAmZ3Q7ICZndDsgDQpkZWNpc2lvbiA7KTxCUj4mZ3Q7ICZn dDsgJmd0OzxCUj4mZ3Q7ICZndDsgJmd0OyBJJ20gcmVmbGVjdGluZyBvbiBhbiBTTVRQIA0Kc2Vy dmljZSBzZW5kaW5nIFMvTUlNRSBlbmNvZGVkIG1haWwuIFRoZTxCUj4mZ3Q7IHB1YmxpYzxCUj4m Z3Q7ICZndDsgJmd0OyANCmNlcnQnczxCUj4mZ3Q7ICZndDsgJmd0OyBzaG91bGQgYmUgcmV0cmVp dmVkIGZyb20gYSBkaXJlY3Rvcnkgc2VydmljZSBhbmQgdGhlIA0KbWFpbCBnZW5lcmF0ZWQgYnk8 QlI+Jmd0OyBhbjxCUj4mZ3Q7ICZndDsgJmd0OyBhdXRvbWF0PEJSPiZndDsgJmd0OyAmZ3Q7ICh1 cG9uIA0Kc3RpbXVsaSkgcmF0aGVyIHRoYW4gYSBkZXNrdG9wIG1haWwgY2xpZW50IChubyBtYW51 YWw8QlI+aW50ZXJhY3Rpb24sPEJSPiZndDsgDQomZ3Q7ICZndDsgdGhhdCBpcykuPEJSPiZndDsg Jmd0OyAmZ3Q7PEJSPiZndDsgJmd0OyAmZ3Q7IE5vdywgSSB3YXMgdGVtcHRlZCB0byANCm1ha2Ug dXNlIG9mIHRoZSBTRkwgbGlicmFyaWVzLCBhbmQgaW1wbGVtZW50aW5nPEJSPiZndDsgdGhlPEJS PiZndDsgJmd0OyAmZ3Q7IA0Kc2VydmljZTxCUj4mZ3Q7ICZndDsgJmd0OyBvdmVyIE9TUy4gSG93 ZXZlciwgSSdtIGxpdmluZyBhbmQgd29ya2luZyBpbiBGcmFuY2UuLi4gDQouLi48QlI+Jmd0OyAm Z3Q7ICZndDs8QlI+Jmd0OyAmZ3Q7ICZndDsgU28sIEknbSBub3cgcmVmbGVjdGluZyBvbiBjb21l cmNpYWxseSANCm9mZmVyJ3MuIFdoYXQgYWJvdXQgdGhlIFNJTVM8QlI+KFN1bik8QlI+Jmd0OyAm Z3Q7ICZndDsgRW50cnVzdC9QS0k8QlI+Jmd0OyAmZ3Q7IA0KJmd0OyBjb3VwbGUuIEhhcyBhbnlv bmUgc3VjZXNzZnVsbHkgdHJpZWQgaXQgb3V0IGZvciBzb21lIHNpbWlsYXI8QlI+Jmd0OyANCmlt cGxlbWVudGF0aW9uPEJSPiZndDsgJmd0OyAmZ3Q7ID8gQW55PEJSPiZndDsgJmd0OyAmZ3Q7IGFk dmljZSA/PEJSPiZndDsgJmd0OyANCiZndDs8QlI+Jmd0OyAmZ3Q7ICZndDsgQ2hlZXJzPEJSPiZn dDsgJmd0OyAmZ3Q7PEJSPiZndDsgJmd0OyAmZ3Q7IG1oPEJSPiZndDsgDQomZ3Q7ICZndDsgLS08 QlI+Jmd0OyAmZ3Q7ICZndDsgTWljaGFlbCBIYWxsZ3JlbiwgPEEgDQpocmVmPSJodHRwOi8vbS5o YWxsZ3Jlbi5mcmVlLmZyIj5odHRwOi8vbS5oYWxsZ3Jlbi5mcmVlLmZyPC9BPjxCUj4mZ3Q7ICZn dDsgDQomZ3Q7PEJSPiZndDsgJmd0OyANCiZndDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgDQpBbHdheXMgbWFrZSBtaXN0YWtl cy48QlI+Jmd0OyAmZ3Q7ICZndDs8QlI+Jmd0OyAmZ3Q7IA0KJmd0OyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyANCi0gRSBEeXNvbjxCUj4mZ3Q7 ICZndDs8QlI+Jmd0OyAmZ3Q7IC0tPEJSPiZndDsgJmd0OzxCUj4mZ3Q7ICZndDsgUElST05FVCAN CklOVFJBTkVUIEFHPEJSPiZndDsgJmd0OyBNaWNoYWVsIFByb2JzdCAtIFNCVSBTZXJ2aWNlczxC Uj4mZ3Q7ICZndDsgSW0gTWVkaWFwYXJrIA0KNSAtIDUwNjcwIENvbG9nbmUgLSBHZXJtYW55PEJS PiZndDsgJmd0OyBUZWwuOiArNDkgKDApMjIxIDQ1NCAzNzcxIC0gRmF4OiArNDkgDQooMCkyMjEg NDU0IDM3MTA8QlI+Jmd0OyAmZ3Q7IG1haWx0bzptcHJvYnN0QHBpcm9uZXQuY29tIC0gPEEgDQpo cmVmPSJodHRwOi8vd3d3LnBpcm9uZXQuY29tIj5odHRwOi8vd3d3LnBpcm9uZXQuY29tPC9BPjxC Uj4mZ3Q7IA0KJmd0OzxCUj4mZ3Q7PEJSPiZndDs8QlI+PEJSPjwvRElWPjwvQk9EWT48L0hUTUw+ --=_44129957.2746229D-- Received: by mail.proper.com (8.9.3/8.9.3) id EAA11960 for ietf-smime-bks; Mon, 20 Sep 1999 04:14:02 -0700 (PDT) Received: from mx2.imaginet.fr (artemis.imaginet.fr [195.68.75.24]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id EAA11955 for <ietf-smime@imc.org>; Mon, 20 Sep 1999 04:14:00 -0700 (PDT) Received: from corpo01.imaginet.fr (corpo01.imaginet.fr [195.68.75.105]) by mx2.imaginet.fr (8.9.3/8.8.8) with ESMTP id NAA07895 for <ietf-smime@imc.org>; Mon, 20 Sep 1999 13:17:17 +0200 (MET DST) Received: from roam (janus.fisystem.fr [195.68.32.60]) by corpo01.imaginet.fr (8.8.8/8.8.8) with SMTP id NAA00142 for <ietf-smime@imc.org>; Mon, 20 Sep 1999 13:16:59 +0200 (MET DST) Message-ID: <014901bf0359$a5cb4cc0$b8014b0a@fisystem.fr> From: "Michael Hallgren" <michael.hallgren@fisystem.fr> To: <ietf-smime@imc.org> References: <01cb01bef611$bd05bf60$b8014b0a@fisystem.fr> <37CFE1D3.DC80D7DE@pironet.com> <001201bef620$88ebe560$b8014b0a@fisystem.fr> Subject: Re: Mail Services Date: Mon, 20 Sep 1999 13:16:55 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Hi, Could someone confirm that SoftArcs FirsClass clients are S/MIME compatible ? Cheers mh > Hi Michael > > > I'm not completely sure what it really is you want to do, but I hope I'm > > soon going to send automatically created (content and addresses from DB, > > cert/keys from a .p12 file (according to PKCS 12)) S/MIME messages via a > > normal SMTP server. > > I'm using a full strength Java Cryptography Extension reimplementation > > and an S/MIME package available from: > > > > http://jcewww.iaik.tu-graz.ac.at > > > > ' hope this is helpful :) > > > Sure is. I went to take a look. It seems to be exactly what I'm looking for > (up to possible licensing > issues). > > Thanks > > Cheers > > mh > > > > > > Michael > > > > > > Michael Hallgren wrote: > > > > > > Hi, > > > > > > Might be somewhat out of track, but I'd appreciate to get a lead for a > > > decision ;) > > > > > > I'm reflecting on an SMTP service sending S/MIME encoded mail. The > public > > > cert's > > > should be retreived from a directory service and the mail generated by > an > > > automat > > > (upon stimuli) rather than a desktop mail client (no manual interaction, > > > that is). > > > > > > Now, I was tempted to make use of the SFL libraries, and implementing > the > > > service > > > over OSS. However, I'm living and working in France... ... > > > > > > So, I'm now reflecting on comercially offer's. What about the SIMS (Sun) > > > Entrust/PKI > > > couple. Has anyone sucessfully tried it out for some similar > implementation > > > ? Any > > > advice ? > > > > > > Cheers > > > > > > mh > > > -- > > > Michael Hallgren, http://m.hallgren.free.fr > > > > > > Always make mistakes. > > > > > > - E Dyson > > > > -- > > > > PIRONET INTRANET AG > > Michael Probst - SBU Services > > Im Mediapark 5 - 50670 Cologne - Germany > > Tel.: +49 (0)221 454 3771 - Fax: +49 (0)221 454 3710 > > mailto:mprobst@pironet.com - http://www.pironet.com > > > > Received: (from majordomo@localhost) by mail.proper.com (8.9.3/8.9.3) id DAA04359 for ietf-smime-bks; Sat, 18 Sep 1999 03:48:21 -0700 (PDT) Received: from MAIL.NETCOM.COM (HSE-OTT-ppp30091.sympatico.ca [209.226.112.16]) by mail.proper.com (8.9.3/8.9.3) with SMTP id DAA03299; Sat, 18 Sep 1999 03:45:41 -0700 (PDT) From: Winning@computers.com Subject: Wealth at once!! Date: Sat, 18 Sep 1999 03:08:18 Message-Id: <777.184907.171185@MAIL.NETCOM.COM> Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> This is a one time message, if it reached you by mistake please accept my apologies, disregard and delete. Thank you. Dear Entrepreneur: Please take the time to read this. It can start you on the road to an easier life as an internet businessman/woman. Thank you. EBIZ = 1,2,3...4 CASH! 1. READ THIS ALL THE WAY THROUGH! 2. FOLLOW THE INSTRUCTIONS! 3. GO BUY A BIG BAG... 4. ALL THE CASH! THE PROGRAM $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ INCREDIBLE $0 to $50,000 in 90 days!!! Dear Friend, You can earn $50,000 or more in next the 90 days sending e-mail. Seem impossible? Read on for details. "AS SEEN ON NATIONAL TV" Thank you for your time and interest. This is the letter you've been reading about in the news lately. Due to the popularity of this letter on the Internet, a major nightly news program recently devoted an entire show to the investigation of the program described below to see if it really can make people money. The show also investigated whether or not the program was legal. Their findings proved once and for all that there are absolutely no laws prohibiting the participation in the program. This has helped to show people that this is a simple, harmless and fun way to make some extra money at home. The results of this show have been truly remarkable. So many people are participating that those involved are doing much better than ever before. Since everyone makes more as more people try it out, it's been very exciting to be a part of it lately. You will understand once you experience it. HERE IT IS