1 / 10

S/MIME Freeware Library

S/MIME Freeware Library. IETF S/MIME WG 13 December 2000 John.Pawling@GetronicsGov.com Getronics Government Solutions. Getronics Freeware Security Libraries. S/MIME Freeware Library Implements CMS/ESS security protocol

goldy
Download Presentation

S/MIME Freeware Library

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. S/MIME Freeware Library IETF S/MIME WG 13 December 2000 John.Pawling@GetronicsGov.com Getronics Government Solutions

  2. Getronics Freeware Security Libraries • S/MIME Freeware Library • Implements CMS/ESS security protocol • Provides ESS features: security labels, signed receipts, secure mail list info, signing certificate • Certificate Management Library • Validates X.509 v3 certification paths and CRLs • Provides local cert/CRL storage functions • Provides remote directory retrieval via LDAP • Access Control Library • Provides Rule Based Access Control using security labels and authorizations conveyed in either X.509 Attribute or public key certificates • Enhanced SNACC ASN.1 library provides DER

  3. Getronics Freeware Architecture Application (email, web browser/server, file encrypter, etc) Certificate Management Library S/MIME Freeware Library Access Control Library Other Protocols CygnaCom Certificate Path Development Library Crypto Token Interface Libraries Enhanced SNACC ASN.1 Library

  4. Getronics Freeware Availability • For all Getronics freeware libraries, unencumbered source code is freely available to all from <http://www.GetronicsGov.com/>. • Getronics freeware can be used as part of applications without paying any royalties or licensing fees. • There is a public license associated with each Getronics freeware library.

  5. S/MIME Freeware Library • SFL is freeware implementation of IETF S/MIME v3 RFC 2630 CMS & RFC 2634 ESS. • When used with Crypto++ library, SFL implements RFC 2631 D-H Key Agreement Method (E-S). • SFL supports use of RFC 2632 (Certificate Handling) and RFC 2633 (Message Specification). • Goal: Provide reference implementation of RFCs 2630 & 2634 to encourage acceptance as Internet Standards. • Protects any type of data (not just MIME). • SFL maximizes crypto algorithm independence. • SFL successfully used by many vendors.

  6. SFL Architecture CTIL forBSAFE CTIL forCrypto++ CTIL for PKCS #11 CTIL for SPEX/ CTIL for Fortezza RSA BSAFE Library Crypto++Freeware Library Fortezza CI Library SPYRUS SPEX/ II Library Various PKCS #11 Libraries Fortezza Card/SWF Various Tokens Various Tokens SFL High Level Library Enhanced SNACCASN.1Library CTIL: Crypto Token Interface Library Note: Third parties are welcome to develop other CTILs.

  7. SFL Interoperability Testing • SFL exchanges signed & encrypted msgs with S/MIME v2 products. • SFL S/MIME v3 interop testing includes majority of RFC 2630, 2631, 2634 features; some RFC 2632, 2633 features. • SFL produces and processes majority of "Examples of S/MIME Messages". SFL-generated data included in Examples-05 I-D such as: signed receipts, countersignatures, security labels, equivalent labels, mail list information, signing certificate attribute. • SFL produces and processes majority of features in Jim Schaad’s S/MIME v3 interop test matrix.

  8. SFL Interop Testing (cont’d) • S/MIME v3 interop testing between SFL & Microsoft (Windows 2000) included majority of CMS/ESS features using mandatory, RSA and Fortezza algorithms. Tested signed receipts, security labels, mail list information. • Some S/MIME V3 CMS/ESS testing with Baltimore and Entrust has been performed. More is planned. • Test drivers (source code) and test data available in SFL release or separately upon request.

  9. SFL Update • SEP 00: v1.8 SFL included: • Tested RedHat Linux, Windows NT/98/00, Solaris 2.7 • PKCS #12 process/create capabilities (OpenSSL) • Complete PKCS #11 CTIL • JAN 01: v1.9 SFL will include: • Improved PKCS #11 CTIL (tested with GemPlus, DataKey, Litronic PKCS #11 libraries) • Advanced Encryption Standard (AES) content encryption (aes-alg-00) and key wrap (128, 192, 256 bit keys; based on CMS 3DES key wrap algorithm) • Enhanced SNACC performance/memory usage • Bug fixes (ex: corrected D-H OID)

  10. IMC Mail Lists • Internet Mail Consortium (IMC) has established SFL, CML and Enhanced SNACC mail lists used to: • distribute information regarding releases; • discuss technical issues; and • provide feedback/bug reports/questions. • Subscription information for mail lists available at: <http://www.imc.org/imc-sfl> <http://www.imc.org/imc-cml> <http://www.imc.org/imc-snacc> • Please DO NOT send SFL/CML/Enhanced SNACC messages to IETF mail lists.

More Related