[[893412646]] Subscription to ietf-smime for smime-archive@lists.ietf.org
subs-reminder@imc.org Sat, 31 August 2002 23:27 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA15006 for <smime-archive@lists.ietf.org>; Sat, 31 Aug 2002 19:27:16 -0400 (EDT)
From: subs-reminder@imc.org
Received: by above.proper.com (8.11.6/8.11.3) id g7VNSjW06057; Sat, 31 Aug 2002 16:28:45 -0700 (PDT)
Date: Sat, 31 Aug 2002 16:28:45 -0700
Message-Id: <200208312328.g7VNSjW06057@above.proper.com>
To: smime-archive@ietf.org
Subject: [[893412646]] Subscription to ietf-smime for smime-archive@lists.ietf.org
Greetings. This message is a periodic reminder that
smime-archive@lists.ietf.org
is subscribed to the
ietf-smime
mailing list.
There are two purposes for this message:
- If this message is bounced by your mail server, I can remove you from
the mailing list and reduce waste of bandwidth and resources. (If you
are reading this message, it clearly didn't get bounced!)
- Some people stay subscribed to mailing lists even though they do not
want to because they do not know how to unsubscribe.
If you want to stay subscribed to the ietf-smime mailing list,
you do not need to do anything. Feel free to delete this message.
On the other hand, if you want to unsubscribe from this list, simply go
to the following link:
<http://www.imc.org/Unsubs/893412646>
If for some reason you cannot go to that web site, you can also
unsubscribe by email; however, doing so is not as likely to get you
unsubscribed as the web site is. To unsubscribe using email, you can
respond to this message and I will unsubscribe you by hand in the next
few days. Again, this is not assured to work because your mail system
may make it impossible for me to determine who you are or what you want
to unsubscribe to.
Alternatively, you can send a plain-text message to:
ietf-smime-request@imc.org
with the single word
unsubscribe
in the body of the message. This last method assumes that the "From:"
address in your mail is "smime-archive@lists.ietf.org". Again, using the
web site above is more likely to work than this method (due to limitations
in Majordomo, the mailing list software we currently use).
If you have any questions, feel free to contact me.
--Paul Hoffman, list administrator
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7UKULK26142 for ietf-smime-bks; Fri, 30 Aug 2002 13:30:21 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g7UKUJ226138 for <ietf-smime@imc.org>; Fri, 30 Aug 2002 13:30:19 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 30 Aug 2002 20:30:22 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id QAA15953; Fri, 30 Aug 2002 16:30:15 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g7UKRwv22524; Fri, 30 Aug 2002 16:27:59 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <3TPV33D2>; Fri, 30 Aug 2002 16:30:12 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.13]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPV33DA; Fri, 30 Aug 2002 16:30:05 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Tony Capel <capel@comgate.com>
Cc: blake@brutesquadlabs.com, ietf-smime@imc.org, "'Peter Gutmann'" <pgut001@cs.aucKland.ac.nz>, Francois.Rousseau@CSE-CST.GC.CA
Message-Id: <5.1.0.14.2.20020830162228.03511b88@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 30 Aug 2002 16:24:17 -0400
Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt: CompressedData
In-Reply-To: <000a01c2503c$535b2fe0$01b5a8c0@tony>
References: <5.1.0.14.2.20020830104947.0352d108@exna07.securitydynamics.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Tony:
On the receive side, we say that the S/MIME agent must be capable of
handling either order.
On the sending side, we say that the S/MIME agent can include a default
method for handling this (either way), and they may optionally provide a
setting for the user to change the ordering.
Russ
At 11:45 AM 8/30/2002 -0400, Tony Capel wrote:
>Russ:
>
>Sorry, I have misled you with my message.
>
>I agree with Peter and with your "I can live with it" conclusion. The
>problem I see is that although we must allow the user to be able to
>select either method; we have the problem of telling the software
>implementer what to do today in the absence of a decision (which will be
>made by users in the future). Do we have implementers/vendors flipping
>a coin or making value judgements themselves on the pros and cons?
>Rather than that, we say: 1. "the order should be capable of being
>specified by the local user" and (really optionally) 2. "the default
>behaviour is as follows". If we fail to do this, we will have
>implementations with one or the other order decision embedded (and
>potentially unalterable) in the implementation. Also there are some alg
>types where compression first is mandatory for technical reasons.
>
>tony
>
> > -----Original Message-----
> > From: Housley, Russ [mailto:rhousley@rsasecurity.com]
> > Sent: August 30, 2002 10:56 AM
> > To: Tony Capel
> > Cc: blake@brutesquadlabs.com; ietf-smime@imc.org; 'Peter Gutmann';
> > Francois.Rousseau@CSE-CST.GC.CA
> > Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt:
>CompressedData
> >
> > Tony:
> >
> > I recall a discussion of this on the list quite some time ago; there
>are
> > tradeoffs. One size does not fit all. One application could
> > appropriately
> > select one ordering, and another application could appropriately
>select
> > the
> > opposite. For this reason, we do not want to mandate any particular
> > ordering for CMS.
> >
> > Perhaps the user community of S/MIME is diverse enough that we should
>not
> > pick a single ordering for this context. This is the position
>expressed
> > by
> > Peter Gutmann, and I can live with it. However, the text needs to
>provide
> > a discussion of the pros and cons for the supported orderings.
> >
> > Someone writing a general purpose library should support arbitrary
> > ordering
> > of CMS protection content types (at least on the receive side).
> >
> > Russ
> >
> > At 10:32 AM 8/30/2002 -0400, Tony Capel wrote:
> > >Russ:
> > >
> > >I understand your concern. I had hoped to dodge this by recognizing
> > >that this decision is very instance-specific, i.e. dependant upon
>what
> > >the end user is using the signed message for. But from the poor
> > >programmer-of-messaging-software perspective she needs to know NOW
>what
> > >to do for all future end user applications.
> > >
> > >So maybe some guidance along the following line might be what is
>needed
> > >(the first two of which are obvious):
> > >
> > >1. Always compress before encrypt.
> > >2. Always compress before sign if using a lossy or other non-fully
> > >reversible algorithm.
> > >3. In all other cases sign before compress if not instructed
>otherwise,
> > >and provide a local (implementation specific) means for the user to
> > >specify the other order.
> > >
> > >The rationale for selecting signing first if the user does not
>specify
> > >otherwise is based on the assumption that this will most often
>satisfy
> > >the most stringent user signing policy (it will be wrong least
>often!).
> > >However, implementations should permit the local configuration of
>this
> > >based on user operational or other policies.
> > >
> > >As far as getting into a discussion of why one way or another is
> > >"better", it is not clear to me that s/mime is the right place for
>that.
> > >This might be better treated in signature policy or other such
> > >documents.
> > >
> > >tony
> > >
> > > > -----Original Message-----
> > > > From: owner-ietf-smime@mail.imc.org
> > >[mailto:owner-ietf-smime@mail.imc.org]
> > > > On Behalf Of Housley, Russ
> > > > Sent: August 29, 2002 10:21 AM
> > > > To: Tony Capel
> > > > Cc: blake@brutesquadlabs.com; ietf-smime@imc.org; 'Peter Gutmann';
> > > > Francois.Rousseau@CSE-CST.GC.CA
> > > > Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt:
> > >CompressedData
> > > >
> > > >
> > > > Tony:
> > > >
> > > > I agree that the use of the compression algorithm identifier in
>S/MIME
> > > > Capabilities is the right approach.
> > > >
> > > > I think that we need to offer guidance in MSGbis for S/MIME
> > >applications
> > > > on
> > > > the order of operations. Other applications that make use of CMS
> > >could
> > > > make different decisions, but MSGbis should set the conventions
>for
> > > > S/MIME.
> > > >
> > > > RFC 2634 describes the triple wrapper:
> > > > sign-encrypt-sign.
> > > >
> > > > To maintain maximum capability with this specification, we have
>two
> > > > choices:
> > > > sign-compress-encrypt-sign; or
> > > > compress-sign-encrypt-sign
> > > >
> > > > In support of the sign-what-you-say concept, I prefer
> > > > sign-compress-encrypt-sign.
> > > >
> > > > Russ
> > > >
> > > >
> > > > At 10:30 AM 8/28/2002 -0400, Tony Capel wrote:
> > > > >Blake:
> > > > >
> > > > >I wonder if we could not close off the "CompressedData"
>discussion
> > > > >simply by adding a few word (e.g. "...and compression, see
>RFC3274" )
> > > > >reference to RFC3274, Peter's compression rfc, to Section 2.5.2
>of
> > >MSG
> > > > >(and adding RFC3274 to the list of references)?
> > > > >
> > > > >If 2.5.2 is updated to address the preferBinaryInside issue maybe
>now
> > >is
> > > > >the time to do both (especially since both are aimed at reducing
> > > > >messaging overhead).
> > > > >
> > > > >CompressedData use is listed as an outstanding issue for MSG in
>the
> > > > >recent IETF WG meeting minutes:
> > > > >http://www.imc.org/ietf-smime/mail-archive/msg01339.html
> > > > >
> > > > >It has also been raised in three threads on this list:
> > > > >http://www.imc.org/ietf-smime/mail-archive/msg01295.html
> > > > >http://www.imc.org/ietf-smime/mail-archive/msg01172.html
> > > > >http://www.imc.org/ietf-smime/mail-archive/msg01241.html
> > > > >
> > > > >With respect to the order of compression and signing: For
>receivers
> > >it
> > > > >has been pointed out that the encoding unambiguously indicates
>the
> > >order
> > > > >upon receipt. Thus it would appear that no new mechanism is
>required
> > >to
> > > > >ensure interoperability (providing the receiver can process the
> > >entities
> > > > >in either order, and I THINK this what is implied by the current
> > >text).
> > > > >
> > > > >With respect to whether the sender should sign or compress first:
> > >Some
> > > > >applications will prefer signing first (sign-what-you-say, e.g.
>to
> > >meet
> > > > >EU or other "directives" interpreted to require signing before
> > > > >compression) and others will prefer compression first (signing
>the
> > > > >compressed version, e.g. for processing efficiency or as would be
> > > > >required if lossy compression were to be used). I suggest we
>dodge
> > >this
> > > > >bullet by arguing that this is an application issue best left to
> > > > >mechanisms (if needed) outside s/mime.
> > > > >
> > > > >Adding a reference to RFC3274 would emphasize RFC3274's use of
> > > > >corresponding compression algorithm OID(s) as an sMIMECapability
>to
> > > > >specify receiver compression capabilities. Hopefully this will
> > >promote
> > > > >the implementation of compression which will reduce message
>overheads
> > > > >benefiting mail system operators and users accessing e-mail over
>low
> > > > >bandwidth channels.
> > > > >
> > > > >tony
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: owner-ietf-smime@mail.imc.org
> > > > >[mailto:owner-ietf-smime@mail.imc.org]
> > > > > > On Behalf Of Tony Capel
> > > > > > Sent: July 9, 2002 10:24 AM
> > > > > > To: 'Peter Gutmann'; Francois.Rousseau@CSE-CST.GC.CA;
> > > > > > blake@brutesquadlabs.com; ietf-smime@imc.org;
> > >rhousley@rsasecurity.com
> > > > > > Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
> > > > > >
> > > > > >
> > > > > > Peter,
> > > > > >
> > > > > > many of us like your compression addition and would like it
>widely
> > >(if
> > > > > > not ubiquitously!) implemented.
> > > > > >
> > > > > > One perceived barrier to the adoption of s/mime is the
>expansion
> > >of
> > > > > > message size due to the repeated application of transfer
>(base64)
> > > > > > encoding at each wrap. Messaging system operators become
>alarmed
> > >when
> > > > > > told message sizes may more than double as a result. (Indeed
>the
> > >NIST
> > > > > > draft profile depreciates such coding of inner wraps to
>address
> > >this
> > > > > > issue.)
> > > > > >
> > > > > > The ability to offer compression also addresses overall
>message
> > > > > > expansion and will be an important capability to offer in
> > >compensation
> > > > > > when "marketing" the adoption of s/mime by large
>organizations.
> > > > > >
> > > > > >
> > > > > > Tony Capel
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: owner-ietf-smime@mail.imc.org
> > > > > > [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Peter
>Gutmann
> > > > > > Sent: July 9, 2002 4:49 AM
> > > > > > To: Francois.Rousseau@CSE-CST.GC.CA; blake@brutesquadlabs.com;
> > > > > > ietf-smime@imc.org; rhousley@rsasecurity.com
> > > > > > Subject: Re: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
> > > > > >
> > > > > >
> > > > > > "Blake Ramsdell" <blake@brutesquadlabs.com> writes:
> > > > > >
> > > > > > >I didn't see much uptake on this besides Russ saying "MAY",
>and
> > >I'm
> > > > > > worried
> > > > > > >about compatibility. I will put a slide in my presentation
>about
> > > > >this
> > > > > > for
> > > > > > >Yokohama.
> > > > > >
> > > > > > AFAIK the major use at the moment is in EDI environments
>(large,
> > > > >highly-
> > > > > > compressible messages, and everything is "by prior
>arrangement"
> > > > >anyway).
> > > > > > There
> > > > > > are a couple of apps which support it out there though, so
>having
> > >it
> > > > > > mentioned
> > > > > > would be nice just to let implementers know it's there.
> > > > > >
> > > > > > Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7UFjZ812418 for ietf-smime-bks; Fri, 30 Aug 2002 08:45:35 -0700 (PDT)
Received: from mx1.magmacom.com (mx1.magmacom.com [206.191.0.217]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7UFjY212413 for <ietf-smime@imc.org>; Fri, 30 Aug 2002 08:45:34 -0700 (PDT)
Received: from mail3.magma.ca (mail3.magma.ca [206.191.0.221]) by mx1.magmacom.com (Magma's Mail Server) with ESMTP id g7UFjX4w027709; Fri, 30 Aug 2002 11:45:33 -0400 (EDT)
Received: from tony (ottawa-hs-209-217-122-183.s-ip.magma.ca [209.217.122.183]) by mail3.magma.ca (Magma's Mail Server) with ESMTP id g7UFjJcI018867; Fri, 30 Aug 2002 11:45:33 -0400 (EDT)
From: "Tony Capel" <capel@comgate.com>
To: "'Housley, Russ'" <rhousley@rsasecurity.com>
Cc: <blake@brutesquadlabs.com>, <ietf-smime@imc.org>, "'Peter Gutmann'" <pgut001@cs.aucKland.ac.nz>, <Francois.Rousseau@CSE-CST.GC.CA>
Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt: CompressedData
Date: Fri, 30 Aug 2002 11:45:43 -0400
Message-ID: <000a01c2503c$535b2fe0$01b5a8c0@tony>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
In-Reply-To: <5.1.0.14.2.20020830104947.0352d108@exna07.securitydynamics.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Russ:
Sorry, I have misled you with my message.
I agree with Peter and with your "I can live with it" conclusion. The
problem I see is that although we must allow the user to be able to
select either method; we have the problem of telling the software
implementer what to do today in the absence of a decision (which will be
made by users in the future). Do we have implementers/vendors flipping
a coin or making value judgements themselves on the pros and cons?
Rather than that, we say: 1. "the order should be capable of being
specified by the local user" and (really optionally) 2. "the default
behaviour is as follows". If we fail to do this, we will have
implementations with one or the other order decision embedded (and
potentially unalterable) in the implementation. Also there are some alg
types where compression first is mandatory for technical reasons.
tony
> -----Original Message-----
> From: Housley, Russ [mailto:rhousley@rsasecurity.com]
> Sent: August 30, 2002 10:56 AM
> To: Tony Capel
> Cc: blake@brutesquadlabs.com; ietf-smime@imc.org; 'Peter Gutmann';
> Francois.Rousseau@CSE-CST.GC.CA
> Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt:
CompressedData
>
> Tony:
>
> I recall a discussion of this on the list quite some time ago; there
are
> tradeoffs. One size does not fit all. One application could
> appropriately
> select one ordering, and another application could appropriately
select
> the
> opposite. For this reason, we do not want to mandate any particular
> ordering for CMS.
>
> Perhaps the user community of S/MIME is diverse enough that we should
not
> pick a single ordering for this context. This is the position
expressed
> by
> Peter Gutmann, and I can live with it. However, the text needs to
provide
> a discussion of the pros and cons for the supported orderings.
>
> Someone writing a general purpose library should support arbitrary
> ordering
> of CMS protection content types (at least on the receive side).
>
> Russ
>
> At 10:32 AM 8/30/2002 -0400, Tony Capel wrote:
> >Russ:
> >
> >I understand your concern. I had hoped to dodge this by recognizing
> >that this decision is very instance-specific, i.e. dependant upon
what
> >the end user is using the signed message for. But from the poor
> >programmer-of-messaging-software perspective she needs to know NOW
what
> >to do for all future end user applications.
> >
> >So maybe some guidance along the following line might be what is
needed
> >(the first two of which are obvious):
> >
> >1. Always compress before encrypt.
> >2. Always compress before sign if using a lossy or other non-fully
> >reversible algorithm.
> >3. In all other cases sign before compress if not instructed
otherwise,
> >and provide a local (implementation specific) means for the user to
> >specify the other order.
> >
> >The rationale for selecting signing first if the user does not
specify
> >otherwise is based on the assumption that this will most often
satisfy
> >the most stringent user signing policy (it will be wrong least
often!).
> >However, implementations should permit the local configuration of
this
> >based on user operational or other policies.
> >
> >As far as getting into a discussion of why one way or another is
> >"better", it is not clear to me that s/mime is the right place for
that.
> >This might be better treated in signature policy or other such
> >documents.
> >
> >tony
> >
> > > -----Original Message-----
> > > From: owner-ietf-smime@mail.imc.org
> >[mailto:owner-ietf-smime@mail.imc.org]
> > > On Behalf Of Housley, Russ
> > > Sent: August 29, 2002 10:21 AM
> > > To: Tony Capel
> > > Cc: blake@brutesquadlabs.com; ietf-smime@imc.org; 'Peter Gutmann';
> > > Francois.Rousseau@CSE-CST.GC.CA
> > > Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt:
> >CompressedData
> > >
> > >
> > > Tony:
> > >
> > > I agree that the use of the compression algorithm identifier in
S/MIME
> > > Capabilities is the right approach.
> > >
> > > I think that we need to offer guidance in MSGbis for S/MIME
> >applications
> > > on
> > > the order of operations. Other applications that make use of CMS
> >could
> > > make different decisions, but MSGbis should set the conventions
for
> > > S/MIME.
> > >
> > > RFC 2634 describes the triple wrapper:
> > > sign-encrypt-sign.
> > >
> > > To maintain maximum capability with this specification, we have
two
> > > choices:
> > > sign-compress-encrypt-sign; or
> > > compress-sign-encrypt-sign
> > >
> > > In support of the sign-what-you-say concept, I prefer
> > > sign-compress-encrypt-sign.
> > >
> > > Russ
> > >
> > >
> > > At 10:30 AM 8/28/2002 -0400, Tony Capel wrote:
> > > >Blake:
> > > >
> > > >I wonder if we could not close off the "CompressedData"
discussion
> > > >simply by adding a few word (e.g. "...and compression, see
RFC3274" )
> > > >reference to RFC3274, Peter's compression rfc, to Section 2.5.2
of
> >MSG
> > > >(and adding RFC3274 to the list of references)?
> > > >
> > > >If 2.5.2 is updated to address the preferBinaryInside issue maybe
now
> >is
> > > >the time to do both (especially since both are aimed at reducing
> > > >messaging overhead).
> > > >
> > > >CompressedData use is listed as an outstanding issue for MSG in
the
> > > >recent IETF WG meeting minutes:
> > > >http://www.imc.org/ietf-smime/mail-archive/msg01339.html
> > > >
> > > >It has also been raised in three threads on this list:
> > > >http://www.imc.org/ietf-smime/mail-archive/msg01295.html
> > > >http://www.imc.org/ietf-smime/mail-archive/msg01172.html
> > > >http://www.imc.org/ietf-smime/mail-archive/msg01241.html
> > > >
> > > >With respect to the order of compression and signing: For
receivers
> >it
> > > >has been pointed out that the encoding unambiguously indicates
the
> >order
> > > >upon receipt. Thus it would appear that no new mechanism is
required
> >to
> > > >ensure interoperability (providing the receiver can process the
> >entities
> > > >in either order, and I THINK this what is implied by the current
> >text).
> > > >
> > > >With respect to whether the sender should sign or compress first:
> >Some
> > > >applications will prefer signing first (sign-what-you-say, e.g.
to
> >meet
> > > >EU or other "directives" interpreted to require signing before
> > > >compression) and others will prefer compression first (signing
the
> > > >compressed version, e.g. for processing efficiency or as would be
> > > >required if lossy compression were to be used). I suggest we
dodge
> >this
> > > >bullet by arguing that this is an application issue best left to
> > > >mechanisms (if needed) outside s/mime.
> > > >
> > > >Adding a reference to RFC3274 would emphasize RFC3274's use of
> > > >corresponding compression algorithm OID(s) as an sMIMECapability
to
> > > >specify receiver compression capabilities. Hopefully this will
> >promote
> > > >the implementation of compression which will reduce message
overheads
> > > >benefiting mail system operators and users accessing e-mail over
low
> > > >bandwidth channels.
> > > >
> > > >tony
> > > >
> > > > > -----Original Message-----
> > > > > From: owner-ietf-smime@mail.imc.org
> > > >[mailto:owner-ietf-smime@mail.imc.org]
> > > > > On Behalf Of Tony Capel
> > > > > Sent: July 9, 2002 10:24 AM
> > > > > To: 'Peter Gutmann'; Francois.Rousseau@CSE-CST.GC.CA;
> > > > > blake@brutesquadlabs.com; ietf-smime@imc.org;
> >rhousley@rsasecurity.com
> > > > > Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
> > > > >
> > > > >
> > > > > Peter,
> > > > >
> > > > > many of us like your compression addition and would like it
widely
> >(if
> > > > > not ubiquitously!) implemented.
> > > > >
> > > > > One perceived barrier to the adoption of s/mime is the
expansion
> >of
> > > > > message size due to the repeated application of transfer
(base64)
> > > > > encoding at each wrap. Messaging system operators become
alarmed
> >when
> > > > > told message sizes may more than double as a result. (Indeed
the
> >NIST
> > > > > draft profile depreciates such coding of inner wraps to
address
> >this
> > > > > issue.)
> > > > >
> > > > > The ability to offer compression also addresses overall
message
> > > > > expansion and will be an important capability to offer in
> >compensation
> > > > > when "marketing" the adoption of s/mime by large
organizations.
> > > > >
> > > > >
> > > > > Tony Capel
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: owner-ietf-smime@mail.imc.org
> > > > > [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Peter
Gutmann
> > > > > Sent: July 9, 2002 4:49 AM
> > > > > To: Francois.Rousseau@CSE-CST.GC.CA; blake@brutesquadlabs.com;
> > > > > ietf-smime@imc.org; rhousley@rsasecurity.com
> > > > > Subject: Re: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
> > > > >
> > > > >
> > > > > "Blake Ramsdell" <blake@brutesquadlabs.com> writes:
> > > > >
> > > > > >I didn't see much uptake on this besides Russ saying "MAY",
and
> >I'm
> > > > > worried
> > > > > >about compatibility. I will put a slide in my presentation
about
> > > >this
> > > > > for
> > > > > >Yokohama.
> > > > >
> > > > > AFAIK the major use at the moment is in EDI environments
(large,
> > > >highly-
> > > > > compressible messages, and everything is "by prior
arrangement"
> > > >anyway).
> > > > > There
> > > > > are a couple of apps which support it out there though, so
having
> >it
> > > > > mentioned
> > > > > would be nice just to let implementers know it's there.
> > > > >
> > > > > Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7UF7Gi10387 for ietf-smime-bks; Fri, 30 Aug 2002 08:07:16 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g7UF7E210383 for <ietf-smime@imc.org>; Fri, 30 Aug 2002 08:07:14 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 30 Aug 2002 15:07:16 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA15393; Fri, 30 Aug 2002 11:07:05 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g7UF4ox15452; Fri, 30 Aug 2002 11:04:51 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <3TPV320R>; Fri, 30 Aug 2002 11:07:04 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.20]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPV3203; Fri, 30 Aug 2002 11:06:57 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Tony Capel <capel@comgate.com>
Cc: blake@brutesquadlabs.com, ietf-smime@imc.org, "'Peter Gutmann'" <pgut001@cs.aucKland.ac.nz>, Francois.Rousseau@CSE-CST.GC.CA
Message-Id: <5.1.0.14.2.20020830104947.0352d108@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 30 Aug 2002 10:55:40 -0400
Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt: CompressedData
In-Reply-To: <000601c25032$20bd50e0$01b5a8c0@tony>
References: <5.1.0.14.2.20020829101203.021351f8@exna07.securitydynamics.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Tony:
I recall a discussion of this on the list quite some time ago; there are
tradeoffs. One size does not fit all. One application could appropriately
select one ordering, and another application could appropriately select the
opposite. For this reason, we do not want to mandate any particular
ordering for CMS.
Perhaps the user community of S/MIME is diverse enough that we should not
pick a single ordering for this context. This is the position expressed by
Peter Gutmann, and I can live with it. However, the text needs to provide
a discussion of the pros and cons for the supported orderings.
Someone writing a general purpose library should support arbitrary ordering
of CMS protection content types (at least on the receive side).
Russ
At 10:32 AM 8/30/2002 -0400, Tony Capel wrote:
>Russ:
>
>I understand your concern. I had hoped to dodge this by recognizing
>that this decision is very instance-specific, i.e. dependant upon what
>the end user is using the signed message for. But from the poor
>programmer-of-messaging-software perspective she needs to know NOW what
>to do for all future end user applications.
>
>So maybe some guidance along the following line might be what is needed
>(the first two of which are obvious):
>
>1. Always compress before encrypt.
>2. Always compress before sign if using a lossy or other non-fully
>reversible algorithm.
>3. In all other cases sign before compress if not instructed otherwise,
>and provide a local (implementation specific) means for the user to
>specify the other order.
