TOTAL Passing: 78 Failing: 194

Implemenation

RFC

Section

Feature

Passes

CMSExample

Senders

Receivers

Microsoft

VanDyke (V)

Deming

Baltimore

VDA Comments

2630

Passing: 45 Failing: 51

Note1: "N/A" signifies that crypto library used by SFL or application that calls SFL is responsible for implementing N/A-designated feature.

3. General Syntax

Note 2: VDA developed sample objects that illustrate each SFL-supported feature. The file name for the test object is included in this column.

Generate ContentInfo w/ data content

FAIL

5.1

2

YY

Y

Y

Generate ContentInfo w/ signed-data content

PASS

5.4

3

2

VDMMV

VD

M

MV

Generate ContentInfo w/ enveloped-data content

PASS

6.1

3

2

VDMMV

VD

M

MV

Generate ContentInfo w/ digested-data content

FAIL

1

Y

Y

SFL does not support

Generate ContentInfo w/ encrypted-data content

FAIL

2

YY

Y

Y

dataRfc2630.d/3_CIEncryptedData.bin

Generate ContentInfo w/ authenticated-data content

FAIL

1

Y

Y

SFL does not support

SignedAttributes are internally DER encoded on emission

PASS

5.4

1

YY

Y

Y

BOOLEAN

Authenticated Attributes are internally DER encoded on emission

FAIL

BOOLEAN

SFL does not support

4. Data Content Type

5. Signed-Data Content Type

5.1 SignedData Type

Generate id-data content - Verify version=1

PASS

5.1

3

2

DVMMV

DV

M

MV

Generate non-id-data content - Verify version=3

PASS

11.2.signedReceipt

2

2

VM

V

M

Generate w/ certs

PASS

5.1

3

2

VDMMV

VD

M

MV

SignedData w/ CRLs

FAIL

4.5

1

1

M

M

Generate w/ attribute certificate

FAIL

2

YY

Y

Y

SFL supports, but not yet tested

5.2 EncapsulatedContentInfo

Generate w/ encapsulated content

PASS

5.4

3

2

DVMM

DV

M

M

Generate w/ detached content

PASS

5.3

3

2

DVMM

DV

M

M

Generate w/ data content

PASS

5.4

3

2

DVMM

DV

M

M

Generate w/ non-data content

PASS

11.2.signedReceipt

2

2

VM

V

M

Degenerate message w/ data content type and no content

FAIL

2

YY

Y

Y

SFL supports

5.3 Signed Data

Generate Issuer/Serial SID

PASS

5.3

3

2

DVMMV

DV

M

MV

Generate SKI SID

PASS

5.7

2

2

VM

V

M

Generate w/o AuthAttrs

PASS

5.1

2

2

VM

V

M

Generate w/ AuthAttrs

PASS

5.4.CSSD

3

2

DVMMV

DV

M

MV

Message Digest algorithm(s) in the digestAlgorithm field

PASS

5.1

3

2

DVMMV

DV

M

MV

signedAttributes present for non id-data content

PASS

11.2.signedReceipt

2

YY

Y

Y

BOOLEAN

SignedAttribute is DER encoded

PASS

5.4.CSSD

3

2

DVMMV

DV

M

MV

signedAttributes includes content-type and message-digest

PASS

5.4.CSSD

3

2

DVMMV

DV

M

MV

Unsigned Attributes present

PASS

5.4.CSSD

2

2

VM

V

M

5.4 Message Digest Calculation

id-data, no Attrs

PASS

5.1

2

2

VM

V

M

id-data, auth attrs

PASS

5.4.CSSD

3

2

DVM

DV

M

non-id-data

PASS

11.2.signedReceipt

2

2

VM

V

M

5.5 Message Signature Generation Process

5.6 Message Siganture Verification process

Verify Signature on message (3 flavors)