BELOW: *** Print This Now For Future Reference *** The following income opportunity is one you may be interested in taking a look at. It can be started with VERY LITTLE investment and the income return is TREMENDOUS!!! $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ If you would like to make at least $50,000 in less than 90 days ! Please read the enclosed program...THEN READ IT AGAIN!!! $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ THIS IS A LEGITIMATE, LEGAL, MONEY MAKING OPPORTUNITY. It does not require you to come into contact with people, do any hard work, and best of all, you never have to leave the house except to get the mail. If you believe that someday you'll get that big break that you've been waiting for, THIS IS IT! Simply follow the instructions, and your dreams will come true. This multi-level e-mail order marketing program works perfectly...100% EVERY TIME. E-mail is the sales tool of the future. Take advantage of this non-commercialized method of advertising NOW!!! The longer you wait, the more people will be doing business using e-mail. Get your piece of this action!!! MULTI-LEVEL MARKETING (MLM) has finally gained respectability. It is being taught in the Harvard Business School, and both Stanford Research and the Wall Street Journal have stated that between 50% and 65% of all goods and services will be sold through multi-level methods by the mid to late 1990's. This is a Multi-Billion Dollar industry and of the 500,000 millionaires in the U.S., 20% (100,000) made their fortune in the last several years in MLM. Moreover, statistics show 45 people become millionaires everyday through Multi-Level Marketing. You may have heard this story before, but over the summer Donald Trump made an appearance on the David Letterman show. Dave asked him what he would do if he lost everything and had to start over from scratch. Without hesitating, Trump said he would find a good network marketing company and get to work. The audience started to hoot and boo him. He looked out at the audience and dead-panned his response: "That's why I'm sitting up here and you are all sitting out there!" The enclosed information is something I almost let slip through my fingers. Fortunately, sometime later I re-read everything and gave some thought and study to it. My name is Johnathon Rourke. Two years ago, the corporation I worked at for the past twelve years down-sized and my position was eliminated. After unproductive job interviews, I decided to open my own business. Over the past year, I incurred many unforeseen financial problems. I owed my family, friends and creditors over $35,000. The economy was taking a toll on my business and I just couldn't seem to make ends meet. I had to refinance and borrow against my home to support my family and struggling business. AT THAT MOMENT something significant happened in my life and I am writing to share the experience in hopes that this will change your life FOREVER FINANCIALLY!!! In mid December, I received this program via e-mail. Six month's prior to receiving this program I had been sending away for information on various business opportunities. All of the programs I received, in my opinion, were not cost effective. They were either too difficult for me to comprehend or the initial investment was too much for me to risk to see if they would work or not. One claimed that I would make a million dollars in one year...it didn't tell me I'd have to write a book to make it! But like I was saying, in December of 1997 I received this program. I didn't send for it, or ask for it, they just got my name off a mailing list. THANK GOODNESS FOR THAT!!! After reading it several times, to make sure I was reading it correctly, I couldn't believe my eyes. Here was a MONEY MAKING PHENOMENON. I could invest as much as I wanted to start, without putting me further into debt. After I got a pencil and paper and figured it out, I would at least get my money back. But like most of you I was still a little sceptical and a little worried about the legal aspects of it all. So I checked it out with the U.S. Post Office (1-800-725-2161 24-hrs) and they confirmed that it is indeed legal! After determining the program was LEGAL and NOT A CHAIN LETTER, I decided "WHY NOT." Initially I sent out 10,000 e-mails. It cost me about $15 for my time on-line. The great thing about e-mail is that I don't need any money for printing to send out the program, and because all of my orders are fulfilled via e-mail, my only expense is my time. I am telling you like it is I hope it doesn't turn you off, but I promised myself that I would not "rip-off" anyone, no matter how much money it made me. In less than one week, I was starting to receive orders for REPORT #1 By January 13, I had received 26 orders for REPORT #1. Your goal is to "RECEIVE at least 20 ORDERS FOR REPORT #1 WITHIN 2 WEEKS. IF YOU DON'T, SEND OUT MORE PROGRAMS UNTIL YOU DO!" My first step in making $50,000 in 90 days was done. By January 30, I had received 196 orders for REPORT #2. Your goal is to "RECEIVE AT LEAST 100+ ORDERS FOR REPORT #2 WITHIN 2 WEEKS. IF NOT, SEND OUT MORE PROGRAMS UNTIL YOU DO. ONCE YOU HAVE 100 ORDERS, THE REST IS EASY, RELAX, YOU WILL MAKE YOUR $50,000 GOAL." Well, I had 196 orders for REPORT #2, 96 more than I needed. So I sat back and relaxed. By March 1, of my e-mailing of 10,000, I received $58,000 with more coming in every day. I paid off ALL my debts and bought a much needed new car. Please take time to read the attached program, IT WILL CHANGE YOUR LIFE FOREVER!! ! Remember, it won't work if you don't try it. This program does work , but you must follow it EXACTLY! Especially the rules of not trying to place your name in a different place. It won't work and you'll lose out on a lot of money! In order for this program to work, you must meet your goal of 20+ orders for REPORT #1, and 100+ orders for REPORT #2 and you will make $50,000 or more in 90 days. I AM LIVING PROOF THAT IT WORKS!!! If you choose not to participate in this program, I am sorry. It really is a great opportunity with little cost or risk to you. If you choose to participate, follow the program and you will be on your way to financial security. If you are a fellow business owner and are in financial trouble like I was, or you want to start your own business, consider this a sign. I DID! Sincerely, Johnathon Rourke A PERSONAL NOTE FROM THE ORIGINATOR OF THIS PROGRAM: By the time you have read the enclosed program and reports, you should have concluded that such a program, and one that is legal, could not have been created by an amateur. Let me tell you a little about myself. I had a profitable business for 10 years. Then in 1979 my business began falling off. I was doing the same things that were previously successful for me, but it wasn't working. Finally, I figured it out. It wasn't me, it was the economy. Inflation and recession had replaced the stable economy that had been with us since 1945.I don't have to tell you what happened to the unemployment rate... because many of you know from first hand experience. There were more failures and bankruptcies than ever before. The middle class was vanishing. Those who knew what they were doing invested wisely and moved up. Those who did not, including those who never had anything to save or invest, were moving down into the ranks of the poor. As the saying goes, "THE RICH GET RICHER AND THE POOR GET POORER." The