From owner-ietf-smime-examples Tue Jul 27 12:02:37 1999 Received: by mail.proper.com (8.9.3/8.9.3) id MAA29807 for ietf-smime-examples-bks; Tue, 27 Jul 1999 12:02:37 -0700 (PDT) Received: from aum (ip11.proper.com [165.227.249.11]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id MAA29803 for ; Tue, 27 Jul 1999 12:02:35 -0700 (PDT) Message-Id: <4.2.0.58.19990727120302.009dddb0@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Tue, 27 Jul 1999 12:04:38 -0700 To: ietf-smime-examples@imc.org From: Paul Hoffman / IMC Subject: Starting the ietf-smime-examples list Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime-examples@imc.imc.org Precedence: bulk List-Archive: List-Unsubscribe: Greetings. So, the next step is for people to start sending in examples of keys and certs and objects. Please send these to me directly, so I can encode them and tell the list what we have. I believe that this message will be followed by Andrew Farrell who has a question about some of the key wrapping we have in the current doc. --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Tue Jul 27 13:16:09 1999 Received: (from majordomo@localhost) by mail.proper.com (8.9.3/8.9.3) id NAA01317 for ietf-smime-examples-bks; Tue, 27 Jul 1999 13:16:09 -0700 (PDT) Received: from puma.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id NAA01313 for ; Tue, 27 Jul 1999 13:16:07 -0700 (PDT) Received: by puma.baltimore.ie; id WAA04274; Tue, 27 Jul 1999 22:11:31 +0100 (GMT/IST) Received: from bobcat.baltimore.ie(192.168.20.10) by puma.baltimore.ie via smap (4.1) id xma004267; Tue, 27 Jul 99 22:10:34 +0100 Received: from ocelot.baltimore.ie (IDENT:root@ocelot.baltimore.ie [192.168.21.10]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id VAA08823 for ; Tue, 27 Jul 1999 21:18:57 +0100 Received: from ocelot.baltimore.ie (afarrell@localhost [127.0.0.1]) by ocelot.baltimore.ie (8.8.7/8.8.7) with ESMTP id VAA01981 for ; Tue, 27 Jul 1999 21:18:11 +0100 Message-Id: <199907272018.VAA01981@ocelot.baltimore.ie> To: ietf-smime-examples@imc.org Subject: Re: Starting the ietf-smime-examples list In-Reply-To: Your message of "Tue, 27 Jul 1999 12:04:38 PDT." <4.2.0.58.19990727120302.009dddb0@mail.imc.org> Date: Tue, 27 Jul 1999 21:18:11 +0100 From: Andrew Farrell Sender: owner-ietf-smime-examples@imc.imc.org Precedence: bulk List-Archive: List-Unsubscribe: Paul wrote: >Greetings. So, the next step is for people to start sending in examples of >keys and certs and objects. Please send these to me directly, so I can >encode them and tell the list what we have. Unclear: Do you mean the ietf-smime list? Because if so, I'd rather send examples and so on to this list. >I believe that this message will be followed by Andrew Farrell who has >a question about some of the key wrapping we have in the current doc. 'sright. Firstly, I agree with Alexy Shamov's observation that the example in the document only makes sense if the RC2 encryptions are done at 40bit effective length, and note that the results he gets for 128-bit effective length are identical to the ones I mailed around at Oslo (which went to Jim, and Paul, and Bob Colestock, I think). Secondly, these are what I'd consider the relevant references in the S/MIME RFCs: CMS 12.3.1: For key agreement of RC2 key-encryption keys, 128 bits must be generated as input to the key expansion process used to compute the RC2 effective key [RC2]. CMS 12.3.3.2: Only 128-bit RC2 keys may be used as key-encryption keys, and they must be used with the RC2ParameterVersion parameter set to 58. CMS 12.6: The key-encryption key is generated by the key agreement algorithm or distributed out of band. For key agreement of RC2 key-encryption keys, 128 bits must be generated as input to the key expansion process used to compute the RC2 effective key [RC2]. CMS Security Considerations: When using key agreement algorithms or previously distributed symmetric key-encryption keys, a key-encryption key is used to encrypt the content-encryption key. If the key-encryption and content-encryption algorithms are different, the effective security is determined by the weaker of the two algorithms. If, for example, a message content is encrypted with 168-bit Triple-DES and the Triple-DES content-encryption key is wrapped with a 40-bit RC2 key, then at most 40 bits of protection is provided. A trivial search to determine the value of the 40-bit RC2 key can recover Triple-DES key, and then the Triple-DES key can be used to decrypt the content. Therefore, implementers must ensure that key-encryption algorithms are as strong or stronger than content-encryption algorithms. X942 2.1.4 RC2 effective key lengths are equal to RC2 real key lengths. So, apart from a potentially misleading sentence in the security considerations, I don't see any evidence that the effective length of the RC2 KEK in 12.6.4 can be anything other that 128 bits, in a S/MIME context. Thirdly, I can verify Jim's Triple-DES keywrapping that Russ already verified:) Any thoughts? Andrew. From owner-ietf-smime-examples Tue Jul 27 13:28:53 1999 Received: by mail.proper.com (8.9.3/8.9.3) id NAA01597 for ietf-smime-examples-bks; Tue, 27 Jul 1999 13:28:53 -0700 (PDT) Received: from aum (ip11.proper.com [165.227.249.11]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id NAA01592; Tue, 27 Jul 1999 13:28:49 -0700 (PDT) Message-Id: <4.2.0.58.19990727132910.0234c150@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Tue, 27 Jul 1999 13:30:49 -0700 To: Andrew Farrell , ietf-smime-examples@imc.org From: Paul Hoffman / IMC Subject: Triple-wrap exampes (was: Re: Starting the ietf-smime-examples list ) In-Reply-To: <199907272018.VAA01981@ocelot.baltimore.ie> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime-examples@imc.imc.org Precedence: bulk List-Archive: List-Unsubscribe: At 09:18 PM 7/27/1999 +0100, Andrew Farrell wrote: >'sright. Firstly, I agree with Alexy Shamov's observation that the >example in the document only makes sense if the RC2 encryptions are done >at 40bit effective length, and note that the results he gets for >128-bit effective length are identical to the ones I mailed around at >Oslo (which went to Jim, and Paul, and Bob Colestock, I think). From this, I take it that you believe that the examples in the -01 draft are wrong. This is bad, although it is good because we can then use this as an example of doing it wrong. --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Tue Jul 27 13:28:54 1999 Received: by mail.proper.com (8.9.3/8.9.3) id NAA01603 for ietf-smime-examples-bks; Tue, 27 Jul 1999 13:28:54 -0700 (PDT) Received: from aum (ip11.proper.com [165.227.249.11]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id NAA01590; Tue, 27 Jul 1999 13:28:49 -0700 (PDT) Message-Id: <4.2.0.58.19990727132800.02572c90@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Tue, 27 Jul 1999 13:29:08 -0700 To: Andrew Farrell , ietf-smime-examples@imc.org From: Paul Hoffman / IMC Subject: Re: Starting the ietf-smime-examples list In-Reply-To: <199907272018.VAA01981@ocelot.baltimore.ie> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime-examples@imc.imc.org Precedence: bulk List-Archive: List-Unsubscribe: At 09:18 PM 7/27/1999 +0100, Andrew Farrell wrote: >Paul wrote: > > >Greetings. So, the next step is for people to start sending in examples of > >keys and certs and objects. Please send these to me directly, so I can > >encode them and tell the list what we have. > >Unclear: Do you mean the ietf-smime list? Because if so, I'd rather send >examples and so on to this list. I mean on this list. Again, the purpose of this list is to vet the actual binary things we put into the draft. Any suggestions such as "let's add an example of foo" should be done on the main ietf-smime list. --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Wed Aug 11 13:36:39 1999 Received: by mail.proper.com (8.9.3/8.9.3) id NAA16379 for ietf-smime-examples-bks; Wed, 11 Aug 1999 13:36:39 -0700 (PDT) Received: from aum (ip11.proper.com [165.227.249.11]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id NAA16375 for ; Wed, 11 Aug 1999 13:36:38 -0700 (PDT) Message-Id: <4.2.0.58.19990811133053.0097ef00@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Wed, 11 Aug 1999 13:35:30 -0700 To: ietf-smime-examples@imc.org From: Paul Hoffman / IMC Subject: First submissions Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: Hi there. Blake Ramsdell was the first to submit potential examples to be used in the examples draft. Please see for links to the binaries that Blake made for the RSA-based certs. If you can analyze Blake's certs, please do so, and comment on this list. If any you have other things to contribute (like DH examples, hmmm?), please start the work on those now. I'm leaving for ten days of vacation with no computer access, so I won't be able to post them until I get back, but you all can start posting some guesses on your own sites and passing them around by hand. Please do *not* mail binaries to this list, given the number of people who are just watching. As soon as I get back, I'll get any other contributions up on the site. --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Wed Aug 11 16:08:52 1999 Received: by mail.proper.com (8.9.3/8.9.3) id QAA18378 for ietf-smime-examples-bks; Wed, 11 Aug 1999 16:08:52 -0700 (PDT) Received: from aum (ip11.proper.com [165.227.249.11]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id QAA18374 for ; Wed, 11 Aug 1999 16:08:51 -0700 (PDT) Message-Id: <4.2.0.58.19990811160633.00b63280@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Wed, 11 Aug 1999 16:07:31 -0700 To: ietf-smime-examples@imc.org From: Paul Hoffman / IMC Subject: Re: First submissions In-Reply-To: <4.2.0.58.19990811133053.0097ef00@mail.imc.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: I misunderstood Blake when he gave me the certs, and I didn't realize he had used Anderew Farrell's keys. So, I've added the RSA keys that Andrew generated that Blake used on the site as well. Please do check that Andrew's keys are good as well. Thanks! --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Mon Aug 16 12:00:55 1999 Received: by mail.proper.com (8.9.3/8.9.3) id MAA02666 for ietf-smime-examples-bks; Mon, 16 Aug 1999 12:00:55 -0700 (PDT) Received: from dfssl.exchange.microsoft.com (dfssl.exchange.microsoft.com [131.107.88.59]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id MAA02661 for ; Mon, 16 Aug 1999 12:00:54 -0700 (PDT) Received: by dfssl with Internet Mail Service (5.5.2650.14) id ; Mon, 16 Aug 1999 11:58:05 -0700 Message-ID: <2FBF98FC7852CF11912A0000000000010ECB610B@DINO> From: "Jim Schaad (Exchange)" To: "'Andrew Farrell'" , ietf-smime-examples@imc.org Subject: RE: Starting the ietf-smime-examples list Date: Mon, 16 Aug 1999 11:57:59 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.14) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: I agree that the example for RC2 128bit encryption is incorrect. I will verify Andrew's vectors later today. -----Original Message----- From: Andrew Farrell [mailto:afarrell@baltimore.ie] Sent: Tuesday, July 27, 1999 1:18 PM To: ietf-smime-examples@imc.org Subject: Re: Starting the ietf-smime-examples list Paul wrote: >Greetings. So, the next step is for people to start sending in examples of >keys and certs and objects. Please send these to me directly, so I can >encode them and tell the list what we have. Unclear: Do you mean the ietf-smime list? Because if so, I'd rather send examples and so on to this list. >I believe that this message will be followed by Andrew Farrell who has >a question about some of the key wrapping we have in the current doc. 'sright. Firstly, I agree with Alexy Shamov's observation that the example in the document only makes sense if the RC2 encryptions are done at 40bit effective length, and note that the results he gets for 128-bit effective length are identical to the ones I mailed around at Oslo (which went to Jim, and Paul, and Bob Colestock, I think). Secondly, these are what I'd consider the relevant references in the S/MIME RFCs: CMS 12.3.1: For key agreement of RC2 key-encryption keys, 128 bits must be generated as input to the key expansion process used to compute the RC2 effective key [RC2]. CMS 12.3.3.2: Only 128-bit RC2 keys may be used as key-encryption keys, and they must be used with the RC2ParameterVersion parameter set to 58. CMS 12.6: The key-encryption key is generated by the key agreement algorithm or distributed out of band. For key agreement of RC2 key-encryption keys, 128 bits must be generated as input to the key expansion process used to compute the RC2 effective key [RC2]. CMS Security Considerations: When using key agreement algorithms or previously distributed symmetric key-encryption keys, a key-encryption key is used to encrypt the content-encryption key. If the key-encryption and content-encryption algorithms are different, the effective security is determined by the weaker of the two algorithms. If, for example, a message content is encrypted with 168-bit Triple-DES and the Triple-DES content-encryption key is wrapped with a 40-bit RC2 key, then at most 40 bits of protection is provided. A trivial search to determine the value of the 40-bit RC2 key can recover Triple-DES key, and then the Triple-DES key can be used to decrypt the content. Therefore, implementers must ensure that key-encryption algorithms are as strong or stronger than content-encryption algorithms. X942 2.1.4 RC2 effective key lengths are equal to RC2 real key lengths. So, apart from a potentially misleading sentence in the security considerations, I don't see any evidence that the effective length of the RC2 KEK in 12.6.4 can be anything other that 128 bits, in a S/MIME context. Thirdly, I can verify Jim's Triple-DES keywrapping that Russ already verified:) Any thoughts? Andrew. From owner-ietf-smime-examples Mon Aug 16 15:41:03 1999 Received: by mail.proper.com (8.9.3/8.9.3) id PAA05810 for ietf-smime-examples-bks; Mon, 16 Aug 1999 15:41:03 -0700 (PDT) Received: from doggate.exchange.microsoft.com (doggate.exchange.microsoft.com [131.107.88.55]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id PAA05806 for ; Mon, 16 Aug 1999 15:41:02 -0700 (PDT) Received: by doggate.exchange.microsoft.com with Internet Mail Service (5.5.2232.9) id ; Mon, 16 Aug 1999 15:39:02 -0700 Message-ID: <2FBF98FC7852CF11912A0000000000010ECB6114@DINO> From: "Jim Schaad (Exchange)" To: ietf-smime-examples@imc.org Subject: RE: First submissions Date: Mon, 16 Aug 1999 15:39:01 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: I really think that there are two things I would like to change about Carl's certificate. 