FAIL

CMS_Examples.d/5.1.bin, 5.3.bin, 5.4.CSSD.bin

1

1

M

M

BOOLEAN

Check Message digest againist Auth Attr

PASS

CMS_Examples.d/5.1.bin, 5.3.bin, 5.4.CSSD.bin

2

YY

Y

Y

BOOLEAN

6 Enveloped-data ContentType

6.1 EnvelopedData Type

EnvelopedData w/ unprotected attributes

FAIL

1

Y

Y

SFL supports, but not yet tested

EnvelopedData w/ CRLs in originator info

FAIL

6.2

1

Y

Y

EnvelopedData w/ X509 certs in orginator info

FAIL

6.2

1

1

M

M

EnvelopedData w/ Attribute certs in orginator info

FAIL

1

Y

Y

SFL supports, but not yet tested

EnvelopedData w/ all recipInfos of a version 0

PASS

6.2

3

2

DVM

DV

M

EnvelopedData w/o all recipInfos of a version 0

PASS

6.1

2

2

VM

V

M

EnvelopedData w/ encryptedContent

PASS

6.1

3

2

DVM

DV

M

EnvelopedData w/o encryptedContent

FAIL

SFL supports, but not yet tested

6.2 RecipientInfo Type

An example of each RecipientInfo in a single message

FAIL

ExInterop6.2.bin

1

Y

Y

6.2.1 KeyTransRecipientInfo Type

Generate Issuer/Serial RID

PASS

6.2

3

2

DVM

DV

M

Generate SKI RID

FAIL

1

2

VY

V

Y

SFL supports, but yet tested

6.2.2 KeyAgreeRecipientInfo Type

Generate Issuer/Serial RID

FAIL

1

1

M

M

CMS_Examples.d/6.1.bin

Generate SKI RID

PASS

2

2

VM

V

M

SFL supports, but not yet tested

Generate SKI RID w/Date & other

FAIL

2

YY

Y

Y

SFL supports, but not yet tested

Generate w/o UKM

PASS

2

2

VM

V

M

SFL supports decrypting; adding ability to generate.

Generate w/UKM

PASS

2

2

VM

V

M

CMS_Examples.d/6.1.bin

Generate 2 recipients w/ common UKM & params

FAIL

1

1

M

M

CMS_Examples.d/ExInterop6.4.bin

Generate 2 recipients w/o common UKM

PASS

2

2

VM

V

M

CMS_Examples.d/ExInterop6.4.bin

ID Originator key by Issuer/serial

FAIL

2

YY

Y

Y

CMS_Examples.d/6.1.bin

ID Originator key by SKI

FAIL

1

2

VY

V

Y

SFL supports, but not yet tested.

ID Originator key by PublicKey

FAIL

1

2

VY

V

Y

CMS_Examples.d/ExInterop6.4.bin (ESDH)

6.2.3 KEKRecipientInfo Type

Generate KEK w/o date & other

PASS

2

2

VM

V

M

CMS_Examples.d/6.7_NOKEKDate.bin

Generate KEK w/date & other

FAIL

2

YY

Y

Y

CMS_Examples.d/6.7.bin

6.3 Content-encrpytion Process

Generate w/correct padding

PASS

3

2

DVM

DV

M

CMS_Examples.d/6.1.bin

Fail read w/incorrect padding

PASS

2

YY

Y

Y

BOOLEAN

SFL supports

6.4 Key-encryption Process

7 Digested-data

SFL does not support

Generate id-data

FAIL

" " " "

Generate non-id-data

FAIL

" " " "

Generate w/ encapsulated content

FAIL

" " " "

Generate w/o encapulated content

FAIL

" " " "

8 Encrypted-data Content Type

Generate w/o Unprotected Attrs

FAIL

1

Y

Y

ExInteropEncryptedData.bin

Generate w/ Unprotected Attrs

FAIL

1

Y

Y

ExInteropEncryptedDataAttrs.bin

Generate w/ encapsulated content

FAIL

1

Y

Y

SFL supports

Generate w/o encapsulated content

FAIL

1

Y

Y

SFL supports, but not yet tested

9 Authenticated-data Content Type

SFL does not support

9.1AuthenticatedDataType

" " " "

