100 likes | 290 Views
S/MIME Freeware Library. IETF S/MIME WG 13 December 2000 John.Pawling@GetronicsGov.com Getronics Government Solutions. Getronics Freeware Security Libraries. S/MIME Freeware Library Implements CMS/ESS security protocol
E N D
S/MIME Freeware Library IETF S/MIME WG 13 December 2000 John.Pawling@GetronicsGov.com Getronics Government Solutions
Getronics Freeware Security Libraries • S/MIME Freeware Library • Implements CMS/ESS security protocol • Provides ESS features: security labels, signed receipts, secure mail list info, signing certificate • Certificate Management Library • Validates X.509 v3 certification paths and CRLs • Provides local cert/CRL storage functions • Provides remote directory retrieval via LDAP • Access Control Library • Provides Rule Based Access Control using security labels and authorizations conveyed in either X.509 Attribute or public key certificates • Enhanced SNACC ASN.1 library provides DER
Getronics Freeware Architecture Application (email, web browser/server, file encrypter, etc) Certificate Management Library S/MIME Freeware Library Access Control Library Other Protocols CygnaCom Certificate Path Development Library Crypto Token Interface Libraries Enhanced SNACC ASN.1 Library
Getronics Freeware Availability • For all Getronics freeware libraries, unencumbered source code is freely available to all from <http://www.GetronicsGov.com/>. • Getronics freeware can be used as part of applications without paying any royalties or licensing fees. • There is a public license associated with each Getronics freeware library.
S/MIME Freeware Library • SFL is freeware implementation of IETF S/MIME v3 RFC 2630 CMS & RFC 2634 ESS. • When used with Crypto++ library, SFL implements RFC 2631 D-H Key Agreement Method (E-S). • SFL supports use of RFC 2632 (Certificate Handling) and RFC 2633 (Message Specification). • Goal: Provide reference implementation of RFCs 2630 & 2634 to encourage acceptance as Internet Standards. • Protects any type of data (not just MIME). • SFL maximizes crypto algorithm independence. • SFL successfully used by many vendors.
SFL Architecture CTIL forBSAFE CTIL forCrypto++ CTIL for PKCS #11 CTIL for SPEX/ CTIL for Fortezza RSA BSAFE Library Crypto++Freeware Library Fortezza CI Library SPYRUS SPEX/ II Library Various PKCS #11 Libraries Fortezza Card/SWF Various Tokens Various Tokens SFL High Level Library Enhanced SNACCASN.1Library CTIL: Crypto Token Interface Library Note: Third parties are welcome to develop other CTILs.
SFL Interoperability Testing • SFL exchanges signed & encrypted msgs with S/MIME v2 products. • SFL S/MIME v3 interop testing includes majority of RFC 2630, 2631, 2634 features; some RFC 2632, 2633 features. • SFL produces and processes majority of "Examples of S/MIME Messages". SFL-generated data included in Examples-05 I-D such as: signed receipts, countersignatures, security labels, equivalent labels, mail list information, signing certificate attribute. • SFL produces and processes majority of features in Jim Schaad’s S/MIME v3 interop test matrix.
SFL Interop Testing (cont’d) • S/MIME v3 interop testing between SFL & Microsoft (Windows 2000) included majority of CMS/ESS features using mandatory, RSA and Fortezza algorithms. Tested signed receipts, security labels, mail list information. • Some S/MIME V3 CMS/ESS testing with Baltimore and Entrust has been performed. More is planned. • Test drivers (source code) and test data available in SFL release or separately upon request.
SFL Update • SEP 00: v1.8 SFL included: • Tested RedHat Linux, Windows NT/98/00, Solaris 2.7 • PKCS #12 process/create capabilities (OpenSSL) • Complete PKCS #11 CTIL • JAN 01: v1.9 SFL will include: • Improved PKCS #11 CTIL (tested with GemPlus, DataKey, Litronic PKCS #11 libraries) • Advanced Encryption Standard (AES) content encryption (aes-alg-00) and key wrap (128, 192, 256 bit keys; based on CMS 3DES key wrap algorithm) • Enhanced SNACC performance/memory usage • Bug fixes (ex: corrected D-H OID)
IMC Mail Lists • Internet Mail Consortium (IMC) has established SFL, CML and Enhanced SNACC mail lists used to: • distribute information regarding releases; • discuss technical issues; and • provide feedback/bug reports/questions. • Subscription information for mail lists available at: <http://www.imc.org/imc-sfl> <http://www.imc.org/imc-cml> <http://www.imc.org/imc-snacc> • Please DO NOT send SFL/CML/Enhanced SNACC messages to IETF mail lists.