traditional methods of making money will never allow you to "move up" or "get rich", inflation will see to that. You have just received information that can give you financial freedom for the rest of your life, with "NO RISK" and "JUST A LITTLE BIT OF EFFORT." You can make more money in the next few months than you have ever imagined. I should also point out that I will not see a penny of this money, nor anyone else who has provided a testimonial for this program. I have already made over 4 MILLION DOLLARS!I have retired from the program after sending thousands and thousands of programs. Follow the program EXACTLY AS INSTRUCTED. Do not change it in any way . It works exceedingly well as it is now. Remember to e-mail a copy of this exciting report to everyone you can think of. One of the people you send this to may send out 50,000...and your name will be on everyone of them! Remember though, the more you send out the more potential customers you will reach. So my friend, I have given you the ideas, information, materials and opportunity to become financially independent. IT IS UP TO YOU NOW! "THINK ABOUT IT" Before you delete this program from your mailbox, as I almost did, take a little time to read it and REALLY THINK ABOUT IT. Get a pencil and figure out what could happen when YOU participate. Figure out the worst possible response and no matter how you calculate it, you will still make a lot of money! You will definitely get back what you invested. Any doubts you have will vanish when your first orders come in. IT WORKS! Jody Jacobs, Richmond, VA HERE'S HOW THIS AMAZING PROGRAM WILL MAKE YOU THOUSANDS OF DOLLAR$ INSTRUCTIONS: This method of raising capital REALLY WORKS 100% EVERY TIME. I am sure that you could use up to $50,000 or more in the next 90 days. Before you say "BULL... ", please read this program carefully. This is not a chain letter, but a perfectly legal money making opportunity. Basically, this is what you do: As with all multi-level businesses, we build our business by recruiting new partners and selling our products. Every state in the USA allows you to recruit new multi-level business partners, and we offer a product for EVERY dollar sent. YOUR ORDERS COME BY MAIL AND ARE FILLED BY E-MAIL, so you are not involved in personal selling. You do it privately in your own home, store or office. This is the GREATEST Multi-Level Mail Order Marketing anywhere. This is what you MUST do: 1. Order all 4 reports shown on the list below (you can't sell them if you don't order them). * For each report, send $5.00 CASH, the NAME & NUMBER OF THE REPORT YOU ARE ORDERING, YOUR E-MAIL ADDRESS, and YOUR NAME & RETURN ADDRESS (in case of a problem) to the person whose name appears on the list next to the report. MAKE SURE YOUR RETURN ADDRESS IS ON YOUR ENVELOPE IN CASE OF ANY MAIL PROBLEMS! * When you place your order, make sure you order each of the four reports. You will need all four reports so that you can save them on your computer and resell them. * Within a few days you will receive, via e-mail, each of the four reports. Save them on your computer so they will be accessible for you to send to the 1,000's of people who will order them from you. 2. IMPORTANT DO NOT alter the names of the people who are listed next to each report, or their sequence on the list, in any way other than is instructed below in steps "a" through "f" or you will lose out on the majority of your profits. Once you understand the way this works, you'll also see how it doesn't work if you change it. Remember, this method has been tested, and if you alter it, it will not work. a. Look below for the listing of available reports. b. After you've ordered the four reports, take this advertisement and remove the name and address under REPORT #4. This person has made it through the cycle and is no doubt counting their $50,000! c. Move the name and address under REPORT #3 down to REPORT #4. d. Move the name and address under REPORT #2 down to REPORT #3. e. Move the name and address under REPORT #1 down to REPORT #2. f. Insert your name/address in the REPORT #1 position. Please make sure you COPY ALL INFORMATION, every name and address, ACCURATELY! 3. Take this entire letter, including the modified list of names, and save it to your computer. Make NO changes to the instruction portion of this letter. Your cost to participate in this is practically nothing (surely you can afford $20). You obviously already have an Internet connection and e-mail is FREE! There are two primary methods of building your downline: METHOD #1: SENDING BULK E-MAIL Let's say that you decide to start small, just to see how it goes, and we'll assume you and all those involved send out only 2,000 programs each. Let's also assume that the mailing receives a 0.5% response. Using a good list the response could be much better. Also, many people will send out hundreds of thousands of programs instead of 2,000. But continuing with this example, you send out only 2,000 programs. With a 0.5% response, that is only 10 orders for REPORT #1. Those 10 people respond by sending out 2,000 programs each for a total of 20,000. Out of those 0.5%, 100 people respond and order REPORT #2. Those 100 mail out 2,000 programs each for a total of 200,000. The 0.5% response to that is 1,000 orders for REPORT #3. Those 1,000 send out 2,000 programs each for a 2,000,000 total. The 0.5% response to that is 10,000 orders for REPORT #4. That's 10,000 $5 bills for you. CASH!!! Your total income in this example is $50 + $500 + $5,000 + $50,000 for a total of $55,550!!! REMEMBER FRIEND, THIS IS ASSUMING 1,990 OUT OF THE 2,000 PEOPLE YOU MAIL TO WILL DO ABSOLUTELY NOTHING AND TRASH THIS PROGRAM! DARE TO THINK FOR A MOMENT WHAT WOULD HAPPEN IF EVERYONE, OR HALF SENT OUT 100,000 PROGRAMS INSTEAD OF 2,000. Believe me, many people will do just that, and more! By the way, your cost to participate in this is practically nothing. You obviously already have an Internet connection and e-mail is FREE!!! REPORT #2 will show you the best methods for bulk e-mailing, tell you where to obtain free bulk e-mail software and where to obtain e-mail lists. METHOD #2 - PLACING FREE ADS ON THE INTERNET Advertising on the internet is very, very inexpensive, and there are HUNDREDS of FREE places to advertise. Let's say you decide to start small just to see how well it works. Assume your goal is to get ONLY 10 people to participate on your first level. (Placing a lot of FREE ads on the Internet will EASILY get a larger response.) Also assume that everyone else in YOUR ORGANIZATION gets ONLY 10 downline members. Follow this example to achieve the STAGGERING results below: 1st level-your 10 members with $5.......................................$50 2nd level--10 members from those 10 ($5 x 100)..................$500 3rd level--10 members from those 100 ($5 x 1,000)...........$5,000 4th level--10 members from those 1,000 ($5 x 10,000).....