1. The CN should reflect the algorithm so we don't end up with cn=carl for both the RSA and DSS root certificates. 2. The Key Usage needs to include CRL issuence as well. jim -----Original Message----- From: Paul Hoffman / IMC [mailto:phoffman@imc.org] Sent: Wednesday, August 11, 1999 1:36 PM To: ietf-smime-examples@imc.org Subject: First submissions Hi there. Blake Ramsdell was the first to submit potential examples to be used in the examples draft. Please see for links to the binaries that Blake made for the RSA-based certs. If you can analyze Blake's certs, please do so, and comment on this list. If any you have other things to contribute (like DH examples, hmmm?), please start the work on those now. I'm leaving for ten days of vacation with no computer access, so I won't be able to post them until I get back, but you all can start posting some guesses on your own sites and passing them around by hand. Please do *not* mail binaries to this list, given the number of people who are just watching. As soon as I get back, I'll get any other contributions up on the site. --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Mon Aug 16 15:53:39 1999 Received: by mail.proper.com (8.9.3/8.9.3) id PAA06016 for ietf-smime-examples-bks; Mon, 16 Aug 1999 15:53:39 -0700 (PDT) Received: from cane.deming.com (mail.deming.com [208.236.41.137]) by mail.proper.com (8.9.3/8.9.3) with SMTP id PAA06012 for ; Mon, 16 Aug 1999 15:53:37 -0700 (PDT) Received: from 208.236.41.137 by cane.deming.com with ESMTP (WorldSecure Server SMTP Relay(WSS) v3.6.2); Mon, 16 Aug 99 15:54:02 -0700 X-Server-Uuid: 1a012586-24e9-11d1-adae-00a024bc53c5 Received: by mail.deming.com with Internet Mail Service (5.5.2232.9) id ; Mon, 16 Aug 1999 15:54:02 -0700 Message-ID: <01FF24001403D011AD7B00A024BC53C563E6D8@mail.deming.com> From: "Blake Ramsdell" To: "'Jim Schaad (Exchange)'" , ietf-smime-examples@imc.org Subject: RE: First submissions Date: Mon, 16 Aug 1999 15:54:01 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) X-WSS-ID: 1BA649009195-01-01 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: > -----Original Message----- > From: Jim Schaad (Exchange) [mailto:jimsch@EXCHANGE.MICROSOFT.com] > Sent: Monday, August 16, 1999 3:39 PM > To: ietf-smime-examples@imc.org > Subject: RE: First submissions > > 1. The CN should reflect the algorithm so we don't end up > with cn=carl for > both the RSA and DSS root certificates. Agree. Recommend that this be changed to CarlRSASelf and CarlDSSSelf. While we're on the subject, should the EE certificates have the full name in the CN also? For instance, cn=AliceRSASignByCarl (currently it is cn=Alice). > 2. The Key Usage needs to include CRL issuence as well. Agree -- just so that we're on the same page, do you agree that it currently indicates that keyCertSign is asserted? I will add cRLSign to the next version. Blake From owner-ietf-smime-examples Mon Aug 16 16:27:50 1999 Received: by mail.proper.com (8.9.3/8.9.3) id QAA06393 for ietf-smime-examples-bks; Mon, 16 Aug 1999 16:27:50 -0700 (PDT) Received: from doggate.exchange.microsoft.com (doggate.exchange.microsoft.com [131.107.88.55]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id QAA06389 for ; Mon, 16 Aug 1999 16:27:49 -0700 (PDT) Received: by doggate.exchange.microsoft.com with Internet Mail Service (5.5.2232.9) id ; Mon, 16 Aug 1999 16:25:49 -0700 Message-ID: <2FBF98FC7852CF11912A0000000000010ECB6115@DINO> From: "Jim Schaad (Exchange)" To: "'Blake Ramsdell'" , "Jim Schaad (Exchange)" , ietf-smime-examples@imc.org Subject: RE: First submissions Date: Mon, 16 Aug 1999 16:25:48 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: > -----Original Message----- > From: Blake Ramsdell [mailto:BlakeR@deming.com] > Sent: Monday, August 16, 1999 3:54 PM > To: 'Jim Schaad (Exchange)'; ietf-smime-examples@imc.org > Subject: RE: First submissions > > > > -----Original Message----- > > From: Jim Schaad (Exchange) [mailto:jimsch@EXCHANGE.MICROSOFT.com] > > Sent: Monday, August 16, 1999 3:39 PM > > To: ietf-smime-examples@imc.org > > Subject: RE: First submissions > > > > 1. The CN should reflect the algorithm so we don't end up > > with cn=carl for > > both the RSA and DSS root certificates. > > Agree. Recommend that this be changed to CarlRSASelf and CarlDSSSelf. > > While we're on the subject, should the EE certificates have > the full name in > the CN also? For instance, cn=AliceRSASignByCarl (currently it is > cn=Alice). Yes -- I think that both the cn= and the email address in the subject-alt-name should also be changed. > > > 2. The Key Usage needs to include CRL issuence as well. > > Agree -- just so that we're on the same page, do you agree > that it currently > indicates that keyCertSign is asserted? Yes it currently is --- Certificate Signing (04) > > I will add cRLSign to the next version. > > Blake > From owner-ietf-smime-examples Mon Aug 16 17:21:56 1999 Received: by mail.proper.com (8.9.3/8.9.3) id RAA06906 for ietf-smime-examples-bks; Mon, 16 Aug 1999 17:21:56 -0700 (PDT) Received: from finch-post-11.mail.demon.net (finch-post-11.mail.demon.net [194.217.242.39]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id RAA06902 for ; Mon, 16 Aug 1999 17:21:54 -0700 (PDT) Received: from drh-consultancy.demon.co.uk ([193.237.150.98] helo=celocom.com) by finch-post-11.mail.demon.net with esmtp (Exim 2.12 #1) id 11GX1c-000NYe-0B for ietf-smime-examples@imc.org; Tue, 17 Aug 1999 00:22:48 +0000 Message-ID: <37B8AAD8.A8B2DD67@celocom.com> Date: Tue, 17 Aug 1999 01:20:40 +0100 From: Dr Stephen Henson Organization: Dr S N Henson X-Mailer: Mozilla 4.08 [en] (Win95; U) MIME-Version: 1.0 To: ietf-smime-examples@imc.org Subject: Re: First submissions References: <2FBF98FC7852CF11912A0000000000010ECB6114@DINO> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: Jim Schaad (Exchange) wrote: > > I really think that there are two things I would like to change about Carl's > certificate. > > 1. The CN should reflect the algorithm so we don't end up with cn=carl for > both the RSA and DSS root certificates. > 2. The Key Usage needs to include CRL issuence as well. > Yes I'd agree with that. What are the thoughts about having E-mail protection in extended key usage for the end user certificate examples? Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: shenson@drh-consultancy.demon.co.uk Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: drh@celocom.com PGP key: via homepage. From owner-ietf-smime-examples Mon Aug 16 17:32:10 1999 Received: by mail.proper.com (8.9.3/8.9.3) id RAA07030 for ietf-smime-examples-bks; Mon, 16 Aug 1999 17:32:10 -0700 (PDT) Received: from cane.deming.com (mail.deming.com [208.236.41.137]) by mail.proper.com (8.9.3/8.9.3) with SMTP id RAA07026 for ; Mon, 16 Aug 1999 17:32:10 -0700 (PDT) Received: from 208.236.41.137 by cane.deming.com with ESMTP (WorldSecure Server SMTP Relay(WSS) v3.6.2); Mon, 16 Aug 99 17:32:35 -0700 X-Server-Uuid: 1a012586-24e9-11d1-adae-00a024bc53c5 Received: by mail.deming.com with Internet Mail Service (5.5.2232.9) id ; Mon, 16 Aug 1999 17:32:35 -0700 Message-ID: <01FF24001403D011AD7B00A024BC53C563E6D9@mail.deming.com> From: "Blake Ramsdell" To: "'Dr Stephen Henson'" , ietf-smime-examples@imc.org Subject: RE: First submissions Date: Mon, 16 Aug 1999 17:32:33 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) X-WSS-ID: 1BA672299553-01-01 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: > -----Original Message----- > From: Dr Stephen Henson [mailto:drh@celocom.com] > Sent: Monday, August 16, 1999 5:21 PM > To: ietf-smime-examples@imc.org > Subject: Re: First submissions > > What are the thoughts about having E-mail protection in extended key > usage for the end user certificate examples? I don't have any objection to this, though I'll say that this is "optional stuff you might find in a cert". It also doesn't necessarily need to be in all of the EE certificates, so it might get left out of the DSS / DH certificates just for variety. If no one objects, then I will include id-kp-emailProtection in an extended key usage field in the RSA EE certificates when I do the next cut. Blake -- Blake C. Ramsdell Worldtalk Corporation For current info, check http://www.deming.com/users/blaker Voice +1 425 376 0225 x103 Fax +1 425 376 0915 From owner-ietf-smime-examples Mon Aug 16 17:37:06 1999 Received: by mail.proper.com (8.9.3/8.9.3) id RAA07140 for ietf-smime-examples-bks; Mon, 16 Aug 1999 17:37:06 -0700 (PDT) Received: from doggate.exchange.microsoft.com (doggate.exchange.microsoft.com [131.107.88.55]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id RAA07136 for ; Mon, 16 Aug 1999 17:37:05 -0700 (PDT) Received: by doggate.exchange.microsoft.com with Internet Mail Service (5.5.2232.9) id ; Mon, 16 Aug 1999 17:37:22 -0700 Message-ID: <2FBF98FC7852CF11912A0000000000010ECB6116@DINO> From: "Jim Schaad (Exchange)" To: "'Dr Stephen Henson'" , ietf-smime-examples@imc.org Subject: RE: First submissions Date: Mon, 16 Aug 1999 17:37:21 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: I would just as soon keep the certificates as clean as possible while still matching the 2459 profile. jim -----Original Message----- From: Dr Stephen Henson [mailto:drh@celocom.com] Sent: Monday, August 16, 1999 5:21 PM To: ietf-smime-examples@imc.org Subject: Re: First submissions Jim Schaad (Exchange) wrote: > > I really think that there are two things I would like to change about Carl's > certificate. > > 1. The CN should reflect the algorithm so we don't end up with cn=carl for > both the RSA and DSS root certificates. > 2. The Key Usage needs to include CRL issuence as well. > Yes I'd agree with that. What are the thoughts about having E-mail protection in extended key usage for the end user certificate examples? Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: shenson@drh-consultancy.demon.co.uk Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: drh@celocom.com PGP key: via homepage. From owner-ietf-smime-examples Tue Aug 17 14:22:59 1999 Received: by mail.proper.com (8.9.3/8.9.3) id OAA27111 for ietf-smime-examples-bks; Tue, 17 Aug 1999 14:22:59 -0700 (PDT) Received: from cane.deming.com (mail.deming.com [208.236.41.137]) by mail.proper.com (8.9.3/8.9.3) with SMTP id OAA27107 for ; Tue, 17 Aug 1999 14:22:58 -0700 (PDT) Received: from 208.236.41.137 by cane.deming.com with ESMTP (WorldSecure Server SMTP Relay(WSS) v3.6.2); Tue, 17 Aug 99 14:23:27 -0700 X-Server-Uuid: 1a012586-24e9-11d1-adae-00a024bc53c5 Received: by mail.deming.com with Internet Mail Service (5.5.2232.9) id ; Tue, 17 Aug 1999 14:23:27 -0700 Message-ID: <01FF24001403D011AD7B00A024BC53C563E6E2@mail.deming.com> From: "Blake Ramsdell" To: "'ietf-smime-examples@imc.org'" Subject: Sample keys format Date: Tue, 17 Aug 1999 14:23:26 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) X-WSS-ID: 1BA70D4513580-01-01 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: I have two questions about the key formats that should be used for the public and private keys. 1. Should the public keys be in RFC2459 SubjectPublicKeyInfo format (that is, the AlgorithmIdentifier followed by BIT STRING wrapping the public key). 2. Should the private keys be in PKCS #8 PrivateKeyInfo format: PrivateKeyInfo ::= SEQUENCE { version Version, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey PrivateKey, attributes [0] IMPLICIT Attributes OPTIONAL } Version ::= INTEGER -- 0 for this PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier PrivateKey ::= OCTET STRING Attributes ::= SET OF Attribute The problem that I have (and that I suspect that other people might have) is that the keys need to be in this format in order to "inject" them into my code. Granted it is trivial to add packaging around the keys, I just wanted to see if there was any preference. Blake -- Blake C. Ramsdell Worldtalk Corporation For current info, check http://www.deming.com/users/blaker Voice +1 425 376 0225 x103 Fax +1 425 376 0915 From owner-ietf-smime-examples Tue Aug 17 14:29:36 1999 Received: by mail.proper.com (8.9.3/8.9.3) id OAA27155 for ietf-smime-examples-bks; Tue, 17 Aug 1999 14:29:36 -0700 (PDT) Received: from dfssl.exchange.microsoft.com (dfssl.exchange.microsoft.com [131.107.88.59]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id OAA27151 for ; Tue, 17 Aug 1999 14:29:35 -0700 (PDT) Received: by dfssl with Internet Mail Service (5.5.2650.14) id ; Tue, 17 Aug 1999 14:30:04 -0700 Message-ID: <2FBF98FC7852CF11912A0000000000010ECB6121@DINO> From: "Jim Schaad (Exchange)" To: "'Blake Ramsdell'" , "'ietf-smime-examples@imc.org'" Subject: RE: Sample keys format Date: Tue, 17 Aug 1999 14:29:59 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.14) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: Gee -- I have a BIG preference on this agruement. 1. Public keys are in certificates and I don't really need to have a public key by itself as the SubjectPublicKeyInfo format is in the certificate anyway. 2. I want private keys to be in PKCS#12 objects since that is the only way I can deal with them at all, however I think that representing them as PKCS#8 PrivateKeyInfo is fine as this rather directly can feed into a PKCS#12 object. jim -----Original Message----- From: Blake Ramsdell [mailto:BlakeR@deming.com] Sent: Tuesday, August 17, 1999 2:23 PM To: 'ietf-smime-examples@imc.org' Subject: Sample keys format I have two questions about the key formats that should be used for the public and private keys. 1. Should the public keys be in RFC2459 SubjectPublicKeyInfo format (that is, the AlgorithmIdentifier followed by BIT STRING wrapping the public key). 