S/MIME Freeware Library IETF S/MIME WG 13 December 2000 Getronics Government Solutions.

Slides:

Advertisements

Similar presentations

© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.

Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

1 PK-Enabling Toolkits August 27, CSOS Interfaces STATUS CHECKING Network Interface: HTTP Port 80 PKI Interface: PKCS 10 Request PKCS 7 Response.

Certificate Authorities - Commercial Options Robert Brentrup Educause/Dartmouth PKI Summit July 26, 2005.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Secure Teleradiology Nick Collett Brookside Consulting

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

Public Key Infrastructure from the Most Trusted Name in e-Security.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

PKI Processing with OpenSSL Rodney Thayer

VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.

Electronic Mail Security

Masud Hasan Secue VS Hushmail Project 2.

Secure Socket Layer (SSL)

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.

Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Unit 1: Protection and Security for Grid Computing Part 2

Certificate revocation list

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Communications-Electronics Security Group. PKI interoperability issues for UK Government Richard Lampard

December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.

X.509 Certificate Support In The .NET Framework

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

OpenEvidence and ESS Peter Sylvester, EdelWeb IETF - N° 57, Wien S/MIME working group.

Michael Myers VeriSign, Inc.

Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

1 Lecture 19: PEM and S/MIME history PEM –establishing keys –public key hierarchy –message structure –message headers –encryption and integrity protection.

SECURITY – Chapter 15 SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Interoperability Testing for RFCs 3279 and 3280 Tim Polk

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

S/MIME (Secure/Multipurpose Internet Mail Extensions) security enhancement to MIME – original Internet RFC822 was text only – MIME provided.

Peter Gutmann A PKCS #11 Test Suite Peter Gutmann

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

CCSDS Security/DTN Status 11/6/2015 DENNIS IANNICCA CCSDS GRC CHARLES SHEEHE CCSDS GRC POC 1.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

S/MIME Working Group Status Russ Housley November 2002 PLEASE SIGN THE BLUE SHEET.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

DirectProject Reference Implementation 5.0 Greg Director, Distinguished Engineer, Cerner Corp.

Authenticated Identity

Cryptography and Network Security

e-Health Platform End 2 End encryption

S/MIME Working Group Agenda and Status

Security Services for

(free certificate not available)

Public Key Infrastructure from the Most Trusted Name in e-Security

Presentation transcript:

S/MIME Freeware Library IETF S/MIME WG 13 December 2000 Getronics Government Solutions

Getronics Freeware Security Libraries S/MIME Freeware Library Implements CMS/ESS security protocol Provides ESS features: security labels, signed receipts, secure mail list info, signing certificate Certificate Management Library Validates X.509 v3 certification paths and CRLs Provides local cert/CRL storage functions Provides remote directory retrieval via LDAP Access Control Library Provides Rule Based Access Control using security labels and authorizations conveyed in either X.509 Attribute or public key certificates Enhanced SNACC ASN.1 library provides DER

Getronics Freeware Architecture CygnaCom Certificate Path Development Library S/MIME Freeware Library Application ( , web browser/server, file encrypter, etc) Access Control Library Enhanced SNACC ASN.1 Library Crypto Token Interface Libraries Certificate Management Library Other Protocols

Getronics Freeware Availability For all Getronics freeware libraries, unencumbered source code is freely available to all from. Getronics freeware can be used as part of applications without paying any royalties or licensing fees. There is a public license associated with each Getronics freeware library.

S/MIME Freeware Library SFL is freeware implementation of IETF S/MIME v3 RFC 2630 CMS & RFC 2634 ESS. When used with Crypto++ library, SFL implements RFC 2631 D-H Key Agreement Method (E-S). SFL supports use of RFC 2632 (Certificate Handling) and RFC 2633 (Message Specification). Goal: Provide reference implementation of RFCs 2630 & 2634 to encourage acceptance as Internet Standards. Protects any type of data (not just MIME). SFL maximizes crypto algorithm independence. SFL successfully used by many vendors.

SFL High Level Library Enhanced SNACC ASN.1 Library Various PKCS #11 Libraries CTIL for PKCS #11 Various Tokens CTIL for Crypto++ Crypto++ Freeware Library CTIL for BSAFE RSA BSAFE Library CTIL: Crypto Token Interface Library Note: Third parties are welcome to develop other CTILs. SFL Architecture Fortezza CI Library CTIL for Fortezza Fortezza Card/SWF SPYRUS SPEX/ II Library CTIL for SPEX/ Various Tokens

SFL Interoperability Testing SFL exchanges signed & encrypted msgs with S/MIME v2 products. SFL S/MIME v3 interop testing includes majority of RFC 2630, 2631, 2634 features; some RFC 2632, 2633 features. SFL produces and processes majority of "Examples of S/MIME Messages". SFL-generated data included in Examples-05 I-D such as: signed receipts, countersignatures, security labels, equivalent labels, mail list information, signing certificate attribute. SFL produces and processes majority of features in Jim Schaad’s S/MIME v3 interop test matrix.

SFL Interop Testing (cont’d) S/MIME v3 interop testing between SFL & Microsoft (Windows 2000) included majority of CMS/ESS features using mandatory, RSA and Fortezza algorithms. Tested signed receipts, security labels, mail list information. Some S/MIME V3 CMS/ESS testing with Baltimore and Entrust has been performed. More is planned. Test drivers (source code) and test data available in SFL release or separately upon request.

SFL Update SEP 00: v1.8 SFL included: –Tested RedHat Linux, Windows NT/98/00, Solaris 2.7 –PKCS #12 process/create capabilities (OpenSSL) –Complete PKCS #11 CTIL JAN 01: v1.9 SFL will include: –Improved PKCS #11 CTIL (tested with GemPlus, DataKey, Litronic PKCS #11 libraries) –Advanced Encryption Standard (AES) content encryption (aes-alg-00) and key wrap (128, 192, 256 bit keys; based on CMS 3DES key wrap algorithm) –Enhanced SNACC performance/memory usage –Bug fixes (ex: corrected D-H OID)

IMC Mail Lists Internet Mail Consortium (IMC) has established SFL, CML and Enhanced SNACC mail lists used to: –distribute information regarding releases; –discuss technical issues; and –provide feedback/bug reports/questions. Subscription information for mail lists available at: Please DO NOT send SFL/CML/Enhanced SNACC messages to IETF mail lists.