[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Status of the examples draft

To: Paul Hoffman / IMC <phoffman@xxxxxxx>
Subject: Re: Status of the examples draft
From: Holger Ebel <holger.ebel@xxxxxxxxxxxxxxx>
Date: Thu, 03 Jul 2003 17:15:18 +0200
Cc: ietf-smime-examples@xxxxxxx
In-reply-to: <27299.1057160737740.JavaMail.root@email.authentidate.de>
List-archive: <http://www.imc.org/ietf-smime-examples/mail-archive/>
List-id: <ietf-smime-examples.imc.org>
List-unsubscribe: <mailto:ietf-smime-examples-request@imc.org?body=unsubscribe>
References: <200307021056.GAA03059@ietf.org> <27299.1057160737740.JavaMail.root@email.authentidate.de>
Sender: owner-ietf-smime-examples@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624

Paul,

please find below our test results for the V 11 of the smime-examples
draft.

-----------------------------------------------------------------------

Test results for S/MIME Examples-11; the libraries which were used for
these tests: - AuthentiDate's Java Security Provider (AJSP 1.5.1)
             - various Java algorithm engines

4. Trivial

4.1 ContentInfo with Data type, BER

ok

4.2 ContentInfo with Data type, DER

ok

5. SignedData

5.1 Basic, DSS/DSA

ok

5.2 Basic, RSA

ok

5.3 Basic, DSS/DSA, detached

ok

5.4 Fancier signed content

ok,

Note: - includes also AliceRSA certificate.
      - *the countersigner is not Diane, but AliceRSA*
      - if Diane is performing the countersignature, her
        cert should be also included in the certificate
        field of the signed data.
        (like AliceRSA cert)

5.5 All RSA signed message

ok

5.6 Multiple signers

ok

5.7 Signing using SKI

ok

5.8 S/MIME clear signed

ok,

Note: - SignatureAlgorithm is 1.2.840.10040.4.1, *not* 1.2.840.10040.4.3
        DSA vs. SHA1withDSA

5.9 S/MIME opaque

ok,

Note: - SignatureAlgorithm is 1.2.840.10040.4.1 *not* 1.2.840.10040.4.3
        DSA vs. SHA1withDSA

5.10 SignedData with Attributes

ok

5.11 CertsCrlsOnly signed message

ok

Note: - *includes also a CRL (CarlDSSCRLForAll.crl)*

6. Enveloped Data

Note: No KeyAgreeRecipientInfo EnvelopedData could be decrypted due
to the fact that Sun's JCE/JCA only covers PKCS#3 DH KeyParameter.

6.1 TripleDES / DH

n/a

6.2 TripleDES / RSA

ok

6.3 RC2/40 / RSA

ok

6.4

n/a

6.5

n/a

6.6

n/a

6.7 RC2/40 / RSA

ok

6.8

n/a

6.9

ok

6.10

n/a

6.11

n/a

7 Digested Data

not supported

8 Encrypted Data

not supported

9 Authenticated Data

not supported

10 Key Wrapping

10.1 RC2

n/a

10.2 3DES

ok

11 ESS

not supported

---------------

Best Regards,

Holger Ebel

Paul Hoffman / IMC wrote:


Hi again. The -11 draft has the following changes:
5.1.bin
5.3.bin
5.4.bin
5.6.bin
5.7.bin
5.10.bin
8.2.bin
11.1.bin
11.2.bin

It would be great if everyone who has tested can re-test with these new examples.

BTW, I forgot to change the title of 6.3 to say RC2/128, and will do so in the -12 draft. (Just to be sure, I have already started the -12 draft so I don't space out again...)

I would like to update the chart below for the -11 draft soon so we can move it to IETF last call.

======================================

Status of the examples in -10

4. Trivial Examples

4.1 ContentInfo with Data type, BER
  John Pawling: tested OK.
  Jim Schaad: tested OK.
  Jeff Jacoby: tested OK.
  Holger Ebel: tested OK.

4.2 ContentInfo with Data type, DER
  John Pawling: tested OK.
  Jim Schaad: tested OK.
  Jeff Jacoby: tested OK.
  Holger Ebel: tested OK.

5.  Signed-data
  Jim Schaad pointed out that many examples had the
    signatureAlgorithm of 1.2.840.10040.4.1 (dsa) but it should instead
    be 1.2.840.10040.4.3 (dsaWithSha1).
  The general decision was that the examples should have dsaWithSha1.
  John Pawling and Sue Beauchamp at DigitalNet agreed to re-generate
    the examples.

5.1 Basic signed content, DSS
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed.
    signatureAlgorithm is dsa but should be dsaWithSha1
  Holger Ebel: tested OK.
  Sue Beauchamp sent new example file.

5.2 Basic signed content, RSA
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: tested OK.
  Jeff Jacoby: tested OK.
  Holger Ebel: tested OK.

5.3 Basic signed content, detached content
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed.
    Contains Alice's RSA certificate
    No content hint unsigned attribute
    signatureAlgorithm is dsa but should be dsaWithSha1
  Jeff Jacoby: tested OK.
  Holger Ebel: tested OK.
  Sue Beauchamp sent new example file.

