VDA Security Services Freeware Libraries Update IETF S MIME

Зарегистрируйтесь, чтобы просмотреть полный документ!

VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling john. pawling@wang. com J. G. Van Dyke & Associates (VDA), Inc; a Wang Government Services Company

Major Points of Briefing • On 14 January 2000, the U. S. Department of Commerce published revisions to the Export Administration Regulations that changed the U. S. Government's encryption export policy. In accordance with these revised regulations, the S/MIME Freeware Library (SFL) source code files are now freely available to everyone at: http: //www. armadillo. huntsville. al. us/software/smime. • Unencumbered source code is freely available for all software discussed in this briefing. Organizations can use the software as part of their applications without paying any royalties or licensing fees. There is a public license associated with each library. • S/MIME v 3 interoperability testing.

VDA Security Services Freeware Libraries • Certificate Management Library (now available) • Validates X. 509 v 3 certification paths and CRLs • Provides local cert/CRL storage functions • Provides remote directory retrieval via LDAP • http: //www. armadillo. huntsville. al. us/software. • S/MIME Freeware Library (now available) • Implements CMS/ESS security heading • Implements optional features such as: security label, signed receipts, secure mail list support. • Access Control Library (available later in 2000) • Will provide Rule Based Access Control using security labels & authorizations conveyed in either X. 509 Attribute or Public Key Certificates • VDA-enhanced SNACC ASN. 1 library provides DER.

VDA Security Services Modular Architecture Application (email, web browser/server, file encrypter, etc) Certificate Management Library Cygnacom Certificate Path Development Library Crypto Token Interface Libraries S/MIME Freeware Library Access Control Library (future) SNACC ASN. 1 Library

S/MIME Freeware Library • SFL is a freeware implementation of IETF S/MIME v 3 RFC 2630 CMS & RFC 2634 ESS. • When used with Crypto++ library, SFL implements RFC 2631 D -H Key Agreement Method (E-S). • SFL supports the use of RFC 2632 (Certificate Handling) and RFC 2633 (Message Specification). • Goal: To provide reference implementation of RFCs 2630 & 2634 to encourage acceptance as Internet Standards. • Protects any type of data (not just MIME). • Designed to be crypto algorithm independent. SFL can be used with a variety of external crypto libraries that provide a variety of crypto algorithms.

SFL Architecture SFL High Level Library SNACC ASN. 1 Library CTIL for BSAFE CTIL for Fortezza CTIL for SPEX/ CTIL for PKCS #11 CTIL for Crypto++ BSAFE Library Fortezza CI Library SPYRUS SPEX/ Library Various PKCS #11 Libraries Crypto++ Library Fortezza Card/SWF Various Tokens CTIL: Crypto Token Interface Library Note: Third parties are welcome to develop other CTILs.

SFL Interoperability Testing • SFL S/MIME v 2 interop testing: SFL used to exchange signed. Data and enveloped. Data messages with Microsoft Internet Explorer Outlook Express v 4. 01 and Netscape Communicator 4. X. Signed. Data messages also exchanged with RSA S/MAIL, World. Talk, Entrust S/MIME v 2 products. • SFL S/MIME v 3 interop testing (see later slides): Tested the majority of features in RFCs 2630 (CMS), 2631 (D-H) and 2634 (ESS) as well as some of the features in RFC 2632 (Cert) and 2633 (Msg). The SFL does not support every S/MIME v 3 optional feature and does not build/process MIME headers. • Limited S/MIME V 3 CMS/ESS testing with Baltimore & Entrust has been performed. More interop testing with Entrust will occur under Bridge Certification Authority project.

SFL “Examples” Interop Testing • Used SFL to successfully process and produce the majority of features documented in "Examples of S/MIME Messages". • We had problems using some of the example key material, so alternate key material was used for some tests. • We will send test results to “examples” mail list today. • Complete test drivers and test data will be available in next SFL release or is available now separately upon request. • In April 2000, we will provide specific recommendations for adding sample data such as signed receipts and countersignatures to the Examples document. Note: SFL can verify its own countersignatures, but no successful interop testing yet performed.

SFL-Microsoft Interop Testing • S/MIME v 3 interop testing between SFL & Microsoft successfully tested almost all signed. Data & enveloped. Data features using mandatory, RSA and Fortezza algorithm suites. For example, SFL (using Crypto++) exchanged E-S D-H-protected enveloped. Data. • Almost all ESS features tested. Successful signed receipt interop testing. Triple-wrap testing not done, but SFL supports.

SFL “Matrix” Interop Testing • Microsoft created a matrix to be used to document S/MIME v 3 interop testing. The matrix is more detailed than "Examples of S/MIME Messages" document. Test data that we will provide for inclusion in Examples document will exercise all matrix features. • We verified that the SFL can produce and process the majority of the features documented in the matrix. • We will send matrix to which we added the SFL test results to the “examples” mail list today. We also added correlations between “Examples” document and matrix rows. • We developed sample objects that illustrate each feature in the matrix that the SFL supports. Complete test drivers and test data will be available in next SFL release or is available now separately upon request.

SFL Test Driver Future Testing • SFL interop testing is automated through use of test drivers and configuration files so it can be easily repeated and modified by VDA or independently by a third party. • A third party could enhance the test drivers or incorporate them in an application such as an S/MIME interoperability testing auto-responder which organizations could use to test their S/MIME implementations.

IMC Mail Lists • The Internet Mail Consortium (IMC) has established separate SFL and CML mail lists used to: – distribute information regarding releases; – discuss technical issues; and – provide a means for SFL users to provide feedback, comments, bug reports, etc. • Subscription information for the imc-sfl mailing list is at IMC SFL web page: http: //www. imc. org/imc-sfl • Subscription information for imc-cml mailing list is at IMC CML web page: http: //www. imc. org/imc-cml • PLEASE DO NOT SEND SFL OR CML RELATED MESSAGES TO IETF S/MIME OR PKIX WG MAIL LISTS.

Скачать презентацию VDA Security Services Freeware Libraries Update IETF S MIME

1ba464910573dfc597e32ec1527f54aa.ppt

Количество слайдов: 12