Beauchamp, Sue
2003-07-08 15:48:01 UTC
Hi,
I have tested all of the Examples-11 of S/MIME Messages that the SFL
supports. All of the tests results were OK and no problems were found.
Sue Beauchamp
***@DigitalNet.com
DigitalNet (formerly Getronics Government Solutions)
-----Original Message-----
From: Paul Hoffman / IMC [mailto:***@imc.org]
Sent: Wednesday, July 02, 2003 11:44 AM
To: ietf-smime-***@imc.org; ietf-***@imc.org
Subject: Status of the examples draft
Hi again. The -11 draft has the following changes:
5.1.bin
5.3.bin
5.4.bin
5.6.bin
5.7.bin
5.10.bin
8.2.bin
11.1.bin
11.2.bin
It would be great if everyone who has tested can re-test with these
new examples.
BTW, I forgot to change the title of 6.3 to say RC2/128, and will do
so in the -12 draft. (Just to be sure, I have already started the -12
draft so I don't space out again...)
I would like to update the chart below for the -11 draft soon so we
can move it to IETF last call.
======================================
Status of the examples in -10
4. Trivial Examples
4.1 ContentInfo with Data type, BER
John Pawling: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
4.2 ContentInfo with Data type, DER
John Pawling: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
5. Signed-data
Jim Schaad pointed out that many examples had the
signatureAlgorithm of 1.2.840.10040.4.1 (dsa) but it should instead
be 1.2.840.10040.4.3 (dsaWithSha1).
The general decision was that the examples should have dsaWithSha1.
John Pawling and Sue Beauchamp at DigitalNet agreed to re-generate
the examples.
5.1 Basic signed content, DSS
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed.
signatureAlgorithm is dsa but should be dsaWithSha1
Holger Ebel: tested OK.
Sue Beauchamp sent new example file.
5.2 Basic signed content, RSA
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
5.3 Basic signed content, detached content
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed.
Contains Alice's RSA certificate
No content hint unsigned attribute
signatureAlgorithm is dsa but should be dsaWithSha1
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
Sue Beauchamp sent new example file.
5.4 Fancier signed content
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
Countersigner is Alice, not Diane
No content hint
Sue Beauchamp sent new example file.
5.5 All RSA signed message
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
5.6 Multiple signers
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed.
signatureAlgorithm is dsa but should be dsaWithSha1
Holger Ebel: tested OK.
Sue Beauchamp sent new example file.
5.7 Signing using SKI
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed.
signatureAlgorithm is dsa but should be dsaWithSha1
Holger Ebel: tested OK.
Sue Beauchamp sent new example file.
5.8 S/MIME multipart/signed message
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Holger Ebel: tested OK except that it has a CRLF prepended.
5.9 S/MIME application/pkcs7-mime signed message
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed because signatureAlgorithm of dsa not dsaWithSha1
Holger Ebel: tested OK except that it has a CRLF prepended.
5.10 SignedData With Attributes
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed.
Change "unknown OID" to "unknown OID (1.2.5555)"
Content Hint should have an OID of 1.2.840.113549.1.7.1
Content Identifier attribute absent
Contains Security Label attribute
Contains encrypt key preference attribute
Contains ML Expansion History attribute
Contains Equivalent Label attribute
Jeff Jacoby: tested OK.
Holger Ebel: failed (not signed by Alice).
5.11 SignedData with Certificates Only
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
6. Enveloped-data
6.1 Basic encrypted content, TripleDES and DH
John Pawling: tested OK.
Holger Ebel: tested OK.
6.2 Basic encrypted content, TripleDES and RSA
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
6.3 Basic encrypted content, RC2/40 and RSA
Blake Ramsdell: this is actually a 128-bit key.
Jeff Jacoby: confirmed Blake's assertion.
Paul Hoffman: thinks we could just change the title of the example.
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
6.4 Encrypted content, two recipients, no shared keying material
John Pawling: tested OK but noted unsuccessful Invalid tag for
privateKeyInfo for second login.
Holger Ebel: tested OK.
6.5 Encrypted content, two recipients, shared keying material
John Pawling: could not test due to bug in his code.
Holger Ebel: tested OK.