Generate Key Transport recipient

FAIL

" " " "

Generate Key Agree recipient

FAIL

" " " "

Generate KEK recipient

FAIL

" " " "

OriginatorInfo w/ Certificates

FAIL

" " " "

OriginatorInfo w/ CRLs

FAIL

" " " "

OriginatorInfo w/ Attr Certs

FAIL

" " " "

AuthenticatedData w/ encapsulated content

FAIL

" " " "

AuthenticatedData w/o encapsulated content

FAIL

" " " "

authenticatedAttributes requires content-type and message-digest

FAIL

" " " "

authenticatedAttribute is DER encoded

FAIL

" " " "

AuthenticatedData w/ unauthenticated attributes

FAIL

" " " "

9.2 MAC Generation

" " " "

Data w/o Auth Attrs

FAIL

" " " "

Data w/ Auth Attrs

FAIL

" " " "

Non-Data

FAIL

" " " "

9.3 MAC Verification

" " " "

Read w/ bad digest value

FAIL

" " " "

11 Useful Attributes

11.1 Content Type

Message w/Content type attribute

PASS

3

2

DVMMV

DV

M

MV

CMS_Examples.d/5.4.CSSD.bin

11.2 Message Digest Attribute

Message w/message digest attr

PASS

3

2

DVMMV

DV

M

MV

CMS_Examples.d/5.4.CSSD.bin

11.3 Signing Time

Message w/ signing time - YY > 50

PASS

3

2

DVMMV

DV

M

MV

ExInterop_SigningTime2.bin

Signing time YY < 50

FAIL

1

Y

Y

ExInterop_SigningTime1.bin

Signing time YYYY

FAIL

1

Y

Y

CMS_Examples.d/5.4.SD.bin

11.4 Countersignature

Message w/Countersignature

FAIL

1

Y

Y

SFL Test Cases

12 Supported Algorithms

12.1 Digest Algorithms

SHA1 Hash

PASS

3

2

DVMM

DV

M

M

CMS_Examples.d/5.4.CSSD.bin

MD5 Hash (should)

PASS

2

2

DMM

D

M

M

CMS_Examples.d/6.3.bin

12.2 Signature Algorithms

DSA

PASS

2

2

VM

V

M

CMS_Examples.d/5.4.CSSD.bin

12.3.1 Key Agree Algorithms

ES-DH w/3DES KEK & CEK

PASS

2

2

VM

V

M

CMS_Examples.d/6.1.bin

ES-DH w/RC2 KEK & CEK (should)

PASS

2

2

VM

V

M

CMS_Examples.d/ExInterop6.1.bin

12.3.2 Key Transport Algorithms

RSA w/3DES CEK (should)

PASS

3

2

DVMM

DV

M

M

CMS_Examples.d/6.2.bin

RSA w/RC2 CEK (should)

PASS

3

2

DVMM

DV

M

M

CMS_Examples.d/6.3.bin

12.3.3 Symmetric Key-Encryption Key Alg

3DES KEK & CEK (may/must)

PASS

2

2

VM

V

M

CMS_Examples.d/ExInterop6.7.bin

RC2 KEK & CEK (may/should)

FAIL

1

1

M

M

CMS_Examples.d/6.7_NOKEKDate.bin

12.5 Message Authentication Code

SFL does not support

HMAC w/SHA-1

FAIL

" " " "

RFC 2631

Passing: 0 Failing: 13

Implemented in underlying crypto library

2.1.2 Generation of Keying Material

Leading zeros must be preseved on ZZ

FAIL

2

YCrypto++

Y

Crypto++

BOOLEAN

N/A

Other Info encoded w/o partyAInfo

FAIL

1

2

VCrypto++

V

Crypto++

N/A

OtherInfo encoded w/ partyAInfo

FAIL

1

Crypto++

Crypto++

N/A

partyAInfo is 512 bits

FAIL

2

YCrypto++

Y

Crypto++

BOOLEAN

N/A

Counter non-zero value

FAIL

2

YCrypto++

Y

Crypto++

BOOLEAN

N/A

partyAInfo required for Static-Static

FAIL

1

Crypto++

Crypto++

BOOLEAN

N/A

2.1.4 Keylengths for common Algs

RC2 Effiective Key Length == Real Key Length

FAIL

1

Crypto++

Crypto++

Fixing bug (4/00)

