VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;

Slides:

Advertisements

Similar presentations

Installation & User Guide

Advertisements

© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

SSL Implementation Guide Onno W. Purbo

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Lecture 23 Internet Authentication Applications

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Licensing Division Reengineering Project Requirements Workshop Copyright Owners 1/26/2011.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

1 Electronic Filing System United States Patent and Trademark Office.

Public Key Infrastructure from the Most Trusted Name in e-Security.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

E.halFILE 2.2 New Application Features Session II.

Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.

S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Masud Hasan Secue VS Hushmail Project 2.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

S/MIME Freeware Library IETF S/MIME WG 13 December 2000 Getronics Government Solutions.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.

Module 9 Configuring Messaging Policy and Compliance.

Module 6 Planning and Deploying Messaging Security.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.

Communications-Electronics Security Group. PKI interoperability issues for UK Government Richard Lampard

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Module 9 Configuring Messaging Policy and Compliance.

OpenEvidence and ESS Peter Sylvester, EdelWeb IETF - N° 57, Wien S/MIME working group.

Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.

The OpenPGP Standard Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

1 Lecture 19: PEM and S/MIME history PEM –establishing keys –public key hierarchy –message structure –message headers –encryption and integrity protection.

Stroeder.COM TF-LSD Meeting S/MIME Certificate Collector  Motivation  Proposed Solution  Discussion.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Some Technical Issues in PKI Deployment David Chadwick

CCSDS Security/DTN Status 11/6/2015 DENNIS IANNICCA CCSDS GRC CHARLES SHEEHE CCSDS GRC POC 1.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

ECC Design Team: Initial Report Brian Minard, Tolga Acar, Tim Polk November 8, 2006.

S/MIME Working Group Status Russ Housley November 2002 PLEASE SIGN THE BLUE SHEET.

Virtual Directory Services and Directory Synchronization May 13 th, 2008 Bill Claycomb Computer Systems Analyst Infrastructure Computing Systems Department.

Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden

Cryptography and Network Security

e-Health Platform End 2 End encryption

Security Services for

Andy Taylor Partner Program, RPost

S/MIME T ANANDHAN.

(free certificate not available)

Public Key Infrastructure from the Most Trusted Name in e-Security

RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant

PerformanceBridge Application Suite and Practice 2.0 IT Specifications

Presentation transcript:

VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc; a Wang Government Services Company

Major Points of Briefing On 14 January 2000, the U.S. Department of Commerce published revisions to the Export Administration Regulations that changed the U.S. Government's encryption export policy. In accordance with these revised regulations, the S/MIME Freeware Library (SFL) source code files are now freely available to everyone at: Unencumbered source code is freely available for all software discussed in this briefing. Organizations can use the software as part of their applications without paying any royalties or licensing fees. There is a public license associated with each library. S/MIME v3 interoperability testing.

VDA Security Services Freeware Libraries Certificate Management Library (now available) Validates X.509 v3 certification paths and CRLs Provides local cert/CRL storage functions Provides remote directory retrieval via LDAP S/MIME Freeware Library (now available) Implements CMS/ESS security heading Implements optional features such as: security label, signed receipts, secure mail list support. Access Control Library (available later in 2000) Will provide Rule Based Access Control using security labels & authorizations conveyed in either X.509 Attribute or Public Key Certificates VDA-enhanced SNACC ASN.1 library provides DER.

VDA Security Services Modular Architecture Cygnacom Certificate Path Development Library S/MIME Freeware Library Application ( , web browser/server, file encrypter, etc) Access Control Library (future) SNACC ASN.1 Library Crypto Token Interface Libraries Certificate Management Library

S/MIME Freeware Library SFL is a freeware implementation of IETF S/MIME v3 RFC 2630 CMS & RFC 2634 ESS. When used with Crypto++ library, SFL implements RFC 2631 D-H Key Agreement Method (E-S). SFL supports the use of RFC 2632 (Certificate Handling) and RFC 2633 (Message Specification). Goal: To provide reference implementation of RFCs 2630 & 2634 to encourage acceptance as Internet Standards. Protects any type of data (not just MIME). Designed to be crypto algorithm independent. SFL can be used with a variety of external crypto libraries that provide a variety of crypto algorithms.