2. Should the private keys be in PKCS #8 PrivateKeyInfo format: PrivateKeyInfo ::= SEQUENCE { version Version, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey PrivateKey, attributes [0] IMPLICIT Attributes OPTIONAL } Version ::= INTEGER -- 0 for this PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier PrivateKey ::= OCTET STRING Attributes ::= SET OF Attribute The problem that I have (and that I suspect that other people might have) is that the keys need to be in this format in order to "inject" them into my code. Granted it is trivial to add packaging around the keys, I just wanted to see if there was any preference. Blake -- Blake C. Ramsdell Worldtalk Corporation For current info, check http://www.deming.com/users/blaker Voice +1 425 376 0225 x103 Fax +1 425 376 0915 From owner-ietf-smime-examples Tue Aug 17 14:53:21 1999 Received: by mail.proper.com (8.9.3/8.9.3) id OAA28167 for ietf-smime-examples-bks; Tue, 17 Aug 1999 14:53:21 -0700 (PDT) Received: from finch-post-10.mail.demon.net (finch-post-10.mail.demon.net [194.217.242.38]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id OAA28153 for ; Tue, 17 Aug 1999 14:53:11 -0700 (PDT) Received: from drh-consultancy.demon.co.uk ([193.237.150.98] helo=celocom.com) by finch-post-10.mail.demon.net with esmtp (Exim 2.12 #1) id 11GrB7-000E6k-0A for ietf-smime-examples@imc.org; Tue, 17 Aug 1999 21:53:58 +0000 Message-ID: <37B9D991.F72C0BAF@celocom.com> Date: Tue, 17 Aug 1999 22:52:17 +0100 From: Dr Stephen Henson Organization: Dr S N Henson X-Mailer: Mozilla 4.08 [en] (Win95; U) MIME-Version: 1.0 To: "'ietf-smime-examples@imc.org'" Subject: Re: Sample keys format References: <01FF24001403D011AD7B00A024BC53C563E6E2@mail.deming.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: Blake Ramsdell wrote: > > I have two questions about the key formats that should be used for the > public and private keys. > > 1. Should the public keys be in RFC2459 SubjectPublicKeyInfo format (that > is, the AlgorithmIdentifier followed by BIT STRING wrapping the public key). > As with Jim, no preference as long as its in the certificate. > 2. Should the private keys be in PKCS #8 PrivateKeyInfo format: > For DSA and DH is there any other format? For RSA there is PKCS#1 as an alternative. The other problem is whether there is a X9.42 DH private key format specified anywhere at all? There is a fairly obvious extension of PKCS#3 DH PrivateKeyInfo format though. Personally it doesn't matter, I can handle or convert any format. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: shenson@drh-consultancy.demon.co.uk Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: drh@celocom.com PGP key: via homepage. From owner-ietf-smime-examples Tue Aug 17 14:55:16 1999 Received: by mail.proper.com (8.9.3/8.9.3) id OAA28365 for ietf-smime-examples-bks; Tue, 17 Aug 1999 14:55:16 -0700 (PDT) Received: from dfssl.exchange.microsoft.com (dfssl.exchange.microsoft.com [131.107.88.59]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id OAA28361 for ; Tue, 17 Aug 1999 14:55:15 -0700 (PDT) Received: by dfssl with Internet Mail Service (5.5.2650.14) id ; Tue, 17 Aug 1999 14:55:45 -0700 Message-ID: <2FBF98FC7852CF11912A0000000000010ECB6122@DINO> From: "Jim Schaad (Exchange)" To: "'ietf-smime-examples@imc.org'" Subject: RE: Sample keys format Date: Tue, 17 Aug 1999 14:55:43 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.14) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: One possible X9.42 DH private key format is specified in the CMC draft currently in Last Call. jim -----Original Message----- From: Dr Stephen Henson [mailto:drh@celocom.com] Sent: Tuesday, August 17, 1999 2:52 PM To: 'ietf-smime-examples@imc.org' Subject: Re: Sample keys format Blake Ramsdell wrote: > > I have two questions about the key formats that should be used for the > public and private keys. > > 1. Should the public keys be in RFC2459 SubjectPublicKeyInfo format (that > is, the AlgorithmIdentifier followed by BIT STRING wrapping the public key). > As with Jim, no preference as long as its in the certificate. > 2. Should the private keys be in PKCS #8 PrivateKeyInfo format: > For DSA and DH is there any other format? For RSA there is PKCS#1 as an alternative. The other problem is whether there is a X9.42 DH private key format specified anywhere at all? There is a fairly obvious extension of PKCS#3 DH PrivateKeyInfo format though. Personally it doesn't matter, I can handle or convert any format. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: shenson@drh-consultancy.demon.co.uk Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: drh@celocom.com PGP key: via homepage. From owner-ietf-smime-examples Tue Aug 17 14:58:40 1999 Received: by mail.proper.com (8.9.3/8.9.3) id OAA28438 for ietf-smime-examples-bks; Tue, 17 Aug 1999 14:58:40 -0700 (PDT) Received: from cane.deming.com (mail.deming.com [208.236.41.137]) by mail.proper.com (8.9.3/8.9.3) with SMTP id OAA28433 for ; Tue, 17 Aug 1999 14:58:39 -0700 (PDT) Received: from 208.236.41.137 by cane.deming.com with ESMTP (WorldSecure Server SMTP Relay(WSS) v3.6.2); Tue, 17 Aug 99 14:59:08 -0700 X-Server-Uuid: 1a012586-24e9-11d1-adae-00a024bc53c5 Received: by mail.deming.com with Internet Mail Service (5.5.2232.9) id ; Tue, 17 Aug 1999 14:59:08 -0700 Message-ID: <01FF24001403D011AD7B00A024BC53C563E6E4@mail.deming.com> From: "Blake Ramsdell" To: "'Dr Stephen Henson'" , "'ietf-smime-examples@imc.org'" Subject: RE: Sample keys format Date: Tue, 17 Aug 1999 14:59:08 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) X-WSS-ID: 1BA704A613847-01-01 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: > -----Original Message----- > From: Dr Stephen Henson [mailto:drh@celocom.com] > Sent: Tuesday, August 17, 1999 2:52 PM > To: 'ietf-smime-examples@imc.org' > Subject: Re: Sample keys format > > Blake Ramsdell wrote: > > > > 1. Should the public keys be in RFC2459 > SubjectPublicKeyInfo format (that > > is, the AlgorithmIdentifier followed by BIT STRING wrapping > the public key). > > > > As with Jim, no preference as long as its in the certificate. I agree. > > 2. Should the private keys be in PKCS #8 PrivateKeyInfo format: > > > > For DSA and DH is there any other format? For RSA there is > PKCS#1 as an > alternative. I actually didn't know much about the "official" private key formats for DSA and DH. The original DSA keys from afarrell had just the bare INTEGER for DSA and the PKCS #1 format for RSA. I personally think that PKCS #8 is the right way to go for everything, but I wonder whether or not we should do something about making this "more formal" (that is, get the PKCS #8 definition into an RFC somewhere). I may be behind the times, and this effort is underway or completed. Blake -- Blake C. Ramsdell Worldtalk Corporation For current info, check http://www.deming.com/users/blaker Voice +1 425 376 0225 x103 Fax +1 425 376 0915 From owner-ietf-smime-examples Tue Aug 17 16:02:27 1999 Received: by mail.proper.com (8.9.3/8.9.3) id QAA00129 for ietf-smime-examples-bks; Tue, 17 Aug 1999 16:02:27 -0700 (PDT) Received: from letterbox.cs.auckland.ac.nz (letterbox.cs.auckland.ac.nz [130.216.35.1]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id QAA00125 for ; Tue, 17 Aug 1999 16:02:24 -0700 (PDT) Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by letterbox.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id LAA07744 for ; Wed, 18 Aug 1999 11:03:22 +1200 (sender pgut001@cs.auckland.ac.nz) Received: (from pgut001@localhost) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-slave) id LAA21116 for ietf-smime-examples@imc.org; Wed, 18 Aug 1999 11:03:16 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Wed, 18 Aug 1999 11:03:16 +1200 (NZST) Message-ID: <199908172303.LAA21116@kakapo.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-smime-examples@imc.org Subject: Re: Sample keys format Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: "Blake Ramsdell" writes: >The problem that I have (and that I suspect that other people might have) is >that the keys need to be in this format in order to "inject" them into my >code. Granted it is trivial to add packaging around the keys, I just wanted >to see if there was any preference. What's probably easiest is to represent them as byte[] + length, it should be possible to tie this into any implementation with a minimum of code. If you use any non-generic format and you end up making it simple for one or two people and really painful for a lot of others. If there was some widely- accepted simple format (the former rules out PKCS #8, the latter PKCS #12) then it'd be better to use that. An RFC specifying PKCS #8 formats for common algorithms (which you currently have to scrape together from PKCS #8, PKCS #11, PKCS #15, and some expired RFC drafts held in a disused toilet in the basement in a box marked "Beware of the leopard") would be useful. I guess I could volunteer for it if pressed. Peter. From owner-ietf-smime-examples Tue Aug 17 16:11:27 1999 Received: by mail.proper.com (8.9.3/8.9.3) id QAA00230 for ietf-smime-examples-bks; Tue, 17 Aug 1999 16:11:27 -0700 (PDT) Received: from cane.deming.com (mail.deming.com [208.236.41.137]) by mail.proper.com (8.9.3/8.9.3) with SMTP id QAA00224 for ; Tue, 17 Aug 1999 16:11:26 -0700 (PDT) Received: from 208.236.41.137 by cane.deming.com with ESMTP (WorldSecure Server SMTP Relay(WSS) v3.6.2); Tue, 17 Aug 99 16:11:55 -0700 X-Server-Uuid: 1a012586-24e9-11d1-adae-00a024bc53c5 Received: by mail.deming.com with Internet Mail Service (5.5.2232.9) id ; Tue, 17 Aug 1999 16:11:55 -0700 Message-ID: <01FF24001403D011AD7B00A024BC53C563E6E8@mail.deming.com> From: "Blake Ramsdell" To: "'ietf-smime-examples@imc.org'" cc: "Jim Schaad (E-mail)" Subject: More examples Date: Tue, 17 Aug 1999 16:11:54 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) X-WSS-ID: 1BA733B114398-01-01 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: Jim Schaad has created some more examples. I have put these up at: Please take a look and make any comments. I have also used Peter Gutmann's dumpasn1 program to create text dumps for them, which may make it easier to do a quick once over for the armchair ASN.1 crowd. Any problems with the keys / certs are Jim's fault. Any problems with the HTML is my fault. Blake -- Blake C. Ramsdell Worldtalk Corporation For current info, check http://www.deming.com/users/blaker Voice +1 425 376 0225 x103 Fax +1 425 376 0915 From owner-ietf-smime-examples Tue Aug 17 16:16:13 1999 Received: by mail.proper.com (8.9.3/8.9.3) id QAA00302 for ietf-smime-examples-bks; Tue, 17 Aug 1999 16:16:13 -0700 (PDT) Received: from cane.deming.com (mail.deming.com [208.236.41.137]) by mail.proper.com (8.9.3/8.9.3) with SMTP id QAA00297; Tue, 17 Aug 1999 16:16:12 -0700 (PDT) Received: from 208.236.41.137 by cane.deming.com with ESMTP (WorldSecure Server SMTP Relay(WSS) v3.6.2); Tue, 17 Aug 99 16:16:42 -0700 X-Server-Uuid: 1a012586-24e9-11d1-adae-00a024bc53c5 Received: by mail.deming.com with Internet Mail Service (5.5.2232.9) id ; Tue, 17 Aug 1999 16:16:42 -0700 Message-ID: <01FF24001403D011AD7B00A024BC53C563E6E9@mail.deming.com> From: "Blake Ramsdell" To: "Paul E. Hoffman (E-mail)" , "'ietf-smime-examples@imc.org'" Subject: A couple of missing keys Date: Tue, 17 Aug 1999 16:16:41 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) X-WSS-ID: 1BA732D014441-01-01 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: The current examples draft does not list DianePrivDHEncrypt or DianePrivDSSSign as private keys in section 3.2. Recommend that these be added. Blake -- Blake C. Ramsdell Worldtalk Corporation For current info, check http://www.deming.com/users/blaker Voice +1 425 376 0225 x103 Fax +1 425 376 0915 From owner-ietf-smime-examples Sat Aug 21 14:49:38 1999 Received: by mail.proper.com (8.9.3/8.9.3) id OAA22784 for ietf-smime-examples-bks; Sat, 21 Aug 1999 14:49:38 -0700 (PDT) Received: from aum (ip11.proper.com [165.227.249.11]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id OAA22780 for ; Sat, 21 Aug 1999 14:49:36 -0700 (PDT) Message-Id: <4.2.0.58.19990821144708.00b72980@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Sat, 21 Aug 1999 14:49:42 -0700 To: ietf-smime-examples@imc.org From: Paul Hoffman / IMC Subject: Re: A couple of missing keys In-Reply-To: <01FF24001403D011AD7B00A024BC53C563E6E9@mail.deming.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: At 04:16 PM 8/17/1999 -0700, Blake Ramsdell wrote: >The current examples draft does not list DianePrivDHEncrypt or >DianePrivDSSSign as private keys in section 3.2. Recommend that these be >added. Done. OK, I'm back from vacation (which was lovely), and I see y'all did a bit of work. Blake: do you have new certs based on the discussion? Everybody: did you look at the new material Blake announced on Tuesday? Comments? --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Thu Aug 26 12:07:27 1999 Received: (from majordomo@localhost) by mail.proper.com (8.9.3/8.9.3) id MAA13496 for ietf-smime-examples-bks; Thu, 26 Aug 1999 12:07:27 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.9.3/8.9.3) with SMTP id MAA13490 for ; Thu, 26 Aug 1999 12:07:25 -0700 (PDT) Received: id PAA08967; Thu, 26 Aug 1999 15:04:43 -0400 Received: by gateway id ; Thu, 26 Aug 1999 15:07:20 -0400 Message-ID: From: Tom Kung To: "'ietf-smime-examples@imc.org'" Subject: interop testing data Date: Thu, 26 Aug 1999 15:07:10 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01BEEFF6.38A11D4E" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01BEEFF6.38A11D4E Content-Type: text/plain > Goodays, > > I would like to conduct some interoperability testing with the SMIMEv3 > spec and as such I have attached the following files: > > conInfo.txt > * ContentInfo structure that contains a SignedData item > * SignedData item contains CA, signing and encryption > certificates > * SHA1-RSA digitally signed > attribs.txt > * lists the attributes and its values contained in conInfo.txt > > > Please do not hesitate to contact me if there are any problems with > decoding this file. > > <> <> > > ------_=_NextPart_000_01BEEFF6.38A11D4E Content-Type: text/plain; name="conInfo.