2.2 Key and parameter requirements

|q| >= 160 bits

FAIL

N/A

|p| >= 512 bits

FAIL

N/A

2.2.1 Group Parameter Generation

Generate parameter from this algorithm

FAIL

N/A

2.3 Ephemeral-Static Mode

Must implement ES mode

FAIL

1

2

YCrypto++, M

Y

Crypto++, M

CMS_Examples.d/6.1.bin

2.4 Static-Static Mode

Must have non-null partyAInfo

FAIL

1

Crypto++

Crypto++

N/A

Perform validation or reply on CA validation

FAIL

N/A

RFC 2632

Passing: 16 Failing: 5

1. Overview

Public keys MUST be validated

FAIL

1

Y

Y

BOOLEAN

Implemented in CML

MUST do RFC2633 certificate validation

PASS

2

YY

Y

Y

BOOLEAN

" " "

2.1 CertificateRevocationList

MUST support CRLs

PASS

2

YY

Y

Y

BOOLEAN

Implemented in CML

MUST get CRLs from CMS

FAIL

1

Y

Y

BOOLEAN

N/A

MUST perform CRL checking

PASS

2

YY

Y

Y

BOOLEAN

Implemented in CML

MUST support Cas w/same key & name

PASS

2

YY

Y

Y

BOOLEAN

" " "

2.2 Certificate Choices

MUST support V1 certificates

PASS

2

YY

Y

Y

BOOLEAN

SFL supports

MUST support V3 certificates

PASS

2

YY

Y

Y

BOOLEAN

SFL supports

SHOULD support receipt of ACs

FAIL

1

Y

Y

BOOLEAN

SFL supports, but not yet tested

2.3 CertificateSet

MUST support random certs in bag

PASS

2

YY

Y

Y

BOOLEAN

SFL supports

MUST support name based chaining

PASS

2

YY

Y

Y

BOOLEAN

Implemented in CML

3. Distingished Names for Internet Mail

MUST get email name in SubjectAltName

PASS

1

YY

Y

Y

BOOLEAN

N/A

MUST get email name in Distinguished Name

PASS

1

YY

Y

Y

BOOLEAN

N/A

MUST check From/Sender address againist cert email name

FAIL

Y

Y

BOOLEAN

N/A

Issuer&Subject names MUST be populated

FAIL

BOOLEAN

N/A

4. Certifcate Processing

4.3 Certificate and CRL signing Algorithms

MUST support DSS signed certificates

PASS

2

YY

Y

Y

BOOLEAN

Implemented in CML

4.4 PKIX Certificate Extensions

(M) Basic Constraints in EE certs

PASS

2

YY

Y

Y

BOOLEAN

Implemented in CML

(M) Key Usage in EE certs

PASS

2

YY

Y

Y

BOOLEAN

" " "

(M) Authority Key ID in EE certs

PASS

2

YY

Y

Y

BOOLEAN

" " "

(M) Subject Key ID in EE certs

PASS

2

YY

Y

Y

BOOLEAN

" " "

(M) Subject Alt Name in EE certs

PASS

2

YY

Y

Y

BOOLEAN

" " "