>
>The rationale for selecting signing first if the user does not specify
>otherwise is based on the assumption that this will most often satisfy
>the most stringent user signing policy (it will be wrong least often!).
>However, implementations should permit the local configuration of this
>based on user operational or other policies.
>
>As far as getting into a discussion of why one way or another is
>"better", it is not clear to me that s/mime is the right place for that.
>This might be better treated in signature policy or other such
>documents.
>
>tony
>
> > -----Original Message-----
> > From: owner-ietf-smime@mail.imc.org
>[mailto:owner-ietf-smime@mail.imc.org]
> > On Behalf Of Housley, Russ
> > Sent: August 29, 2002 10:21 AM
> > To: Tony Capel
> > Cc: blake@brutesquadlabs.com; ietf-smime@imc.org; 'Peter Gutmann';
> > Francois.Rousseau@CSE-CST.GC.CA
> > Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt:
>CompressedData
> >
> >
> > Tony:
> >
> > I agree that the use of the compression algorithm identifier in S/MIME
> > Capabilities is the right approach.
> >
> > I think that we need to offer guidance in MSGbis for S/MIME
>applications
> > on
> > the order of operations. Other applications that make use of CMS
>could
> > make different decisions, but MSGbis should set the conventions for
> > S/MIME.
> >
> > RFC 2634 describes the triple wrapper:
> > sign-encrypt-sign.
> >
> > To maintain maximum capability with this specification, we have two
> > choices:
> > sign-compress-encrypt-sign; or
> > compress-sign-encrypt-sign
> >
> > In support of the sign-what-you-say concept, I prefer
> > sign-compress-encrypt-sign.
> >
> > Russ
> >
> >
> > At 10:30 AM 8/28/2002 -0400, Tony Capel wrote:
> > >Blake:
> > >
> > >I wonder if we could not close off the "CompressedData" discussion
> > >simply by adding a few word (e.g. "...and compression, see RFC3274" )
> > >reference to RFC3274, Peter's compression rfc, to Section 2.5.2 of
>MSG
> > >(and adding RFC3274 to the list of references)?
> > >
> > >If 2.5.2 is updated to address the preferBinaryInside issue maybe now
>is
> > >the time to do both (especially since both are aimed at reducing
> > >messaging overhead).
> > >
> > >CompressedData use is listed as an outstanding issue for MSG in the
> > >recent IETF WG meeting minutes:
> > >http://www.imc.org/ietf-smime/mail-archive/msg01339.html
> > >
> > >It has also been raised in three threads on this list:
> > >http://www.imc.org/ietf-smime/mail-archive/msg01295.html
> > >http://www.imc.org/ietf-smime/mail-archive/msg01172.html
> > >http://www.imc.org/ietf-smime/mail-archive/msg01241.html
> > >
> > >With respect to the order of compression and signing: For receivers
>it
> > >has been pointed out that the encoding unambiguously indicates the
>order
> > >upon receipt. Thus it would appear that no new mechanism is required
>to
> > >ensure interoperability (providing the receiver can process the
>entities
> > >in either order, and I THINK this what is implied by the current
>text).
> > >
> > >With respect to whether the sender should sign or compress first:
>Some
> > >applications will prefer signing first (sign-what-you-say, e.g. to
>meet
> > >EU or other "directives" interpreted to require signing before
> > >compression) and others will prefer compression first (signing the
> > >compressed version, e.g. for processing efficiency or as would be
> > >required if lossy compression were to be used). I suggest we dodge
>this
> > >bullet by arguing that this is an application issue best left to
> > >mechanisms (if needed) outside s/mime.
> > >
> > >Adding a reference to RFC3274 would emphasize RFC3274's use of
> > >corresponding compression algorithm OID(s) as an sMIMECapability to
> > >specify receiver compression capabilities. Hopefully this will
>promote
> > >the implementation of compression which will reduce message overheads
> > >benefiting mail system operators and users accessing e-mail over low
> > >bandwidth channels.
> > >
> > >tony
> > >
> > > > -----Original Message-----
> > > > From: owner-ietf-smime@mail.imc.org
> > >[mailto:owner-ietf-smime@mail.imc.org]
> > > > On Behalf Of Tony Capel
> > > > Sent: July 9, 2002 10:24 AM
> > > > To: 'Peter Gutmann'; Francois.Rousseau@CSE-CST.GC.CA;
> > > > blake@brutesquadlabs.com; ietf-smime@imc.org;
>rhousley@rsasecurity.com
> > > > Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
> > > >
> > > >
> > > > Peter,
> > > >
> > > > many of us like your compression addition and would like it widely
>(if
> > > > not ubiquitously!) implemented.
> > > >
> > > > One perceived barrier to the adoption of s/mime is the expansion
>of
> > > > message size due to the repeated application of transfer (base64)
> > > > encoding at each wrap. Messaging system operators become alarmed
>when
> > > > told message sizes may more than double as a result. (Indeed the
>NIST
> > > > draft profile depreciates such coding of inner wraps to address
>this
> > > > issue.)
> > > >
> > > > The ability to offer compression also addresses overall message
> > > > expansion and will be an important capability to offer in
>compensation
> > > > when "marketing" the adoption of s/mime by large organizations.
> > > >
> > > >
> > > > Tony Capel
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: owner-ietf-smime@mail.imc.org
> > > > [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Peter Gutmann
> > > > Sent: July 9, 2002 4:49 AM
> > > > To: Francois.Rousseau@CSE-CST.GC.CA; blake@brutesquadlabs.com;
> > > > ietf-smime@imc.org; rhousley@rsasecurity.com
> > > > Subject: Re: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
> > > >
> > > >
> > > > "Blake Ramsdell" <blake@brutesquadlabs.com> writes:
> > > >
> > > > >I didn't see much uptake on this besides Russ saying "MAY", and
>I'm
> > > > worried
> > > > >about compatibility. I will put a slide in my presentation about
> > >this
> > > > for
> > > > >Yokohama.
> > > >
> > > > AFAIK the major use at the moment is in EDI environments (large,
> > >highly-
> > > > compressible messages, and everything is "by prior arrangement"
> > >anyway).
> > > > There
> > > > are a couple of apps which support it out there though, so having
>it
> > > > mentioned
> > > > would be nice just to let implementers know it's there.
> > > >
> > > > Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7UEWdk07169 for ietf-smime-bks; Fri, 30 Aug 2002 07:32:39 -0700 (PDT)
Received: from mx2.magma.ca (mx2.magma.ca [206.191.0.250]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7UEWb207165 for <ietf-smime@imc.org>; Fri, 30 Aug 2002 07:32:38 -0700 (PDT)
Received: from mail6.magma.ca (mail6.magma.ca [206.191.0.248]) by mx2.magma.ca (Magma Relay Server) with ESMTP id g7UEWYq9014447; Fri, 30 Aug 2002 10:32:34 -0400
Received: from tony (ottawa-hs-209-217-122-183.s-ip.magma.ca [209.217.122.183]) by mail6.magma.ca (Magma's Mail Server) with ESMTP id g7UEWORb021101; Fri, 30 Aug 2002 10:32:33 -0400 (EDT)
From: "Tony Capel" <capel@comgate.com>
To: "'Housley, Russ'" <rhousley@rsasecurity.com>
Cc: <blake@brutesquadlabs.com>, <ietf-smime@imc.org>, "'Peter Gutmann'" <pgut001@cs.aucKland.ac.nz>, <Francois.Rousseau@CSE-CST.GC.CA>
Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt: CompressedData
Date: Fri, 30 Aug 2002 10:32:48 -0400
Message-ID: <000601c25032$20bd50e0$01b5a8c0@tony>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
In-Reply-To: <5.1.0.14.2.20020829101203.021351f8@exna07.securitydynamics.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Russ:
I understand your concern. I had hoped to dodge this by recognizing
that this decision is very instance-specific, i.e. dependant upon what
the end user is using the signed message for. But from the poor
programmer-of-messaging-software perspective she needs to know NOW what
to do for all future end user applications.
So maybe some guidance along the following line might be what is needed
(the first two of which are obvious):
1. Always compress before encrypt.
2. Always compress before sign if using a lossy or other non-fully
reversible algorithm.
3. In all other cases sign before compress if not instructed otherwise,
and provide a local (implementation specific) means for the user to
specify the other order.
The rationale for selecting signing first if the user does not specify
otherwise is based on the assumption that this will most often satisfy
the most stringent user signing policy (it will be wrong least often!).
However, implementations should permit the local configuration of this
based on user operational or other policies.
As far as getting into a discussion of why one way or another is
"better", it is not clear to me that s/mime is the right place for that.
This might be better treated in signature policy or other such
documents.
tony
> -----Original Message-----
> From: owner-ietf-smime@mail.imc.org
[mailto:owner-ietf-smime@mail.imc.org]
> On Behalf Of Housley, Russ
> Sent: August 29, 2002 10:21 AM
> To: Tony Capel
> Cc: blake@brutesquadlabs.com; ietf-smime@imc.org; 'Peter Gutmann';
> Francois.Rousseau@CSE-CST.GC.CA
> Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt:
CompressedData
>
>
> Tony:
>
> I agree that the use of the compression algorithm identifier in S/MIME
> Capabilities is the right approach.
>
> I think that we need to offer guidance in MSGbis for S/MIME
applications
> on
> the order of operations. Other applications that make use of CMS
could
> make different decisions, but MSGbis should set the conventions for
> S/MIME.
>
> RFC 2634 describes the triple wrapper:
> sign-encrypt-sign.
>
> To maintain maximum capability with this specification, we have two
> choices:
> sign-compress-encrypt-sign; or
> compress-sign-encrypt-sign
>
> In support of the sign-what-you-say concept, I prefer
> sign-compress-encrypt-sign.
>
> Russ
>
>
> At 10:30 AM 8/28/2002 -0400, Tony Capel wrote:
> >Blake:
> >
> >I wonder if we could not close off the "CompressedData" discussion
> >simply by adding a few word (e.g. "...and compression, see RFC3274" )
> >reference to RFC3274, Peter's compression rfc, to Section 2.5.2 of
MSG
> >(and adding RFC3274 to the list of references)?
> >
> >If 2.5.2 is updated to address the preferBinaryInside issue maybe now
is
> >the time to do both (especially since both are aimed at reducing
> >messaging overhead).
> >
> >CompressedData use is listed as an outstanding issue for MSG in the
> >recent IETF WG meeting minutes:
> >http://www.imc.org/ietf-smime/mail-archive/msg01339.html
> >
> >It has also been raised in three threads on this list:
> >http://www.imc.org/ietf-smime/mail-archive/msg01295.html
> >http://www.imc.org/ietf-smime/mail-archive/msg01172.html
> >http://www.imc.org/ietf-smime/mail-archive/msg01241.html
> >
> >With respect to the order of compression and signing: For receivers
it
> >has been pointed out that the encoding unambiguously indicates the
order
> >upon receipt. Thus it would appear that no new mechanism is required
to
> >ensure interoperability (providing the receiver can process the
entities
> >in either order, and I THINK this what is implied by the current
text).
> >
> >With respect to whether the sender should sign or compress first:
Some
> >applications will prefer signing first (sign-what-you-say, e.g. to
meet
> >EU or other "directives" interpreted to require signing before
> >compression) and others will prefer compression first (signing the
> >compressed version, e.g. for processing efficiency or as would be
> >required if lossy compression were to be used). I suggest we dodge
this
> >bullet by arguing that this is an application issue best left to
> >mechanisms (if needed) outside s/mime.
> >
> >Adding a reference to RFC3274 would emphasize RFC3274's use of
> >corresponding compression algorithm OID(s) as an sMIMECapability to
> >specify receiver compression capabilities. Hopefully this will
promote
> >the implementation of compression which will reduce message overheads
> >benefiting mail system operators and users accessing e-mail over low
> >bandwidth channels.
> >
> >tony
> >
> > > -----Original Message-----
> > > From: owner-ietf-smime@mail.imc.org
> >[mailto:owner-ietf-smime@mail.imc.org]
> > > On Behalf Of Tony Capel
> > > Sent: July 9, 2002 10:24 AM
> > > To: 'Peter Gutmann'; Francois.Rousseau@CSE-CST.GC.CA;
> > > blake@brutesquadlabs.com; ietf-smime@imc.org;
rhousley@rsasecurity.com
> > > Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
> > >
> > >
> > > Peter,
> > >
> > > many of us like your compression addition and would like it widely
(if
> > > not ubiquitously!) implemented.
> > >
> > > One perceived barrier to the adoption of s/mime is the expansion
of
> > > message size due to the repeated application of transfer (base64)
> > > encoding at each wrap. Messaging system operators become alarmed
when
> > > told message sizes may more than double as a result. (Indeed the
NIST
> > > draft profile depreciates such coding of inner wraps to address
this
> > > issue.)
> > >
> > > The ability to offer compression also addresses overall message
> > > expansion and will be an important capability to offer in
compensation
> > > when "marketing" the adoption of s/mime by large organizations.
> > >
> > >
> > > Tony Capel
> > >
> > >
> > > -----Original Message-----
> > > From: owner-ietf-smime@mail.imc.org
> > > [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Peter Gutmann
> > > Sent: July 9, 2002 4:49 AM
> > > To: Francois.Rousseau@CSE-CST.GC.CA; blake@brutesquadlabs.com;
> > > ietf-smime@imc.org; rhousley@rsasecurity.com
> > > Subject: Re: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
> > >
> > >
> > > "Blake Ramsdell" <blake@brutesquadlabs.com> writes:
> > >
> > > >I didn't see much uptake on this besides Russ saying "MAY", and
I'm
> > > worried
> > > >about compatibility. I will put a slide in my presentation about
> >this
> > > for
> > > >Yokohama.
> > >
> > > AFAIK the major use at the moment is in EDI environments (large,
> >highly-
> > > compressible messages, and everything is "by prior arrangement"
> >anyway).
> > > There
> > > are a couple of apps which support it out there though, so having
it
> > > mentioned
> > > would be nice just to let implementers know it's there.
> > >
> > > Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7U2htO29241 for ietf-smime-bks; Thu, 29 Aug 2002 19:43:55 -0700 (PDT)
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7U2hs229237 for <ietf-smime@imc.org>; Thu, 29 Aug 2002 19:43:55 -0700 (PDT)
Received: from DEXTER ([192.168.0.7]) by brutesquadlabs.com with SMTP ; Thu, 29 Aug 2002 19:43:45 -0700
Message-ID: <01c001c24fcf$0fa0b490$0700a8c0@brutesquadlabs.com>
From: "Blake Ramsdell" <blake@brutesquadlabs.com>
To: "David P. Kemp" <dpkemp@missi.ncsc.mil>, <ietf-smime@imc.org>
References: <200208282229.g7SMTWS23121@stingray.missi.ncsc.mil>
Subject: Re: RFC 2632bis: Using Distinguished Names for Internet Mail
Date: Thu, 29 Aug 2002 19:43:45 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g7U2ht229238
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
----- Original Message -----
From: "David P. Kemp" <dpkemp@missi.ncsc.mil>
To: <ietf-smime@imc.org>
Sent: Wednesday, August 28, 2002 3:25 PM
Subject: RFC 2632bis: Using Distinguished Names for Internet Mail
> However, in communications with our PKI development organization,
> one large user agent developer has quoted other sentences from
> RFC 2632 out of context to claim that V3 user agents must refuse
> to accept certificates that do not contain rfc822 addresses.
> In order to avoid such misinterpretation, RFC 2632bis could use
> a little explicit, though perhaps redundant, clarification.
I will review these changes. Since I am firmly of the belief that there exist useful certificates in the universe without an email address in them, I'm all for it ;).
Blake
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7TMJ1K14642 for ietf-smime-bks; Thu, 29 Aug 2002 15:19:01 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g7TMIx214633 for <ietf-smime@imc.org>; Thu, 29 Aug 2002 15:18:59 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 29 Aug 2002 22:19:02 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id SAA29530; Thu, 29 Aug 2002 18:18:57 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g7TMGcL08893; Thu, 29 Aug 2002 18:16:38 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <3TPVN078>; Thu, 29 Aug 2002 18:18:46 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.10]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPVN07Z; Thu, 29 Aug 2002 18:18:44 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Tony Capel <capel@comgate.com>
Cc: blake@brutesquadlabs.com, ietf-smime@imc.org, "'Peter Gutmann'" <pgut001@cs.aucKland.ac.nz>, Francois.Rousseau@CSE-CST.GC.CA
Message-Id: <5.1.0.14.2.20020829101203.021351f8@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 29 Aug 2002 10:21:22 -0400
Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt: CompressedData
In-Reply-To: <001601c24e9f$785d9240$01b5a8c0@tony>
References: <002101c22754$361d6f30$01b5a8c0@tony>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Tony:
I agree that the use of the compression algorithm identifier in S/MIME
Capabilities is the right approach.
I think that we need to offer guidance in MSGbis for S/MIME applications on
the order of operations. Other applications that make use of CMS could
make different decisions, but MSGbis should set the conventions for S/MIME.
RFC 2634 describes the triple wrapper:
sign-encrypt-sign.
To maintain maximum capability with this specification, we have two choices:
sign-compress-encrypt-sign; or
compress-sign-encrypt-sign
In support of the sign-what-you-say concept, I prefer
sign-compress-encrypt-sign.
Russ
At 10:30 AM 8/28/2002 -0400, Tony Capel wrote:
>Blake:
>
>I wonder if we could not close off the "CompressedData" discussion
>simply by adding a few word (e.g. "...and compression, see RFC3274" )
>reference to RFC3274, Peter's compression rfc, to Section 2.5.2 of MSG
>(and adding RFC3274 to the list of references)?
>
>If 2.5.2 is updated to address the preferBinaryInside issue maybe now is
>the time to do both (especially since both are aimed at reducing
>messaging overhead).
>
>CompressedData use is listed as an outstanding issue for MSG in the
>recent IETF WG meeting minutes:
>http://www.imc.org/ietf-smime/mail-archive/msg01339.html
>
>It has also been raised in three threads on this list:
>http://www.imc.org/ietf-smime/mail-archive/msg01295.html
>http://www.imc.org/ietf-smime/mail-archive/msg01172.html
>http://www.imc.org/ietf-smime/mail-archive/msg01241.html
>
>With respect to the order of compression and signing: For receivers it
>has been pointed out that the encoding unambiguously indicates the order
>upon receipt. Thus it would appear that no new mechanism is required to
>ensure interoperability (providing the receiver can process the entities
>in either order, and I THINK this what is implied by the current text).
>
>With respect to whether the sender should sign or compress first: Some
>applications will prefer signing first (sign-what-you-say, e.g. to meet
>EU or other "directives" interpreted to require signing before
>compression) and others will prefer compression first (signing the
>compressed version, e.g. for processing efficiency or as would be
>required if lossy compression were to be used). I suggest we dodge this
>bullet by arguing that this is an application issue best left to
>mechanisms (if needed) outside s/mime.
>
>Adding a reference to RFC3274 would emphasize RFC3274's use of
>corresponding compression algorithm OID(s) as an sMIMECapability to
>specify receiver compression capabilities. Hopefully this will promote
>the implementation of compression which will reduce message overheads
>benefiting mail system operators and users accessing e-mail over low
>bandwidth channels.
>
>tony
>
> > -----Original Message-----
> > From: owner-ietf-smime@mail.imc.org
>[mailto:owner-ietf-smime@mail.imc.org]
> > On Behalf Of Tony Capel
> > Sent: July 9, 2002 10:24 AM
> > To: 'Peter Gutmann'; Francois.Rousseau@CSE-CST.GC.CA;
> > blake@brutesquadlabs.com; ietf-smime@imc.org; rhousley@rsasecurity.com
> > Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
> >
> >
> > Peter,
> >
> > many of us like your compression addition and would like it widely (if
> > not ubiquitously!) implemented.
> >
> > One perceived barrier to the adoption of s/mime is the expansion of
> > message size due to the repeated application of transfer (base64)
> > encoding at each wrap. Messaging system operators become alarmed when
> > told message sizes may more than double as a result. (Indeed the NIST
> > draft profile depreciates such coding of inner wraps to address this
> > issue.)
> >
> > The ability to offer compression also addresses overall message
> > expansion and will be an important capability to offer in compensation
> > when "marketing" the adoption of s/mime by large organizations.
> >
> >
> > Tony Capel
> >
> >
> > -----Original Message-----
> > From: owner-ietf-smime@mail.imc.org
> > [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Peter Gutmann
> > Sent: July 9, 2002 4:49 AM
> > To: Francois.Rousseau@CSE-CST.GC.CA; blake@brutesquadlabs.com;
> > ietf-smime@imc.org; rhousley@rsasecurity.com
> > Subject: Re: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
> >
> >
> > "Blake Ramsdell" <blake@brutesquadlabs.com> writes:
> >
> > >I didn't see much uptake on this besides Russ saying "MAY", and I'm
> > worried
> > >about compatibility. I will put a slide in my presentation about
>this
> > for
> > >Yokohama.
> >
> > AFAIK the major use at the moment is in EDI environments (large,
>highly-
> > compressible messages, and everything is "by prior arrangement"
>anyway).
> > There
> > are a couple of apps which support it out there though, so having it
> > mentioned
> > would be nice just to let implementers know it's there.
> >
> > Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7SMT7D09739 for ietf-smime-bks; Wed, 28 Aug 2002 15:29:07 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7SMT6209734 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 15:29:06 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id g7SMTXT23125 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 18:29:33 -0400 (EDT)
Message-ID: <200208282229.g7SMTWS23121@stingray.missi.ncsc.mil>
Date: Wed, 28 Aug 2002 18:25:09 -0400
From: "David P. Kemp" <dpkemp@missi.ncsc.mil>
X-Mailer: Mozilla 4.79 [en] (X11; U; SunOS 5.7 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-smime@imc.org
Subject: RFC 2632bis: Using Distinguished Names for Internet Mail
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-H-S-Loop-Check-Ejzfr:
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Blake,
Section 3 ("Using Distinguished Names for Internet Mail") of the
Certificate Handling I-D (2632bis draft -01) is unchanged from RFC2632
(except for inclusion of the PKCS #9 email attribute).
It should be obvious that the WG made a conscious and deliberate
decision to change the handling of rfc822 email addresses between
S/MIME V2 and V3:
RFC 2312 (S/MIME V2) says: "End-entity certificates MUST
contain an Internet mail address ..."
RFC 2632 (S/MIME V3) says: "End-entity certificates MAY
contain an Internet mail address ..." and "Receiving agents
MUST check that the address ... matches ... if mail addresses
are present in the certificate."
However, in communications with our PKI development organization,
one large user agent developer has quoted other sentences from
RFC 2632 out of context to claim that V3 user agents must refuse
to accept certificates that do not contain rfc822 addresses.
In order to avoid such misinterpretation, RFC 2632bis could use
a little explicit, though perhaps redundant, clarification.
Four suggested additions to sections 3 and 5 are shown below,
highlighted *** thus ***:
---------------------------------------------------------------------
3. Using Distinguished Names for Internet Mail
End-entity certificates MAY contain an Internet mail address as
described in [RFC-2822]. The address must be an "addr-spec" as defined
in Section 3.4.1 of that specification. The email address SHOULD be in
the subjectAltName extension, and SHOULD NOT be in the subject
distinguished name.
*** Receiving agents MUST recognize and accept certificates that
contain no email address. ***
Receiving agents MUST recognize email addresses in the subjectAltName
field. Receiving agents MUST recognize email addresses in the
Distinguished Name field in the PKCS #9 [PKCS9] emailAddress
attribute:
pkcs-9-at-emailAddress OBJECT IDENTIFIER ::=
{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 1 }
Sending agents SHOULD make the address in the From or Sender header in
a mail message match an Internet mail address
***, if present, *** in the signer's
certificate. Receiving agents MUST check that the address in the From
or Sender header of a mail message matches an Internet mail address in
the signer's certificate, if mail addresses are present in the
certificate. A receiving agent SHOULD provide some explicit alternate
processing of the message if this comparison fails, which may be to
display a message that shows the recipient the addresses in the
certificate or other certificate details.
*** A receiving agent SHOULD display a subject name or other certificate
details when displaying an indication of successful or unsuccessful
signature verification. ***
---------------------------------------------------------------------
5. Security Considerations
All of the security issues faced by any cryptographic application must
be faced by a S/MIME agent. Among these issues are protecting the
user's private key, preventing various attacks, and helping the user
avoid mistakes such as inadvertently encrypting a message for the
wrong recipient. The entire list of security considerations is beyond
the scope of this document, but some significant concerns are listed
here.
When processing certificates, there are many situations where the
processing might fail. Because the processing may be done by a user
agent, a security gateway, or other program, there is no single way to
handle such failures. Just because the methods to handle the failures
has not been listed, however, the reader should not assume that they
are not important. The opposite is true: if a certificate is not
provably valid and associated with the message, the processing
software should take immediate and noticable steps to inform the end
user about it.
Some of the many places where signature and certificate checking might
fail include:
- no Internet mail addresses in a certificate matches the sender of a
message *** ,if the certificate contains at least one mail address ***
- no certificate chain leads to a trusted CA
- no ability to check the CRL for a certificate
- an invalid CRL was received
- the CRL being checked is expired
- the certificate is expired
- the certificate has been revoked
There are certainly other instances where a certificate may be
invalid, and it is the responsibility of the processing software to
check them all thoroughly, and to decide what to do if the check
fails.
