[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: v0.3 SFL Interim Release

Can anyone give me a tip how I can get access to the download site of SFL? I
need the name/password for access. Where should I get it from?

Xinhong
VeriSign, Inc.
650.429.3308


> -----Original Message-----
> From: owner-imc-sfl@xxxxxxx [mailto:owner-imc-sfl@xxxxxxx]On Behalf Of
> John Pawling
> Sent: Tuesday, July 07, 1998 1:31 PM
> To: imc-sfl@xxxxxxx
> Subject: v0.3 SFL Interim Release
>
>
> All,
>
> J.G. Van Dyke and Associates (VDA) has delivered the third interim release
> (Version 0.3) of the S/MIME Freeware Library (SFL).  It has been
> successfully tested with the Sun Solaris 2.6 and MS Windows NT/95
> operating
> systems.  The SFL is a reference implementation of the IETF S/MIME v3 CMS
> and ESS I-Ds.  We have made significant progress with the testing of the
> SFL. The v0.3 SFL has been successfully used to sign, verify, encrypt and
> decrypt CMS objects using the mandatory algorithms (DSA, D-H,
> 3DES) provided
> by the Crypto++ library and SHA-1 provided by
> Government-furnished freeware.
> The v0.3 SFL has also been used to sign, verify, encrypt and decrypt CMS
> objects using the RSA suite of algorithms provided by the RSA
> BSAFE library.
> The SFL uses the SNACC ASN.1 Library to encode and decode CMS
> signedData and
> envelopedData objects. The v0.3 SFL release includes: SFL High-level
> library; SFL Crypto++ Crypto Token Interface Library (CTIL); BSAFE CTIL;
> VDA-enhanced GNU SNACC ASN.1 Compiler and Library; test drivers
> and test data.
>
> Since the v0.2 SFL release, we have begun interoperability testing between
> the MS Outlook Express S/MIME v2 e-mail client and SFL.  We used
> the SFL to
> successfully verify the signature of an Outlook Express-generated v2
> signedData message.  We used the SFL to create a signedData
> message that was
> verified by Outlook Express.  This required a number of changes
> in both the
> SFL and test environment.  This is just the beginning of our
> interoperability testing.
>
> Since v0.2 SFL release, we have made the following progress with the SFL:
> fixed many bugs and memory leaks; improved VDA DER SNACC code to correctly
> decode indefinite length BER sequences and ANYs (this was needed to
> interoperate with Outlook Express and Netscape); "#pragma
> pack(8)" added to
> "sm_api.h" to force consistent structure alignment for references
> to the SFL
> classes; made minor changes recommended by customers; added support for
> ESSSecurityLabel signed attribute; improved Receipt Request
> logic; improved
> certificate generation utilities; and added support for processing the
> encapsulated content separate from the signedData object that includes the
> signature of the content.  We also improved the SFL test
> environment: added
> ability to specify combinations of various hash/signing/encryption
> algorithms when creating a message; added limited MIME message
> construction
> using the freeware MIME++ library (SignedData only); increased consistency
> of certificates and private keys used for all CTILs (address book logic).
>
> Although we have made significant progress with the development
> of the SFL,
> this interim release of the SFL is NOT complete. We are still in
> the process
> of developing and testing the SFL.  For example, we will be enhancing the
> BSAFE CTIL to store the user's private keys in an encrypted form.  Further
> releases will be provided (probably on a monthly basis) as significant
> capabilities are added.  The SFL is being delivered incrementally
> to provide
> software as soon as possible to allow developers to: work with the API;
> begin integrating the SFL into their applications; and to provide feedback
> to the ongoing SFL development process. The SFL documents and software are
> still being developed and are subject to change. The goal for
> completion of
> the SFL is September 1998. The stability of the S/MIME v3
> specifications is
> a prerequisite for meeting this delivery goal.
>
> Future releases will include: support for additional attributes; Fortezza
> CTIL; additional helper functions; C API (in addition to C++ API); support
> for other crypto libraries; and support for other operating systems.  The
> SFL will be thoroughly tested and all memory leaks fixed.  Robustness
> testing will be performed.  The SFL will be tested for
> interoperability with
> S/MIME v2 and v3 products. Other possible future enhancements include
> additional example CTILs supporting other Cryptographic APIs, such as Open
> Group's Common Data Security Architecture. We will continue enhancing
> utilities to generate certificates to be used as test data.
>
> The IMC has established an SFL web page (http://www.imc.org/imc-sfl) which
> includes links to the SFL files stored on the VDA SFL Page