RFC 2633

Passing: 17 Failing: 44

2.1 Digest Algorithm Identifier

(MSR) Supports SHA-1

PASS

3

2

VDMM

VD

M

M

CMS_Examples.d/5.4.CSSD.bin

(SSR) Supports MD5

PASS

2

2

VM

V

M

CMS_Examples.d/6.3.bin

2.2 SignatureAlgorithmIdentifier

(MSR) Supports DSA

PASS

2

2

VM

V

M

CMS_Examples.d/5.4.CSSD.bin

(SSR) Supports RSA

PASS

3

2

VDMM

VD

M

M

CMS_Examples.d/5.2.bin

3.2 KeyEncryptionAlgorithm

(MSR) Supports D-H

PASS

2

2

VM

V

M

CMS_Examples.d/6.1.bin

(SSR) Supports RSA

PASS

3

2

VDMM

VD

M

M

CMS_Examples.d/6.3.bin

2.4.1 Data Content Type

(MS) Use id-data for eContentType

PASS

2

2

DMM

D

M

M

CMS_Examples.d/5.3.bin

(MS) Content Embedded for blob signed

PASS

2

2

DMM

D

M

M

CMS_Examples.d/5.4.bin

(MS) No Embedded content for clear signed

PASS

2

2

DMM

D

M

M

CMS_Examples.d/5.3.bin

(MS) Content embedded for encrypted

PASS

2

2

DMM

D

M

M

CMS_Examples.d/6.2.bin

2.4.2 SignedData Content Type

(MS) use signedData for signed messages

PASS

2

2

DMM

D

M

M

SFL supports

2.5 Attribute SignerInfo Type

(SR) Handle zero or one signingCertificate

PASS

2

YY

Y

Y

BOOLEAN

CMS_Examples.d/5.4.bin

(SS) Insert one signingCertificate attribute

FAIL

1

1

M

M

CMS_Examples.d/11.6.bin

(SR) Handle Unknown attribute

FAIL

1

Y

Y

BOOLEAN

ExInterop_Attrs.bin

(SS) Display unlisted attributes to user

FAIL

1

Y

Y

BOOLEAN

N/A

2.5.1 Signing-Time Attribute

(MS) Encode YY signing time

PASS

3

2

VDM

VD

M

ExInterop_SigningTime2.bin

(MS) Encode YYYY signing Time post 2049

FAIL

SFL supports, but not yet tested; CMS_Examples.d/5.4.SD.bin

(MSR) <50 - 20YY

FAIL

1

Y

Y

ExInterop_SigningTime1.bin

(MSR) >=50 - 19YY

FAIL

1

1

M

M

ExInterop_SigningTime2.bin

2.5.2 SMIMECapabilities Attribute

(?R) Handle unknown capabilities gracefully

PASS

2

YY

Y

Y

BOOLEAN

ExInterop_Attrs.bin

(MS) is a signed attribute

FAIL

1

1

M

M

ExInterop_Attrs.bin

(MS) single Attribute Value only

FAIL

1

1

M

M

SFL supports

(SS) Capabilities are partitioned

FAIL

N/A

(MS) All included attributes are properly encoded

FAIL

1

1

M

M

SFL supports

(MS) Include Alg Parameters in capability

FAIL

1

1

M

M

SFL supports

2.5.3 Encryption Key Preference Attribute

(MS) is a signed attribute

FAIL

1

1

M

M

ExInterop_Attrs.bin

(SS) include certificate in bag

FAIL

1

1

M

M

SFL supports

(SS) include if Sign cert != KeyEx cert

FAIL

N/A

(SR) store on receipt

FAIL

1

Y

Y

BOOLEAN

N/A

(SR) respect attribute when received

FAIL

1

Y

Y

BOOLEAN

N/A

2.5.3.1 Selection of Key Management Cert