---------------------------------------------------------------------
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7SEUQR09094 for ietf-smime-bks; Wed, 28 Aug 2002 07:30:26 -0700 (PDT)
Received: from mx1.magmacom.com (mx1.magmacom.com [206.191.0.217]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7SEUP209088 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 07:30:25 -0700 (PDT)
Received: from mail5.magma.ca (mail5.magma.ca [206.191.0.225]) by mx1.magmacom.com (Magma's Mail Server) with ESMTP id g7SEUErK016675; Wed, 28 Aug 2002 10:30:14 -0400 (EDT)
Received: from tony (ottawa-hs-209-217-122-183.s-ip.magma.ca [209.217.122.183]) by mail5.magma.ca (Magma's Mail Server) with ESMTP id g7SEU461019092; Wed, 28 Aug 2002 10:30:13 -0400 (EDT)
From: "Tony Capel" <capel@comgate.com>
To: <blake@brutesquadlabs.com>, <ietf-smime@imc.org>
Cc: "'Peter Gutmann'" <pgut001@cs.aucKland.ac.nz>, <Francois.Rousseau@CSE-CST.GC.CA>, <rhousley@rsasecurity.com>
Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt: CompressedData
Date: Wed, 28 Aug 2002 10:30:28 -0400
Message-ID: <001601c24e9f$785d9240$01b5a8c0@tony>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
In-Reply-To: <002101c22754$361d6f30$01b5a8c0@tony>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Blake:
I wonder if we could not close off the "CompressedData" discussion
simply by adding a few word (e.g. "...and compression, see RFC3274" )
reference to RFC3274, Peter's compression rfc, to Section 2.5.2 of MSG
(and adding RFC3274 to the list of references)?
If 2.5.2 is updated to address the preferBinaryInside issue maybe now is
the time to do both (especially since both are aimed at reducing
messaging overhead).
CompressedData use is listed as an outstanding issue for MSG in the
recent IETF WG meeting minutes:
http://www.imc.org/ietf-smime/mail-archive/msg01339.html
It has also been raised in three threads on this list:
http://www.imc.org/ietf-smime/mail-archive/msg01295.html
http://www.imc.org/ietf-smime/mail-archive/msg01172.html
http://www.imc.org/ietf-smime/mail-archive/msg01241.html
With respect to the order of compression and signing: For receivers it
has been pointed out that the encoding unambiguously indicates the order
upon receipt. Thus it would appear that no new mechanism is required to
ensure interoperability (providing the receiver can process the entities
in either order, and I THINK this what is implied by the current text).
With respect to whether the sender should sign or compress first: Some
applications will prefer signing first (sign-what-you-say, e.g. to meet
EU or other "directives" interpreted to require signing before
compression) and others will prefer compression first (signing the
compressed version, e.g. for processing efficiency or as would be
required if lossy compression were to be used). I suggest we dodge this
bullet by arguing that this is an application issue best left to
mechanisms (if needed) outside s/mime.
Adding a reference to RFC3274 would emphasize RFC3274's use of
corresponding compression algorithm OID(s) as an sMIMECapability to
specify receiver compression capabilities. Hopefully this will promote
the implementation of compression which will reduce message overheads
benefiting mail system operators and users accessing e-mail over low
bandwidth channels.
tony
> -----Original Message-----
> From: owner-ietf-smime@mail.imc.org
[mailto:owner-ietf-smime@mail.imc.org]
> On Behalf Of Tony Capel
> Sent: July 9, 2002 10:24 AM
> To: 'Peter Gutmann'; Francois.Rousseau@CSE-CST.GC.CA;
> blake@brutesquadlabs.com; ietf-smime@imc.org; rhousley@rsasecurity.com
> Subject: RE: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
>
>
> Peter,
>
> many of us like your compression addition and would like it widely (if
> not ubiquitously!) implemented.
>
> One perceived barrier to the adoption of s/mime is the expansion of
> message size due to the repeated application of transfer (base64)
> encoding at each wrap. Messaging system operators become alarmed when
> told message sizes may more than double as a result. (Indeed the NIST
> draft profile depreciates such coding of inner wraps to address this
> issue.)
>
> The ability to offer compression also addresses overall message
> expansion and will be an important capability to offer in compensation
> when "marketing" the adoption of s/mime by large organizations.
>
>
> Tony Capel
>
>
> -----Original Message-----
> From: owner-ietf-smime@mail.imc.org
> [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Peter Gutmann
> Sent: July 9, 2002 4:49 AM
> To: Francois.Rousseau@CSE-CST.GC.CA; blake@brutesquadlabs.com;
> ietf-smime@imc.org; rhousley@rsasecurity.com
> Subject: Re: I-D ACTION:draft-ietf-smime-rfc2633bis-01.txt
>
>
> "Blake Ramsdell" <blake@brutesquadlabs.com> writes:
>
> >I didn't see much uptake on this besides Russ saying "MAY", and I'm
> worried
> >about compatibility. I will put a slide in my presentation about
this
> for
> >Yokohama.
>
> AFAIK the major use at the moment is in EDI environments (large,
highly-
> compressible messages, and everything is "by prior arrangement"
anyway).
> There
> are a couple of apps which support it out there though, so having it
> mentioned
> would be nice just to let implementers know it's there.
>
> Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7SDWHP04505 for ietf-smime-bks; Wed, 28 Aug 2002 06:32:17 -0700 (PDT)
Received: from tube.clearswift.com (tube.clearswift.com [195.153.60.158]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7SDWF204500; Wed, 28 Aug 2002 06:32:16 -0700 (PDT)
Received: from orange.net-tel.co.uk (orange.net-tel.co.uk [193.122.171.1]) by tube.clearswift.com (4.8.0.147) with ESMTP id ; Wed, 28 Aug 2002 14:26:30 +0100
Received: from "/PRMD=NET-TEL/ADMD=Gold 400/C=GB/" by orange.net-tel.co.uk (Route400-RFCGate); Wed, 28 Aug 2002 14:38:56 +0100
X400-Received: by mta "net-tel" in "/PRMD=net-tel/ADMD=gold 400/C=gb/"; Relayed; Wed, 28 Aug 2002 14:38:56 +0100
X400-Received: by "/PRMD=NET-TEL/ADMD=Gold 400/C=GB/"; Relayed; Wed, 28 Aug 2002 14:38:56 +0100
X400-MTS-Identifier: ["/PRMD=NET-TEL/ADMD=Gold 400/C=GB/";ORANGE:0054-020828143856-09af]
X400-Content-Type: P2-1988 (22)
X400-Originator: Jim.Craigie@clearswift.com
Original-Encoded-Information-Types: IA5-Text, (2)(6)(1)(12)(0), (1)(2)(840)(113556)(3)(10)(1)
X400-Recipients: non-disclosure:;
Date: Wed, 28 Aug 2002 14:38:56 +0100
X400-Content-Identifier: Re(2): CMS-X.400
Message-Id: <"CASQUETS:0e2c-020828142828-0002*/G=Jim/S=Craigie/O=Net-Tel Computer Systems Ltd/PRMD=Net-Tel/ADMD=Gold 400/C=GB/"@MHS>
From: Jim.Craigie@clearswift.com
To: owner-ietf-smime@mail.imc.org
Cc: "'SMIME, IETF'" <ietf-smime@imc.org>
In-Reply-To: <177E503C4DA3D311BC9D0008C791C3060878628D@diexch01.xko.dec.com>
Subject: Re(2): CMS-X.400: [application/x400-content] versus [application/x40 0-bp]
MIME-Version: 1.0 (Generated by Clearswift ES version 4.8.0.147)
Content-Type: Multipart/Mixed; boundary="ECASQUETS:0e2c-020828142828-0002s/G=Jim.b0ndr1y.nested_0"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--ECASQUETS:0e2c-020828142828-0002s/G=Jim.b0ndr1y.nested_0
Content-Type: text/plain;charset=us-ascii
Content-Transfer-Encoding: 7bit
> Did you mean to say "bodypart" rather than "content" at the end of
> your sentence:
> > Conveying a content within a ForwardedContent body-part clearly
> > has a different semantic to conveying a content.
No, I meant content. The purpose of application/x400-content is to convey the complete content as extracted from an X.400 envelope.
Jim
-----------------------------------------------------------------------
Clearswift monitors, controls and protects all its messaging traffic in compliance with its
corporate email policy using Clearswift products. Find out more about Clearswift, its
solutions and services at http://www.clearswift.com
********************************************************************************************************
This communication is confidential and may contain privileged information intended solely
for the named addressee(s). It may not be used or disclosed except for the purpose for
which it has been sent. If you are not the intended recipient, you must not copy, distribute
or take any action in reliance on it. Unless expressly stated, opinions in this message are
those of the individual sender and not of Clearswift. If you have received this communication
in error, please notify Clearswift by emailing support@clearswift.com quoting the sender and
delete the message and any attached documents. Clearswift accepts no liability or
responsibility for any onward transmission or use of emails and attachments having left the
Clearswift domain.
--ECASQUETS:0e2c-020828142828-0002s/G=Jim.b0ndr1y.nested_0
Content-type: application/ms-tnef
Content-Description: MAPI 1.0 TNEF
Content-Disposition: attachment;filename="WINMAIL.DAT";
modification-date="Wed, 28 Aug 2002 14:28:28 +0100";size=1102
Content-Transfer-Encoding: base64
eJ8+Inb3AQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIASCAAwAOAAAA0gcIABwADgAKABoAAwAyAQEAgAAAcAAAAAQAcAAM
AFQASmltIENyYWlnaWUAWDQwMDpHPUppbTsgUz1DcmFpZ2llOyBPPU5ldC1UZWwgQ29tcHV0ZXIg
U3lzdGVtcyBMdGQ7IFA9TmV0LVRlbDsgQT1Hb2xkIDQwMDsgQz1HQjsAAAAAAAAAAABvHgEDkAYA
ZAMAABAAAABAAAgwMMdrRpROwgECAQkQAQAAAJwBAACYAQAAPAIAAExaRnWG/uAdAwAKAHJjcGcx
MjUWMgD4C2BuDhAwMzOPAfcCpAPjAgBwcnEOUAhmY2gKwHNldDDnBdAN4ANgc28BgAYJAoCmfQqA
CMggOwlvMAKAJQqBdgiQd2sLgGQ0bQxgYwBQCwNjAEELtSCAPiBEaWQgeQhgBiAHgAORdG8gc2FI
eSAiBuBkeQqxdMAiIHJhdGgEkBhg+xFQA6AiBaACMAnwGWEZoPkZ8WUgCfAXwBIwCuMKgB8XgBfh
BcARgBqCY2U6hxvWF4AIUG52ZXkLgOpnGuAgGmUgA/AZsAuA9R5hRgWwdwsRCYAd0R7DLRjyLRky
HoBsGDBybF8YwB04EVAEIB5wZAaQZu8EkB7SEYADgXQN4BhiGmENHg4uG9Qb1E5vLCBOSRgTITEl
BSBUGzFwnQhwcBIQG0AboWFwC1ALDeAZoGkCIC94NDB8MC0elgQAI/gbEwWgbR8LUBGQKvIetCKB
ZXh0fRmQYxqQF8ADUhrgA6BYni4pQRtRHgAJAHBlJWteSgdwJXob1BMxADCwHgBwAAEAAABLAAAA
UmUoMik6IENNUy1YLjQwMDogW2FwcGxpY2F0aW9uL3g0MDAtY29udGVudF0gdmVyc3VzIFthcHBs
aWNhdGlvbi94NDAgMC1icF0AAAIBcQABAAAAFgAAAAHCTpbKQedfjYlIXEGTs1D4V1WOYPAAAAsA
KQAAAAAAAwCkUQAAAAADAPB7AAAAAAsACAwBAAAACwA1AAAAAAALAAYMAAAAEAsAIwAAAAAAHgA9
AAEAAAABAAAAAAAAAB4AGgwBAAAADAAAAEppbSBDcmFpZ2llAAIBHQwBAAAAVAAAAFg0MDA6Rz1K
SU07IFM9Q1JBSUdJRTsgTz1ORVQtVEVMIENPTVBVVEVSIFNZU1RFTVMgTFREOyBQPU5FVC1URUw7
IEE9R09MRCA0MDA7IEM9R0I7AB4AHgwBAAAABQAAAFg0MDAAAAAAHgAfDAEAAABPAAAARz1KaW07
IFM9Q3JhaWdpZTsgTz1OZXQtVGVsIENvbXB1dGVyIFN5c3RlbXMgTHRkOyBQPU5ldC1UZWw7IEE9
R29sZCA0MDA7IEM9R0I7AABb4A==
--ECASQUETS:0e2c-020828142828-0002s/G=Jim.b0ndr1y.nested_0--
Received: by above.proper.com (8.11.6/8.11.3) id g7SD5sj01580 for ietf-smime-bks; Wed, 28 Aug 2002 06:05:54 -0700 (PDT)
Received: from ztxmail05.ztx.compaq.com (ztxmail05.ztx.compaq.com [161.114.1.209]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7SD5q201575 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 06:05:53 -0700 (PDT)
Received: from taynzmail03.nz-tay.cpqcorp.net (taynzmail03.nz-tay.cpqcorp.net [16.47.4.103]) by ztxmail05.ztx.compaq.com (Postfix) with ESMTP id F0BC43554 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 08:05:44 -0500 (CDT)
Received: from diexch01.xko.dec.com (diexch01.xko.dec.com [16.138.244.57]) by taynzmail03.nz-tay.cpqcorp.net (Postfix) with ESMTP id 7BBFD1914 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 09:05:42 -0400 (EDT)
Received: by diexch01.xko.dec.com with Internet Mail Service (5.5.2650.21) id <RSW25Q5P>; Wed, 28 Aug 2002 18:39:58 +0530
Message-ID: <177E503C4DA3D311BC9D0008C791C3060878628D@diexch01.xko.dec.com>
From: "Muzumdar, Hari" <hari.muzumdar@digital.com>
To: "'SMIME, IETF'" <ietf-smime@imc.org>
Subject: RE: CMS-X.400: [application/x400-content] versus [application/x40 0-bp]
Date: Wed, 28 Aug 2002 18:39:56 +0530
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Many thanks for replying, Jim.
Did you mean to say "bodypart" rather than "content" at the end of
your sentence:
> Conveying a content within a ForwardedContent body-part clearly
> has a different semantic to conveying a content.
I thought the application/x400-bp had adequate MIME parameters and
other framework to encapsulate any Basic or Extended X.400 bodypart.
And a ForwardedContent is an Extended bodypart too.
o The "x400-bp" subtype would not have lost any information and
would have preserved the ForwardedContent.
o The x400-bp's parameter would tell the receiving agent that an
Extended bodypart of type ForwardedContent had been encapsulated.
o The receiving agent could then base64-decode this and invoke an
X.400 content-identification routine, which would render the
Content if it could.
Or is there more to it all? Are there things I haven't considered?
Best Regards,
Hari.
-----Original Message-----
From: Jim Craigie On Behalf Of Jim.Craigie@clearswift.com
Sent: Wednesday, August 28, 2002 5:45 PM
To: Muzumdar, Hari
Cc: 'SMIME, IETF'
Subject: Re: CMS-X.400: [application/x400-content] versus
[application/x400-bp ]
> Hello,
>
> There was some discussion early this year about the proposed new MIME
> subtype "application/x400-content".
>
> Have there been any further discussions and/or decisions on this topic?
>
> The mailing list contains only the initial few exchanges.
>
> Was the application/x400-bp type (IANA-registered by RFC 1494) not
> considered? At first glance, this does look like it could encapsulate
> ForwardedContent. What were the reasons for proposing a new MIME type?
Conveying a content within a ForwardedContent body-part clearly has a
different semantic to conveying a content. Preserving that semantic is
usually important to both originator and recipients.
Jim
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7SC8mu27027 for ietf-smime-bks; Wed, 28 Aug 2002 05:08:48 -0700 (PDT)
Received: from tube.clearswift.com (tube.clearswift.com [195.153.60.158]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7SC8k227023 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 05:08:47 -0700 (PDT)
Received: from orange.net-tel.co.uk (orange.net-tel.co.uk [193.122.171.1]) by tube.clearswift.com (4.8.0.147) with ESMTP id ; Wed, 28 Aug 2002 13:02:56 +0100
Received: from "/PRMD=NET-TEL/ADMD=Gold 400/C=GB/" by orange.net-tel.co.uk (Route400-RFCGate); Wed, 28 Aug 2002 13:15:20 +0100
X400-Received: by mta "net-tel" in "/PRMD=net-tel/ADMD=gold 400/C=gb/"; Relayed; Wed, 28 Aug 2002 13:15:20 +0100
X400-Received: by "/PRMD=NET-TEL/ADMD=Gold 400/C=GB/"; Relayed; Wed, 28 Aug 2002 13:15:20 +0100
X400-MTS-Identifier: ["/PRMD=NET-TEL/ADMD=Gold 400/C=GB/";ORANGE:0054-020828131520-09ac]
X400-Content-Type: P2-1988 (22)
X400-Originator: Jim.Craigie@clearswift.com
Original-Encoded-Information-Types: IA5-Text, (2)(6)(1)(12)(0), (1)(2)(840)(113556)(3)(10)(1)
X400-Recipients: non-disclosure:;
Date: Wed, 28 Aug 2002 13:15:20 +0100
X400-Content-Identifier: Re: CMS-X.400: a
Message-Id: <"CASQUETS:0e2c-020828130452-0001*/G=Jim/S=Craigie/O=Net-Tel Computer Systems Ltd/PRMD=Net-Tel/ADMD=Gold 400/C=GB/"@MHS>
From: Jim.Craigie@clearswift.com
To: "Muzumdar, Hari" <hari.muzumdar@digital.com>
Cc: "'SMIME, IETF'" <ietf-smime@imc.org>
In-Reply-To: <177E503C4DA3D311BC9D0008C791C3060878628B@diexch01.xko.dec.com>
Subject: Re: CMS-X.400: [application/x400-content] versus [application/x400-bp ]
MIME-Version: 1.0 (Generated by Clearswift ES version 4.8.0.147)
Content-Type: Multipart/Mixed; boundary="ECASQUETS:0e2c-020828130452-0001s/G=Jim.b0ndr1y.nested_0"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--ECASQUETS:0e2c-020828130452-0001s/G=Jim.b0ndr1y.nested_0
Content-Type: text/plain;charset=us-ascii
Content-Transfer-Encoding: 7bit
> Hello,
>
> There was some discussion early this year about the proposed new MIME
> subtype "application/x400-content".
>
> Have there been any further discussions and/or decisions on this topic?
>
> The mailing list contains only the initial few exchanges.
>
> Was the application/x400-bp type (IANA-registered by RFC 1494) not
> considered? At first glance, this does look like it could encapsulate
> ForwardedContent. What were the reasons for proposing a new MIME type?
Conveying a content within a ForwardedContent body-part clearly has a different semantic to conveying a content. Preserving that semantic is usually important to both originator and recipients.
Jim
-----------------------------------------------------------------------
Clearswift monitors, controls and protects all its messaging traffic in compliance with its
corporate email policy using Clearswift products. Find out more about Clearswift, its
solutions and services at http://www.clearswift.com
********************************************************************************************************
This communication is confidential and may contain privileged information intended solely
for the named addressee(s). It may not be used or disclosed except for the purpose for
which it has been sent. If you are not the intended recipient, you must not copy, distribute
or take any action in reliance on it. Unless expressly stated, opinions in this message are
those of the individual sender and not of Clearswift. If you have received this communication
in error, please notify Clearswift by emailing support@clearswift.com quoting the sender and
delete the message and any attached documents. Clearswift accepts no liability or
responsibility for any onward transmission or use of emails and attachments having left the
Clearswift domain.
--ECASQUETS:0e2c-020828130452-0001s/G=Jim.b0ndr1y.nested_0
Content-type: application/ms-tnef
Content-Description: MAPI 1.0 TNEF
Content-Disposition: attachment;filename="WINMAIL.DAT";
modification-date="Wed, 28 Aug 2002 13:04:52 +0100";size=1358
Content-Transfer-Encoding: base64
eJ8+IlVsAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIASCAAwAOAAAA0gcIABwADAA0ACYAAwBmAQEAgAAAcAAAAAQAcAAM
AFQASmltIENyYWlnaWUAWDQwMDpHPUppbTsgUz1DcmFpZ2llOyBPPU5ldC1UZWwgQ29tcHV0ZXIg
U3lzdGVtcyBMdGQ7IFA9TmV0LVRlbDsgQT1Hb2xkIDQwMDsgQz1HQjsAAAAAAAAAAABvHgEDkAYA
ZAQAABAAAABAAAgwUKouaIlOwgECAQkQAQAAAJkCAACVAgAAtAMAAExaRnUOz2SLAwAKAHJjcGcx
MjUWMgD4C2BuDhAwMzOPAfcCpAPjAgBwcnEOUAhmY2gKwHNldDDnBdAN4ANgc28BgAYJAoCmfQqA
CMggOwlvMAKAJQqBdgiQd2sLgGQ0bQxgYwBQCwNjAEELtSCgPiBIZWwJACwKoicKgBeAGAZUaASQ
ZSCcd2EEIBIgB4AgZAQAlGN1BBBpAiAgZQrAIGx5IHRoBAAgef0aoSABoAhgBUAbABlAEOBMb3AS
EAmAIG4H0U0ISU1FGHdzdWJ0xHlwGUAiYXALUA3gBGF0GmEveDQwMI4tBaACMAnwdCIuGA64SGF2
GUAcARkxYgnh9RuQbhrgZghwIWIZ6QQg+QBwZC8FsQWBBAAjQxpxbRsDdBxgDeA/GHcYiSCnAMAD
EAuAZyAeoHMFQL8fggtxJIIa0xlAC4BpHuDnB0AiQAfRZXgRQQ8gB5CdIA9XGXEcAh5/YnAa8IEe
IihJQU5BLRQwLmcnYRkhHLBiGuBSRoBDIDE0OTQpHMD+bwVBJaUfgQCQBIEJgCVwskEFQGZpEXAF
QGcPAchjZSwa9GRvB5EJADRvaydBayihJ4J1bPccsAnwHsBwHeALYB+wGHd+RgWwGWALIAmACFAf
oy73KxARUAVAdxkiHAIUMBlw3yNSAhAFwBxEJxJhHMgeEt4/JZQllDVBITB5N9QfhX8ZUCjgGxAh
8TSvIbAEcHn2LQqxJ4FsGqQRUCNxGeG/ASAZITrhEYADgR7gYyURtyeSOg41sFAUMBGAchWQvych
GwA18T7XGyEaMHUHQP8a0QdwHHAAID8BP1IG4BsA9ySQBRAtsG4e0AWxI5E2od8kICVAH8EqBiWU
SgdwORoLJZQTMQBIMAAAAB4AcAABAAAASAAAAFJlOiBDTVMtWC40MDA6IFthcHBsaWNhdGlvbi94
NDAwLWNvbnRlbnRdIHZlcnN1cyBbYXBwbGljYXRpb24veDQwMC1icCBdAAIBcQABAAAAFgAAAAHC
ToscE4fNGWrbY0+9s+zks9wByWgAAAsAKQAAAAAAAwCkUQAAAAADAPB7AAAAAAsACAwBAAAACwA1
AAAAAAALAAYMAAAAEAsAIwAAAAAAHgA9AAEAAAAFAAAAUmU6IAAAAAAeABoMAQAAAAwAAABKaW0g
Q3JhaWdpZQACAR0MAQAAAFQAAABYNDAwOkc9SklNOyBTPUNSQUlHSUU7IE89TkVULVRFTCBDT01Q
VVRFUiBTWVNURU1TIExURDsgUD1ORVQtVEVMOyBBPUdPTEQgNDAwOyBDPUdCOwAeAB4MAQAAAAUA
AABYNDAwAAAAAB4AHwwBAAAATwAAAEc9SmltOyBTPUNyYWlnaWU7IE89TmV0LVRlbCBDb21wdXRl
ciBTeXN0ZW1zIEx0ZDsgUD1OZXQtVGVsOyBBPUdvbGQgNDAwOyBDPUdCOwAATik=
--ECASQUETS:0e2c-020828130452-0001s/G=Jim.b0ndr1y.nested_0--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7S9bJJ13682 for ietf-smime-bks; Wed, 28 Aug 2002 02:37:19 -0700 (PDT)
Received: from zcamail05.zca.compaq.com (zcamail05.zca.compaq.com [161.114.32.105]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7S9bH213677 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 02:37:18 -0700 (PDT)
Received: from taynzmail03.nz-tay.cpqcorp.net (taynzmail03.nz-tay.cpqcorp.net [16.47.4.103]) by zcamail05.zca.compaq.com (Postfix) with ESMTP id 502624402 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 02:37:10 -0700 (PDT)
Received: from diexch01.xko.dec.com (diexch01.xko.dec.com [16.138.244.57]) by taynzmail03.nz-tay.cpqcorp.net (Postfix) with ESMTP id 20A581A96 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 05:37:07 -0400 (EDT)
Received: by diexch01.xko.dec.com with Internet Mail Service (5.5.2650.21) id <RSW25LCM>; Wed, 28 Aug 2002 15:11:23 +0530
Message-ID: <177E503C4DA3D311BC9D0008C791C3060878628B@diexch01.xko.dec.com>
From: "Muzumdar, Hari" <hari.muzumdar@digital.com>
To: "'SMIME, IETF'" <ietf-smime@imc.org>
Subject: CMS-X.400: [application/x400-content] versus [application/x400-bp ]
Date: Wed, 28 Aug 2002 15:11:22 +0530
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Hello,
There was some discussion early this year about the proposed new MIME
subtype "application/x400-content".
Have there been any further discussions and/or decisions on this topic?
The mailing list contains only the initial few exchanges.
Was the application/x400-bp type (IANA-registered by RFC 1494) not
considered? At first glance, this does look like it could encapsulate
ForwardedContent. What were the reasons for proposing a new MIME type?
Best Regards,
Hari.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7RNnHc06136 for ietf-smime-bks; Tue, 27 Aug 2002 16:49:17 -0700 (PDT)
Received: from [165.227.249.18] (165-227-249-20.client.dsl.net [165.227.249.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7RNcH205470; Tue, 27 Aug 2002 16:38:17 -0700 (PDT)
Mime-Version: 1.0
X-Sender: phoffman@mail.imc.org
Message-Id: <p05111a48b991bcfec5f8@[165.227.249.18]>
Date: Tue, 27 Aug 2002 16:38:17 -0700
To: (many IETF mailing lists)
From: Paul Hoffman / IMC <phoffman@imc.org>
Subject: Nomcom call for volunteers
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Forwarded for Phil Roberts <PRoberts@MEGISTO.com>:
The members of the IESG and IAB and the IETF chair are selected
by a nominations committee made up of volunteers from the
IETF community. The nominations committee is now in the process
of being formed and volunteers are being accepted until Sep 6.