$50,000 THIS TOTALS ---------->$55,550 Remember friends, this assumes that the people who participate only recruit 10 people each. Think for a moment what would happen if they got 20 people to participate! Most people get 100's of participants! THINK ABOUT IT! For every $5.00 you receive, all you must do is e-mail them the report they ordered. THAT'S IT! ALWAYS PROVIDE SAME-DAY SERVICE ON ALL ORDERS! This will guarantee that the e-mail THEY send out with YOUR name and address on it will be prompt because they can't advertise until they receive the report! AVAILABLE REPORTS *** Order Each REPORT by NUMBER and NAME *** Notes: * ALWAYS SEND $5 CASH (U.S. CURRENCY) FOR EACH REPORT. CHECKS NOT ACCEPTED. * ALWAYS SEND YOUR ORDER VIA FIRST CLASS MAIL. * Make sure the cash is concealed by wrapping it in at least two sheets of paper. On one of those sheets of paper, include: (a) the number & name of the report you are ordering, (b) your e-mail address, and (c) your name & postal address. PLACE YOUR ORDER FOR THESE REPORTS NOW: REPORT #1 "The Insider's Guide to Advertising for Free on the Internet' ORDER REPORT #1 FROM EBIZ PH2-45 Grenoble Drive Toronto, Ontario Canada M3C 1C5 REPORT #2 "The Insider's Guide to sending Bulk E-Mail on the Internet. ORDER REPORT #2 FROM: C. Alexander 2315 Lava Dr. San Jose, CA 95133 REPORT #3 "The secrets of Multilevel Marketing on the Internet. ORDER REPORT #3 FROM: P.G. Webb 16 Huntley Crescent St. Catharines, Ontario Canada, L2M 6E7 REPORT #4 "How to become a Millionaire Utilizing the Power of Multilevel Marketing on the Internet" ORDER REPORT #4 FROM: F.D. Hardy 22306 128th. ST. E. Sumner, Wa. 98390-7634 About 50,000 new people get online every month! ******* TIPS FOR SUCCESS ******* * TREAT THIS AS YOUR BUSINESS! Be prompt, professional, and follow the directions accurately. * Send for the four reports IMMEDIATELY so you will have them when the orders start coming in because: When you receive a $5 order, you MUST send out the requested product/report. * ALWAYS PROVIDE SAME-DAY SERVICE ON THE ORDERS YOU RECEIVE. * Be patient and persistent with this program. If you follow the instructions exactly, your results WILL BE SUCCESSFUL! * ABOVE ALL, HAVE FAITH IN YOURSELF AND KNOW YOU WILL SUCCEED! ******* YOUR SUCCESS GUIDELINES ******* Follow these guidelines to guarantee your success: If you don't receive 20 orders for REPORT #1 within two weeks, Continue advertising or sending e-mails until you do. Then, a couple of weeks later you should receive at least 100 orders for REPORT#2. If you don 't, continue advertising or sending e-mails until you do. Once you have received 100 or more orders for REPORT #2, YOU CAN RELAX, because the system is already working for you, and the cash will continue to roll in! THIS IS IMPORTANT TO REMEMBER: Every time your name is moved down on the list, you are placed in front of a DIFFERENT report. You can KEEP TRACK of your PROGRESS by watching which report people are ordering from you. If you want to generate more income, send another batch of e-mails or continue placing ads and start the whole process again! There is no limit to the income you will generate from this business! Before you make your decision as to whether or not you participate in this program. Please answer one question. DO YOU WANT TO CHANGE YOUR LIFE? If the answer is yes, please look at the following facts about this program: 1. You are selling a product which does not Cost anything to PRODUCE, SHIP OR ADVERTISE. 2. All of your customers pay you in CASH! 3. E-mail is without question the most powerful method of distributing information on earth. This program combines the distribution power of e-mail together with the revenue generating power of multi-level marketing. 4. Your only expense-other than your initial $20 investment-is your time! 5. Virtually all of the income you generate from this program is PURE PROFIT! 6. This program will change your LIFE FOREVER. ACT NOW! Take your first step toward achieving financial independence. Order the reports and follow the program outlined above-SUCCESS will be your reward. Thank you for your time and consideration. PLEASE NOTE: If you need help with starting a business, registering a business name, learning how income tax is handled, etc., contact your local office of the Small Business Administration (a Federal Agency) 1-800-827-5722 for free help and answers to questions. Also, the Internal Revenue Service offers free help via telephone and free seminars about business tax requirements. Your earnings are highly dependent on your activities and advertising. The information contained on this site and in the report constitutes no guarantees stated nor implied. In the event that it is determined that this site or report constitutes a guarantee of any kind, that guarantee is now void. The earnings amounts listed on this site and in the report are estimates only. If you have any questions of the legality of this program, contact the Office of Associate Director for Marketing Practices, Federal Trade Commission, Bureau of Consumer Protection in Washington, DC. Received: by mail.proper.com (8.9.3/8.9.3) id MAA22349 for ietf-smime-bks; Thu, 16 Sep 1999 12:21:47 -0700 (PDT) Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id MAA22345 for <ietf-smime@imc.org>; Thu, 16 Sep 1999 12:21:46 -0700 (PDT) Received: from rhousley_laptop.spyrus.com (207-172-49-29.s29.tnt7.lnhva.md.dialup.rcn.com [207.172.49.29]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id MAA25566; Thu, 16 Sep 1999 12:18:21 -0700 (PDT) Message-Id: <4.2.0.58.19990916124819.009e43f0@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Thu, 16 Sep 1999 12:50:35 -0400 To: jimsch@EXCHANGE.MICROSOFT.com From: Russ Housley <housley@spyrus.com> Subject: RE: Cert Attributes in CERTDIST Cc: ietf-smime@imc.org In-Reply-To: <2F2DC5CE035DD1118C8E00805FFE354C0F5266A5@RED-MSG-56> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> X.509-1997 defines the supported algorithm attribute. There seems to be a lot of overlap. Russ = = = = = = = = = = 12.2.2.8 Supported algorithms attribute A Directory attribute is defined to support the selection of an algorithm for use when communicating with a remote end entity using certificates as defined in this Directory Specification. The following ASN.1 defines this (multi-valued) attribute: supportedAlgorithms ATTRIBUTE ::= { WITH SYNTAX SupportedAlgorithm EQUALITY MATCHING RULE algorithmIdentifierMatch ID id-at-supportedAlgorithms } SupportedAlgorithm ::= SEQUENCE { algorithmIdentifier AlgorithmIdentifier, intendedUsage [0] KeyUsage OPTIONAL, intendedCertificatePolicies [1] CertificatePoliciesSyntax OPTIONAL } Each value of the multi-valued attribute shall have a distinct algorithmIdentifier value. The value of the intendedUsage component provides an indication of the intended usage of the algorithm (see 12.2.2.3 for recognized uses). The value of the intendedCertificatePolicies component identifies the certificate policies and, optionally, certificate policy qualifiers with which the identified algorithm may be used. Received: by mail.proper.com (8.9.3/8.9.3) id TAA22697 for ietf-smime-bks; Sun, 12 Sep 1999 19:31:57 -0700 (PDT) Received: from po2.bbn.com (PO2.BBN.COM [192.1.50.36]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id TAA22691 for <ietf-smime@imc.org>; Sun, 12 Sep 1999 19:31:55 -0700 (PDT) Received: from WWILLIAMS1 ([128.33.211.196]) by po2.bbn.com (8.9.1/8.9.1) with SMTP id WAA26766; Sun, 12 Sep 1999 22:35:17 -0400 (EDT) From: "Walter Williams" <walter.williams@gte.com> To: "Russ Housley" <housley@spyrus.com>, <jimsch@EXCHANGE.MICROSOFT.com> Cc: <wpolk@nist.gov>, <ietf-smime@imc.org> Subject: RE: Cert Attributes in CERTDIST Date: Sun, 12 Sep 1999 22:30:28 -0400 Message-ID: <LIEMLMHDABGFHCOOHDHGAECMCAAA.walter.williams@gte.