(SS) Follow steps

FAIL

N/A

2.6 SignerIdentifier SignerInfo Type

(MS) Must use Isssuer/Serial

PASS

2

2

DM

D

M

SFL supports

2.7 ContentEncrptionAlgorithm

(MSR) Support 3DES

PASS

2

2

DM

D

M

CMS_Examples.d/ExInterop6.7.bin

(SSR) Support RC2/40

PASS

2

2

DM

D

M

CMS_Examples.d/6.3.bin

2.7.1 Which Encryption Alg to use

(SS) Follow steps

FAIL

BOOLEAN

N/A

3.1.1 Canonicalization

(MS) Canonicalize all mime parts

FAIL

1

1

D

D

N/A

(MS) Canonicalize Sign & Encrypt

FAIL

1

1

D

D

N/A

(SS) List char set in body headers

FAIL

N/A

(MS) Canonicalize multiple representations of single characters

FAIL

N/A

3.1.2 Transfer Encoding

(MSR) Handle all CTEs

FAIL

1

Y

Y

BOOLEAN

N/A

3.1.3 Transfer Encoding for Multipart/signed

(MS) Encode as 7-bit text

FAIL

N/A

3.2 application/pkcs7-mime type

(SS) include smime-type parameter

FAIL

N/A

(MS) use CT of application/pkcs7-mime

FAIL

N/A

3.2.1 Name and filename parameters

(SS) Emit CT name parameter

FAIL

N/A

(SS) Emit Content-Disposition field

FAIL

N/A

(SS) Restrict file name to 8.3

FAIL

N/A

(SS) Use smime.* for file name

FAIL

N/A

3.4 Signed-only message

(SR) Handle clear & blob signed

FAIL

1

Y

Y

BOOLEAN

N/A

3.4.3.1 application/pkcs7-signature

(MS) Omit body from CMS object

FAIL

N/A

(MS) Include protocol parameter

FAIL

N/A

(MS) quote protocol

FAIL

N/A

(MS) emit micalg parameter

FAIL

N/A

(SS) emit from included list

FAIL

N/A

(SR) recover from bad micalg

FAIL

BOOLEAN

N/A

3.6 Cetificates-only Message

(MS) omit content

FAIL

1

Y

Y

ExInterop_CertsOnly.bin

(MS) omit signerInfos

FAIL

1

Y

Y

ExInterop_CertsOnly.bin

3.7 Registration Requests

(MS) Signing cert required to sign a message

FAIL

BOOLEAN

N/A

4. Certificate Processing

1

Y

Y

CML supports

(MS) Provide certificate retrieval mechanism

FAIL

1

Y

Y

BOOLEAN

CML supports

(SR) Storage of certificates for correspondents

FAIL

1

Y

Y

BOOLEAN

CML supports

4.1 Key Pair Generation

Underlying crypto lib supports

(MS) Generate good random protected DH/DSS keys

FAIL

1

Crypto++

Crypto++

BOOLEAN

N/A

(SS) Generate sized RSA keys

FAIL

1

1

BSAFE

BSAFE

BOOLEAN

N/A

RFC 2634 - Enhanced Security Services

Passing: 0 Failing: 81

1.2 Format of Triple Wrapped Messages

(MR) Read both signed formats

FAIL

BOOLEAN

N/A

1.3.1 Signed Receipts & Triple Wrapping

(MS) Receipt request only in inner signed content

FAIL

BOOLEAN

N/A

1.3.4 Placment of Attributes

(MS) See table in document

FAIL

1

1

M

M

BOOLEAN

SFL supports all attributes.