Please see (http://www.ietf.org/nomcom/msg19765.html)
for information if you are interested in volunteering
to be on the nominations committee.
Received: by above.proper.com (8.11.6/8.11.3) id g7RLWnT28903 for ietf-smime-bks; Tue, 27 Aug 2002 14:32:49 -0700 (PDT)
Received: from gonzo.aus.rsa.com (mail.rsasecurity.com.au [203.46.112.10]) by above.proper.com (8.11.6/8.11.3) with SMTP id g7RLWk228898 for <ietf-smime@imc.org>; Tue, 27 Aug 2002 14:32:47 -0700 (PDT)
Received: from grover by gonzo.aus.rsa.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 27 Aug 2002 21:33:35 UT
Received: from exaus01.local.aus.rsa.com (exaus01.local.aus.rsa.com [10.177.1.15]) by grover.local.aus.rsa.com (8.10.2/8.10.2) with ESMTP id g7RLc5q21089 for <ietf-smime@imc.org>; Wed, 28 Aug 2002 07:38:05 +1000 (EST)
Received: by exaus01.local.aus.rsa.com with Internet Mail Service (5.5.2653.19) id <QPRAFRCA>; Wed, 28 Aug 2002 07:32:53 +1000
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.25]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPVMYRP; Tue, 27 Aug 2002 17:32:24 -0400
Message-Id: <5.1.0.14.2.20020827155435.03065948@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 27 Aug 2002 17:32:22 -0400
To: ietf-smime@imc.org
From: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: Nomcom call for volunteers
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
The members of the IESG and IAB and the IETF chair are selected
by a nominations committee made up of volunteers from the
IETF community. The nominations committee is now in the process
of being formed and volunteers are being accepted until Sep 6.
Please see (http://www.ietf.org/nomcom/msg19765.html)
for information if you are interested in volunteering
to be on the nominations committee.
Received: by above.proper.com (8.11.6/8.11.3) id g7L2a7U07778 for ietf-smime-bks; Tue, 20 Aug 2002 19:36:07 -0700 (PDT)
Received: from Obsidian (pcp01965971pcs.nrockv01.md.comcast.net [68.48.109.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7L2a5207774 for <ietf-smime@imc.org>; Tue, 20 Aug 2002 19:36:05 -0700 (PDT)
Received: from [192.168.0.4] by Obsidian (ArGoSoft Mail Server, Version 1.61 (1.6.1.9)); Tue, 20 Aug 2002 22:36:07 -0400
From: "Bonatti, Chris" <BonattiC@ieca.com>
To: "Sreeramulu, Diguvapalem" <diguvapalem.sreeramulu@digital.com>
Cc: <ietf-smime@imc.org>
Subject: RE: Doubt in IETF draft, "Securing X.400 Content".
Date: Tue, 20 Aug 2002 22:36:05 -0400
Message-ID: <LOEILJNBHBPKGOPJCMADMEGKFDAA.BonattiC@ieca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
In-Reply-To: <177E503C4DA3D311BC9D0008C791C3060A22AC92@diexch01.xko.dec.com>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sreeramulu.D,
I don't think I am familiar with the class hierarchy to which you are
referring. However, if I'm guessing correctly based on the names (always a
haphazard way to do business) it sounds like the OMP_O_MH_C_GENERAL_CONTENT
class would be appropriate. I assume that OMP_O_IM_C_INTERPERSONAL_MSG and
OMP_O_MH_C_GENERAL_CONTENT are polymorphic class definitions that be used
interchangably when submitting a message to the MTS.
Am I on the right track here?
Regards,
Chris B.
-----Original Message-----
From: owner-ietf-smime@mail.imc.org [mailto:owner-ietf-smime@mail.imc.org]On
Behalf Of Sreeramulu, Diguvapalem
Sent: Monday, August 12, 2002 01:22
To: 'ietf-smime@imc.org'
Subject: Doubt in IETF draft, "Securing X.400 Content".
Hi,
This is Sreeramulu.D. working for Digital GlobalSoft Ltd, a subsidiary of
Hewlette-Packard co.,U.S.A. Currently we are working on sending s/mime
mssages in b/n Internet and X.400. This mail is regarding the IETF draft,
"Securing X.400 content". I have a scenario in which I have to send a
secured X.400 content to an internet user. What is an OM_class (like
OMP_O_IM_C_INTERPERSONAL_MSG),to create a content object from? Or otherwise
can we put the protected X.400 content in an oject of an OM_class,
OMP_O_MH_C_GENERAL_CONTENT and send it across?
Hope you could understand my problem. Hoping an elaborated reply from you as
soon as possible.
Thanks&Regards,
Sreeramulu.D
Mailbus Engineering,
Digital GlobalSoft Ltd.,
INDIA.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7JIr6x17238 for ietf-smime-bks; Mon, 19 Aug 2002 11:53:06 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7JIr5n17234 for <ietf-smime@imc.org>; Mon, 19 Aug 2002 11:53:05 -0700 (PDT)
Received: (from bcn@localhost) by boreas.isi.edu (8.11.6/8.11.2) id g7JIr7r25399; Mon, 19 Aug 2002 11:53:07 -0700 (PDT)
Date: Mon, 19 Aug 2002 11:53:07 -0700 (PDT)
Message-Id: <200208191853.g7JIr7r25399@boreas.isi.edu>
From: Clifford Neuman <bcn@ISI.EDU>
To: ietf-smime@imc.org
Subject: CFP - Symposium on Network & Distributed Systems Security
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
The Internet Society's (ISOC) annual Symposium on Network and Distributed
System Security (NDSS) brings together innovative and forward thinking
members of the Internet community including leading-edge security
researchers and implementers, globally-recognized security-technology
experts, and users from both the private and public sectors who design,
develop, exploit, and deploy the technologies that define network and
distributed system security.
If you are working on new and practical approaches to security problems
that are endemic to network and distributed systems, we invite you to
participate in NDSS'03 by submitting one or more technical papers and/or
panel proposals. Submission details may be found at:
http://www.isoc.org/isoc/conferences/ndss/03/cfp.shtml
NDSS'03 will again be held for three days in San Diego, California in
February, 2003. One day of tutorials will be followed by two days of
technical sessions including refereed papers, invited talks, and panel
discussions and debates.
Please be aware that the NDSS'03 cut off date for paper and panel
submission is August 30, 2002.
All accepted papers will be published in The NDSS Proceedings by the
Internet Society. There will also be an Outstanding Paper Award presented
at the Symposium to the author(s). Submitted papers should not have been
previously published or be submitted simultaneously to a journal or to
another symposium or workshop with a published proceedings.
Please consider joining us at NDSS'03. We look forward to hearing from you!
Clifford Neuman,
Information Sciences Institute, University of Southern California
General Chair, NDSS'03
Virgil Gligor, University of Maryland
Michael Reiter, Carnegie Mellon University
Program Chairs, NDSS'03
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7GD3RS12734 for ietf-smime-bks; Fri, 16 Aug 2002 06:03:27 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g7GD3Pw12730 for <ietf-smime@imc.org>; Fri, 16 Aug 2002 06:03:26 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 16 Aug 2002 13:03:27 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id JAA10299; Fri, 16 Aug 2002 09:03:24 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g7GD1EC22921; Fri, 16 Aug 2002 09:01:14 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <3TPV2NTY>; Fri, 16 Aug 2002 09:03:23 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.18]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPV2NT4; Fri, 16 Aug 2002 09:03:17 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Tony Capel <capel@comgate.com>
Cc: ietf-smime@imc.org, "'Blake Ramsdell'" <blake@brutesquadlabs.com>
Message-Id: <5.1.0.14.2.20020816085755.034a0570@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 16 Aug 2002 09:03:03 -0400
Subject: Re: Inner Binary Encoding in MSG, RFC2633-bis-01
In-Reply-To: <000301c23e0f$784d7950$01b5a8c0@tony>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
I expected there to be more discussion of this proposal. I hesitate to
consider the lack of discussion to indicate agreement. However, this looks
like a very reasonable approach. Therefore, I have assigned the necessary
object identifier:
id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 }
id-cap OBJECT IDENTIFIER ::= { id-smime 11 }
id-cap-preferBinaryInside OBJECT IDENTIFIER ::= { id-cap 1 }
Blake, please make the necessary changes to RFC2633bis.
Russ
At 08:39 AM 8/7/2002 -0400, Tony Capel wrote:
>Blake:
>
>This e-mail proposes to conclude a short off-list discussion (and
>discussion during recent S/MIME WG meeting) by proposing an approach
>whereby senders are able to avoid 7-bit transfer encoding inner binary
>MIME entities if they know that all intended receivers for the message
>are able to process binary entities.
>
>Without this change, unnecessary overheads will be introduced for many
>s/mime messages and this is a concern of mail system operators and
>persons downloading mail over limited bandwidth channels.
>
>Currently, in [MSG] section 3.1.2 it states that inner MIME entities
>SHOULD always be transfer encoded in case intermediate processing
>exposes the inner content to non-8-bit clean transport. This is clearly
>a safe approach, however in very many common cases where messages are
>fully decoded at the "desktop" - or within client/server environments
>with 8-bit transport (also common) - it leads to unnecessary message
>expansion.
>
>Blake, you have emphasized that there may be problems with some gateways
>where inner content may be exposed to non-8-bit safe environments (e.g.
>such as DOMSEC in some multipart inner-content situations). Jim Schaad
>pointed out at the recent WG meeting that rfc2633 currently requires
>support for binary encoding. Also a recent survey of messaging system
>implementers indicated that their code could handle binary encoding
>(please refer to the WG minutes for further info and where
>interoperability concerns are also raised). So clearly we cannot make a
>wholesale change; we must retain the ability to accommodate
>non-8-bit-safe intermediate environments.
>
>In a previous discussion in 1997 a "preferBinaryInside" sMIMECapability
>attribute was suggested, see:
>
>http://www.imc.org/ietf-smime/archive1/msg00249.html
>
>The use of an sMIMECapability OID would provide a means by which
>receivers can signal to senders that senders need not 7-bit transfer
>encode inner entities. Receivers would only publish this OID if they
>are "binary safe".
>
>Since interoperability is not impacted if senders 7-bit transfer encode
>anyway, senders should only avoid such transfer encoding if they "know"
>(either by receiving this OID or by other means) that the receiver is
>binary safe - if the sender does not know, it should 7-bit transfer
>encode.
>
>To do this we would need an OID, and a slight change to 2633bis-01:
>
>1. An OID added to http://www.imc.org/ietf-smime/other-smime-oids.asn
>
>For example:
>
>preferBinaryInside OBJECT IDENTIFIER ::=
> {sMIMECapabilities xx}
>-- (No parameters. In the event that this OID is present,
>-- then the receiver is capable of processing binary inner
>-- MIME entities and every effort should be made by senders
>-- to avoid unnecessary transfer encoding of these entities.
>-- Receivers should only publish this capability if they
>-- can guarantee that all MIME processing, other than that
>-- of the outermost MIME entity, is fully binary capable.)
>
>2. In section 2.5.2, suggest expanding the sentence:
>
> "It also includes a non-algorithm capability which is the preference
>for signedData."
>
>To:
>
>"It MAY also be used to indicate additional preferences or capabilities,
>for example preference to always receive signed messages or never
>receive encrypted messages and the capability to process binary inner
>MIME content (see section 3.1.2). Refer to the list of SMIMECapability
>OIDs for further information."
>
>3. In section 3.1.2 addition of text something like:
>
>"S/MIME implementations which "know" that all intended recipient(s) are
>capable of handling inner (all but the outermost) binary MIME objects
>SHOULD NOT use 7-bit transfer encoding for the inner entities since this
>would unnecessarily expand the message size. Implementations MAY "know"
>that recipient implementations are capable of handling inner binary MIME
>entities either by interpreting a corresponding sMIMECapabilities
>attribute (see section 2.5.2), by prior agreement, or by other means.
>
>"If one or more intended recipients are unable to handle inner binary
>MIME objects, or if this capability in unknown for any of the intended
>recipients, S/MIME implementations SHOULD use transfer encoding
>described in section 3.1.3 for all MIME entities they secure."
>
>
>I hope this addresses the issue with minimum fallout!
>
>
>Regards,
>
>tony
Received: by above.proper.com (8.11.6/8.11.3) id g7FD78x25561 for ietf-smime-bks; Thu, 15 Aug 2002 06:07:08 -0700 (PDT)
Received: from nebula.x509.com (nebula.x509.com [199.175.150.19]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7FD77w25557 for <ietf-smime@imc.org>; Thu, 15 Aug 2002 06:07:07 -0700 (PDT)
Received: from crack.x509.com (mail.x509.com [199.175.150.1]) by nebula.x509.com (8.11.6/XCERT) with ESMTP id g7FD6xF07573 for <ietf-smime@imc.org>; Thu, 15 Aug 2002 06:06:59 -0700 (PDT)
Received: from exvan01.x509.com (exvan01.x509.com [10.9.22.50]) by crack.x509.com (8.11.6/XCERT) with ESMTP id g7FD6xt04848 for <ietf-smime@imc.org>; Thu, 15 Aug 2002 06:06:59 -0700 (PDT)
Received: by exvan01.x509.com with Internet Mail Service (5.5.2653.19) id <NK3HTN0J>; Thu, 15 Aug 2002 06:11:28 -0700
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.11]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPVH9GF; Thu, 15 Aug 2002 09:06:18 -0400
Message-Id: <5.1.0.14.2.20020815090047.021042e0@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 15 Aug 2002 09:05:23 -0400
To: ietf-smime@imc.org
From: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: Re: I-D ACTION:draft-ietf-smime-cms-rsaes-oaep-06.txt
In-Reply-To: <200208151216.IAA22069@ietf.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Dear S/MIME WG:
This update to the RSAES-OAEP document addresses the issues raised during
working group last call. Major changes include a new section on
certificate conventions and revisions in the security considerations.
I plan to forward this document to the IESG on Friday for IETF-wide Last
Call. Post a message to the WG mail list if you have concerns.
Russ
>A New Internet-Draft is available from the on-line Internet-Drafts
>directories.
>This draft is a work item of the S/MIME Mail Security Working Group of the
>IETF.
>
> Title : Use of the RSAES-OAEP Transport Algorithm in CMS
> Author(s) : R. Housley
> Filename : draft-ietf-smime-cms-rsaes-oaep-06.txt
> Pages : 15
> Date : 14-Aug-02
>
>This document describes the use of the RSAES-OAEP key transport
>method of key management within the Cryptographic Message Syntax
>(CMS).
>
>A URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-rsaes-oaep-06.txt
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7FCHVe21837 for ietf-smime-bks; Thu, 15 Aug 2002 05:17:31 -0700 (PDT)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7FCHTw21832 for <ietf-smime@imc.org>; Thu, 15 Aug 2002 05:17:30 -0700 (PDT)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA22069; Thu, 15 Aug 2002 08:16:10 -0400 (EDT)
Message-Id: <200208151216.IAA22069@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-cms-rsaes-oaep-06.txt
Date: Thu, 15 Aug 2002 08:16:10 -0400
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Use of the RSAES-OAEP Transport Algorithm in CMS
Author(s) : R. Housley
Filename : draft-ietf-smime-cms-rsaes-oaep-06.txt
Pages : 15
Date : 14-Aug-02
This document describes the use of the RSAES-OAEP key transport
method of key management within the Cryptographic Message Syntax
(CMS).
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-rsaes-oaep-06.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-cms-rsaes-oaep-06.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-cms-rsaes-oaep-06.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20020814143600.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-cms-rsaes-oaep-06.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-cms-rsaes-oaep-06.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20020814143600.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by above.proper.com (8.11.6/8.11.3) id g7CFDsd11121 for ietf-smime-bks; Mon, 12 Aug 2002 08:13:54 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g7CFDmw11110 for <ietf-smime@imc.org>; Mon, 12 Aug 2002 08:13:48 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 12 Aug 2002 15:13:50 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA18720 for <ietf-smime@imc.org>; Mon, 12 Aug 2002 11:13:49 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g7CFBbv24663 for <ietf-smime@imc.org>; Mon, 12 Aug 2002 11:11:37 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <3TPVGSGK>; Mon, 12 Aug 2002 11:13:46 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.10]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPVGSG2; Mon, 12 Aug 2002 11:13:42 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: cormac.oshea@ie.pwcglobal.com
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020812110558.0349ce50@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 12 Aug 2002 11:13:37 -0400
Subject: Re: S/MIME v3.1 vs SMIME v3
In-Reply-To: <OF8BE77590.68A08B5D-ON80256C0F.004C70BC@ema.pwcinternal.co m>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
The biggest difference is the algorithms that have been chosen as mandatory
to implement. The mail list archive contains an extensive discussion of
this topic.
Russ
At 02:59 PM 8/8/2002 +0100, cormac.oshea@ie.pwcglobal.com wrote:
>In what way does S/MIME v3.1 improve/extend SMIME v3 ?
>I've been looking for information on the differences (aside from the
>message specifications themselves).
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7C5Ha406217 for ietf-smime-bks; Sun, 11 Aug 2002 22:17:36 -0700 (PDT)
Received: from ztxmail04.ztx.compaq.com (ztxmail04.ztx.compaq.com [161.114.1.208]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7C5HYw06213 for <ietf-smime@imc.org>; Sun, 11 Aug 2002 22:17:35 -0700 (PDT)
Received: from mailrelay01.cce.cpqcorp.net (mailrelay01.cce.cpqcorp.net [16.47.68.171]) by ztxmail04.ztx.compaq.com (Postfix) with ESMTP id 159A1330 for <ietf-smime@imc.org>; Mon, 12 Aug 2002 00:17:34 -0500 (CDT)
Received: from diexch01.xko.dec.com (diexch01.xko.dec.com [16.138.244.57]) by mailrelay01.cce.cpqcorp.net (Postfix) with ESMTP id 64FBAD07 for <ietf-smime@imc.org>; Mon, 12 Aug 2002 00:17:28 -0500 (CDT)
Received: by diexch01.xko.dec.com with Internet Mail Service (5.5.2650.21) id <QMD995YN>; Mon, 12 Aug 2002 10:52:26 +0530
Message-ID: <177E503C4DA3D311BC9D0008C791C3060A22AC92@diexch01.xko.dec.com>
From: "Sreeramulu, Diguvapalem" <diguvapalem.sreeramulu@digital.com>
To: "'ietf-smime@imc.org'" <ietf-smime@imc.org>
Subject: Doubt in IETF draft, "Securing X.400 Content".
Date: Mon, 12 Aug 2002 10:52:25 +0530
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C241C0.3E72C852"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C241C0.3E72C852
Content-Type: text/plain;
charset="iso-8859-1"
Hi,
This is Sreeramulu.D. working for Digital GlobalSoft Ltd, a subsidiary of
Hewlette-Packard co.,U.S.A. Currently we are working on sending s/mime
mssages in b/n Internet and X.400. This mail is regarding the IETF draft,
"Securing X.400 content". I have a scenario in which I have to send a
secured X.400 content to an internet user. What is an OM_class (like
OMP_O_IM_C_INTERPERSONAL_MSG),to create a content object from? Or otherwise
can we put the protected X.400 content in an oject of an OM_class,
OMP_O_MH_C_GENERAL_CONTENT and send it across?
Hope you could understand my problem. Hoping an elaborated reply from you as
soon as possible.
Thanks&Regards,
Sreeramulu.D
Mailbus Engineering,
Digital GlobalSoft Ltd.,
INDIA.
------_=_NextPart_001_01C241C0.3E72C852
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR></HEAD>
<BODY>
<DIV>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2></FONT></DIV><FONT face="Courier New" color=#0000ff size=2><SPAN
class=109320012-05082002>Hi,<BR> This is Sreeramulu.D. working for Digital
GlobalSoft Ltd, a subsidiary of Hewlette-Packard co.,U.S.A. Currently we are
working on sending s/mime mssages in b/n Internet and X.400. This mail is
regarding the IETF draft, "Securing X.400 content". I have a scenario in which I
have to send a secured X.400 content to an internet user. What is an
OM_class (like OMP_O_IM_C_INTERPERSONAL_MSG),to create a content object from? Or
otherwise can we put the protected X.400 content in an oject of an OM_class,
OMP_O_MH_C_GENERAL_CONTENT and send it across? </SPAN></FONT></DIV>
<DIV><FONT face="Courier New" color=#0000ff size=2><SPAN
class=109320012-05082002></SPAN></FONT> </DIV>
<DIV><FONT face="Courier New" color=#0000ff size=2><SPAN
class=109320012-05082002>Hope you could understand my problem. Hoping an
elaborated<SPAN class=000012105-12082002> </SPAN><SPAN
class=000012105-12082002>reply </SPAN>from you as soon as
possible.</SPAN></FONT></DIV>
<DIV><FONT face="Courier New"><FONT size=2><FONT color=#0000ff><SPAN
class=109320012-05082002></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT size=+0><FONT size=+0><FONT face="Courier New"><FONT
color=#0000ff><FONT size=2><SPAN
class=109320012-05082002>Thanks&</SPAN>Regards, <BR><SPAN
class=109320012-05082002>
</SPAN>Sreeramulu.D</FONT></FONT></FONT></FONT></FONT></DIV>
<DIV><SPAN class=109320012-05082002><FONT face="Courier New" color=#0000ff
size=2> Mailbus Engineering,</FONT></SPAN></DIV>
<DIV><SPAN class=109320012-05082002><FONT face="Courier New" color=#0000ff
size=2> Digital GlobalSoft Ltd.,</FONT></SPAN></DIV>
<DIV><SPAN class=109320012-05082002><FONT face="Courier New" color=#0000ff
size=2> INDIA.</FONT></SPAN></DIV>
<P><FONT color=#800080><BR></FONT><FONT face=Garamond
color=#008000> </FONT> </P>
<DIV><FONT face="Courier New" color=#0000ff
size=2></FONT> </DIV></BODY></HTML>
------_=_NextPart_001_01C241C0.3E72C852--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g79K34x08412 for ietf-smime-bks; Fri, 9 Aug 2002 13:03:04 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g79K32w08408 for <ietf-smime@imc.org>; Fri, 9 Aug 2002 13:03:03 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 9 Aug 2002 20:03:05 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id QAA25932 for <ietf-smime@imc.org>; Fri, 9 Aug 2002 16:03:04 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g79K0s913487 for <ietf-smime@imc.org>; Fri, 9 Aug 2002 16:00:54 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <3TPVGAHN>; Fri, 9 Aug 2002 16:03:03 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.31]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPVGAHJ; Fri, 9 Aug 2002 16:02:58 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Robert Zuccherato <robert.zuccherato@entrust.com>
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020807175457.02ff2e68@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 07 Aug 2002 17:55:30 -0400
Subject: RE: RSA OAEP Public Key Identification
In-Reply-To: <BFB44293CE13C9419B7AFE7CBC35B9390204352F@sottmxs08.entrust .com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Robert:
Your suggestion is consistent with RFC 3279, and I support it.
Russ
At 10:41 AM 8/2/2002 -0400, Robert Zuccherato wrote:
>Russ;
>
>I think that including the id-RSAES-OAEP be used in the certificate
>subject public key info field is the right way to go. The only other
>option that I see is Extended Key Usage, but I don't think that EKU was
>meant to deal with algorithm usages.
>
>I do have one question though. If we go with your proposal, how would
>certificates with rsaEncryption in the SubjectPublicKeyInfo
>AlgorithmIdentifier be treated? My suggestion would be that any key
>transport method (PKCS #1, OAEP, etc) could be used with these
>keys. Anything else would be a redefinition of what that OID
>meant. Also, this would allow people who want to use both algorithms with
>one key to continue to do so. This would mean that id-RSAES-OAEP need
>only be included in the subject public key info of certificates whose key
>is to be used solely with OAEP, for everyone else nothing changes.
>
> Robert.
>
> > -----Original Message-----
> > From: Housley, Russ
> [<mailto:rhousley@rsasecurity.com>mailto:rhousley@rsasecurity.com]
> > Sent: Thursday, August 01, 2002 5:01 PM
> > To: ietf-smime@imc.org
> > Subject: RSA OAEP Public Key Identification
> >
> >
> >
> > At the meeting in Yokohama, we discussed the RSA OAEP draft.
> > One of the
> > areas that was discussed was the security considerations
> > section, where the
> > document recommends that a key pair only be used for one
> > purpose. Presently, we do not have a mechanism for
> > identifying how a key
> > holder would like to have their public key used.
> >
> > The certificate currently tells the message originator that
> > the public key
> > is an RSA key, and the key usage extension tells that the
> > public key can be
> > used for key transport. There is nothing to tell the message
> > originator
> > whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a
> > particular
> > key. So, there is no indication to the message originator
> > that will allow
> > the security consideration to be implemented.
> >
> > Here is my proposed solution: use a different algorithm
> > identifier in the
> > certificate.
> >
> > I suggest that the id-RSAES-OAEP be used in the certificate
> > subject public
> > key info field to indicate that the public key should ONLY be
> > used with RSA
> > OAEP.
> >
> > This proposal may make transition from RSA PKCS #1 v1.5 to
> > RSA OAEP a bit
> > more difficult, since it would not allow one key pair to be
> > used with both
> > algorithms. However, this is exactly what the security
> > considerations
> > recommend.
> >
> > Does anyone have concerns with this approach?
> >
> > If this approach is adopted, then a companion document in the
> > PKIX working
> > group for the proper handling of RSA OAEP (and probably RSA
> > PSS) public
> > keys will likely be needed.
