1 / 12

VDA Security Services Freeware Libraries Update

VDA Security Services Freeware Libraries Update. IETF S/MIME WG 29 March 2000 John Pawling john.pawling@wang.com J.G. Van Dyke & Associates (VDA), Inc; a Wang Government Services Company. Major Points of Briefing.

malo
Download Presentation

VDA Security Services Freeware Libraries Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VDA Security ServicesFreeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling john.pawling@wang.com J.G. Van Dyke & Associates (VDA), Inc; a Wang Government Services Company

  2. Major Points of Briefing • On 14 January 2000, the U.S. Department of Commerce published revisions to the Export Administration Regulations that changed the U.S. Government's encryption export policy. In accordance with these revised regulations, the S/MIME Freeware Library (SFL) source code files are now freely available to everyone at: http://www.armadillo.huntsville.al.us/software/smime. • Unencumbered source code is freely available for all software discussed in this briefing. Organizations can use the software as part of their applications without paying any royalties or licensing fees. There is a public license associated with each library. • S/MIME v3 interoperability testing.

  3. VDA Security Services Freeware Libraries • Certificate Management Library (now available) • Validates X.509 v3 certification paths and CRLs • Provides local cert/CRL storage functions • Provides remote directory retrieval via LDAP • http://www.armadillo.huntsville.al.us/software. • S/MIME Freeware Library (now available) • Implements CMS/ESS security heading • Implements optional features such as: security label, signed receipts, secure mail list support. • Access Control Library (available later in 2000) • Will provide Rule Based Access Control using security labels & authorizations conveyed in either X.509 Attribute or Public Key Certificates • VDA-enhanced SNACC ASN.1 library provides DER.

  4. VDA Security Services Modular Architecture Application (email, web browser/server, file encrypter, etc) Access Control Library (future) Certificate Management Library S/MIME Freeware Library Cygnacom Certificate Path Development Library Crypto Token Interface Libraries SNACC ASN.1 Library

  5. S/MIME Freeware Library • SFL is a freeware implementation of IETF S/MIME v3 RFC 2630 CMS & RFC 2634 ESS. • When used with Crypto++ library, SFL implements RFC 2631 D-H Key Agreement Method (E-S). • SFL supports the use of RFC 2632 (Certificate Handling) and RFC 2633 (Message Specification). • Goal: To provide reference implementation of RFCs 2630 & 2634 to encourage acceptance as Internet Standards. • Protects any type of data (not just MIME). • Designed to be crypto algorithm independent. SFL can be used with a variety of external crypto libraries that provide a variety of crypto algorithms.

  6. SFL Architecture CTIL forBSAFE CTIL forCrypto++ CTIL for PKCS #11 CTIL for SPEX/ CTIL for Fortezza BSAFELibrary Crypto++Library Fortezza CI Library SPYRUS SPEX/ Library Various PKCS #11 Libraries Fortezza Card/SWF Various Tokens Various Tokens SFL High Level Library SNACCASN.1Library CTIL: Crypto Token Interface Library Note: Third parties are welcome to develop other CTILs.

  7. SFL Interoperability Testing • SFL S/MIME v2 interop testing: SFL used to exchange signedData and envelopedData messages with Microsoft Internet Explorer Outlook Express v4.01 and Netscape Communicator 4.X. SignedData messages also exchanged with RSA S/MAIL, WorldTalk, Entrust S/MIME v2 products. • SFL S/MIME v3 interop testing (see later slides): Tested the majority of features in RFCs 2630 (CMS), 2631 (D-H) and 2634 (ESS) as well as some of the features in RFC 2632 (Cert) and 2633 (Msg). The SFL does not support every S/MIME v3 optional feature and does not build/process MIME headers. • Limited S/MIME V3 CMS/ESS testing with Baltimore & Entrust has been performed. More interop testing with Entrust will occur under Bridge Certification Authority project.

  8. SFL “Examples” Interop Testing • Used SFL to successfully process and produce the majority of features documented in "Examples of S/MIME Messages". • We had problems using some of the example key material, so alternate key material was used for some tests. • We will send test results to “examples” mail list today. • Complete test drivers and test data will be available in next SFL release or is available now separately upon request. • In April 2000, we will provide specific recommendations for adding sample data such as signed receipts and countersignatures to the Examples document. Note: SFL can verify its own countersignatures, but no successful interop testing yet performed.

  9. SFL-Microsoft Interop Testing • S/MIME v3 interop testing between SFL & Microsoft successfully tested almost all signedData & envelopedData features using mandatory, RSA and Fortezza algorithm suites. For example, SFL (using Crypto++) exchanged E-S D-H-protected envelopedData. • Almost all ESS features tested. Successful signed receipt interop testing. Triple-wrap testing not done, but SFL supports.

  10. SFL “Matrix” Interop Testing • Microsoft created a matrix to be used to document S/MIME v3 interop testing. The matrix is more detailed than "Examples of S/MIME Messages" document. Test data that we will provide for inclusion in Examples document will exercise all matrix features. • We verified that the SFL can produce and process the majority of the features documented in the matrix. • We will send matrix to which we added the SFL test results to the “examples” mail list today. We also added correlations between “Examples” document and matrix rows. • We developed sample objects that illustrate each feature in the matrix that the SFL supports. Complete test drivers and test data will be available in next SFL release or is available now separately upon request.

  11. SFL Test Driver Future Testing • SFL interop testing is automated through use of test drivers and configuration files so it can be easily repeated and modified by VDA or independently by a third party. • A third party could enhance the test drivers or incorporate them in an application such as an S/MIME interoperability testing auto-responder which organizations could use to test their S/MIME implementations.

  12. IMC Mail Lists • The Internet Mail Consortium (IMC) has established separate SFL and CML mail lists used to: • distribute information regarding releases; • discuss technical issues; and • provide a means for SFL users to provide feedback, comments, bug reports, etc. • Subscription information for the imc-sfl mailing list is at IMC SFL web page: http://www.imc.org/imc-sfl • Subscription information for imc-cml mailing list is at IMC CML web page: http://www.imc.org/imc-cml • PLEASE DO NOT SEND SFL OR CML RELATED MESSAGES TO IETF S/MIME OR PKIX WG MAIL LISTS.

More Related