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="conInfo.txt" MIINTAYJKoZIhvcNAQcCoIINPTCCDTkCAQExCzAJBgUrDgMCGgUAMCkGCSqGSIb3DQEHAaAcBBpU aGlzIGlzIGEgZHVtbXkgdGVzdCBmaWxlLqCCCPkwggMaMIICg6ADAgECAgQySDF6MA0GCSqGSIb3 DQEBBQUAMDExCzAJBgNVBAYTAkNBMRAwDgYDVQQKEwdFbnRydXN0MRAwDgYDVQQLEwdSIGFuZCBE MB4XDTk5MDgxMDE4MTYxOVoXDTAwMDIxMDE4NDYxOVowVDELMAkGA1UEBhMCQ0ExEDAOBgNVBAoT B0VudHJ1c3QxEDAOBgNVBAsTB1IgYW5kIEQxITAOBgNVBAUTBzFFVFhLMDEwDwYDVQQDEwhUb20g S3VuZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnpLWizU7lyBx10WngOvfQoHiKoN+XIdh jOuFzSnCFZVd6eQZTGmXKPgnKo/vJOGgE/2QVTM1CTHNqAyRnbR8AuH3x3p/nnWcAWug4EJBGIk4 vKkbaTNNN0jBUvXnF6HweHMNonQ/XU5v/eguxRHf1LwncRVB9nw342058W577JkCAwEAAaOCARow ggEWMB8GA1UdEQQYMBaBFHRvbS5rdW5nQGVudHJ1c3QuY29tMFMGA1UdHwRMMEowSKBGoESkQjBA MQswCQYDVQQGEwJDQTEQMA4GA1UEChMHRW50cnVzdDEQMA4GA1UECxMHUiBhbmQgRDENMAsGA1UE AxMEQ1JMODArBgNVHRAEJDAigA8xOTk5MDgxMDE4MTYxOVqBDzE5OTkxMjE3MTMxNjE5WjALBgNV HQ8EBAMCB4AwHwYDVR0jBBgwFoAUWFzTdvBmCxICvAnGYyj6yzb7GLQwHQYDVR0OBBYEFHSJxph3 9WcQgCXWIJy2HniOtsFTMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJ KoZIhvcNAQEFBQADgYEAkDfthodx/rNST9oNB71WxrUdoF/XTBY8Nlg2R5Q/BrzvFDNiZZk/Pi7/ GMKKl9vJqE9n+D62/YksCeUdroWXw4HCs6sfnwgCmto/F3PN3Cwyki9E9IValEnqfjV2DvFFbBAp n/uto7kmGzX5DVh+po7niMjsa38ll0KKAoDjZBUwggLpMIICUqADAgECAgQySCnfMA0GCSqGSIb3 DQEBBQUAMDExCzAJBgNVBAYTAkNBMRAwDgYDVQQKEwdFbnRydXN0MRAwDgYDVQQLEwdSIGFuZCBE MB4XDTk5MDYwNzEzMTEwMloXDTk5MTIwNzEzNDEwMlowVDELMAkGA1UEBhMCQ0ExEDAOBgNVBAoT B0VudHJ1c3QxEDAOBgNVBAsTB1IgYW5kIEQxITAOBgNVBAUTBzFFVFhLMDEwDwYDVQQDEwhUb20g S3VuZzCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAk4JNUYrVZjeorrcxIvkWjJNphcFakp4d ThiKvkaf4bi4R+8lopQrW3FYeITDQRn3DJer/pdblJa5x+eOPXAH842U/iREMGMp5s0bhJE5gVPh irWytLjAyqCh7b/RSRcJC2eet7Dk/EEGS7enJ+Be/iTf/fSAp7oa/VW7qGXZmjcCAQOjgewwgekw HwYDVR0RBBgwFoEUdG9tLmt1bmdAZW50cnVzdC5jb20wUwYDVR0fBEwwSjBIoEagRKRCMEAxCzAJ BgNVBAYTAkNBMRAwDgYDVQQKEwdFbnRydXN0MRAwDgYDVQQLEwdSIGFuZCBEMQ0wCwYDVQQDEwRD Ukw3MAsGA1UdDwQEAwIFIDAfBgNVHSMEGDAWgBRYXNN28GYLEgK8CcZjKPrLNvsYtDAdBgNVHQ4E FgQUuxHvKH3BcR7RgLg8Oi3Xp959WZQwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNC4w AwIEkDANBgkqhkiG9w0BAQUFAAOBgQClRrRHpfTppx2L5N2DG5JT5iaeKp7UjfnjzhXW9MAcMw4V TJscqf4zHo/bmRlLm+nGfVCbsPiasK8JaAuSEHzce6lcharyk1HQDU0Zk1fU5z0YqZD1ps6nfFl6 C/oLzQgQkb2clhCDJXxcmGwcmbtdHQoF2mtbeU04IcRjiZDrMDCCAuowggJToAMCAQICBDJIDggw DQYJKoZIhvcNAQEFBQAwMTELMAkGA1UEBhMCQ0ExEDAOBgNVBAoTB0VudHJ1c3QxEDAOBgNVBAsT B1IgYW5kIEQwHhcNOTgwNTE1MTcxNzEyWhcNMTgwNTE1MTc0NzEyWjAxMQswCQYDVQQGEwJDQTEQ MA4GA1UEChMHRW50cnVzdDEQMA4GA1UECxMHUiBhbmQgRDCBnTANBgkqhkiG9w0BAQEFAAOBiwAw gYcCgYEAs54ayHV4JJh8VEoRwl4kcbeJAia+cWfg1bkjFBygDoe0tGKM5Tfql/f+pln2UOSO9Z0U HS0auPKCVcxV/Ah5BFrkrvOc8RzRHUC64FNq+bqbdaLgpVWc6wxHgsVk/9rUNfVKjh7NN5uHC4jB aDfRSZH4m11WOnw9MaEe4c+LEB8CAQOjggEPMIIBCzARBglghkgBhvhCAQEEBAMCAAcwUwYDVR0f BEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAkNBMRAwDgYDVQQKEwdFbnRydXN0MRAwDgYDVQQLEwdS IGFuZCBEMQ0wCwYDVQQDEwRDUkwxMCsGA1UdEAQkMCKADzE5OTgwNTE1MTcxNzEyWoEPMjAxODA1 MTUxNzQ3MTJaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRYXNN28GYLEgK8CcZjKPrLNvsYtDAd BgNVHQ4EFgQUWFzTdvBmCxICvAnGYyj6yzb7GLQwDAYDVR0TBAUwAwEB/zAZBgkqhkiG9n0HQQAE DDAKGwRWNC4wAwIEkDANBgkqhkiG9w0BAQUFAAOBgQBaUlJ6/LGSqTsuEAW+itNlGggTWd6n8WuC LXXHjM4D3AwQXU8PCwcf9IrRKdvazqirctq/IG55VFgeLq6hbbUNpYSh/nAxhQqpUdsxwzSY8KSy PZPeegeGwi2jTRQfs/vNaPUNKXBCfgpvvhG5xKXmHl4mSqh/BVBLXxWi4uN/yjGCA/0wggP5AgEB MDkwMTELMAkGA1UEBhMCQ0ExEDAOBgNVBAoTB0VudHJ1c3QxEDAOBgNVBAsTB1IgYW5kIEQCBDJI MXowCQYFKw4DAhoFAKCCAxowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx DxcNOTkwODI2MTU1MzI4WjAjBgkqhkiG9w0BCQQxFgQULOjrwfpE3WawZuDTFUQbeKSFIt0wKAYL KoZIhvcNAQkQAgIxGTEXBgEpAgEBEw9wcml2YWN5TWFyayBPbmUwNwYLKoZIhvcNAQkQAgExKDAm BAChETAPgQ1yZWNlaXB0c0Zyb20xMA8wDYELcmVjZWlwdHNUbzEwQAYBWzE7oDkwMTELMAkGA1UE BhMCQ0ExEDAOBgNVBAoTB0VudHJ1c3QxEDAOBgNVBAsTB1IgYW5kIEQCBDJIKd8wQwYLKoZIhvcN AQkQAgkxNDAyMRcGASkCAQETD3ByaXZhY3lNYXJrIE9uZTEXBgFSAgECEw9wcml2YWN5TWFyayBU d28wRwYLKoZIhvcNAQkQAgcxOAQ2MkgxelRodSBBdWcgMjYgMTE6NTM6MjggMTk5OQpXSytxnAns 3eZfTWnHmED14JX/yrWB2GICMIGMBgsqhkiG9w0BCRACAzF9MHsweTA5MDExCzAJBgNVBAYTAkNB MRAwDgYDVQQKEwdFbnRydXN0MRAwDgYDVQQLEwdSIGFuZCBEAgQySDF6GA8xOTk5MDgyNjE1NTMy OFqiKzAPgQ1yZWNlaXB0c0Zyb20xMBiBDXJlY2VpcHRzRnJvbTGBB2luQWRkVG8wgfgGCSqGSIb3 DQEJDzGB6jCB5zAPBgkqhkiG9n0HQgoCAgCAMA4GCSqGSIb2fQdCCgIBKDANBggqhkiG9w0DAgIB OjAOBggqhkiG9w0DAgICAKAwCgYIKoZIhvcNAwcwBwYFKw4DAgcwDQYLKwYBBAGBPAcBAQIwBwYF Kw4DAhowCgYIKoZIhvcNAgUwCwYJKoZIhvcNAQEBMAsGCSqGSIb3DQEBBzAJBgcqhkjOOAQBMAkG ByqGSM49AgEwCwYJKoZIhvcNAQEFMAsGCSqGSIb3DQEBBDAJBgcqhkjOOAQDMAkGByqGSM49BAEw DAYKKoZIhvcNAQkPATANBgkqhkiG9w0BAQEFAASBgG/vSRIYr4QIJ5Jtm3trQIYc8KQbGWTdxkgq XO/3R+QIse6Mn6aDaTWrLH6c9cr7uDxYu0F6jAa8nb0A3gsNhzBBn4Psa0dim6arNPMJtypyFv9w wLpxYtbBhpq9EvYjEHx6hAlt8y3ShWSG8srDsKTq5Q6y68ih34oPLOs9MH1K ------_=_NextPart_000_01BEEFF6.38A11D4E Content-Type: text/plain; name="attribs.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="attribs.txt" Originator: serialNumber=3D1ETXK01+cn=3DTom Kung,ou=3DR and D = o=3DEntrust,c=3DCA =09 Unprotect Sequence Attributes: =09 CONTENTTYPE (oid): 1.2.840.113549.1.7.1 =09 SIGNINGTIME: Thu Aug 26 11:53:28 1999 =09 MESSAGEDIGEST (HEX): 2CE8EBC1FA44DD66B066E0D315441B78A48522DD =09 ESSECURITYLABEL ---- PolicyID: 1.1 ---- PrivacyMark: privacyMark One ---- Classification: 1 =09 RECEIPTREQUEST: -- AllOrFirstTier: -1 -- ReceiptsFrom: =20 ---- (0, 0): 'receiptsFrom1' of type: 1 -- ReceiptsTo: =20 ---- (0, 0): 'receiptsFrom1' of type: 1 ---- (0, 1): 'receiptsTo1' of type: 1 -- Originator Content Identifier (HEX): = 3248317A546875204175672032362031313A35333A323820313939390A574B2B719C09EC= DDE65F4D69C79840F5E095FFCAB581D86202 -- Originator DER Attribs (HEX): = 3182031A301806092A864886F70D010903310B06092A864886F70D010701301C06092A86= 4886F70D010905310F170D3939303832363135353332385A302306092A864886F70D0109= 04311604142CE8EBC1FA44DD66B066E0D315441B78A48522DD3028060B2A864886F70D01= 0910020231193117060129020101130F707269766163794D61726B204F6E653037060B2A= 864886F70D0109100201312830260400A111300F810D726563656970747346726F6D3130= 0F300D810B7265636569707473546F31304006015B313BA0393031310B30090603550406= 130243413110300E060355040A1307456E74727573743110300E060355040B1307522061= 6E6420440204324829DF3043060B2A864886F70D01091002093134303231170601290201= 01130F707269766163794D61726B204F6E653117060152020102130F707269766163794D= 61726B2054776F3047060B2A864886F70D0109100207313804363248317A546875204175= 672032362031313A35333A323820313939390A574B2B719C09ECDDE65F4D69C79840F5E0= 95FFCAB581D8620230818C060B2A864886F70D0109100203317D307B307930393031310B= 30090603550406130243413110300E060355040A1307456E74727573743110300E060355= 040B13075220616E64204402043248317A180F31393939303832363135353332385AA22B= 300F810D726563656970747346726F6D313018810D726563656970747346726F6D318107= 696E416464546F3081F806092A864886F70D01090F3181EA3081E7300F06092A864886F6= 7D07420A02020080300E06092A864886F67D07420A020128300D06082A864886F70D0302= 02013A300E06082A864886F70D0302020200A0300A06082A864886F70D0307300706052B= 0E030207300D060B2B06010401813C07010102300706052B0E03021A300A06082A864886= F70D0205300B06092A864886F70D010101300B06092A864886F70D010107300906072A86= 48CE380401300906072A8648CE3D0201300B06092A864886F70D010105300B06092A8648= 86F70D010104300906072A8648CE380403300906072A8648CE3D0401300C060A2A864886= F70D01090F01 =09 KEYENCRYPTIONPREFERENCE -- Issuer: ou=3DR and D,o=3DEntrust,c=3DCA -- Serial Number: 843590111 =09 EQUIVALENTLABELS -- Label 0: ---- PolicyID: 1.1 ---- PrivacyMark: privacyMark One ---- Classification: 1 -- Label 1: ---- PolicyID: 2.2 ---- PrivacyMark: privacyMark Two ---- Classification: 2 =09 CONTENTIDENTIFIER (HEX): = 3248317A546875204175672032362031313A35333A323820313939390A574B2B719C09EC= DDE65F4D69C79840F5E095FFCAB581D86202 =09 MLEXPANSIONHISTORY: -- Entity: serialNumber=3D1ETXK01+cn=3DTom Kung,ou=3DR and = D,o=3DEntrust,c=3DCA -- Expansion Time: Thu Aug 26 11:53:28 1999 -- In Addition To: ---- AltName: 'receiptsFrom1' of type: 1 ---- AltName: 'receiptsFrom1' of type: 1 ---- AltName: 'inAddTo' of type: 1 SMIMECAPABILITIES (keyLength of -1 means not encoded): -- CapabilityOid: 1.2.840.113533.7.66.10 -- Key Length: 128 -- CapabilityOid: 1.2.840.113533.7.66.10 -- Key Length: 40 -- CapabilityOid: 1.2.840.113549.3.2 -- Key Length: 128 -- CapabilityOid: 1.2.840.113549.3.2 -- Key Length: 40 -- CapabilityOid: 1.2.840.113549.3.7 -- Key Length: -1 -- CapabilityOid: 1.3.14.3.2.7 -- Key Length: -1 -- CapabilityOid: 1.3.6.1.4.1.188.7.1.1.2 -- Key Length: -1 -- CapabilityOid: 1.3.14.3.2.26 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.2.5 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.1.1.1 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.1.1.7 -- Key Length: -1 -- CapabilityOid: 1.2.840.10040.4.1 -- Key Length: -1 -- CapabilityOid: 1.2.840.10045.2.1 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.1.1.5 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.1.1.4 -- Key Length: -1 -- CapabilityOid: 1.2.840.10040.4.3 -- Key Length: -1 -- CapabilityOid: 1.2.840.10045.4.1 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.1.9.15.1 -- Key Length: -1 ------_=_NextPart_000_01BEEFF6.38A11D4E-- From owner-ietf-smime-examples Thu Aug 26 14:23:57 1999 Received: by mail.proper.com (8.9.3/8.9.3) id OAA16458 for ietf-smime-examples-bks; Thu, 26 Aug 1999 14:23:57 -0700 (PDT) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id OAA16454 for ; Thu, 26 Aug 1999 14:23:56 -0700 (PDT) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2448.0) id ; Thu, 26 Aug 1999 17:26:46 -0400 Message-ID: <33BD629222C0D211B6DB0060085ACF31360AE7@WFHQEX03> From: "Pawling, John" To: "'Tom Kung'" , "'ietf-smime-examples@imc.org'" Subject: RE: interop testing data Date: Thu, 26 Aug 1999 17:26:38 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: All, We were able to use the S/MIME Freeware Library (SFL) to verify the signature of Tom's signedData object. We successfully decoded all of the signed attributes described in Tom's attrib.txt file except that we still need to add support in the SFL for the sMIMEEncryptionKeyPreference attribute, so the SFL did not fully decode that attribute (it ignored it). ============================================ John Pawling, Director - Systems Engineering J.G. Van Dyke & Associates, Inc., a Wang Government Services Company jsp@jgvandyke.com ============================================ -----Original Message----- From: Tom Kung [mailto:Tom.Kung@entrust.com] Sent: Thursday, August 26, 1999 3:07 PM To: 'ietf-smime-examples@imc.org' Subject: interop testing data > Goodays, > > I would like to conduct some interoperability testing with the SMIMEv3 > spec and as such I have attached the following files: > > conInfo.txt > * ContentInfo structure that contains a SignedData item > * SignedData item contains CA, signing and encryption > certificates > * SHA1-RSA digitally signed > attribs.txt > * lists the attributes and its values contained in conInfo.txt > > > Please do not hesitate to contact me if there are any problems with > decoding this file. > > <> <> > > From owner-ietf-smime-examples Thu Aug 26 14:34:44 1999 Received: (from majordomo@localhost) by mail.proper.com (8.9.3/8.9.3) id OAA16547 for ietf-smime-examples-bks; Thu, 26 Aug 1999 14:34:44 -0700 (PDT) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id OAA16543 for ; Thu, 26 Aug 1999 14:34:42 -0700 (PDT) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2448.0) id ; Thu, 26 Aug 1999 17:37:32 -0400 Message-ID: <33BD629222C0D211B6DB0060085ACF31360AE8@WFHQEX03> From: "Pawling, John" To: "'ietf-smime-examples@imc.org'" Subject: SHA1-WITH-DSA SignedData Date: Thu, 26 Aug 1999 17:37:31 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01BEF00B.32DD9DE6" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01BEF00B.32DD9DE6 Content-Type: text/plain; charset="iso-8859-1" All, Attached is a signedData object (MIME wrapped (.eml) and just ASN.1 encoded (.out)) produced using the S/MIME Freeware Library. The signedData was hashed using SHA-1 and signed using DSA. It includes a variety of signed attributes. It includes the complete cert path for the signer. The cert path includes the self-signed root (i.e. PAA) certificate which contains the DSA parameters. As stated in RFC 2459, if the DSA parameters are absent from a subject's cert, then the DSA parameters of the issuer's cert are used in conjunction with the subject's public DSA key to verify signatures signed using the subject's private DSA key (i.e. the subject inherits the parameters of the issuer). You can use the signer's DSA public key from the signer's certificate in conjunction with the DSA parameters from the PAA cert to verify the signature of the attached signedData object. We don't normally include the self-signed root in signedData objects that we produce, but it is included here for convenience of the testing. An extra cert (Key Exchange Algorithm) is also included in the signedData. More test messages will follow. ============================================ John Pawling, Director - Systems Engineering J.G. Van Dyke & Associates, Inc., a Wang Government Services Company jsp@jgvandyke.com ============================================ ------_=_NextPart_000_01BEF00B.32DD9DE6 Content-Type: application/octet-stream; name="SignedData1.eml" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="SignedData1.eml" MIME-Version: 1.0 Message-Id: <99081616430401.00232@ajpc45.jgvandyke.com> Content-Type: = Application/x-pkcs7-mime;name=3Dsmime.p7m;filename=3Dsmime.p7m; micalg=3D"SHA-1"; protocol=3D"application/x-pkcs7-signature" Date: Mon, 16 Aug 1999 16:43:04 -0400 (Eastern Daylight