> >
> > Russ
> >
Received: by above.proper.com (8.11.6/8.11.3) id g78E1Dp16649 for ietf-smime-bks; Thu, 8 Aug 2002 07:01:13 -0700 (PDT)
Received: from emampx001.pwcglobal.com (emampx001.pwcglobal.com [164.143.240.132]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g78E1Cw16641 for <ietf-smime@imc.org>; Thu, 8 Aug 2002 07:01:12 -0700 (PDT)
Received: from uk-emamta003.ema.pwcinternal.com (uk-emamta003.ema.pwcinternal.com [10.250.44.242]) by emampx001.pwcglobal.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g78E17Y26695 for <ietf-smime@imc.org>; Thu, 8 Aug 2002 15:01:08 +0100 (BST)
Sensitivity:
Subject: S/MIME v3.1 vs SMIME v3
To: ietf-smime@imc.org
From: cormac.oshea@ie.pwcglobal.com
Date: Thu, 8 Aug 2002 14:59:21 +0100
Message-ID: <OF8BE77590.68A08B5D-ON80256C0F.004C70BC@ema.pwcinternal.com>
X-MIMETrack: Serialize by Router on UK-EMAMTA003/UK/INTL(Release 5.0.9 |November 16, 2001) at 08/08/2002 02:55:04 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
In what way does S/MIME v3.1 improve/extend SMIME v3 ?
I've been looking for information on the differences (aside from the
message specifications themselves).
_________________________________________________________________
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g77CdKc10530 for ietf-smime-bks; Wed, 7 Aug 2002 05:39:20 -0700 (PDT)
Received: from mx4.magma.ca (mx4.magma.ca [206.191.0.253]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g77CdJw10525 for <ietf-smime@imc.org>; Wed, 7 Aug 2002 05:39:19 -0700 (PDT)
Received: from mail6.magma.ca (mail6 [206.191.0.248]) by mx4.magma.ca (Magma's Mail Server) with ESMTP id g77CdIrs018779; Wed, 7 Aug 2002 08:39:18 -0400
Received: from tony (ottawa-hs-209-217-122-183.s-ip.magma.ca [209.217.122.183]) by mail6.magma.ca (Magma's Mail Server) with ESMTP id g77Cd9Rb012994; Wed, 7 Aug 2002 08:39:18 -0400 (EDT)
From: "Tony Capel" <capel@comgate.com>
To: <ietf-smime@imc.org>, "'Blake Ramsdell'" <blake@brutesquadlabs.com>
Subject: Inner Binary Encoding in MSG, RFC2633-bis-01
Date: Wed, 7 Aug 2002 08:39:22 -0400
Message-ID: <000301c23e0f$784d7950$01b5a8c0@tony>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Blake:
This e-mail proposes to conclude a short off-list discussion (and
discussion during recent S/MIME WG meeting) by proposing an approach
whereby senders are able to avoid 7-bit transfer encoding inner binary
MIME entities if they know that all intended receivers for the message
are able to process binary entities.
Without this change, unnecessary overheads will be introduced for many
s/mime messages and this is a concern of mail system operators and
persons downloading mail over limited bandwidth channels.
Currently, in [MSG] section 3.1.2 it states that inner MIME entities
SHOULD always be transfer encoded in case intermediate processing
exposes the inner content to non-8-bit clean transport. This is clearly
a safe approach, however in very many common cases where messages are
fully decoded at the "desktop" - or within client/server environments
with 8-bit transport (also common) - it leads to unnecessary message
expansion.
Blake, you have emphasized that there may be problems with some gateways
where inner content may be exposed to non-8-bit safe environments (e.g.
such as DOMSEC in some multipart inner-content situations). Jim Schaad
pointed out at the recent WG meeting that rfc2633 currently requires
support for binary encoding. Also a recent survey of messaging system
implementers indicated that their code could handle binary encoding
(please refer to the WG minutes for further info and where
interoperability concerns are also raised). So clearly we cannot make a
wholesale change; we must retain the ability to accommodate
non-8-bit-safe intermediate environments.
In a previous discussion in 1997 a "preferBinaryInside" sMIMECapability
attribute was suggested, see:
http://www.imc.org/ietf-smime/archive1/msg00249.html
The use of an sMIMECapability OID would provide a means by which
receivers can signal to senders that senders need not 7-bit transfer
encode inner entities. Receivers would only publish this OID if they
are "binary safe".
Since interoperability is not impacted if senders 7-bit transfer encode
anyway, senders should only avoid such transfer encoding if they "know"
(either by receiving this OID or by other means) that the receiver is
binary safe - if the sender does not know, it should 7-bit transfer
encode.
To do this we would need an OID, and a slight change to 2633bis-01:
1. An OID added to http://www.imc.org/ietf-smime/other-smime-oids.asn
For example:
preferBinaryInside OBJECT IDENTIFIER ::=
{sMIMECapabilities xx}
-- (No parameters. In the event that this OID is present,
-- then the receiver is capable of processing binary inner
-- MIME entities and every effort should be made by senders
-- to avoid unnecessary transfer encoding of these entities.
-- Receivers should only publish this capability if they
-- can guarantee that all MIME processing, other than that
-- of the outermost MIME entity, is fully binary capable.)
2. In section 2.5.2, suggest expanding the sentence:
"It also includes a non-algorithm capability which is the preference
for signedData."
To:
"It MAY also be used to indicate additional preferences or capabilities,
for example preference to always receive signed messages or never
receive encrypted messages and the capability to process binary inner
MIME content (see section 3.1.2). Refer to the list of SMIMECapability
OIDs for further information."
3. In section 3.1.2 addition of text something like:
"S/MIME implementations which "know" that all intended recipient(s) are
capable of handling inner (all but the outermost) binary MIME objects
SHOULD NOT use 7-bit transfer encoding for the inner entities since this
would unnecessarily expand the message size. Implementations MAY "know"
that recipient implementations are capable of handling inner binary MIME
entities either by interpreting a corresponding sMIMECapabilities
attribute (see section 2.5.2), by prior agreement, or by other means.
"If one or more intended recipients are unable to handle inner binary
MIME objects, or if this capability in unknown for any of the intended
recipients, S/MIME implementations SHOULD use transfer encoding
described in section 3.1.3 for all MIME entities they secure."
I hope this addresses the issue with minimum fallout!
Regards,
tony
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g76Lets06111 for ietf-smime-bks; Tue, 6 Aug 2002 14:40:55 -0700 (PDT)
Received: from mail5.microsoft.com (mail5.microsoft.com [131.107.3.121]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g76Lenw06093 for <ietf-smime@imc.org>; Tue, 6 Aug 2002 14:40:53 -0700 (PDT)
Received: from inet-vrs-05.redmond.corp.microsoft.com ([157.54.6.157]) by mail5.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 6 Aug 2002 14:40:41 -0700
Received: from 157.54.6.150 by inet-vrs-05.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 06 Aug 2002 14:40:43 -0700
Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Tue, 6 Aug 2002 14:40:41 -0700
Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 6 Aug 2002 14:40:42 -0700
Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3604.0); Tue, 6 Aug 2002 14:40:01 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary"
Subject: RE: RSA OAEP Public Key Identification
Date: Tue, 6 Aug 2002 14:41:19 -0700
Message-ID: <4AEE3169443CDD4796CA8A00B02191CD063C425D@win-msg-01.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: RSA OAEP Public Key Identification
thread-index: AcI9h/8fC4JLJk6pTyOuqS04PGKvvAABjTSQ
From: "Trevor Freeman" <trevorf@windows.microsoft.com>
To: "Robert Zuccherato" <robert.zuccherato@entrust.com>, "Simon Blake-Wilson" <sblakewilson@bcisse.com>, "Housley, Russ" <rhousley@rsasecurity.com>, <ietf-smime@imc.org>
X-OriginalArrivalTime: 06 Aug 2002 21:40:01.0849 (UTC) FILETIME=[D1C1DA90:01C23D91]
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C23D91.FFF17362"
------_=_NextPart_001_01C23D91.FFF17362
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi Robert,
This is about defining policy on how the RSA key is used. Since there is
no scope for this kind of policy in the key usage extension, then EKU is
the intended mechanism. There is nothing in 3280 which restricts the
scope of the kinds usages in EKU to just application policy. The
complication here is that we have a deployed base of applications which
understand one or more existing RSA key OIDs and PKCS#1.5. I agree with
Simon, we should use a new OID for the RSA keys which indicates that if
you use this key with this OID you must understand the range of possible
policies that may be expressed in the EKU extension. If you are OK with
the key being used for both PKCS#1.5 and OAEP the use the existing key
OID with no EKU. We don't have to mark anything critical which is always
a loose cannon, we can just do this by mandate.
Trevor
-----Original Message-----
From: Robert Zuccherato [mailto:robert.zuccherato@entrust.com]=20
Sent: Tuesday, August 06, 2002 1:16 PM
To: 'Simon Blake-Wilson'; 'Housley, Russ'; ietf-smime@imc.org
Subject: RE: RSA OAEP Public Key Identification
=20
I have two reasons for saying "not EKU".
=20
1. The PKIX Certificate and CRL profile (RFC 3280) has the following
text describing EKU:
If the extension is present, then the certificate MUST only be
used for one of the purposes indicated. If multiple purposes are
indicated the application need not recognize all purposes indicated, as
long as the intended purpose is present. =20
Thus, for example, if the certificate had both id-RSAES-OAEP and
id-kp-emailProtection, then the key could legally be used for protecting
email, without regard for whether or not OAEP or PKCS #1 v1.5 should be
used. Now, S/MIME could make a requirement that when encrypting for a
recipient and using OAEP then the id-RSAES-OAEP OID must be present, but
then that requirement wouldn't be necessarily binding on all other
applications that may process that certificate.
=20
2. In my opinion EKU was meant to identify application-level purposes
for which the key may be used, not algorithm-level purposes. Looking at
the purposes defined in RFC3280 confirms this (server auth., client
auth., code signing, email protection, time stamping, OCSP signing).
Algorithm usages belong in the subjectPublicKeyInfo and placing them in
EKU just unnecessarily complicates things.
-----Original Message-----
From: Simon Blake-Wilson [mailto:sblakewilson@bcisse.com]
Sent: Tuesday, August 06, 2002 9:31 AM
To: 'Robert Zuccherato'; 'Housley, Russ'; ietf-smime@imc.org
Subject: RE: RSA OAEP Public Key Identification
Can one of you please expand on "Why not EKU?" (Since I included
it in all the ECC stuff, if there's a good reason why not, maybe we can
change things.) Naively it seems like EKU has a bunch of nice properties
... for example you can use it to place the policy decision on the
private key holder or the public key holder with the criticality flag,
you can acknowledge that using keys with multiple algs happens and at
least make you the keys are only used with the OIDs listed, you have a
reasonable migration path by making the extension non-critical
initially, etc. Is it just lack of support for EKU in PKI products that
makes introducing a new OID in subjectPublicKeyInfo desirable?
=20
Best regards. simon
=20
-----Original Message-----
From: owner-ietf-smime@mail.imc.org
[mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Robert Zuccherato
Sent: Friday, August 02, 2002 9:41 AM
To: 'Housley, Russ'; ietf-smime@imc.org
Subject: RE: RSA OAEP Public Key Identification
=20
Russ;=20
I think that including the id-RSAES-OAEP be used in the
certificate subject public key info field is the right way to go. The
only other option that I see is Extended Key Usage, but I don't think
that EKU was meant to deal with algorithm usages.
I do have one question though. If we go with your proposal, how
would certificates with rsaEncryption in the SubjectPublicKeyInfo
AlgorithmIdentifier be treated? My suggestion would be that any key
transport method (PKCS #1, OAEP, etc) could be used with these keys.
Anything else would be a redefinition of what that OID meant. Also,
this would allow people who want to use both algorithms with one key to
continue to do so. This would mean that id-RSAES-OAEP need only be
included in the subject public key info of certificates whose key is to
be used solely with OAEP, for everyone else nothing changes.
Robert.=20
> -----Original Message-----=20
> From: Housley, Russ [mailto:rhousley@rsasecurity.com]=20
> Sent: Thursday, August 01, 2002 5:01 PM=20
> To: ietf-smime@imc.org=20
> Subject: RSA OAEP Public Key Identification=20
>=20
>=20
>=20
> At the meeting in Yokohama, we discussed the RSA OAEP draft. =20
> One of the=20
> areas that was discussed was the security considerations=20
> section, where the=20
> document recommends that a key pair only be used for one=20
> purpose. Presently, we do not have a mechanism for=20
> identifying how a key=20
> holder would like to have their public key used.=20
>=20
> The certificate currently tells the message originator that=20
> the public key=20
> is an RSA key, and the key usage extension tells that the=20
> public key can be=20
> used for key transport. There is nothing to tell the message=20
> originator=20
> whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a=20
> particular=20
> key. So, there is no indication to the message originator=20
> that will allow=20
> the security consideration to be implemented.=20
>=20
> Here is my proposed solution: use a different algorithm=20
> identifier in the=20
> certificate.=20
>=20
> I suggest that the id-RSAES-OAEP be used in the certificate=20
> subject public=20
> key info field to indicate that the public key should ONLY be=20
> used with RSA=20
> OAEP.=20
>=20
> This proposal may make transition from RSA PKCS #1 v1.5 to=20
> RSA OAEP a bit=20
> more difficult, since it would not allow one key pair to be=20
> used with both=20
> algorithms. However, this is exactly what the security=20
> considerations=20
> recommend.=20
>=20
> Does anyone have concerns with this approach?=20
>=20
> If this approach is adopted, then a companion document in the=20
> PKIX working=20
> group for the proper handling of RSA OAEP (and probably RSA=20
> PSS) public=20
> keys will likely be needed.=20
>=20
> Russ=20
>=20
------_=_NextPart_001_01C23D91.FFF17362
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">
<title>RE: RSA OAEP Public Key Identification</title>
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p
{margin-right:0in;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.emailstyle18
{font-family:Arial;
color:navy;}
span.EmailStyle19
{font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dblue>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Hi Robert,</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>This is about defining policy on =
how the
RSA key is used. Since there is no scope for this kind of policy in the =
key
usage extension, then EKU is the intended mechanism. There is nothing in =
3280
which restricts the scope of the kinds usages in EKU to just application
policy. The complication here is that we have a deployed base of =
applications which
understand one or more existing RSA key OIDs and PKCS#1.5. I agree with =
Simon,
we should use a new OID for the RSA keys which indicates that if you use =
this
key with this OID you must understand the range of possible policies =
that may
be expressed in the EKU extension. If you are OK with the key being used =
for both
PKCS#1.5 and OAEP the use the existing key OID with no EKU. We =
don’t have
to mark anything critical which is always a loose cannon, we can just do =
this
by mandate.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Trevor</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Robert Zuccherato
[mailto:robert.zuccherato@entrust.com] <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> </span></font><font =
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'>Tuesday, August
06, 2002</span></font><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'> </span></font><font size=3D2 face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>1:16 =
PM</span></font><font size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'><br>
<b><span style=3D'font-weight:bold'>To:</span></b> 'Simon Blake-Wilson';
'Housley, Russ'; ietf-smime@imc.org<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: RSA OAEP =
Public Key
Identification</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font></p>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dmaroon
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:maroon'>I have
two reasons for saying "not EKU".</span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dmaroon
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:maroon'>1.
The PKIX Certificate and CRL profile (RFC 3280) has the following text
describing EKU:</span></font></p>
</div>
<blockquote =
style=3D'margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3DArial><span
style=3D'font-size:12.0pt;font-family:Arial'>If the extension is =
present, then
the certificate MUST only be used for one of the purposes =
indicated. If
multiple purposes are indicated the application need not recognize all =
purposes
indicated, as long as the intended purpose is present. =
</span></font></p>
</div>
</blockquote>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dmaroon
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:maroon'>Thus,
for example, if the certificate had both id-RSAES-OAEP and
id-kp-emailProtection, then the key could legally be used for protecting =
email,
without regard for whether or not OAEP or PKCS #1 v1.5 should be =
used.
Now, S/MIME could make a requirement that when encrypting for a =
recipient and
using OAEP then the id-RSAES-OAEP OID must be present, but then that
requirement wouldn't be necessarily binding on all other applications =
that may
process that certificate.</span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dmaroon
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:maroon'>2.
In my opinion EKU was meant to identify application-level purposes for =
which
the key may be used, not algorithm-level purposes. Looking at the
purposes defined in RFC3280 confirms this (server auth., client auth., =
code
signing, email protection, time stamping, OCSP signing). Algorithm =
usages
belong in the subjectPublicKeyInfo and placing them in EKU just =
unnecessarily
complicates things.</span></font></p>
</div>
<blockquote style=3D'border:none;border-left:solid maroon =
1.5pt;padding:0in 0in 0in 4.0pt;
margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'=
>
<p class=3DMsoNormal =
style=3D'margin-right:0in;margin-bottom:12.0pt;margin-left:
.5in'><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Simon Blake-Wilson
[mailto:sblakewilson@bcisse.com]<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Tuesday, August 06, =
2002
9:31 AM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> 'Robert Zuccherato'; =
'Housley,
Russ'; ietf-smime@imc.org<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: RSA OAEP =
Public Key
Identification</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Can one of you =
please
expand on “Why not EKU?” (Since I included it in all the ECC =
stuff,
if there’s a good reason why not, maybe we can change things.) =
Naively it
seems like EKU has a bunch of nice properties … for example you =
can use
it to place the policy decision on the private key holder or the public =
key
holder with the criticality flag, you can acknowledge that using keys =
with
multiple algs happens and at least make you the keys are only used with =
the
OIDs listed, you have a reasonable migration path by making the =
extension
non-critical initially, etc. Is it just lack of support for EKU in PKI =
products
that makes introducing a new OID in subjectPublicKeyInfo =
desirable?</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Best regards. =
simon</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font></p>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b>
owner-ietf-smime@mail.imc.org [mailto:owner-ietf-smime@mail.imc.org] =
<b><span
style=3D'font-weight:bold'>On Behalf Of </span></b>Robert Zuccherato<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Friday, August 02, =
2002 9:41
AM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> 'Housley, Russ';
ietf-smime@imc.org<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: RSA OAEP =
Public Key
Identification</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font></p>
<p style=3D'margin-left:1.0in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>Russ;</span></font> </p>
<p style=3D'margin-left:1.0in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>I think that including the id-RSAES-OAEP be =
used in
the certificate subject public key info field is the right way to =
go. The
only other option that I see is Extended Key Usage, but I don't think =
that EKU
was meant to deal with algorithm usages.</span></font></p>
<p style=3D'margin-left:1.0in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>I do have one question though. If we go =
with
your proposal, how would certificates with rsaEncryption in the
SubjectPublicKeyInfo AlgorithmIdentifier be treated? My suggestion =
would
be that any key transport method (PKCS #1, OAEP, etc) could be used with =
these
keys. Anything else would be a redefinition of what that OID =
meant.
Also, this would allow people who want to use both algorithms with one =
key to
continue to do so. This would mean that id-RSAES-OAEP need only be
included in the subject public key info of certificates whose key is to =
be used
solely with OAEP, for everyone else nothing changes.</span></font></p>
<p style=3D'margin-left:1.0in'><font size=3D3 face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt'> =
</span></font><font
size=3D2><span style=3D'font-size:10.0pt'>Robert.</span></font> </p>
<p style=3D'margin-left:1.0in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>> -----Original Message-----</span></font> =
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> From: Housley, Russ =
[<a
href=3D"mailto:rhousley@rsasecurity.com">mailto:rhousley@rsasecurity.com<=
/a>]</span></font>
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Sent: Thursday, =
August 01,
2002 5:01 PM</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> To: =
ietf-smime@imc.org</span></font>
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Subject: RSA OAEP =
Public Key
Identification</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> At the meeting in =
Yokohama, we
discussed the RSA OAEP draft. </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> One of the =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> areas that was =
discussed was
the security considerations </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> section, where the =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> document recommends =
that a key
pair only be used for one </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> purpose. =
Presently, we
do not have a mechanism for </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> identifying how a =
key </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> holder would like =
to have
their public key used.</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> The certificate =
currently
tells the message originator that </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> the public key =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> is an RSA key, and =
the key
usage extension tells that the </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> public key can be =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> used for key =
transport.
There is nothing to tell the message </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> originator =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> whether RSA PKCS #1 =
v1.5 or
RSA OAEP ought to be used with a </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> particular =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> key. So, =
there is no
indication to the message originator </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> that will allow =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> the security =
consideration to
be implemented.</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Here is my proposed =
solution:
use a different algorithm </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> identifier in the =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> =
certificate.</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> I suggest that the
id-RSAES-OAEP be used in the certificate </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> subject public =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> key info field to =
indicate
that the public key should ONLY be </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> used with RSA =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> OAEP.</span></font> =
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> This proposal may =
make
transition from RSA PKCS #1 v1.5 to </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> RSA OAEP a bit =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> more difficult, =
since it would
not allow one key pair to be </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> used with both =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> algorithms. =
However,
this is exactly what the security </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> considerations =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> =
recommend.</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Does anyone have =
concerns with
this approach?</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> If this approach is =
adopted,
then a companion document in the </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> PKIX working =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> group for the =
proper handling
of RSA OAEP (and probably RSA </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> PSS) public =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> keys will likely be =
needed.</span></font>
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Russ</span></font> =
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font></p>
</blockquote>
</div>
</body>
</html>
=00
------_=_NextPart_001_01C23D91.FFF17362--
--------------InterScan_NT_MIME_Boundary--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g76KFua00770 for ietf-smime-bks; Tue, 6 Aug 2002 13:15:56 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g76KFtw00766 for <ietf-smime@imc.org>; Tue, 6 Aug 2002 13:15:55 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <38JSS7VV>; Tue, 6 Aug 2002 16:15:47 -0400
Message-ID: <BFB44293CE13C9419B7AFE7CBC35B9390204353C@sottmxs08.entrust.com>
From: Robert Zuccherato <robert.zuccherato@entrust.com>
To: "'Simon Blake-Wilson'" <sblakewilson@bcisse.com>, "'Housley, Russ'" <rhousley@rsasecurity.com>, ietf-smime@imc.org
Subject: RE: RSA OAEP Public Key Identification
Date: Tue, 6 Aug 2002 16:15:46 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C23D86.0C9664D0"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C23D86.0C9664D0
Content-Type: text/plain
I have two reasons for saying "not EKU".
1. The PKIX Certificate and CRL profile (RFC 3280) has the following text
describing EKU:
If the extension is present, then the certificate MUST only be used for one
of the purposes indicated. If multiple purposes are indicated the
application need not recognize all purposes indicated, as long as the
intended purpose is present.
Thus, for example, if the certificate had both id-RSAES-OAEP and
id-kp-emailProtection, then the key could legally be used for protecting
email, without regard for whether or not OAEP or PKCS #1 v1.5 should be
used. Now, S/MIME could make a requirement that when encrypting for a
recipient and using OAEP then the id-RSAES-OAEP OID must be present, but
then that requirement wouldn't be necessarily binding on all other
applications that may process that certificate.
2. In my opinion EKU was meant to identify application-level purposes for
which the key may be used, not algorithm-level purposes. Looking at the
purposes defined in RFC3280 confirms this (server auth., client auth., code
signing, email protection, time stamping, OCSP signing). Algorithm usages
belong in the subjectPublicKeyInfo and placing them in EKU just
unnecessarily complicates things.
-----Original Message-----
From: Simon Blake-Wilson [mailto:sblakewilson@bcisse.com]
Sent: Tuesday, August 06, 2002 9:31 AM
To: 'Robert Zuccherato'; 'Housley, Russ'; ietf-smime@imc.org
Subject: RE: RSA OAEP Public Key Identification
Can one of you please expand on "Why not EKU?" (Since I included it in all
the ECC stuff, if there's a good reason why not, maybe we can change
things.) Naively it seems like EKU has a bunch of nice properties ... for
example you can use it to place the policy decision on the private key
holder or the public key holder with the criticality flag, you can
acknowledge that using keys with multiple algs happens and at least make you
the keys are only used with the OIDs listed, you have a reasonable migration
path by making the extension non-critical initially, etc. Is it just lack of
support for EKU in PKI products that makes introducing a new OID in
subjectPublicKeyInfo desirable?
Best regards. simon
-----Original Message-----
From: owner-ietf-smime@mail.imc.org [mailto:owner-ietf-smime@mail.imc.org]
On Behalf Of Robert Zuccherato
Sent: Friday, August 02, 2002 9:41 AM
To: 'Housley, Russ'; ietf-smime@imc.org
Subject: RE: RSA OAEP Public Key Identification
Russ;
I think that including the id-RSAES-OAEP be used in the certificate subject
public key info field is the right way to go. The only other option that I
see is Extended Key Usage, but I don't think that EKU was meant to deal with
algorithm usages.
I do have one question though. If we go with your proposal, how would
certificates with rsaEncryption in the SubjectPublicKeyInfo
AlgorithmIdentifier be treated? My suggestion would be that any key
transport method (PKCS #1, OAEP, etc) could be used with these keys.
Anything else would be a redefinition of what that OID meant. Also, this
would allow people who want to use both algorithms with one key to continue
to do so. This would mean that id-RSAES-OAEP need only be included in the
subject public key info of certificates whose key is to be used solely with
OAEP, for everyone else nothing changes.
Robert.
> -----Original Message-----
> From: Housley, Russ [ mailto:rhousley@rsasecurity.com
<mailto:rhousley@rsasecurity.com> ]
> Sent: Thursday, August 01, 2002 5:01 PM
> To: ietf-smime@imc.org
> Subject: RSA OAEP Public Key Identification
>
>
>
> At the meeting in Yokohama, we discussed the RSA OAEP draft.
> One of the
> areas that was discussed was the security considerations
> section, where the
> document recommends that a key pair only be used for one
> purpose. Presently, we do not have a mechanism for
> identifying how a key
> holder would like to have their public key used.
>
> The certificate currently tells the message originator that
> the public key
> is an RSA key, and the key usage extension tells that the
> public key can be
> used for key transport. There is nothing to tell the message
> originator
> whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a
> particular
> key. So, there is no indication to the message originator
> that will allow
> the security consideration to be implemented.
>
> Here is my proposed solution: use a different algorithm
> identifier in the
> certificate.
>
> I suggest that the id-RSAES-OAEP be used in the certificate
> subject public
> key info field to indicate that the public key should ONLY be
> used with RSA
> OAEP.
>
> This proposal may make transition from RSA PKCS #1 v1.5 to
> RSA OAEP a bit
> more difficult, since it would not allow one key pair to be
> used with both
> algorithms. However, this is exactly what the security
> considerations
> recommend.
>
> Does anyone have concerns with this approach?
