S/MIME IDEA Draft

I have just been made aware that the IDEA encryption algorithm has been 
posted on the "IETF Page of Intellectual Property Rights Notices" web site:
	http://www.ietf.org/ietf/IPR/ASCOM-IDEA

Also, Stephan tells me that a new Internet-Draft will be posted in the next 
few days.  Once it is posted, I will be calling for Working Group Last Call 
on this document.

By the way, I have asked the authors to change the title.  The new title 
will be:
	Use of the IDEA Encryption Algorithm in CMS

Russ

Delete

Final 29 March 2000 S/MIME WG Minutes

This message includes the minutes of the IETF S/MIME Working Group
meeting held on 29 March 2000 in Adelaide, Australia.  All briefing
slides will be stored at: ftp://ftp.ietf.org/ietf/smime/.  These
minutes include comments from the briefing presenters.  
Reported by John Pawling.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Introductions - Russ Housley

Russ reviewed the agenda as follows.  Nobody objected to the agenda.

Introductions				Russ Housley
Working Group Status			Russ Housley
Security Policies and Labels		Russ Housley
CERTDIST Draft Discussion 		Jim Schaad
Symmetric Key Distribution		Sean Turner
DOMSEC Draft Discussion 		Bill Ottaway
Interoperability Matrix 		Jim Schaad
CMS/ESS Examples				Paul Hoffman
Crypto Algorithm Documents		Russ Housley
E-mail Addresses & Certificates	Greg Colla
S/MIME Freeware Library			John Pawling
Electronic Signature Formats		John Ross
Wrap up					Russ Housley

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

S/MIME Working Group Status - Russ Housley

I-D ACTION:draft-ietf-smime-cmskea-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working Group of the IETF.

	Title		: Use of the KEA and SKIPJACK Algorithms in CMS	 
        Author(s)	: J. Pawling
	Filename	: draft-ietf-smime-cmskea-05.txt
	Pages		: 10
	Date		: 08-May-00
	
This document describes the conventions for using the Key Exchange 
Algorithm (KEA) and SKIPJACK encryption algorithm in conjunction with the Cryptographic Message Syntax
[CMS] enveloped-data and encrypted-data 
content types.
This draft is being discussed on the 'ietf-smime' mailing list.  To 
subscribe, send a message to ietf-smime-request <at> imc.org with the single 
word 'subscribe' in the body of the message. There is a Web site for 
the mailing list at <http://www.imc.org/ietf-smime/>.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-cmskea-05.txt

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-smime-cmskea-05.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

CFP: ISOC Netw & Distr Sys Security Symp (NDSS'01)

            C  A  L  L       F  O  R       P  A  P  E  R  S

                          The Internet Society
         2001 Network and Distributed System Security Symposium
                               (NDSS'01)

                           February 7-9, 2001

                Catamaran Resort, San Diego, California

                            IMPORTANT DATES
          Paper Submission due:           August 2, 2000
          Author Notification:            September 27, 2000
          Camera-ready final papers due:  October 31, 2000

GOAL: 
  This symposium will foster information exchange among researchers 
  and practioners of network and distributed system security 
  services.  The intended audience includes those who are interested 
  in the practical aspects of network and distributed system security,
  focusing on actual system design and implementation, rather than
  theory.  A major goal of the symposium is to encourage and enable 
  the Internet community to apply, deploy, and advance the state of
  available security technology.  The proceedings of the symposium 
  will be published by the Internet Society.

Submissions are solicited for, but are not limited to, the following
topics:
 * Secure Electronic Commerce: e.g., payment, barter, EDI,

RE: S/MIME IDEA Draft

Russ,

The note frees only the non commercial use of this algorithm. I believe most of the implementations of
S/MIMEv3 will be commercial products or systems for commercial use so this note does not relate to them. Is
it so?

Raviv Karnieli - CTO
Vanguard Security Technologies Ltd.
Tel. +972-4-989-1311       Fax +972-4-989-1322
www.vguard.com             raviv <at> vguard.com

This message left my computer secured since I’m using 
MAILguardian Enterprise the first true end to end enterprise e-mail security solution that is policy
based, centrally managed and totally transparent to the end users.