SFL High Level Library SNACC ASN.1 Library Various PKCS #11 Libraries CTIL for PKCS #11 Various Tokens CTIL for Crypto++ Crypto++ Library CTIL for BSAFE BSAFE Library CTIL: Crypto Token Interface Library Note: Third parties are welcome to develop other CTILs. SFL Architecture Fortezza CI Library CTIL for Fortezza Fortezza Card/SWF SPYRUS SPEX/ Library CTIL for SPEX/ Various Tokens

SFL Interoperability Testing SFL S/MIME v2 interop testing: SFL used to exchange signedData and envelopedData messages with Microsoft Internet Explorer Outlook Express v4.01 and Netscape Communicator 4.X. SignedData messages also exchanged with RSA S/MAIL, WorldTalk, Entrust S/MIME v2 products. SFL S/MIME v3 interop testing (see later slides): Tested the majority of features in RFCs 2630 (CMS), 2631 (D-H) and 2634 (ESS) as well as some of the features in RFC 2632 (Cert) and 2633 (Msg). The SFL does not support every S/MIME v3 optional feature and does not build/process MIME headers. Limited S/MIME V3 CMS/ESS testing with Baltimore & Entrust has been performed. More interop testing with Entrust will occur under Bridge Certification Authority project.

SFL “Examples” Interop Testing Used SFL to successfully process and produce the majority of features documented in "Examples of S/MIME Messages". We had problems using some of the example key material, so alternate key material was used for some tests. We will send test results to “examples” mail list today. Complete test drivers and test data will be available in next SFL release or is available now separately upon request. In April 2000, we will provide specific recommendations for adding sample data such as signed receipts and countersignatures to the Examples document. Note: SFL can verify its own countersignatures, but no successful interop testing yet performed.

SFL-Microsoft Interop Testing S/MIME v3 interop testing between SFL & Microsoft successfully tested almost all signedData & envelopedData features using mandatory, RSA and Fortezza algorithm suites. For example, SFL (using Crypto++) exchanged E-S D-H-protected envelopedData. Almost all ESS features tested. Successful signed receipt interop testing. Triple-wrap testing not done, but SFL supports.

SFL “Matrix” Interop Testing Microsoft created a matrix to be used to document S/MIME v3 interop testing. The matrix is more detailed than "Examples of S/MIME Messages" document. Test data that we will provide for inclusion in Examples document will exercise all matrix features. We verified that the SFL can produce and process the majority of the features documented in the matrix. We will send matrix to which we added the SFL test results to the “examples” mail list today. We also added correlations between “Examples” document and matrix rows. We developed sample objects that illustrate each feature in the matrix that the SFL supports. Complete test drivers and test data will be available in next SFL release or is available now separately upon request.

SFL Test Driver Future Testing SFL interop testing is automated through use of test drivers and configuration files so it can be easily repeated and modified by VDA or independently by a third party. A third party could enhance the test drivers or incorporate them in an application such as an S/MIME interoperability testing auto-responder which organizations could use to test their S/MIME implementations.

IMC Mail Lists The Internet Mail Consortium (IMC) has established separate SFL and CML mail lists used to: –distribute information regarding releases; –discuss technical issues; and –provide a means for SFL users to provide feedback, comments, bug reports, etc. Subscription information for the imc-sfl mailing list is at IMC SFL web page: Subscription information for imc-cml mailing list is at IMC CML web page: PLEASE DO NOT SEND SFL OR CML RELATED MESSAGES TO IETF S/MIME OR PKIX WG MAIL LISTS.