[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SFL SW Now Available

To: John Pawling <jsp@xxxxxxxxxxxxx>
Subject: Re: SFL SW Now Available
From: Xinhong Yuan <xyuan@xxxxxxxxxxxx>
Date: Thu, 09 Apr 1998 18:48:27 -0700
Cc: imc-sfl@xxxxxxx
References: <>
Sender: owner-imc-sfl@xxxxxxx
When is your schedules to deliver the release for RSA Bsafe?

John Pawling wrote:

> All,
>
> J.G. Van Dyke and Associates (VDA) has delivered the first interim release
> of the S/MIME Freeware Library (SFL) for SunOS 4.1.3 and MS Windows NT/95.
> The SFL is a reference implementation of the IETF S/MIME v3 CMS and ESS
> I-Ds.  This interim release of the SFL has been successfully used to sign,
> verify, encrypt and decrypt CMS objects using the mandatory algorithms (DSA,
> D-H, 3DES) provided by the Crypto++ library and SHA-1 provided by
> Government-furnished freeware.  This process includes using the SNACC ASN.1
> Library to encode and decode CMS signedData and envelopedData objects. This
> interim release includes: SFL High-level library; SFL Crypto++ Crypto Token
> Interface Library (CTIL); VDA-enhanced GNU SNACC ASN.1 Compiler and
> Library; test drivers and test data.
>
> Although we have made significant progress with the development of the SFL
> software, this interim release of the SFL software is NOT complete. We are
> still in the process of developing the SFL software. Further releases will
> be provided as significant capabilities are added.  The SFL is being
> delivered incrementally to provide software as soon as possible to allow
> developers to: work with the API; begin integrating the SFL into their
> applications; and to provide feedback to the ongoing SFL development
> process. The SFL documents and software are still being developed and are
> subject to change. The goal for completion of the SFL is June 1998. The
> stability of the S/MIME v3 specifications is a prerequisite for meeting this
> delivery goal. The SFL will be thoroughly tested and all memory leaks fixed
> once the S/MIME v3 specs are finalized.
>
> The 31 Mar 98 interim release of the SFL does not implement attributes and
> does not implement signed receipts.  It provides a C++ API.  The SFL will be
> enhanced to also provide a C API that will wrap the C++ API.  It has not
> been completely tested and it includes memory leaks.  It includes security
> holes.  For example, the SFL stores private keys in the clear on the hard
> drive of the host system.  We will be enhancing the SFL Crypto++ Crypto
> Token Interface Library (CTIL) to use PKCS #8 to store and protect the
> private key material that it accesses.
>
> The IMC has established an SFL web page at http://www.imc.org/imc-sfl/ which
> includes links to the SFL files stored on the VDA web site at
> http://www.jgvandyke.com/services/infosec/sfl.htm.  The following SFL files
> are available:
>
> 1) Word 97, ASCII text and Adobe Acrobat PDF files for the SFL Fact
>    Sheet (facsht.*), Software Design Description (SDD) (sfl_sdd.*),
>    Application Programming Interface (API) (sfl_api.*) and CTI API
>    (cti_api.*) documents.
>
> 2) SFL Public License (ASCII text).
>
> 3) Compressed tar file containing SNACC ASN.1 Compiler and Library
>    source code that has been enhanced by VDA to implement the
>    Distinguished Encoding Rules.
>
> 4) Zipped exe file containing MS Windows NT/95 files including: SFL
>    source code, SNACC ASN.1 Library, test code, project files.
>
> 5) Compressed tar file containing SunOS 4.1.3 filed including: SFL
>    source code, SNACC ASN.1 Library, test code, makefiles.
>
> Note: The last two files also include sample CMS test data and test X.509
> Certificates.  This file also includes test utilities to create X.509
> Certificates (with bogus signature values) that each include a D-H or DSA
> public key.
>
> Detailed instructions for the implementation of the software for each
> platform is included in a README file contained within the file for that
> platform.
>
> All source code for the SFL has been provided at no cost and with no
> limitations regarding its use and distribution. Organizations can use the
> SFL without paying any royalties or licensing fees.  VDA is developing the
> SFL under contract to the U.S. Government.  The U.S. Government is
> furnishing the SFL software at no cost to the vendor subject to the
> conditions of the "SFL Public License" included in the license.txt file
> available in each of the tar and exe files, and on the VDA web site.
>
> The SFL is composed of a high-level library that performs generic CMS and
> ESS processing independent of the crypto algorithms used to protect a
> specific object.  The SFL high-level library makes calls to an
> algorithm-independent Crypto Token Interface API.  The underlying, external
> crypto token libraries are not distributed as part of the SFL source code.
> The application developer must independently obtain these libraries and then
> link them with the SFL.   This strategy allows the SFL source code to be
> freely distributed to the entire Internet community because it does not
> contain software that directly implements any crypto algorithms that are
> copyrighted or export controlled.  For example, we the SFL uses the freeware
> Crypto++ library to provide 3DES, D-H and DSA.  To use the SFL with Crypto++
> the vendor must the Crypto++ freeware library from the Crypto++ Web Page
> (http://www.eskimo.com/~weidai/cryptlib.html) and then compile it with the
> SFL source code that is obtained from us.
>
> IMPORTANT NOTE: We were able to use the Crypto++ v2.3 library with MS
> Windows 95/NT with only a few trivial changes that are documented in the SFL
> MS Windows README file.  Due to limitations with the GCC 2.7.2 compiler we
> had to use Crypto++ v2.0 on SunOS 4.1.3.  We made many non-trivial changes
> to the Crypto++ v2.0 software so that we could use it on SunOS 4.1.3 with
> GCC 2.7.2.  We are communicating with the Crypto++ author and web site
> manager  to determine if the our modifications will be posted on Crypto++
> web site.  In the meantime, if you need the modified Crypto++ v2.0 for SunOS
> 4.1.3, please contact John Pawling.
>
> The SFL software is developed to maximize portability to 32-bit operating
> systems.  In the future, support may be added for the following operating
> systems: LINUX, Macintosh, HP/UX 9.x/10.x, IBM AIX 3.2, Sun Solaris 2.6 and
> SCO ODT 3.0/5.0.
>
> The IMC has established an SFL mail list which is used to: distribute
> information regarding SFL releases; discuss SFL-related issues; and provide
> a means for SFL users to provide feedback, comments, bug reports, etc.
> Subscription information for the imc-sfl mailing list is at the IMC web site
> listed above.
>
> All comments regarding the SFL software and documents are welcome.  We
> recommend that they be sent them to the imc-sfl mail list.  We will respond
> to all messages on that list.
>
> ================================
> John Pawling, jsp@xxxxxxxxxxxxx
> J.G. Van Dyke & Associates, Inc.
> www.jgvandyke.com
> ================================
References:
- SFL SW Now Available
  - From: John Pawling
Prev by Date: Building the SFL on the Intel/Windows platform
Next by Date: Re: SFL SW Now Available
Previous by thread: SFL SW Now Available
Next by thread: Re: SFL SW Now Available
Index(es):
- Date
- Thread