> (http://www.jgvandyke.com/services/infosec/sfl.htm) and on the Fortezza
> Developer's S/MIME Page
> (http://www.armadillo.huntsville.al.us/software/smime).
>
>
> The following SFL files are not export-controlled.  They are available at
> the Fortezza Developer's S/MIME Page (now) and VDA SFL Page (any
> minute now):
>
> 1) SFL Documents: SFL Fact Sheet, SFL Software Design Description, SFL
> Application Programming Interface, SFL CTI API and SFL Public License.
>
> 2) snacc-1.3vda.tar.Z: Compressed tar file containing SNACC ASN.1 Compiler
> and Library source code compilable for Unix that has been
> enhanced by VDA to
> implement the Distinguished Encoding Rules.  makefiles are included.
>
> 3) snaccvc.zip: zip file containing SNACC ASN.1 Compiler and
> Library source
> code that has been enhanced by VDA to implement DER.  MS Windows NT/95
> project files are included for the SNACC code, MIME++ and Crypto++.  Note
> that the Crypto++ and MIME++ libraries are not included.  See
> (http://www.eskimo.com/~weidai/cryptlib.html) and
> (http://hunnysoft.com/mimepp/) for these two libraries.
>
> The following SFL files are export controlled and are available at the
> Fortezza Developer's S/MIME Page:
>
> 1) smimeR03.tar.Z:  Compressed tar file containing all SFL source code
> including: SFL Hi-Level source code; VDA-enhanced SNACC-generated ASN.1
> source code; SFL Crypto++ CTIL source code; SFL BSAFE CTIL source code;
> makefiles.  This file also contains test driver source code,
> sample CMS test
> data and test X.509 Certificates.  This file also includes test
> utilities to
> create X.509 Certificates that each include a D-H, DSA or RSA
> public key.
>
> 2) smimeR03.zip:  Zip file containing all SFL source code including: SFL
> Hi-Level source code; VDA-enhanced SNACC-generated ASN.1 source code; SFL
> Crypto++ CTIL source code; SFL BSAFE CTIL source code; project
> files.  This
> file also contains test driver source code, sample CMS test data and test
> X.509 Certificates.  This file also includes test utilities to
> create X.509
> Certificates that each include a D-H, DSA or RSA public key.
> SNACC release
> and debug libraries compiled for MS Windows NT/95.
>
>
> Instructions for applying for an account on the Fortezza
> Developer's S/MIME
> Page are available from that page.  An account is required to download the
> SFL files from the Fortezza Developer's S/MIME Page due to U.S. export
> restrictions.  See the U.S. Bureau of Export Administration's Commercial
> Encryption Export Controls web site at http://www.bxa.doc.gov/encstart.htm
> for more information regarding the U.S. export restrictions.
>
> All source code for the SFL is being provided at no cost and with no
> financial limitations regarding its use and distribution.
> Organizations can
> use the SFL without paying any royalties or licensing fees.  VDA is
> developing the SFL under contract to the U.S. Government.  The U.S.
> Government is furnishing the SFL software at no cost to the vendor subject
> to the conditions of the "SFL Public License" available from the VDA SFL
> Page and Fortezza Developer's S/MIME Page.
>
> The SFL is composed of a high-level library that performs generic CMS and
> ESS processing independent of the crypto algorithms used to protect a
> specific object.  The SFL high-level library makes calls to an
> algorithm-independent Crypto Token Interface API.  The
> underlying, external
> crypto token libraries are not distributed as part of the SFL source code.
> The application developer must independently obtain these
> libraries and then
> link them with the SFL.  For example, the SFL uses the freeware Crypto++
> library to provide 3DES, D-H and DSA.  To use the SFL with Crypto++ the
> vendor must download the Crypto++ freeware library from the Crypto++ Web
> Page and then compile it with the SFL source code.
>
> The SFL software is developed to maximize portability to 32-bit operating
> systems.  In the future, support may be added for the following operating
> systems: Macintosh, HP/UX 9.x/10.x, IBM AIX 3.2, Sun Solaris 2.6
> and SCO ODT
> 3.0/5.0.
>
> The IMC has established an SFL mail list which is used to: distribute
> information regarding SFL releases; discuss SFL-related issues;
> and provide
> a means for SFL users to provide feedback, comments, bug reports, etc.
> Subscription information for the imc-sfl mailing list is at the
> IMC web site
> listed above.
>
> All comments regarding the SFL software and documents are welcome.  We
> recommend that comments should be sent to the imc-sfl mail list.  We will
> respond to all messages on that list.
>
> ================================
> John Pawling, jsp@xxxxxxxxxxxxx
> J.G. Van Dyke & Associates, Inc.
> www.jgvandyke.com
> ================================
>
>