Time) From: Pierce Leonberger To: Jim Schaad Subject: Fortezza SignedData MIME Wrap test. Content-Transfer-Encoding: base64 Content-Description: attachment;filename=3Dsmime.p7m MIIVjwYJKoZIhvcNAQcCoIIVgDCCFXwCAQExCTAHBgUrDgMCGjBdBgkqhkiG9w0BBwGgUARO= VGhp cyBpcyB0aGUgdGltZSBmb3IgYWxsIGdvb2QgbWVuIChhbmQgd29tZW4pIHRvIGNvbWUgdG8g= dGhl IGFpZCBvZiB0aGUgcGFydHkuoIITXDCCAmYwggIloAMCAQICAgeCMAkGByqGSM44BAMwNTEL= MAkG A1UEBhMCVVMxEzARBgNVBAoTCk1JU1NJIFRFU1QxETAPBgNVBAMTCFRFU1QgQ0EyMB4XDTk1= MTIz MDIzNTk1OVoXDTA1MDEyODE2MzAzNFowUTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCk1JU1NJ= IFRF U1QxFzAVBgNVBAsTDk1JU1NJIFRFU1QgRE9EMRQwEgYDVQQDEwtUZXN0IFVzZXIgMzCBkzAJ= Bgcq hkjOOAQBA4GFAAKBgQCVwU+CDs3egiCwiIeFcWJ9hNjzZiAlnsF7gGNuGM4ZptwP1/B/jkOo= M2aX hTgNFuQs8q+BS0oUKSplLeQ0XeZUfR+zArpKuDS/dw2KPXtm/RDKoVThLt4Y6ciKUsNz29dl= yohi oH6dwB5EQ9PStk1X+Wn26q6qv6WmIln63JMAY6OBzjCByzATBgNVHSMEDDAKgAgHdgAAAAAA= ADAR BgNVHQ4ECgQIB4IAAAAAAAAwDgYDVR0PAQH/BAQDAgbAMBYGA1UdIAQPMA0wCwYJYIZIAWUC= AQMP MBwGA1UdCQQVMBMwEQYJYIZIAWUCAQU4MQQDAgD/MFsGA1UdHwRUMFIwUIECBWCiSqRIMEYx= CzAJ BgNVBAYTAlVTMRMwEQYDVQQKEwpNSVNTSSBURVNUMSIwIAYDVQQDExlNSVNTSSBURVNUIElD= Ukwg QXV0aG9yaXR5MAkGByqGSM44BAMDMAAwLQIVAI8oJlKBLixvol+yW1XshtE1MQdqAhQhZ+ll= rpjS OvcYhgEMaJ/wIIb8QDCCA1cwggMbAgEAMAsGCWCGSAFlAgEBEzBOMQswCQYDVQQGEwJVUzEh= MB8G A1UEChMYTUlTU0kgVEVTVCBVLlMuIE5hdGlvbmFsMRwwGgYDVQQDExNNSVNTSSBURVNUIFUu= Uy4g UEFBMBoXCzk2MTAxMTE0MjBaFwsyNzEwMDkxMjAwWjBOMQswCQYDVQQGEwJVUzEhMB8GA1UE= ChMY TUlTU0kgVEVTVCBVLlMuIE5hdGlvbmFsMRwwGgYDVQQDExNNSVNTSSBURVNUIFUuUy4gUEFB= MIIC SzCCAS8GCWCGSAFlAgEBFKGCASAwggEcBIGA1DgCxTV71Quhfl1yWWNV00VW6uIlGmvFpKuq= C9Ri tNIhsZWixgHJw/oBb3mGgz0DYeHxkqy8A06Jo8lTSvfipkjPQh4hsVwrOn+6vmta9wom2I4b= 6+y/ Hlo/RcC9MSO+aXGnwpD+pdaAtSTcRJzrTfna8MjookyZB1yONSt9V40EFKeDm/O9LCAH/Ezn= 6J/z OYNRDdzdBIGADjtGMYoKWIZAhOOhIg2IypCIV2SfASHgFQWUJILiEJDZ4U4QXOdUa9QMKxtZ= CqC1 oX21B+NlfOqQ2I4wQuSFu6z6TnZLeA7fbOWm4b1Zd32ml1nFKaezP5U+nfFZLfdCh2I/8bhv= xz1L uI10xMpEkM9n294UYJdK0fdtngmUxA0DggEUAAABAAQAAAAAAAAAAACAgvpXZy5hXo46JMXz= IpT2 1R6oNz9bvzVaP/N8lFJFReOfW/Cree3YsqetoB+eKgjPLTx1Ev9n0nABoP5LLFfDNHKinwe5= WANV 0M4/Ba7+fHn4NKuiLQ33XRwhz/zo3MB1X/lwPxlT+hK4MJY/apUpCZoJygGCpm5yPT20cFJ0= z9MA AjAAgEBp4IFEyqSKu8m3nZsZ2vJUn/lBJ7duo9maFcjIhUMCrIoJkGxDnfcCBDRBj7kvIJOn= WD4n DSJujoEsqvn2ZaoL2p03GUIzhsEARxPokG3VXhwUSkvtI/DAvcxNM4Xrnlfk2S2ud7Ouj3cE= VyFE vDDXhEnVtK9NPhfkRHp2+OR5MAsGCWCGSAFlAgEBEwMpABCxg91AAEenRNgYldRRStmUFfju= Kxrj 8n0DHe+NBZY5tkfZ8hBGwwQwggNbMIIDG6ADAgECAgIHgDAJBgcqhkjOOAQDMDUxCzAJBgNV= BAYT AlVTMRMwEQYDVQQKEwpNSVNTSSBURVNUMREwDwYDVQQDEwhURVNUIENBMjAeFw05NTEyMzAy= MzU5 NTlaFw0wNTAxMjgxNjMwMzRaMFExCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpNSVNTSSBURVNU= MRcw FQYDVQQLEw5NSVNTSSBURVNUIERPRDEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwgZ0wFwYJYIZI= AWUC AQEWBAou9UFudkMXSkRwA4GBAFD8MvGG8ZDAMoME39oRH9LK12r36b4oZZxR92IjyY9CwUXm= vgNN Ue5CaQ1a0kHQwPnfrmmxRVq8qvDv+kpa4Lj+AKSnahvYXlN/STBpPTw4+HUuhqN/vduKT3HR= 0pzI ikuqI0lmDUI5Wv/lzinugymYt46awB6u0PnWRFTKfGJPo4IBuTCCAbUwEwYDVR0jBAwwCoAI= B3YA AAAAAAAwDgYDVR0PAQH/BAQDAgMoMBEGA1UdDgQKBAgHgAAAAAAAADCCAQQGA1UdCQSB/DCB= +TAR BglghkgBZQIBBTgxBAMCAP8wgeMGA1UENzGB2zCB2IAKYIZIAWUCAQwAAYEDAP//ooHEMIHB= gAlg hkgBZQIBCAKhgbMxgbAwGgYMYIZIAWUCAQwAAQACMAqiCAICWE0CAlhOMCIGDGCGSAFlAgEM= AAEA ATASgQIB/qIIAgJYWQICWFqGAgbAMG4GDGCGSAFlAgEMAAEAADBegQUF////4KJQAgJYQQIC= WEIC AlhDAgJYRAICWEUCAlhGAgJYRwICWEgCAlhJAgJYSgICWEsCAlhMAgJYTQICWE4CAlhPAgJY= UAIC WFECAlhSAgJYUwICWFSGAwT/8DAWBgNVHSAEDzANMAsGCWCGSAFlAgEDDzBbBgNVHR8EVDBS= MFCB AgVgokqkSDBGMQswCQYDVQQGEwJVUzETMBEGA1UEChMKTUlTU0kgVEVTVDEiMCAGA1UEAxMZ= TUlT U0kgVEVTVCBJQ1JMIEF1dGhvcml0eTAJBgcqhkjOOAQDAy8AMCwCFCLQsbgk5BCjhy1x//Fl= JCZO QJChAhQ/qAU0eT8Hu6oxyJYqWbky+kySRjCCBIswggRLoAMCAQICAgd2MAkGByqGSM44BAMw= PDEL MAkGA1UEBhMCVVMxEzARBgNVBAoTCk1JU1NJIFRFU1QxGDAWBgNVBAMTD01JU1NJIFRFU1Qg= UENB MjAeFw05NzExMTAyMzU5NTlaFw0wNTAxMjgxNjMwMzRaMDUxCzAJBgNVBAYTAlVTMRMwEQYD= VQQK EwpNSVNTSSBURVNUMREwDwYDVQQDEwhURVNUIENBMjCBkjAJBgcqhkjOOAQBA4GEAAKBgH6C= lOn7 iosLMBZOv8Ou/JXvSfsEQ08QTzlRR+i1YetBzAitMFE84/E6Sk31IjoXvgPqbtcEP6/0e09v= 1pxB nh9U5ZgVlb/akswW+pqvQyOb994BsS2ThKvc9tWfyMz6BthO00FQtbHlJI4IjUEItqQ0nM8K= 2AJJ spsqOepR0t4Oo4IDCTCCAwUwEwYDVR0jBAwwCoAIB3UAAAAAAAAwDgYDVR0PAQH/BAQDAgGG= MBIG A1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0OBAoECAd2AAAAAAAAMIGrBgNVHR4BAf8EgaAwgZ2g= gYUw QqQ9MDsxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpNSVNTSSBURVNUMRcwFQYDVQQLEw5NSVNT= SSBU RVNUIERPRIEBCjAppCQwIjELMAkGA1UEBhMCVVMxEzARBgNVBAoTCk1JU1NJIFRFU1SAAQEw= FKQP MA0xCzAJBgNVBAYTAlVTgAECoRMwEaQPMA0xCzAJBgNVBAYTAlVLMFsGA1UdHwRUMFIwUIEC= BWCi SqRIMEYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpNSVNTSSBURVNUMSIwIAYDVQQDExlNSVNT= SSBU RVNUIElDUkwgQXV0aG9yaXR5MDAGA1UdIAQpMCcwCwYJYIZIAWUCAQMPMAsGCWCGSAFlAgED= EDAL BglghkgBZQIBAxEwggF4BgNVHQkEggFvMIIBazCCAVQGCWCGSAFlAgEFPDGCAUUwggFBMIHj= BgNV BDcxgdswgdiACmCGSAFlAgEMAAGBAwD//6KBxDCBwYAJYIZIAWUCAQgCoYGzMYGwMBoGDGCG= SAFl AgEMAAEAAjAKoggCAlhNAgJYTjAiBgxghkgBZQIBDAABAAEwEoECAf6iCAICWFkCAlhahgIG= wDBu BgxghkgBZQIBDAABAAAwXoEFBf///+CiUAICWEECAlhCAgJYQwICWEQCAlhFAgJYRgICWEcC= AlhI AgJYSQICWEoCAlhLAgJYTAICWE0CAlhOAgJYTwICWFACAlhRAgJYUgICWFMCAlhUhgME//Aw= EQYJ YIZIAWUCAQU4MQQDAgD/MCUGCWCGSAFlAgEFNzEYoBYGCWCGSAFlAgEKATAJAgEAAgEDAgEI= MB8G CWCGSAFlAgEFNzESoRAGCWCGSAFlAgEKAjADAgEBMBEGCWCGSAFlAgEFODEEAwIA/zAJBgcq= hkjO OAQDAy8AMCwCFGpsPjrdsUnGzkfRj/YbOA2Am4wcAhQy/VzyF4FAZ1waTavakwQO2EQ8QDCC= BaUw ggVloAMCAQICAgd1MAkGByqGSM44BAMwTjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE1JU1NJ= IFRF U1QgVS5TLiBOQVRJT05BTDEcMBoGA1UEAxMTTUlTU0kgVEVTVCBVLlMuIFBBQTAeFw05NTEy= MzAy MzU5NTlaFw0wNTAxMjgxNjMwMzRaMDwxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpNSVNTSSBU= RVNU MRgwFgYDVQQDEw9NSVNTSSBURVNUIFBDQTIwgZIwCQYHKoZIzjgEAQOBhAACgYB+/iFaXw0+= l8O0 EF9yjLFae5Dk/AGGnVRCB/NXlRPSTkj02cHgN8Kvwev5/BwbHSNDhjxXFYwlZEwiv9vQgfYe= T4tU A4Z4WxFrMPNZsJmhnA5P5uytBh+qXFCqKnU9S06V5zJnQmDbf2b0GX7crHSNYiXhMX5mEx13= geqK Y9yAdaOCBAowggQGMBMGA1UdIwQMMAqACAAEAAAAAAAAMA4GA1UdDwEB/wQEAwIBxjAJBgNV= HSQE AjAAMBIGA1UdEwEB/wQIMAYBAf8CAQIwEQYDVR0OBAoECAd1AAAAAAAAMIGrBgNVHR4BAf8E= gaAw gZ2ggYUwQqQ9MDsxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpNSVNTSSBURVNUMRcwFQYDVQQL= Ew5N SVNTSSBURVNUIERPRIEBCjAppCQwIjELMAkGA1UEBhMCVVMxEzARBgNVBAoTCk1JU1NJIFRF= U1SA AQEwFKQPMA0xCzAJBgNVBAYTAlVTgAECoRMwEaQPMA0xCzAJBgNVBAYTAlVLMFsGA1UdHwRU= MFIw UIECBWCiSqRIMEYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpNSVNTSSBURVNUMSIwIAYDVQQD= ExlN SVNTSSBURVNUIElDUkwgQXV0aG9yaXR5MDAGA1UdIAQpMCcwCwYJYIZIAWUCAQMPMAsGCWCG= SAFl AgEDEDALBglghkgBZQIBAxEwggJuBgNVHQkEggJlMIICYTAfBglghkgBZQIBBTcxEqAQBglg= hkgB ZQIBCgEwAwIBATARBglghkgBZQIBBTgxBAMCAP8wggIpBglghkgBZQIBBTwxggIaMIICFjCB= 4wYD VQQ3MYHbMIHYgApghkgBZQIBDAABgQMA//+igcQwgcGACWCGSAFlAgEIAqGBszGBsDAaBgxg= hkgB ZQIBDAABAAIwCqIIAgJYTQICWE4wIgYMYIZIAWUCAQwAAQABMBKBAgH+oggCAlhZAgJYWoYC= BsAw bgYMYIZIAWUCAQwAAQAAMF6BBQX////golACAlhBAgJYQgICWEMCAlhEAgJYRQICWEYCAlhH= AgJY SAICWEkCAlhKAgJYSwICWEwCAlhNAgJYTgICWE8CAlhQAgJYUQICWFICAlhTAgJYVIYDBP/w= MIHM BgNVBDcxgcQwgcGACmCGSAFlAgEMAAKBAgF+ooGuMIGrgAlghkgBZQIBCAKhgZ0xgZowIgYM= YIZI AWUCAQwAAgACMBKiDAICUUoCAlFLAgJRTIYCBeAwOAYMYIZIAWUCAQwAAgAAMCiBBAb//8Ci= HAIC WEECAlhCAgJYQwICWEQCAlhFAgJYRgICWEeGAgXgMDoGDGCGSAFlAgEMAAIAATAqgQID+KIg= AgJR QQICUUICAlFDAgJRRAICUUUCAlFGAgJRRwICUUiGAgXgMCgGCWCGSAFlAgEFNzEboBkGCWCG= SAFl AgEKATAMAgEAAgEBAgEDAgEIMCIGCWCGSAFlAgEFNzEVoRMGCWCGSAFlAgEKAjAGAgEBAgEF= MBEG CWCGSAFlAgEFODEEAwIA/zAJBgcqhkjOOAQDAy8AMCwCFBhwe5izGNP1SVIjql2Srzy8N03x= AhR1 L0FVA6bTmhcaOCGwPgGV3uwYlaEAMYIBqTCCAaUCAQEwOzA1MQswCQYDVQQGEwJVUzETMBEG= A1UE ChMKTUlTU0kgVEVTVDERMA8GA1UEAxMIVEVTVCBDQTICAgeCMAcGBSsOAwIaoIIBHTAYBgkq= hkiG 9w0BCQMxCwYJKoZIhvcNAQcBMCMGCSqGSIb3DQEJBDEWBBT/dQJym6ubkFquFTihzFeMuCec= gTBU BgsqhkiG9w0BCRACAjFFMUMCAQEGByoDBAUGBwgxNTAzgAgqAwQFBgeGeKEnEyVCT0IgVEhJ= UyBJ UyBBIFRFU1QgU0VDVVJJVFktQ0FURUdPUlkuMIGFBgsqhkiG9w0BCRACATF2MHQEFklEIEZP= UiBW REEgU0ZMIFNNSU1FIDOAAQAwVzBVpFMwUTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCk1JU1NJ= IFRF U1QxFzAVBgNVBAsTDk1JU1NJIFRFU1QgRE9EMRQwEgYDVQQDEwtUZXN0IFVzZXIgMzAJBgcq= hkjO OAQDBC4wLAIUhGUnSrqg/u2J7E6R6z0EujcIoHUCFGSM6Z/U08Mrsduaz2JNSGGwE7SV ------_=_NextPart_000_01BEF00B.32DD9DE6 Content-Type: application/octet-stream; name="SignedData1.out" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="SignedData1.out" MIIVfAIBATEJMAcGBSsOAwIaMF0GCSqGSIb3DQEHAaBQBE5UaGlzIGlzIHRoZSB0aW1lIGZvciBh bGwgZ29vZCBtZW4gKGFuZCB3b21lbikgdG8gY29tZSB0byB0aGUgYWlkIG9mIHRoZSBwYXJ0eS6g ghNcMIICZjCCAiWgAwIBAgICB4IwCQYHKoZIzjgEAzA1MQswCQYDVQQGEwJVUzETMBEGA1UEChMK TUlTU0kgVEVTVDERMA8GA1UEAxMIVEVTVCBDQTIwHhcNOTUxMjMwMjM1OTU5WhcNMDUwMTI4MTYz MDM0WjBRMQswCQYDVQQGEwJVUzETMBEGA1UEChMKTUlTU0kgVEVTVDEXMBUGA1UECxMOTUlTU0kg VEVTVCBET0QxFDASBgNVBAMTC1Rlc3QgVXNlciAzMIGTMAkGByqGSM44BAEDgYUAAoGBAJXBT4IO zd6CILCIh4VxYn2E2PNmICWewXuAY24Yzhmm3A/X8H+OQ6gzZpeFOA0W5Czyr4FLShQpKmUt5DRd 5lR9H7MCukq4NL93DYo9e2b9EMqhVOEu3hjpyIpSw3Pb12XKiGKgfp3AHkRD09K2TVf5afbqrqq/ paYiWfrckwBjo4HOMIHLMBMGA1UdIwQMMAqACAd2AAAAAAAAMBEGA1UdDgQKBAgHggAAAAAAADAO BgNVHQ8BAf8EBAMCBsAwFgYDVR0gBA8wDTALBglghkgBZQIBAw8wHAYDVR0JBBUwEzARBglghkgB ZQIBBTgxBAMCAP8wWwYDVR0fBFQwUjBQgQIFYKJKpEgwRjELMAkGA1UEBhMCVVMxEzARBgNVBAoT Ck1JU1NJIFRFU1QxIjAgBgNVBAMTGU1JU1NJIFRFU1QgSUNSTCBBdXRob3JpdHkwCQYHKoZIzjgE AwMwADAtAhUAjygmUoEuLG+iX7JbVeyG0TUxB2oCFCFn6WWumNI69xiGAQxon/AghvxAMIIDVzCC AxsCAQAwCwYJYIZIAWUCAQETME4xCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhNSVNTSSBURVNUIFUu Uy4gTmF0aW9uYWwxHDAaBgNVBAMTE01JU1NJIFRFU1QgVS5TLiBQQUEwGhcLOTYxMDExMTQyMFoX CzI3MTAwOTEyMDBaME4xCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhNSVNTSSBURVNUIFUuUy4gTmF0 aW9uYWwxHDAaBgNVBAMTE01JU1NJIFRFU1QgVS5TLiBQQUEwggJLMIIBLwYJYIZIAWUCAQEUoYIB IDCCARwEgYDUOALFNXvVC6F+XXJZY1XTRVbq4iUaa8Wkq6oL1GK00iGxlaLGAcnD+gFveYaDPQNh 4fGSrLwDTomjyVNK9+KmSM9CHiGxXCs6f7q+a1r3CibYjhvr7L8eWj9FwL0xI75pcafCkP6l1oC1 JNxEnOtN+drwyOiiTJkHXI41K31XjQQUp4Ob870sIAf8TOfon/M5g1EN3N0EgYAOO0YxigpYhkCE 46EiDYjKkIhXZJ8BIeAVBZQkguIQkNnhThBc51Rr1AwrG1kKoLWhfbUH42V86pDYjjBC5IW7rPpO dkt4Dt9s5abhvVl3faaXWcUpp7M/lT6d8Vkt90KHYj/xuG/HPUu4jXTEykSQz2fb3hRgl0rR922e CZTEDQOCARQAAAEABAAAAAAAAAAAAICC+ldnLmFejjokxfMilPbVHqg3P1u/NVo/83yUUkVF459b 8Kt57diyp62gH54qCM8tPHUS/2fScAGg/kssV8M0cqKfB7lYA1XQzj8Frv58efg0q6ItDfddHCHP /OjcwHVf+XA/GVP6Ergwlj9qlSkJmgnKAYKmbnI9PbRwUnTP0wACMACAQGnggUTKpIq7ybedmxna 8lSf+UEnt26j2ZoVyMiFQwKsigmQbEOd9wIENEGPuS8gk6dYPicNIm6OgSyq+fZlqgvanTcZQjOG wQBHE+iQbdVeHBRKS+0j8MC9zE0zheueV+TZLa53s66PdwRXIUS8MNeESdW0r00+F+REenb45Hkw CwYJYIZIAWUCAQETAykAELGD3UAAR6dE2BiV1FFK2ZQV+O4rGuPyfQMd740Fljm2R9nyEEbDBDCC A1swggMboAMCAQICAgeAMAkGByqGSM44BAMwNTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCk1JU1NJ IFRFU1QxETAPBgNVBAMTCFRFU1QgQ0EyMB4XDTk1MTIzMDIzNTk1OVoXDTA1MDEyODE2MzAzNFow UTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCk1JU1NJIFRFU1QxFzAVBgNVBAsTDk1JU1NJIFRFU1Qg RE9EMRQwEgYDVQQDEwtUZXN0IFVzZXIgMTCBnTAXBglghkgBZQIBARYECi71QW52QxdKRHADgYEA UPwy8YbxkMAygwTf2hEf0srXavfpvihlnFH3YiPJj0LBRea+A01R7kJpDVrSQdDA+d+uabFFWryq 8O/6SlrguP4ApKdqG9heU39JMGk9PDj4dS6Go3+924pPcdHSnMiKS6ojSWYNQjla/+XOKe6DKZi3 jprAHq7Q+dZEVMp8Yk+jggG5MIIBtTATBgNVHSMEDDAKgAgHdgAAAAAAADAOBgNVHQ8BAf8EBAMC AygwEQYDVR0OBAoECAeAAAAAAAAAMIIBBAYDVR0JBIH8MIH5MBEGCWCGSAFlAgEFODEEAwIA/zCB 4wYDVQQ3MYHbMIHYgApghkgBZQIBDAABgQMA//+igcQwgcGACWCGSAFlAgEIAqGBszGBsDAaBgxg hkgBZQIBDAABAAIwCqIIAgJYTQICWE4wIgYMYIZIAWUCAQwAAQABMBKBAgH+oggCAlhZAgJYWoYC BsAwbgYMYIZIAWUCAQwAAQAAMF6BBQX////golACAlhBAgJYQgICWEMCAlhEAgJYRQICWEYCAlhH AgJYSAICWEkCAlhKAgJYSwICWEwCAlhNAgJYTgICWE8CAlhQAgJYUQICWFICAlhTAgJYVIYDBP/w MBYGA1UdIAQPMA0wCwYJYIZIAWUCAQMPMFsGA1UdHwRUMFIwUIECBWCiSqRIMEYxCzAJBgNVBAYT AlVTMRMwEQYDVQQKEwpNSVNTSSBURVNUMSIwIAYDVQQDExlNSVNTSSBURVNUIElDUkwgQXV0aG9y aXR5MAkGByqGSM44BAMDLwAwLAIUItCxuCTkEKOHLXH/8WUkJk5AkKECFD+oBTR5Pwe7qjHIlipZ uTL6TJJGMIIEizCCBEugAwIBAgICB3YwCQYHKoZIzjgEAzA8MQswCQYDVQQGEwJVUzETMBEGA1UE ChMKTUlTU0kgVEVTVDEYMBYGA1UEAxMPTUlTU0kgVEVTVCBQQ0EyMB4XDTk3MTExMDIzNTk1OVoX DTA1MDEyODE2MzAzNFowNTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCk1JU1NJIFRFU1QxETAPBgNV BAMTCFRFU1QgQ0EyMIGSMAkGByqGSM44BAEDgYQAAoGAfoKU6fuKiwswFk6/w678le9J+wRDTxBP OVFH6LVh60HMCK0wUTzj8TpKTfUiOhe+A+pu1wQ/r/R7T2/WnEGeH1TlmBWVv9qSzBb6mq9DI5v3 3gGxLZOEq9z21Z/IzPoG2E7TQVC1seUkjgiNQQi2pDSczwrYAkmymyo56lHS3g6jggMJMIIDBTAT BgNVHSMEDDAKgAgHdQAAAAAAADAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAR BgNVHQ4ECgQIB3YAAAAAAAAwgasGA1UdHgEB/wSBoDCBnaCBhTBCpD0wOzELMAkGA1UEBhMCVVMx EzARBgNVBAoTCk1JU1NJIFRFU1QxFzAVBgNVBAsTDk1JU1NJIFRFU1QgRE9EgQEKMCmkJDAiMQsw CQYDVQQGEwJVUzETMBEGA1UEChMKTUlTU0kgVEVTVIABATAUpA8wDTELMAkGA1UEBhMCVVOAAQKh EzARpA8wDTELMAkGA1UEBhMCVUswWwYDVR0fBFQwUjBQgQIFYKJKpEgwRjELMAkGA1UEBhMCVVMx EzARBgNVBAoTCk1JU1NJIFRFU1QxIjAgBgNVBAMTGU1JU1NJIFRFU1QgSUNSTCBBdXRob3JpdHkw MAYDVR0gBCkwJzALBglghkgBZQIBAw8wCwYJYIZIAWUCAQMQMAsGCWCGSAFlAgEDETCCAXgGA1Ud CQSCAW8wggFrMIIBVAYJYIZIAWUCAQU8MYIBRTCCAUEwgeMGA1UENzGB2zCB2IAKYIZIAWUCAQwA AYEDAP//ooHEMIHBgAlghkgBZQIBCAKhgbMxgbAwGgYMYIZIAWUCAQwAAQACMAqiCAICWE0CAlhO MCIGDGCGSAFlAgEMAAEAATASgQIB/qIIAgJYWQICWFqGAgbAMG4GDGCGSAFlAgEMAAEAADBegQUF ////4KJQAgJYQQICWEICAlhDAgJYRAICWEUCAlhGAgJYRwICWEgCAlhJAgJYSgICWEsCAlhMAgJY TQICWE4CAlhPAgJYUAICWFECAlhSAgJYUwICWFSGAwT/8DARBglghkgBZQIBBTgxBAMCAP8wJQYJ YIZIAWUCAQU3MRigFgYJYIZIAWUCAQoBMAkCAQACAQMCAQgwHwYJYIZIAWUCAQU3MRKhEAYJYIZI AWUCAQoCMAMCAQEwEQYJYIZIAWUCAQU4MQQDAgD/MAkGByqGSM44BAMDLwAwLAIUamw+Ot2xScbO R9GP9hs4DYCbjBwCFDL9XPIXgUBnXBpNq9qTBA7YRDxAMIIFpTCCBWWgAwIBAgICB3UwCQYHKoZI zjgEAzBOMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTUlTU0kgVEVTVCBVLlMuIE5BVElPTkFMMRww GgYDVQQDExNNSVNTSSBURVNUIFUuUy4gUEFBMB4XDTk1MTIzMDIzNTk1OVoXDTA1MDEyODE2MzAz NFowPDELMAkGA1UEBhMCVVMxEzARBgNVBAoTCk1JU1NJIFRFU1QxGDAWBgNVBAMTD01JU1NJIFRF U1QgUENBMjCBkjAJBgcqhkjOOAQBA4GEAAKBgH7+IVpfDT6Xw7QQX3KMsVp7kOT8AYadVEIH81eV E9JOSPTZweA3wq/B6/n8HBsdI0OGPFcVjCVkTCK/29CB9h5Pi1QDhnhbEWsw81mwmaGcDk/m7K0G H6pcUKoqdT1LTpXnMmdCYNt/ZvQZftysdI1iJeExfmYTHXeB6opj3IB1o4IECjCCBAYwEwYDVR0j BAwwCoAIAAQAAAAAAAAwDgYDVR0PAQH/BAQDAgHGMAkGA1UdJAQCMAAwEgYDVR0TAQH/BAgwBgEB /wIBAjARBgNVHQ4ECgQIB3UAAAAAAAAwgasGA1UdHgEB/wSBoDCBnaCBhTBCpD0wOzELMAkGA1UE BhMCVVMxEzARBgNVBAoTCk1JU1NJIFRFU1QxFzAVBgNVBAsTDk1JU1NJIFRFU1QgRE9EgQEKMCmk JDAiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKTUlTU0kgVEVTVIABATAUpA8wDTELMAkGA1UEBhMC VVOAAQKhEzARpA8wDTELMAkGA1UEBhMCVUswWwYDVR0fBFQwUjBQgQIFYKJKpEgwRjELMAkGA1UE BhMCVVMxEzARBgNVBAoTCk1JU1NJIFRFU1QxIjAgBgNVBAMTGU1JU1NJIFRFU1QgSUNSTCBBdXRo b3JpdHkwMAYDVR0gBCkwJzALBglghkgBZQIBAw8wCwYJYIZIAWUCAQMQMAsGCWCGSAFlAgEDETCC Am4GA1UdCQSCAmUwggJhMB8GCWCGSAFlAgEFNzESoBAGCWCGSAFlAgEKATADAgEBMBEGCWCGSAFl AgEFODEEAwIA/zCCAikGCWCGSAFlAgEFPDGCAhowggIWMIHjBgNVBDcxgdswgdiACmCGSAFlAgEM AAGBAwD//6KBxDCBwYAJYIZIAWUCAQgCoYGzMYGwMBoGDGCGSAFlAgEMAAEAAjAKoggCAlhNAgJY TjAiBgxghkgBZQIBDAABAAEwEoECAf6iCAICWFkCAlhahgIGwDBuBgxghkgBZQIBDAABAAAwXoEF Bf///+CiUAICWEECAlhCAgJYQwICWEQCAlhFAgJYRgICWEcCAlhIAgJYSQICWEoCAlhLAgJYTAIC WE0CAlhOAgJYTwICWFACAlhRAgJYUgICWFMCAlhUhgME//AwgcwGA1UENzGBxDCBwYAKYIZIAWUC AQwAAoECAX6iga4wgauACWCGSAFlAgEIAqGBnTGBmjAiBgxghkgBZQIBDAACAAIwEqIMAgJRSgIC UUsCAlFMhgIF4DA4BgxghkgBZQIBDAACAAAwKIEEBv//wKIcAgJYQQICWEICAlhDAgJYRAICWEUC AlhGAgJYR4YCBeAwOgYMYIZIAWUCAQwAAgABMCqBAgP4oiACAlFBAgJRQgICUUMCAlFEAgJRRQIC UUYCAlFHAgJRSIYCBeAwKAYJYIZIAWUCAQU3MRugGQYJYIZIAWUCAQoBMAwCAQACAQECAQMCAQgw IgYJYIZIAWUCAQU3MRWhEwYJYIZIAWUCAQoCMAYCAQECAQUwEQYJYIZIAWUCAQU4MQQDAgD/MAkG ByqGSM44BAMDLwAwLAIUGHB7mLMY0/VJUiOqXZKvPLw3TfECFHUvQVUDptOaFxo4IbA+AZXe7BiV oQAxggGpMIIBpQIBATA7MDUxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpNSVNTSSBURVNUMREwDwYD VQQDEwhURVNUIENBMgICB4IwBwYFKw4DAhqgggEdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw IwYJKoZIhvcNAQkEMRYEFP91AnKbq5uQWq4VOKHMV4y4J5yBMFQGCyqGSIb3DQEJEAICMUUxQwIB AQYHKgMEBQYHCDE1MDOACCoDBAUGB4Z4oScTJUJPQiBUSElTIElTIEEgVEVTVCBTRUNVUklUWS1D QVRFR09SWS4wgYUGCyqGSIb3DQEJEAIBMXYwdAQWSUQgRk9SIFZEQSBTRkwgU01JTUUgM4ABADBX MFWkUzBRMQswCQYDVQQGEwJVUzETMBEGA1UEChMKTUlTU0kgVEVTVDEXMBUGA1UECxMOTUlTU0kg VEVTVCBET0QxFDASBgNVBAMTC1Rlc3QgVXNlciAzMAkGByqGSM44BAMELjAsAhSEZSdKuqD+7Yns TpHrPQS6NwigdQIUZIzpn9TTwyux25rPYk1IYbATtJU= ------_=_NextPart_000_01BEF00B.32DD9DE6-- From owner-ietf-smime-examples Tue Aug 31 14:23:35 1999 Received: by mail.proper.com (8.9.3/8.9.3) id OAA09110 for ietf-smime-examples-bks; Tue, 31 Aug 1999 14:23:35 -0700 (PDT) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id OAA09106 for ; Tue, 31 Aug 1999 14:23:34 -0700 (PDT) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2448.0) id ; Tue, 31 Aug 1999 17:27:45 -0400 Message-ID: <33BD629222C0D211B6DB0060085ACF31360B2F@WFHQEX03> From: "Pawling, John" To: "'Tom Kung'" , "'ietf-smime-examples@imc.org'" Subject: More RE: interop testing data Date: Tue, 31 Aug 1999 17:27:46 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: All, Upon further examination of Tom's data, we found a discrepancy between the receiptRequest signed attribute included in Tom's ASN.1 encoded signedData and the description of that attribute in Tom's attrib.txt file. 1) Entrust's attrib.txt file stated: RECEIPTREQUEST: -- AllOrFirstTier: -1 -- ReceiptsFrom: ---- (0, 0): 'receiptsFrom1' of type: 1 -- ReceiptsTo: ---- (0, 0): 'receiptsFrom1' of type: 1 ---- (0, 1): 'receiptsTo1' of type: 1 The ASN.1 encoded signedData object only includes "receiptsTo1" in the ReceiptsTo field, "receiptsFrom1" is not present in the ReceiptsTo field. - John Pawling -----Original Message----- From: Pawling, John Sent: Thursday, August 26, 1999 5:27 PM To: 'Tom Kung'; 'ietf-smime-examples@imc.org' Subject: RE: interop testing data All, We were able to use the S/MIME Freeware Library (SFL) to verify the signature of Tom's signedData object. We successfully decoded all of the signed attributes described in Tom's attrib.txt file except that we still need to add support in the SFL for the sMIMEEncryptionKeyPreference attribute, so the SFL did not fully decode that attribute (it ignored it). ============================================ John Pawling, Director - Systems Engineering J.G. Van Dyke & Associates, Inc., a Wang Government Services Company jsp@jgvandyke.com ============================================ -----Original Message----- From: Tom Kung [mailto:Tom.Kung@entrust.com] Sent: Thursday, August 26, 1999 3:07 PM To: 'ietf-smime-examples@imc.org' Subject: interop testing data > Goodays, > > I would like to conduct some interoperability testing with the SMIMEv3 > spec and as such I have attached the following files: > > conInfo.txt > * ContentInfo structure that contains a SignedData item > * SignedData item contains CA, signing and encryption > certificates > * SHA1-RSA digitally signed > attribs.txt > * lists the attributes and its values contained in conInfo.txt > > > Please do not hesitate to contact me if there are any problems with > decoding this file. > > <> <> > > From owner-ietf-smime-examples Tue Aug 31 15:14:37 1999 Received: by mail.proper.com (8.9.3/8.9.3) id PAA09846 for ietf-smime-examples-bks; Tue, 31 Aug 1999 15:14:37 -0700 (PDT) Received: from wfhqex05.wangfed.com (netva01.wangfed.com [206.137.100.2]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id PAA09842 for ; Tue, 31 Aug 1999 15:14:36 -0700 (PDT) Received: by wfhqex05.wangfed.com with Internet Mail Service (5.5.2448.0) id ; Tue, 31 Aug 1999 18:18:48 -0400 Message-ID: <33BD629222C0D211B6DB0060085ACF31360B32@WFHQEX03> From: "Pawling, John" To: "'ietf-smime-examples@imc.org'" Subject: RE: SHA1-WITH-DSA SignedData Date: Tue, 31 Aug 1999 18:18:49 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: All, Please ignore the test message that I sent in the attached message. I just realized that the SignedData object that we created includes the PAA (i.e. root) cert obtained from the Fortezza Card used to sign the SignedData object. The PAA cert on the card is a kludge v1 MISSI cert. I believe that we can get an equivalent v3 PAA cert that is properly encoded. There is also a negative INTEGER R value in the SignedData signature value. Once we correct the problems in the message, we will send a new one. Paul: Here is one of those erroneous messages that you were looking for:) Sorry for any inconvenience that this may have caused, - John Pawling -----Original Message----- From: Pawling, John Sent: Thursday, August 26, 1999 5:38 PM To: 'ietf-smime-examples@imc.org' Subject: SHA1-WITH-DSA SignedData All, Attached is a signedData object (MIME wrapped (.eml) and just ASN.1 encoded (.out)) produced using the S/MIME Freeware Library. The signedData was hashed using SHA-1 and signed using DSA. It includes a variety of signed attributes. It includes the complete cert path for the signer. The cert path includes the self-signed root (i.e. PAA) certificate which contains the DSA parameters. As stated in RFC 2459, if the DSA parameters are absent from a subject's cert, then the DSA parameters of the issuer's cert are used in conjunction with the subject's public DSA key to verify signatures signed using the subject's private DSA key (i.e. the subject inherits the parameters of the issuer). You can use the signer's DSA public key from the signer's certificate in conjunction with the DSA parameters from the PAA cert to verify the signature of the attached signedData object. We don't normally include the self-signed root in signedData objects that we produce, but it is included here for convenience of the testing. An extra cert (Key Exchange Algorithm) is also included in the signedData. More test messages will follow. ============================================ John Pawling, Director - Systems Engineering J.G. Van Dyke & Associates, Inc., a Wang Government Services Company jsp@jgvandyke.com ============================================ From owner-ietf-smime-examples Wed Sep 1 07:30:58 1999 Received: (from majordomo@localhost) by mail.proper.com (8.9.3/8.9.3) id HAA22520 for ietf-smime-examples-bks; Wed, 1 Sep 1999 07:30:58 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.9.3/8.9.3) with SMTP id HAA22516 for ; Wed, 1 Sep 1999 07:30:57 -0700 (PDT) Received: id KAA11078; Wed, 1 Sep 1999 10:30:12 -0400 Received: by gateway id ; Wed, 1 Sep 1999 10:32:50 -0400 Message-ID: From: Tom Kung To: Tom Kung , "'ietf-smime-examples@imc.org'" , "'Pawling, John'" Subject: RE: More RE: interop testing data Date: Wed, 1 Sep 1999 10:32:47 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01BEF486.DD9E0BB0" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01BEF486.DD9E0BB0 Content-Type: text/plain Hi John, Thanks for the examination and response. There is indeed a discreptancy and it is now fixed - the ReceiptRequest::ReceiptsTo only contains the one element ("receiptsTo1") as identified in your email. I updated the attribs.txt to reflect this fact. All other attributes are unchanged. Sorry for the inconvenience. <> <> ----------------------------------------------------- Mark your calendars now for Entrust SecureSummit 2000 May 1-4 2000 in Dallas TX > ---------- > From: Pawling, John[SMTP:jsp@jgvandyke.com] > Sent: Tuesday, August 31, 1999 5:27 PM > To: 'Tom Kung'; 'ietf-smime-examples@imc.org' > Subject: More RE: interop testing data > > All, > > Upon further examination of Tom's data, we found a discrepancy between the > receiptRequest signed attribute included in Tom's ASN.1 encoded signedData > and the description of that attribute in Tom's attrib.txt file. > > 1) Entrust's attrib.txt file stated: > > RECEIPTREQUEST: > -- AllOrFirstTier: -1 > -- ReceiptsFrom: > ---- (0, 0): 'receiptsFrom1' of type: 1 > -- ReceiptsTo: > ---- (0, 0): 'receiptsFrom1' of type: 1 > ---- (0, 1): 'receiptsTo1' of type: 1 > > The ASN.1 encoded signedData object only includes "receiptsTo1" in the > ReceiptsTo field, "receiptsFrom1" is not present in the ReceiptsTo field. > > - John Pawling > > > -----Original Message----- > From: Pawling, John > Sent: Thursday, August 26, 1999 5:27 PM > To: 'Tom Kung'; 'ietf-smime-examples@imc.org' > Subject: RE: interop testing data > > > All, > > We were able to use the S/MIME Freeware Library (SFL) to verify the > signature of Tom's signedData object. We successfully decoded all of the > signed attributes described in Tom's attrib.txt file except that we still > need to add support in the SFL for the sMIMEEncryptionKeyPreference > attribute, so the SFL did not fully decode that attribute (it ignored it). > > > ============================================ > John Pawling, Director - Systems Engineering > J.G. Van Dyke & Associates, Inc., > a Wang Government Services Company > jsp@jgvandyke.com > ============================================ > > -----Original Message----- > From: Tom Kung [mailto:Tom.Kung@entrust.com] > Sent: Thursday, August 26, 1999 3:07 PM > To: 'ietf-smime-examples@imc.org' > Subject: interop testing data > > > > > Goodays, > > > > I would like to conduct some interoperability testing with the SMIMEv3 > > spec and as such I have attached the following files: > > > > conInfo.txt > > * ContentInfo structure that contains a SignedData item > > * SignedData item contains CA, signing and encryption > > certificates > > * SHA1-RSA digitally signed > > attribs.txt > > * lists the attributes and its values contained in conInfo.txt > > > > > > Please do not hesitate to contact me if there are any problems with > > decoding this file. > > > > <> <> > > > > > ------_=_NextPart_000_01BEF486.DD9E0BB0 Content-Type: text/plain; name="conInfo.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="conInfo.txt" MIINTAYJKoZIhvcNAQcCoIINPTCCDTkCAQExCzAJBgUrDgMCGgUAMCkGCSqGSIb3DQEHAaAcBBpU aGlzIGlzIGEgZHVtbXkgdGVzdCBmaWxlLqCCCPkwggMaMIICg6ADAgECAgQySDF6MA0GCSqGSIb3 DQEBBQUAMDExCzAJBgNVBAYTAkNBMRAwDgYDVQQKEwdFbnRydXN0MRAwDgYDVQQLEwdSIGFuZCBE MB4XDTk5MDgxMDE4MTYxOVoXDTAwMDIxMDE4NDYxOVowVDELMAkGA1UEBhMCQ0ExEDAOBgNVBAoT B0VudHJ1c3QxEDAOBgNVBAsTB1IgYW5kIEQxITAOBgNVBAUTBzFFVFhLMDEwDwYDVQQDEwhUb20g S3VuZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnpLWizU7lyBx10WngOvfQoHiKoN+XIdh jOuFzSnCFZVd6eQZTGmXKPgnKo/vJOGgE/2QVTM1CTHNqAyRnbR8AuH3x3p/nnWcAWug4EJBGIk4 vKkbaTNNN0jBUvXnF6HweHMNonQ/XU5v/eguxRHf1LwncRVB9nw342058W577JkCAwEAAaOCARow ggEWMB8GA1UdEQQYMBaBFHRvbS5rdW5nQGVudHJ1c3QuY29tMFMGA1UdHwRMMEowSKBGoESkQjBA MQswCQYDVQQGEwJDQTEQMA4GA1UEChMHRW50cnVzdDEQMA4GA1UECxMHUiBhbmQgRDENMAsGA1UE AxMEQ1JMODArBgNVHRAEJDAigA8xOTk5MDgxMDE4MTYxOVqBDzE5OTkxMjE3MTMxNjE5WjALBgNV HQ8EBAMCB4AwHwYDVR0jBBgwFoAUWFzTdvBmCxICvAnGYyj6yzb7GLQwHQYDVR0OBBYEFHSJxph3 9WcQgCXWIJy2HniOtsFTMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJ KoZIhvcNAQEFBQADgYEAkDfthodx/rNST9oNB71WxrUdoF/XTBY8Nlg2R5Q/BrzvFDNiZZk/Pi7/ GMKKl9vJqE9n+D62/YksCeUdroWXw4HCs6sfnwgCmto/F3PN3Cwyki9E9IValEnqfjV2DvFFbBAp n/uto7kmGzX5DVh+po7niMjsa38ll0KKAoDjZBUwggLpMIICUqADAgECAgQySCnfMA0GCSqGSIb3 DQEBBQUAMDExCzAJBgNVBAYTAkNBMRAwDgYDVQQKEwdFbnRydXN0MRAwDgYDVQQLEwdSIGFuZCBE MB4XDTk5MDYwNzEzMTEwMloXDTk5MTIwNzEzNDEwMlowVDELMAkGA1UEBhMCQ0ExEDAOBgNVBAoT B0VudHJ1c3QxEDAOBgNVBAsTB1IgYW5kIEQxITAOBgNVBAUTBzFFVFhLMDEwDwYDVQQDEwhUb20g S3VuZzCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAk4JNUYrVZjeorrcxIvkWjJNphcFakp4d ThiKvkaf4bi4R+8lopQrW3FYeITDQRn3DJer/pdblJa5x+eOPXAH842U/iREMGMp5s0bhJE5gVPh irWytLjAyqCh7b/RSRcJC2eet7Dk/EEGS7enJ+Be/iTf/fSAp7oa/VW7qGXZmjcCAQOjgewwgekw HwYDVR0RBBgwFoEUdG9tLmt1bmdAZW50cnVzdC5jb20wUwYDVR0fBEwwSjBIoEagRKRCMEAxCzAJ BgNVBAYTAkNBMRAwDgYDVQQKEwdFbnRydXN0MRAwDgYDVQQLEwdSIGFuZCBEMQ0wCwYDVQQDEwRD Ukw3MAsGA1UdDwQEAwIFIDAfBgNVHSMEGDAWgBRYXNN28GYLEgK8CcZjKPrLNvsYtDAdBgNVHQ4E FgQUuxHvKH3BcR7RgLg8Oi3Xp959WZQwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNC4w AwIEkDANBgkqhkiG9w0BAQUFAAOBgQClRrRHpfTppx2L5N2DG5JT5iaeKp7UjfnjzhXW9MAcMw4V TJscqf4zHo/bmRlLm+nGfVCbsPiasK8JaAuSEHzce6lcharyk1HQDU0Zk1fU5z0YqZD1ps6nfFl6 C/oLzQgQkb2clhCDJXxcmGwcmbtdHQoF2mtbeU04IcRjiZDrMDCCAuowggJToAMCAQICBDJIDggw DQYJKoZIhvcNAQEFBQAwMTELMAkGA1UEBhMCQ0ExEDAOBgNVBAoTB0VudHJ1c3QxEDAOBgNVBAsT B1IgYW5kIEQwHhcNOTgwNTE1MTcxNzEyWhcNMTgwNTE1MTc0NzEyWjAxMQswCQYDVQQGEwJDQTEQ MA4GA1UEChMHRW50cnVzdDEQMA4GA1UECxMHUiBhbmQgRDCBnTANBgkqhkiG9w0BAQEFAAOBiwAw gYcCgYEAs54ayHV4JJh8VEoRwl4kcbeJAia+cWfg1bkjFBygDoe0tGKM5Tfql/f+pln2UOSO9Z0U HS0auPKCVcxV/Ah5BFrkrvOc8RzRHUC64FNq+bqbdaLgpVWc6wxHgsVk/9rUNfVKjh7NN5uHC4jB aDfRSZH4m11WOnw9MaEe4c+LEB8CAQOjggEPMIIBCzARBglghkgBhvhCAQEEBAMCAAcwUwYDVR0f BEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAkNBMRAwDgYDVQQKEwdFbnRydXN0MRAwDgYDVQQLEwdS IGFuZCBEMQ0wCwYDVQQDEwRDUkwxMCsGA1UdEAQkMCKADzE5OTgwNTE1MTcxNzEyWoEPMjAxODA1 MTUxNzQ3MTJaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRYXNN28GYLEgK8CcZjKPrLNvsYtDAd BgNVHQ4EFgQUWFzTdvBmCxICvAnGYyj6yzb7GLQwDAYDVR0TBAUwAwEB/zAZBgkqhkiG9n0HQQAE DDAKGwRWNC4wAwIEkDANBgkqhkiG9w0BAQUFAAOBgQBaUlJ6/LGSqTsuEAW+itNlGggTWd6n8WuC LXXHjM4D3AwQXU8PCwcf9IrRKdvazqirctq/IG55VFgeLq6hbbUNpYSh/nAxhQqpUdsxwzSY8KSy PZPeegeGwi2jTRQfs/vNaPUNKXBCfgpvvhG5xKXmHl4mSqh/BVBLXxWi4uN/yjGCA/0wggP5AgEB MDkwMTELMAkGA1UEBhMCQ0ExEDAOBgNVBAoTB0VudHJ1c3QxEDAOBgNVBAsTB1IgYW5kIEQCBDJI MXowCQYFKw4DAhoFAKCCAxowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx DxcNOTkwODI2MTU1MzI4WjAjBgkqhkiG9w0BCQQxFgQULOjrwfpE3WawZuDTFUQbeKSFIt0wKAYL KoZIhvcNAQkQAgIxGTEXBgEpAgEBEw9wcml2YWN5TWFyayBPbmUwNwYLKoZIhvcNAQkQAgExKDAm BAChETAPgQ1yZWNlaXB0c0Zyb20xMA8wDYELcmVjZWlwdHNUbzEwQAYBWzE7oDkwMTELMAkGA1UE BhMCQ0ExEDAOBgNVBAoTB0VudHJ1c3QxEDAOBgNVBAsTB1IgYW5kIEQCBDJIKd8wQwYLKoZIhvcN AQkQAgkxNDAyMRcGASkCAQETD3ByaXZhY3lNYXJrIE9uZTEXBgFSAgECEw9wcml2YWN5TWFyayBU d28wRwYLKoZIhvcNAQkQAgcxOAQ2MkgxelRodSBBdWcgMjYgMTE6NTM6MjggMTk5OQpXSytxnAns 3eZfTWnHmED14JX/yrWB2GICMIGMBgsqhkiG9w0BCRACAzF9MHsweTA5MDExCzAJBgNVBAYTAkNB MRAwDgYDVQQKEwdFbnRydXN0MRAwDgYDVQQLEwdSIGFuZCBEAgQySDF6GA8xOTk5MDgyNjE1NTMy OFqiKzAPgQ1yZWNlaXB0c0Zyb20xMBiBDXJlY2VpcHRzRnJvbTGBB2luQWRkVG8wgfgGCSqGSIb3 DQEJDzGB6jCB5zAPBgkqhkiG9n0HQgoCAgCAMA4GCSqGSIb2fQdCCgIBKDANBggqhkiG9w0DAgIB OjAOBggqhkiG9w0DAgICAKAwCgYIKoZIhvcNAwcwBwYFKw4DAgcwDQYLKwYBBAGBPAcBAQIwBwYF Kw4DAhowCgYIKoZIhvcNAgUwCwYJKoZIhvcNAQEBMAsGCSqGSIb3DQEBBzAJBgcqhkjOOAQBMAkG ByqGSM49AgEwCwYJKoZIhvcNAQEFMAsGCSqGSIb3DQEBBDAJBgcqhkjOOAQDMAkGByqGSM49BAEw DAYKKoZIhvcNAQkPATANBgkqhkiG9w0BAQEFAASBgG/vSRIYr4QIJ5Jtm3trQIYc8KQbGWTdxkgq XO/3R+QIse6Mn6aDaTWrLH6c9cr7uDxYu0F6jAa8nb0A3gsNhzBBn4Psa0dim6arNPMJtypyFv9w wLpxYtbBhpq9EvYjEHx6hAlt8y3ShWSG8srDsKTq5Q6y68ih34oPLOs9MH1K ------_=_NextPart_000_01BEF486.DD9E0BB0 Content-Type: text/plain; name="attribs.