You can get your own free evaluation copy of MAILguardian 
at http://www.vguard.com/prod.asp

-----Original Message-----
From: Russ Housley [mailto:housley <at> spyrus.com]
Sent: Monday, May 08, 2000 3:37 PM
To: ietf-smime <at> imc.org
Subject: S/MIME IDEA Draft


I have just been made aware that the IDEA encryption algorithm has been 
posted on the "IETF Page of Intellectual Property Rights Notices" web site:
	http://www.ietf.org/ietf/IPR/ASCOM-IDEA


Also, Stephan tells me that a new Internet-Draft will be posted in the next 
few days.  Once it is posted, I will be calling for Working Group Last Call 

Instant On-Line Credit Reports

Do you need fast accurate information to assist you when appraising
potential customers, and suppliers?

The UK Data internet website www.ukdata.com contains 28 million pages of
data with full information on every UK company!

Credit Reports-Director Searches-Accounts-Annual Returns

All of these products and many more are available to you immediately, and
can be downloaded to and printed from your personal computer.

Free samples of all reports are available at www.ukdata.com.

Please also visit www.formacompany.co.uk the on-line company formation
website

Thank You

Charles Fletcher
www.ukdata.com an instant report on every UK business
www.formacompany.co.uk the on-line company formation site
www.irishdata.ie - instant reports on all Irish companies

Does Smime works fine with Windows 2000 PKI

Hi everybody,

Just a question :

Is there any known issues using S/MIME with Win2000PKI-certificates ?
More generally, are Win2000 certificates usable with (and understood by ) the others mailers (especially
Lotus Notes, Netscape, Eudora +plug-in?)

Isn't Baltimore Unicert a "better choice" due to its greater compatibility ?

Any advices are welcome.

Regards,

Laurent Deffranne

RE: Does Smime works fine with Windows 2000 PKI

Laurent;

Yes, certs issued from a W2K CA can be used for S/MIME, and no less so than
certs issued from Baltimore, Iplanet or any other CA vendor or product.  The
main issue is not will they work, but will you be able to validate the
certs.  Unless the person issuing the cert from W2K has provided you with
their server's cert, or they have certified their CA with the signature of
the publicly known CAs you will not be able to easily verify the signature
to its source.  This is not the most technically acurate way of saying this
but I'm not awake yet.  Baltimore has preregistered there CA with the
vendors distributing products, as has Verisign, Thaught, and many others.
Just make certain that you have the certificates for the W2K CA, and access
to its revocation list so you can validate properly and you'll be fine.

Walt Williams
TSD-Systems
Senior IT Analyst
Genuity
www.genuity.com

Please note: GTE Internetworking is now Genuity.

> -----Original Message-----
> From: owner-ietf-smime <at> mail.imc.org
> [mailto:owner-ietf-smime <at> mail.imc.org]On Behalf Of Laurent Deffranne
> Sent: Thursday, May 11, 2000 5:45 AM
> To: ietf-smime
> Subject: Does Smime works fine with Windows 2000 PKI
>
>

RE: Does Smime works fine with Windows 2000 PKI

Let me take the points one at a time and inline:

> -----Original Message-----
> From: Laurent Deffranne [mailto:Laurent.Deffranne <at> dexia.be]
> Sent: Thursday, May 11, 2000 9:19 AM
> To: walter.williams
> Cc: ietf-smime
> Subject: RE: Does Smime works fine with Windows 2000 PKI
>
>
> Walt,
>
> Do you mean that there are difficulties to access through LDAP an
> Active Directory, as you want to read or use X509 certificates ?
>

No.  However, are you going to open your active directory to anonymous LDAP
queries over the Internet?  If not, are you limiting S/MIME to internal use
only?  If not then you are somewhat back to square one.

> By the way,does somebody know issues about Active Directory LDAP,
> or issues to read a certificate in an Active Directory ?

This worked just fine for us here, but the problem we had with AD was that
it does not support inetOrgPerson, and thus can't easily be synched up with
most external LDAP directories.  You'll find you'll want a metadirectory
connector to synch it with any external directory.  Again, this is not an
issue if you're willing to directly expose AD to internet use.
>
> For me it would be a mistake to use now the "brand new" Active