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2918.2701 Importance: Normal In-Reply-To: <4.2.0.58.19990912122758.00a18860@mail.spyrus.com> Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Russ, One thought here is backwards compatability of existing s/mime aware clients. Some may have been written to check for the cert in only one of the available attributes. You don't want to change the directory in a way which prevents an older client from seeing the certificate. (might though give vendors a thrill to have to say: so sorry, but due to a standard change we must force you to upgrade to support s/mime again) Certificates are also not very large (compaired with a .jpg picture of the directory entrant as a comparitive example) and so the data bloat does not waste much drive space. Of course, if all available clients look in both places, my statement is pretty much a waste of good bandwidth. Walt Williams GTE Internetworking -----Original Message----- From: owner-ietf-smime@imc.org [mailto:owner-ietf-smime@imc.org]On Behalf Of Russ Housley Sent: Sunday, September 12, 1999 12:35 PM To: jimsch@EXCHANGE.MICROSOFT.com Cc: wpolk@nist.gov; ietf-smime@imc.org Subject: RE: Cert Attributes in CERTDIST Jim: I must agree with many of the points that Dave Kemp made. Is it worth putting multiple copies of the same certificate into the Directory? This can lean to inconsistincies. Maybe it would be better to follow the PKIX LDAP Schema and add an S/MIME-specific attribute too the directory entry. The binding you seek could be achieved by putting a reference to a specific certificate that is available in the userCertificate attribute inside the S/MIME-specific attribute. Thoughts? Russ Received: by mail.proper.com (8.9.3/8.9.3) id JAA13598 for ietf-smime-bks; Sun, 12 Sep 1999 09:33:10 -0700 (PDT) Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id JAA13594 for <ietf-smime@imc.org>; Sun, 12 Sep 1999 09:33:10 -0700 (PDT) Received: from rhousley_laptop.spyrus.com (dial01.spyrus.com [207.212.34.121]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id JAA08688; Sun, 12 Sep 1999 09:29:34 -0700 (PDT) Message-Id: <4.2.0.58.19990912122758.00a18860@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Sun, 12 Sep 1999 12:34:39 -0400 To: jimsch@EXCHANGE.MICROSOFT.com From: Russ Housley <housley@spyrus.com> Subject: RE: Cert Attributes in CERTDIST Cc: wpolk@nist.gov, ietf-smime@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Jim: I must agree with many of the points that Dave Kemp made. Is it worth putting multiple copies of the same certificate into the Directory? This can lean to inconsistincies. Maybe it would be better to follow the PKIX LDAP Schema and add an S/MIME-specific attribute too the directory entry. The binding you seek could be achieved by putting a reference to a specific certificate that is available in the userCertificate attribute inside the S/MIME-specific attribute. Thoughts? Russ Received: (from majordomo@localhost) by mail.proper.com (8.9.3/8.9.3) id HAA26537 for ietf-smime-bks; Fri, 10 Sep 1999 07:55:54 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.82.195]) by mail.proper.com (8.9.3/8.9.3) with SMTP id HAA26533 for <ietf-smime@imc.org>; Fri, 10 Sep 1999 07:55:52 -0700 (PDT) From: BJUENEMAN@novell.com Message-Id: <199909101455.HAA26533@mail.proper.com> Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Fri, 10 Sep 1999 08:58:17 -0600 Mime-version: 1.0 Date: Fri, 10 Sep 1999 08:57:00 -0600 X-Mailer: Groupwise 5.5.2.1 (Beta) Subject: OID for Two-Key Triple-DES To: <ietf-smime@imc.org> Content-type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="____MGNPJNXVVBXFETIEVPHJ____" Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> --____MGNPJNXVVBXFETIEVPHJ____ Content-type: multipart/mixed; boundary="____UREWELMYLOIWKIZHBNCX____" --____UREWELMYLOIWKIZHBNCX____ Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable Has any standards group defined an OID for two-key triple DES in CBC, = i.e.,=20 EDE where the first and third keys are identical? The CMC specification states that the same OID should be used as is used for triple-DES, but that isn't workable in our environment because of the = more=20 favorable treatment allowed two-key DES when used for key management. If no standards group has published an OID, are there any common-used vendor (defacto) standards for the same? If no one has one, I guess we'll have to define one unilaterally, and map = it when and if a standard one emerges. But I'd rather not. Bob Robert R. Jueneman Security Architect Network Security Development Novell, Inc. 122 East 1700 South Provo, UT 84606 bjueneman@novell.com 1-801-861-7387 DISCLAIMER: If this message or document is digitally signed, and/or if certificates = are attached, the intended purpose is to=20 (1) Ensure that e-mail came from the apparent sender (2) Protect e-mail from tampering (3) Ensure that the content of e-mail sent to me and encrypted in my = dual-use key cannot be viewed by others. It is explicitly NOT the intent of any such signed message or document to = represent any type or form of legally binding contract or other representat= ion, and any such interpretation WILL BE REPUDIATED, notwithstanding any = wording or implications to the opposite effect in the text of the message = itself; due in part, but not exclusively, to the fact that the security of = my workstation and its associated cryptography is not judged adequately = strong for such purposes at present. --____UREWELMYLOIWKIZHBNCX____ Content-type: text/x-vcard; charset=windows-1252; name="Bob Jueneman.vcf" Content-transfer-encoding: quoted-printable Content-disposition: attachment; filename="Bob Jueneman.vcf"; modification-date="Fri, 10 Sep 1999 08:57:48 -0600" BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Robert R. Jueneman TEL;WORK:1-801-861-7387, 1-800-453-1267 ORG:Novell, Inc.;Network Security Development TEL;PREF;FAX:1-801-861-2522 EMAIL;WORK;PREF;NGW:BJUENEMAN@novell.com N:Jueneman;Bob TITLE:Security Architect ADR;INTL;WORK;PARCEL;POSTAL:;PRV-F331;122 E. 1700 South;Provo;Utah;84606;US= A LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=3DQUOTED-PRINTABLE:Robert R. = Jueneman=3D0A=3D PRV-F331=3D0A=3D 122 E. 1700 South=3D0A=3D Provo, Utah 84606=3D0A=3D USA LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=3DQUOTED-PRINTABLE:Robert R. = Jueneman=3D0A=3D PRV-F331=3D0A=3D 122 E. 1700 South=3D0A=3D Provo, Utah 84606 TEL;HOME:1-801-765-4378 TEL;CELL:1-801-361-1410 TEL;PREF:1-801-861-7387, 1-800-453-1267 X-GWUSERID:BJUENEMAN END:VCARD --____UREWELMYLOIWKIZHBNCX____-- --____MGNPJNXVVBXFETIEVPHJ____ Content-type: application/x-pkcs7-signature; name="smime.p7s" Content-transfer-encoding: base64 Content-disposition: attachment; filename="smime.p7s" CONTENT-DESCRIPTION: S/MIME Cryptographic Signature MIILqgYJKoZIhvcNAQcCoIILmzCCC5cCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCCeow ggI9MIIBpgIRAPPUZZMO5McezW8KERFWWLMwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMx FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5 IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTA0MDEwNzIzNTk1OVow XzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0fzGVuDLDQ VoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa3EeRKbs2 yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBAgUAA4GBACPIZmxVn1Jh aq8XHeKzz0eOTBsCM3X5Re+bR7GxK6A1NtFScGnJu6Xzk1uSYPlkfvHBP+nRFfHSwBe9pJ0XruEH z7qBlsSucRn2zmS/pxn1VSh/fDPWwrm36yUp/Sn4YnBBMd3DB9sSUxZg0J0H+QBl/I1sGFAgt2fc fv1wSy0PMIIDLjCCApegAwIBAgIRANJ2Lo0UDD19sqglXa/uDXUwDQYJKoZIhvcNAQECBQAwXzEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1 YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4MDUxMjAwMDAwMFoXDTA4 MDUxMjIzNTk1OVowgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB IEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAx IENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBALtaRIoEFrtV/QN6ii2UTxV4NrgNSrJvnFS/vOh3Kp258Gi7ldkx QXB6gUu5SBNWLccI4YRCq8CikqtEXKpC8IIOAukv+8I7u77JJwpdtrA2QjO1blSIT4dKvxna+RXo D4e2HOPMxpqOf2okkuP84GW6p7F+78nbN2rISsgJBuSZAgMBAAGjfDB6MBEGCWCGSAGG+EIBAQQE AwIBBjBHBgNVHSAEQDA+MDwGC2CGSAGG+EUBBwEBMC0wKwYIKwYBBQUHAgEWH3d3dy52ZXJpc2ln bi5jb20vcmVwb3NpdG9yeS9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZI hvcNAQECBQADgYEAiLg3O93alDcAraqf4YEBcR6Sam0v9vGd08pkONwbmAwHhluFFWoPuUmFpJXx F31ntH8tLN2aQp7DPrSOquULBt7yVir6M8e+GddTTMO9yOMXtaRJQmPswqYXD11YGkk8kFxVo2Ug AP0YIOVfgqaxqJLFWGrBjQM868PNBaKQrm4wggRzMIID3KADAgECAhBepkMxZ4L+lpfnhoAtUD7e MA0GCSqGSIb3DQEBBAUAMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy aVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5 L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xh c3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMB4XDTk5 MDUxMTAwMDAwMFoXDTAwMDUxMDIzNTk1OVowggEXMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEf MB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNv bS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMV UGVyc29uYSBOb3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNy b3NvZnQgRnVsbCBTZXJ2aWNlMRgwFgYDVQQDFA9Sb2JlcnQgSnVlbmVtYW4xIzAhBgkqhkiG9w0B CQEWFGJqdWVuZW1hbkBub3ZlbGwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVvB0D U6CjMvlTcy9CBKt0qFpkmNkJbLrdLDMHt38MyUfQ4JQ0AKVH9d7SWXVOPGTc0QtekJGbPJxTNoAs hQAL+EIXwJGMpoVao6wYrjU7Oytzt9FtKJOjb+r/2qJByFOrQMyy7gTLmsrje7EufBQ33F8Ab2mz f3jyGpkeNGkDeQIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADCBrAYDVR0gBIGkMIGhMIGeBgtghkgB hvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggr BgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29ycC4g YnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wEQYJYIZIAYb4QgEBBAQDAgeA MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNzMS5jcmwwDQYJ KoZIhvcNAQEEBQADgYEAYW0ZgiPQkhw9r2CTskPSbEPDSg5kwClGOKjcBl37EHBPlra/774ZZXx7 HEPyWOBjNHb0dq2BKvyOpzJOVJ5Y7udu6m0GLFaAOBakXXJdbRkEcAUrEjzEu6k5m58ro3NTwOXR I0EbvVVTY6Q4g3N5wHFhXm+0qY1Zqs2r+aKSb4sxggGIMIIBhAIBATCB4TCBzDEXMBUGA1UEChMO VmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsT PXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFRE KGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVy LVBlcnNvbmEgTm90IFZhbGlkYXRlZAIQXqZDMWeC/paX54aALVA+3jAJBgUrDgMCGgUAMA0GCSqG SIb3DQEBAQUABIGAqy3bf//j1hwgvkMZMBwMOacvSHw4Q3eM0vkkpljLoAL+294582Qze8ikN8L8 wNd0xRISGAHkn0eBnvjXIJACg69Ox68g3KpIvg/6xqptuOXSmOe7Yiu4aKVX7Gbs2PlFl9JbiFDU l91YcJkz9PVnu+VnwVIycyqmUdlNhcaqCFg= --____MGNPJNXVVBXFETIEVPHJ____-- Received: by mail.proper.com (8.9.3/8.9.3) id CAA19806 for ietf-smime-bks; Fri, 10 Sep 1999 02:48:19 -0700 (PDT) Received: from s2.smtp.oleane.net (s2.smtp.oleane.net [195.25.12.6]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id CAA19801 for <ietf-smime@imc.org>; Fri, 10 Sep 1999 02:48:18 -0700 (PDT) Received: from nec.oleane.com (dyn-1-1-245.Cor.dialup.oleane.fr [62.161.8.245]) by s2.smtp.oleane.net with SMTP id LAA82488 for <ietf-smime@imc.org>; Fri, 10 Sep 1999 11:51:13 +0200 (CEST) Message-ID: <020701befb72$2cec9be0$0201a8c0@nec.oleane.com> From: "Peter lewis" <peter.lewis@upperside.fr> To: <ietf-smime@imc.org> Subject: From Firewall to IPSec VPNs Date: Fri, 10 Sep 1999 11:52:19 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Security services and protection mechanisms IPv6 promises regarding IPSec Certification infrastructure Standardization update Case Studies: ISPs, carriers, private networks AH and ESP protocols description Possible future extensions and modifications of the IKE protocol Complementarity between IPSec and firewalls Global Site-to-Site IPSec VPN's with End-to-End SLA's Managing widespread IPSEC virtual private networks Solving IPSec VPNs scalability Results of some interoperability tests IPSec architectures and non-standardized aspects of IPSec Adding IPSec VPN functions in an existing router network Impact of fragmentation on the performance of IPSec coding IPSEC 99 Conference >From Firewall to IPSec VPNs October 26, 27, 28, 29, 1999 Paris - France More infos: www.upperside.fr/baipsec.htm Sorry to post this message on the list. Thanks Received: by mail.proper.com (8.9.3/8.9.3) id DAA17192 for ietf-smime-bks; Wed, 8 Sep 1999 03:57:40 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id DAA17187 for <ietf-smime@imc.org>; Wed, 8 Sep 1999 03:57:38 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA05798; Wed, 8 Sep 1999 06:59:55 -0400 (EDT) Message-Id: <199909081059.GAA05798@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-smime@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-smime-domsec-02.txt Date: Wed, 08 Sep 1999 06:59:55 -0400 Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the S/MIME Mail Security Working Group of the IETF. Title : Domain Security Services using S/MIME Author(s) : T. Dean, W. Ottaway Filename : draft-ietf-smime-domsec-02.txt Pages : 8 Date : 07-Sep-99 This document describes how the S/MIME protocol can be processed and generated by a number of components of a messaging system, such as message transfer agents, guards and gateways to deliver security services. These services are collectively referred to as 'Domain Security Services'. The mechanisms described in this document are designed to solve a number of interoperability problems and technical limitations that arise when different security domains wish to communicate securely - for example when two domains use incompatible messaging technologies such as X.400 and SMTP/MIME. This document is also applicable to organisations and enterprises that do not have encryption or signing capabilities at the desktop, but wish to interoperate securely using the S/MIME protocol. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-domsec-02.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-smime-domsec-02.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-smime-domsec-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19990907082019.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-smime-domsec-02.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-smime-domsec-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19990907082019.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by mail.proper.com (8.9.3/8.9.3) id RAA09716 for ietf-smime-bks; Tue, 7 Sep 1999 17:38:06 -0700 (PDT) Received: from ghoti.mcom.com (h-208-12-62-56.netscape.com [208.12.62.56]) by mail.proper.com (8.9.3/8.9.3) with SMTP id RAA09711 for <ietf-smime@imc.org>; Tue, 7 Sep 1999 17:38:05 -0700 (PDT) Received: from ghoti (localhost [127.0.0.1]) by ghoti.mcom.com (950413.SGI.8.6.12/8.6.9) with SMTP id RAA25952; Tue, 7 Sep 1999 17:40:19 -0700 Message-ID: <37D5B073.261525ED@netscape.com> Date: Tue, 07 Sep 1999 17:40:19 -0700 From: Lisa Repka <repka@netscape.com> Organization: Netscape Communications Corporation X-Mailer: Mozilla 3.02 (X11; U; IRIX 6.2 IP22) MIME-Version: 1.0 To: BJUENEMAN@novell.com CC: ietf-smime@imc.org Subject: Re: Interesting test case References: <s7c3f712.000@prv-mail20.provo.novell.