[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Post-last-call status of the S/MIME examples draft

8.1.bin
	Jim Schaad:  Pass

8.2.bin
	Jim Schaad:  BIG FAIL
		1) The key is not in the text.  Assuming it's the same
as 8.1 does not work
		2) The encapsulated content type is EncryptedData not
id-data
		3) The content hint content type does not match the
encapsulated content type.

jim

> -----Original Message-----
> From: owner-ietf-smime-examples@xxxxxxxxxxxx 
> [mailto:owner-ietf-smime-examples@xxxxxxxxxxxx] On Behalf Of 
> Jim Schaad
> Sent: Monday, May 26, 2003 7:51 PM
> To: 'Paul Hoffman / IMC'; ietf-smime-examples@xxxxxxx; 
> ietf-smime@xxxxxxx
> Subject: RE: Post-last-call status of the S/MIME examples draft
> 
> 
> 
> Some more input
> 
> 5.9.eml
> 	Jim Schaad:  Fail
> 		signatureAlgorithm of dsa not dsaWithSha1
> 
> 11.3.bin
> 	Jim Schaad:  Pass
> 
> I think I should be able to work through all of sections 6, 8 
> & 9 by the end of this week.  I don't have anything external 
> on my plate at the moment.
> 
> jim
> 
> > -----Original Message-----
> > From: owner-ietf-smime@xxxxxxxxxxxx
> > [mailto:owner-ietf-smime@xxxxxxxxxxxx] On Behalf Of Paul 
> Hoffman / IMC
> > Sent: Friday, May 23, 2003 6:11 AM
> > To: ietf-smime-examples@xxxxxxx; ietf-smime@xxxxxxx
> > Subject: Post-last-call status of the S/MIME examples draft
> > 
> > 
> > 
> > Greetings again. Here's my collected notes from the WG mailing list,
> > the smime-examples mailing list, and off-list mail. I summarize at 
> > the end.
> > 
> > ====================
> > 
> > 4. Trivial Examples
> > 
> > 4.1 ContentInfo with Data type, BER
> >    John Pawling: tested OK.
> >    Jim Schaad: tested OK.
> > 
> > 4.2 ContentInfo with Data type, DER
> >    John Pawling: tested OK.
> >    Jim Schaad: tested OK.
> > 
> > 5.  Signed-data
> >    Jim Schaad pointed out that many examples had the
> >      signatureAlgorithm of 1.2.840.10040.4.1 (dsa) but it
> > should instead
> >      be 1.2.840.10040.4.3 (dsaWithSha1).
> >    The general decision was that the examples should have 
> dsaWithSha1.
> >    John Pawling and Sue Beauchamp at DigitalNet agreed to 
> re-generate
> >      the examples.
> > 
> > 5.1 Basic signed content, DSS
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> >    Jim Schaad: failed.
> >      signatureAlgorithm is dsa but should be dsaWithSha1
> >    Sue Beauchamp sent new example file.
> > 
> > 5.2 Basic signed content, RSA
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> >    Jim Schaad: tested OK.
> > 
> > 5.3 Basic signed content, detached content
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> >    Jim Schaad: failed.
> > 	Contains Alice's RSA certificate
> > 	No content hint unsigned attribute
> >      signatureAlgorithm is dsa but should be dsaWithSha1
> >    Sue Beauchamp sent new example file.
> > 
> > 5.4 Fancier signed content
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> >    Sue Beauchamp sent new example file.
> > 
> > 5.5 All RSA signed message
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> >    Jim Schaad: tested OK.
> > 
> > 5.6 Multiple signers
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> >    Jim Schaad: failed.
> >      signatureAlgorithm is dsa but should be dsaWithSha1
> >    Sue Beauchamp sent new example file.
> > 
> > 5.7 Signing using SKI
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> >    Jim Schaad: failed.
> >      signatureAlgorithm is dsa but should be dsaWithSha1
> >    Sue Beauchamp sent new example file.
> > 
> > 5.8 S/MIME multipart/signed message
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> > 