>
> If this approach is adopted, then a companion document in the
> PKIX working
> group for the proper handling of RSA OAEP (and probably RSA
> PSS) public
> keys will likely be needed.
>
> Russ
>
------_=_NextPart_001_01C23D86.0C9664D0
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<TITLE>RE: RSA OAEP Public Key Identification</TITLE>
<META content="MSHTML 6.00.2716.2200" name=GENERATOR>
<STYLE>@font-face {
font-family: Tahoma;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: blue; TEXT-DECORATION: underline
}
P {
FONT-SIZE: 12pt; MARGIN-LEFT: 0in; MARGIN-RIGHT: 0in; FONT-FAMILY: "Times New Roman"
}
SPAN.EmailStyle18 {
COLOR: navy; FONT-FAMILY: Arial
}
DIV.Section1 {
page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=blue link=blue>
<DIV><FONT face=Arial color=#800000 size=2><SPAN class=285590120-06082002>I have
two reasons for saying "not EKU".</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#800000 size=2><SPAN
class=285590120-06082002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#800000 size=2><SPAN
class=285590120-06082002>1. The PKIX Certificate and CRL profile (RFC
3280) has the following text describing EKU:</SPAN></FONT></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV dir=ltr style="MARGIN-RIGHT: 0px"><FONT face=Arial><SPAN
class=285590120-06082002>If the extension is present, then the certificate
MUST only be used for one of the purposes indicated. If multiple
purposes are indicated the application need not recognize all purposes
indicated, as long as the intended purpose is present.
</SPAN></FONT></DIV></BLOCKQUOTE>
<DIV dir=ltr style="MARGIN-RIGHT: 0px"><FONT face=Arial><SPAN
class=285590120-06082002><FONT color=#800000 size=2>Thus, for example, if the
certificate had both id-RSAES-OAEP and id-kp-emailProtection, then the key could
legally be used for protecting email, without regard for whether or not OAEP or
PKCS #1 v1.5 should be used. Now, S/MIME could make a requirement that
when encrypting for a recipient and using OAEP then the id-RSAES-OAEP OID must
be present, but then that requirement wouldn't be necessarily binding on all
other applications that may process that certificate.</FONT></SPAN></FONT></DIV>
<DIV dir=ltr style="MARGIN-RIGHT: 0px"><FONT face=Arial color=#800000
size=2><SPAN class=285590120-06082002></SPAN></FONT> </DIV>
<DIV dir=ltr style="MARGIN-RIGHT: 0px"><FONT face=Arial color=#800000
size=2><SPAN class=285590120-06082002>2. In my opinion EKU was meant to
identify application-level purposes for which the key may be used, not
algorithm-level purposes. Looking at the purposes defined in RFC3280
confirms this (server auth., client auth., code signing, email protection, time
stamping, OCSP signing). Algorithm usages belong in the
subjectPublicKeyInfo and placing them in EKU just unnecessarily complicates
things.</SPAN></FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #800000 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Simon Blake-Wilson
[mailto:sblakewilson@bcisse.com]<BR><B>Sent:</B> Tuesday, August 06, 2002 9:31
AM<BR><B>To:</B> 'Robert Zuccherato'; 'Housley, Russ';
ietf-smime@imc.org<BR><B>Subject:</B> RE: RSA OAEP Public Key
Identification<BR><BR></DIV></FONT>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Can one of you please
expand on “Why not EKU?” (Since I included it in all the ECC stuff, if there’s
a good reason why not, maybe we can change things.) Naively it seems like EKU
has a bunch of nice properties … for example you can use it to place the
policy decision on the private key holder or the public key holder with the
criticality flag, you can acknowledge that using keys with multiple algs
happens and at least make you the keys are only used with the OIDs listed, you
have a reasonable migration path by making the extension non-critical
initially, etc. Is it just lack of support for EKU in PKI products that makes
introducing a new OID in subjectPublicKeyInfo desirable?</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Best regards.
simon</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Tahoma size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">-----Original
Message-----<BR><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B>
owner-ietf-smime@mail.imc.org [mailto:owner-ietf-smime@mail.imc.org] <B><SPAN
style="FONT-WEIGHT: bold">On Behalf Of </SPAN></B>Robert
Zuccherato<BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Friday,
August 02, 2002 9:41 AM<BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B>
'Housley, Russ'; ietf-smime@imc.org<BR><B><SPAN
style="FONT-WEIGHT: bold">Subject:</SPAN></B> RE: RSA OAEP Public Key
Identification</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman"
size=3><SPAN style="FONT-SIZE: 12pt"></SPAN></FONT> </P>
<P style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman" size=2><SPAN
style="FONT-SIZE: 10pt">Russ;</SPAN></FONT> </P>
<P style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman" size=2><SPAN
style="FONT-SIZE: 10pt">I think that including the id-RSAES-OAEP be used in
the certificate subject public key info field is the right way to go.
The only other option that I see is Extended Key Usage, but I don't think that
EKU was meant to deal with algorithm usages.</SPAN></FONT></P>
<P style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman" size=2><SPAN
style="FONT-SIZE: 10pt">I do have one question though. If we go with
your proposal, how would certificates with rsaEncryption in the
SubjectPublicKeyInfo AlgorithmIdentifier be treated? My suggestion would
be that any key transport method (PKCS #1, OAEP, etc) could be used with these
keys. Anything else would be a redefinition of what that OID
meant. Also, this would allow people who want to use both algorithms
with one key to continue to do so. This would mean that id-RSAES-OAEP
need only be included in the subject public key info of certificates whose key
is to be used solely with OAEP, for everyone else nothing
changes.</SPAN></FONT></P>
<P style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt">
</SPAN></FONT><FONT size=2><SPAN style="FONT-SIZE: 10pt">Robert.</SPAN></FONT>
</P>
<P style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman" size=2><SPAN
style="FONT-SIZE: 10pt">> -----Original Message-----</SPAN></FONT>
<BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">> From: Housley, Russ [<A
href="mailto:rhousley@rsasecurity.com">mailto:rhousley@rsasecurity.com</A>]</SPAN></FONT>
<BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">> Sent: Thursday, August 01,
2002 5:01 PM</SPAN></FONT> <BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">>
To: ietf-smime@imc.org</SPAN></FONT> <BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> Subject: RSA OAEP Public Key
Identification</SPAN></FONT> <BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> At the meeting in Yokohama, we discussed the RSA
OAEP draft. </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> One of the </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> areas that was discussed was the security
considerations </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> section, where the </SPAN></FONT><BR><FONT
size=2><SPAN style="FONT-SIZE: 10pt">> document recommends that a key pair
only be used for one </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> purpose. Presently, we do not have a
mechanism for </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> identifying how a key </SPAN></FONT><BR><FONT
size=2><SPAN style="FONT-SIZE: 10pt">> holder would like to have their
public key used.</SPAN></FONT> <BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> The certificate currently tells the message
originator that </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> the public key </SPAN></FONT><BR><FONT
size=2><SPAN style="FONT-SIZE: 10pt">> is an RSA key, and the key usage
extension tells that the </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> public key can be </SPAN></FONT><BR><FONT
size=2><SPAN style="FONT-SIZE: 10pt">> used for key transport. There
is nothing to tell the message </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> originator </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> whether RSA PKCS #1 v1.5 or RSA OAEP ought to be
used with a </SPAN></FONT><BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">>
particular </SPAN></FONT><BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">>
key. So, there is no indication to the message originator
</SPAN></FONT><BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">> that will
allow </SPAN></FONT><BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">> the
security consideration to be implemented.</SPAN></FONT> <BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> Here is my proposed solution: use a different
algorithm </SPAN></FONT><BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">>
identifier in the </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> certificate.</SPAN></FONT> <BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> I suggest that the id-RSAES-OAEP be used in the
certificate </SPAN></FONT><BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">>
subject public </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> key info field to indicate that the public key
should ONLY be </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> used with RSA </SPAN></FONT><BR><FONT
size=2><SPAN style="FONT-SIZE: 10pt">> OAEP.</SPAN></FONT> <BR><FONT
size=2><SPAN style="FONT-SIZE: 10pt">> </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> This proposal may make transition from RSA PKCS
#1 v1.5 to </SPAN></FONT><BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">>
RSA OAEP a bit </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> more difficult, since it would not allow one key
pair to be </SPAN></FONT><BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">>
used with both </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> algorithms. However, this is exactly what
the security </SPAN></FONT><BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">>
considerations </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> recommend.</SPAN></FONT> <BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> Does anyone have concerns with this
approach?</SPAN></FONT> <BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">>
</SPAN></FONT><BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">> If this
approach is adopted, then a companion document in the </SPAN></FONT><BR><FONT
size=2><SPAN style="FONT-SIZE: 10pt">> PKIX working </SPAN></FONT><BR><FONT
size=2><SPAN style="FONT-SIZE: 10pt">> group for the proper handling of RSA
OAEP (and probably RSA </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> PSS) public </SPAN></FONT><BR><FONT size=2><SPAN
style="FONT-SIZE: 10pt">> keys will likely be needed.</SPAN></FONT>
<BR><FONT size=2><SPAN style="FONT-SIZE: 10pt">> </SPAN></FONT><BR><FONT
size=2><SPAN style="FONT-SIZE: 10pt">> Russ</SPAN></FONT> <BR><FONT
size=2><SPAN style="FONT-SIZE: 10pt">>
</SPAN></FONT></P></DIV></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C23D86.0C9664D0--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g76IV4X24912 for ietf-smime-bks; Tue, 6 Aug 2002 11:31:04 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g76IV3w24908 for <ietf-smime@imc.org>; Tue, 6 Aug 2002 11:31:03 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 6 Aug 2002 18:31:05 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id OAA28993 for <ietf-smime@imc.org>; Tue, 6 Aug 2002 14:31:04 -0400 (EDT)
Received: from exrsa01.rsa.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g76ISsH25215 for <ietf-smime@imc.org>; Tue, 6 Aug 2002 14:28:54 -0400 (EDT)
Received: by exrsa01.rsa.com with Internet Mail Service (5.5.2653.19) id <NGM1GBTC>; Tue, 6 Aug 2002 11:31:01 -0700
Message-ID: <D516C97A440DD31197640008C7EBBE4701EA0979@exrsa02.rsa.com>
From: "Yee, Peter" <pyee@rsasecurity.com>
To: "'ietf-smime@imc.org'" <ietf-smime@imc.org>
Subject: S/MIME WG Minutes from the 54th IETF
Date: Tue, 6 Aug 2002 11:30:51 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
The minutes for the S/MIME Working Group meeting at the Yokohama
IETF follow. If you find any egregious mistakes, please let me
know. None of the presenters have complained yet. :-)
Thanks.
-Peter Yee
pyee@rsasecurity.com
This message includes the official minutes of the IETF S/MIME Working
Group (WG) meeting held at the 54th IETF in July 2002 in
Yokohama, Japan. Briefing slides will be available from
<ftp://ftp.ietf.org/ietf/smime/>. Reported by Peter Yee.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Introductions: Russ Housley covered the agenda for the meeting.
No changes from the floor were offered or made.
Introductions Russ Housley
Working Group Status Russ Housley
CMSbis Status Russ Housley
MSGbis Update Russ Housley for Blake Ramsdell
CERTbis Update Russ Housley for Blake Ramsdell
X400wrap and X400transport Update Sean Turner for Chris Bonatti
CMS and ESS Examples Update Russ Housley for Paul Hoffman
Interoperability Matrix Update Jim Schaad
AES Update Jim Schaad
RSA-OAEP Update Russ Housley
PGP Certificate Support Derek Atkins
Wrap up Russ Housley
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Working Group Status: Russ covered the current status of the active
documents in the working group. Changes in status since the last
meeting are as follows.
Published as an RFC:
- 3278 April 2002. Use of Elliptic Curve Cryptography (ECC) Algorithms
in Cryptographic Message Syntax (CMS). S. Blake-Wilson,
D. Brown, and P. Lambert.
- 3114 May 2002. Implementing Company Classification Policy with the
S/MIME Security Label. W. Nicholls.
- 3274 June 2002. Compressed Data Content Type for Cryptographic
Message Syntax (CMS). P. Gutmann.
RFC Editors Queue:
- rfc2630bis Cryptographic Message Syntax. R. Housley
- cmsalg Cryptographic Message Syantx (CMS) Algorithms.
R. Housley
- aes-keywrap AES Key Wrap Algorithm. J. Schaad and R. Housley.
With the IESG for consideration:
- x400wrap Securing X.400 Content with S.MIME. P. Hoffman,
C. Bonatti, and A. Eggen.
- x400transport Transporting S/MIME Objects in X.400. P. Hoffman
and C. Bonnati.
- symkeydist CMS Symmetric Key Management and Distribution.
S. Turner.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CMSbis Status: About to be published as a Proposed Standard. Blocked
from going to Draft Standard until RFC 3280 progresses to Draft
Standard.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
MSGbis Update: Changes from -00:
o Minor editorial work
o Clarified "certificate managment" vs. "certs-only" (message
content has not changed, only clarified).
Outstanding issues:
o CompressedData use. Which comes first sign or compress? Should
we expand SMIMECapabilities to indicate the compression algorithms
that a recipient supports? Current thinking is to add compression
as a MAY. Could be supported as a further profile of S/MIME or
could use the SMIMECapabilities (which many implementations only
handle process in conjunction with encrypted messages). Jim
Schaad (Soaring Hawk) does not want compression for signed-only
messages. Further, Jim believes that compression should be applied
after signing. That is, the SignedData should be compressed.
o Header field protection. Would like to protect the RFC 2822 headers.
To do so, the full 822 messsage is wrapped and protected in S/MIME.
Then, outer headers for the S/MIME message are added that suffice
for message delivery.
o Inner binary encoding? Triple-wrapped messages have considerable
expansion due to Base-64 encoding for each layer of encapsulation.
Is it acceptable only to Base-64 encode the outermost wrapper?
S/MIME v2 used Base-64 encoding at each encapsulation because some
older clients could not handle a binary transfer encoding type. If
we use binary encoding for inner wrappers, there is a problem with
some gateways that remove security layers, exposing the contents
(such as DOMSEC). If the exposed MIME type is multipart, then the
re-encoding could impact signature validation. The use of binary
encoding is simply to reduce message expansion. How the inner
binary encoding is used can be done by two ways, it can be done as
a profile, or it can be communicated through SMIMEcapabilities.
Jim Schaad pointed out that RFC 2633 currently requires support for
binary encoding. Tim Polk (NIST) argued that it might cause
interoperability problems, regardless of what the RFC decrees. Many
implementations handle inner binary encoding. All implementers that
responded to a S/MIME working group mailing list survey that was
conducted several months ago indicated that their code could handle
binary encoding. Further, no one expressed concerns in this area.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CERTbis Update:
o Must not used v1 Attribute Certificates -- PKIX already mandates v2.
o MD2 security warning -- should not be used, but there are a few roots
that use RSA-MD2
o Minor editorial work
Close to last call, so please get your inputs to Blake Ramsdell (Brute Squad
Labs) or Russ Housley (RSA Labs), via the mailing list.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
X400wrap & X400transport Update: X.400 Wrap is analgous to the MSG document,
and X.400 transport tells how to carry CMS objects via X.400 MTAs.
The documents are with the IESG, and the IETF Chair has raised a few
questions. These questions are answered in new versions that are out to
the co-authors. They should be posted soon.
One major issue:
o Header field protection
Solutions:
- Encapsulate the message (including headers) in message/rfc822 and
protect that
- Agree upon rules for merging inner/outer headers (inner protected
and 822 headers must match!)
- Indicator to signal header merging needed
Documents are moving down the Standards Track, not Informational. The -05
drafts will be released by the authors, hopefully getting these documents
closer to moving on.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CMS and ESS Examples Update: New examples for inclusion in the document
have been sent to Paul Hoffman. As soon as they are incorporated, a new
version of the document will be posted. All implementers are asked to
confirm that the examples produce the expected output.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Interoperability Matrix Update: Needs to be updated for rfc2630bis
and cmsalg (which are in the RFC Editor's Queue).
No recent implementer updates to the CMS information. The CMS
Algorithms portion of the matrix is very close (HMAC/SHA-1 is
outstanding).
The SignedData portion has 6 items to go, and the EnvelopedData
portion has 10 items to go.
Paul Hoffman (IMC) has offered to coordinate interoperability testing
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
AES Update: Separated the AES and OAEP drafts. The AES Keywrap is in
the RFC Editor's Queue. One open issue remains in the AES for CMS
draft. The mailing list constituency seems to want to allow RSA PKCS#1
v1.5 to wrap an AES key. Jim Schaad does not want to allow this pairing.
Options:
o Keep MUST NOT (disallow this pairing)
o Change MUST NOT to MAY (with author's comment against doing the MAY)
o CHANGE to MAY and update SMIMECapabilities to allow for pairing
information
Those present felt that MUST NOT was preferred, but the mailing list will
be polled again for a final input. The draft will be posted at the end
of the week, and once this one decision is made, the document will be
ready for working group last call.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
RSAES-OAEP Update: Separated from the merged AES-OAEP document. Other
separate but somewhat related documents are AES for CMS, RSA-KEM key
transport, and RSA-PSS digital signature. The current (-03) draft of
RSAES-OAEP was posted June 2002. Russ went over the structure of the
new draft. A couple of questions were raised:
o Is it okay to use the same RSA public/private key for RSAES-OAEP
and other things.
-- Not suggested.
o Is RSAES-OAEP with SHA-1 secure for key transport of AES keys?
-- SHA-1 used with 1024-bit RSA public key provides the equivalent of
80-bit symmetric key, with respect to signatures. This comparison
is not so straightforward for key transport. However, Burt Kaliski
and others feel that the signature relationship is a low watermark
for key transport, so for AES key transport, SHA-1 is not suggested.
Thus, SHA-256, SHA-384, and SHA-512 will be added to ASN.1 module
and suggested for use, but leave SHA-1 as the MUST implement. Also,
the updated draft will require RSA keys to be at least 1024 bits.
Working group last call, with the additions suggested above, would come
in August 2002.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
PGP Certificate Support: Derek Atkins (IHTFP Labs) suggested that with
many PGP Certificates out there and many S/MIME clients, the combination
of the two might be useful. Essentially, this would be a binding of
PGP keys to be used in S/MIME messages (the converse is being worked in
the PGP working group).
In a straw poll, only one person thought that the support for PGP
certificates should not be investigated. Many others thought that
an internet-draft should be developed.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g76DVej02845 for ietf-smime-bks; Tue, 6 Aug 2002 06:31:40 -0700 (PDT)
Received: from tomts22-srv.bellnexxia.net (tomts22.bellnexxia.net [209.226.175.184]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g76DVcw02838 for <ietf-smime@imc.org>; Tue, 6 Aug 2002 06:31:38 -0700 (PDT)
Received: from Simon ([64.231.125.145]) by tomts22-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20020806133135.WLSG16788.tomts22-srv.bellnexxia.net@Simon>; Tue, 6 Aug 2002 09:31:35 -0400
From: "Simon Blake-Wilson" <sblakewilson@bcisse.com>
To: "'Robert Zuccherato'" <robert.zuccherato@entrust.com>, "'Housley, Russ'" <rhousley@rsasecurity.com>, <ietf-smime@imc.org>
Subject: RE: RSA OAEP Public Key Identification
Date: Tue, 6 Aug 2002 09:31:26 -0400
Message-ID: <00ad01c23d4d$93fca760$c100a8c0@Simon>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00AE_01C23D2C.0CEC8E00"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <BFB44293CE13C9419B7AFE7CBC35B9390204352F@sottmxs08.entrust.com>
Importance: Normal
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
This is a multi-part message in MIME format.
------=_NextPart_000_00AE_01C23D2C.0CEC8E00
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Can one of you please expand on "Why not EKU?" (Since I included it in
all the ECC stuff, if there's a good reason why not, maybe we can change
things.) Naively it seems like EKU has a bunch of nice properties . for
example you can use it to place the policy decision on the private key
holder or the public key holder with the criticality flag, you can
acknowledge that using keys with multiple algs happens and at least make
you the keys are only used with the OIDs listed, you have a reasonable
migration path by making the extension non-critical initially, etc. Is
it just lack of support for EKU in PKI products that makes introducing a
new OID in subjectPublicKeyInfo desirable?
Best regards. simon
-----Original Message-----
From: owner-ietf-smime@mail.imc.org
[mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Robert Zuccherato
Sent: Friday, August 02, 2002 9:41 AM
To: 'Housley, Russ'; ietf-smime@imc.org
Subject: RE: RSA OAEP Public Key Identification
Russ;
I think that including the id-RSAES-OAEP be used in the certificate
subject public key info field is the right way to go. The only other
option that I see is Extended Key Usage, but I don't think that EKU was
meant to deal with algorithm usages.
I do have one question though. If we go with your proposal, how would
certificates with rsaEncryption in the SubjectPublicKeyInfo
AlgorithmIdentifier be treated? My suggestion would be that any key
transport method (PKCS #1, OAEP, etc) could be used with these keys.
Anything else would be a redefinition of what that OID meant. Also,
this would allow people who want to use both algorithms with one key to
continue to do so. This would mean that id-RSAES-OAEP need only be
included in the subject public key info of certificates whose key is to
be used solely with OAEP, for everyone else nothing changes.
Robert.
> -----Original Message-----
> From: Housley, Russ [mailto:rhousley@rsasecurity.com]
> Sent: Thursday, August 01, 2002 5:01 PM
> To: ietf-smime@imc.org
> Subject: RSA OAEP Public Key Identification
>
>
>
> At the meeting in Yokohama, we discussed the RSA OAEP draft.
> One of the
> areas that was discussed was the security considerations
> section, where the
> document recommends that a key pair only be used for one
> purpose. Presently, we do not have a mechanism for
> identifying how a key
> holder would like to have their public key used.
>
> The certificate currently tells the message originator that
> the public key
> is an RSA key, and the key usage extension tells that the
> public key can be
> used for key transport. There is nothing to tell the message
> originator
> whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a
> particular
> key. So, there is no indication to the message originator
> that will allow
> the security consideration to be implemented.
>
> Here is my proposed solution: use a different algorithm
> identifier in the
> certificate.
>
> I suggest that the id-RSAES-OAEP be used in the certificate
> subject public
> key info field to indicate that the public key should ONLY be
> used with RSA
> OAEP.
>
> This proposal may make transition from RSA PKCS #1 v1.5 to
> RSA OAEP a bit
> more difficult, since it would not allow one key pair to be
> used with both
> algorithms. However, this is exactly what the security
> considerations
> recommend.
>
> Does anyone have concerns with this approach?
>
> If this approach is adopted, then a companion document in the
> PKIX working
> group for the proper handling of RSA OAEP (and probably RSA
> PSS) public
> keys will likely be needed.
>
> Russ
>
------=_NextPart_000_00AE_01C23D2C.0CEC8E00
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">
<title>RE: RSA OAEP Public Key Identification</title>
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p
{margin-right:0in;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle18
{font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dblue>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Can one of you please expand on =
“Why
not EKU?” (Since I included it in all the ECC stuff, if =
there’s a
good reason why not, maybe we can change things.) Naively it seems like =
EKU has
a bunch of nice properties … for example you can use it to place =
the policy
decision on the private key holder or the public key holder with the
criticality flag, you can acknowledge that using keys with multiple algs
happens and at least make you the keys are only used with the OIDs =
listed, you
have a reasonable migration path by making the extension non-critical
initially, etc. Is it just lack of support for EKU in PKI products that =
makes
introducing a new OID in subjectPublicKeyInfo =
desirable?</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Best regards. =
simon</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> =
owner-ietf-smime@mail.imc.org
[mailto:owner-ietf-smime@mail.imc.org] <b><span =
style=3D'font-weight:bold'>On
Behalf Of </span></b>Robert Zuccherato<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Friday, August 02, =
2002 9:41
AM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> 'Housley, Russ';
ietf-smime@imc.org<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: RSA OAEP =
Public Key
Identification</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font></p>
<p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>Russ;</span></font> </p>
<p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>I think that including the id-RSAES-OAEP be =
used in
the certificate subject public key info field is the right way to =
go. The
only other option that I see is Extended Key Usage, but I don't think =
that EKU
was meant to deal with algorithm usages.</span></font></p>
<p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>I do have one question though. If we go =
with
your proposal, how would certificates with rsaEncryption in the
SubjectPublicKeyInfo AlgorithmIdentifier be treated? My suggestion =
would
be that any key transport method (PKCS #1, OAEP, etc) could be used with =
these
keys. Anything else would be a redefinition of what that OID =
meant.
Also, this would allow people who want to use both algorithms with one =
key to
continue to do so. This would mean that id-RSAES-OAEP need only be
included in the subject public key info of certificates whose key is to =
be used
solely with OAEP, for everyone else nothing changes.</span></font></p>
<p style=3D'margin-left:.5in'><font size=3D3 face=3D"Times New =
Roman"><span
style=3D'font-size:12.0pt'> =
</span></font><font
size=3D2><span style=3D'font-size:10.0pt'>Robert.</span></font> </p>
<p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>> -----Original Message-----</span></font> =
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> From: Housley, Russ =
[<a
href=3D"mailto:rhousley@rsasecurity.com">mailto:rhousley@rsasecurity.com<=
/a>]</span></font>
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Sent: Thursday, =
August 01,
2002 5:01 PM</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> To: =
ietf-smime@imc.org</span></font>
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Subject: RSA OAEP =
Public Key
Identification</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> At the meeting in =
Yokohama, we
discussed the RSA OAEP draft. </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> One of the =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> areas that was =
discussed was
the security considerations </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> section, where the =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> document recommends =
that a key
pair only be used for one </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> purpose. =
Presently, we
do not have a mechanism for </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> identifying how a =
key </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> holder would like =
to have
their public key used.</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> The certificate =
currently
tells the message originator that </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> the public key =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> is an RSA key, and =
the key
usage extension tells that the </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> public key can be =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> used for key =
transport.