6.6 Encrypted content, TripleDES and DH, previously-distributed keys
John Pawling: tested OK.
Holger Ebel: tested OK.
6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys
John Pawling: tested OK.
Holger Ebel: tested OK.
6.8 S/MIME application/pkcs7-mime encrypted message
John Pawling: tested OK.
Holger Ebel: tested OK.
6.9 EnvelopedData with All Recipient Types
John Pawling: tested OK.
Holger Ebel: tested OK.
6.10 EnvelopedData with KARI RC2 Encryption
John Pawling: tested OK.
Holger Ebel: tested OK.
6.11 EnvelopedData with KEK 3DES Encryption
John Pawling: tested OK.
Holger Ebel: tested OK.
7. Digested-data
Blake Ramsdell: tested OK.
Jeff Jacoby: tested OK.
8. Encrypted-data
8.1 Simple EncryptedData
Blake Ramsdell: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
8.2 EncryptedData with unprotected attributes
Jim Schaad: failed badly.
The key is not in the text and it is not the same as 8.1
The encapsulated content type is EncryptedData not id-data
The content hint content type does not match the encapsulated
content type
9. Authenticated-data
There are still no examples in this section.
10. Key Wrapping
John Pawling: tested OK.
10.1 Wrapping RC2
John Pawling: tested OK.
10.2 Wrapping TripleDES
John Pawling: tested OK.
Holger Ebel: tested OK.
11. ESS Examples
11.1 ReceiptRequest
John Pawling: test failed, has sent new example file.
Jeff Jacoby: tested OK.
11.2 Receipt
John Pawling: test failed, has sent new example file.
11.3 eSSSecurityLabel
John Pawling: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
11.4 EquivalentLabels
John Pawling: tested OK.
Jeff Jacoby: tested OK.
11.5 mlExpansionHistory
John Pawling: tested OK.
Jeff Jacoby: tested OK.
11.6 SigningCertificate
John Pawling: tested OK.
Jeff Jacoby: tested OK.
--Paul Hoffman, Director
--Internet Mail Consortium
I have tested all of the Examples-11 of S/MIME Messages that the SFL
supports. All of the tests results were OK and no problems were found.
Sue Beauchamp
***@DigitalNet.com
DigitalNet (formerly Getronics Government Solutions)
-----Original Message-----
From: Paul Hoffman / IMC [mailto:***@imc.org]
Sent: Wednesday, July 02, 2003 11:44 AM
To: ietf-smime-***@imc.org; ietf-***@imc.org
Subject: Status of the examples draft
Hi again. The -11 draft has the following changes:
5.1.bin
5.3.bin
5.4.bin
5.6.bin
5.7.bin
5.10.bin
8.2.bin
11.1.bin
11.2.bin
It would be great if everyone who has tested can re-test with these
new examples.
BTW, I forgot to change the title of 6.3 to say RC2/128, and will do
so in the -12 draft. (Just to be sure, I have already started the -12
draft so I don't space out again...)
I would like to update the chart below for the -11 draft soon so we
can move it to IETF last call.
======================================
Status of the examples in -10
4. Trivial Examples
4.1 ContentInfo with Data type, BER
John Pawling: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
4.2 ContentInfo with Data type, DER
John Pawling: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
5. Signed-data
Jim Schaad pointed out that many examples had the
signatureAlgorithm of 1.2.840.10040.4.1 (dsa) but it should instead
be 1.2.840.10040.4.3 (dsaWithSha1).
The general decision was that the examples should have dsaWithSha1.
John Pawling and Sue Beauchamp at DigitalNet agreed to re-generate
the examples.
5.1 Basic signed content, DSS
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed.
signatureAlgorithm is dsa but should be dsaWithSha1
Holger Ebel: tested OK.
Sue Beauchamp sent new example file.
5.2 Basic signed content, RSA
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
5.3 Basic signed content, detached content
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed.
Contains Alice's RSA certificate
No content hint unsigned attribute
signatureAlgorithm is dsa but should be dsaWithSha1
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
Sue Beauchamp sent new example file.
5.4 Fancier signed content
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
Countersigner is Alice, not Diane
No content hint
Sue Beauchamp sent new example file.