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Bob Jueneman wrote: > > I'm curious to know whether anyone tried the test case, either with S/MIME v2 or v3 code. > > Any takers? v2 only (alas ;-) -- the way your message was presented it didn't parse (via our mime parser anyway) as having an *internal* S/MIME message, only an attached message and an attached signature (two vcards, too) -- which we don't try to concatenate and verify -- inside an outer S/MIME message, which we did (and which verified fine). I can answer the question about a case where that did occur, however. We would show the outer message as verifying, as you suggested it should. The inner message gets its own verification, which would fail. Not sure if you're familiar with our UI, but each message gets its own S/MIME icon displayed in the top far right (across from the message's headers). In the case of a truly nested inner/outer message, each would have its own icon with its own statement of validity. In the particular case you described, the outer message would show "good" and the attached message would show "bad"; the inner message does not contaminate the outer -- when the outer message is being verified the inner stuff is nothing but data getting hashed. [I have no energy for the discussion about the spoofability of our UI, so please don't go there. I'd be very happy to hear practical suggestions for improvements to the UI, however, if it can convey the same information, similarly succinctly, and continues to work likewise for attachments which in turn contain their own signatures. Those were our constraints going in, along with expecting most users to be unable to handle any more S/MIME awareness than that a message is "good" or a message is "bad".] lisa Received: by mail.proper.com (8.9.3/8.9.3) id GAA28851 for ietf-smime-bks; Tue, 7 Sep 1999 06:15:44 -0700 (PDT) Received: from mail.student.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.101]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id GAA28847 for <ietf-smime@imc.org>; Tue, 7 Sep 1999 06:15:42 -0700 (PDT) Received: from cs26.cs.auckland.ac.nz (pgut001@cs26.cs.auckland.ac.nz [130.216.36.9]) by mail.student.auckland.ac.nz (8.8.6/8.8.6/cs-master) with SMTP id BAA31130; Wed, 8 Sep 1999 01:17:03 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: by cs26.cs.auckland.ac.nz (relaymail v0.9) id <93671022322742>; Wed, 8 Sep 1999 01:17:03 (NZST) From: pgut001@cs.aucKland.ac.nz (Peter Gutmann) To: housley@spyrus.com Subject: Re: Suggested change to PasswordRecipientInfo Cc: ietf-smime@imc.org Reply-To: pgut001@cs.aucKland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on cs26.cs.auckland.ac.nz Date: Wed, 8 Sep 1999 01:17:03 (NZST) Message-ID: <93671022322742@cs26.cs.auckland.ac.nz> Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> >So, if a shared secret is stored on a bunch of tokens (e.g., smartcards), >there out to be a way to carry something in the parameters of the >KeyDerivationAlgorithmIdentifier to allow the shared secret and the public >data to be combined to generate the KEK. One could imagine a technique for >combining the shared secret and the public value similar to X9.42. And, if >there is more than one shared secret (perhaps for different recipient groups), >then the protocol needs a way to identify which one should be used. Uhh, I don't understand this comment - there's no public value/data being conveyed. What you're conveying is KEK( CEK ) and (optionally) the information required to turn a password into a KEK. If by "public value" you mean the salt, then it's already being handled as part of the password->KEK process specified in PKCS #5 v2. >As I stated above, if there is more than one shared secret (perhaps for >different recipient groups), then the protocol needs a way to identify which >one should be used. I can see your point, but I guess if there's any significant demand for it it can be added later (ie in version n+1 add some sort of xxxID OPTIONAL field). The reason I'm reluctant to add it at this point is that it's not at all clear what form the ID should have (I'd really prefer to avoid the traditional OCTET STRING hole) and/or if there's a great need for it. The main use for PWRI at the moment is for encrypting files (key files, stored email, whatever) for which there's only one "recipient" (ie the file owner, although calling that a recipient is probably stretching the term a bit. I should probably add a comment on this to the draft). Peter. Received: by mail.proper.com (8.9.3/8.9.3) id NAA01198 for ietf-smime-bks; Fri, 3 Sep 1999 13:09:26 -0700 (PDT) Received: from smtp1.free.fr (root@smtp1.free.fr [212.27.32.5]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id NAA01194 for <ietf-smime@imc.org>; Fri, 3 Sep 1999 13:09:24 -0700 (PDT) Received: from roam (paris11-49-43.dial.proxad.net [212.27.49.43]) by smtp1.free.fr (8.9.3/8.9.3/Debian/GNU) with SMTP id WAA31843; Fri, 3 Sep 1999 22:11:44 +0200 Message-ID: <003401bef649$1627b8a0$b8014b0a@fisystem.fr> From: "Michael Hallgren" <m.hallgren@free.fr> To: "Peter Lipp" <Peter.Lipp@iaik.at> Cc: <ietf-smime@imc.org> References: <000001bef645$9283f390$0d03a8c0@iaik.at> Subject: Re: Mail Services Date: Fri, 3 Sep 1999 22:15:36 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> >> Sure is. I went to take a look. It seems to be exactly what I'm >> looking for (up to possible licensing issues). >Hope you like it... I believe so ;) >You might also want to take a look at our S/MIME-Mapper which might already >do what you want. A new version is in preparation will offer more >flexibility and GUI-configuration (also of trustsettings). I plan to put the >details on the upcoming version on the web next week. Thanks. Seems promising for the project's needs. By the way, being on an ietf related list... I feel somewhat uneasy going into such a practical issue of choice. Please bear with me, I just changed employer,... and was taken by force by their needs. (I used to work for a company w/o export problems (TSL) :) Hope being able to return QforHints within shortly on this list. mh >Peter >--------------------------------- >Dr. Peter Lipp >IAIK, TU Graz >Email Peter.Lipp@iaik.at >Phone +43 316 873 5513 >Fax +43 316 873 5510 >Web http://jcewww.iaik.tu-graz.ac.at Received: by mail.proper.com (8.9.3/8.9.3) id IAA26461 for ietf-smime-bks; Fri, 3 Sep 1999 08:19:16 -0700 (PDT) Received: from corpo01.imaginet.fr (corpo01.imaginet.fr [195.68.0.20]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id IAA26457 for <ietf-smime@imc.org>; Fri, 3 Sep 1999 08:19:14 -0700 (PDT) Received: from roam (janus.fisystem.fr [195.68.32.60]) by corpo01.imaginet.fr (8.8.8/8.8.8) with SMTP id QAA03402; Fri, 3 Sep 1999 16:55:50 +0200 (MET DST) Message-ID: <001201bef620$88ebe560$b8014b0a@fisystem.fr> From: "Michael Hallgren" <michael.hallgren@fisystem.fr> To: "Michael Probst" <mprobst@pironet.com>, <ietf-smime@imc.org> References: <01cb01bef611$bd05bf60$b8014b0a@fisystem.fr> <37CFE1D3.DC80D7DE@pironet.com> Subject: Re: Mail Services Date: Fri, 3 Sep 1999 17:25:20 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Hi Michael > I'm not completely sure what it really is you want to do, but I hope I'm > soon going to send automatically created (content and addresses from DB, > cert/keys from a .p12 file (according to PKCS 12)) S/MIME messages via a > normal SMTP server. > I'm using a full strength Java Cryptography Extension reimplementation > and an S/MIME package available from: > > http://jcewww.iaik.tu-graz.ac.at > > ' hope this is helpful :) Sure is. I went to take a look. It seems to be exactly what I'm