There is nothing to tell the message </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> originator =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> whether RSA PKCS #1 =
v1.5 or
RSA OAEP ought to be used with a </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> particular =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> key. So, =
there is no
indication to the message originator </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> that will allow =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> the security =
consideration to
be implemented.</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Here is my proposed =
solution:
use a different algorithm </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> identifier in the =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> =
certificate.</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> I suggest that the
id-RSAES-OAEP be used in the certificate </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> subject public =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> key info field to =
indicate
that the public key should ONLY be </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> used with RSA =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> OAEP.</span></font> =
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> This proposal may =
make
transition from RSA PKCS #1 v1.5 to </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> RSA OAEP a bit =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> more difficult, =
since it would
not allow one key pair to be </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> used with both =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> algorithms. =
However,
this is exactly what the security </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> considerations =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> =
recommend.</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Does anyone have =
concerns with
this approach?</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> If this approach is =
adopted,
then a companion document in the </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> PKIX working =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> group for the =
proper handling
of RSA OAEP (and probably RSA </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> PSS) public =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> keys will likely be =
needed.</span></font>
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Russ</span></font> =
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font></p>
</div>
</body>
</html>
------=_NextPart_000_00AE_01C23D2C.0CEC8E00--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7388g513480 for ietf-smime-bks; Sat, 3 Aug 2002 01:08:42 -0700 (PDT)
Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7388ew13470 for <ietf-smime@imc.org>; Sat, 3 Aug 2002 01:08:40 -0700 (PDT)
Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.4/8.12.4) with ESMTP id g7388Yq9004191; Sat, 3 Aug 2002 20:08:34 +1200
Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id UAA174061; Sat, 3 Aug 2002 20:08:34 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Date: Sat, 3 Aug 2002 20:08:34 +1200 (NZST)
Message-ID: <200208030808.UAA174061@ruru.cs.auckland.ac.nz>
From: pgut001@cs.aucKland.ac.nz (Peter Gutmann)
To: pgut001@cs.aucKland.ac.nz, rhousley@rsasecurity.com
Subject: Re: RSA OAEP Public Key Identification
Cc: ietf-smime@imc.org
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
"Housley, Russ" <rhousley@rsasecurity.com> writes:
>SMIMECapabilities cannot solve this problem.
>
>Suppose that I have two certificates, each with an RSA public key. I want to
>use one of the public keys with PKCS #1 v1.5 and the other with OAEP. In the
>current approach, both certificates have a key usage of keyEncipherment, and
>both certificates have a SubjectPublicKeyInfo AlgorithmIdentifier of
>rsaEncryption. Also, SMIMECapabilities indicates both PKCS #1 v1.5 and OAEP.
>Therefore, a message originator has no idea which public key to use with PKCS
>#1 v1.5 and vice versa.
Fair enough. However, I still can't see this flying... there's a Far Side
cartoon which shows two points of view of someone talking to a dog, the human
side is something like "This is my dog Fido, who's friendly with strangers,
doesn't chew the furniture, and doesn't get into fights with other dogs", and
the dog's side is "blah blah blah blah *Fido* blah blah blah blah blah blah
blah blah". Getting this change across to end users will be similar, the
techies side will be "There's some obscure problem with existing RSA keys which
is too technical to explain and probably won't affect anyone, but just to be
safe we're making a switch to something else. A slight downside is that
nothing will work any more with the new keys" and the masses will get "blah
blah blah blah blah blah *nothing will work any more with the new keys*". You
may as well have the certificates made out of asbestos using child labour for
all the user buy-in they're going to get.
I don't think this is a solveable problem. To kill PKCS #1, you need to make
sure the keys can only be used with OAEP. By making sure they're only usable
with OAEP, they won't work when users try and do anything with them. The
outcome is a foregone conclusion - it's X9.42 certs all over again.
I guess I've said my bit on this topic. I certainly won't object if people
want to create OAEP OIDs and mechanisms and whatnot, but I'll stick with PKCS
#1 v1.5.
Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g72Efib17061 for ietf-smime-bks; Fri, 2 Aug 2002 07:41:44 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g72Efgw17055 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 07:41:42 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <38JSR4FZ>; Fri, 2 Aug 2002 10:41:28 -0400
Message-ID: <BFB44293CE13C9419B7AFE7CBC35B9390204352F@sottmxs08.entrust.com>
From: Robert Zuccherato <robert.zuccherato@entrust.com>
To: "'Housley, Russ'" <rhousley@rsasecurity.com>, ietf-smime@imc.org
Subject: RE: RSA OAEP Public Key Identification
Date: Fri, 2 Aug 2002 10:41:27 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C23A32.AEEEDA20"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C23A32.AEEEDA20
Content-Type: text/plain
Russ;
I think that including the id-RSAES-OAEP be used in the certificate subject
public key info field is the right way to go. The only other option that I
see is Extended Key Usage, but I don't think that EKU was meant to deal with
algorithm usages.
I do have one question though. If we go with your proposal, how would
certificates with rsaEncryption in the SubjectPublicKeyInfo
AlgorithmIdentifier be treated? My suggestion would be that any key
transport method (PKCS #1, OAEP, etc) could be used with these keys.
Anything else would be a redefinition of what that OID meant. Also, this
would allow people who want to use both algorithms with one key to continue
to do so. This would mean that id-RSAES-OAEP need only be included in the
subject public key info of certificates whose key is to be used solely with
OAEP, for everyone else nothing changes.
Robert.
> -----Original Message-----
> From: Housley, Russ [mailto:rhousley@rsasecurity.com]
> Sent: Thursday, August 01, 2002 5:01 PM
> To: ietf-smime@imc.org
> Subject: RSA OAEP Public Key Identification
>
>
>
> At the meeting in Yokohama, we discussed the RSA OAEP draft.
> One of the
> areas that was discussed was the security considerations
> section, where the
> document recommends that a key pair only be used for one
> purpose. Presently, we do not have a mechanism for
> identifying how a key
> holder would like to have their public key used.
>
> The certificate currently tells the message originator that
> the public key
> is an RSA key, and the key usage extension tells that the
> public key can be
> used for key transport. There is nothing to tell the message
> originator
> whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a
> particular
> key. So, there is no indication to the message originator
> that will allow
> the security consideration to be implemented.
>
> Here is my proposed solution: use a different algorithm
> identifier in the
> certificate.
>
> I suggest that the id-RSAES-OAEP be used in the certificate
> subject public
> key info field to indicate that the public key should ONLY be
> used with RSA
> OAEP.
>
> This proposal may make transition from RSA PKCS #1 v1.5 to
> RSA OAEP a bit
> more difficult, since it would not allow one key pair to be
> used with both
> algorithms. However, this is exactly what the security
> considerations
> recommend.
>
> Does anyone have concerns with this approach?
>
> If this approach is adopted, then a companion document in the
> PKIX working
> group for the proper handling of RSA OAEP (and probably RSA
> PSS) public
> keys will likely be needed.
>
> Russ
>
------_=_NextPart_001_01C23A32.AEEEDA20
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: RSA OAEP Public Key Identification</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Russ;</FONT>
</P>
<P><FONT SIZE=3D2>I think that including the id-RSAES-OAEP be used in =
the certificate subject public key info field is the right way to =
go. The only other option that I see is Extended Key Usage, but I =
don't think that EKU was meant to deal with algorithm =
usages.</FONT></P>
<P><FONT SIZE=3D2>I do have one question though. If we go with =
your proposal, how would certificates with rsaEncryption in the =
SubjectPublicKeyInfo AlgorithmIdentifier be treated? My =
suggestion would be that any key transport method (PKCS #1, OAEP, etc) =
could be used with these keys. Anything else would be a =
redefinition of what that OID meant. Also, this would allow =
people who want to use both algorithms with one key to continue to do =
so. This would mean that id-RSAES-OAEP need only be included in =
the subject public key info of certificates whose key is to be used =
solely with OAEP, for everyone else nothing changes.</FONT></P>
<P> <FONT =
SIZE=3D2>Robert.</FONT>
</P>
<P><FONT SIZE=3D2>> -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> From: Housley, Russ [<A =
HREF=3D"mailto:rhousley@rsasecurity.com">mailto:rhousley@rsasecurity.com=
</A>]</FONT>
<BR><FONT SIZE=3D2>> Sent: Thursday, August 01, 2002 5:01 PM</FONT>
<BR><FONT SIZE=3D2>> To: ietf-smime@imc.org</FONT>
<BR><FONT SIZE=3D2>> Subject: RSA OAEP Public Key =
Identification</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> At the meeting in Yokohama, we discussed the =
RSA OAEP draft. </FONT>
<BR><FONT SIZE=3D2>> One of the </FONT>
<BR><FONT SIZE=3D2>> areas that was discussed was the security =
considerations </FONT>
<BR><FONT SIZE=3D2>> section, where the </FONT>
<BR><FONT SIZE=3D2>> document recommends that a key pair only be =
used for one </FONT>
<BR><FONT SIZE=3D2>> purpose. Presently, we do not have a =
mechanism for </FONT>
<BR><FONT SIZE=3D2>> identifying how a key </FONT>
<BR><FONT SIZE=3D2>> holder would like to have their public key =
used.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> The certificate currently tells the message =
originator that </FONT>
<BR><FONT SIZE=3D2>> the public key </FONT>
<BR><FONT SIZE=3D2>> is an RSA key, and the key usage extension =
tells that the </FONT>
<BR><FONT SIZE=3D2>> public key can be </FONT>
<BR><FONT SIZE=3D2>> used for key transport. There is nothing =
to tell the message </FONT>
<BR><FONT SIZE=3D2>> originator </FONT>
<BR><FONT SIZE=3D2>> whether RSA PKCS #1 v1.5 or RSA OAEP ought to =
be used with a </FONT>
<BR><FONT SIZE=3D2>> particular </FONT>
<BR><FONT SIZE=3D2>> key. So, there is no indication to the =
message originator </FONT>
<BR><FONT SIZE=3D2>> that will allow </FONT>
<BR><FONT SIZE=3D2>> the security consideration to be =
implemented.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Here is my proposed solution: use a different =
algorithm </FONT>
<BR><FONT SIZE=3D2>> identifier in the </FONT>
<BR><FONT SIZE=3D2>> certificate.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> I suggest that the id-RSAES-OAEP be used in the =
certificate </FONT>
<BR><FONT SIZE=3D2>> subject public </FONT>
<BR><FONT SIZE=3D2>> key info field to indicate that the public key =
should ONLY be </FONT>
<BR><FONT SIZE=3D2>> used with RSA </FONT>
<BR><FONT SIZE=3D2>> OAEP.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> This proposal may make transition from RSA PKCS =
#1 v1.5 to </FONT>
<BR><FONT SIZE=3D2>> RSA OAEP a bit </FONT>
<BR><FONT SIZE=3D2>> more difficult, since it would not allow one =
key pair to be </FONT>
<BR><FONT SIZE=3D2>> used with both </FONT>
<BR><FONT SIZE=3D2>> algorithms. However, this is exactly what =
the security </FONT>
<BR><FONT SIZE=3D2>> considerations </FONT>
<BR><FONT SIZE=3D2>> recommend.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Does anyone have concerns with this =
approach?</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> If this approach is adopted, then a companion =
document in the </FONT>
<BR><FONT SIZE=3D2>> PKIX working </FONT>
<BR><FONT SIZE=3D2>> group for the proper handling of RSA OAEP (and =
probably RSA </FONT>
<BR><FONT SIZE=3D2>> PSS) public </FONT>
<BR><FONT SIZE=3D2>> keys will likely be needed.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Russ</FONT>
<BR><FONT SIZE=3D2>> </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C23A32.AEEEDA20--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g72DalU13706 for ietf-smime-bks; Fri, 2 Aug 2002 06:36:47 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g72Dafw13697 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 06:36:41 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 2 Aug 2002 13:36:42 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id JAA27674 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 09:36:41 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g72DYY401900 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 09:34:34 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <3TPVDB2Z>; Fri, 2 Aug 2002 09:36:39 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.7]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPVDB2W; Fri, 2 Aug 2002 09:36:33 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: pgut001@cs.aucKland.ac.nz
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020802092713.034cb118@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 02 Aug 2002 09:34:42 -0400
Subject: Re: RSA OAEP Public Key Identification
In-Reply-To: <200208020849.UAA63374@ruru.cs.auckland.ac.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Peter:
SMIMECapabilities cannot solve this problem.
Suppose that I have two certificates, each with an RSA public key. I want
to use one of the public keys with PKCS #1 v1.5 and the other with
OAEP. In the current approach, both certificates have a key usage of
keyEncipherment, and both certificates have a SubjectPublicKeyInfo
AlgorithmIdentifier of rsaEncryption. Also, SMIMECapabilities indicates
both PKCS #1 v1.5 and OAEP. Therefore, a message originator has no idea
which public key to use with PKCS #1 v1.5 and vice versa.
The security considerations section is prudent; it recommends that just one
content-encryption key scheme be used with a particular key pair. The
current approach does not give the message originator sufficient
information to implement it.
Russ
At 08:49 PM 8/2/2002 +1200, Peter Gutmann wrote:
>"Housley, Russ" <rhousley@rsasecurity.com> writes:
>
> >Here is my proposed solution: use a different algorithm identifier in the
> >certificate. I suggest that the id-RSAES-OAEP be used in the certificate
> >subject public key info field to indicate that the public key should ONLY be
> >used with RSA OAEP.
>
>Hmm, I can see some problems with this. From the technical point of view it's
>probably the easiest way to do it, but I can see horrible deployment problems.
>What you're doing is creating something which quacks like an RSA key but which
>will fail to work with anything which normally uses RSA keys. I think I'd
>have quite some problems laying this out for developers, let alone end users -
>all they'd see is an RSA key which doesn't work properly.
>
>I'm also not sure that this is an algorithm issue. An RSA key is an RSA key,
>whether you use it for PKCS #1, 9796, X9.31, or OAEP. We don't ship them with
>OIDs saying they can't be used to wrap RC4/40 keys, or used on public internet
>terminals, or fed to your parrot.
>
>I'd prefer to delegate this to the application (via SMIMECapabilities) like
>most other stuff of this nature. Alternatively, create an extKeyUsage or
>something, but creating a cert which (deliberately) doesn't work properly when
>you try and use it really seems to be asking for trouble.
>
>Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g72DahA13701 for ietf-smime-bks; Fri, 2 Aug 2002 06:36:43 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g72Dafw13696 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 06:36:41 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 2 Aug 2002 13:36:42 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id JAA27676 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 09:36:41 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g72DYYb01901 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 09:34:34 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <3TPVDB2Y>; Fri, 2 Aug 2002 09:36:39 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.7]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPVDB2V; Fri, 2 Aug 2002 09:36:33 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: jimsch@exmsft.com
Cc: ietf-smime@imc.org
Message-Id: <5.1.0.14.2.20020802092452.03476690@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 02 Aug 2002 09:26:03 -0400
Subject: RE: RSA OAEP Public Key Identification
In-Reply-To: <004201c239f6$76782ac0$0e00a8c0@soaringhawk.net>
References: <5.1.0.14.2.20020801164734.03632608@exna07.securitydynamics.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Jim:
Yes, it could all be in one document. At some point, when RFC 3279 is
updated, the certificate-relevant information should go there.
Russ
At 12:30 AM 8/2/2002 -0700, Jim Schaad wrote:
>Russ,
>
>I do like the idea of specifying a different key identificater OID for
>RSA OAEP. I don't like the idea of spreading this information over
>multiple documents. (How do to the Certificate in one draft, how to use
>in CMS in a second draft, possiblibly a third thing in a third draft.)
>Can we combine together some of the specification?
>
>jim
>
> > -----Original Message-----
> > From: owner-ietf-smime@mail.imc.org
> > [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Housley, Russ
> > Sent: Thursday, August 01, 2002 2:01 PM
> > To: ietf-smime@imc.org
> > Subject: RSA OAEP Public Key Identification
> >
> >
> >
> > At the meeting in Yokohama, we discussed the RSA OAEP draft.
> > One of the
> > areas that was discussed was the security considerations
> > section, where the
> > document recommends that a key pair only be used for one
> > purpose. Presently, we do not have a mechanism for
> > identifying how a key
> > holder would like to have their public key used.
> >
> > The certificate currently tells the message originator that
> > the public key
> > is an RSA key, and the key usage extension tells that the
> > public key can be
> > used for key transport. There is nothing to tell the message
> > originator
> > whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a
> > particular
> > key. So, there is no indication to the message originator
> > that will allow
> > the security consideration to be implemented.
> >
> > Here is my proposed solution: use a different algorithm
> > identifier in the
> > certificate.
> >
> > I suggest that the id-RSAES-OAEP be used in the certificate
> > subject public
> > key info field to indicate that the public key should ONLY be
> > used with RSA
> > OAEP.
> >
> > This proposal may make transition from RSA PKCS #1 v1.5 to
> > RSA OAEP a bit
> > more difficult, since it would not allow one key pair to be
> > used with both
> > algorithms. However, this is exactly what the security
> > considerations
> > recommend.
> >
> > Does anyone have concerns with this approach?
> >
> > If this approach is adopted, then a companion document in the
> > PKIX working
> > group for the proper handling of RSA OAEP (and probably RSA
> > PSS) public
> > keys will likely be needed.
> >
> > Russ
> >
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g72C7nX09340 for ietf-smime-bks; Fri, 2 Aug 2002 05:07:49 -0700 (PDT)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g72C7mw09334 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 05:07:48 -0700 (PDT)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA15766; Fri, 2 Aug 2002 08:06:37 -0400 (EDT)
Message-Id: <200208021206.IAA15766@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-smime@imc.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-smime-cms-rsaes-oaep-05.txt
Date: Fri, 02 Aug 2002 08:06:37 -0400
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.
Title : Use of the RSAES-OAEP Transport Algorithm in CMS
Author(s) : R. Housley
Filename : draft-ietf-smime-cms-rsaes-oaep-05.txt
Pages : 13
Date : 01-Aug-02
This document describes the use of the RSAES-OAEP key transport
method of key management within the Cryptographic Message Syntax
(CMS).
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-rsaes-oaep-05.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-smime-cms-rsaes-oaep-05.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-smime-cms-rsaes-oaep-05.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ietf.org"
Content-Type: text/plain
Content-ID: <20020801153428.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-smime-cms-rsaes-oaep-05.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-smime-cms-rsaes-oaep-05.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <20020801153428.I-D@ietf.org>
--OtherAccess--
--NextPart--
Received: by above.proper.com (8.11.6/8.11.3) id g728nTg24579 for ietf-smime-bks; Fri, 2 Aug 2002 01:49:29 -0700 (PDT)
Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g728nRw24569 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 01:49:27 -0700 (PDT)
Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.4/8.12.4) with ESMTP id g728nLq9015419; Fri, 2 Aug 2002 20:49:21 +1200
Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id UAA63374; Fri, 2 Aug 2002 20:49:18 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Date: Fri, 2 Aug 2002 20:49:18 +1200 (NZST)
Message-ID: <200208020849.UAA63374@ruru.cs.auckland.ac.nz>
From: pgut001@cs.aucKland.ac.nz (Peter Gutmann)
To: ietf-smime@imc.org, rhousley@rsasecurity.com
Subject: Re: RSA OAEP Public Key Identification
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
"Housley, Russ" <rhousley@rsasecurity.com> writes:
>Here is my proposed solution: use a different algorithm identifier in the
>certificate. I suggest that the id-RSAES-OAEP be used in the certificate
>subject public key info field to indicate that the public key should ONLY be
>used with RSA OAEP.
Hmm, I can see some problems with this. From the technical point of view it's
probably the easiest way to do it, but I can see horrible deployment problems.
What you're doing is creating something which quacks like an RSA key but which
will fail to work with anything which normally uses RSA keys. I think I'd
have quite some problems laying this out for developers, let alone end users -
all they'd see is an RSA key which doesn't work properly.
I'm also not sure that this is an algorithm issue. An RSA key is an RSA key,
whether you use it for PKCS #1, 9796, X9.31, or OAEP. We don't ship them with
OIDs saying they can't be used to wrap RC4/40 keys, or used on public internet
terminals, or fed to your parrot.
I'd prefer to delegate this to the application (via SMIMECapabilities) like
most other stuff of this nature. Alternatively, create an extKeyUsage or
something, but creating a cert which (deliberately) doesn't work properly when
you try and use it really seems to be asking for trouble.
Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g727VcL11844 for ietf-smime-bks; Fri, 2 Aug 2002 00:31:38 -0700 (PDT)
Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g727Vbw11840 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 00:31:37 -0700 (PDT)
Received: from revelation ([12.230.156.246]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020802073132.DPIE19356.rwcrmhc51.attbi.com@revelation>; Fri, 2 Aug 2002 07:31:32 +0000
Reply-To: <jimsch@exmsft.com>
From: "Jim Schaad" <jimsch@nwlink.com>
To: "'Housley, Russ'" <rhousley@rsasecurity.com>, <ietf-smime@imc.org>
Subject: RE: RSA OAEP Public Key Identification
Date: Fri, 2 Aug 2002 00:30:22 -0700
Message-ID: <004201c239f6$76782ac0$0e00a8c0@soaringhawk.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <5.1.0.14.2.20020801164734.03632608@exna07.securitydynamics.com>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Russ,
I do like the idea of specifying a different key identificater OID for
RSA OAEP. I don't like the idea of spreading this information over
multiple documents. (How do to the Certificate in one draft, how to use
in CMS in a second draft, possiblibly a third thing in a third draft.)
Can we combine together some of the specification?
jim
> -----Original Message-----
> From: owner-ietf-smime@mail.imc.org
> [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Housley, Russ
> Sent: Thursday, August 01, 2002 2:01 PM
> To: ietf-smime@imc.org
> Subject: RSA OAEP Public Key Identification
>
>
>
> At the meeting in Yokohama, we discussed the RSA OAEP draft.
> One of the
> areas that was discussed was the security considerations
> section, where the
> document recommends that a key pair only be used for one
> purpose. Presently, we do not have a mechanism for
> identifying how a key
> holder would like to have their public key used.
>
> The certificate currently tells the message originator that
> the public key
> is an RSA key, and the key usage extension tells that the
> public key can be
> used for key transport. There is nothing to tell the message
> originator
> whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a
> particular
> key. So, there is no indication to the message originator
> that will allow
> the security consideration to be implemented.
>
> Here is my proposed solution: use a different algorithm
> identifier in the
> certificate.
>
> I suggest that the id-RSAES-OAEP be used in the certificate
> subject public
> key info field to indicate that the public key should ONLY be
> used with RSA
> OAEP.
>
> This proposal may make transition from RSA PKCS #1 v1.5 to
> RSA OAEP a bit
> more difficult, since it would not allow one key pair to be
> used with both
> algorithms. However, this is exactly what the security
> considerations
> recommend.
>
> Does anyone have concerns with this approach?
>
> If this approach is adopted, then a companion document in the
> PKIX working
> group for the proper handling of RSA OAEP (and probably RSA
> PSS) public
> keys will likely be needed.
>
> Russ
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g727TTr11337 for ietf-smime-bks; Fri, 2 Aug 2002 00:29:29 -0700 (PDT)
Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g727TSw11330 for <ietf-smime@imc.org>; Fri, 2 Aug 2002 00:29:28 -0700 (PDT)
Received: from revelation ([12.230.156.246]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020802072922.DOGU19356.rwcrmhc51.attbi.com@revelation>; Fri, 2 Aug 2002 07:29:22 +0000
Reply-To: <jimsch@exmsft.com>
From: "Jim Schaad" <jimsch@nwlink.com>
To: "'Blake Ramsdell'" <blake@brutesquadlabs.com>
Cc: <ietf-smime@imc.org>
Subject: RE: AES and PKCS #1 v1.5 Issue
Date: Fri, 2 Aug 2002 00:28:12 -0700
Message-ID: <004101c239f6$29459800$0e00a8c0@soaringhawk.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <006001c2386d$682856a0$0700a8c0@brutesquadlabs.com>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Blake,
> -----Original Message-----
> From: owner-ietf-smime@mail.imc.org
> [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Blake Ramsdell
> Sent: Wednesday, July 31, 2002 1:37 AM
> To: jimsch@exmsft.com; 'Peter Gutmann'
> Cc: ietf-smime@imc.org
> Subject: Re: AES and PKCS #1 v1.5 Issue
>
>
>
> ----- Original Message -----
> From: "Jim Schaad" <jimsch@nwlink.com>
> To: "'Blake Ramsdell'" <blake@brutesquadlabs.com>; "'Peter
> Gutmann'" <pgut001@cs.auckland.ac.nz>
> Cc: <ietf-smime@imc.org>
> Sent: Tuesday, July 30, 2002 7:49 PM
> Subject: RE: AES and PKCS #1 v1.5 Issue
>
>
> > 4. [Blake] Specification purity says that key management and content
> > encryption documents should not restrict each other.
> > - Blake - I just completely disagree on this issue. I
> think that each
> > type of algorithm can put restrictions and updates on usage for the
> > other type. I believe that it is perfectly reasonable for a content
> > encryption algorithm to impose limitations on what key management
> > algorithms are allowed. It could also modify the algorithms as
> > necessary (for example the original drafts change the key derivation
> > algorithm used with AES and D-H). I can get behind the
> purity of one
> > algorithm-one document, but not that they cannot put restrictions on
> > each other.
>
> I did not say that an algorithm profile could not put a
> restriction its use with another algorithm. I said that if
> the reason for the restriction is not specific to the
> algorithm (in this case, the problems with PKCS #1 v1.5 are
> not specific to its use with AES), then it doesn't make sense
> to single it out in the algorithm profile.
>
> Once again, the problem is not specific to the exact
> combination of AES and PKCS #1 v1.5, and so we are not doing
> the right thing if we have not covered it adequately in
> either the CMS or MSG specification. If we're going to
> preclude the use of PKCS #1 v1.5, we should do it completely
> or not at all. It is unreasonable, redundant and wasteful to
> mandate that all future symmetric algorithm profiles include
> information about just how bad PKCS #1 v1.5 is, when we can
> just provide guidance for the use / nonuse of PKCS #1 v1.5 in
> CMS or MSG or some other general specification.
