[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Corrected Samples for Examples-07 I-D

To: "'Life is hard, and then you die'" <ronald@xxxxxxxxxxxxxx>
Subject: RE: Corrected Samples for Examples-07 I-D
From: "Pawling, John" <John.Pawling@xxxxxxxxxxxxxxxx>
Date: Mon, 23 Apr 2001 14:01:04 -0400
Cc: "SMIME Examples List (E-mail)" <ietf-smime-examples@xxxxxxx>, "Colestock, Robert" <Robert.Colestock@xxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-smime-examples/mail-archive/>
List-id: <ietf-smime-examples.imc.org>
List-unsubscribe: <mailto:ietf-smime-examples-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime-examples@xxxxxxxxxxxx

Ronald,

Thank you for your feedback.  I have some initial responses to your comments
in-line.

===========================================
John Pawling, John.Pawling@xxxxxxxxxxxxxxxx
Getronics Government Solutions, LLC
===========================================

-----Original Message-----
From: Life is hard, and then you die [mailto:ronald@xxxxxxxxxxxxxx]
Sent: Saturday, April 21, 2001 7:19 PM
To: Pawling, John
Cc: SMIME Examples List (E-mail); Colestock, Robert
Subject: Re: Corrected Samples for Examples-07 I-D

On Fri, 6 Apr 2001 at 15:18:30 -0400, John Pawling wrote:
> 1) We corrected the SFL to use the id-dsa-with-sha1 OID for DSA signatures
> as specified in RFC 2630, Section 12.2.1.  New samples including the
> corrected OID are provided for sections 5.1, 5.3, 5.4, 5.6, 5.7, 5.10,
11.1,
> 11.3, 11.4, 11.5, 11.6.  Note: We generated new samples for all DSA-signed
> messages including those submitted by Jim Schaad, because we (and others)
> could not verify the signature of Jim's DSA-signed messages.

I can successfully verify the signatures on all these now (except for
Diane's sig on 5.6, as we don't support parameter inheritance).

[JSP: In a separate message, Stephen Henson stated that he was able to
verify Diane's signature on sample 5.6.]

> 2) We corrected the SFL to properly implement the following requirement as
> specified in RFC 2630, Section 12.3.1: "For key agreement of RC2
> key-encryption keys, 128 bits must be generated as input to the key
> expansion process used to compute the RC2 effective key [RC2]."  New
> corrected samples are provided for sections 6.3, 6.7, 6.9, 6.10.  The
sample
> for section 6.7 also included the correct KEKRecipientInfo version value
> (4).  

Ok, I can successfully decrypt all these now, except for 6.7 which I
haven't tested yet.

Note that 6.4, 6.5, and 6.8 all still have the wrong OId in the
KeyEncryptionAlgorithmIdentifier.

[JSP: The 6.4 and 6.5 samples were provided by Jim Schaad.  We can generate
replacement samples using the SFL, if that is OK with Jim.  We still need to
generate corrected samples for sections 5.8, 5.9 and 6.8.  We need to
enhance our MIME capabilities before generating those samples.]

> 3) We were unable to use the BobPrivRSAEncrypt private key included in the
> Examples-06 document.  We are providing a new BobPrivRSAEncrypt private
key
> that can be used to decrypt the sample 6.2 message included in the
> Examples-06 document.  We are also providing a new BobRSASignByCarl
> certificate.  

Umm, this is getting confusing. For one, the key and certificate you
just provided are identical to those in the examples-06 document. The
correct key however can be found in
http://www.imc.org/ietf-smime-examples/mail-archive/bin00002.bin .
Using this I can decrypt 6.2, 6.3, and 6.9.

[JSP: We will investigate this.]

OTOH, I can't verify Bob's signature 11.2 - was that perchance
generated using the key from examples-06?

[JSP: We will double check example 11.2.  I am sure that you realize that
example 11.2 is a signed receipt.]  

  Cheers,

  Ronald

Prev by Date: RE: Corrected Samples for Examples-07 I-D
Next by Date: More Corrected Samples for Examples-07 I-D
Previous by thread: RE: Corrected Samples for Examples-07 I-D
Next by thread: More Corrected Samples for Examples-07 I-D
Index(es):
- Date
- Thread