> > 5.9 S/MIME application/pkcs7-mime signed message
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> > 
> > 5.10 SignedData With Attributes
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> >    Jim Schaad: failed.
> > 	Change "unknown OID" to "unknown OID (1.2.5555)"
> > 	Content Hint should have an OID of 1.2.840.113549.1.7.1
> > 	Content Identifier attribute absent
> > 	Contains Security Label attribute
> > 	Contains encrypt key preference attribute
> > 	Contains ML Expansion History attribute
> > 	Contains Equivalent Label attribute
> > 
> > 5.11 SignedData with Certificates Only
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> > 
> > 6.  Enveloped-data
> > 
> > 6.1 Basic encrypted content, TripleDES and DH
> >    John Pawling: tested OK.
> > 
> > 6.2 Basic encrypted content, TripleDES and RSA
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> > 
> > 6.3 Basic encrypted content, RC2/40 and RSA
> >    Blake Ramsdell: this is actually a 128-bit key.
> >    Jeff Jacoby: confirmed Blake's assertion.
> >    Paul Hoffman: thinks we could just change the title of 
> the example.
> >    John Pawling: tested OK.
> >    Blake Ramsdell: tested OK.
> > 
> > 6.4 Encrypted content, two recipients, no shared keying material
> >    John Pawling: tested OK but noted unsuccessful Invalid tag for
> >      privateKeyInfo for second login.
> > 
> > 6.5 Encrypted content, two recipients, shared keying material
> >    John Pawling: could not test due to bug in his code.
> > 
> > 6.6 Encrypted content, TripleDES and DH, previously-distributed keys
> >    John Pawling: tested OK.
> > 
> > 6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys
> >    John Pawling: tested OK.
> > 
> > 6.8 S/MIME application/pkcs7-mime encrypted message
> >    John Pawling: tested OK.
> > 
> > 6.9 EnvelopedData with All Recipient Types
> >    John Pawling: tested OK.
> > 
> > 6.10 EnvelopedData with KARI RC2 Encryption
> >    John Pawling: tested OK.
> > 
> > 6.11 EnvelopedData with KEK 3DES Encryption
> >    John Pawling: tested OK.
> > 
> > 7. Digested-data
> >    Blake Ramsdell: tested OK.
> > 
> > 8. Encrypted-data
> > 
> > 8.1 Simple EncryptedData
> >    Blake Ramsdell: tested OK.
> > 
> > 8.2 EncryptedData with unprotected attributes
> > 
> > 9. Authenticated-data
> >    There are still no examples in this section.
> > 
> > 10. Key Wrapping
> >    John Pawling: tested OK.
> > 
> > 10.1 Wrapping RC2
> >    John Pawling: tested OK.
> > 
> > 10.2 Wrapping TripleDES
> >    John Pawling: tested OK.
> > 
> > 11. ESS Examples
> > 
> > 11.1 ReceiptRequest
> >    John Pawling: test failed, has sent new example file.
> > 
> > 11.2 Receipt
> >    John Pawling: test failed, has sent new example file.
> > 
> > 11.3 eSSSecurityLabel
> >    John Pawling: tested OK.
> > 
> > 11.4 EquivalentLabels
> >    John Pawling: tested OK.
> > 
> > 11.5 mlExpansionHistory
> >    John Pawling: tested OK.
> > 
> > 11.6 SigningCertificate
> >    John Pawling: tested OK.
> > 
> > ====================
> > 
> > Everything has been tested by at least one person *except* "8.2
> > EncryptedData with unprotected attributes". If no ones 
> tests this, we 
> > will probably get rid of it. Can anyone whose software handles 
> > EncryptedData please test example 8.2 and let me and/or the 
> list know 
> > the results?
> > 
> > All examples that had test failures have been re-submitted to my by
> > the DigitalNet folks *except* 5.10, which Jim Schaad had a lot of 
> > problems with. Could someone generate a new example of 
> 5.10? It would 
> > be valuable to have it in the document.
> > 
> > --Paul Hoffman, Director
> > --Internet Mail Consortium
> > 
>