(MS) Countersignature in unauth attrs

FAIL

1

Y

Y

BOOLEAN

CMS_Examples.d/11.1.bin

(MS) Copy forward mlExpansionHistory & eSSSecurityLabel on add new signerInfo

FAIL

1

1

M

M

BOOLEAN

N/A

2.1 Signed Receipt Concepts

(SR) Auto gen of receipts on request

FAIL

1

1

M

M

BOOLEAN

CMS_Examples.d/11.1.bin

(SR) Only send one receipt

FAIL

1

Y

Y

BOOLEAN

CMS_Examples.d/11.1.bin

2.2 Receipt Request Creation

(MS) Populate receiptsTo field

FAIL

1

1

M

M

CMS_Examples.d/11.1.bin

(MS) ReceiptsTo includes destination address

FAIL

1

1

M

M

CMS_Examples.d/11.1.bin

2.2.1

(MSR) Verify receipt requests are identical

FAIL

1

Y

Y

BOOLEAN

SFL supports

2.2.2 (MS) Retail either original message or digest thereof

N/A

2.3 Receipt Request Processing

(MR) Verify signature of singerInfo w/request

FAIL

1

1

M

M

CMS_Examples.d/11.1.bin

(MR) No receipt on different requests

FAIL

1

Y

Y

VDA SFL Test Cases

(SR) Return receipt if any signerInfo w/request verifies

FAIL

1

1

M

M

CMS_Examples.d/11.1.bin

(SR) mlExpansion Present/mlReceiptPolcy absent/use receipt request

FAIL

1

Y

Y

VDA SFL Test Cases

(MR) mlExpansion Present/mlReceiptPolicy none/No receipt generated

FAIL

1

Y

Y

VDA SFL Test Cases

(SR) mlExpansion present/mlReceiptPolcy insteadOf/inAdditionTo/Use mlReceiptPolicy From and To lists

FAIL

1

Y

Y

VDA SFL Test Cases

(SR) allReceipts - generate receipt

FAIL

1

1

M

M

VDA SFL Test Cases

(MR) firstTier/mlExpansionHistory Present/No receipt generated

FAIL

1

Y

Y

VDA SFL Test Cases

(SR) firstTier/mlExpansionHistory absent/Generate Receipt

FAIL

1

Y

Y

VDA SFL Test Cases

(SR) receiptsFrom list - receiver in list - generate receipt

FAIL

1

Y

Y

VDA SFL Test Cases

(MR) receiptsFrom list - receiver not in list - No generate receipt

FAIL

1

Y

Y

VDA SFL Test Cases

2.4 Signed Receipt Creation

(MS) Verify signerInfo object w/receipt in it

FAIL

1

1

M

M

CMS_Examples.d/11.2.signedReceipt.bin

(MS) content type in receipt signedData is id-ct-receipt

FAIL

1

1

M

M

CMS_Examples.d/11.2.bin

(SS) Receipt contains signing time

FAIL

1

1

M

M

CMS_Examples.d/11.2.signedReceipt.bin ADD SigningTime

(MS) Content DER encoded and included in eContent field

FAIL

1

1

M

M

CMS_Examples.d/11.2.signedReceipt.bin

(MS) No mime wrapping occurs on receipt content

FAIL

1

1

M

M

CMS_Examples.d/11.2.signedReceipt.bin

(MS) Must outer sign if signed receipt is encrypted

FAIL

N/A

(MS) If outer signed, include Content Hint

FAIL

N/A

(MS) Support encrypted receipts

FAIL

N/A

2.4.1

(MS) MLExpansion History must not occur

FAIL

1

Y

Y

SFL supports

2.5 Determining the recipients of a signed receipt

(MS) Following procedure in text

FAIL

N/A

2.6 Signed Receipt Validation

(SR) Accept multiple receipts from same sender

FAIL

N/A

(MR) Validate according to procedure in text

FAIL

1

1

Y,M

Y,M

CMS_Examples.d/11.2.signedReceipt.bin

2.7 Receipt Request Syntax

(MSR) Encode/decode basic request

FAIL

1

1

M

M

CMS_Examples.d/11.1.bin

(MS) create signedContentIdentifier

FAIL

1

1

M

M

CMS_Examples.d/11.1.bin

(SS) Recommended source for signedContentIdentifier

FAIL

1

1

M

M

CMS_Examples.d/11.1.bin

(MS) Populate receiptsTo field

FAIL

1

1

M

M

CMS_Examples.d/11.1.bin

(MS) Include self to get receipt

FAIL

1

1

M

M

CMS_Examples.d/11.1.bin

2.8 Receipt Syntax

(MSR) Encode/Decode basic receipt

FAIL

1

1

M

M

CMS_Examples.d/11.2.signedReceipt.bin

2.9 Content Hints

(MSR) Encode/decode basic hint

FAIL

1

1

M

M

ExInterop_Attrs.bin

(SSR) Encode/decode hint w/content description

FAIL

1

Y

Y

VDA SFL Test Cases

(SS) Include hint on E(S(non-id-data))

FAIL

N/A

(MS) Add hint on receipt for E(S(R))