>
> The point is not that AES should not use PKCS #1 v1.5, the
> point is that if AES should not use PKCS #1 v1.5, then no
> future symmetric algorithm should use PKCS #1 v1.5. Existing
> algorithms can be grandfathered, and we progress using new
> guidelines for key wrapping. For each draft author to take
> their own individual stand on this issue and put their own
> take on this into their draft doesn't seem productive.
>
> In my mind, we are in one of two states at this point:
>
> 1. CMS and MSG are completely reasonable in their treatment
> of PKCS #1 v1.5, and no language with respect to this is
> required in the AES draft. If this is the case, I recommend
> that we remove the PKCS #1 v1.5 specific language from the AES draft.
>
> 2. CMS and MSG are incomplete in their treatment of PKCS #1
> v1.5, and the language in the AES specification is attempting
> to remedy this. If this is the case, I recommend that we
> remove the PKCS #1 v1.5 specific language from the AES draft,
> and clarify the language accordingly in CMS and MSG.
>
> Blake
>
First, I would argue that the language to deal with this in MSG must be
considered to be extranious and could be removed altogether as far as I
am concerned. Any argument based on it's presense in MSG is S/MIME
based on CMS based.
Second, CMS currently does not have any restrictions in RFC 2630 or its
follow on about algorithms. This is by design and I still feel is
proper.
Third, we cannot suddenly outlaw PKCS #1 v1.5 without doing great harm
to the current community. [Side note, I think that outlawing MD2 would
not cause great harm but that is a different problem.] I don't have any
reason to believe that 3DES, RC2 and other algorithms of the same
general strength need to have a prohibition on v1.5 as they are the
current set of standards and we don't have an easy attack based on the
current uses.
Fourth, with the introduction of AES we are, in theory, bumping up the
level of difficulty in dealing with content encryption algorithms and
should fix any known key transport problems at the same time. This is
what I have attempted to do.
Last, I would be happy to move this language to CMSALG, but am unclear
as to how it should be phrased. You MUST only use with the following
content encryption algoriths? This would mean that either the list
would need to be exhaustive (3DES, RC2, CAST-128, IDEA,...) and these
standards would all need to be either informational or moved up the
standards track. Or it would be small (3DES and RC2) and all of the
other algorithms would need to be re-issued saying, and me too. But
this also violates your sense of purity. I am unable to come up with a
good way to specify this without putting it into the AES draft and I
feel strongly that this needs to be specified.
Jim
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g71L0rq10251 for ietf-smime-bks; Thu, 1 Aug 2002 14:00:53 -0700 (PDT)
Received: from vulcan.rsasecurity.com (mail.rsasecurity.com [204.167.114.123]) by above.proper.com (8.11.6/8.11.3) with SMTP id g71L0pw10245 for <ietf-smime@imc.org>; Thu, 1 Aug 2002 14:00:52 -0700 (PDT)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 1 Aug 2002 21:00:54 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id RAA23163 for <ietf-smime@imc.org>; Thu, 1 Aug 2002 17:00:54 -0400 (EDT)
Received: from exeu00.securid.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.10.2) with ESMTP id g71KwjN12567 for <ietf-smime@imc.org>; Thu, 1 Aug 2002 16:58:46 -0400 (EDT)
Received: by exeu00.eu.rsa.net with Internet Mail Service (5.5.2653.19) id <P68R531S>; Thu, 1 Aug 2002 22:04:05 +0100
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.9.27]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3TPVCZ4F; Thu, 1 Aug 2002 17:00:46 -0400
Message-Id: <5.1.0.14.2.20020801164734.03632608@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 01 Aug 2002 17:00:42 -0400
To: ietf-smime@imc.org
From: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: RSA OAEP Public Key Identification
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
At the meeting in Yokohama, we discussed the RSA OAEP draft. One of the
areas that was discussed was the security considerations section, where the
document recommends that a key pair only be used for one
purpose. Presently, we do not have a mechanism for identifying how a key
holder would like to have their public key used.
The certificate currently tells the message originator that the public key
is an RSA key, and the key usage extension tells that the public key can be
used for key transport. There is nothing to tell the message originator
whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a particular
key. So, there is no indication to the message originator that will allow
the security consideration to be implemented.
Here is my proposed solution: use a different algorithm identifier in the
certificate.
I suggest that the id-RSAES-OAEP be used in the certificate subject public
key info field to indicate that the public key should ONLY be used with RSA
OAEP.
This proposal may make transition from RSA PKCS #1 v1.5 to RSA OAEP a bit
more difficult, since it would not allow one key pair to be used with both
algorithms. However, this is exactly what the security considerations
recommend.
Does anyone have concerns with this approach?
If this approach is adopted, then a companion document in the PKIX working
group for the proper handling of RSA OAEP (and probably RSA PSS) public
keys will likely be needed.
Russ
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g71I6Bm02061 for ietf-smime-bks; Thu, 1 Aug 2002 11:06:11 -0700 (PDT)
Received: from wfhqex05.gfgsi.com (netva01.getronicsgov.com [67.105.229.98]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g71I6Bw02056 for <ietf-smime@imc.org>; Thu, 1 Aug 2002 11:06:11 -0700 (PDT)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: v2.1 S/MIME Freeware Library (SFL) Now Available
Date: Thu, 1 Aug 2002 14:06:07 -0400
Message-ID: <CB64F884F39FD2118EC600A024E6522C047677E9@wfhqex05.gfgsi.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: v2.1 S/MIME Freeware Library (SFL) Now Available
Thread-Index: AcI5hhsP6XOt1UY5R2CHe/iQEv/4vw==
From: "Pawling, John" <John.Pawling@GetronicsGov.com>
To: "SMIME WG (SMIME WG)" <ietf-smime@imc.org>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g71I6Bw02057
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
All,
Getronics Government Solutions has delivered the Version 2.1
S/MIME Freeware Library (SFL) source code. The SFL source code files
and documents are freely available at
<http://www.getronicsgov.com/hot/sfl_home.htm>.
The SFL implements the IETF S/MIME v3 RFC 2630 Cryptographic Message
Syntax (CMS) and RFC 2634 Enhanced Security Services (ESS)
specifications. It also implements portions of the RFC 2633 Message
Specification and RFC 2632 Certificate Handling document. When used in
conjunction with the Crypto++ freeware library, the SFL implements the
RFC 2631 Diffie-Hellman (D-H) Key Agreement Method specification. It
has been successfully tested using the Microsoft (MS) Windows
NT/98/2000/XP, Linux and Sun Solaris 2.8 operating systems. Further
enhancements, ports and testing of the SFL are still in process.
Further releases of the SFL will be provided as significant
capabilities are added.
The SFL has been successfully used to sign, verify, encrypt and decrypt
CMS/ESS objects using: DSA, E-S D-H, 3DES algorithms provided by the
Crypto++ library; RSA suite of algorithms provided by the RSA BSAFE 6.0
Crypto-C and Crypto++ libraries; and Fortezza suite of algorithms
provided by the Fortezza Crypto Card. The v2.1 SFL uses the v2.1
Certificate Management Library (CML) and v1.4 Enhanced SNACC (eSNACC)
ASN.1 C++ Library to encode/decode objects. The v2.1 SFL release
includes: SFL High-level library; Free (a.k.a. Crypto++) Crypto Token
Interface Library (CTIL); BSAFE CTIL; Fortezza CTIL; SPEX/ CTIL;
PKCS #11 CTIL; Microsoft CAPI v2.0 CTIL; test utilities; test drivers;
and test data. All CTILs were tested as Dynamically Linked Libraries
(DLL) using MS Windows. The Fortezza, BSAFE and Crypto++ CTILs
were tested with the respective security libraries as shared objects
using Linux and Solaris 2.8.
The SFL has been successfully used to exchange signedData and
envelopedData messages with the MS Internet Explorer Outlook Express
v4.01, Netscape Communicator 4.X, Entrust and Baltimore S/MIME
products. Signed messages have been exchanged with the RSA S/MAIL and
WorldTalk S/MIME v2 products.
The SFL has also been used to perform S/MIME v3 interoperability
testing with Microsoft that exercised the majority of the features
specified by RFCs 2630, 2631 and 2634. This testing included the RSA,
DSA, E-S D-H, 3DES, SHA and Fortezza algorithms. We used the SFL to
successfully process the SFL-supported sample data included in the
S/MIME WG "Examples of S/MIME Messages" document. We also used the
SFL to generate S/MIME v3 sample messages that were included in the
"Examples" document.
The use of the v2.1 SFL is described in the v2.1 SFL Application
Programming Interface (API) and v2.1 SFL Software Design Description
documents. The use of the v2.1 CTIL API is described in the v2.1
CTIL API document.
v2.1 SFL includes the following enhancements (compared to v2.0.1
(Patch A) SFL and CTIL releases):
1) To make it easier for integrators to retrieve and compile the
source code for the ACL, SFL and CML libraries, we delivered a
consolidated release zip file including the source code,
project files, make files, and readme files for
the SFL, CML, Storage Retrieval Library (SRL), ACL, CTIL, and
CTILManager libraries.
2) Eliminated SFL dependency on the LibCert dynamic library to
reduce the complexity of integrating the SFL into applications.
3) Enhanced SFL to provide the signer's certificate that matches
the Issuer/Serial (or keyId) of an application-designated
SignerInfo in a signedData object. We also enhanced the SFL to
provide the encrypter's certificate that matches the
Issuer/Serial (or keyId) of an application-designated
originatorInfo in an envelopedData object. This included
enhancing the SFL to use the SRL to store all certificates
and CRLs extracted from the signedData or envelopedData objects
into the SRL database.
4) Enhanced SFL to optionally use the CML to build and validate:
recipients' certification paths as part of encrypting S/MIME
messages; signer's certification path as part of verifying
signed messages; and encrypter's certification path (if
required for pairwise key generation) as part of decrypting
a message. This included enhancing the SFL to use the SRL to
retrieve certificates and CRLs from the SRL database. These
enhancements will significantly reduce the amount of time
required by vendors to integrate the CML and SFL into their
applications.
5) Enhanced SFL to use a standard Exception class that will
enable applications to catch all exceptions using the standard
class. This enhancement will reduce the amount of time
required to integrate the SFL, CML, ACL, and eSNACC libraries
into applications.
6) SFL was updated to fix minor memory leaks and bugs.
v2.1 CTILs include the following enhancements (compared to
v2.0.1 release):
1) Eliminated the CTIL Manager Library dependency on the
LibCert dynamic library to reduce the complexity of
integrating the CTILs into applications.
2) Enhanced CTILs to decode and decrypt PKCS #12 files.
This eliminates the dependency on the OpenSSL library and
significantly reduces the size of the CTILs that used OpenSSL.
3) Enhanced the CTIL API to allow all relevant crypto
algorithm(s) (i.e. hash, signature, encryption, decryption,
key management) to be specified per crypto operation.
4) Changed to use standard SMP Exception class derived
from C++ std::exception class.
5) MS CAPI CTIL was updated to fix minor memory leaks and bugs.
v2.1 CertificateBuilder utility includes the following enhancements
(compared to v2.0.1 release):
1) Added capability to generate X.509 (2000) Attribute Certificates
including X.501 Clearance attributes including user-selected values
extracted from Security Policy Information File (SPIF) for the
security policy.
2) Added capability to generate ESSSecurityLabels.
3) Enhanced to use the standard Exception class.
We are still in the process of enhancing and testing the SFL. Future
releases may include: additional PKCS #11 CTIL testing;
add "Certificate Management Messages over CMS" ASN.1 encode/decode
functions; add enhanced test routines; bug fixes; and support for
other operating systems.
The SFL is developed to maximize portability to 32-bit operating
systems. In addition to testing on MS Windows, Linux and Solaris 2.8,
we may port the SFL to other operating systems.
All source code for the SFL is being provided at no cost and with no
financial limitations regarding its use and distribution.
Organizations can use the SFL without paying any royalties or
licensing fees. Getronics is developing the SFL under contract to
the U.S. Government. The U.S. Government is furnishing the SFL
source code at no cost to the vendor subject to the conditions of
the "SFL Public License".
On 14 January 2000, the U.S. Department of Commerce, Bureau of
Export Administration published a new regulation implementing an update
to the U.S. Government's encryption export policy
<http://www.bxa.doc.gov/Encryption/Default.htm>. In accordance with
the revisions to the Export Administration Regulations (EAR) of 14 Jan
2000, the downloading of the SFL source code is not password controlled.
The SFL is composed of a high-level library that performs generic CMS
and ESS processing independent of the crypto algorithms used to
protect a specific object. The SFL high-level library makes calls to
an algorithm-independent CTIL API. The underlying, external crypto
token libraries are not distributed as part of the SFL source code.
The application developer must independently obtain these libraries and
then link them with the SFL.
The SFL uses the CML and eSNACC ASN.1 Library to encode/decode
certificates, ACs, CRLs and components thereof. The CML is freely
available at: <http://www.getronicsgov.com/hot/cml_home.htm>.
The SFL has been successfully tested in conjunction with the Access
Control Library (ACL) that is freely available to everyone from:
<http://www.getronicsgov.com/hot/acl_home.htm>.
The National Institute of Standards and Technology (NIST) is providing
test S/MIME messages (created by Getronics) at
<http://csrc.nist.gov/pki/testing/x509paths.html>.
Getronics used the SFL to successfully process the NIST test data.
NIST is using the SFL and CML as part of the NIST S/MIME Test
Facility (NSMTF) that they are planning to host (see
<http://csrc.ncsl.nist.gov/pki/smime/>). Vendors will be able to use
the NSMTF to help determine if their products comply with the
IETF S/MIME v3 specifications and the Federal S/MIME v3 Client Profile.
The SFL has been integrated into many applications to provide CMS/ESS
security services. For example, the SFL was integrated into a security
plug-in for a commercial e-mail application that enabled the
application to meet the Bridge Certification Authority Demonstration
Phase II requirements including implementing ESS features such as
security labels.
The Internet Mail Consortium (IMC) has established an SFL web page
<http://www.imc.org/imc-sfl>. The IMC has also established an SFL
mail list which is used to: distribute information regarding SFL
releases; discuss SFL-related issues; and provide a means for SFL
users to provide feedback, comments, bug reports, etc. Subscription
information for the imc-sfl mailing list is at the IMC web site
listed above.
All comments regarding the SFL source code and documents are welcome.
This SFL release announcement was sent to several mail lists, but
please send all messages regarding the SFL to the imc-sfl mail list
ONLY. Please do not send messages regarding the SFL to any of the IETF
mail lists. We will respond to all messages sent to the imc-sfl mail
list.
============================================
John Pawling, John.Pawling@GetronicsGov.com
Getronics Government Solutions, LLC
============================================
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g71Gmd925359 for ietf-smime-bks; Thu, 1 Aug 2002 09:48:39 -0700 (PDT)
Received: from wfhqex05.gfgsi.com (netva01.getronicsgov.com [67.105.229.98]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g71Gmdw25355 for <ietf-smime@imc.org>; Thu, 1 Aug 2002 09:48:39 -0700 (PDT)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: v1.4 Enhanced SNACC Freeware Now Available
Date: Thu, 1 Aug 2002 12:48:34 -0400
Message-ID: <CB64F884F39FD2118EC600A024E6522C046E7E24@wfhqex05.gfgsi.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: v1.4 Enhanced SNACC Freeware Now Available
Thread-Index: AcI5cp6Z14OJyzHGQ8i472hAAgjQnA==
From: "Pawling, John" <John.Pawling@GetronicsGov.com>
To: "SMIME WG (SMIME WG)" <ietf-smime@imc.org>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g71Gmdw25356
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
All,
Getronics Government Solutions has delivered the v1.4 eSNACC
Abstract Syntax Notation.1 (ASN.1) Compiler, C++ library and C library
source code compilable for Linux, Sun Solaris 2.8 and Microsoft (MS)
Windows NT/98/2000/XP. The eSNACC software is freely available to
everyone from: <http://www.getronicsgov.com/hot/snacc_home.htm>.
The eSNACC ASN.1 software can be used to ASN.1 encode and decode
objects. In past releases, Getronics improved the eSNACC C++
library to implement the Distinguished Encoding Rules (DER),
support large ASN.1 INTEGERs, and improve memory usage.
v1.4 eSNACC enhancements (compared to v1.3 R10 release):
1) Enhanced AsnInt class to support string form of large
integers (binary & hex strings).
2) Enhances AsnInt so that it does not use AsnOcts or
CSM_Buffer.
3) Remove CSM_Buffer as base class for AsnInt and all of
the string classes. Also deleted the xxxStringSNACC
classes (i.e., BMPStringSNACC).
4) Added the remaining asn-useful types (UTCTime,
GeneralizedTime, etc.) into eSNACC C and C++ libraries as
native built-in types. This removes the unnecessary
complexity of having to build a boot compiler prior to
building the final compiler.
5) Enhanced to use a standard Exception class derived from the
C++ std::exception class that will enable applications to catch
all exceptions using the standard class. This enhancement will
reduce the amount of time required to integrate the SFL, CML, ACL,
and eSNACC libraries into applications.
6) Re-wrote makefiles to make build process easier and faster.
7) Enhanced AsnBits class to construct BitStrings from
binary strings.
8) Added AsnSetOf and AsnSeqOf templates.
9) Moved BDecPdu to AsnType, so every type as access to it now.
This was done to reduce the number of symbols & methods the
compiler generates.
10) Enhanced compiler to remove -u switch because useful types
are now in the runtime library.
We successfully tested the v1.4 eSNACC ASN.1 C++ and C libraries
using the Simple Network Management Protocol (SNMP) v1 test
suite (18,000 test cases) developed by the University of Oulu.
We tested the v1.4 eSNACC release with the v2.1 S/MIME
Freeware Library (SFL) available from
<http://www.getronicsgov.com/hot/sfl_home.htm> that
uses the eSNACC ASN.1 software to encode and decode the IETF
S/MIME v3 Cryptographic Message Syntax (RFC 2630) and Enhanced
Security Services for S/MIME (RFC 2634) security protocol.
We tested the v1.4 eSNACC release with the freeware v2.1
Certificate Management Library (CML) available from
<http://www.getronicsgov.com/hot/cml_home.htm>
that uses the eSNACC ASN.1 software to encode and decode X.509
certificates, attribute certificates and Certificate Revocation
Lists as specified in the 2000 X.509 Recommendation.
We tested the v1.4 eSNACC release with the freeware v2.1
Access Control Library (ACL) available from
<http://www.getronicsgov.com/hot/acl_home.htm>
that uses the eSNACC ASN.1 software to encode and decode security
labels and other objects (such as Security Policy Information
Files) required to provide rule based automated access control
as specified in SDN.801.
The eSNACC ASN.1 software implements the majority of the
ASN.1 encoding/decoding rules as specified in the 1988 X.209
Recommendation. It implements the DER as specified in the 1997
X.690 Recommendation. It does not support all of the latest ASN.1
features, but there are strategies that allow it to be used to
produce ASN.1 hex encodings that are identical to those produced by
ASN.1 libraries that do support the latest ASN.1 features. Also note
that many of the PKIX specs, such as RFC 3280 and RFC 2630, include
1988-compliant ASN.1 syntax modules which can be compiled using the
eSNACC compiler. Getronics plans to enhance eSNACC to support
additional ASN.1 features.
The eSNACC ASN.1 library is totally unencumbered as stated
in the Enhanced SNACC Software Public License. All source code
for the eSNACC software is being provided at no cost and with no
financial limitations regarding its use and distribution.
Organizations can use the eSNACC software without paying
any royalties or licensing fees.
The Internet Mail Consortium (IMC) has established an eSNACC
web page <http://www.imc.org/imc-snacc/>. The IMC has established
an eSNACC mail list which is used to: distribute information
regarding eSNACC releases; discuss related issues; and
provide a means for integrators to provide feedback, comments,
bug reports, etc. Subscription information for the imc-snacc
mail list is at the IMC web site listed above.
We welcome all feedback regarding the eSNACC software.
If bugs are reported, then we will investigate each reported
bug and, if required, will produce a patch or an updated
release of the software to repair the bug.
This release announcement was sent to several mail lists,
but please send all messages regarding the eSNACC
software to the imc-snacc mail list ONLY. Please do not send
messages regarding the eSNACC software to any of the
IETF mail lists. We will respond to all messages sent to the
imc-snacc mail list.
===========================================
John Pawling, John.Pawling@GetronicsGov.com
Getronics Government Solutions, LLC
===========================================
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g71BkiJ10101 for ietf-smime-bks; Thu, 1 Aug 2002 04:46:44 -0700 (PDT)
Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g71Bkgw10090 for <ietf-smime@imc.org>; Thu, 1 Aug 2002 04:46:42 -0700 (PDT)
Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.4/8.12.4) with ESMTP id g71Bkbq9023137; Thu, 1 Aug 2002 23:46:37 +1200
Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id XAA447290; Thu, 1 Aug 2002 23:46:35 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Date: Thu, 1 Aug 2002 23:46:35 +1200 (NZST)
Message-ID: <200208011146.XAA447290@ruru.cs.auckland.ac.nz>
From: pgut001@cs.aucKland.ac.nz (Peter Gutmann)
To: Tperrin@sigaba.com, ietf-smime@imc.org, pgut001@cs.aucKland.ac.nz
Subject: RE: digested-data
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Trevor Perrin <Tperrin@sigaba.com> writes:
>I still don't understand why you can't do two layers in a single pass. I'd
>assume that at a certain point the inner layer is finished with the previous X
>bytes, so it could pass control to the outer layer who could chew on them, and
>when it's consumed that chunk, pass control back to the inner layer, etc..
>But I don't really know anything about ASN.1, so never mind..
I've been going through this in private mail with someone else, so I'll be lazy
and cut&paste:
-- Snip --
Changing a single byte of inner content can change several bytes of outer
content due to variable-length length-of-length encoding, and there are some
data lengths which can never be achieved, eg. when you move from a short-
encoded data length to a long-encoded one and adding a single byte to the data
also increases the length-of-length value. When you combine this with data
blocking requirements and requirements for PKCS #5 padding, it becomes
unworkably complex to implement and test unless you buffer an entire message,
in which case you're just doing a standard two-pass encoding.
>indefinite length constructed form.
That's the magic phrase. If you use definite-length encoding, it becomes an
unsolveable problem in the general case. You have to do this (use the use
definite-length form) because there are implementations which can't process
indefinite-length data ("Gee, we never thought anyone would use that!") or
process it really badly (bad buffer management, "Why is our code two orders of
magnitude slower than yours?").
-- Snip --
Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g719uro02517 for ietf-smime-bks; Thu, 1 Aug 2002 02:56:53 -0700 (PDT)
Received: from bsd.sigaba.com (bsd.sigaba.com [67.113.238.131]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g719upw02513 for <ietf-smime@imc.org>; Thu, 1 Aug 2002 02:56:51 -0700 (PDT)
Received: from exchange1.sigaba.com (exchange1.sigaba.com [10.10.10.10]) by bsd.sigaba.com (8.12.2/8.12.2) with ESMTP id g719ug3E007492; Thu, 1 Aug 2002 02:56:42 -0700
Received: by exchange.sigaba.com with Internet Mail Service (5.5.2653.19) id <QBYZ2XQB>; Thu, 1 Aug 2002 02:57:20 -0700
Message-ID: <2229B7848043D411881A00B0D0627EFEAD0402@exchange.sigaba.com>
From: Trevor Perrin <Tperrin@sigaba.com>
To: "'pgut001@cs.auckland.ac.nz'" <pgut001@cs.aucKland.ac.nz>, Trevor Perrin <Tperrin@sigaba.com>, "'ietf-smime@imc.org'" <ietf-smime@imc.org>
Subject: RE: digested-data
Date: Thu, 1 Aug 2002 02:57:19 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g719upw02514
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Hi Peter,
I still don't understand why you can't do two layers in a single pass. I'd
assume that at a certain point the inner layer is finished with the previous
X bytes, so it could pass control to the outer layer who could chew on them,
and when it's consumed that chunk, pass control back to the inner layer,
etc.. But I don't really know anything about ASN.1, so never mind..
Anyways, I was thinking S/MIME clients might reject a message that decrypts
with garbled, non-ASCII characters. Outlook Express at least doesn't.
Given CBC chaining it was easy to modify the ciphertext block previous to a
known plaintext block to change the known plaintext block to anything
desired, at the cost of garbling the modified block. Presumably I could cut
and paste chunks of ciphertext around as well, and with a stereotyped
plaintext and some experimentation I'm sure all sorts of devilment could be
done with that...
Maybe this is "working as designed", but I think most users of S/MIME would
be surprised. Has this been discussed before? Is there a group consensus
I'm unaware of? If not, is it worth trying to remedy this now?
modified plaintext line, as displayed by OE:
AAAAAAAAAAAAAAAAAAAAAAA8á8$2@ HELLOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Trevor
-----Original Message-----
From: pgut001@cs.auckland.ac.nz [mailto:pgut001@cs.auckland.ac.nz]
Sent: Sunday, July 28, 2002 8:55 PM
To: Tperrin@sigaba.com; ietf-smime@imc.org; pgut001@cs.auckland.ac.nz
Subject: RE: digested-data, surreptitious forwarding, D-H
Trevor Perrin <Tperrin@sigaba.com> writes:
>Interesting, I'd assumed that you could do multiple layers (like a
>digestedData and envelopedData, or signedData and envelopedData) in a
single
>pass, by hashing and then encrypting each content block, then moving to the
>next one, etc.. You're saying that this isn't possible,
It isn't, because of ASN.1 encoding restrictions. Changing a single byte of
inner content can change several bytes of outer content due to
variable-length
length-of-length encoding, and there are some data lengths which can never
be
achieved, eg. when you move from a short-encoded data length to a
long-encoded
one and adding a single byte to the data also increases the length-of-length
value. When you combine this with data blocking requirements and
requirements
for PKCS #5 padding, it becomes unworkably complex to implement and test
unless
you buffer an entire message, in which case you're just doing a standard
two-
pass encoding.
>but the scheme below can be done in one pass?
Sure, since the encoding is one-step. With DigestedData you're
encapsulating
the entire data block just to add a 20-byte hash at the end. All this does
it add the hash at the end of the EncryptedData.
Peter.
- [[893412646]] Subscription to ietf-smime for smim… subs-reminder