looking for (up to possible licensing issues). Thanks Cheers mh > > Michael > > > Michael Hallgren wrote: > > > > Hi, > > > > Might be somewhat out of track, but I'd appreciate to get a lead for a > > decision ;) > > > > I'm reflecting on an SMTP service sending S/MIME encoded mail. The public > > cert's > > should be retreived from a directory service and the mail generated by an > > automat > > (upon stimuli) rather than a desktop mail client (no manual interaction, > > that is). > > > > Now, I was tempted to make use of the SFL libraries, and implementing the > > service > > over OSS. However, I'm living and working in France... ... > > > > So, I'm now reflecting on comercially offer's. What about the SIMS (Sun) > > Entrust/PKI > > couple. Has anyone sucessfully tried it out for some similar implementation > > ? Any > > advice ? > > > > Cheers > > > > mh > > -- > > Michael Hallgren, http://m.hallgren.free.fr > > > > Always make mistakes. > > > > - E Dyson > > -- > > PIRONET INTRANET AG > Michael Probst - SBU Services > Im Mediapark 5 - 50670 Cologne - Germany > Tel.: +49 (0)221 454 3771 - Fax: +49 (0)221 454 3710 > mailto:mprobst@pironet.com - http://www.pironet.com > Received: by mail.proper.com (8.9.3/8.9.3) id GAA24482 for ietf-smime-bks; Fri, 3 Sep 1999 06:33:14 -0700 (PDT) Received: from corpo01.imaginet.fr (corpo01.imaginet.fr [195.68.0.20]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id GAA24476 for <ietf-smime@imc.org>; Fri, 3 Sep 1999 06:33:12 -0700 (PDT) Received: from roam (janus.fisystem.fr [195.68.32.60]) by corpo01.imaginet.fr (8.8.8/8.8.8) with SMTP id PAA19146 for <ietf-smime@imc.org>; Fri, 3 Sep 1999 15:09:48 +0200 (MET DST) Message-ID: <01cb01bef611$bd05bf60$b8014b0a@fisystem.fr> From: "Michael Hallgren" <michael.hallgren@fisystem.fr> To: <ietf-smime@imc.org> Subject: Mail Services Date: Fri, 3 Sep 1999 15:39:23 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Hi, Might be somewhat out of track, but I'd appreciate to get a lead for a decision ;) I'm reflecting on an SMTP service sending S/MIME encoded mail. The public cert's should be retreived from a directory service and the mail generated by an automat (upon stimuli) rather than a desktop mail client (no manual interaction, that is). Now, I was tempted to make use of the SFL libraries, and implementing the service over OSS. However, I'm living and working in France... ... So, I'm now reflecting on comercially offer's. What about the SIMS (Sun) Entrust/PKI couple. Has anyone sucessfully tried it out for some similar implementation ? Any advice ? Cheers mh -- Michael Hallgren, http://m.hallgren.free.fr Always make mistakes. - E Dyson Received: by mail.proper.com (8.9.3/8.9.3) id JAA00547 for ietf-smime-bks; Thu, 2 Sep 1999 09:28:36 -0700 (PDT) Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id JAA00539 for <ietf-smime@imc.org>; Thu, 2 Sep 1999 09:28:34 -0700 (PDT) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id JAA22722; Thu, 2 Sep 1999 09:24:28 -0700 (PDT) Message-Id: <4.2.0.58.19990902120540.00a18480@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Thu, 02 Sep 1999 12:29:28 -0400 To: pgut001@cs.aucKland.ac.nz (Peter Gutmann) From: Russ Housley <housley@spyrus.com> Subject: Re: Suggested change to PasswordRecipientInfo Cc: ietf-smime@imc.org In-Reply-To: <199908042112.JAA14052@kakapo.cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> >>I am a bit confused by your message. You say that you want to add support >>for "a PIN-protected smart card or something similar." >> >>First, this does not seem like an appropriate used of password-based key >>management. The only password seems to be the local one used to gain access >>to the KEK stored on the smart card. > >In retrospect the term "PasswordRecipientInfo" used in the draft wasn't a very >good one, with the derivation info optional it's really more like a >GeneralisedKEKRecipientInfo. At the time the best I could come up with was >PW-RI. I thought that the point was to add support for a CEK that was wrapped in a KEK (in your example, one that was derived from a password). I think that is what the draft says. So, if a shared secret is stored on a bunch of tokens (e.g., smartcards), there out to be a way to carry something in the parameters of the KeyDerivationAlgorithmIdentifier to allow the shared secret and the public data to be combined to generate the KEK. One could imagine a technique for combining the shared secret and the public value similar to X9.42. And, if there is more than one shared secret (perhaps for different recipient groups), then the protocol needs a way to identify which one should be used. You are right about the PIN, it does not impact the protocol. The PIN controls access to the shared secret. >>Second, if the KEK stored on the smart card has an identifier, then >>KEKRecipientInfo should work as already defined. > >I'm not sure what the format is for the KEK on the card, but I suspect it's >just a raw PIN-protected key (I imagine it's something like a PKCS #11 >secret key object, or more likely just a 16-byte linear file). In any case >it won't work with KEKRecipientInfo because it's only defined for RC2 and >3DES, you can't use it with IDEA unless you invent your own >AlgorithmIdentifier. As I stated above, if there is more than one shared secret (perhaps for different recipient groups), then the protocol needs a way to identify which one should be used. Russ Received: by mail.proper.com (8.9.3/8.9.3) id JAA00548 for ietf-smime-bks; Thu, 2 Sep 1999 09:28:36 -0700 (PDT) Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id JAA00543 for <ietf-smime@imc.org>; Thu, 2 Sep 1999 09:28:35 -0700 (PDT) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id JAA22715; Thu, 2 Sep 1999 09:24:21 -0700 (PDT) Message-Id: <4.2.0.58.19990902113200.00a28520@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Thu, 02 Sep 1999 11:47:05 -0400 To: pgut001@cs.aucKland.ac.nz From: Russ Housley <housley@spyrus.com> Subject: Re: Compressed data type for S/MIME Cc: ietf-smime@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-smime/mail-archive/> List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe> Peter: Please draft the text needed to update the charter. At least one of the Security Area Directors thinks that it is worth a try. Russ >Sender: "Marcus Leech" <mleech@nortelnetworks.com> >Date: Wed, 01 Sep 1999 09:16:51 -0400 >From: "Marcus Leech" <mleech@nortelnetworks.com> >X-Mailer: Mozilla 4.5 [en] (X11; U; HP-UX B.10.20 9000/712) >X-Accept-Language: en >To: Russ Housley <housley@spyrus.com> >CC: jis@mit.edu, "Marcus Leech" <mleech@nortelnetworks.com> >Subject: Re: Compressed data type for S/MIME > >Russ Housley wrote: > > > > Jeff & Marcus: > > > > Peter Gutmann has proposed an addition to the S/MIME charter to define a > > MIME type for compression. His reasoning is attached. > > > > What do you think? > > >I don't have a problem with this--let's give it a whirl. > >-- >---------------------------------------------------------------------- >Marcus Leech Mail: Dept 8M70, MS 012, FITZ >Systems Security Architect Phone: (ESN) 393-9145 +1 613 763 >9145 >Security and Internet Solutions Fax: (ESN) 395-1407 +1 613 765 >1407 >Nortel Networks mleech@nortelnetworks.com >-----------------Expressed opinions are my own, not my employer's------
- I-D ACTION:draft-ietf-smime-examples-02.txt Internet-Drafts
- Re: I-D ACTION:draft-ietf-smime-examples-02.txt Paul Hoffman / IMC