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="attribs.txt" Originator: serialNumber=3D1ETXK01+cn=3DTom Kung,ou=3DR and D = o=3DEntrust,c=3DCA =09 Unprotect Sequence Attributes: =09 CONTENTTYPE (oid): 1.2.840.113549.1.7.1 =09 SIGNINGTIME: Thu Aug 26 11:53:28 1999 =09 MESSAGEDIGEST (HEX): 2CE8EBC1FA44DD66B066E0D315441B78A48522DD =09 ESSECURITYLABEL ---- PolicyID: 1.1 ---- PrivacyMark: privacyMark One ---- Classification: 1 =09 RECEIPTREQUEST: -- AllOrFirstTier: -1 -- ReceiptsFrom: =20 ---- (0, 0): 'receiptsFrom1' of type: 1 -- ReceiptsTo: =20 ---- (0, 0): 'receiptsTo1' of type: 1 -- Signed Content Identifier (HEX): = 3248317A546875204175672032362031313A35333A323820313939390A574B2B719C09EC= DDE65F4D69C79840F5E095FFCAB581D86202 KEYENCRYPTIONPREFERENCE -- Issuer: ou=3DR and D,o=3DEntrust,c=3DCA -- Serial Number: 843590111 =09 EQUIVALENTLABELS -- Label 0: ---- PolicyID: 1.1 ---- PrivacyMark: privacyMark One ---- Classification: 1 -- Label 1: ---- PolicyID: 2.2 ---- PrivacyMark: privacyMark Two ---- Classification: 2 =09 CONTENTIDENTIFIER (HEX): = 3248317A546875204175672032362031313A35333A323820313939390A574B2B719C09EC= DDE65F4D69C79840F5E095FFCAB581D86202 =09 MLEXPANSIONHISTORY: -- Entity: serialNumber=3D1ETXK01+cn=3DTom Kung,ou=3DR and = D,o=3DEntrust,c=3DCA -- Expansion Time: Thu Aug 26 11:53:28 1999 -- In Addition To: ---- AltName: 'receiptsFrom1' of type: 1 ---- AltName: 'receiptsFrom1' of type: 1 ---- AltName: 'inAddTo' of type: 1 SMIMECAPABILITIES (keyLength of -1 means not encoded): -- CapabilityOid: 1.2.840.113533.7.66.10 -- Key Length: 128 -- CapabilityOid: 1.2.840.113533.7.66.10 -- Key Length: 40 -- CapabilityOid: 1.2.840.113549.3.2 -- Key Length: 128 -- CapabilityOid: 1.2.840.113549.3.2 -- Key Length: 40 -- CapabilityOid: 1.2.840.113549.3.7 -- Key Length: -1 -- CapabilityOid: 1.3.14.3.2.7 -- Key Length: -1 -- CapabilityOid: 1.3.6.1.4.1.188.7.1.1.2 -- Key Length: -1 -- CapabilityOid: 1.3.14.3.2.26 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.2.5 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.1.1.1 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.1.1.7 -- Key Length: -1 -- CapabilityOid: 1.2.840.10040.4.1 -- Key Length: -1 -- CapabilityOid: 1.2.840.10045.2.1 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.1.1.5 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.1.1.4 -- Key Length: -1 -- CapabilityOid: 1.2.840.10040.4.3 -- Key Length: -1 -- CapabilityOid: 1.2.840.10045.4.1 -- Key Length: -1 -- CapabilityOid: 1.2.840.113549.1.9.15.1 -- Key Length: -1 ------_=_NextPart_000_01BEF486.DD9E0BB0-- From owner-ietf-smime-examples Wed Sep 22 16:53:12 1999 Received: by mail.proper.com (8.9.3/8.9.3) id QAA26868 for ietf-smime-examples-bks; Wed, 22 Sep 1999 16:53:12 -0700 (PDT) Received: from mail.student.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.101]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id QAA26864 for ; Wed, 22 Sep 1999 16:53:09 -0700 (PDT) Received: from cs26.cs.auckland.ac.nz (pgut001@cs26.cs.auckland.ac.nz [130.216.36.9]) by mail.student.auckland.ac.nz (8.8.6/8.8.6/cs-master) with SMTP id LAA20985 for ; Thu, 23 Sep 1999 11:57:05 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: by cs26.cs.auckland.ac.nz (relaymail v0.9) id <93804462424667>; Thu, 23 Sep 1999 11:57:04 (NZST) From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-smime-examples@imc.org Subject: Looking for KEA example message Reply-To: pgut001@cs.auckland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on cs26.cs.auckland.ac.nz Date: Thu, 23 Sep 1999 11:57:04 (NZST) Message-ID: <93804462424667@cs26.cs.auckland.ac.nz> Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: Does anyone have an example message done using KEA keys (ie one with v3 recipient info, originator info, domain parameters, and all the other weird cruft which goes with it) they can send me? I'd like to check to make sure my implementation isn't going to choke on it if it ever runs into one. Peter. From owner-ietf-smime-examples Wed Sep 22 18:32:46 1999 Received: (from majordomo@localhost) by mail.proper.com (8.9.3/8.9.3) id SAA01714 for ietf-smime-examples-bks; Wed, 22 Sep 1999 18:32:46 -0700 (PDT) Received: from pacific.xeti.com ([208.163.59.155]) by mail.proper.com (8.9.3/8.9.3) with ESMTP id SAA01708 for ; Wed, 22 Sep 1999 18:32:44 -0700 (PDT) Received: (from hemma@localhost) by pacific.xeti.com (8.8.8+Sun/8.8.8) id SAA08514 for ietf-smime-examples@imc.org; Wed, 22 Sep 1999 18:42:41 -0700 (PDT) Date: Wed, 22 Sep 1999 18:42:41 -0700 (PDT) From: Hemma Prafullchandra Message-Id: <199909230142.SAA08514@pacific.xeti.com> To: ietf-smime-examples@imc.org Subject: EnvelopedData/ESDH Content-Type: X-sun-attachment Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: ---------- X-Sun-Data-Type: text X-Sun-Data-Description: text X-Sun-Data-Name: text X-Sun-Charset: us-ascii X-Sun-Content-Lines: 20 Folks, I'd like to test out my implementation of EnvelopedData with ESDH. I have attached my DH cert and DSA-CA cert. Please send me test messages. Also, send me your DH certs, so that I can generate messages back to you. I have managed to successfully decrypt a message from Jim with ESDH/CMSRC2wrap, but I need alot more test cases :) to complete my interoperability testing. Thanks mucho, Hemma PS. the DSA-CA cert (ca.cer) uses an OIW oid for the DSA key and the ANSI oid for sha-1/dsa signature alg. please let me if this causes a problem. ---------- X-Sun-Data-Type: default X-Sun-Data-Description: default X-Sun-Data-Name: hemmaDH.cer X-Sun-Encoding-Info: uuencode X-Sun-Content-Lines: 26 begin 600 hemmaDH.cer M,((#X3"" Y^@ P(! @(& -IAC=UN, L&!RJ&2,XX! ,% #!1,0LP"08#500& M$P)54S$1, \& U4$"A,(6$5422!)3F,Q%3 3!@-5! L3#%1E3$8,!8& U4$ Q,/4F]O="!$4T$@5&5S=$-!,!X7#3DY,#DR,3$X-#4U-UH7 M#3DY,3$R,#$X-#4U-UHP5C$+, D& U4$!A,"55,Q$3 /!@-5! H3"%A%5$D@ M26YC,14P$P8#500+$PQ497-T:6YG($]N;'DQ'3 ;!@-5! ,3%$AE;6UA(%!R M869U;&QC:&%N9')A,(("03"" ;8&!RJ&2,X^ @$P@@&I H&! )2$X$5L?VE1 M8CY6@'QHY\6IGIYT=)3MD(P=Q.%*%(+UTI0,&>.Y$+L1N>6E^XXA46,"AJH& MN"$VMG\VW]'6:%MY?!U:%'4?:I-UD\Z[EW**\ \CG4?VU+/'\/3F]BO",N&) M9[Y^!J[XT %KBRKU M>VJ&.4@[ ;,7U2&M[E X4G H& )J8R+%HKU#,K7-P& MAU,_D 9A4#@^TKE]@1P2$,4,4]1DT8XP!PB,W3\*+RS6&W]7AM#:NVXV*ACH MT[QP,7I(MDX8;MT?(@;K/^K406G9F]Y'E7IRD=()?TE<.P,S4)2Q MA0'E:3N'^&FZ^-9SVV=K1A+R'A2PYH M_U,^A]W8<59H1]SW(&-+/%]X<8/F<)[BDC : Q4 '-4Z#1>";0J!=8%&$(X^ MVPGDF#0" 3<#@80 H& 7\\YK6+/28[1SF;BL>:G 4T%PG?(DE)"J06DV^!& M>5"C_)D]/::;J:V\8AQIMQ&AP"KQA2CW:/[6CS%6(DT*$6YR.@*O#B>J^>W. M!>_869+ &-=I;KUPMB'1=SDAX:]Z.L\@"K0L:5_/>6<@,4WRQNTCO\2['M%Q M0"P'UO"/Q1JCQD"C0N6LT[2(># B M!@-5'2,! ?\$&# 6@!2J>#-#QCBM(@C8)86L\ M#:OI>%3 .!@-5'0\! ?\$ M! ," P@P' 8#51T1 0'_!!(P$($.:&5M;6% >&5T:2YC;VTP"P8'*H9(SC@$ M P4 R\ ,"P"%!MND29E9CJ[HYVZ,'.@.!R6JE;= A0'! DSLA7S1G7RIH)T '<7P[:E$,C"P" end ---------- X-Sun-Data-Type: default X-Sun-Data-Description: default X-Sun-Data-Name: ca.cer X-Sun-Encoding-Info: uuencode X-Sun-Content-Lines: 21 begin 600 ca.cer M,((##S"" LV@ P(! @(& -IAB_HP, L&!RJ&2,XX! ,% #!1,0LP"08#500& M$P)54S$1, \& U4$"A,(6$5422!)3F,Q%3 3!@-5! L3#%1E3$8,!8& U4$ Q,/4F]O="!$4T$@5&5S=$-!,!X7#3DY,#DR,3$X-#,U-%H7 M#3 P,#DR,#$X-#,U-%HP43$+, D& U4$!A,"55,Q$3 /!@-5! H3"%A%5$D@ M24YC,14P$P8#500+$PQ497-T:6YG($]N;'DQ&# 6!@-5! ,3#U)O;W0@1%-! M(%1EY>92ON_HZZH+Y5TP+/0>"9U%95XZZU%E/ MYG$'$(& M$D6<2/H3"@6$[?/"3*,R*;A/!9ZBU1\C2C@HZX>*[.F=9%NHW\+ M^B$U8O'[8GH!)#O,I/&^J%&0B:B#W^%:Y9\&DHMF7H![525D 4P[_L])*@.! MA0 "@8$ HNV%.4M=>X8U_< S9PJ$J9@WE(G]IH27_/"\9&.U!S\%6R;A]P9$ M3N =1TNS7!,QN! _!JOL /BN:M(@'#P^I7RK^F9Z"L4$, ZK0'O[W"-NL.[] M"HWR\JT"W"8_QE72.S'!.24\%U(/*>#-#QCBM(@C8)86L\ M#:OI>%3 .!@-5'0\! ?\$ M! ," 08P"P8'*H9(SC@$ P4 R\ ,"P"%'T]XC@V80L(ZOA?I6R9W5>N*)-A 6 A08VGKVJ5^^B_3^WD2X>J++ 8_3]BP" end From owner-ietf-smime-examples Sun Sep 26 12:12:01 1999 Received: by ns.secondary.com (8.9.3/8.9.3) id MAA11868 for ietf-smime-examples-bks; Sun, 26 Sep 1999 12:12:01 -0700 (PDT) Received: from Default (ip12.proper.com [165.227.249.12]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA11858 for ; Sun, 26 Sep 1999 12:11:59 -0700 (PDT) Message-Id: <4.2.0.58.19990926121024.0097f830@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Sun, 26 Sep 1999 12:12:28 -0700 To: ietf-smime-examples@imc.org From: Paul Hoffman / IMC Subject: Pre-draft of -02 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: OK, we've got stuff to work with now. Jim Schaad give me a whole slew of examples, and I've put together a version of -02 of the draft. I wanted to give this list a few days to look at it before I turned it in, in case there is anything egregiously wrong. It would be grand if some of you could start validating Jim's examples (and turning in more of your own!), but we don't need to wait for that. The pre-draft is at . --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Mon Sep 27 15:58:55 1999 Received: by mail.imc.org (8.9.3/8.9.3) id PAA09641 for ietf-smime-examples-bks; Mon, 27 Sep 1999 15:58:55 -0700 (PDT) Received: from dfssl.exchange.microsoft.com (dfssl.exchange.microsoft.com [131.107.88.59]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id PAA09636; Mon, 27 Sep 1999 15:58:54 -0700 (PDT) Received: by dfssl with Internet Mail Service (5.5.2650.21) id ; Mon, 27 Sep 1999 15:58:57 -0700 Message-ID: From: "Jim Schaad (Exchange)" To: "'Paul Hoffman / IMC'" , ietf-smime-examples@imc.org Subject: RE: Pre-draft of -02 Date: Mon, 27 Sep 1999 15:58:44 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: 1. Appears to be missing an exmple for 9.1 2. The BER and DER examples are backward -- could easily be my fault. 3. Sect 5.4 -- replace XXXXXX with "content hint and counter signature" 4. Section 6.1 -- I put some items in twice. Some additional information on this example: 3DES CEK cd 4f 7c 83 73 c4 26 ce 5d b0 cd ea 7c 16 15 cb 2f 8c a8 20 16 0e c8 2a Ephemeral X (reverse the bytes) 2e 92 4e b9 2a bd ab 1e cb 5b d8 3b c5 6c b0 ef 2d 89 7b 0e e7 d6 33 8c 1f 33 81 6d 2d d1 61 4f ZZ de 42 2f c3 fb 44 ab ce 71 3f f6 3a aa dc 09 d1 ca 30 97 22 73 eb de 6a af 87 e1 74 62 60 73 c7 93 1f 2e 26 b3 09 8f 1c 93 31 33 63 5f 0e ad 89 89 f5 1a cb 8c 3f b7 8f 50 b3 9a fe 06 b0 8a 68 c0 f7 b1 fe 20 af 96 f2 a6 cf de 12 1e 74 f9 38 d1 90 da 4d 10 45 b2 6a be 3f f9 3b 61 c0 6d 8f bc 2e c8 a3 e6 d8 e2 a8 52 ea 58 65 b3 93 99 b7 77 91 67 e6 04 e5 ca ce 46 86 b0 83 17 d9 de 1d 3DES KEK (no parity check) 02 1f 67 5c 92 58 e5 5a 2a fb 3b ed 94 6b 39 8a b1 38 a7 8c 63 fc d6 14 wrapped key 51 46 57 41 34 1c d6 c7 cd 36 4b a4 93 b7 16 e6 2e f0 58 24 9c 6d 4b e9 90 8b 0f 46 b8 e5 93 19 ff 7c f0 56 4d 4f fa f5 3DES CEK 1c b6 57 1a 25 bc f8 13 5b 01 1a d5 a2 46 31 7a 85 fe 4f 62 45 4a 2a 43 5. There is going to be a problem getting bob to return receipts -- he does not have a signing key to sign the receipt with. Please change to Diane. -----Original Message----- From: Paul Hoffman / IMC [mailto:phoffman@imc.org] Sent: Sunday, September 26, 1999 12:12 PM To: ietf-smime-examples@imc.org Subject: Pre-draft of -02 OK, we've got stuff to work with now. Jim Schaad give me a whole slew of examples, and I've put together a version of -02 of the draft. I wanted to give this list a few days to look at it before I turned it in, in case there is anything egregiously wrong. It would be grand if some of you could start validating Jim's examples (and turning in more of your own!), but we don't need to wait for that. The pre-draft is at . --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Mon Sep 27 18:19:16 1999 Received: by mail.imc.org (8.9.3/8.9.3) id SAA12140 for ietf-smime-examples-bks; Mon, 27 Sep 1999 18:19:16 -0700 (PDT) Received: from Default (ip12.proper.com [165.227.249.12]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id SAA12133; Mon, 27 Sep 1999 18:19:13 -0700 (PDT) Message-Id: <4.2.0.58.19990927180821.00a1b670@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Mon, 27 Sep 1999 18:19:40 -0700 To: "Jim Schaad (Exchange)" , ietf-smime-examples@imc.org From: Paul Hoffman / IMC Subject: RE: Pre-draft of -02 In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: At 03:58 PM 9/27/99 -0700, Jim Schaad (Exchange) wrote: >1. Appears to be missing an exmple for 