5.4 Fancier signed content
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jeff Jacoby: tested OK.
  Holger Ebel: tested OK.
    Countersigner is Alice, not Diane
    No content hint
  Sue Beauchamp sent new example file.

5.5 All RSA signed message
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: tested OK.
  Jeff Jacoby: tested OK.
  Holger Ebel: tested OK.

5.6 Multiple signers
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed.
    signatureAlgorithm is dsa but should be dsaWithSha1
  Holger Ebel: tested OK.
  Sue Beauchamp sent new example file.

5.7 Signing using SKI
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed.
    signatureAlgorithm is dsa but should be dsaWithSha1
  Holger Ebel: tested OK.
  Sue Beauchamp sent new example file.

5.8 S/MIME multipart/signed message
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Holger Ebel: tested OK except that it has a CRLF prepended.

5.9 S/MIME application/pkcs7-mime signed message
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed because signatureAlgorithm of dsa not dsaWithSha1
  Holger Ebel: tested OK except that it has a CRLF prepended.

5.10 SignedData With Attributes
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed.
    Change "unknown OID" to "unknown OID (1.2.5555)"
    Content Hint should have an OID of 1.2.840.113549.1.7.1
    Content Identifier attribute absent
    Contains Security Label attribute
    Contains encrypt key preference attribute
    Contains ML Expansion History attribute
    Contains Equivalent Label attribute
  Jeff Jacoby: tested OK.
  Holger Ebel: failed (not signed by Alice).

5.11 SignedData with Certificates Only
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jeff Jacoby: tested OK.
  Holger Ebel: tested OK.

6. Enveloped-data

6.1 Basic encrypted content, TripleDES and DH
  John Pawling: tested OK.
  Holger Ebel: tested OK.

6.2 Basic encrypted content, TripleDES and RSA
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jeff Jacoby: tested OK.
  Holger Ebel: tested OK.

6.3 Basic encrypted content, RC2/40 and RSA
  Blake Ramsdell: this is actually a 128-bit key.
  Jeff Jacoby: confirmed Blake's assertion.
  Paul Hoffman: thinks we could just change the title of the example.
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jeff Jacoby: tested OK.
  Holger Ebel: tested OK.

6.4 Encrypted content, two recipients, no shared keying material
  John Pawling: tested OK but noted unsuccessful Invalid tag for
    privateKeyInfo for second login.
  Holger Ebel: tested OK.

6.5 Encrypted content, two recipients, shared keying material
  John Pawling: could not test due to bug in his code.
  Holger Ebel: tested OK.

6.6 Encrypted content, TripleDES and DH, previously-distributed keys
  John Pawling: tested OK.
  Holger Ebel: tested OK.

6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys
  John Pawling: tested OK.
  Holger Ebel: tested OK.

6.8 S/MIME application/pkcs7-mime encrypted message
  John Pawling: tested OK.
  Holger Ebel: tested OK.

6.9 EnvelopedData with All Recipient Types
  John Pawling: tested OK.
  Holger Ebel: tested OK.

6.10 EnvelopedData with KARI RC2 Encryption
  John Pawling: tested OK.
  Holger Ebel: tested OK.

6.11 EnvelopedData with KEK 3DES Encryption
  John Pawling: tested OK.
  Holger Ebel: tested OK.

7. Digested-data
  Blake Ramsdell: tested OK.
  Jeff Jacoby: tested OK.

8. Encrypted-data

8.1 Simple EncryptedData
  Blake Ramsdell: tested OK.
  Jim Schaad: tested OK.
  Jeff Jacoby: tested OK.

8.2 EncryptedData with unprotected attributes Jim Schaad: failed badly. The key is not in the text and it is not the same as 8.1 The encapsulated content type is EncryptedData not id-data The content hint content type does not match the encapsulated content type

9. Authenticated-data
  There are still no examples in this section.

10. Key Wrapping
  John Pawling: tested OK.

10.1 Wrapping RC2
  John Pawling: tested OK.

10.2 Wrapping TripleDES
  John Pawling: tested OK.
  Holger Ebel: tested OK.

11. ESS Examples

11.1 ReceiptRequest
  John Pawling: test failed, has sent new example file.
  Jeff Jacoby: tested OK.

11.2 Receipt
  John Pawling: test failed, has sent new example file.

11.3 eSSSecurityLabel
  John Pawling: tested OK.
  Jim Schaad: tested OK.
  Jeff Jacoby: tested OK.

11.4 EquivalentLabels
  John Pawling: tested OK.
  Jeff Jacoby: tested OK.

11.5 mlExpansionHistory
  John Pawling: tested OK.
  Jeff Jacoby: tested OK.

11.6 SigningCertificate
  John Pawling: tested OK.
  Jeff Jacoby: tested OK.

--Paul Hoffman, Director
--Internet Mail Consortium

Prev by Date: Status of the examples draft
Next by Date: RE: Status of the examples draft
Previous by thread: RE: Status of the examples draft
Next by thread: RE: Status of the examples draft
Index(es):
- Date
- Thread