[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Post-last-call status of the S/MIME examples draft
FYI,
Just to throw in my two cents, you can add that I've
had success with the following messages.
Caveats: We don't do D-H or inherited DSA parameters, we
have the same problem with the DSA oid that Jim has,
and (at least) one bug fix needs to be commited to the
codebase, i.e. these results do not necessarily reflect
the capabilities of a released product...yet :).
4.1.bin
4.2.bin
5.2.bin
5.3.bin
5.4.bin
5.5.bin
5.10.bin
5.11.bin
6.2.bin
6.3.bin
7.0.bin
8.1.bin
11.1.bin
11.3.bin
11.4.bin
11.5.bin
11.6.bin
While it may be trivial to note, example 5.11.bin says "certificates only",
but in fact also has a CRL in it.
Jeff
Paul Hoffman / IMC wrote:
>
> Greetings again. Here's my collected notes from the WG mailing list,
> the smime-examples mailing list, and off-list mail. I summarize at
> the end.
>
> ====================
>
> 4. Trivial Examples
>
> 4.1 ContentInfo with Data type, BER
> John Pawling: tested OK.
> Jim Schaad: tested OK.
>
> 4.2 ContentInfo with Data type, DER
> John Pawling: tested OK.
> Jim Schaad: tested OK.
>
> 5. Signed-data
> Jim Schaad pointed out that many examples had the
> signatureAlgorithm of 1.2.840.10040.4.1 (dsa) but it should instead
> be 1.2.840.10040.4.3 (dsaWithSha1).
> The general decision was that the examples should have dsaWithSha1.
> John Pawling and Sue Beauchamp at DigitalNet agreed to re-generate
> the examples.
>
> 5.1 Basic signed content, DSS
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
> Jim Schaad: failed.
> signatureAlgorithm is dsa but should be dsaWithSha1
> Sue Beauchamp sent new example file.
>
> 5.2 Basic signed content, RSA
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
> Jim Schaad: tested OK.
>
> 5.3 Basic signed content, detached content
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
> Jim Schaad: failed.
> Contains Alice's RSA certificate
> No content hint unsigned attribute
> signatureAlgorithm is dsa but should be dsaWithSha1
> Sue Beauchamp sent new example file.
>
> 5.4 Fancier signed content
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
> Sue Beauchamp sent new example file.
>
> 5.5 All RSA signed message
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
> Jim Schaad: tested OK.
>
> 5.6 Multiple signers
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
> Jim Schaad: failed.
> signatureAlgorithm is dsa but should be dsaWithSha1
> Sue Beauchamp sent new example file.
>
> 5.7 Signing using SKI
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
> Jim Schaad: failed.
> signatureAlgorithm is dsa but should be dsaWithSha1
> Sue Beauchamp sent new example file.
>
> 5.8 S/MIME multipart/signed message
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
>
> 5.9 S/MIME application/pkcs7-mime signed message
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
>
> 5.10 SignedData With Attributes
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
> Jim Schaad: failed.
> Change "unknown OID" to "unknown OID (1.2.5555)"
> Content Hint should have an OID of 1.2.840.113549.1.7.1
> Content Identifier attribute absent
> Contains Security Label attribute
> Contains encrypt key preference attribute
> Contains ML Expansion History attribute
> Contains Equivalent Label attribute
>
> 5.11 SignedData with Certificates Only
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
>
> 6. Enveloped-data
>
> 6.1 Basic encrypted content, TripleDES and DH
> John Pawling: tested OK.
>
> 6.2 Basic encrypted content, TripleDES and RSA
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
>
> 6.3 Basic encrypted content, RC2/40 and RSA
> Blake Ramsdell: this is actually a 128-bit key.
> Jeff Jacoby: confirmed Blake's assertion.
> Paul Hoffman: thinks we could just change the title of the example.
> John Pawling: tested OK.
> Blake Ramsdell: tested OK.
>
> 6.4 Encrypted content, two recipients, no shared keying material
> John Pawling: tested OK but noted unsuccessful Invalid tag for
> privateKeyInfo for second login.
>
> 6.5 Encrypted content, two recipients, shared keying material
> John Pawling: could not test due to bug in his code.
>
> 6.6 Encrypted content, TripleDES and DH, previously-distributed keys
> John Pawling: tested OK.
>
> 6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys
> John Pawling: tested OK.
>
> 6.8 S/MIME application/pkcs7-mime encrypted message
> John Pawling: tested OK.
>
> 6.9 EnvelopedData with All Recipient Types
> John Pawling: tested OK.
>
> 6.10 EnvelopedData with KARI RC2 Encryption
> John Pawling: tested OK.
>
> 6.11 EnvelopedData with KEK 3DES Encryption
> John Pawling: tested OK.
>
> 7. Digested-data
> Blake Ramsdell: tested OK.
>
> 8. Encrypted-data
>
> 8.1 Simple EncryptedData
> Blake Ramsdell: tested OK.
>
> 8.2 EncryptedData with unprotected attributes
>
> 9. Authenticated-data
> There are still no examples in this section.
>
> 10. Key Wrapping
> John Pawling: tested OK.
>
> 10.1 Wrapping RC2
> John Pawling: tested OK.
>
> 10.2 Wrapping TripleDES
> John Pawling: tested OK.
>
> 11. ESS Examples
>
> 11.1 ReceiptRequest
> John Pawling: test failed, has sent new example file.
>
> 11.2 Receipt
> John Pawling: test failed, has sent new example file.
>
> 11.3 eSSSecurityLabel
> John Pawling: tested OK.
>
> 11.4 EquivalentLabels
> John Pawling: tested OK.
>
> 11.5 mlExpansionHistory
> John Pawling: tested OK.
>
> 11.6 SigningCertificate
> John Pawling: tested OK.
>
> ====================
>
> Everything has been tested by at least one person *except* "8.2
> EncryptedData with unprotected attributes". If no ones tests this, we
> will probably get rid of it. Can anyone whose software handles
> EncryptedData please test example 8.2 and let me and/or the list know
> the results?
>
> All examples that had test failures have been re-submitted to my by
> the DigitalNet folks *except* 5.10, which Jim Schaad had a lot of
> problems with. Could someone generate a new example of 5.10? It would
> be valuable to have it in the document.
>
> --Paul Hoffman, Director
> --Internet Mail Consortium