9.1 No one has turned one in yet. >2. The BER and DER examples are backward -- could easily be my fault. I have now reversed the contents of these two in the draft. >3. Sect 5.4 -- replace XXXXXX with "content hint and counter signature" Done. >4. Section 6.1 -- I put some items in twice. >Some additional information on this example: > >3DES CEK > cd 4f 7c 83 73 c4 26 ce 5d b0 cd ea 7c 16 15 cb > 2f 8c a8 20 16 0e c8 2a > >Ephemeral X (reverse the bytes) > 2e 92 4e b9 2a bd ab 1e cb 5b d8 3b c5 6c b0 ef > 2d 89 7b 0e e7 d6 33 8c 1f 33 81 6d 2d d1 61 4f > >ZZ > de 42 2f c3 fb 44 ab ce 71 3f f6 3a aa dc 09 d1 > ca 30 97 22 73 eb de 6a af 87 e1 74 62 60 73 c7 > 93 1f 2e 26 b3 09 8f 1c 93 31 33 63 5f 0e ad 89 > 89 f5 1a cb 8c 3f b7 8f 50 b3 9a fe 06 b0 8a 68 > c0 f7 b1 fe 20 af 96 f2 a6 cf de 12 1e 74 f9 38 > d1 90 da 4d 10 45 b2 6a be 3f f9 3b 61 c0 6d 8f > bc 2e c8 a3 e6 d8 e2 a8 52 ea 58 65 b3 93 99 b7 > 77 91 67 e6 04 e5 ca ce 46 86 b0 83 17 d9 de 1d > >3DES KEK (no parity check) > 02 1f 67 5c 92 58 e5 5a 2a fb 3b ed 94 6b 39 8a > b1 38 a7 8c 63 fc d6 14 > >wrapped key > 51 46 57 41 34 1c d6 c7 cd 36 4b a4 93 b7 16 e6 > 2e f0 58 24 9c 6d 4b e9 90 8b 0f 46 b8 e5 93 19 > ff 7c f0 56 4d 4f fa f5 > >3DES CEK > 1c b6 57 1a 25 bc f8 13 5b 01 1a d5 a2 46 31 7a > 85 fe 4f 62 45 4a 2a 43 Done. >5. There is going to be a problem getting bob to return receipts -- he does >not have a signing key to sign the receipt with. Please change to Diane. Fixed in 11.2 and 11.3 --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Thu Sep 30 09:22:03 1999 Received: (from majordomo@localhost) by mail.imc.org (8.9.3/8.9.3) id JAA18531 for ietf-smime-examples-bks; Thu, 30 Sep 1999 09:22:03 -0700 (PDT) Received: from Default (ip12.proper.com [165.227.249.12]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id JAA18526 for ; Thu, 30 Sep 1999 09:22:01 -0700 (PDT) Message-Id: <4.2.0.58.19990930092115.00c30b00@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Thu, 30 Sep 1999 09:22:53 -0700 To: ietf-smime-examples@imc.org From: Paul Hoffman / IMC Subject: Fwd: I-D ACTION:draft-ietf-smime-examples-02.txt Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: OK, the -02 is officially out. Please, please, start testing the examples NOW. It would be wonderful if I could get -03 out before the draft cutoff and have initials for people who have checked them for many or all of the examples. I still want to see examples for all the places that have XXXXX, too, particularly for ESS. >To: IETF-Announce: ; >Cc: ietf-smime@imc.org >From: Internet-Drafts@ietf.org >Reply-to: Internet-Drafts@ietf.org >Subject: I-D ACTION:draft-ietf-smime-examples-02.txt >Date: Thu, 30 Sep 1999 07:00:20 -0400 >Sender: owner-ietf-smime@imc.org >List-Archive: >List-Unsubscribe: > >A New Internet-Draft is available from the on-line Internet-Drafts >directories. >This draft is a work item of the S/MIME Mail Security Working Group of the >IETF. > > Title : Examples of S/MIME Messages > Author(s) : P. Hoffman > Filename : draft-ietf-smime-examples-02.txt > Pages : 8 > Date : 29-Sep-99 > >This document gives examples of message bodies formatted using S/MIME. >Specifically, it has examples of Cryptographic Message Syntax (CMS) >objects, S/MIME messages (including the MIME formatting), and Enhanced >Security Services for S/MIME (ESS). It includes examples of most or all >common CMS and ESS formats; in addition, it gives examples that show >common pitfalls in implementing CMS. The purpose of this document is to >help increase interoperability for S/MIME and other protocols that rely >on CMS. >This draft is being discussed on the 'ietf-smime' mailing list. To >join the list, send a message to with the >single word 'subscribe' in the body of the message. Also, there is a >Web site for the mailing list at . > >A URL for this Internet-Draft is: >http://www.ietf.org/internet-drafts/draft-ietf-smime-examples-02.txt > >Internet-Drafts are also available by anonymous FTP. Login with the username >"anonymous" and a password of your e-mail address. After logging in, >type "cd internet-drafts" and then > "get draft-ietf-smime-examples-02.txt". > >A list of Internet-Drafts directories can be found in >http://www.ietf.org/shadow.html >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > >Internet-Drafts can also be obtained by e-mail. > >Send a message to: > mailserv@ietf.org. >In the body type: > "FILE /internet-drafts/draft-ietf-smime-examples-02.txt". > >NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > >Below is the data which will enable a MIME compliant mail reader >implementation to automatically retrieve the ASCII version of the >Internet-Draft. >Content-Type: text/plain >Content-ID: <19990929141854.I-D@ietf.org> > >ENCODING mime >FILE /internet-drafts/draft-ietf-smime-examples-02.txt > > --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Sat Oct 2 08:57:57 1999 Received: by mail.imc.org (8.9.3/8.9.3) id IAA29744 for ietf-smime-examples-bks; Sat, 2 Oct 1999 08:57:57 -0700 (PDT) Received: from atc.cz (IDENT:root@main.atc.cz [194.212.164.68]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id IAA29740 for ; Sat, 2 Oct 1999 08:57:55 -0700 (PDT) Received: from alexey22 (se5.lviv.net [195.5.34.69]) by atc.cz (8.8.7/8.8.5) with SMTP id RAA19230 for ; Sat, 2 Oct 1999 17:58:36 +0200 Message-ID: <00a801bf0cf7$5fed8400$4c97d4c1@reflex.ua> From: "Alexey Shamov" To: Subject: Re: I-D ACTION:draft-ietf-smime-examples-02.txt Date: Sat, 2 Oct 1999 18:18:04 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: Hi all, I've tried to verify the examples and found a several points where I think the problems are: 1. [Example 5.1] Signature algorithm identifier should be id-dsa-with-sha1 (1 2 840 10040 4 3) instead of dsa (1 2 840 10040 4 1) (see 12.2.1 / RFC2630) 2. Signature verification of DSS messages without signed attributes [Example 5.1] and [Example 5.6] failed. However the signature in the [Example 5.4] and all RSA signatures were OK. For signature verification I used MS Base DH/DSS Provider. 3. [Example 6.1] KeyEncryptionAlgorithmIdentifier in KeyAgreeRecipientInfo is encoded as dhPublicNumber (1 2 840 10046 2 1) instead of id-alg-ESDH (see 12.3.1.1 / RFC2630) 4. I was not able to decrypt CEKs in [6.2] and [6.3] because BobPrivRSAEncrypt.pri is just a copy of CarlPrivRSASign.pri and of course doesn't match BobRSA public key. Alexey Shamov From owner-ietf-smime-examples Sat Oct 2 09:10:27 1999 Received: by mail.imc.org (8.9.3/8.9.3) id JAA29976 for ietf-smime-examples-bks; Sat, 2 Oct 1999 09:10:27 -0700 (PDT) Received: from atc.cz (IDENT:root@main.atc.cz [194.212.164.68]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id JAA29972 for ; Sat, 2 Oct 1999 09:10:25 -0700 (PDT) Received: from alexey22 (se5.lviv.net [195.5.34.69]) by atc.cz (8.8.7/8.8.5) with SMTP id SAA19431 for ; Sat, 2 Oct 1999 18:11:22 +0200 Message-ID: <000301bf0cf9$26d27520$4c97d4c1@reflex.ua> From: "Alexey Shamov" To: Subject: Re: I-D ACTION:draft-ietf-smime-examples-02.txt Date: Sat, 2 Oct 1999 18:18:04 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: Hi all, I've tried to verify the examples and found a several points where I think the problems are: 1. [Example 5.1] Signature algorithm identifier should be id-dsa-with-sha1 (1 2 840 10040 4 3) instead of dsa (1 2 840 10040 4 1) (see 12.2.1 / RFC2630) 2. Signature verification of DSS messages without signed attributes [Example 5.1] and [Example 5.6] failed. However the signature in the [Example 5.4] and all RSA signatures were OK. For signature verification I used MS Base DH/DSS Provider. 3. [Example 6.1] KeyEncryptionAlgorithmIdentifier in KeyAgreeRecipientInfo is encoded as dhPublicNumber (1 2 840 10046 2 1) instead of id-alg-ESDH (see 12.3.1.1 / RFC2630) 4. I was not able to decrypt CEKs in [6.2] and [6.3] because BobPrivRSAEncrypt.pri is just a copy of CarlPrivRSASign.pri and of course doesn't match BobRSA public key. Alexey Shamov From owner-ietf-smime-examples Sat Oct 2 09:31:34 1999 Received: by mail.imc.org (8.9.3/8.9.3) id JAA00424 for ietf-smime-examples-bks; Sat, 2 Oct 1999 09:31:34 -0700 (PDT) Received: from Default (ip12.proper.com [165.227.249.12]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id JAA00420; Sat, 2 Oct 1999 09:31:32 -0700 (PDT) Message-Id: <4.2.0.58.19991002092802.00b3d5b0@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Sat, 02 Oct 1999 09:32:22 -0700 To: "Alexey Shamov" , From: Paul Hoffman / IMC Subject: Re: I-D ACTION:draft-ietf-smime-examples-02.txt In-Reply-To: <00a801bf0cf7$5fed8400$4c97d4c1@reflex.ua> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-Unsubscribe: At 06:18 PM 10/2/99 +0200, Alexey Shamov wrote: >1. [Example 5.1] Signature algorithm identifier should be id-dsa-with-sha1 >(1 2 840 10040 4 3) instead of dsa (1 2 840 10040 4 1) (see 12.2.1 / >RFC2630) This looks like an error to me. >2. Signature verification of DSS messages without signed attributes [Example >5.1] and [Example 5.6] failed. However the signature in the [Example 5.4] >and all RSA signatures were OK. For signature verification I used MS Base >DH/DSS Provider. > >3. [Example 6.1] KeyEncryptionAlgorithmIdentifier in KeyAgreeRecipientInfo >is encoded as dhPublicNumber (1 2 840 10046 2 1) instead of id-alg-ESDH (see >12.3.1.1 / RFC2630) This looks like an error to me. >4. I was not able to decrypt CEKs in [6.2] and [6.3] because >BobPrivRSAEncrypt.pri is just a copy of CarlPrivRSASign.pri and of course >doesn't match BobRSA public key. This is definitely an error. This means that any of the RSA examples with Bob won't work (I have verified that Jim gave me the same RSA key for both). Jim: do you have the correct RSA private key for Bob? I can post it here if you do. --Paul Hoffman, Director --Internet Mail Consortium From owner-ietf-smime-examples Fri Oct 8 15:51:49 1999 Received: by mail.imc.org (8.9.3/8.9.3) id PAA20651 for ietf-smime-examples-bks; Fri, 8 Oct 1999 15:51:49 -0700 (PDT) Received: from xeti.com ([208.163.59.148]) by mail.imc.org (8.9.3/8.9.3) with SMTP id PAA20645 for ; Fri, 8 Oct 1999 15:51:44 -0700 (PDT) Received: from alaska by xeti.com (SMI-8.6/SMI-SVR4) id PAA28436; Fri, 8 Oct 1999 15:43:17 -0700 Message-Id: <199910082243.PAA28436@xeti.com> Date: Fri, 8 Oct 1999 15:55:39 -0700 (PDT) From: Hemma Prafullchandra Reply-To: Hemma Prafullchandra Subject: BobDHEncryptByCarl.cer To: ietf-smime-examples@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: mScUIn6EhQkVsxcukf9uZg== X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4u sparc Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Has anyone verified the parameters in this cert ? The DH publickey in this certificate is: p: EC 2C CD A4 EF 9A 26 2F 62 A7 BB 23 4D DF 2B 25 C1 68 D2 9E A9 45 5B 36 F1 94 89 1A AF 7D 11 24 9D 3D B9 3C 29 E8 D7 23 80 33 A6 9E 45 02 BB AA CC 9E 28 05 95 A0 B3 17 76 C1 F7 25 35 61 02 41 92 27 0C 5E AE 48 E5 F3 6E 38 EF 91 D1 CF 37 FE 9A 40 97 C8 2D 35 9E 9D 93 C6 F8 15 AF 3F DA 74 3A B7 C4 93 B5 B9 BB 76 6C 1F A8 7E BC 3A AA 43 0A 81 64 FC 63 F0 7B 71 98 FA C0 38 79 10 1A 33 g: BA 0B D7 74 3D E7 34 E5 4C 13 A7 95 96 BB F1 E4 61 37 08 FB 12 C7 FB 9C 91 77 06 99 35 F0 48 24 96 33 12 01 7E 8D EC 0B F6 B2 C0 63 A7 15 C5 5E 95 86 A2 73 C5 49 46 37 79 60 FD 77 05 09 48 9B 70 8D 3C 05 F6 CE 44 2C 7F 7D 1B 2B 15 DD F3 05 2F BE 85 20 8F 8D F9 B4 A0 45 74 2B F4 3B 9D 42 62 34 27 27 81 8E 6F 0F 5E 62 85 89 CC ED 21 C3 91 70 06 54 EE 70 A8 92 55 5B 6E 19 22 4D 62 A7 q: C3 AB 4A 30 79 B3 D3 97 4E CA F5 A2 7D C7 70 A3 45 F3 B3 A2 86 05 D2 3E 49 F9 9F D9 0A B3 BE BD j: 01 34 FE C2 33 48 EB F6 3B 97 D9 E4 97 A7 60 A5 25 69 34 FB FD 46 2A D6 C9 C4 C5 F7 D6 F4 04 19 8D 94 D9 8A 37 68 69 67 55 FB F2 6B 0E 47 C5 5B 0B 4B 0E 1C 1A 8B 7B 75 B7 AA C3 AA D7 EB 3B DA 2A 8D 02 87 37 47 83 D7 31 B4 25 A8 AC BB 11 88 53 1C 11 92 B6 69 E7 2E 90 C1 7A FC 87 F4 F6 D7 1A seed: B9 FF 1C 93 44 67 37 D1 B2 F8 57 9A 32 4A C9 4A FF 3B EC 1E counter: 29 Y: 6fd4f6cd949a6eaf5b57179675bb0fb948e990370d1520c2551e13e2ae 711784c30e74ae8a557f287d8bd728229c7646d73b4f9dd14d1bb2db51 94c56d549640388a3881634a8cc31e098974a658d5c85a3dcfbbb8237f 9c1f7d78fa9ef9909e91e74bc2a4be45067842583d9f632cef84d467e5 fbc66da23629679046db4e48 According to the algorithm in rfc2631 for param generation, m = length of q = 256 then the seed needs to be at least the length of m or greater. In this case the seed is only 160 bits -- is that allowed ? Thanks, Hemma From owner-ietf-smime-examples Sun Oct 10 21:15:34 1999 Received: by mail.imc.org (8.9.3/8.9.3) id VAA21623 for ietf-smime-examples-bks; Sun, 10 Oct 1999 21:15:34 -0700 (PDT) Received: from dfssl.exchange.microsoft.com (dfssl.exchange.microsoft.com [131.107.88.59]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id VAA21619 for ; Sun, 10 Oct 1999 21:15:33 -0700 (PDT) Received: by dfssl with Internet Mail Service (5.5.2650.21) id <4RCWTW3S>; Sun, 10 Oct 1999 21:16:43 -0700 Message-ID: From: "Jim Schaad (Exchange)" To: "Ietf-Smime-Examples (E-mail)" Subject: Bob's RSA key Date: Sun, 10 Oct 1999 21:16:46 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01BF139F.6CD20336" Sender: owner-ietf-smime-examples@imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01BF139F.6CD20336 Content-Type: text/plain; charset="iso-8859-1" <> Here is the correct key for Bob's RSA key. jim ------_=_NextPart_000_01BF139F.6CD20336 Content-Type: application/octet-stream; name="PrivateKey0000.pri" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="PrivateKey0000.pri" MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMpc4S7sz8E7XRAb31Q1cZkKCdg9 5GG/oL4KvhGkPLU4QUFIBOFbsRccU7X0xRXT/gz7DKzqgBg2A35Bk1PXQHRJ29nGr/7Wyg3KAYSP oemjACEnUdVAGarjwDB4W6Cy5sEtJDbLrkQQgrDddNf261Ensqe2rXjKpxtZURjvKAxTAgMBAAEC gYA0koCl8jvfFY8N2k/gzqmeeq8oEJw+kMwv0xah+qsS4XSCgzVRXsLZIDDXOqnhC9wafzZBzgJN R+sMZ/jgdTF3DgacqExmcFzHTYrADDauU7rOnVacgXN0ImgG5fQoXBQXJbSCwBNpmA1d/h2WVAqP wBiMBEPbFGl6Dnr8/aCt8QJBAPWOJoKJzNRNz+10F9HYTyTh/S4Mdljx4CnvAGfR2wzxATD+9niY YrK7mvLXMV3tjEOIwHAcok4oJOqou0yDPdUCQQDS+GgiLrHNgsWwvLvQuMFWzAoriEhRdZfv2n2H i8CIVSYcgfxDedA7yEH6ri76a