5.5 All RSA signed message
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
5.6 Multiple signers
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed.
signatureAlgorithm is dsa but should be dsaWithSha1
Holger Ebel: tested OK.
Sue Beauchamp sent new example file.
5.7 Signing using SKI
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed.
signatureAlgorithm is dsa but should be dsaWithSha1
Holger Ebel: tested OK.
Sue Beauchamp sent new example file.
5.8 S/MIME multipart/signed message
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Holger Ebel: tested OK except that it has a CRLF prepended.
5.9 S/MIME application/pkcs7-mime signed message
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed because signatureAlgorithm of dsa not dsaWithSha1
Holger Ebel: tested OK except that it has a CRLF prepended.
5.10 SignedData With Attributes
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jim Schaad: failed.
Change "unknown OID" to "unknown OID (1.2.5555)"
Content Hint should have an OID of 1.2.840.113549.1.7.1
Content Identifier attribute absent
Contains Security Label attribute
Contains encrypt key preference attribute
Contains ML Expansion History attribute
Contains Equivalent Label attribute
Jeff Jacoby: tested OK.
Holger Ebel: failed (not signed by Alice).
5.11 SignedData with Certificates Only
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
6. Enveloped-data
6.1 Basic encrypted content, TripleDES and DH
John Pawling: tested OK.
Holger Ebel: tested OK.
6.2 Basic encrypted content, TripleDES and RSA
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
6.3 Basic encrypted content, RC2/40 and RSA
Blake Ramsdell: this is actually a 128-bit key.
Jeff Jacoby: confirmed Blake's assertion.
Paul Hoffman: thinks we could just change the title of the example.
John Pawling: tested OK.
Blake Ramsdell: tested OK.
Jeff Jacoby: tested OK.
Holger Ebel: tested OK.
6.4 Encrypted content, two recipients, no shared keying material
John Pawling: tested OK but noted unsuccessful Invalid tag for
privateKeyInfo for second login.
Holger Ebel: tested OK.
6.5 Encrypted content, two recipients, shared keying material
John Pawling: could not test due to bug in his code.
Holger Ebel: tested OK.
6.6 Encrypted content, TripleDES and DH, previously-distributed keys
John Pawling: tested OK.
Holger Ebel: tested OK.
6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys
John Pawling: tested OK.
Holger Ebel: tested OK.
6.8 S/MIME application/pkcs7-mime encrypted message
John Pawling: tested OK.
Holger Ebel: tested OK.
6.9 EnvelopedData with All Recipient Types
John Pawling: tested OK.
Holger Ebel: tested OK.
6.10 EnvelopedData with KARI RC2 Encryption
John Pawling: tested OK.
Holger Ebel: tested OK.
6.11 EnvelopedData with KEK 3DES Encryption
John Pawling: tested OK.
Holger Ebel: tested OK.
7. Digested-data
Blake Ramsdell: tested OK.
Jeff Jacoby: tested OK.
8. Encrypted-data
8.1 Simple EncryptedData
Blake Ramsdell: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
8.2 EncryptedData with unprotected attributes
Jim Schaad: failed badly.
The key is not in the text and it is not the same as 8.1
The encapsulated content type is EncryptedData not id-data
The content hint content type does not match the encapsulated
content type
9. Authenticated-data
There are still no examples in this section.
10. Key Wrapping
John Pawling: tested OK.
10.1 Wrapping RC2
John Pawling: tested OK.
10.2 Wrapping TripleDES
John Pawling: tested OK.
Holger Ebel: tested OK.
11. ESS Examples
11.1 ReceiptRequest
John Pawling: test failed, has sent new example file.
Jeff Jacoby: tested OK.
11.2 Receipt
John Pawling: test failed, has sent new example file.
11.3 eSSSecurityLabel
John Pawling: tested OK.
Jim Schaad: tested OK.
Jeff Jacoby: tested OK.
11.4 EquivalentLabels
John Pawling: tested OK.
Jeff Jacoby: tested OK.
11.5 mlExpansionHistory
John Pawling: tested OK.
Jeff Jacoby: tested OK.
11.6 SigningCertificate
John Pawling: tested OK.
Jeff Jacoby: tested OK.
--Paul Hoffman, Director
--Internet Mail Consortium