FAIL

N/A

2.10 Message Signature Digest Attribute

(MSR) Encode/decode attribute

FAIL

1

1

M

M

CMS_Examples.d/11.2.signedReceipt.bin

2.11 Signed Content Reference Attribute

(MSR) Encode/decode basic attribute

FAIL

1

1

M

M

ExInterop_Attrs.bin

(MS) Verify original message has signedContentID attribute

FAIL

1

Y

Y

ExInterop_Attrs.bin

3. Security Labels

3.1 Processing rules

3.1.1 Adding security labels

(MS) Put label in auth attrs

FAIL

1

1

M

M

ExInterop_Attrs.bin

(MS) All signerInfos MUST have label if any has label

FAIL

1

Y

Y

Adding check to SFL in 4/00

3.1.2 Processing Security Lables

1

Y

Y

SFL supports

(MR) Validate signature if applying label

FAIL

N/A

(MR) Process label if present

FAIL

N/A

(MR) Inform user if not all labels in a signedData are the same

FAIL

N/A

(SR) Local policy on show for unknown label policy

FAIL

N/A

(SR) Stop & Error process on unknown label policy

FAIL

N/A

3.2 Syntax of EssSecurityLabel

(MSR) Encode basic label

FAIL

1

1

M

M

ExInterop_Attrs.bin

(SSR) Encode/decode extended label

FAIL

1

1

M

M

SFL supports

3.3 Security Label Components

3.3.1 Security Policy Identifier

1

1

M

M

SFL supports

3.3.2 Security Classification

(MS) Include policy id w/classification

FAIL

1

1

M

M

ExInterop_Attrs.bin

(MS) Clasification values are hierarchial (but not ascending)

FAIL

1

1

M

M

SFL supports

3.3.3 Privacy Mark

1

1

M

M

SFL supports

3.3.4 Security Categories

1

1

M

M

ExInterop_Attrs.bin

3.4 Equivalent Security Labels

(SR) Recognize equivalent labels

FAIL

1

1

M

M

ExInterop_Attrs.bin

(MSR) Basic encode/decode of equivant labels

FAIL

1

1

M

M

ExInterop_Attrs.bin

(MS) If any signerInfo has label/all have label

FAIL

1

Y

Y

Adding check to SFL in 4/00

(MS) Include one or more security labels in eq. Label

FAIL

1

Y

Y

ExInterop_Attrs.bin

(MSR) No two policy ids are same in eq. Label

FAIL

1

Y

Y

ExInterop_Attrs.bin

(MR) Enforces no two policy ids are the same

FAIL

1

Y

Y

Adding check to SFL in 4/00

(MS) Wrap not use eq label if symantics are different

FAIL

N/A

(MS) Eq labels are authenticated attrs

FAIL

1

Y

Y

ExInterop_Attrs.bin

3.4.2 Processing Equivalent Labels

1

1

M

M

SFL supports

(SR) process ESSSecurityLabel before Eq label

FAIL

N/A

(MR) If EssLabel understood - it must be what is used

FAIL

N/A

(MR) validate signature on Eq label used

FAIL

1

1

M

M

SFL supports

(SR) User first Eq label found in processing

FAIL

N/A

4. Mail List Management

4.1 Mail List Expansion

(MA) Add MLData record with MLA's identity info

FAIL

1

1

M

M

ExInterop_Attrs.bin

(MA) Must add mlExpansionHistory if not present

FAIL

N/A

(MA) Must append info to end of existing mlExpansionHistory

FAIL

N/A

(MA) All mlExpansionHistories added by agent are identical

FAIL

N/A

(MR) Enforce all mlExpansionHistory elements are identical

FAIL

N/A

(MR) Inform user if not all histories in a signedData are the same

FAIL

N/A

4.2 Mail List Agent Processing

(MA) Parse all layers

FAIL

N/A

(MA) Process all security labels

FAIL

N/A

(MA) Verify signature if contains label

FAIL

N/A

(MA) Add new SignedData layer

FAIL

N/A

(MA) Add/update mlExpansionHistory

FAIL

1

1

M

M

SFL supports

(MA) Move all authenticated attributes forward

FAIL

N/A